Bug Summary

File:s/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
Warning:line 2493, column 28
Branch condition evaluates to a garbage value

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pkix_pl_cert.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix_pl_nss/pki -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix_pl_nss/pki -resource-dir /usr/lib/llvm-18/lib/clang/18 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../../../dist/Linux4.19_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../../../dist/public/nss -I ../../../../../dist/private/nss -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-05-18-082241-28900-1 -x c pkix_pl_cert.c
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/*
5 * pkix_pl_cert.c
6 *
7 * Certificate Object Functions
8 *
9 */
10
11#include "pkix_pl_cert.h"
12
13extern PKIX_PL_HashTable *cachedCertSigTable;
14
15/* --Private-Cert-Functions------------------------------------- */
16
17/*
18 * FUNCTION: pkix_pl_Cert_IsExtensionCritical
19 * DESCRIPTION:
20 *
21 * Checks the Cert specified by "cert" to determine whether the extension
22 * whose tag is the UInt32 value given by "tag" is marked as a critical
23 * extension, and stores the result in "pCritical".
24 *
25 * Tags are the index into the table "oids" of SECOidData defined in the
26 * file secoid.c. Constants, such as SEC_OID_X509_CERTIFICATE_POLICIES, are
27 * are defined in secoidt.h for most of the table entries.
28 *
29 * If the specified tag is invalid (not in the list of tags) or if the
30 * extension is not found in the certificate, PKIX_FALSE is stored.
31 *
32 * PARAMETERS
33 * "cert"
34 * Address of Cert whose extensions are to be examined. Must be non-NULL.
35 * "tag"
36 * The UInt32 value of the tag for the extension whose criticality is
37 * to be determined
38 * "pCritical"
39 * Address where the Boolean value will be stored. Must be non-NULL.
40 * "plContext"
41 * Platform-specific context pointer.
42 * THREAD SAFETY:
43 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
44 * RETURNS:
45 * Returns NULL if the function succeeds.
46 * Returns a Fatal Error if the function fails in an unrecoverable way.
47 */
48static PKIX_Error *
49pkix_pl_Cert_IsExtensionCritical(
50 PKIX_PL_Cert *cert,
51 PKIX_UInt32 tag,
52 PKIX_Boolean *pCritical,
53 void *plContext)
54{
55 PKIX_Boolean criticality = PKIX_FALSE((PKIX_Boolean) 0);
56 CERTCertExtension **extensions = NULL((void*)0);
57 SECStatus rv;
58
59 PKIX_ENTER(CERT, "pkix_pl_Cert_IsExtensionCritical")static const char cMyFuncName[] = {"pkix_pl_Cert_IsExtensionCritical"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
60 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCritical)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pCritical) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
61
62 extensions = cert->nssCert->extensions;
63 PKIX_NULLCHECK_ONE(extensions)do { if ((extensions) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
64
65 PKIX_CERT_DEBUG("\t\tCalling CERT_GetExtenCriticality).\n");
66 rv = CERT_GetExtenCriticality(extensions, tag, &criticality);
67 if (SECSuccess == rv) {
68 *pCritical = criticality;
69 } else {
70 *pCritical = PKIX_FALSE((PKIX_Boolean) 0);
71 }
72
73 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
74}
75
76/*
77 * FUNCTION: pkix_pl_Cert_DecodePolicyInfo
78 * DESCRIPTION:
79 *
80 * Decodes the contents of the CertificatePolicy extension in the
81 * CERTCertificate pointed to by "nssCert", to create a List of
82 * CertPolicyInfos, which is stored at the address "pCertPolicyInfos".
83 * A CERTCertificate contains the DER representation of the Cert.
84 * If this certificate does not have a CertificatePolicy extension,
85 * NULL will be stored. If a List is returned, it will be immutable.
86 *
87 * PARAMETERS
88 * "nssCert"
89 * Address of the Cert data whose extension is to be examined. Must be
90 * non-NULL.
91 * "pCertPolicyInfos"
92 * Address where the List of CertPolicyInfos will be stored. Must be
93 * non-NULL.
94 * "plContext"
95 * Platform-specific context pointer.
96 * THREAD SAFETY:
97 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
98 * RETURNS:
99 * Returns NULL if the function succeeds.
100 * Returns a Cert Error if the function fails in a non-fatal way.
101 * Returns a Fatal Error if the function fails in an unrecoverable way.
102 */
103static PKIX_Error *
104pkix_pl_Cert_DecodePolicyInfo(
105 CERTCertificate *nssCert,
106 PKIX_List **pCertPolicyInfos,
107 void *plContext)
108{
109
110 SECStatus rv;
111 SECItem encodedCertPolicyInfo;
112
113 /* Allocated in the arena; freed in CERT_Destroy... */
114 CERTCertificatePolicies *certPol = NULL((void*)0);
115 CERTPolicyInfo **policyInfos = NULL((void*)0);
116
117 /* Holder for the return value */
118 PKIX_List *infos = NULL((void*)0);
119
120 PKIX_PL_OID *pkixOID = NULL((void*)0);
121 PKIX_List *qualifiers = NULL((void*)0);
122 PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL((void*)0);
123 PKIX_PL_CertPolicyQualifier *certPolicyQualifier = NULL((void*)0);
124 PKIX_PL_ByteArray *qualifierArray = NULL((void*)0);
125
126 PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyInfo")static const char cMyFuncName[] = {"pkix_pl_Cert_DecodePolicyInfo"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
127 PKIX_NULLCHECK_TWO(nssCert, pCertPolicyInfos)do { if (((nssCert) == ((void*)0)) || ((pCertPolicyInfos) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
128
129 /* get PolicyInfo as a SECItem */
130 PKIX_CERT_DEBUG("\t\tCERT_FindCertExtension).\n");
131 rv = CERT_FindCertExtension
132 (nssCert,
133 SEC_OID_X509_CERTIFICATE_POLICIES,
134 &encodedCertPolicyInfo);
135 if (SECSuccess != rv) {
136 *pCertPolicyInfos = NULL((void*)0);
137 goto cleanup;
138 }
139
140 /* translate PolicyInfo to CERTCertificatePolicies */
141 PKIX_CERT_DEBUG("\t\tCERT_DecodeCertificatePoliciesExtension).\n");
142 certPol = CERT_DecodeCertificatePoliciesExtension
143 (&encodedCertPolicyInfo);
144
145 PORT_FreePORT_Free_Util(encodedCertPolicyInfo.data);
146
147 if (NULL((void*)0) == certPol) {
148 PKIX_ERROR(PKIX_CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED, ((void*)
0), stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED
; goto cleanup; };
149 }
150
151 /*
152 * Check whether there are any policyInfos, so we can
153 * avoid creating an unnecessary List
154 */
155 policyInfos = certPol->policyInfos;
156 if (!policyInfos) {
157 *pCertPolicyInfos = NULL((void*)0);
158 goto cleanup;
159 }
160
161 /* create a List of CertPolicyInfo Objects */
162 PKIX_CHECK(PKIX_List_Create(&infos, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&infos,
plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
163 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&infos,
plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
164
165 /*
166 * Traverse the CERTCertificatePolicies structure,
167 * building each PKIX_PL_CertPolicyInfo object in turn
168 */
169 while (*policyInfos != NULL((void*)0)) {
170 CERTPolicyInfo *policyInfo = *policyInfos;
171 CERTPolicyQualifier **policyQualifiers =
172 policyInfo->policyQualifiers;
173 if (policyQualifiers) {
174 /* create a PKIX_List of PKIX_PL_CertPolicyQualifiers */
175 PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&qualifiers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
176 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&qualifiers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
177
178 while (*policyQualifiers != NULL((void*)0)) {
179 CERTPolicyQualifier *policyQualifier =
180 *policyQualifiers;
181
182 /* create the qualifier's OID object */
183 PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyQualifier->qualifierID, &pkixOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
184 (&policyQualifier->qualifierID,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyQualifier->qualifierID, &pkixOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
185 &pkixOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyQualifier->qualifierID, &pkixOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
186 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyQualifier->qualifierID, &pkixOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0);
187
188 /* create qualifier's ByteArray object */
189
190 PKIX_CHECK(PKIX_PL_ByteArray_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier
->qualifierValue.data, policyQualifier->qualifierValue.
len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0)
191 (policyQualifier->qualifierValue.data,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier
->qualifierValue.data, policyQualifier->qualifierValue.
len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0)
192 policyQualifier->qualifierValue.len,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier
->qualifierValue.data, policyQualifier->qualifierValue.
len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0)
193 &qualifierArray,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier
->qualifierValue.data, policyQualifier->qualifierValue.
len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0)
194 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier
->qualifierValue.data, policyQualifier->qualifierValue.
len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0)
195 PKIX_BYTEARRAYCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier
->qualifierValue.data, policyQualifier->qualifierValue.
len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0);
196
197 /* create a CertPolicyQualifier object */
198
199 PKIX_CHECK(pkix_pl_CertPolicyQualifier_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create
(pkixOID, qualifierArray, &certPolicyQualifier, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while
(0)
200 (pkixOID,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create
(pkixOID, qualifierArray, &certPolicyQualifier, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while
(0)
201 qualifierArray,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create
(pkixOID, qualifierArray, &certPolicyQualifier, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while
(0)
202 &certPolicyQualifier,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create
(pkixOID, qualifierArray, &certPolicyQualifier, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while
(0)
203 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create
(pkixOID, qualifierArray, &certPolicyQualifier, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while
(0)
204 PKIX_CERTPOLICYQUALIFIERCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create
(pkixOID, qualifierArray, &certPolicyQualifier, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while
(0);
205
206 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers
, (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
207 (qualifiers,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers
, (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
208 (PKIX_PL_Object *)certPolicyQualifier,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers
, (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
209 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers
, (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
210 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers
, (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
211
212 PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*)
0); } } while (0);
213 PKIX_DECREF(qualifierArray)do { if (qualifierArray){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(qualifierArray), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } qualifierArray
= ((void*)0); } } while (0);
214 PKIX_DECREF(certPolicyQualifier)do { if (certPolicyQualifier){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyQualifier), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyQualifier
= ((void*)0); } } while (0);
215
216 policyQualifiers++;
217 }
218
219 PKIX_CHECK(PKIX_List_SetImmutabledo { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (qualifiers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
220 (qualifiers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (qualifiers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
221 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (qualifiers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
222 }
223
224
225 /*
226 * Create an OID object pkixOID from policyInfo->policyID.
227 * (The CERTPolicyInfo structure has an oid field, but it
228 * is of type SECOidTag. This function wants a SECItem.)
229 */
230 PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyInfo->policyID, &pkixOID, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
231 (&policyInfo->policyID, &pkixOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyInfo->policyID, &pkixOID, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
232 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyInfo->policyID, &pkixOID, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0);
233
234 /* Create a CertPolicyInfo object */
235 PKIX_CHECK(pkix_pl_CertPolicyInfo_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyInfo_Create
(pkixOID, qualifiers, &certPolicyInfo, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOCREATEFAILED
; goto cleanup; } } while (0)
236 (pkixOID, qualifiers, &certPolicyInfo, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyInfo_Create
(pkixOID, qualifiers, &certPolicyInfo, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOCREATEFAILED
; goto cleanup; } } while (0)
237 PKIX_CERTPOLICYINFOCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyInfo_Create
(pkixOID, qualifiers, &certPolicyInfo, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOCREATEFAILED
; goto cleanup; } } while (0);
238
239 /* Append the new CertPolicyInfo object to the list */
240 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (infos,
(PKIX_PL_Object *)certPolicyInfo, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
241 (infos, (PKIX_PL_Object *)certPolicyInfo, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (infos,
(PKIX_PL_Object *)certPolicyInfo, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
242 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (infos,
(PKIX_PL_Object *)certPolicyInfo, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
243
244 PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*)
0); } } while (0);
245 PKIX_DECREF(qualifiers)do { if (qualifiers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(qualifiers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } qualifiers = ((void
*)0); } } while (0);
246 PKIX_DECREF(certPolicyInfo)do { if (certPolicyInfo){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyInfo), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyInfo
= ((void*)0); } } while (0);
247
248 policyInfos++;
249 }
250
251 /*
252 * If there were no policies, we went straight to
253 * cleanup, so we don't have to NULLCHECK infos.
254 */
255 PKIX_CHECK(PKIX_List_SetImmutable(infos, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(infos
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
256 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(infos
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
257
258 *pCertPolicyInfos = infos;
259 infos = NULL((void*)0);
260
261cleanup:
262 if (certPol) {
263 PKIX_CERT_DEBUG
264 ("\t\tCalling CERT_DestroyCertificatePoliciesExtension).\n");
265 CERT_DestroyCertificatePoliciesExtension(certPol);
266 }
267
268 PKIX_DECREF(infos)do { if (infos){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(infos), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } infos = ((void*)0)
; } } while (0);
269 PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*)
0); } } while (0);
270 PKIX_DECREF(qualifiers)do { if (qualifiers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(qualifiers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } qualifiers = ((void
*)0); } } while (0);
271 PKIX_DECREF(certPolicyInfo)do { if (certPolicyInfo){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyInfo), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyInfo
= ((void*)0); } } while (0);
272 PKIX_DECREF(certPolicyQualifier)do { if (certPolicyQualifier){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyQualifier), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyQualifier
= ((void*)0); } } while (0);
273 PKIX_DECREF(qualifierArray)do { if (qualifierArray){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(qualifierArray), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } qualifierArray
= ((void*)0); } } while (0);
274
275 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
276}
277
278/*
279 * FUNCTION: pkix_pl_Cert_DecodePolicyMapping
280 * DESCRIPTION:
281 *
282 * Decodes the contents of the PolicyMapping extension of the CERTCertificate
283 * pointed to by "nssCert", storing the resulting List of CertPolicyMaps at
284 * the address pointed to by "pCertPolicyMaps". If this certificate does not
285 * have a PolicyMapping extension, NULL will be stored. If a List is returned,
286 * it will be immutable.
287 *
288 * PARAMETERS
289 * "nssCert"
290 * Address of the Cert data whose extension is to be examined. Must be
291 * non-NULL.
292 * "pCertPolicyMaps"
293 * Address where the List of CertPolicyMaps will be stored. Must be
294 * non-NULL.
295 * "plContext"
296 * Platform-specific context pointer.
297 * THREAD SAFETY:
298 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
299 * RETURNS:
300 * Returns NULL if the function succeeds.
301 * Returns a Cert Error if the function fails in a non-fatal way.
302 * Returns a Fatal Error if the function fails in an unrecoverable way.
303 */
304static PKIX_Error *
305pkix_pl_Cert_DecodePolicyMapping(
306 CERTCertificate *nssCert,
307 PKIX_List **pCertPolicyMaps,
308 void *plContext)
309{
310 SECStatus rv;
311 SECItem encodedCertPolicyMaps;
312
313 /* Allocated in the arena; freed in CERT_Destroy... */
314 CERTCertificatePolicyMappings *certPolMaps = NULL((void*)0);
315 CERTPolicyMap **policyMaps = NULL((void*)0);
316
317 /* Holder for the return value */
318 PKIX_List *maps = NULL((void*)0);
319
320 PKIX_PL_OID *issuerDomainOID = NULL((void*)0);
321 PKIX_PL_OID *subjectDomainOID = NULL((void*)0);
322 PKIX_PL_CertPolicyMap *certPolicyMap = NULL((void*)0);
323
324 PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyMapping")static const char cMyFuncName[] = {"pkix_pl_Cert_DecodePolicyMapping"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
325 PKIX_NULLCHECK_TWO(nssCert, pCertPolicyMaps)do { if (((nssCert) == ((void*)0)) || ((pCertPolicyMaps) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
326
327 /* get PolicyMappings as a SECItem */
328 PKIX_CERT_DEBUG("\t\tCERT_FindCertExtension).\n");
329 rv = CERT_FindCertExtension
330 (nssCert, SEC_OID_X509_POLICY_MAPPINGS, &encodedCertPolicyMaps);
331 if (SECSuccess != rv) {
332 *pCertPolicyMaps = NULL((void*)0);
333 goto cleanup;
334 }
335
336 /* translate PolicyMaps to CERTCertificatePolicyMappings */
337 certPolMaps = CERT_DecodePolicyMappingsExtension
338 (&encodedCertPolicyMaps);
339
340 PORT_FreePORT_Free_Util(encodedCertPolicyMaps.data);
341
342 if (!certPolMaps) {
343 PKIX_ERROR(PKIX_CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED, ((void*)0), stdVars
.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED
; goto cleanup; };
344 }
345
346 PKIX_NULLCHECK_ONE(certPolMaps->policyMaps)do { if ((certPolMaps->policyMaps) == ((void*)0)){ stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
347
348 policyMaps = certPolMaps->policyMaps;
349
350 /* create a List of CertPolicyMap Objects */
351 PKIX_CHECK(PKIX_List_Create(&maps, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&maps, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
352 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&maps, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
353
354 /*
355 * Traverse the CERTCertificatePolicyMappings structure,
356 * building each CertPolicyMap object in turn
357 */
358 do {
359 CERTPolicyMap *policyMap = *policyMaps;
360
361 /* create the OID for the issuer Domain Policy */
362 PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyMap->issuerDomainPolicy, &issuerDomainOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
363 (&policyMap->issuerDomainPolicy,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyMap->issuerDomainPolicy, &issuerDomainOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
364 &issuerDomainOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyMap->issuerDomainPolicy, &issuerDomainOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
365 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyMap->issuerDomainPolicy, &issuerDomainOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0);
366
367 /* create the OID for the subject Domain Policy */
368 PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyMap->subjectDomainPolicy, &subjectDomainOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
369 (&policyMap->subjectDomainPolicy,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyMap->subjectDomainPolicy, &subjectDomainOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
370 &subjectDomainOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyMap->subjectDomainPolicy, &subjectDomainOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
371 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
&policyMap->subjectDomainPolicy, &subjectDomainOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0);
372
373 /* create the CertPolicyMap */
374
375 PKIX_CHECK(pkix_pl_CertPolicyMap_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create
(issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0
)
376 (issuerDomainOID,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create
(issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0
)
377 subjectDomainOID,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create
(issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0
)
378 &certPolicyMap,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create
(issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0
)
379 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create
(issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0
)
380 PKIX_CERTPOLICYMAPCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create
(issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0
);
381
382 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (maps, (
PKIX_PL_Object *)certPolicyMap, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
383 (maps, (PKIX_PL_Object *)certPolicyMap, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (maps, (
PKIX_PL_Object *)certPolicyMap, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
384 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (maps, (
PKIX_PL_Object *)certPolicyMap, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
385
386 PKIX_DECREF(issuerDomainOID)do { if (issuerDomainOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerDomainOID), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainOID
= ((void*)0); } } while (0);
387 PKIX_DECREF(subjectDomainOID)do { if (subjectDomainOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainOID), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjectDomainOID
= ((void*)0); } } while (0);
388 PKIX_DECREF(certPolicyMap)do { if (certPolicyMap){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyMap), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyMap
= ((void*)0); } } while (0);
389
390 policyMaps++;
391 } while (*policyMaps != NULL((void*)0));
392
393 PKIX_CHECK(PKIX_List_SetImmutable(maps, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(maps,
plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
394 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(maps,
plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
395
396 *pCertPolicyMaps = maps;
397 maps = NULL((void*)0);
398
399cleanup:
400 if (certPolMaps) {
401 PKIX_CERT_DEBUG
402 ("\t\tCalling CERT_DestroyPolicyMappingsExtension).\n");
403 CERT_DestroyPolicyMappingsExtension(certPolMaps);
404 }
405
406 PKIX_DECREF(maps)do { if (maps){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(maps), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } maps = ((void*)0);
} } while (0);
407 PKIX_DECREF(issuerDomainOID)do { if (issuerDomainOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerDomainOID), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainOID
= ((void*)0); } } while (0);
408 PKIX_DECREF(subjectDomainOID)do { if (subjectDomainOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainOID), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjectDomainOID
= ((void*)0); } } while (0);
409 PKIX_DECREF(certPolicyMap)do { if (certPolicyMap){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyMap), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyMap
= ((void*)0); } } while (0);
410
411 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
412}
413
414/*
415 * FUNCTION: pkix_pl_Cert_DecodePolicyConstraints
416 * DESCRIPTION:
417 *
418 * Decodes the contents of the PolicyConstraints extension in the
419 * CERTCertificate pointed to by "nssCert", to obtain SkipCerts values
420 * which are stored at the addresses "pExplicitPolicySkipCerts" and
421 * "pInhibitMappingSkipCerts", respectively. If this certificate does
422 * not have an PolicyConstraints extension, or if either of the optional
423 * components is not supplied, this function stores a value of -1 for any
424 * missing component.
425 *
426 * PARAMETERS
427 * "nssCert"
428 * Address of the Cert data whose extension is to be examined. Must be
429 * non-NULL.
430 * "pExplicitPolicySkipCerts"
431 * Address where the SkipCert value for the requireExplicitPolicy
432 * component will be stored. Must be non-NULL.
433 * "pInhibitMappingSkipCerts"
434 * Address where the SkipCert value for the inhibitPolicyMapping
435 * component will be stored. Must be non-NULL.
436 * "plContext"
437 * Platform-specific context pointer.
438 * THREAD SAFETY:
439 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
440 * RETURNS:
441 * Returns NULL if the function succeeds.
442 * Returns a Cert Error if the function fails in a non-fatal way.
443 * Returns a Fatal Error if the function fails in an unrecoverable way.
444 */
445static PKIX_Error *
446pkix_pl_Cert_DecodePolicyConstraints(
447 CERTCertificate *nssCert,
448 PKIX_Int32 *pExplicitPolicySkipCerts,
449 PKIX_Int32 *pInhibitMappingSkipCerts,
450 void *plContext)
451{
452 CERTCertificatePolicyConstraints policyConstraints;
453 SECStatus rv;
454 SECItem encodedCertPolicyConstraints;
455 PKIX_Int32 explicitPolicySkipCerts = -1;
456 PKIX_Int32 inhibitMappingSkipCerts = -1;
457
458 PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyConstraints")static const char cMyFuncName[] = {"pkix_pl_Cert_DecodePolicyConstraints"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
459 PKIX_NULLCHECK_THREEdo { if (((nssCert) == ((void*)0)) || ((pExplicitPolicySkipCerts
) == ((void*)0)) || ((pInhibitMappingSkipCerts) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0)
460 (nssCert, pExplicitPolicySkipCerts, pInhibitMappingSkipCerts)do { if (((nssCert) == ((void*)0)) || ((pExplicitPolicySkipCerts
) == ((void*)0)) || ((pInhibitMappingSkipCerts) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
461
462 /* get the two skipCert values as SECItems */
463 PKIX_CERT_DEBUG("\t\tCalling CERT_FindCertExtension).\n");
464 rv = CERT_FindCertExtension
465 (nssCert,
466 SEC_OID_X509_POLICY_CONSTRAINTS,
467 &encodedCertPolicyConstraints);
468
469 if (rv == SECSuccess) {
470
471 policyConstraints.explicitPolicySkipCerts.data =
472 (unsigned char *)&explicitPolicySkipCerts;
473 policyConstraints.inhibitMappingSkipCerts.data =
474 (unsigned char *)&inhibitMappingSkipCerts;
475
476 /* translate DER to CERTCertificatePolicyConstraints */
477 rv = CERT_DecodePolicyConstraintsExtension
478 (&policyConstraints, &encodedCertPolicyConstraints);
479
480 PORT_FreePORT_Free_Util(encodedCertPolicyConstraints.data);
481
482 if (rv != SECSuccess) {
483 PKIX_ERROR{ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED, ((void*)0)
, stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED
; goto cleanup; }
484 (PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED, ((void*)0)
, stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED
; goto cleanup; };
485 }
486 }
487
488 *pExplicitPolicySkipCerts = explicitPolicySkipCerts;
489 *pInhibitMappingSkipCerts = inhibitMappingSkipCerts;
490
491cleanup:
492 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
493}
494
495/*
496 * FUNCTION: pkix_pl_Cert_DecodeInhibitAnyPolicy
497 * DESCRIPTION:
498 *
499 * Decodes the contents of the InhibitAnyPolicy extension in the
500 * CERTCertificate pointed to by "nssCert", to obtain a SkipCerts value,
501 * which is stored at the address "pSkipCerts". If this certificate does
502 * not have an InhibitAnyPolicy extension, -1 will be stored.
503 *
504 * PARAMETERS
505 * "nssCert"
506 * Address of the Cert data whose InhibitAnyPolicy extension is to be
507 * processed. Must be non-NULL.
508 * "pSkipCerts"
509 * Address where the SkipCert value from the InhibitAnyPolicy extension
510 * will be stored. Must be non-NULL.
511 * "plContext"
512 * Platform-specific context pointer.
513 * THREAD SAFETY:
514 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
515 * RETURNS:
516 * Returns NULL if the function succeeds.
517 * Returns a Cert Error if the function fails in a non-fatal way.
518 * Returns a Fatal Error if the function fails in an unrecoverable way.
519 */
520PKIX_Error *
521pkix_pl_Cert_DecodeInhibitAnyPolicy(
522 CERTCertificate *nssCert,
523 PKIX_Int32 *pSkipCerts,
524 void *plContext)
525{
526 CERTCertificateInhibitAny inhibitAny;
527 SECStatus rv;
528 SECItem encodedCertInhibitAny;
529 PKIX_Int32 skipCerts = -1;
530
531 PKIX_ENTER(CERT, "pkix_pl_Cert_DecodeInhibitAnyPolicy")static const char cMyFuncName[] = {"pkix_pl_Cert_DecodeInhibitAnyPolicy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
532 PKIX_NULLCHECK_TWO(nssCert, pSkipCerts)do { if (((nssCert) == ((void*)0)) || ((pSkipCerts) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
533
534 /* get InhibitAny as a SECItem */
535 PKIX_CERT_DEBUG("\t\tCalling CERT_FindCertExtension).\n");
536 rv = CERT_FindCertExtension
537 (nssCert, SEC_OID_X509_INHIBIT_ANY_POLICY, &encodedCertInhibitAny);
538
539 if (rv == SECSuccess) {
540 inhibitAny.inhibitAnySkipCerts.data =
541 (unsigned char *)&skipCerts;
542
543 /* translate DER to CERTCertificateInhibitAny */
544 rv = CERT_DecodeInhibitAnyExtension
545 (&inhibitAny, &encodedCertInhibitAny);
546
547 PORT_FreePORT_Free_Util(encodedCertInhibitAny.data);
548
549 if (rv != SECSuccess) {
550 PKIX_ERROR(PKIX_CERTDECODEINHIBITANYEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTDECODEINHIBITANYEXTENSIONFAILED, ((void*)0), stdVars
.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEINHIBITANYEXTENSIONFAILED
; goto cleanup; };
551 }
552 }
553
554 *pSkipCerts = skipCerts;
555
556cleanup:
557 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
558}
559
560/*
561 * FUNCTION: pkix_pl_Cert_GetNssSubjectAltNames
562 * DESCRIPTION:
563 *
564 * Retrieves the Subject Alternative Names of the certificate specified by
565 * "cert" and stores it at "pNssSubjAltNames". If the Subject Alternative
566 * Name extension is not present, NULL is returned at "pNssSubjAltNames".
567 * If the Subject Alternative Names has not been previously decoded, it is
568 * decoded here with lock on the "cert" unless the flag "hasLock" indicates
569 * the lock had been obtained at a higher call level.
570 *
571 * PARAMETERS
572 * "cert"
573 * Address of the certificate whose Subject Alternative Names extensions
574 * is retrieved. Must be non-NULL.
575 * "hasLock"
576 * Boolean indicates caller has acquired a lock.
577 * Must be non-NULL.
578 * "pNssSubjAltNames"
579 * Address where the returned Subject Alternative Names will be stored.
580 * Must be non-NULL.
581 * "plContext"
582 * Platform-specific context pointer.
583 * THREAD SAFETY:
584 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
585 * RETURNS:
586 * Returns NULL if the function succeeds.
587 * Returns a Cert Error if the function fails in a non-fatal way.
588 * Returns a Fatal Error if the function fails in an unrecoverable way.
589 */
590static PKIX_Error *
591pkix_pl_Cert_GetNssSubjectAltNames(
592 PKIX_PL_Cert *cert,
593 PKIX_Boolean hasLock,
594 CERTGeneralName **pNssSubjAltNames,
595 void *plContext)
596{
597 CERTCertificate *nssCert = NULL((void*)0);
598 CERTGeneralName *nssOriginalAltName = NULL((void*)0);
599 PLArenaPool *arena = NULL((void*)0);
600 SECItem altNameExtension = {siBuffer, NULL((void*)0), 0};
601 SECStatus rv = SECFailure;
602
603 PKIX_ENTER(CERT, "pkix_pl_Cert_GetNssSubjectAltNames")static const char cMyFuncName[] = {"pkix_pl_Cert_GetNssSubjectAltNames"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
604 PKIX_NULLCHECK_THREE(cert, pNssSubjAltNames, cert->nssCert)do { if (((cert) == ((void*)0)) || ((pNssSubjAltNames) == ((void
*)0)) || ((cert->nssCert) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
605
606 nssCert = cert->nssCert;
607
608 if ((cert->nssSubjAltNames == NULL((void*)0)) && (!cert->subjAltNamesAbsent)){
609
610 if (!hasLock) {
611 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
612 }
613
614 if ((cert->nssSubjAltNames == NULL((void*)0)) &&
615 (!cert->subjAltNamesAbsent)){
616
617 PKIX_PL_NSSCALLRV(CERT, rv, CERT_FindCertExtension,; rv = (CERT_FindCertExtension (nssCert, SEC_OID_X509_SUBJECT_ALT_NAME
, &altNameExtension))
618 (nssCert,; rv = (CERT_FindCertExtension (nssCert, SEC_OID_X509_SUBJECT_ALT_NAME
, &altNameExtension))
619 SEC_OID_X509_SUBJECT_ALT_NAME,; rv = (CERT_FindCertExtension (nssCert, SEC_OID_X509_SUBJECT_ALT_NAME
, &altNameExtension))
620 &altNameExtension)); rv = (CERT_FindCertExtension (nssCert, SEC_OID_X509_SUBJECT_ALT_NAME
, &altNameExtension));
621
622 if (rv != SECSuccess) {
623 *pNssSubjAltNames = NULL((void*)0);
624 cert->subjAltNamesAbsent = PKIX_TRUE((PKIX_Boolean) 1);
625 goto cleanup;
626 }
627
628 if (cert->arenaNameConstraints == NULL((void*)0)) {
629 PKIX_PL_NSSCALLRV(CERT, arena, PORT_NewArena,; arena = (PORT_NewArena_Util ((2048)))
630 (DER_DEFAULT_CHUNKSIZE)); arena = (PORT_NewArena_Util ((2048)));
631
632 if (arena == NULL((void*)0)) {
633 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
634 }
635 cert->arenaNameConstraints = arena;
636 }
637
638 PKIX_PL_NSSCALLRV; nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension
(cert->arenaNameConstraints, &altNameExtension))
639 (CERT,; nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension
(cert->arenaNameConstraints, &altNameExtension))
640 nssOriginalAltName,; nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension
(cert->arenaNameConstraints, &altNameExtension))
641 (CERTGeneralName *) CERT_DecodeAltNameExtension,; nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension
(cert->arenaNameConstraints, &altNameExtension))
642 (cert->arenaNameConstraints, &altNameExtension)); nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension
(cert->arenaNameConstraints, &altNameExtension));
643
644 PKIX_PL_NSSCALL(CERT, PORT_Free, (altNameExtension.data)); (PORT_Free_Util (altNameExtension.data));
645
646 if (nssOriginalAltName == NULL((void*)0)) {
647 PKIX_ERROR(PKIX_CERTDECODEALTNAMEEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTDECODEALTNAMEEXTENSIONFAILED, ((void*)0), stdVars.
aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEALTNAMEEXTENSIONFAILED
; goto cleanup; };
648 }
649 cert->nssSubjAltNames = nssOriginalAltName;
650
651 }
652
653 if (!hasLock) {
654 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,654)); } } while (0);
655 }
656 }
657
658 *pNssSubjAltNames = cert->nssSubjAltNames;
659
660cleanup:
661 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",661)); } } while (0);
662 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
663}
664
665/*
666 * FUNCTION: pkix_pl_Cert_CheckExtendKeyUsage
667 * DESCRIPTION:
668 *
669 * For each of the ON bit in "requiredExtendedKeyUsages" that represents its
670 * SECCertUsageEnum type, this function checks "cert"'s certType (extended
671 * key usage) and key usage with what is required for SECCertUsageEnum type.
672 *
673 * PARAMETERS
674 * "cert"
675 * Address of the certificate whose Extended Key Usage extensions
676 * is retrieved. Must be non-NULL.
677 * "requiredExtendedKeyUsages"
678 * An unsigned integer, its bit location is ON based on the required key
679 * usage value representing in SECCertUsageEnum.
680 * "pPass"
681 * Address where the return value, indicating key usage check passed, is
682 * stored. Must be non-NULL.
683 * "plContext"
684 * Platform-specific context pointer.
685 * THREAD SAFETY:
686 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
687 * RETURNS:
688 * Returns NULL if the function succeeds.
689 * Returns a Cert Error if the function fails in a non-fatal way.
690 * Returns a Fatal Error if the function fails in an unrecoverable way.
691 */
692PKIX_Error *
693pkix_pl_Cert_CheckExtendedKeyUsage(
694 PKIX_PL_Cert *cert,
695 PKIX_UInt32 requiredExtendedKeyUsages,
696 PKIX_Boolean *pPass,
697 void *plContext)
698{
699 PKIX_PL_CertBasicConstraints *basicConstraints = NULL((void*)0);
700 PKIX_UInt32 certType = 0;
701 PKIX_UInt32 requiredKeyUsage = 0;
702 PKIX_UInt32 requiredCertType = 0;
703 PKIX_UInt32 requiredExtendedKeyUsage = 0;
704 PKIX_UInt32 i;
705 PKIX_Boolean isCA = PKIX_FALSE((PKIX_Boolean) 0);
706 SECStatus rv = SECFailure;
707
708 PKIX_ENTER(CERT, "pkix_pl_Cert_CheckExtendKeyUsage")static const char cMyFuncName[] = {"pkix_pl_Cert_CheckExtendKeyUsage"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1
Assuming 'pkixLoggersDebugTrace' is null
2
Taking false branch
709 PKIX_NULLCHECK_THREE(cert, pPass, cert->nssCert)do { if (((cert) == ((void*)0)) || ((pPass) == ((void*)0)) ||
((cert->nssCert) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3
Loop condition is false. Exiting loop
4
Assuming 'cert' is not equal to null
5
Assuming 'pPass' is not equal to null
6
Assuming field 'nssCert' is not equal to null
7
Taking false branch
8
Loop condition is false. Exiting loop
710
711 *pPass = PKIX_FALSE((PKIX_Boolean) 0);
712
713 PKIX_CERT_DEBUG("\t\tCalling cert_GetCertType).\n");
714 cert_GetCertType(cert->nssCert);
715 certType = cert->nssCert->nsCertType;
716
717 PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraintsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED;
goto cleanup; } } while (0)
9
Calling 'PKIX_PL_Cert_GetBasicConstraints'
718 (cert,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED;
goto cleanup; } } while (0)
719 &basicConstraints,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED;
goto cleanup; } } while (0)
720 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED;
goto cleanup; } } while (0)
721 PKIX_CERTGETBASICCONSTRAINTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED;
goto cleanup; } } while (0);
722
723 if (basicConstraints != NULL((void*)0)) {
724 PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlagdo { stdVars.aPkixErrorResult = (PKIX_PL_BasicConstraints_GetCAFlag
(basicConstraints, &isCA, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSGETCAFLAGFAILED
; goto cleanup; } } while (0)
725 (basicConstraints, &isCA, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_BasicConstraints_GetCAFlag
(basicConstraints, &isCA, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSGETCAFLAGFAILED
; goto cleanup; } } while (0)
726 PKIX_BASICCONSTRAINTSGETCAFLAGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_BasicConstraints_GetCAFlag
(basicConstraints, &isCA, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSGETCAFLAGFAILED
; goto cleanup; } } while (0);
727 }
728
729 i = 0;
730 while (requiredExtendedKeyUsages != 0) {
731
732 /* Find the bit location of the right-most non-zero bit */
733 while (requiredExtendedKeyUsages != 0) {
734 if (((1 << i) & requiredExtendedKeyUsages) != 0) {
735 requiredExtendedKeyUsage = 1 << i;
736 break;
737 }
738 i++;
739 }
740 requiredExtendedKeyUsages ^= requiredExtendedKeyUsage;
741
742 requiredExtendedKeyUsage = i;
743
744 PKIX_PL_NSSCALLRV(CERT, rv, CERT_KeyUsageAndTypeForCertUsage,; rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage
, isCA, &requiredKeyUsage, &requiredCertType))
745 (requiredExtendedKeyUsage,; rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage
, isCA, &requiredKeyUsage, &requiredCertType))
746 isCA,; rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage
, isCA, &requiredKeyUsage, &requiredCertType))
747 &requiredKeyUsage,; rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage
, isCA, &requiredKeyUsage, &requiredCertType))
748 &requiredCertType)); rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage
, isCA, &requiredKeyUsage, &requiredCertType));
749
750 if (!(certType & requiredCertType)) {
751 goto cleanup;
752 }
753
754 PKIX_PL_NSSCALLRV(CERT, rv, CERT_CheckKeyUsage,; rv = (CERT_CheckKeyUsage (cert->nssCert, requiredKeyUsage
))
755 (cert->nssCert, requiredKeyUsage)); rv = (CERT_CheckKeyUsage (cert->nssCert, requiredKeyUsage
));
756 if (rv != SECSuccess) {
757 goto cleanup;
758 }
759 i++;
760
761 }
762
763 *pPass = PKIX_TRUE((PKIX_Boolean) 1);
764
765cleanup:
766 PKIX_DECREF(basicConstraints)do { if (basicConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(basicConstraints), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } basicConstraints
= ((void*)0); } } while (0);
767 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
768}
769
770/*
771 * FUNCTION: pkix_pl_Cert_ToString_Helper
772 * DESCRIPTION:
773 *
774 * Helper function that creates a string representation of the Cert pointed
775 * to by "cert" and stores it at "pString", where the value of
776 * "partialString" determines whether a full or partial representation of
777 * the Cert is stored.
778 *
779 * PARAMETERS
780 * "cert"
781 * Address of Cert whose string representation is desired.
782 * Must be non-NULL.
783 * "partialString"
784 * Boolean indicating whether a partial Cert representation is desired.
785 * "pString"
786 * Address where object pointer will be stored. Must be non-NULL.
787 * "plContext"
788 * Platform-specific context pointer.
789 * THREAD SAFETY:
790 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
791 * RETURNS:
792 * Returns NULL if the function succeeds.
793 * Returns a Cert Error if the function fails in a non-fatal way.
794 * Returns a Fatal Error if the function fails in an unrecoverable way.
795 */
796PKIX_Error *
797pkix_pl_Cert_ToString_Helper(
798 PKIX_PL_Cert *cert,
799 PKIX_Boolean partialString,
800 PKIX_PL_String **pString,
801 void *plContext)
802{
803 PKIX_PL_String *certString = NULL((void*)0);
804 char *asciiFormat = NULL((void*)0);
805 PKIX_PL_String *formatString = NULL((void*)0);
806 PKIX_UInt32 certVersion;
807 PKIX_PL_BigInt *certSN = NULL((void*)0);
808 PKIX_PL_String *certSNString = NULL((void*)0);
809 PKIX_PL_X500Name *certIssuer = NULL((void*)0);
810 PKIX_PL_String *certIssuerString = NULL((void*)0);
811 PKIX_PL_X500Name *certSubject = NULL((void*)0);
812 PKIX_PL_String *certSubjectString = NULL((void*)0);
813 PKIX_PL_String *notBeforeString = NULL((void*)0);
814 PKIX_PL_String *notAfterString = NULL((void*)0);
815 PKIX_List *subjAltNames = NULL((void*)0);
816 PKIX_PL_String *subjAltNamesString = NULL((void*)0);
817 PKIX_PL_ByteArray *authKeyId = NULL((void*)0);
818 PKIX_PL_String *authKeyIdString = NULL((void*)0);
819 PKIX_PL_ByteArray *subjKeyId = NULL((void*)0);
820 PKIX_PL_String *subjKeyIdString = NULL((void*)0);
821 PKIX_PL_PublicKey *nssPubKey = NULL((void*)0);
822 PKIX_PL_String *nssPubKeyString = NULL((void*)0);
823 PKIX_List *critExtOIDs = NULL((void*)0);
824 PKIX_PL_String *critExtOIDsString = NULL((void*)0);
825 PKIX_List *extKeyUsages = NULL((void*)0);
826 PKIX_PL_String *extKeyUsagesString = NULL((void*)0);
827 PKIX_PL_CertBasicConstraints *basicConstraint = NULL((void*)0);
828 PKIX_PL_String *certBasicConstraintsString = NULL((void*)0);
829 PKIX_List *policyInfo = NULL((void*)0);
830 PKIX_PL_String *certPolicyInfoString = NULL((void*)0);
831 PKIX_List *certPolicyMappings = NULL((void*)0);
832 PKIX_PL_String *certPolicyMappingsString = NULL((void*)0);
833 PKIX_Int32 certExplicitPolicy = 0;
834 PKIX_Int32 certInhibitMapping = 0;
835 PKIX_Int32 certInhibitAnyPolicy = 0;
836 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
837 PKIX_PL_String *nameConstraintsString = NULL((void*)0);
838 PKIX_List *authorityInfoAccess = NULL((void*)0);
839 PKIX_PL_String *authorityInfoAccessString = NULL((void*)0);
840 PKIX_List *subjectInfoAccess = NULL((void*)0);
841 PKIX_PL_String *subjectInfoAccessString = NULL((void*)0);
842
843 PKIX_ENTER(CERT, "pkix_pl_Cert_ToString_Helper")static const char cMyFuncName[] = {"pkix_pl_Cert_ToString_Helper"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
844 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pString)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pString) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
845
846 /*
847 * XXX Add to this format as certificate components are developed.
848 */
849
850 if (partialString){
851 asciiFormat =
852 "\t[Issuer: %s\n"
853 "\t Subject: %s]";
854 } else {
855 asciiFormat =
856 "[\n"
857 "\tVersion: v%d\n"
858 "\tSerialNumber: %s\n"
859 "\tIssuer: %s\n"
860 "\tSubject: %s\n"
861 "\tValidity: [From: %s\n"
862 "\t To: %s]\n"
863 "\tSubjectAltNames: %s\n"
864 "\tAuthorityKeyId: %s\n"
865 "\tSubjectKeyId: %s\n"
866 "\tSubjPubKeyAlgId: %s\n"
867 "\tCritExtOIDs: %s\n"
868 "\tExtKeyUsages: %s\n"
869 "\tBasicConstraint: %s\n"
870 "\tCertPolicyInfo: %s\n"
871 "\tPolicyMappings: %s\n"
872 "\tExplicitPolicy: %d\n"
873 "\tInhibitMapping: %d\n"
874 "\tInhibitAnyPolicy:%d\n"
875 "\tNameConstraints: %s\n"
876 "\tAuthorityInfoAccess: %s\n"
877 "\tSubjectInfoAccess: %s\n"
878 "\tCacheFlag: %d\n"
879 "]\n";
880 }
881
882
883
884 PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
885 (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
886 PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0);
887
888 /* Issuer */
889 PKIX_CHECK(PKIX_PL_Cert_GetIssuerdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (cert
, &certIssuer, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup
; } } while (0)
890 (cert, &certIssuer, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (cert
, &certIssuer, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup
; } } while (0)
891 PKIX_CERTGETISSUERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (cert
, &certIssuer, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup
; } } while (0);
892
893 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)certIssuer, &certIssuerString, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMETOSTRINGFAILED
; goto cleanup; } } while (0)
894 ((PKIX_PL_Object *)certIssuer, &certIssuerString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)certIssuer, &certIssuerString, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMETOSTRINGFAILED
; goto cleanup; } } while (0)
895 PKIX_X500NAMETOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)certIssuer, &certIssuerString, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMETOSTRINGFAILED
; goto cleanup; } } while (0);
896
897 /* Subject */
898 PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &certSubject, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject(cert
, &certSubject, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup
; } } while (0)
899 PKIX_CERTGETSUBJECTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject(cert
, &certSubject, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup
; } } while (0);
900
901 PKIX_TOSTRING(certSubject, &certSubjectString, plContext,do { int descNum; if ((certSubject) != ((void*)0)) { stdVars.
aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)
(certSubject), (&certSubjectString), (plContext)); descNum
= (PKIX_X500NAMETOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&certSubjectString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
902 PKIX_X500NAMETOSTRINGFAILED)do { int descNum; if ((certSubject) != ((void*)0)) { stdVars.
aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)
(certSubject), (&certSubjectString), (plContext)); descNum
= (PKIX_X500NAMETOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&certSubjectString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
903
904 if (partialString){
905 PKIX_CHECK(PKIX_PL_Sprintfdo { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certIssuerString, certSubjectString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
906 (&certString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certIssuerString, certSubjectString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
907 plContext,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certIssuerString, certSubjectString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
908 formatString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certIssuerString, certSubjectString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
909 certIssuerString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certIssuerString, certSubjectString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
910 certSubjectString),do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certIssuerString, certSubjectString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
911 PKIX_SPRINTFFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certIssuerString, certSubjectString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0);
912
913 *pString = certString;
914 goto cleanup;
915 }
916
917 /* Version */
918 PKIX_CHECK(PKIX_PL_Cert_GetVersion(cert, &certVersion, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetVersion(cert
, &certVersion, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETVERSIONFAILED; goto cleanup
; } } while (0)
919 PKIX_CERTGETVERSIONFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetVersion(cert
, &certVersion, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETVERSIONFAILED; goto cleanup
; } } while (0);
920
921 /* SerialNumber */
922 PKIX_CHECK(PKIX_PL_Cert_GetSerialNumber(cert, &certSN, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSerialNumber
(cert, &certSN, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSERIALNUMBERFAILED; goto
cleanup; } } while (0)
923 PKIX_CERTGETSERIALNUMBERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSerialNumber
(cert, &certSN, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSERIALNUMBERFAILED; goto
cleanup; } } while (0);
924
925 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)certSN, &certSNString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BIGINTTOSTRINGFAILED; goto cleanup
; } } while (0)
926 ((PKIX_PL_Object *)certSN, &certSNString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)certSN, &certSNString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BIGINTTOSTRINGFAILED; goto cleanup
; } } while (0)
927 PKIX_BIGINTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)certSN, &certSNString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BIGINTTOSTRINGFAILED; goto cleanup
; } } while (0);
928
929 /* Validity: NotBefore */
930 PKIX_CHECK(pkix_pl_Date_ToString_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notBefore), &notBeforeString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0)
931 (&(cert->nssCert->validity.notBefore),do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notBefore), &notBeforeString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0)
932 &notBeforeString,do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notBefore), &notBeforeString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0)
933 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notBefore), &notBeforeString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0)
934 PKIX_DATETOSTRINGHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notBefore), &notBeforeString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0);
935
936 /* Validity: NotAfter */
937 PKIX_CHECK(pkix_pl_Date_ToString_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notAfter), &notAfterString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0)
938 (&(cert->nssCert->validity.notAfter),do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notAfter), &notAfterString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0)
939 &notAfterString,do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notAfter), &notAfterString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0)
940 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notAfter), &notAfterString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0)
941 PKIX_DATETOSTRINGHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper
(&(cert->nssCert->validity.notAfter), &notAfterString
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0);
942
943 /* SubjectAltNames */
944 PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNamesdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectAltNames
(cert, &subjAltNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTALTNAMESFAILED;
goto cleanup; } } while (0)
945 (cert, &subjAltNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectAltNames
(cert, &subjAltNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTALTNAMESFAILED;
goto cleanup; } } while (0)
946 PKIX_CERTGETSUBJECTALTNAMESFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectAltNames
(cert, &subjAltNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTALTNAMESFAILED;
goto cleanup; } } while (0);
947
948 PKIX_TOSTRING(subjAltNames, &subjAltNamesString, plContext,do { int descNum; if ((subjAltNames) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(subjAltNames), (&subjAltNamesString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&subjAltNamesString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
949 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((subjAltNames) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(subjAltNames), (&subjAltNamesString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&subjAltNamesString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
950
951 /* AuthorityKeyIdentifier */
952 PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifierdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier
(cert, &authKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED
; goto cleanup; } } while (0)
953 (cert, &authKeyId, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier
(cert, &authKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED
; goto cleanup; } } while (0)
954 PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier
(cert, &authKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED
; goto cleanup; } } while (0);
955
956 PKIX_TOSTRING(authKeyId, &authKeyIdString, plContext,do { int descNum; if ((authKeyId) != ((void*)0)) { stdVars.aPkixErrorResult
= PKIX_PL_Object_ToString((PKIX_PL_Object *)(authKeyId), (&
authKeyIdString), (plContext)); descNum = (PKIX_BYTEARRAYTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&authKeyIdString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
957 PKIX_BYTEARRAYTOSTRINGFAILED)do { int descNum; if ((authKeyId) != ((void*)0)) { stdVars.aPkixErrorResult
= PKIX_PL_Object_ToString((PKIX_PL_Object *)(authKeyId), (&
authKeyIdString), (plContext)); descNum = (PKIX_BYTEARRAYTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&authKeyIdString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0);
958
959 /* SubjectKeyIdentifier */
960 PKIX_CHECK(PKIX_PL_Cert_GetSubjectKeyIdentifierdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectKeyIdentifier
(cert, &subjKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED
; goto cleanup; } } while (0)
961 (cert, &subjKeyId, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectKeyIdentifier
(cert, &subjKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED
; goto cleanup; } } while (0)
962 PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectKeyIdentifier
(cert, &subjKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED
; goto cleanup; } } while (0);
963
964 PKIX_TOSTRING(subjKeyId, &subjKeyIdString, plContext,do { int descNum; if ((subjKeyId) != ((void*)0)) { stdVars.aPkixErrorResult
= PKIX_PL_Object_ToString((PKIX_PL_Object *)(subjKeyId), (&
subjKeyIdString), (plContext)); descNum = (PKIX_BYTEARRAYTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&subjKeyIdString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
965 PKIX_BYTEARRAYTOSTRINGFAILED)do { int descNum; if ((subjKeyId) != ((void*)0)) { stdVars.aPkixErrorResult
= PKIX_PL_Object_ToString((PKIX_PL_Object *)(subjKeyId), (&
subjKeyIdString), (plContext)); descNum = (PKIX_BYTEARRAYTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&subjKeyIdString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0);
966
967 /* SubjectPublicKey */
968 PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
(cert, &nssPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
969 (cert, &nssPubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
(cert, &nssPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
970 PKIX_CERTGETSUBJECTPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
(cert, &nssPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0);
971
972 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)nssPubKey, &nssPubKeyString, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYTOSTRINGFAILED
; goto cleanup; } } while (0)
973 ((PKIX_PL_Object *)nssPubKey, &nssPubKeyString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)nssPubKey, &nssPubKeyString, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYTOSTRINGFAILED
; goto cleanup; } } while (0)
974 PKIX_PUBLICKEYTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)nssPubKey, &nssPubKeyString, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYTOSTRINGFAILED
; goto cleanup; } } while (0);
975
976 /* CriticalExtensionOIDs */
977 PKIX_CHECK(PKIX_PL_Cert_GetCriticalExtensionOIDsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs
(cert, &critExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0)
978 (cert, &critExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs
(cert, &critExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0)
979 PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs
(cert, &critExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0);
980
981 PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,do { int descNum; if ((critExtOIDs) != ((void*)0)) { stdVars.
aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)
(critExtOIDs), (&critExtOIDsString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&critExtOIDsString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
982 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((critExtOIDs) != ((void*)0)) { stdVars.
aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)
(critExtOIDs), (&critExtOIDsString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&critExtOIDsString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
983
984 /* ExtendedKeyUsages */
985 PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsagedo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetExtendedKeyUsage
(cert, &extKeyUsages, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0)
986 (cert, &extKeyUsages, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetExtendedKeyUsage
(cert, &extKeyUsages, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0)
987 PKIX_CERTGETEXTENDEDKEYUSAGEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetExtendedKeyUsage
(cert, &extKeyUsages, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0);
988
989 PKIX_TOSTRING(extKeyUsages, &extKeyUsagesString, plContext,do { int descNum; if ((extKeyUsages) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(extKeyUsages), (&extKeyUsagesString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&extKeyUsagesString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
990 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((extKeyUsages) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(extKeyUsages), (&extKeyUsagesString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&extKeyUsagesString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
991
992 /* CertBasicConstraints */
993 PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraintsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraint, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0)
994 (cert, &basicConstraint, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraint, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0)
995 PKIX_CERTGETBASICCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraint, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0);
996
997 PKIX_TOSTRING(basicConstraint, &certBasicConstraintsString, plContext,do { int descNum; if ((basicConstraint) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(basicConstraint), (&certBasicConstraintsString), (plContext
)); descNum = (PKIX_CERTBASICCONSTRAINTSTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&certBasicConstraintsString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
998 PKIX_CERTBASICCONSTRAINTSTOSTRINGFAILED)do { int descNum; if ((basicConstraint) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(basicConstraint), (&certBasicConstraintsString), (plContext
)); descNum = (PKIX_CERTBASICCONSTRAINTSTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&certBasicConstraintsString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0);
999
1000 /* CertPolicyInfo */
1001 PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformationdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation
(cert, &policyInfo, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED
; goto cleanup; } } while (0)
1002 (cert, &policyInfo, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation
(cert, &policyInfo, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED
; goto cleanup; } } while (0)
1003 PKIX_CERTGETPOLICYINFORMATIONFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation
(cert, &policyInfo, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED
; goto cleanup; } } while (0);
1004
1005 PKIX_TOSTRING(policyInfo, &certPolicyInfoString, plContext,do { int descNum; if ((policyInfo) != ((void*)0)) { stdVars.aPkixErrorResult
= PKIX_PL_Object_ToString((PKIX_PL_Object *)(policyInfo), (&
certPolicyInfoString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&certPolicyInfoString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
1006 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((policyInfo) != ((void*)0)) { stdVars.aPkixErrorResult
= PKIX_PL_Object_ToString((PKIX_PL_Object *)(policyInfo), (&
certPolicyInfoString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&certPolicyInfoString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0);
1007
1008 /* Advanced Policies */
1009 PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings
(cert, &certPolicyMappings, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto
cleanup; } } while (0)
1010 (cert, &certPolicyMappings, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings
(cert, &certPolicyMappings, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto
cleanup; } } while (0)
1011 PKIX_CERTGETPOLICYMAPPINGSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings
(cert, &certPolicyMappings, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto
cleanup; } } while (0);
1012
1013 PKIX_TOSTRING(certPolicyMappings, &certPolicyMappingsString, plContext,do { int descNum; if ((certPolicyMappings) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(certPolicyMappings), (&certPolicyMappingsString), (plContext
)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&certPolicyMappingsString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
1014 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((certPolicyMappings) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(certPolicyMappings), (&certPolicyMappingsString), (plContext
)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&certPolicyMappingsString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
1015
1016 PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &certExplicitPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0)
1017 (cert, &certExplicitPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &certExplicitPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0)
1018 PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &certExplicitPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0);
1019
1020 PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingInhibiteddo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited
(cert, &certInhibitMapping, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0)
1021 (cert, &certInhibitMapping, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited
(cert, &certInhibitMapping, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0)
1022 PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited
(cert, &certInhibitMapping, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0);
1023
1024 PKIX_CHECK(PKIX_PL_Cert_GetInhibitAnyPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy
(cert, &certInhibitAnyPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0)
1025 (cert, &certInhibitAnyPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy
(cert, &certInhibitAnyPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0)
1026 PKIX_CERTGETINHIBITANYPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy
(cert, &certInhibitAnyPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0);
1027
1028 /* Name Constraints */
1029 PKIX_CHECK(PKIX_PL_Cert_GetNameConstraintsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetNameConstraints
(cert, &nameConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETNAMECONSTRAINTSFAILED;
goto cleanup; } } while (0)
1030 (cert, &nameConstraints, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetNameConstraints
(cert, &nameConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETNAMECONSTRAINTSFAILED;
goto cleanup; } } while (0)
1031 PKIX_CERTGETNAMECONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetNameConstraints
(cert, &nameConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETNAMECONSTRAINTSFAILED;
goto cleanup; } } while (0);
1032
1033 PKIX_TOSTRING(nameConstraints, &nameConstraintsString, plContext,do { int descNum; if ((nameConstraints) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(nameConstraints), (&nameConstraintsString), (plContext)
); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&nameConstraintsString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
1034 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((nameConstraints) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(nameConstraints), (&nameConstraintsString), (plContext)
); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&nameConstraintsString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
1035
1036 /* Authority Information Access */
1037 PKIX_CHECK(PKIX_PL_Cert_GetAuthorityInfoAccessdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityInfoAccess
(cert, &authorityInfoAccess, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYINFOACCESSFAILED
; goto cleanup; } } while (0)
1038 (cert, &authorityInfoAccess, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityInfoAccess
(cert, &authorityInfoAccess, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYINFOACCESSFAILED
; goto cleanup; } } while (0)
1039 PKIX_CERTGETAUTHORITYINFOACCESSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityInfoAccess
(cert, &authorityInfoAccess, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYINFOACCESSFAILED
; goto cleanup; } } while (0);
1040
1041 PKIX_TOSTRING(authorityInfoAccess, &authorityInfoAccessString, plContext,do { int descNum; if ((authorityInfoAccess) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(authorityInfoAccess), (&authorityInfoAccessString), (plContext
)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&authorityInfoAccessString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
1042 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((authorityInfoAccess) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(authorityInfoAccess), (&authorityInfoAccessString), (plContext
)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&authorityInfoAccessString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
1043
1044 /* Subject Information Access */
1045 PKIX_CHECK(PKIX_PL_Cert_GetSubjectInfoAccessdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectInfoAccess
(cert, &subjectInfoAccess, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTINFOACCESSFAILED
; goto cleanup; } } while (0)
1046 (cert, &subjectInfoAccess, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectInfoAccess
(cert, &subjectInfoAccess, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTINFOACCESSFAILED
; goto cleanup; } } while (0)
1047 PKIX_CERTGETSUBJECTINFOACCESSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectInfoAccess
(cert, &subjectInfoAccess, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTINFOACCESSFAILED
; goto cleanup; } } while (0);
1048
1049 PKIX_TOSTRING(subjectInfoAccess, &subjectInfoAccessString, plContext,do { int descNum; if ((subjectInfoAccess) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(subjectInfoAccess), (&subjectInfoAccessString), (plContext
)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&subjectInfoAccessString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
1050 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((subjectInfoAccess) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(subjectInfoAccess), (&subjectInfoAccessString), (plContext
)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&subjectInfoAccessString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
1051
1052 PKIX_CHECK(PKIX_PL_Sprintfdo { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1053 (&certString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1054 plContext,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1055 formatString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1056 certVersion + 1,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1057 certSNString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1058 certIssuerString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1059 certSubjectString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1060 notBeforeString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1061 notAfterString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1062 subjAltNamesString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1063 authKeyIdString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1064 subjKeyIdString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1065 nssPubKeyString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1066 critExtOIDsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1067 extKeyUsagesString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1068 certBasicConstraintsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1069 certPolicyInfoString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1070 certPolicyMappingsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1071 certExplicitPolicy, /* an Int32, not a String */do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1072 certInhibitMapping, /* an Int32, not a String */do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1073 certInhibitAnyPolicy, /* an Int32, not a String */do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1074 nameConstraintsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1075 authorityInfoAccessString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1076 subjectInfoAccessString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1077 cert->cacheFlag), /* a boolean */do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0)
1078 PKIX_SPRINTFFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString
, plContext, formatString, certVersion + 1, certSNString, certIssuerString
, certSubjectString, notBeforeString, notAfterString, subjAltNamesString
, authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString
, extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString
, certPolicyMappingsString, certExplicitPolicy, certInhibitMapping
, certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString
, subjectInfoAccessString, cert->cacheFlag)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto
cleanup; } } while (0);
1079
1080 *pString = certString;
1081
1082cleanup:
1083 PKIX_DECREF(certSN)do { if (certSN){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certSN), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certSN = ((void*)0
); } } while (0);
1084 PKIX_DECREF(certSNString)do { if (certSNString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certSNString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certSNString = ((void
*)0); } } while (0);
1085 PKIX_DECREF(certIssuer)do { if (certIssuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certIssuer), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certIssuer = ((void
*)0); } } while (0);
1086 PKIX_DECREF(certIssuerString)do { if (certIssuerString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certIssuerString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certIssuerString
= ((void*)0); } } while (0);
1087 PKIX_DECREF(certSubject)do { if (certSubject){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certSubject), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certSubject = ((void
*)0); } } while (0);
1088 PKIX_DECREF(certSubjectString)do { if (certSubjectString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certSubjectString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certSubjectString
= ((void*)0); } } while (0);
1089 PKIX_DECREF(notBeforeString)do { if (notBeforeString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(notBeforeString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } notBeforeString
= ((void*)0); } } while (0);
1090 PKIX_DECREF(notAfterString)do { if (notAfterString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(notAfterString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } notAfterString
= ((void*)0); } } while (0);
1091 PKIX_DECREF(subjAltNames)do { if (subjAltNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjAltNames), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjAltNames = ((void
*)0); } } while (0);
1092 PKIX_DECREF(subjAltNamesString)do { if (subjAltNamesString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjAltNamesString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjAltNamesString
= ((void*)0); } } while (0);
1093 PKIX_DECREF(authKeyId)do { if (authKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(authKeyId), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } authKeyId = ((void
*)0); } } while (0);
1094 PKIX_DECREF(authKeyIdString)do { if (authKeyIdString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(authKeyIdString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } authKeyIdString
= ((void*)0); } } while (0);
1095 PKIX_DECREF(subjKeyId)do { if (subjKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjKeyId), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjKeyId = ((void
*)0); } } while (0);
1096 PKIX_DECREF(subjKeyIdString)do { if (subjKeyIdString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjKeyIdString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjKeyIdString
= ((void*)0); } } while (0);
1097 PKIX_DECREF(nssPubKey)do { if (nssPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nssPubKey), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } nssPubKey = ((void
*)0); } } while (0);
1098 PKIX_DECREF(nssPubKeyString)do { if (nssPubKeyString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nssPubKeyString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } nssPubKeyString
= ((void*)0); } } while (0);
1099 PKIX_DECREF(critExtOIDs)do { if (critExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(critExtOIDs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } critExtOIDs = ((void
*)0); } } while (0);
1100 PKIX_DECREF(critExtOIDsString)do { if (critExtOIDsString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(critExtOIDsString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } critExtOIDsString
= ((void*)0); } } while (0);
1101 PKIX_DECREF(extKeyUsages)do { if (extKeyUsages){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(extKeyUsages), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } extKeyUsages = ((void
*)0); } } while (0);
1102 PKIX_DECREF(extKeyUsagesString)do { if (extKeyUsagesString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(extKeyUsagesString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } extKeyUsagesString
= ((void*)0); } } while (0);
1103 PKIX_DECREF(basicConstraint)do { if (basicConstraint){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(basicConstraint), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } basicConstraint
= ((void*)0); } } while (0);
1104 PKIX_DECREF(certBasicConstraintsString)do { if (certBasicConstraintsString){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certBasicConstraintsString
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } certBasicConstraintsString = ((void*)0); } }
while (0);
1105 PKIX_DECREF(policyInfo)do { if (policyInfo){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyInfo), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyInfo = ((void
*)0); } } while (0);
1106 PKIX_DECREF(certPolicyInfoString)do { if (certPolicyInfoString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyInfoString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyInfoString
= ((void*)0); } } while (0);
1107 PKIX_DECREF(certPolicyMappings)do { if (certPolicyMappings){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyMappings), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyMappings
= ((void*)0); } } while (0);
1108 PKIX_DECREF(certPolicyMappingsString)do { if (certPolicyMappingsString){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyMappingsString
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } certPolicyMappingsString = ((void*)0); } } while
(0);
1109 PKIX_DECREF(nameConstraints)do { if (nameConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nameConstraints), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } nameConstraints
= ((void*)0); } } while (0);
1110 PKIX_DECREF(nameConstraintsString)do { if (nameConstraintsString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nameConstraintsString), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } nameConstraintsString = ((void*)0); } } while (0);
1111 PKIX_DECREF(authorityInfoAccess)do { if (authorityInfoAccess){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(authorityInfoAccess), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } authorityInfoAccess
= ((void*)0); } } while (0);
1112 PKIX_DECREF(authorityInfoAccessString)do { if (authorityInfoAccessString){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(authorityInfoAccessString
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } authorityInfoAccessString = ((void*)0); } } while
(0);
1113 PKIX_DECREF(subjectInfoAccess)do { if (subjectInfoAccess){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectInfoAccess), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjectInfoAccess
= ((void*)0); } } while (0);
1114 PKIX_DECREF(subjectInfoAccessString)do { if (subjectInfoAccessString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectInfoAccessString), plContext); if
(stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } subjectInfoAccessString = ((void*)0); } } while (0);
1115 PKIX_DECREF(formatString)do { if (formatString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(formatString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } formatString = ((void
*)0); } } while (0);
1116
1117 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1118}
1119
1120/*
1121 * FUNCTION: pkix_pl_Cert_Destroy
1122 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
1123 */
1124static PKIX_Error *
1125pkix_pl_Cert_Destroy(
1126 PKIX_PL_Object *object,
1127 void *plContext)
1128{
1129 PKIX_PL_Cert *cert = NULL((void*)0);
1130
1131 PKIX_ENTER(CERT, "pkix_pl_Cert_Destroy")static const char cMyFuncName[] = {"pkix_pl_Cert_Destroy"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1132 PKIX_NULLCHECK_ONE(object)do { if ((object) == ((void*)0)){ stdVars.aPkixErrorReceived =
((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1133
1134 PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERT; goto cleanup; } } while (0)
1135 PKIX_OBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERT; goto cleanup; } } while (0);
1136
1137 cert = (PKIX_PL_Cert*)object;
1138
1139 PKIX_DECREF(cert->subject)do { if (cert->subject){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->subject), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->
subject = ((void*)0); } } while (0);
1140 PKIX_DECREF(cert->issuer)do { if (cert->issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->issuer), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->
issuer = ((void*)0); } } while (0);
1141 PKIX_DECREF(cert->subjAltNames)do { if (cert->subjAltNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->subjAltNames), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } cert->subjAltNames = ((void*)0); } } while (0);
1142 PKIX_DECREF(cert->publicKeyAlgId)do { if (cert->publicKeyAlgId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->publicKeyAlgId), plContext); if
(stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } cert->publicKeyAlgId = ((void*)0); } } while (0);
1143 PKIX_DECREF(cert->publicKey)do { if (cert->publicKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->publicKey), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->
publicKey = ((void*)0); } } while (0);
1144 PKIX_DECREF(cert->serialNumber)do { if (cert->serialNumber){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->serialNumber), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } cert->serialNumber = ((void*)0); } } while (0);
1145 PKIX_DECREF(cert->critExtOids)do { if (cert->critExtOids){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->critExtOids), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->
critExtOids = ((void*)0); } } while (0);
1146 PKIX_DECREF(cert->authKeyId)do { if (cert->authKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->authKeyId), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->
authKeyId = ((void*)0); } } while (0);
1147 PKIX_DECREF(cert->subjKeyId)do { if (cert->subjKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->subjKeyId), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->
subjKeyId = ((void*)0); } } while (0);
1148 PKIX_DECREF(cert->extKeyUsages)do { if (cert->extKeyUsages){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->extKeyUsages), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } cert->extKeyUsages = ((void*)0); } } while (0);
1149 PKIX_DECREF(cert->certBasicConstraints)do { if (cert->certBasicConstraints){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->certBasicConstraints
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } cert->certBasicConstraints = ((void*)0); }
} while (0);
1150 PKIX_DECREF(cert->certPolicyInfos)do { if (cert->certPolicyInfos){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->certPolicyInfos
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } cert->certPolicyInfos = ((void*)0); } } while
(0);
1151 PKIX_DECREF(cert->certPolicyMappings)do { if (cert->certPolicyMappings){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->certPolicyMappings
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } cert->certPolicyMappings = ((void*)0); } }
while (0);
1152 PKIX_DECREF(cert->nameConstraints)do { if (cert->nameConstraints){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->nameConstraints
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } cert->nameConstraints = ((void*)0); } } while
(0);
1153 PKIX_DECREF(cert->store)do { if (cert->store){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->store), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->
store = ((void*)0); } } while (0);
1154 PKIX_DECREF(cert->authorityInfoAccess)do { if (cert->authorityInfoAccess){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->authorityInfoAccess
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } cert->authorityInfoAccess = ((void*)0); }
} while (0);
1155 PKIX_DECREF(cert->subjectInfoAccess)do { if (cert->subjectInfoAccess){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->subjectInfoAccess
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } cert->subjectInfoAccess = ((void*)0); } }
while (0);
1156 PKIX_DECREF(cert->crldpList)do { if (cert->crldpList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert->crldpList), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->
crldpList = ((void*)0); } } while (0);
1157
1158 if (cert->arenaNameConstraints){
1159 /* This arena was allocated for SubjectAltNames */
1160 PKIX_PL_NSSCALL(CERT, PORT_FreeArena,; (PORT_FreeArena_Util (cert->arenaNameConstraints, 0))
1161 (cert->arenaNameConstraints, PR_FALSE)); (PORT_FreeArena_Util (cert->arenaNameConstraints, 0));
1162
1163 cert->arenaNameConstraints = NULL((void*)0);
1164 cert->nssSubjAltNames = NULL((void*)0);
1165 }
1166
1167 CERT_DestroyCertificate(cert->nssCert);
1168 cert->nssCert = NULL((void*)0);
1169
1170cleanup:
1171 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1172}
1173
1174/*
1175 * FUNCTION: pkix_pl_Cert_ToString
1176 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
1177 */
1178static PKIX_Error *
1179pkix_pl_Cert_ToString(
1180 PKIX_PL_Object *object,
1181 PKIX_PL_String **pString,
1182 void *plContext)
1183{
1184 PKIX_PL_String *certString = NULL((void*)0);
1185 PKIX_PL_Cert *pkixCert = NULL((void*)0);
1186
1187 PKIX_ENTER(CERT, "pkix_pl_Cert_toString")static const char cMyFuncName[] = {"pkix_pl_Cert_toString"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1188 PKIX_NULLCHECK_TWO(object, pString)do { if (((object) == ((void*)0)) || ((pString) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1189
1190 PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERT; goto cleanup; } } while (0)
1191 PKIX_OBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERT; goto cleanup; } } while (0);
1192
1193 pkixCert = (PKIX_PL_Cert *)object;
1194
1195 PKIX_CHECK(pkix_pl_Cert_ToString_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_ToString_Helper
(pkixCert, ((PKIX_Boolean) 0), &certString, plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTTOSTRINGHELPERFAILED
; goto cleanup; } } while (0)
1196 (pkixCert, PKIX_FALSE, &certString, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_ToString_Helper
(pkixCert, ((PKIX_Boolean) 0), &certString, plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTTOSTRINGHELPERFAILED
; goto cleanup; } } while (0)
1197 PKIX_CERTTOSTRINGHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_ToString_Helper
(pkixCert, ((PKIX_Boolean) 0), &certString, plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTTOSTRINGHELPERFAILED
; goto cleanup; } } while (0);
1198
1199 *pString = certString;
1200
1201cleanup:
1202 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1203}
1204
1205/*
1206 * FUNCTION: pkix_pl_Cert_Hashcode
1207 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
1208 */
1209static PKIX_Error *
1210pkix_pl_Cert_Hashcode(
1211 PKIX_PL_Object *object,
1212 PKIX_UInt32 *pHashcode,
1213 void *plContext)
1214{
1215 PKIX_PL_Cert *pkixCert = NULL((void*)0);
1216 CERTCertificate *nssCert = NULL((void*)0);
1217 unsigned char *derBytes = NULL((void*)0);
1218 PKIX_UInt32 derLength;
1219 PKIX_UInt32 certHash;
1220
1221 PKIX_ENTER(CERT, "pkix_pl_Cert_Hashcode")static const char cMyFuncName[] = {"pkix_pl_Cert_Hashcode"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1222 PKIX_NULLCHECK_TWO(object, pHashcode)do { if (((object) == ((void*)0)) || ((pHashcode) == ((void*)
0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1223
1224 PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERT; goto cleanup; } } while (0)
1225 PKIX_OBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERT; goto cleanup; } } while (0);
1226
1227 pkixCert = (PKIX_PL_Cert *)object;
1228
1229 nssCert = pkixCert->nssCert;
1230 derBytes = (nssCert->derCert).data;
1231 derLength = (nssCert->derCert).len;
1232
1233 PKIX_CHECK(pkix_hash(derBytes, derLength, &certHash, plContext),do { stdVars.aPkixErrorResult = (pkix_hash(derBytes, derLength
, &certHash, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_HASHFAILED; goto cleanup; } }
while (0)
1234 PKIX_HASHFAILED)do { stdVars.aPkixErrorResult = (pkix_hash(derBytes, derLength
, &certHash, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_HASHFAILED; goto cleanup; } }
while (0);
1235
1236 *pHashcode = certHash;
1237
1238cleanup:
1239 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1240}
1241
1242
1243/*
1244 * FUNCTION: pkix_pl_Cert_Equals
1245 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
1246 */
1247static PKIX_Error *
1248pkix_pl_Cert_Equals(
1249 PKIX_PL_Object *firstObject,
1250 PKIX_PL_Object *secondObject,
1251 PKIX_Boolean *pResult,
1252 void *plContext)
1253{
1254 CERTCertificate *firstCert = NULL((void*)0);
1255 CERTCertificate *secondCert = NULL((void*)0);
1256 PKIX_UInt32 secondType;
1257 PKIX_Boolean cmpResult;
1258
1259 PKIX_ENTER(CERT, "pkix_pl_Cert_Equals")static const char cMyFuncName[] = {"pkix_pl_Cert_Equals"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1260 PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult)do { if (((firstObject) == ((void*)0)) || ((secondObject) == (
(void*)0)) || ((pResult) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1261
1262 /* test that firstObject is a Cert */
1263 PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(firstObject, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_FIRSTOBJECTNOTCERT; goto cleanup; } } while (0)
1264 PKIX_FIRSTOBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(firstObject, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_FIRSTOBJECTNOTCERT; goto cleanup; } } while (0);
1265
1266 /*
1267 * Since we know firstObject is a Cert, if both references are
1268 * identical, they must be equal
1269 */
1270 if (firstObject == secondObject){
1271 *pResult = PKIX_TRUE((PKIX_Boolean) 1);
1272 goto cleanup;
1273 }
1274
1275 /*
1276 * If secondObject isn't a Cert, we don't throw an error.
1277 * We simply return a Boolean result of FALSE
1278 */
1279 *pResult = PKIX_FALSE((PKIX_Boolean) 0);
1280 PKIX_CHECK(PKIX_PL_Object_GetTypedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType (secondObject
, &secondType, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT
; goto cleanup; } } while (0)
1281 (secondObject, &secondType, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType (secondObject
, &secondType, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT
; goto cleanup; } } while (0)
1282 PKIX_COULDNOTGETTYPEOFSECONDARGUMENT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType (secondObject
, &secondType, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT
; goto cleanup; } } while (0);
1283 if (secondType != PKIX_CERT_TYPE) goto cleanup;
1284
1285 firstCert = ((PKIX_PL_Cert *)firstObject)->nssCert;
1286 secondCert = ((PKIX_PL_Cert *)secondObject)->nssCert;
1287
1288 PKIX_NULLCHECK_TWO(firstCert, secondCert)do { if (((firstCert) == ((void*)0)) || ((secondCert) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1289
1290 /* CERT_CompareCerts does byte comparison on DER encodings of certs */
1291 PKIX_CERT_DEBUG("\t\tCalling CERT_CompareCerts).\n");
1292 cmpResult = CERT_CompareCerts(firstCert, secondCert);
1293
1294 *pResult = cmpResult;
1295
1296cleanup:
1297 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1298}
1299
1300/*
1301 * FUNCTION: pkix_pl_Cert_RegisterSelf
1302 * DESCRIPTION:
1303 * Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
1304 * THREAD SAFETY:
1305 * Not Thread Safe - for performance and complexity reasons
1306 *
1307 * Since this function is only called by PKIX_PL_Initialize, which should
1308 * only be called once, it is acceptable that this function is not
1309 * thread-safe.
1310 */
1311PKIX_Error *
1312pkix_pl_Cert_RegisterSelf(void *plContext)
1313{
1314
1315 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
1316 pkix_ClassTable_Entry entry;
1317
1318 PKIX_ENTER(CERT, "pkix_pl_Cert_RegisterSelf")static const char cMyFuncName[] = {"pkix_pl_Cert_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1319
1320 entry.description = "Cert";
1321 entry.objCounter = 0;
1322 entry.typeObjectSize = sizeof(PKIX_PL_Cert);
1323 entry.destructor = pkix_pl_Cert_Destroy;
1324 entry.equalsFunction = pkix_pl_Cert_Equals;
1325 entry.hashcodeFunction = pkix_pl_Cert_Hashcode;
1326 entry.toStringFunction = pkix_pl_Cert_ToString;
1327 entry.comparator = NULL((void*)0);
1328 entry.duplicateFunction = pkix_duplicateImmutable;
1329
1330 systemClasses[PKIX_CERT_TYPE] = entry;
1331
1332 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1333}
1334
1335/*
1336 * FUNCTION: pkix_pl_Cert_CreateWithNSSCert
1337 * DESCRIPTION:
1338 *
1339 * Creates a new certificate using the CERTCertificate pointed to by "nssCert"
1340 * and stores it at "pCert". Once created, a Cert is immutable.
1341 *
1342 * This function is primarily used as a convenience function for the
1343 * performance tests that have easy access to a CERTCertificate.
1344 *
1345 * PARAMETERS:
1346 * "nssCert"
1347 * Address of CERTCertificate representing the NSS certificate.
1348 * Must be non-NULL.
1349 * "pCert"
1350 * Address where object pointer will be stored. Must be non-NULL.
1351 * "plContext"
1352 * Platform-specific context pointer.
1353 * THREAD SAFETY:
1354 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1355 * RETURNS:
1356 * Returns NULL if the function succeeds.
1357 * Returns a Cert Error if the function fails in a non-fatal way.
1358 * Returns a Fatal Error if the function fails in an unrecoverable way.
1359 */
1360PKIX_Error *
1361pkix_pl_Cert_CreateWithNSSCert(
1362 CERTCertificate *nssCert,
1363 PKIX_PL_Cert **pCert,
1364 void *plContext)
1365{
1366 PKIX_PL_Cert *cert = NULL((void*)0);
1367
1368 PKIX_ENTER(CERT, "pkix_pl_Cert_CreateWithNSSCert")static const char cMyFuncName[] = {"pkix_pl_Cert_CreateWithNSSCert"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1369 PKIX_NULLCHECK_TWO(pCert, nssCert)do { if (((pCert) == ((void*)0)) || ((nssCert) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
1370
1371 /* create a PKIX_PL_Cert object */
1372 PKIX_CHECK(PKIX_PL_Object_Allocdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE
, sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
1373 (PKIX_CERT_TYPE,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE
, sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
1374 sizeof (PKIX_PL_Cert),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE
, sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
1375 (PKIX_PL_Object **)&cert,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE
, sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
1376 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE
, sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
1377 PKIX_COULDNOTCREATEOBJECT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE
, sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0);
1378
1379 /* populate the nssCert field */
1380 cert->nssCert = nssCert;
1381
1382 /* initialize remaining fields */
1383 /*
1384 * Fields ending with Absent are initialized to PKIX_FALSE so that the
1385 * first time we need the value we will look for it. If we find it is
1386 * actually absent, the flag will at that time be set to PKIX_TRUE to
1387 * prevent searching for it later.
1388 * Fields ending with Processed are those where a value is defined
1389 * for the Absent case, and a value of zero is possible. When the
1390 * flag is still true we have to look for the field, set the default
1391 * value if necessary, and set the Processed flag to PKIX_TRUE.
1392 */
1393 cert->subject = NULL((void*)0);
1394 cert->issuer = NULL((void*)0);
1395 cert->subjAltNames = NULL((void*)0);
1396 cert->subjAltNamesAbsent = PKIX_FALSE((PKIX_Boolean) 0);
1397 cert->publicKeyAlgId = NULL((void*)0);
1398 cert->publicKey = NULL((void*)0);
1399 cert->serialNumber = NULL((void*)0);
1400 cert->critExtOids = NULL((void*)0);
1401 cert->subjKeyId = NULL((void*)0);
1402 cert->subjKeyIdAbsent = PKIX_FALSE((PKIX_Boolean) 0);
1403 cert->authKeyId = NULL((void*)0);
1404 cert->authKeyIdAbsent = PKIX_FALSE((PKIX_Boolean) 0);
1405 cert->extKeyUsages = NULL((void*)0);
1406 cert->extKeyUsagesAbsent = PKIX_FALSE((PKIX_Boolean) 0);
1407 cert->certBasicConstraints = NULL((void*)0);
1408 cert->basicConstraintsAbsent = PKIX_FALSE((PKIX_Boolean) 0);
1409 cert->certPolicyInfos = NULL((void*)0);
1410 cert->policyInfoAbsent = PKIX_FALSE((PKIX_Boolean) 0);
1411 cert->policyMappingsAbsent = PKIX_FALSE((PKIX_Boolean) 0);
1412 cert->certPolicyMappings = NULL((void*)0);
1413 cert->policyConstraintsProcessed = PKIX_FALSE((PKIX_Boolean) 0);
1414 cert->policyConstraintsExplicitPolicySkipCerts = 0;
1415 cert->policyConstraintsInhibitMappingSkipCerts = 0;
1416 cert->inhibitAnyPolicyProcessed = PKIX_FALSE((PKIX_Boolean) 0);
1417 cert->inhibitAnySkipCerts = 0;
1418 cert->nameConstraints = NULL((void*)0);
1419 cert->nameConstraintsAbsent = PKIX_FALSE((PKIX_Boolean) 0);
1420 cert->arenaNameConstraints = NULL((void*)0);
1421 cert->nssSubjAltNames = NULL((void*)0);
1422 cert->cacheFlag = PKIX_FALSE((PKIX_Boolean) 0);
1423 cert->store = NULL((void*)0);
1424 cert->authorityInfoAccess = NULL((void*)0);
1425 cert->subjectInfoAccess = NULL((void*)0);
1426 cert->isUserTrustAnchor = PKIX_FALSE((PKIX_Boolean) 0);
1427 cert->crldpList = NULL((void*)0);
1428
1429 *pCert = cert;
1430
1431cleanup:
1432 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1433}
1434
1435/*
1436 * FUNCTION: pkix_pl_Cert_CreateToList
1437 * DESCRIPTION:
1438 *
1439 * Creates a new certificate using the DER-encoding pointed to by "derCertItem"
1440 * and appends it to the list pointed to by "certList". If Cert creation fails,
1441 * the function returns with certList unchanged, but any decoding Error is
1442 * discarded.
1443 *
1444 * PARAMETERS:
1445 * "derCertItem"
1446 * Address of SECItem containing the DER representation of a certificate.
1447 * Must be non-NULL.
1448 * "certList"
1449 * Address of List to which the Cert will be appended, if successfully
1450 * created. May be empty, but must be non-NULL.
1451 * "plContext"
1452 * Platform-specific context pointer.
1453 * THREAD SAFETY:
1454 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1455 * RETURNS:
1456 * Returns NULL if the function succeeds.
1457 * Returns a Cert Error if the function fails in a non-fatal way.
1458 * Returns a Fatal Error if the function fails in an unrecoverable way.
1459 */
1460PKIX_Error *
1461pkix_pl_Cert_CreateToList(
1462 SECItem *derCertItem,
1463 PKIX_List *certList,
1464 void *plContext)
1465{
1466 CERTCertificate *nssCert = NULL((void*)0);
1467 PKIX_PL_Cert *cert = NULL((void*)0);
1468 CERTCertDBHandle *handle;
1469
1470 PKIX_ENTER(CERT, "pkix_pl_Cert_CreateToList")static const char cMyFuncName[] = {"pkix_pl_Cert_CreateToList"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1471 PKIX_NULLCHECK_TWO(derCertItem, certList)do { if (((derCertItem) == ((void*)0)) || ((certList) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1472
1473 handle = CERT_GetDefaultCertDB();
1474 nssCert = CERT_NewTempCertificate(handle, derCertItem,
1475 /* nickname */ NULL((void*)0),
1476 /* isPerm */ PR_FALSE0,
1477 /* copyDer */ PR_TRUE1);
1478 if (!nssCert) {
1479 goto cleanup;
1480 }
1481
1482 PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCertdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0)
1483 (nssCert, &cert, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0)
1484 PKIX_CERTCREATEWITHNSSCERTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0);
1485
1486 nssCert = NULL((void*)0);
1487
1488 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (certList
, (PKIX_PL_Object *) cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1489 (certList, (PKIX_PL_Object *) cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (certList
, (PKIX_PL_Object *) cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1490 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (certList
, (PKIX_PL_Object *) cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1491
1492cleanup:
1493 if (nssCert) {
1494 CERT_DestroyCertificate(nssCert);
1495 }
1496
1497 PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0);
} } while (0);
1498 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1499}
1500
1501/* --Public-Functions------------------------------------------------------- */
1502
1503/*
1504 * FUNCTION: PKIX_PL_Cert_Create (see comments in pkix_pl_pki.h)
1505 * XXX We may want to cache the cert after parsing it, so it can be reused
1506 * XXX Are the NSS/NSPR functions thread safe
1507 */
1508PKIX_Error *
1509PKIX_PL_Cert_Create(
1510 PKIX_PL_ByteArray *byteArray,
1511 PKIX_PL_Cert **pCert,
1512 void *plContext)
1513{
1514 CERTCertificate *nssCert = NULL((void*)0);
1515 SECItem *derCertItem = NULL((void*)0);
1516 void *derBytes = NULL((void*)0);
1517 PKIX_UInt32 derLength;
1518 PKIX_PL_Cert *cert = NULL((void*)0);
1519 CERTCertDBHandle *handle;
1520
1521 PKIX_ENTER(CERT, "PKIX_PL_Cert_Create")static const char cMyFuncName[] = {"PKIX_PL_Cert_Create"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1522 PKIX_NULLCHECK_TWO(pCert, byteArray)do { if (((pCert) == ((void*)0)) || ((byteArray) == ((void*)0
))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1523
1524 PKIX_CHECK(PKIX_PL_ByteArray_GetPointerdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetPointer
(byteArray, &derBytes, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETPOINTERFAILED; goto
cleanup; } } while (0)
1525 (byteArray, &derBytes, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetPointer
(byteArray, &derBytes, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETPOINTERFAILED; goto
cleanup; } } while (0)
1526 PKIX_BYTEARRAYGETPOINTERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetPointer
(byteArray, &derBytes, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETPOINTERFAILED; goto
cleanup; } } while (0);
1527
1528 PKIX_CHECK(PKIX_PL_ByteArray_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetLength (
byteArray, &derLength, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETLENGTHFAILED; goto
cleanup; } } while (0)
1529 (byteArray, &derLength, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetLength (
byteArray, &derLength, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETLENGTHFAILED; goto
cleanup; } } while (0)
1530 PKIX_BYTEARRAYGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetLength (
byteArray, &derLength, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETLENGTHFAILED; goto
cleanup; } } while (0);
1531
1532 derCertItem = SECITEM_AllocItemSECITEM_AllocItem_Util(NULL((void*)0), NULL((void*)0), derLength);
1533 if (derCertItem == NULL((void*)0)){
1534 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
1535 }
1536
1537 (void) PORT_Memcpymemcpy(derCertItem->data, derBytes, derLength);
1538
1539 /*
1540 * setting copyDER to true forces NSS to make its own copy of the DER,
1541 * allowing us to free our copy without worrying about whether NSS
1542 * is still using it
1543 */
1544 handle = CERT_GetDefaultCertDB();
1545 nssCert = CERT_NewTempCertificate(handle, derCertItem,
1546 /* nickname */ NULL((void*)0),
1547 /* isPerm */ PR_FALSE0,
1548 /* copyDer */ PR_TRUE1);
1549 if (!nssCert){
1550 PKIX_ERROR(PKIX_CERTDECODEDERCERTIFICATEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTDECODEDERCERTIFICATEFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEDERCERTIFICATEFAILED
; goto cleanup; };
1551 }
1552
1553 PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCertdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0)
1554 (nssCert, &cert, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0)
1555 PKIX_CERTCREATEWITHNSSCERTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0);
1556
1557 *pCert = cert;
1558
1559cleanup:
1560 if (derCertItem){
1561 SECITEM_FreeItemSECITEM_FreeItem_Util(derCertItem, PKIX_TRUE((PKIX_Boolean) 1));
1562 }
1563
1564 if (nssCert && PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
1565 PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyCertificate).\n");
1566 CERT_DestroyCertificate(nssCert);
1567 nssCert = NULL((void*)0);
1568 }
1569
1570 PKIX_FREE(derBytes)do { if (derBytes) { stdVars.aPkixTempResult = PKIX_PL_Free((
derBytes), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } derBytes = ((void*)0); } } while (0);
1571 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1572}
1573
1574
1575/*
1576 * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate
1577 * (see comments in pkix_pl_pki.h)
1578 */
1579PKIX_Error *
1580PKIX_PL_Cert_CreateFromCERTCertificate(
1581 const CERTCertificate *nssCert,
1582 PKIX_PL_Cert **pCert,
1583 void *plContext)
1584{
1585 void *buf = NULL((void*)0);
1586 PKIX_UInt32 len;
1587 PKIX_PL_ByteArray *byteArray = NULL((void*)0);
1588
1589 PKIX_ENTER(CERT, "PKIX_PL_Cert_CreateWithNssCert")static const char cMyFuncName[] = {"PKIX_PL_Cert_CreateWithNssCert"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1590 PKIX_NULLCHECK_TWO(pCert, nssCert)do { if (((pCert) == ((void*)0)) || ((nssCert) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
1591
1592 buf = (void*)nssCert->derCert.data;
1593 len = nssCert->derCert.len;
1594
1595 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create(buf
, len, &byteArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0)
1596 PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create(buf
, len, &byteArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0)
1597 PKIX_BYTEARRAYCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create(buf
, len, &byteArray, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup
; } } while (0);
1598
1599 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_Create(byteArray
, pCert, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup
; } } while (0)
1600 PKIX_PL_Cert_Create(byteArray, pCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_Create(byteArray
, pCert, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup
; } } while (0)
1601 PKIX_CERTCREATEWITHNSSCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_Create(byteArray
, pCert, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup
; } } while (0);
1602
1603#ifdef PKIX_UNDEF
1604 /* will be tested and used as a patch for bug 391612 */
1605 nssCert = CERT_DupCertificate(nssInCert);
1606
1607 PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCertdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0)
1608 (nssCert, &cert, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0)
1609 PKIX_CERTCREATEWITHNSSCERTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert
(nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto
cleanup; } } while (0);
1610#endif /* PKIX_UNDEF */
1611
1612cleanup:
1613
1614#ifdef PKIX_UNDEF
1615 if (nssCert && PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
1616 PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyCertificate).\n");
1617 CERT_DestroyCertificate(nssCert);
1618 nssCert = NULL((void*)0);
1619 }
1620#endif /* PKIX_UNDEF */
1621
1622 PKIX_DECREF(byteArray)do { if (byteArray){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(byteArray), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } byteArray = ((void
*)0); } } while (0);
1623 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1624}
1625
1626
1627/*
1628 * FUNCTION: PKIX_PL_Cert_GetVersion (see comments in pkix_pl_pki.h)
1629 */
1630PKIX_Error *
1631PKIX_PL_Cert_GetVersion(
1632 PKIX_PL_Cert *cert,
1633 PKIX_UInt32 *pVersion,
1634 void *plContext)
1635{
1636 CERTCertificate *nssCert = NULL((void*)0);
1637 PKIX_UInt32 myVersion = 0; /* v1 */
1638
1639 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetVersion")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetVersion"}
; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1640 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pVersion)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pVersion) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1641
1642 nssCert = cert->nssCert;
1643 if (nssCert->version.len != 0) {
1644 myVersion = *(nssCert->version.data);
1645 }
1646
1647 if (myVersion > 2){
1648 PKIX_ERROR(PKIX_VERSIONVALUEMUSTBEV1V2ORV3){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_VERSIONVALUEMUSTBEV1V2ORV3, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_VERSIONVALUEMUSTBEV1V2ORV3
; goto cleanup; };
1649 }
1650
1651 *pVersion = myVersion;
1652
1653cleanup:
1654 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1655}
1656
1657/*
1658 * FUNCTION: PKIX_PL_Cert_GetSerialNumber (see comments in pkix_pl_pki.h)
1659 */
1660PKIX_Error *
1661PKIX_PL_Cert_GetSerialNumber(
1662 PKIX_PL_Cert *cert,
1663 PKIX_PL_BigInt **pSerialNumber,
1664 void *plContext)
1665{
1666 CERTCertificate *nssCert = NULL((void*)0);
1667 SECItem serialNumItem;
1668 PKIX_PL_BigInt *serialNumber = NULL((void*)0);
1669 char *bytes = NULL((void*)0);
1670 PKIX_UInt32 length;
1671
1672 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSerialNumber")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSerialNumber"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1673 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSerialNumber)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pSerialNumber) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1674
1675 if (cert->serialNumber == NULL((void*)0)){
1676
1677 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
1678
1679 if (cert->serialNumber == NULL((void*)0)){
1680
1681 nssCert = cert->nssCert;
1682 serialNumItem = nssCert->serialNumber;
1683
1684 length = serialNumItem.len;
1685 bytes = (char *)serialNumItem.data;
1686
1687 PKIX_CHECK(pkix_pl_BigInt_CreateWithBytesdo { stdVars.aPkixErrorResult = (pkix_pl_BigInt_CreateWithBytes
(bytes, length, &serialNumber, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BIGINTCREATEWITHBYTESFAILED
; goto cleanup; } } while (0)
1688 (bytes, length, &serialNumber, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_BigInt_CreateWithBytes
(bytes, length, &serialNumber, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BIGINTCREATEWITHBYTESFAILED
; goto cleanup; } } while (0)
1689 PKIX_BIGINTCREATEWITHBYTESFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_BigInt_CreateWithBytes
(bytes, length, &serialNumber, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BIGINTCREATEWITHBYTESFAILED
; goto cleanup; } } while (0);
1690
1691 /* save a cached copy in case it is asked for again */
1692 cert->serialNumber = serialNumber;
1693 }
1694
1695 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,1695)); } } while (0);
1696 }
1697
1698 PKIX_INCREF(cert->serialNumber)do { if (cert->serialNumber){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->serialNumber), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
1699 *pSerialNumber = cert->serialNumber;
1700
1701cleanup:
1702 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",1702)); } } while (0);
1703 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1704}
1705
1706/*
1707 * FUNCTION: PKIX_PL_Cert_GetSubject (see comments in pkix_pl_pki.h)
1708 */
1709PKIX_Error *
1710PKIX_PL_Cert_GetSubject(
1711 PKIX_PL_Cert *cert,
1712 PKIX_PL_X500Name **pCertSubject,
1713 void *plContext)
1714{
1715 PKIX_PL_X500Name *pkixSubject = NULL((void*)0);
1716 CERTName *subjName = NULL((void*)0);
1717 SECItem *derSubjName = NULL((void*)0);
1718
1719 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubject")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubject"}
; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1720 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCertSubject)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pCertSubject) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1721
1722 /* if we don't have a cached copy from before, we create one */
1723 if (cert->subject == NULL((void*)0)){
1724
1725 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
1726
1727 if (cert->subject == NULL((void*)0)){
1728
1729 subjName = &cert->nssCert->subject;
1730 derSubjName = &cert->nssCert->derSubject;
1731
1732 /* if there is no subject name */
1733 if (derSubjName->data == NULL((void*)0)) {
1734
1735 pkixSubject = NULL((void*)0);
1736
1737 } else {
1738 PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTNamedo { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName
(derSubjName, subjName, &pkixSubject, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED
; goto cleanup; } } while (0)
1739 (derSubjName, subjName, &pkixSubject,do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName
(derSubjName, subjName, &pkixSubject, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED
; goto cleanup; } } while (0)
1740 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName
(derSubjName, subjName, &pkixSubject, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED
; goto cleanup; } } while (0)
1741 PKIX_X500NAMECREATEFROMCERTNAMEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName
(derSubjName, subjName, &pkixSubject, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED
; goto cleanup; } } while (0);
1742
1743 }
1744 /* save a cached copy in case it is asked for again */
1745 cert->subject = pkixSubject;
1746 }
1747
1748 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,1748)); } } while (0);
1749 }
1750
1751 PKIX_INCREF(cert->subject)do { if (cert->subject){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->subject), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
1752 *pCertSubject = cert->subject;
1753
1754cleanup:
1755 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",1755)); } } while (0);
1756 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1757}
1758
1759/*
1760 * FUNCTION: PKIX_PL_Cert_GetIssuer (see comments in pkix_pl_pki.h)
1761 */
1762PKIX_Error *
1763PKIX_PL_Cert_GetIssuer(
1764 PKIX_PL_Cert *cert,
1765 PKIX_PL_X500Name **pCertIssuer,
1766 void *plContext)
1767{
1768 PKIX_PL_X500Name *pkixIssuer = NULL((void*)0);
1769 SECItem *derIssuerName = NULL((void*)0);
1770 CERTName *issuerName = NULL((void*)0);
1771
1772 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetIssuer")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetIssuer"};
PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1773 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCertIssuer)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pCertIssuer) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1774
1775 /* if we don't have a cached copy from before, we create one */
1776 if (cert->issuer == NULL((void*)0)){
1777
1778 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
1779
1780 if (cert->issuer == NULL((void*)0)){
1781
1782 issuerName = &cert->nssCert->issuer;
1783 derIssuerName = &cert->nssCert->derIssuer;
1784
1785 /* if there is no subject name */
1786 PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTNamedo { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName
(derIssuerName, issuerName, &pkixIssuer, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED
; goto cleanup; } } while (0)
1787 (derIssuerName, issuerName,do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName
(derIssuerName, issuerName, &pkixIssuer, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED
; goto cleanup; } } while (0)
1788 &pkixIssuer, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName
(derIssuerName, issuerName, &pkixIssuer, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED
; goto cleanup; } } while (0)
1789 PKIX_X500NAMECREATEFROMCERTNAMEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName
(derIssuerName, issuerName, &pkixIssuer, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED
; goto cleanup; } } while (0);
1790
1791 /* save a cached copy in case it is asked for again */
1792 cert->issuer = pkixIssuer;
1793 }
1794
1795 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,1795)); } } while (0);
1796 }
1797
1798 PKIX_INCREF(cert->issuer)do { if (cert->issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->issuer), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
1799 *pCertIssuer = cert->issuer;
1800
1801cleanup:
1802 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1803}
1804
1805/*
1806 * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames (see comments in pkix_pl_pki.h)
1807 */
1808PKIX_Error *
1809PKIX_PL_Cert_GetSubjectAltNames(
1810 PKIX_PL_Cert *cert,
1811 PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */
1812 void *plContext)
1813{
1814 PKIX_PL_GeneralName *pkixAltName = NULL((void*)0);
1815 PKIX_List *altNamesList = NULL((void*)0);
1816
1817 CERTGeneralName *nssOriginalAltName = NULL((void*)0);
1818 CERTGeneralName *nssTempAltName = NULL((void*)0);
1819
1820 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectAltNames")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectAltNames"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1821 PKIX_NULLCHECK_TWO(cert, pSubjectAltNames)do { if (((cert) == ((void*)0)) || ((pSubjectAltNames) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1822
1823 /* if we don't have a cached copy from before, we create one */
1824 if ((cert->subjAltNames == NULL((void*)0)) && (!cert->subjAltNamesAbsent)){
1825
1826 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
1827
1828 if ((cert->subjAltNames == NULL((void*)0)) &&
1829 (!cert->subjAltNamesAbsent)){
1830
1831 PKIX_CHECK(pkix_pl_Cert_GetNssSubjectAltNamesdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1832 (cert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1833 PKIX_TRUE,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1834 &nssOriginalAltName,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1835 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1836 PKIX_CERTGETNSSSUBJECTALTNAMESFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0);
1837
1838 if (nssOriginalAltName == NULL((void*)0)) {
1839 cert->subjAltNamesAbsent = PKIX_TRUE((PKIX_Boolean) 1);
1840 pSubjectAltNames = NULL((void*)0);
1841 goto cleanup;
1842 }
1843
1844 nssTempAltName = nssOriginalAltName;
1845
1846 PKIX_CHECK(PKIX_List_Create(&altNamesList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&altNamesList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1847 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&altNamesList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
1848
1849 do {
1850 PKIX_CHECK(pkix_pl_GeneralName_Createdo { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
nssTempAltName, &pkixAltName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED; goto
cleanup; } } while (0)
1851 (nssTempAltName, &pkixAltName, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
nssTempAltName, &pkixAltName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED; goto
cleanup; } } while (0)
1852 PKIX_GENERALNAMECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
nssTempAltName, &pkixAltName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED; goto
cleanup; } } while (0);
1853
1854 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList
, (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1855 (altNamesList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList
, (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1856 (PKIX_PL_Object *)pkixAltName,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList
, (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1857 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList
, (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1858 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList
, (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1859
1860 PKIX_DECREF(pkixAltName)do { if (pkixAltName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixAltName), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pkixAltName = ((void
*)0); } } while (0);
1861
1862 PKIX_CERT_DEBUG
1863 ("\t\tCalling CERT_GetNextGeneralName).\n");
1864 nssTempAltName = CERT_GetNextGeneralName
1865 (nssTempAltName);
1866
1867 } while (nssTempAltName != nssOriginalAltName);
1868
1869 /* save a cached copy in case it is asked for again */
1870 cert->subjAltNames = altNamesList;
1871 PKIX_CHECK(PKIX_List_SetImmutabledo { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (cert
->subjAltNames, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup
; } } while (0)
1872 (cert->subjAltNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (cert
->subjAltNames, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup
; } } while (0)
1873 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (cert
->subjAltNames, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup
; } } while (0);
1874
1875 }
1876
1877 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,1877)); } } while (0);
1878 }
1879
1880 PKIX_INCREF(cert->subjAltNames)do { if (cert->subjAltNames){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->subjAltNames), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
1881
1882 *pSubjectAltNames = cert->subjAltNames;
1883
1884cleanup:
1885 PKIX_DECREF(pkixAltName)do { if (pkixAltName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixAltName), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pkixAltName = ((void
*)0); } } while (0);
1886 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
1887 PKIX_DECREF(altNamesList)do { if (altNamesList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(altNamesList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } altNamesList = ((void
*)0); } } while (0);
1888 }
1889 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1890}
1891
1892/*
1893 * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames (see comments in pkix_pl_pki.h)
1894 */
1895PKIX_Error *
1896PKIX_PL_Cert_GetAllSubjectNames(
1897 PKIX_PL_Cert *cert,
1898 PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */
1899 void *plContext)
1900{
1901 CERTGeneralName *nssOriginalSubjectName = NULL((void*)0);
1902 CERTGeneralName *nssTempSubjectName = NULL((void*)0);
1903 PKIX_List *allSubjectNames = NULL((void*)0);
1904 PKIX_PL_GeneralName *pkixSubjectName = NULL((void*)0);
1905 PLArenaPool *arena = NULL((void*)0);
1906
1907 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAllSubjectNames")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetAllSubjectNames"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1908 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAllSubjectNames)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pAllSubjectNames) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1909
1910
1911 if (cert->nssCert->subjectName == NULL((void*)0)){
1912 /* if there is no subject DN, just get altnames */
1913
1914 PKIX_CHECK(pkix_pl_Cert_GetNssSubjectAltNamesdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1915 (cert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1916 PKIX_FALSE, /* hasLock */do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1917 &nssOriginalSubjectName,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1918 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0)
1919 PKIX_CERTGETNSSSUBJECTALTNAMESFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames
(cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while
(0);
1920
1921 } else { /* get subject DN and altnames */
1922
1923 arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
1924 if (arena == NULL((void*)0)) {
1925 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
1926 }
1927
1928 /* This NSS call returns both Subject and Subject Alt Names */
1929 PKIX_CERT_DEBUG("\t\tCalling CERT_GetCertificateNames\n");
1930 nssOriginalSubjectName =
1931 CERT_GetCertificateNames(cert->nssCert, arena);
1932 }
1933
1934 if (nssOriginalSubjectName == NULL((void*)0)) {
1935 pAllSubjectNames = NULL((void*)0);
1936 goto cleanup;
1937 }
1938
1939 nssTempSubjectName = nssOriginalSubjectName;
1940
1941 PKIX_CHECK(PKIX_List_Create(&allSubjectNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&allSubjectNames
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1942 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&allSubjectNames
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
1943
1944 do {
1945 PKIX_CHECK(pkix_pl_GeneralName_Createdo { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
nssTempSubjectName, &pkixSubjectName, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0)
1946 (nssTempSubjectName, &pkixSubjectName, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
nssTempSubjectName, &pkixSubjectName, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0)
1947 PKIX_GENERALNAMECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
nssTempSubjectName, &pkixSubjectName, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0);
1948
1949 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames
, (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
1950 (allSubjectNames,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames
, (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
1951 (PKIX_PL_Object *)pkixSubjectName,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames
, (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
1952 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames
, (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
1953 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames
, (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
1954
1955 PKIX_DECREF(pkixSubjectName)do { if (pkixSubjectName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixSubjectName), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } pkixSubjectName
= ((void*)0); } } while (0);
1956
1957 PKIX_CERT_DEBUG
1958 ("\t\tCalling CERT_GetNextGeneralName).\n");
1959 nssTempSubjectName = CERT_GetNextGeneralName
1960 (nssTempSubjectName);
1961 } while (nssTempSubjectName != nssOriginalSubjectName);
1962
1963 *pAllSubjectNames = allSubjectNames;
1964
1965cleanup:
1966 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
1967 PKIX_DECREF(allSubjectNames)do { if (allSubjectNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(allSubjectNames), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } allSubjectNames
= ((void*)0); } } while (0);
1968 }
1969
1970 if (arena){
1971 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
1972 }
1973 PKIX_DECREF(pkixSubjectName)do { if (pkixSubjectName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixSubjectName), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } pkixSubjectName
= ((void*)0); } } while (0);
1974 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
1975}
1976
1977/*
1978 * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId
1979 * (see comments in pkix_pl_pki.h)
1980 */
1981PKIX_Error *
1982PKIX_PL_Cert_GetSubjectPublicKeyAlgId(
1983 PKIX_PL_Cert *cert,
1984 PKIX_PL_OID **pSubjKeyAlgId,
1985 void *plContext)
1986{
1987 PKIX_PL_OID *pubKeyAlgId = NULL((void*)0);
1988
1989 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectPublicKeyAlgId")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectPublicKeyAlgId"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1990 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSubjKeyAlgId)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pSubjKeyAlgId) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1991
1992 /* if we don't have a cached copy from before, we create one */
1993 if (cert->publicKeyAlgId == NULL((void*)0)){
1994 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
1995 if (cert->publicKeyAlgId == NULL((void*)0)){
1996 CERTCertificate *nssCert = cert->nssCert;
1997 SECAlgorithmID *algorithm;
1998 SECItem *algBytes;
1999
2000 algorithm = &nssCert->subjectPublicKeyInfo.algorithm;
2001 algBytes = &algorithm->algorithm;
2002 if (!algBytes->data || !algBytes->len) {
2003 PKIX_ERROR_FATAL(PKIX_ALGORITHMBYTESLENGTH0){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_ALGORITHMBYTESLENGTH0; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto cleanup; };
2004 }
2005 PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
algBytes, &pubKeyAlgId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup
; } } while (0)
2006 (algBytes, &pubKeyAlgId, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
algBytes, &pubKeyAlgId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup
; } } while (0)
2007 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
algBytes, &pubKeyAlgId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup
; } } while (0);
2008
2009 /* save a cached copy in case it is asked for again */
2010 cert->publicKeyAlgId = pubKeyAlgId;
2011 pubKeyAlgId = NULL((void*)0);
2012 }
2013 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2013)); } } while (0);
2014 }
2015
2016 PKIX_INCREF(cert->publicKeyAlgId)do { if (cert->publicKeyAlgId){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->publicKeyAlgId), plContext); if
(stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
2017 *pSubjKeyAlgId = cert->publicKeyAlgId;
2018
2019cleanup:
2020 PKIX_DECREF(pubKeyAlgId)do { if (pubKeyAlgId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pubKeyAlgId), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pubKeyAlgId = ((void
*)0); } } while (0);
2021 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2022}
2023
2024/*
2025 * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey (see comments in pkix_pl_pki.h)
2026 */
2027PKIX_Error *
2028PKIX_PL_Cert_GetSubjectPublicKey(
2029 PKIX_PL_Cert *cert,
2030 PKIX_PL_PublicKey **pPublicKey,
2031 void *plContext)
2032{
2033 PKIX_PL_PublicKey *pkixPubKey = NULL((void*)0);
2034 SECStatus rv;
2035
2036 CERTSubjectPublicKeyInfo *from = NULL((void*)0);
2037 CERTSubjectPublicKeyInfo *to = NULL((void*)0);
2038 SECItem *fromItem = NULL((void*)0);
2039 SECItem *toItem = NULL((void*)0);
2040
2041 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectPublicKey")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectPublicKey"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2042 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPublicKey)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pPublicKey) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2043
2044 /* if we don't have a cached copy from before, we create one */
2045 if (cert->publicKey == NULL((void*)0)){
2046
2047 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2048
2049 if (cert->publicKey == NULL((void*)0)){
2050
2051 /* create a PKIX_PL_PublicKey object */
2052 PKIX_CHECK(PKIX_PL_Object_Allocdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE
, sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
2053 (PKIX_PUBLICKEY_TYPE,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE
, sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
2054 sizeof (PKIX_PL_PublicKey),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE
, sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
2055 (PKIX_PL_Object **)&pkixPubKey,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE
, sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
2056 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE
, sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0)
2057 PKIX_COULDNOTCREATEOBJECT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE
, sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0);
2058
2059 /* initialize fields */
2060 pkixPubKey->nssSPKI = NULL((void*)0);
2061
2062 /* populate the SPKI field */
2063 PKIX_CHECK(PKIX_PL_Mallocdo { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo
), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0)
2064 (sizeof (CERTSubjectPublicKeyInfo),do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo
), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0)
2065 (void **)&pkixPubKey->nssSPKI,do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo
), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0)
2066 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo
), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0)
2067 PKIX_MALLOCFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo
), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0);
2068
2069 to = pkixPubKey->nssSPKI;
2070 from = &cert->nssCert->subjectPublicKeyInfo;
2071
2072 PKIX_NULLCHECK_TWO(to, from)do { if (((to) == ((void*)0)) || ((from) == ((void*)0))){ stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
2073
2074 PKIX_CERT_DEBUG
2075 ("\t\tCalling SECOID_CopyAlgorithmID).\n");
2076 rv = SECOID_CopyAlgorithmIDSECOID_CopyAlgorithmID_Util
2077 (NULL((void*)0), &to->algorithm, &from->algorithm);
2078 if (rv != SECSuccess) {
2079 PKIX_ERROR(PKIX_SECOIDCOPYALGORITHMIDFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_SECOIDCOPYALGORITHMIDFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_SECOIDCOPYALGORITHMIDFAILED
; goto cleanup; };
2080 }
2081
2082 /*
2083 * NSS stores the length of subjectPublicKey in bits.
2084 * Therefore, we use that length converted to bytes
2085 * using ((length+7)>>3) before calling PORT_Memcpy
2086 * in order to avoid "read from uninitialized memory"
2087 * errors.
2088 */
2089
2090 toItem = &to->subjectPublicKey;
2091 fromItem = &from->subjectPublicKey;
2092
2093 PKIX_NULLCHECK_TWO(toItem, fromItem)do { if (((toItem) == ((void*)0)) || ((fromItem) == ((void*)0
))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
2094
2095 toItem->type = fromItem->type;
2096
2097 toItem->data =
2098 (unsigned char*) PORT_ZAllocPORT_ZAlloc_Util(fromItem->len);
2099 if (!toItem->data){
2100 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
2101 }
2102
2103 (void) PORT_Memcpymemcpy(toItem->data,
2104 fromItem->data,
2105 (fromItem->len + 7)>>3);
2106 toItem->len = fromItem->len;
2107
2108 /* save a cached copy in case it is asked for again */
2109 cert->publicKey = pkixPubKey;
2110 }
2111
2112 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2112)); } } while (0);
2113 }
2114
2115 PKIX_INCREF(cert->publicKey)do { if (cert->publicKey){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->publicKey), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
2116 *pPublicKey = cert->publicKey;
2117
2118cleanup:
2119
2120 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList) && pkixPubKey){
2121 PKIX_DECREF(pkixPubKey)do { if (pkixPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixPubKey), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pkixPubKey = ((void
*)0); } } while (0);
2122 cert->publicKey = NULL((void*)0);
2123 }
2124 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2125}
2126
2127/*
2128 * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs
2129 * (see comments in pkix_pl_pki.h)
2130 */
2131PKIX_Error *
2132PKIX_PL_Cert_GetCriticalExtensionOIDs(
2133 PKIX_PL_Cert *cert,
2134 PKIX_List **pList, /* list of PKIX_PL_OID */
2135 void *plContext)
2136{
2137 PKIX_List *oidsList = NULL((void*)0);
2138 CERTCertExtension **extensions = NULL((void*)0);
2139 CERTCertificate *nssCert = NULL((void*)0);
2140
2141 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCriticalExtensionOIDs")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetCriticalExtensionOIDs"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2142 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pList)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pList) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2143
2144 /* if we don't have a cached copy from before, we create one */
2145 if (cert->critExtOids == NULL((void*)0)) {
2146
2147 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2148
2149 if (cert->critExtOids == NULL((void*)0)) {
2150
2151 nssCert = cert->nssCert;
2152
2153 /*
2154 * ASN.1 for Extension
2155 *
2156 * Extension ::= SEQUENCE {
2157 * extnID OBJECT IDENTIFIER,
2158 * critical BOOLEAN DEFAULT FALSE,
2159 * extnValue OCTET STRING }
2160 *
2161 */
2162
2163 extensions = nssCert->extensions;
2164
2165 PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDsdo { stdVars.aPkixErrorResult = (pkix_pl_OID_GetCriticalExtensionOIDs
(extensions, &oidsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0)
2166 (extensions, &oidsList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_OID_GetCriticalExtensionOIDs
(extensions, &oidsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0)
2167 PKIX_GETCRITICALEXTENSIONOIDSFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_OID_GetCriticalExtensionOIDs
(extensions, &oidsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0);
2168
2169 /* save a cached copy in case it is asked for again */
2170 cert->critExtOids = oidsList;
2171 }
2172
2173 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2173)); } } while (0);
2174 }
2175
2176 /* We should return a copy of the List since this list changes */
2177 PKIX_DUPLICATE(cert->critExtOids, pList, plContext,do { if ((cert->critExtOids) != ((void*)0)) { do { stdVars
.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)(cert->critExtOids), (PKIX_PL_Object **)(pList), (plContext
))); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= (PKIX_OBJECTDUPLICATELISTFAILED); goto cleanup; } } while (
0); } else { *(pList) = (cert->critExtOids); } } while (0)
2178 PKIX_OBJECTDUPLICATELISTFAILED)do { if ((cert->critExtOids) != ((void*)0)) { do { stdVars
.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)(cert->critExtOids), (PKIX_PL_Object **)(pList), (plContext
))); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= (PKIX_OBJECTDUPLICATELISTFAILED); goto cleanup; } } while (
0); } else { *(pList) = (cert->critExtOids); } } while (0);
2179
2180cleanup:
2181 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2181)); } } while (0);
2182 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2183}
2184
2185/*
2186 * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier
2187 * (see comments in pkix_pl_pki.h)
2188 */
2189PKIX_Error *
2190PKIX_PL_Cert_GetAuthorityKeyIdentifier(
2191 PKIX_PL_Cert *cert,
2192 PKIX_PL_ByteArray **pAuthKeyId,
2193 void *plContext)
2194{
2195 PKIX_PL_ByteArray *authKeyId = NULL((void*)0);
2196 CERTCertificate *nssCert = NULL((void*)0);
2197 CERTAuthKeyID *authKeyIdExtension = NULL((void*)0);
2198 PLArenaPool *arena = NULL((void*)0);
2199 SECItem retItem;
2200
2201 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAuthorityKeyIdentifier")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetAuthorityKeyIdentifier"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2202 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAuthKeyId)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pAuthKeyId) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2203
2204 /* if we don't have a cached copy from before, we create one */
2205 if ((cert->authKeyId == NULL((void*)0)) && (!cert->authKeyIdAbsent)){
2206
2207 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2208
2209 if ((cert->authKeyId == NULL((void*)0)) && (!cert->authKeyIdAbsent)){
2210
2211 arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
2212 if (arena == NULL((void*)0)) {
2213 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
2214 }
2215
2216 nssCert = cert->nssCert;
2217
2218 authKeyIdExtension =
2219 CERT_FindAuthKeyIDExten(arena, nssCert);
2220 if (authKeyIdExtension == NULL((void*)0)){
2221 cert->authKeyIdAbsent = PKIX_TRUE((PKIX_Boolean) 1);
2222 *pAuthKeyId = NULL((void*)0);
2223 goto cleanup;
2224 }
2225
2226 retItem = authKeyIdExtension->keyID;
2227
2228 if (retItem.len == 0){
2229 cert->authKeyIdAbsent = PKIX_TRUE((PKIX_Boolean) 1);
2230 *pAuthKeyId = NULL((void*)0);
2231 goto cleanup;
2232 }
2233
2234 PKIX_CHECK(PKIX_PL_ByteArray_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
.data, retItem.len, &authKeyId, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2235 (retItem.data,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
.data, retItem.len, &authKeyId, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2236 retItem.len,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
.data, retItem.len, &authKeyId, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2237 &authKeyId,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
.data, retItem.len, &authKeyId, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2238 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
.data, retItem.len, &authKeyId, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2239 PKIX_BYTEARRAYCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
.data, retItem.len, &authKeyId, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0);
2240
2241 /* save a cached copy in case it is asked for again */
2242 cert->authKeyId = authKeyId;
2243 }
2244
2245 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2245)); } } while (0);
2246 }
2247
2248 PKIX_INCREF(cert->authKeyId)do { if (cert->authKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->authKeyId), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
2249 *pAuthKeyId = cert->authKeyId;
2250
2251cleanup:
2252 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2252)); } } while (0);
2253 if (arena){
2254 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
2255 }
2256 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2257}
2258
2259/*
2260 * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier
2261 * (see comments in pkix_pl_pki.h)
2262 */
2263PKIX_Error *
2264PKIX_PL_Cert_GetSubjectKeyIdentifier(
2265 PKIX_PL_Cert *cert,
2266 PKIX_PL_ByteArray **pSubjKeyId,
2267 void *plContext)
2268{
2269 PKIX_PL_ByteArray *subjKeyId = NULL((void*)0);
2270 CERTCertificate *nssCert = NULL((void*)0);
2271 SECItem *retItem = NULL((void*)0);
2272 SECStatus status;
2273
2274 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectKeyIdentifier")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectKeyIdentifier"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2275 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSubjKeyId)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pSubjKeyId) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2276
2277 /* if we don't have a cached copy from before, we create one */
2278 if ((cert->subjKeyId == NULL((void*)0)) && (!cert->subjKeyIdAbsent)){
2279
2280 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2281
2282 if ((cert->subjKeyId == NULL((void*)0)) && (!cert->subjKeyIdAbsent)){
2283
2284 retItem = SECITEM_AllocItemSECITEM_AllocItem_Util(NULL((void*)0), NULL((void*)0), 0);
2285 if (retItem == NULL((void*)0)){
2286 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
2287 }
2288
2289 nssCert = cert->nssCert;
2290
2291 status = CERT_FindSubjectKeyIDExtension
2292 (nssCert, retItem);
2293 if (status != SECSuccess) {
2294 cert->subjKeyIdAbsent = PKIX_TRUE((PKIX_Boolean) 1);
2295 *pSubjKeyId = NULL((void*)0);
2296 goto cleanup;
2297 }
2298
2299 PKIX_CHECK(PKIX_PL_ByteArray_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
->data, retItem->len, &subjKeyId, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2300 (retItem->data,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
->data, retItem->len, &subjKeyId, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2301 retItem->len,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
->data, retItem->len, &subjKeyId, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2302 &subjKeyId,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
->data, retItem->len, &subjKeyId, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2303 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
->data, retItem->len, &subjKeyId, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0)
2304 PKIX_BYTEARRAYCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem
->data, retItem->len, &subjKeyId, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED
; goto cleanup; } } while (0);
2305
2306 /* save a cached copy in case it is asked for again */
2307 cert->subjKeyId = subjKeyId;
2308 }
2309
2310 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2310)); } } while (0);
2311 }
2312
2313 PKIX_INCREF(cert->subjKeyId)do { if (cert->subjKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->subjKeyId), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
2314 *pSubjKeyId = cert->subjKeyId;
2315
2316cleanup:
2317 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2317)); } } while (0);
2318 if (retItem){
2319 SECITEM_FreeItemSECITEM_FreeItem_Util(retItem, PKIX_TRUE((PKIX_Boolean) 1));
2320 }
2321 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2322}
2323
2324/*
2325 * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage (see comments in pkix_pl_pki.h)
2326 */
2327PKIX_Error *
2328PKIX_PL_Cert_GetExtendedKeyUsage(
2329 PKIX_PL_Cert *cert,
2330 PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */
2331 void *plContext)
2332{
2333 CERTOidSequence *extKeyUsage = NULL((void*)0);
2334 CERTCertificate *nssCert = NULL((void*)0);
2335 PKIX_PL_OID *pkixOID = NULL((void*)0);
2336 PKIX_List *oidsList = NULL((void*)0);
2337 SECItem **oids = NULL((void*)0);
2338 SECItem encodedExtKeyUsage;
2339 SECStatus rv;
2340
2341 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetExtendedKeyUsage")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetExtendedKeyUsage"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2342 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pKeyUsage)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pKeyUsage) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2343
2344 /* if we don't have a cached copy from before, we create one */
2345 if ((cert->extKeyUsages == NULL((void*)0)) && (!cert->extKeyUsagesAbsent)){
2346
2347 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2348
2349 if ((cert->extKeyUsages == NULL((void*)0)) &&
2350 (!cert->extKeyUsagesAbsent)){
2351
2352 nssCert = cert->nssCert;
2353
2354 rv = CERT_FindCertExtension
2355 (nssCert, SEC_OID_X509_EXT_KEY_USAGE,
2356 &encodedExtKeyUsage);
2357 if (rv != SECSuccess){
2358 cert->extKeyUsagesAbsent = PKIX_TRUE((PKIX_Boolean) 1);
2359 *pKeyUsage = NULL((void*)0);
2360 goto cleanup;
2361 }
2362
2363 extKeyUsage =
2364 CERT_DecodeOidSequence(&encodedExtKeyUsage);
2365 if (extKeyUsage == NULL((void*)0)){
2366 PKIX_ERROR(PKIX_CERTDECODEOIDSEQUENCEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTDECODEOIDSEQUENCEFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEOIDSEQUENCEFAILED
; goto cleanup; };
2367 }
2368
2369 PORT_FreePORT_Free_Util(encodedExtKeyUsage.data);
2370
2371 oids = extKeyUsage->oids;
2372
2373 if (!oids){
2374 /* no extended key usage extensions found */
2375 cert->extKeyUsagesAbsent = PKIX_TRUE((PKIX_Boolean) 1);
2376 *pKeyUsage = NULL((void*)0);
2377 goto cleanup;
2378 }
2379
2380 PKIX_CHECK(PKIX_List_Create(&oidsList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&oidsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
2381 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&oidsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
2382
2383 while (*oids){
2384 SECItem *oid = *oids++;
2385
2386 PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
oid, &pkixOID, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup
; } } while (0)
2387 (oid, &pkixOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
oid, &pkixOID, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup
; } } while (0)
2388 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem (
oid, &pkixOID, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup
; } } while (0);
2389
2390 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList
, (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
2391 (oidsList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList
, (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
2392 (PKIX_PL_Object *)pkixOID,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList
, (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
2393 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList
, (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
2394 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList
, (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
2395 PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*)
0); } } while (0);
2396 }
2397
2398 PKIX_CHECK(PKIX_List_SetImmutabledo { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (oidsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
2399 (oidsList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (oidsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
2400 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (oidsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
2401
2402 /* save a cached copy in case it is asked for again */
2403 cert->extKeyUsages = oidsList;
2404 oidsList = NULL((void*)0);
2405 }
2406
2407 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2407)); } } while (0);
2408 }
2409
2410 PKIX_INCREF(cert->extKeyUsages)do { if (cert->extKeyUsages){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->extKeyUsages), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
2411 *pKeyUsage = cert->extKeyUsages;
2412
2413cleanup:
2414 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2414)); } } while (0);
2415
2416 PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*)
0); } } while (0);
2417 PKIX_DECREF(oidsList)do { if (oidsList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(oidsList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } oidsList = ((void*
)0); } } while (0);
2418 CERT_DestroyOidSequence(extKeyUsage);
2419
2420 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2421}
2422
2423/*
2424 * FUNCTION: PKIX_PL_Cert_GetBasicConstraints
2425 * (see comments in pkix_pl_pki.h)
2426 */
2427PKIX_Error *
2428PKIX_PL_Cert_GetBasicConstraints(
2429 PKIX_PL_Cert *cert,
2430 PKIX_PL_CertBasicConstraints **pBasicConstraints,
2431 void *plContext)
2432{
2433 CERTCertificate *nssCert = NULL((void*)0);
2434 CERTBasicConstraints nssBasicConstraint;
2435 SECStatus rv;
2436 PKIX_PL_CertBasicConstraints *basic;
2437 PKIX_Int32 pathLen = 0;
2438 PKIX_Boolean isCA = PKIX_FALSE((PKIX_Boolean) 0);
2439 enum {
2440 realBC, synthBC, absentBC
2441 } constraintSource = absentBC;
2442
2443 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetBasicConstraints")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetBasicConstraints"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
10
Assuming 'pkixLoggersDebugTrace' is null
11
Taking false branch
2444 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pBasicConstraints)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pBasicConstraints) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
12
Loop condition is false. Exiting loop
13
Taking false branch
2445
2446 /* if we don't have a cached copy from before, we create one */
2447 if ((cert->certBasicConstraints == NULL((void*)0)) &&
14
Loop condition is false. Exiting loop
15
Assuming field 'certBasicConstraints' is equal to NULL
17
Taking true branch
2448 (!cert->basicConstraintsAbsent)) {
16
Assuming field 'basicConstraintsAbsent' is 0
2449
2450 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
18
Taking true branch
19
Assuming field 'aPkixTempResult' is null
20
Taking false branch
2451
2452 if ((cert->certBasicConstraints == NULL((void*)0)) &&
21
Assuming field 'certBasicConstraints' is not equal to NULL
2453 (!cert->basicConstraintsAbsent)) {
2454
2455 nssCert = cert->nssCert;
2456
2457 PKIX_CERT_DEBUG(
2458 "\t\tCalling Cert_FindBasicConstraintExten\n");
2459 rv = CERT_FindBasicConstraintExten
2460 (nssCert, &nssBasicConstraint);
2461 if (rv == SECSuccess) {
2462 constraintSource = realBC;
2463 }
2464
2465 if (constraintSource == absentBC) {
2466 /* can we deduce it's a CA and create a
2467 synthetic constraint?
2468 */
2469 CERTCertTrust trust;
2470 rv = CERT_GetCertTrust(nssCert, &trust);
2471 if (rv == SECSuccess) {
2472 int anyWantedFlag = CERTDB_TRUSTED_CA(1u << 4) | CERTDB_VALID_CA(1u << 3);
2473 if ((trust.sslFlags & anyWantedFlag)
2474 || (trust.emailFlags & anyWantedFlag)
2475 || (trust.objectSigningFlags & anyWantedFlag)) {
2476
2477 constraintSource = synthBC;
2478 }
2479 }
2480 }
2481
2482 if (constraintSource == absentBC) {
2483 cert->basicConstraintsAbsent = PKIX_TRUE((PKIX_Boolean) 1);
2484 *pBasicConstraints = NULL((void*)0);
2485 goto cleanup;
2486 }
2487 }
2488
2489 if (constraintSource
21.1
'constraintSource' is not equal to synthBC
 == synthBC) {
2490 isCA = PKIX_TRUE((PKIX_Boolean) 1);
2491 pathLen = PKIX_UNLIMITED_PATH_CONSTRAINT((PKIX_Int32) -1);
2492 } else {
2493 isCA = (nssBasicConstraint.isCA)?PKIX_TRUE((PKIX_Boolean) 1):PKIX_FALSE((PKIX_Boolean) 0);
22
Taking false branch
23
Branch condition evaluates to a garbage value
2494
2495 /* The pathLen has meaning only for CAs */
2496 if (isCA) {
2497 if (CERT_UNLIMITED_PATH_CONSTRAINT-2 ==
2498 nssBasicConstraint.pathLenConstraint) {
2499 pathLen = PKIX_UNLIMITED_PATH_CONSTRAINT((PKIX_Int32) -1);
2500 } else {
2501 pathLen = nssBasicConstraint.pathLenConstraint;
2502 }
2503 }
2504 }
2505
2506 PKIX_CHECK(pkix_pl_CertBasicConstraints_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertBasicConstraints_Create
(isCA, pathLen, &basic, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTBASICCONSTRAINTSCREATEFAILED
; goto cleanup; } } while (0)
2507 (isCA, pathLen, &basic, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertBasicConstraints_Create
(isCA, pathLen, &basic, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTBASICCONSTRAINTSCREATEFAILED
; goto cleanup; } } while (0)
2508 PKIX_CERTBASICCONSTRAINTSCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertBasicConstraints_Create
(isCA, pathLen, &basic, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTBASICCONSTRAINTSCREATEFAILED
; goto cleanup; } } while (0);
2509
2510 /* save a cached copy in case it is asked for again */
2511 cert->certBasicConstraints = basic;
2512 }
2513
2514 PKIX_INCREF(cert->certBasicConstraints)do { if (cert->certBasicConstraints){ stdVars.aPkixTempResult
= PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->certBasicConstraints
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); goto cleanup; } } } while (0);
2515 *pBasicConstraints = cert->certBasicConstraints;
2516
2517cleanup:
2518 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2518)); } } while (0);
2519 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2520}
2521
2522/*
2523 * FUNCTION: PKIX_PL_Cert_GetPolicyInformation
2524 * (see comments in pkix_pl_pki.h)
2525 */
2526PKIX_Error *
2527PKIX_PL_Cert_GetPolicyInformation(
2528 PKIX_PL_Cert *cert,
2529 PKIX_List **pPolicyInfo,
2530 void *plContext)
2531{
2532 PKIX_List *policyList = NULL((void*)0);
2533
2534 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyInformation")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetPolicyInformation"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2535 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPolicyInfo)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pPolicyInfo) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2536
2537 /* if we don't have a cached copy from before, we create one */
2538 if ((cert->certPolicyInfos == NULL((void*)0)) &&
2539 (!cert->policyInfoAbsent)) {
2540
2541 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2542
2543 if ((cert->certPolicyInfos == NULL((void*)0)) &&
2544 (!cert->policyInfoAbsent)) {
2545
2546 PKIX_CHECK(pkix_pl_Cert_DecodePolicyInfodo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyInfo
(cert->nssCert, &policyList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYINFOFAILED
; goto cleanup; } } while (0)
2547 (cert->nssCert, &policyList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyInfo
(cert->nssCert, &policyList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYINFOFAILED
; goto cleanup; } } while (0)
2548 PKIX_CERTDECODEPOLICYINFOFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyInfo
(cert->nssCert, &policyList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYINFOFAILED
; goto cleanup; } } while (0);
2549
2550 if (!policyList) {
2551 cert->policyInfoAbsent = PKIX_TRUE((PKIX_Boolean) 1);
2552 *pPolicyInfo = NULL((void*)0);
2553 goto cleanup;
2554 }
2555 }
2556
2557 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2557)); } } while (0);
2558
2559 /* save a cached copy in case it is asked for again */
2560 cert->certPolicyInfos = policyList;
2561 policyList = NULL((void*)0);
2562 }
2563
2564 PKIX_INCREF(cert->certPolicyInfos)do { if (cert->certPolicyInfos){ stdVars.aPkixTempResult =
PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->certPolicyInfos
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); goto cleanup; } } } while (0);
2565 *pPolicyInfo = cert->certPolicyInfos;
2566
2567cleanup:
2568 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2568)); } } while (0);
2569
2570 PKIX_DECREF(policyList)do { if (policyList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyList = ((void
*)0); } } while (0);
2571 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2572}
2573
2574/*
2575 * FUNCTION: PKIX_PL_Cert_GetPolicyMappings (see comments in pkix_pl_pki.h)
2576 */
2577PKIX_Error *
2578PKIX_PL_Cert_GetPolicyMappings(
2579 PKIX_PL_Cert *cert,
2580 PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */
2581 void *plContext)
2582{
2583 PKIX_List *policyMappings = NULL((void*)0); /* list of PKIX_PL_CertPolicyMap */
2584
2585 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyMappings")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetPolicyMappings"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2586 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPolicyMappings)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pPolicyMappings) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2587
2588 /* if we don't have a cached copy from before, we create one */
2589 if (!(cert->certPolicyMappings) && !(cert->policyMappingsAbsent)) {
2590
2591 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2592
2593 if (!(cert->certPolicyMappings) &&
2594 !(cert->policyMappingsAbsent)) {
2595
2596 PKIX_CHECK(pkix_pl_Cert_DecodePolicyMappingdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyMapping
(cert->nssCert, &policyMappings, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYMAPPINGFAILED
; goto cleanup; } } while (0)
2597 (cert->nssCert, &policyMappings, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyMapping
(cert->nssCert, &policyMappings, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYMAPPINGFAILED
; goto cleanup; } } while (0)
2598 PKIX_CERTDECODEPOLICYMAPPINGFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyMapping
(cert->nssCert, &policyMappings, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYMAPPINGFAILED
; goto cleanup; } } while (0);
2599
2600 if (!policyMappings) {
2601 cert->policyMappingsAbsent = PKIX_TRUE((PKIX_Boolean) 1);
2602 *pPolicyMappings = NULL((void*)0);
2603 goto cleanup;
2604 }
2605 }
2606
2607 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2607)); } } while (0);
2608
2609 /* save a cached copy in case it is asked for again */
2610 cert->certPolicyMappings = policyMappings;
2611 policyMappings = NULL((void*)0);
2612 }
2613
2614 PKIX_INCREF(cert->certPolicyMappings)do { if (cert->certPolicyMappings){ stdVars.aPkixTempResult
= PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->certPolicyMappings
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); goto cleanup; } } } while (0);
2615 *pPolicyMappings = cert->certPolicyMappings;
2616
2617cleanup:
2618 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2618)); } } while (0);
2619
2620 PKIX_DECREF(policyMappings)do { if (policyMappings){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyMappings), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policyMappings
= ((void*)0); } } while (0);
2621 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2622}
2623
2624/*
2625 * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy
2626 * (see comments in pkix_pl_pki.h)
2627 */
2628PKIX_Error *
2629PKIX_PL_Cert_GetRequireExplicitPolicy(
2630 PKIX_PL_Cert *cert,
2631 PKIX_Int32 *pSkipCerts,
2632 void *plContext)
2633{
2634 PKIX_Int32 explicitPolicySkipCerts = 0;
2635 PKIX_Int32 inhibitMappingSkipCerts = 0;
2636
2637 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetRequireExplicitPolicy")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetRequireExplicitPolicy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2638 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pSkipCerts) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2639
2640 if (!(cert->policyConstraintsProcessed)) {
2641 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2642
2643 if (!(cert->policyConstraintsProcessed)) {
2644
2645 /*
2646 * If we can't process it now, we probably will be
2647 * unable to process it later. Set the default value.
2648 */
2649 cert->policyConstraintsProcessed = PKIX_TRUE((PKIX_Boolean) 1);
2650 cert->policyConstraintsExplicitPolicySkipCerts = -1;
2651 cert->policyConstraintsInhibitMappingSkipCerts = -1;
2652
2653 PKIX_CHECK(pkix_pl_Cert_DecodePolicyConstraintsdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2654 (cert->nssCert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2655 &explicitPolicySkipCerts,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2656 &inhibitMappingSkipCerts,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2657 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2658 PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0);
2659
2660 cert->policyConstraintsExplicitPolicySkipCerts =
2661 explicitPolicySkipCerts;
2662 cert->policyConstraintsInhibitMappingSkipCerts =
2663 inhibitMappingSkipCerts;
2664 }
2665
2666 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2666)); } } while (0);
2667 }
2668
2669 *pSkipCerts = cert->policyConstraintsExplicitPolicySkipCerts;
2670
2671cleanup:
2672 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2672)); } } while (0);
2673 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2674}
2675
2676/*
2677 * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited
2678 * (see comments in pkix_pl_pki.h)
2679 */
2680PKIX_Error *
2681PKIX_PL_Cert_GetPolicyMappingInhibited(
2682 PKIX_PL_Cert *cert,
2683 PKIX_Int32 *pSkipCerts,
2684 void *plContext)
2685{
2686 PKIX_Int32 explicitPolicySkipCerts = 0;
2687 PKIX_Int32 inhibitMappingSkipCerts = 0;
2688
2689 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyMappingInhibited")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetPolicyMappingInhibited"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2690 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pSkipCerts) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2691
2692 if (!(cert->policyConstraintsProcessed)) {
2693 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2694
2695 if (!(cert->policyConstraintsProcessed)) {
2696
2697 /*
2698 * If we can't process it now, we probably will be
2699 * unable to process it later. Set the default value.
2700 */
2701 cert->policyConstraintsProcessed = PKIX_TRUE((PKIX_Boolean) 1);
2702 cert->policyConstraintsExplicitPolicySkipCerts = -1;
2703 cert->policyConstraintsInhibitMappingSkipCerts = -1;
2704
2705 PKIX_CHECK(pkix_pl_Cert_DecodePolicyConstraintsdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2706 (cert->nssCert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2707 &explicitPolicySkipCerts,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2708 &inhibitMappingSkipCerts,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2709 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0)
2710 PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints
(cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while
(0);
2711
2712 cert->policyConstraintsExplicitPolicySkipCerts =
2713 explicitPolicySkipCerts;
2714 cert->policyConstraintsInhibitMappingSkipCerts =
2715 inhibitMappingSkipCerts;
2716 }
2717
2718 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2718)); } } while (0);
2719 }
2720
2721 *pSkipCerts = cert->policyConstraintsInhibitMappingSkipCerts;
2722
2723cleanup:
2724 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2724)); } } while (0);
2725 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2726}
2727
2728/*
2729 * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy (see comments in pkix_pl_pki.h)
2730 */
2731PKIX_Error *
2732PKIX_PL_Cert_GetInhibitAnyPolicy(
2733 PKIX_PL_Cert *cert,
2734 PKIX_Int32 *pSkipCerts,
2735 void *plContext)
2736{
2737 PKIX_Int32 skipCerts = 0;
2738
2739 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetInhibitAnyPolicy")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetInhibitAnyPolicy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2740 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pSkipCerts) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2741
2742 if (!(cert->inhibitAnyPolicyProcessed)) {
2743
2744 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
2745
2746 if (!(cert->inhibitAnyPolicyProcessed)) {
2747
2748 /*
2749 * If we can't process it now, we probably will be
2750 * unable to process it later. Set the default value.
2751 */
2752 cert->inhibitAnyPolicyProcessed = PKIX_TRUE((PKIX_Boolean) 1);
2753 cert->inhibitAnySkipCerts = -1;
2754
2755 PKIX_CHECK(pkix_pl_Cert_DecodeInhibitAnyPolicydo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodeInhibitAnyPolicy
(cert->nssCert, &skipCerts, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0)
2756 (cert->nssCert, &skipCerts, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodeInhibitAnyPolicy
(cert->nssCert, &skipCerts, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0)
2757 PKIX_CERTDECODEINHIBITANYPOLICYFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodeInhibitAnyPolicy
(cert->nssCert, &skipCerts, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0);
2758
2759 cert->inhibitAnySkipCerts = skipCerts;
2760 }
2761
2762 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,2762)); } } while (0);
2763 }
2764
2765cleanup:
2766 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",2766)); } } while (0);
2767 *pSkipCerts = cert->inhibitAnySkipCerts;
2768 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2769}
2770
2771/*
2772 * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical
2773 * (see comments in pkix_pl_pki.h)
2774 */
2775PKIX_Error *
2776PKIX_PL_Cert_AreCertPoliciesCritical(
2777 PKIX_PL_Cert *cert,
2778 PKIX_Boolean *pCritical,
2779 void *plContext)
2780{
2781 PKIX_Boolean criticality = PKIX_FALSE((PKIX_Boolean) 0);
2782
2783 PKIX_ENTER(CERT, "PKIX_PL_Cert_AreCertPoliciesCritical")static const char cMyFuncName[] = {"PKIX_PL_Cert_AreCertPoliciesCritical"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2784 PKIX_NULLCHECK_TWO(cert, pCritical)do { if (((cert) == ((void*)0)) || ((pCritical) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
2785
2786 PKIX_CHECK(pkix_pl_Cert_IsExtensionCritical(do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical
( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while
(0)
2787 cert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical
( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while
(0)
2788 SEC_OID_X509_CERTIFICATE_POLICIES,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical
( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while
(0)
2789 &criticality,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical
( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while
(0)
2790 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical
( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while
(0)
2791 PKIX_CERTISEXTENSIONCRITICALFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical
( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while
(0);
2792
2793 *pCritical = criticality;
2794
2795cleanup:
2796 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2797}
2798
2799/*
2800 * FUNCTION: PKIX_PL_Cert_VerifySignature (see comments in pkix_pl_pki.h)
2801 */
2802PKIX_Error *
2803PKIX_PL_Cert_VerifySignature(
2804 PKIX_PL_Cert *cert,
2805 PKIX_PL_PublicKey *pubKey,
2806 void *plContext)
2807{
2808 CERTCertificate *nssCert = NULL((void*)0);
2809 SECKEYPublicKey *nssPubKey = NULL((void*)0);
2810 CERTSignedData *tbsCert = NULL((void*)0);
2811 PKIX_PL_Cert *cachedCert = NULL((void*)0);
2812 PKIX_Error *verifySig = NULL((void*)0);
2813 PKIX_Error *cachedSig = NULL((void*)0);
2814 PKIX_Error *checkSig = NULL((void*)0);
2815 SECStatus status;
2816 PKIX_Boolean certEqual = PKIX_FALSE((PKIX_Boolean) 0);
2817 PKIX_Boolean certInHash = PKIX_FALSE((PKIX_Boolean) 0);
2818 PKIX_Boolean checkCertSig = PKIX_TRUE((PKIX_Boolean) 1);
2819 void* wincx = NULL((void*)0);
2820
2821 PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifySignature")static const char cMyFuncName[] = {"PKIX_PL_Cert_VerifySignature"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2822 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pubKey)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pubKey) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2823
2824 /* if the cert check flag is off, skip the check */
2825 checkSig = pkix_pl_NssContext_GetCertSignatureCheck(
2826 (PKIX_PL_NssContext *)plContext, &checkCertSig);
2827 if ((checkCertSig == PKIX_FALSE((PKIX_Boolean) 0)) && (checkSig == NULL((void*)0))) {
2828 goto cleanup;
2829 }
2830
2831 verifySig = PKIX_PL_HashTable_Lookup
2832 (cachedCertSigTable,
2833 (PKIX_PL_Object *) pubKey,
2834 (PKIX_PL_Object **) &cachedCert,
2835 plContext);
2836
2837 if (cachedCert != NULL((void*)0) && verifySig == NULL((void*)0)) {
2838 /* Cached Signature Table lookup succeed */
2839 PKIX_EQUALS(cert, cachedCert, &certEqual, plContext,do { if ((cert) != ((void*)0) && (cachedCert) != ((void
*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(cert), (PKIX_PL_Object*)(cachedCert), (&
certEqual), (plContext))); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup; } }
while (0); } else if ((cert) == ((void*)0) && (cachedCert
) == ((void*)0)) { *(&certEqual) = ((PKIX_Boolean) 1); } else
{ *(&certEqual) = ((PKIX_Boolean) 0); } } while (0)
2840 PKIX_OBJECTEQUALSFAILED)do { if ((cert) != ((void*)0) && (cachedCert) != ((void
*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(cert), (PKIX_PL_Object*)(cachedCert), (&
certEqual), (plContext))); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup; } }
while (0); } else if ((cert) == ((void*)0) && (cachedCert
) == ((void*)0)) { *(&certEqual) = ((PKIX_Boolean) 1); } else
{ *(&certEqual) = ((PKIX_Boolean) 0); } } while (0);
2841 if (certEqual == PKIX_TRUE((PKIX_Boolean) 1)) {
2842 goto cleanup;
2843 }
2844 /* Different PubKey may hash to same value, skip add */
2845 certInHash = PKIX_TRUE((PKIX_Boolean) 1);
2846 }
2847
2848 nssCert = cert->nssCert;
2849 tbsCert = &nssCert->signatureWrap;
2850
2851 PKIX_CERT_DEBUG("\t\tCalling SECKEY_ExtractPublicKey).\n");
2852 nssPubKey = SECKEY_ExtractPublicKey(pubKey->nssSPKI);
2853 if (!nssPubKey){
2854 PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_SECKEYEXTRACTPUBLICKEYFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_SECKEYEXTRACTPUBLICKEYFAILED
; goto cleanup; };
2855 }
2856
2857 PKIX_CERT_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey).\n");
2858
2859 PKIX_CHECK(pkix_pl_NssContext_GetWincxdo { stdVars.aPkixErrorResult = (pkix_pl_NssContext_GetWincx (
(PKIX_PL_NssContext *)plContext, &wincx)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_NSSCONTEXTGETWINCXFAILED; goto
cleanup; } } while (0)
2860 ((PKIX_PL_NssContext *)plContext, &wincx),do { stdVars.aPkixErrorResult = (pkix_pl_NssContext_GetWincx (
(PKIX_PL_NssContext *)plContext, &wincx)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_NSSCONTEXTGETWINCXFAILED; goto
cleanup; } } while (0)
2861 PKIX_NSSCONTEXTGETWINCXFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_NssContext_GetWincx (
(PKIX_PL_NssContext *)plContext, &wincx)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_NSSCONTEXTGETWINCXFAILED; goto
cleanup; } } while (0);
2862
2863 status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx);
2864
2865 if (status != SECSuccess) {
2866 if (PORT_GetErrorPORT_GetError_Util() != SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
2867 PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_SIGNATURE);
2868 }
2869 PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY, ((void*)0), stdVars
.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY
; goto cleanup; };
2870 }
2871
2872 if (certInHash == PKIX_FALSE((PKIX_Boolean) 0)) {
2873 cachedSig = PKIX_PL_HashTable_Add
2874 (cachedCertSigTable,
2875 (PKIX_PL_Object *) pubKey,
2876 (PKIX_PL_Object *) cert,
2877 plContext);
2878
2879 if (cachedSig != NULL((void*)0)) {
2880 PKIX_DEBUG("PKIX_PL_HashTable_Add skipped: entry existed\n")do { do { if (pkixLoggersErrors) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, "PKIX_PL_HashTable_Add skipped: entry existed\n"
, stdVars.aPkixType, 4, plContext); } } while (0); (void) fprintf
(stderr, "(%s: ", stdVars.aMyFuncName); (void) fprintf(stderr
, "PKIX_PL_HashTable_Add skipped: entry existed\n"); } while (
0);
2881 }
2882 }
2883
2884cleanup:
2885 if (nssPubKey){
2886 PKIX_CERT_DEBUG("\t\tCalling SECKEY_DestroyPublicKey).\n");
2887 SECKEY_DestroyPublicKey(nssPubKey);
2888 }
2889
2890 PKIX_DECREF(cachedCert)do { if (cachedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cachedCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } cachedCert = ((void
*)0); } } while (0);
2891 PKIX_DECREF(checkSig)do { if (checkSig){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checkSig), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkSig = ((void*
)0); } } while (0);
2892 PKIX_DECREF(verifySig)do { if (verifySig){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(verifySig), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifySig = ((void
*)0); } } while (0);
2893 PKIX_DECREF(cachedSig)do { if (cachedSig){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cachedSig), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } cachedSig = ((void
*)0); } } while (0);
2894
2895 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2896}
2897
2898/*
2899 * FUNCTION: PKIX_PL_Cert_CheckValidity (see comments in pkix_pl_pki.h)
2900 */
2901PKIX_Error *
2902PKIX_PL_Cert_CheckValidity(
2903 PKIX_PL_Cert *cert,
2904 PKIX_PL_Date *date,
2905 void *plContext)
2906{
2907 SECCertTimeValidity val;
2908 PRTime timeToCheck;
2909 PKIX_Boolean allowOverride;
2910 SECCertificateUsage requiredUsages;
2911
2912 PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckValidity")static const char cMyFuncName[] = {"PKIX_PL_Cert_CheckValidity"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2913 PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2914
2915 /* if the caller supplies a date, we use it; else, use current time */
2916 if (date != NULL((void*)0)){
2917 PKIX_CHECK(pkix_pl_Date_GetPRTimedo { stdVars.aPkixErrorResult = (pkix_pl_Date_GetPRTime (date
, &timeToCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATEGETPRTIMEFAILED; goto cleanup
; } } while (0)
2918 (date, &timeToCheck, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Date_GetPRTime (date
, &timeToCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATEGETPRTIMEFAILED; goto cleanup
; } } while (0)
2919 PKIX_DATEGETPRTIMEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Date_GetPRTime (date
, &timeToCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATEGETPRTIMEFAILED; goto cleanup
; } } while (0);
2920 } else {
2921 timeToCheck = PR_Now();
2922 }
2923
2924 requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
2925 allowOverride =
2926 (PRBool)((requiredUsages & certificateUsageSSLServer(0x0002)) ||
2927 (requiredUsages & certificateUsageSSLServerWithStepUp(0x0004)) ||
2928 (requiredUsages & certificateUsageIPsec(0x1000)));
2929 val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride);
2930 if (val != secCertTimeValid){
2931 PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCHECKCERTVALIDTIMESFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTCHECKCERTVALIDTIMESFAILED
; goto cleanup; };
2932 }
2933
2934cleanup:
2935 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2936}
2937
2938/*
2939 * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter (see comments in pkix_pl_pki.h)
2940 */
2941PKIX_Error *
2942PKIX_PL_Cert_GetValidityNotAfter(
2943 PKIX_PL_Cert *cert,
2944 PKIX_PL_Date **pDate,
2945 void *plContext)
2946{
2947 PRTime prtime;
2948 SECStatus rv = SECFailure;
2949
2950 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetValidityNotAfter")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetValidityNotAfter"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2951 PKIX_NULLCHECK_TWO(cert, pDate)do { if (((cert) == ((void*)0)) || ((pDate) == ((void*)0))){ stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
2952
2953 PKIX_DATE_DEBUG("\t\tCalling DER_DecodeTimeChoice).\n");
2954 rv = DER_DecodeTimeChoiceDER_DecodeTimeChoice_Util(&prtime, &(cert->nssCert->validity.notAfter));
2955 if (rv != SECSuccess){
2956 PKIX_ERROR(PKIX_DERDECODETIMECHOICEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_DERDECODETIMECHOICEFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_DERDECODETIMECHOICEFAILED
; goto cleanup; };
2957 }
2958
2959 PKIX_CHECK(pkix_pl_Date_CreateFromPRTimedo { stdVars.aPkixErrorResult = (pkix_pl_Date_CreateFromPRTime
(prtime, pDate, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATECREATEFROMPRTIMEFAILED; goto
cleanup; } } while (0)
2960 (prtime, pDate, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Date_CreateFromPRTime
(prtime, pDate, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATECREATEFROMPRTIMEFAILED; goto
cleanup; } } while (0)
2961 PKIX_DATECREATEFROMPRTIMEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Date_CreateFromPRTime
(prtime, pDate, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATECREATEFROMPRTIMEFAILED; goto
cleanup; } } while (0);
2962
2963cleanup:
2964 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
2965}
2966
2967/*
2968 * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType (see comments in pkix_pl_pki.h)
2969 */
2970PKIX_Error *
2971PKIX_PL_Cert_VerifyCertAndKeyType(
2972 PKIX_PL_Cert *cert,
2973 PKIX_Boolean isChainCert,
2974 void *plContext)
2975{
2976 PKIX_PL_CertBasicConstraints *basicConstraints = NULL((void*)0);
2977 SECCertificateUsage certificateUsage;
2978 SECCertUsage certUsage = 0;
2979 unsigned int requiredKeyUsage;
2980 unsigned int requiredCertType;
2981 unsigned int certType;
2982 SECStatus rv = SECSuccess;
2983
2984 PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifyCertType")static const char cMyFuncName[] = {"PKIX_PL_Cert_VerifyCertType"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2985 PKIX_NULLCHECK_TWO(cert, plContext)do { if (((cert) == ((void*)0)) || ((plContext) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
2986
2987 certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
2988
2989 /* ensure we obtained a single usage bit only */
2990 PORT_Assert(!(certificateUsage & (certificateUsage - 1)))((!(certificateUsage & (certificateUsage - 1)))?((void)0)
:PR_Assert("!(certificateUsage & (certificateUsage - 1))"
,"pkix_pl_cert.c",2990));
2991
2992 /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */
2993 while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; }
2994
2995 /* check key usage and netscape cert type */
2996 cert_GetCertType(cert->nssCert);
2997 certType = cert->nssCert->nsCertType;
2998 if (isChainCert ||
2999 (certUsage != certUsageVerifyCA && certUsage != certUsageAnyCA)) {
3000 rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, isChainCert,
3001 &requiredKeyUsage,
3002 &requiredCertType);
3003 if (rv == SECFailure) {
3004 PKIX_ERROR(PKIX_UNSUPPORTEDCERTUSAGE){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_UNSUPPORTEDCERTUSAGE, ((void*)0), stdVars.aPkixType, 2
, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_UNSUPPORTEDCERTUSAGE; goto
cleanup; };
3005 }
3006 } else {
3007 /* use this key usage and cert type for certUsageAnyCA and
3008 * certUsageVerifyCA. */
3009 requiredKeyUsage = KU_KEY_CERT_SIGN(0x04);
3010 requiredCertType = NS_CERT_TYPE_CA((0x04) | (0x02) | (0x01) | (0x4000) | (0x200));
3011 }
3012 if (CERT_CheckKeyUsage(cert->nssCert, requiredKeyUsage) != SECSuccess) {
3013 PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCHECKKEYUSAGEFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTCHECKKEYUSAGEFAILED; goto
cleanup; };
3014 }
3015 if (!(certType & requiredCertType)) {
3016 PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCHECKCERTTYPEFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTCHECKCERTTYPEFAILED; goto
cleanup; };
3017 }
3018cleanup:
3019 PKIX_DECREF(basicConstraints)do { if (basicConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(basicConstraints), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } basicConstraints
= ((void*)0); } } while (0);
3020 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3021}
3022
3023/*
3024 * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage (see comments in pkix_pl_pki.h)
3025 */
3026PKIX_Error *
3027PKIX_PL_Cert_VerifyKeyUsage(
3028 PKIX_PL_Cert *cert,
3029 PKIX_UInt32 keyUsage,
3030 void *plContext)
3031{
3032 CERTCertificate *nssCert = NULL((void*)0);
3033 PKIX_UInt32 nssKeyUsage = 0;
3034 SECStatus status;
3035
3036 PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifyKeyUsage")static const char cMyFuncName[] = {"PKIX_PL_Cert_VerifyKeyUsage"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3037 PKIX_NULLCHECK_TWO(cert, cert->nssCert)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
3038
3039 nssCert = cert->nssCert;
3040
3041 /* if cert doesn't have keyUsage extension, all keyUsages are valid */
3042 if (!nssCert->keyUsagePresent){
3043 goto cleanup;
3044 }
3045
3046 if (keyUsage & PKIX_DIGITAL_SIGNATURE0x001){
3047 nssKeyUsage = nssKeyUsage | KU_DIGITAL_SIGNATURE(0x80);
3048 }
3049
3050 if (keyUsage & PKIX_NON_REPUDIATION0x002){
3051 nssKeyUsage = nssKeyUsage | KU_NON_REPUDIATION(0x40);
3052 }
3053
3054 if (keyUsage & PKIX_KEY_ENCIPHERMENT0x004){
3055 nssKeyUsage = nssKeyUsage | KU_KEY_ENCIPHERMENT(0x20);
3056 }
3057
3058 if (keyUsage & PKIX_DATA_ENCIPHERMENT0x008){
3059 nssKeyUsage = nssKeyUsage | KU_DATA_ENCIPHERMENT(0x10);
3060 }
3061
3062 if (keyUsage & PKIX_KEY_AGREEMENT0x010){
3063 nssKeyUsage = nssKeyUsage | KU_KEY_AGREEMENT(0x08);
3064 }
3065
3066 if (keyUsage & PKIX_KEY_CERT_SIGN0x020){
3067 nssKeyUsage = nssKeyUsage | KU_KEY_CERT_SIGN(0x04);
3068 }
3069
3070 if (keyUsage & PKIX_CRL_SIGN0x040){
3071 nssKeyUsage = nssKeyUsage | KU_CRL_SIGN(0x02);
3072 }
3073
3074 if (keyUsage & PKIX_ENCIPHER_ONLY0x080){
3075 nssKeyUsage = nssKeyUsage | 0x01;
3076 }
3077
3078 if (keyUsage & PKIX_DECIPHER_ONLY0x100){
3079 /* XXX we should support this once it is fixed in NSS */
3080 PKIX_ERROR(PKIX_DECIPHERONLYKEYUSAGENOTSUPPORTED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_DECIPHERONLYKEYUSAGENOTSUPPORTED, ((void*)0), stdVars.
aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_DECIPHERONLYKEYUSAGENOTSUPPORTED
; goto cleanup; };
3081 }
3082
3083 status = CERT_CheckKeyUsage(nssCert, nssKeyUsage);
3084 if (status != SECSuccess) {
3085 PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCHECKKEYUSAGEFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTCHECKKEYUSAGEFAILED; goto
cleanup; };
3086 }
3087
3088cleanup:
3089 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3090}
3091
3092/*
3093 * FUNCTION: PKIX_PL_Cert_GetNameConstraints
3094 * (see comments in pkix_pl_pki.h)
3095 */
3096PKIX_Error *
3097PKIX_PL_Cert_GetNameConstraints(
3098 PKIX_PL_Cert *cert,
3099 PKIX_PL_CertNameConstraints **pNameConstraints,
3100 void *plContext)
3101{
3102 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
3103
3104 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetNameConstraints")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetNameConstraints"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3105 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pNameConstraints)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pNameConstraints) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3106
3107 /* if we don't have a cached copy from before, we create one */
3108 if (cert->nameConstraints == NULL((void*)0) && !cert->nameConstraintsAbsent) {
3109
3110 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
3111
3112 if (cert->nameConstraints == NULL((void*)0) &&
3113 !cert->nameConstraintsAbsent) {
3114
3115 PKIX_CHECK(pkix_pl_CertNameConstraints_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create
(cert->nssCert, &nameConstraints, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEFAILED
; goto cleanup; } } while (0)
3116 (cert->nssCert, &nameConstraints, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create
(cert->nssCert, &nameConstraints, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEFAILED
; goto cleanup; } } while (0)
3117 PKIX_CERTNAMECONSTRAINTSCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create
(cert->nssCert, &nameConstraints, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEFAILED
; goto cleanup; } } while (0);
3118
3119 if (nameConstraints == NULL((void*)0)) {
3120 cert->nameConstraintsAbsent = PKIX_TRUE((PKIX_Boolean) 1);
3121 }
3122
3123 cert->nameConstraints = nameConstraints;
3124 }
3125
3126 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,3126)); } } while (0);
3127
3128 }
3129
3130 PKIX_INCREF(cert->nameConstraints)do { if (cert->nameConstraints){ stdVars.aPkixTempResult =
PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->nameConstraints
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); goto cleanup; } } } while (0);
3131
3132 *pNameConstraints = cert->nameConstraints;
3133
3134cleanup:
3135 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",3135)); } } while (0);
3136 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3137}
3138
3139/*
3140 * FUNCTION: PKIX_PL_Cert_CheckNameConstraints
3141 * (see comments in pkix_pl_pki.h)
3142 */
3143PKIX_Error *
3144PKIX_PL_Cert_CheckNameConstraints(
3145 PKIX_PL_Cert *cert,
3146 PKIX_PL_CertNameConstraints *nameConstraints,
3147 PKIX_Boolean treatCommonNameAsDNSName,
3148 void *plContext)
3149{
3150 PKIX_Boolean checkPass = PKIX_TRUE((PKIX_Boolean) 1);
3151 CERTGeneralName *nssSubjectNames = NULL((void*)0);
3152 PLArenaPool *arena = NULL((void*)0);
3153
3154 PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckNameConstraints")static const char cMyFuncName[] = {"PKIX_PL_Cert_CheckNameConstraints"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3155 PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3156
3157 if (nameConstraints != NULL((void*)0)) {
3158
3159 arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
3160 if (arena == NULL((void*)0)) {
3161 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
3162 }
3163 /* only check common Name if the usage requires it */
3164 if (treatCommonNameAsDNSName) {
3165 SECCertificateUsage certificateUsage;
3166 certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
3167 if ((certificateUsage != certificateUsageSSLServer(0x0002)) &&
3168 (certificateUsage != certificateUsageIPsec(0x1000))) {
3169 treatCommonNameAsDNSName = PKIX_FALSE((PKIX_Boolean) 0);
3170 }
3171 }
3172
3173 /* This NSS call returns Subject Alt Names. If
3174 * treatCommonNameAsDNSName is true, it also returns the
3175 * Subject Common Name
3176 */
3177 PKIX_CERT_DEBUG
3178 ("\t\tCalling CERT_GetConstrainedCertificateNames\n");
3179 nssSubjectNames = CERT_GetConstrainedCertificateNames
3180 (cert->nssCert, arena, treatCommonNameAsDNSName);
3181
3182 PKIX_CHECK(pkix_pl_CertNameConstraints_CheckNameSpaceNssNamesdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
(nssSubjectNames, nameConstraints, &checkPass, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto
cleanup; } } while (0)
3183 (nssSubjectNames,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
(nssSubjectNames, nameConstraints, &checkPass, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto
cleanup; } } while (0)
3184 nameConstraints,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
(nssSubjectNames, nameConstraints, &checkPass, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto
cleanup; } } while (0)
3185 &checkPass,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
(nssSubjectNames, nameConstraints, &checkPass, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto
cleanup; } } while (0)
3186 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
(nssSubjectNames, nameConstraints, &checkPass, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto
cleanup; } } while (0)
3187 PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
(nssSubjectNames, nameConstraints, &checkPass, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto
cleanup; } } while (0);
3188
3189 if (checkPass != PKIX_TRUE((PKIX_Boolean) 1)) {
3190 PKIX_ERROR(PKIX_CERTFAILEDNAMECONSTRAINTSCHECKING){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTFAILEDNAMECONSTRAINTSCHECKING, ((void*)0), stdVars
.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTFAILEDNAMECONSTRAINTSCHECKING
; goto cleanup; };
3191 }
3192 }
3193
3194cleanup:
3195 if (arena){
3196 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
3197 }
3198
3199 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3200}
3201
3202/*
3203 * FUNCTION: PKIX_PL_Cert_MergeNameConstraints
3204 * (see comments in pkix_pl_pki.h)
3205 */
3206PKIX_Error *
3207PKIX_PL_Cert_MergeNameConstraints(
3208 PKIX_PL_CertNameConstraints *firstNC,
3209 PKIX_PL_CertNameConstraints *secondNC,
3210 PKIX_PL_CertNameConstraints **pResultNC,
3211 void *plContext)
3212{
3213 PKIX_PL_CertNameConstraints *mergedNC = NULL((void*)0);
3214
3215 PKIX_ENTER(CERT, "PKIX_PL_Cert_MergeNameConstraints")static const char cMyFuncName[] = {"PKIX_PL_Cert_MergeNameConstraints"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3216 PKIX_NULLCHECK_TWO(firstNC, pResultNC)do { if (((firstNC) == ((void*)0)) || ((pResultNC) == ((void*
)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
3217
3218 if (secondNC == NULL((void*)0)) {
3219
3220 PKIX_INCREF(firstNC)do { if (firstNC){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(firstNC), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
(0);
3221 *pResultNC = firstNC;
3222
3223 goto cleanup;
3224 }
3225
3226 PKIX_CHECK(pkix_pl_CertNameConstraints_Mergedo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Merge
(firstNC, secondNC, &mergedNC, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSMERGEFAILED
; goto cleanup; } } while (0)
3227 (firstNC, secondNC, &mergedNC, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Merge
(firstNC, secondNC, &mergedNC, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSMERGEFAILED
; goto cleanup; } } while (0)
3228 PKIX_CERTNAMECONSTRAINTSMERGEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Merge
(firstNC, secondNC, &mergedNC, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSMERGEFAILED
; goto cleanup; } } while (0);
3229
3230 *pResultNC = mergedNC;
3231
3232cleanup:
3233 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3234}
3235
3236/*
3237 * Find out the state of the NSS trust bits for the requested usage.
3238 * Returns SECFailure if the cert is explicitly distrusted.
3239 * Returns SECSuccess if the cert can be used to form a chain (normal case),
3240 * or it is explicitly trusted. The trusted bool is set to true if it is
3241 * explicitly trusted.
3242 */
3243static SECStatus
3244pkix_pl_Cert_GetTrusted(void *plContext,
3245 PKIX_PL_Cert *cert,
3246 PKIX_Boolean *trusted,
3247 PKIX_Boolean isCA)
3248{
3249 SECStatus rv;
3250 CERTCertificate *nssCert = NULL((void*)0);
3251 SECCertUsage certUsage = 0;
3252 SECCertificateUsage certificateUsage;
3253 SECTrustType trustType;
3254 unsigned int trustFlags;
3255 unsigned int requiredFlags;
3256 CERTCertTrust trust;
3257
3258 *trusted = PKIX_FALSE((PKIX_Boolean) 0);
3259
3260 /* no key usage information */
3261 if (plContext == NULL((void*)0)) {
3262 return SECSuccess;
3263 }
3264
3265 certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
3266
3267 /* ensure we obtained a single usage bit only */
3268 PORT_Assert(!(certificateUsage & (certificateUsage - 1)))((!(certificateUsage & (certificateUsage - 1)))?((void)0)
:PR_Assert("!(certificateUsage & (certificateUsage - 1))"
,"pkix_pl_cert.c",3268));
3269
3270 /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */
3271 while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; }
3272
3273 nssCert = cert->nssCert;
3274
3275 if (!isCA) {
3276 PRBool prTrusted;
3277 unsigned int failedFlags;
3278 rv = cert_CheckLeafTrust(nssCert, certUsage,
3279 &failedFlags, &prTrusted);
3280 *trusted = (PKIX_Boolean) prTrusted;
3281 return rv;
3282 }
3283 rv = CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
3284 &trustType);
3285 if (rv != SECSuccess) {
3286 return SECSuccess;
3287 }
3288
3289 rv = CERT_GetCertTrust(nssCert, &trust);
3290 if (rv != SECSuccess) {
3291 return SECSuccess;
3292 }
3293 trustFlags = SEC_GET_TRUST_FLAGS(&trust, trustType)(((trustType) == trustSSL) ? ((&trust)->sslFlags) : ((
(trustType) == trustEmail) ? ((&trust)->emailFlags) : (
((trustType) == trustObjectSigning) ? ((&trust)->objectSigningFlags
) : 0)));
3294 /* normally trustTypeNone usages accept any of the given trust bits
3295 * being on as acceptable. If any are distrusted (and none are trusted),
3296 * then we will also distrust the cert */
3297 if ((trustFlags == 0) && (trustType == trustTypeNone)) {
3298 trustFlags = trust.sslFlags | trust.emailFlags |
3299 trust.objectSigningFlags;
3300 }
3301 if ((trustFlags & requiredFlags) == requiredFlags) {
3302 *trusted = PKIX_TRUE((PKIX_Boolean) 1);
3303 return SECSuccess;
3304 }
3305 if ((trustFlags & CERTDB_TERMINAL_RECORD(1u << 0)) &&
3306 ((trustFlags & (CERTDB_VALID_CA(1u << 3)|CERTDB_TRUSTED(1u << 1))) == 0)) {
3307 return SECFailure;
3308 }
3309 return SECSuccess;
3310}
3311
3312/*
3313 * FUNCTION: PKIX_PL_Cert_IsCertTrusted
3314 * (see comments in pkix_pl_pki.h)
3315 */
3316PKIX_Error *
3317PKIX_PL_Cert_IsCertTrusted(
3318 PKIX_PL_Cert *cert,
3319 PKIX_PL_TrustAnchorMode trustAnchorMode,
3320 PKIX_Boolean *pTrusted,
3321 void *plContext)
3322{
3323 PKIX_CertStore_CheckTrustCallback trustCallback = NULL((void*)0);
3324 PKIX_Boolean trusted = PKIX_FALSE((PKIX_Boolean) 0);
3325 SECStatus rv = SECFailure;
3326
3327 PKIX_ENTER(CERT, "PKIX_PL_Cert_IsCertTrusted")static const char cMyFuncName[] = {"PKIX_PL_Cert_IsCertTrusted"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3328 PKIX_NULLCHECK_TWO(cert, pTrusted)do { if (((cert) == ((void*)0)) || ((pTrusted) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
3329
3330 /* Call GetTrusted first to see if we are going to distrust the
3331 * certificate */
3332 rv = pkix_pl_Cert_GetTrusted(plContext, cert, &trusted, PKIX_TRUE((PKIX_Boolean) 1));
3333 if (rv != SECSuccess) {
3334 /* Failure means the cert is explicitly distrusted,
3335 * let the next level know not to use it. */
3336 *pTrusted = PKIX_FALSE((PKIX_Boolean) 0);
3337 PKIX_ERROR(PKIX_CERTISCERTTRUSTEDFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTISCERTTRUSTEDFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
cleanup; };
3338 }
3339
3340 if (trustAnchorMode == PKIX_PL_TrustAnchorMode_Exclusive ||
3341 (trustAnchorMode == PKIX_PL_TrustAnchorMode_Additive &&
3342 cert->isUserTrustAnchor)) {
3343 /* Use the trust anchor's |trusted| value */
3344 *pTrusted = cert->isUserTrustAnchor;
3345 goto cleanup;
3346 }
3347
3348 /* no key usage information or store is not trusted */
3349 if (plContext == NULL((void*)0) || cert->store == NULL((void*)0)) {
3350 *pTrusted = PKIX_FALSE((PKIX_Boolean) 0);
3351 goto cleanup;
3352 }
3353
3354 PKIX_CHECK(PKIX_CertStore_GetTrustCallbackdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback
(cert->store, &trustCallback, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETTRUSTCALLBACKFAILED
; goto cleanup; } } while (0)
3355 (cert->store, &trustCallback, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback
(cert->store, &trustCallback, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETTRUSTCALLBACKFAILED
; goto cleanup; } } while (0)
3356 PKIX_CERTSTOREGETTRUSTCALLBACKFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback
(cert->store, &trustCallback, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETTRUSTCALLBACKFAILED
; goto cleanup; } } while (0);
3357
3358 PKIX_CHECK_ONLY_FATAL(trustCallbackdo { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (trustCallback (cert->store, cert, &
trusted, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; if (stdVars.aPkixErrorClass
== PKIX_FATAL_ERROR) { goto cleanup; } do { if (stdVars.aPkixErrorResult
){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object
*)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult
= ((void*)0); } } while (0); } } while (0)
3359 (cert->store, cert, &trusted, plContext),do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (trustCallback (cert->store, cert, &
trusted, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; if (stdVars.aPkixErrorClass
== PKIX_FATAL_ERROR) { goto cleanup; } do { if (stdVars.aPkixErrorResult
){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object
*)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult
= ((void*)0); } } while (0); } } while (0)
3360 PKIX_CHECKTRUSTCALLBACKFAILED)do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (trustCallback (cert->store, cert, &
trusted, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; if (stdVars.aPkixErrorClass
== PKIX_FATAL_ERROR) { goto cleanup; } do { if (stdVars.aPkixErrorResult
){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object
*)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult
= ((void*)0); } } while (0); } } while (0);
3361
3362 /* allow trust store to override if we can trust the trust
3363 * bits */
3364 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList) || (trusted == PKIX_FALSE((PKIX_Boolean) 0))) {
3365 *pTrusted = PKIX_FALSE((PKIX_Boolean) 0);
3366 goto cleanup;
3367 }
3368
3369 *pTrusted = trusted;
3370
3371cleanup:
3372 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3373}
3374
3375/*
3376 * FUNCTION: PKIX_PL_Cert_IsLeafCertTrusted
3377 * (see comments in pkix_pl_pki.h)
3378 */
3379PKIX_Error *
3380PKIX_PL_Cert_IsLeafCertTrusted(
3381 PKIX_PL_Cert *cert,
3382 PKIX_Boolean *pTrusted,
3383 void *plContext)
3384{
3385 SECStatus rv;
3386
3387 PKIX_ENTER(CERT, "PKIX_PL_Cert_IsLeafCertTrusted")static const char cMyFuncName[] = {"PKIX_PL_Cert_IsLeafCertTrusted"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3388 PKIX_NULLCHECK_TWO(cert, pTrusted)do { if (((cert) == ((void*)0)) || ((pTrusted) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
3389
3390 *pTrusted = PKIX_FALSE((PKIX_Boolean) 0);
3391
3392 rv = pkix_pl_Cert_GetTrusted(plContext, cert, pTrusted, PKIX_FALSE((PKIX_Boolean) 0));
3393 if (rv != SECSuccess) {
3394 /* Failure means the cert is explicitly distrusted,
3395 * let the next level know not to use it. */
3396 *pTrusted = PKIX_FALSE((PKIX_Boolean) 0);
3397 PKIX_ERROR(PKIX_CERTISCERTTRUSTEDFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTISCERTTRUSTEDFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
cleanup; };
3398 }
3399
3400cleanup:
3401 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3402}
3403
3404/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
3405PKIX_Error*
3406PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
3407 void *plContext)
3408{
3409 PKIX_ENTER(CERT, "PKIX_PL_Cert_SetAsTrustAnchor")static const char cMyFuncName[] = {"PKIX_PL_Cert_SetAsTrustAnchor"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3410 PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3411
3412 cert->isUserTrustAnchor = PKIX_TRUE((PKIX_Boolean) 1);
3413
3414 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3415}
3416
3417/*
3418 * FUNCTION: PKIX_PL_Cert_GetCacheFlag (see comments in pkix_pl_pki.h)
3419 */
3420PKIX_Error *
3421PKIX_PL_Cert_GetCacheFlag(
3422 PKIX_PL_Cert *cert,
3423 PKIX_Boolean *pCacheFlag,
3424 void *plContext)
3425{
3426 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCacheFlag")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetCacheFlag"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3427 PKIX_NULLCHECK_TWO(cert, pCacheFlag)do { if (((cert) == ((void*)0)) || ((pCacheFlag) == ((void*)0
))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
3428
3429 *pCacheFlag = cert->cacheFlag;
3430
3431 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3432}
3433
3434/*
3435 * FUNCTION: PKIX_PL_Cert_SetCacheFlag (see comments in pkix_pl_pki.h)
3436 */
3437PKIX_Error *
3438PKIX_PL_Cert_SetCacheFlag(
3439 PKIX_PL_Cert *cert,
3440 PKIX_Boolean cacheFlag,
3441 void *plContext)
3442{
3443 PKIX_ENTER(CERT, "PKIX_PL_Cert_SetCacheFlag")static const char cMyFuncName[] = {"PKIX_PL_Cert_SetCacheFlag"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3444 PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3445
3446 cert->cacheFlag = cacheFlag;
3447
3448 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3449}
3450
3451/*
3452 * FUNCTION: PKIX_PL_Cert_GetTrustCertStore (see comments in pkix_pl_pki.h)
3453 */
3454PKIX_Error *
3455PKIX_PL_Cert_GetTrustCertStore(
3456 PKIX_PL_Cert *cert,
3457 PKIX_CertStore **pTrustCertStore,
3458 void *plContext)
3459{
3460 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetTrustCertStore")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetTrustCertStore"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3461 PKIX_NULLCHECK_TWO(cert, pTrustCertStore)do { if (((cert) == ((void*)0)) || ((pTrustCertStore) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
3462
3463 PKIX_INCREF(cert->store)do { if (cert->store){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->store), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
3464 *pTrustCertStore = cert->store;
3465
3466cleanup:
3467 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3468}
3469
3470/*
3471 * FUNCTION: PKIX_PL_Cert_SetTrustCertStore (see comments in pkix_pl_pki.h)
3472 */
3473PKIX_Error *
3474PKIX_PL_Cert_SetTrustCertStore(
3475 PKIX_PL_Cert *cert,
3476 PKIX_CertStore *trustCertStore,
3477 void *plContext)
3478{
3479 PKIX_ENTER(CERT, "PKIX_PL_Cert_SetTrustCertStore")static const char cMyFuncName[] = {"PKIX_PL_Cert_SetTrustCertStore"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3480 PKIX_NULLCHECK_TWO(cert, trustCertStore)do { if (((cert) == ((void*)0)) || ((trustCertStore) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
3481
3482 PKIX_INCREF(trustCertStore)do { if (trustCertStore){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(trustCertStore), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
3483 cert->store = trustCertStore;
3484
3485cleanup:
3486 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3487}
3488
3489/*
3490 * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess
3491 * (see comments in pkix_pl_pki.h)
3492 */
3493PKIX_Error *
3494PKIX_PL_Cert_GetAuthorityInfoAccess(
3495 PKIX_PL_Cert *cert,
3496 PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
3497 void *plContext)
3498{
3499 PKIX_List *aiaList = NULL((void*)0); /* of PKIX_PL_InfoAccess */
3500 SECItem *encodedAIA = NULL((void*)0);
3501 CERTAuthInfoAccess **aia = NULL((void*)0);
3502 PLArenaPool *arena = NULL((void*)0);
3503 SECStatus rv;
3504
3505 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAuthorityInfoAccess")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetAuthorityInfoAccess"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3506 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAiaList)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pAiaList) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3507
3508 /* if we don't have a cached copy from before, we create one */
3509 if (cert->authorityInfoAccess == NULL((void*)0)) {
3510
3511 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
3512
3513 if (cert->authorityInfoAccess == NULL((void*)0)) {
3514
3515 PKIX_PL_NSSCALLRV(CERT, encodedAIA, SECITEM_AllocItem,; encodedAIA = (SECITEM_AllocItem_Util (((void*)0), ((void*)0
), 0))
3516 (NULL, NULL, 0)); encodedAIA = (SECITEM_AllocItem_Util (((void*)0), ((void*)0
), 0));
3517
3518 if (encodedAIA == NULL((void*)0)) {
3519 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
3520 }
3521
3522 PKIX_PL_NSSCALLRV(CERT, rv, CERT_FindCertExtension,; rv = (CERT_FindCertExtension (cert->nssCert, SEC_OID_X509_AUTH_INFO_ACCESS
, encodedAIA))
3523 (cert->nssCert,; rv = (CERT_FindCertExtension (cert->nssCert, SEC_OID_X509_AUTH_INFO_ACCESS
, encodedAIA))
3524 SEC_OID_X509_AUTH_INFO_ACCESS,; rv = (CERT_FindCertExtension (cert->nssCert, SEC_OID_X509_AUTH_INFO_ACCESS
, encodedAIA))
3525 encodedAIA)); rv = (CERT_FindCertExtension (cert->nssCert, SEC_OID_X509_AUTH_INFO_ACCESS
, encodedAIA));
3526
3527 if (rv == SECFailure) {
3528 goto cleanup;
3529 }
3530
3531 PKIX_PL_NSSCALLRV(CERT, arena, PORT_NewArena,; arena = (PORT_NewArena_Util ((2048)))
3532 (DER_DEFAULT_CHUNKSIZE)); arena = (PORT_NewArena_Util ((2048)));
3533
3534 if (arena == NULL((void*)0)) {
3535 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
3536 }
3537
3538 PKIX_PL_NSSCALLRV; aia = (CERT_DecodeAuthInfoAccessExtension (arena, encodedAIA
))
3539 (CERT, aia, CERT_DecodeAuthInfoAccessExtension,; aia = (CERT_DecodeAuthInfoAccessExtension (arena, encodedAIA
))
3540 (arena, encodedAIA)); aia = (CERT_DecodeAuthInfoAccessExtension (arena, encodedAIA
));
3541
3542 PKIX_CHECK(pkix_pl_InfoAccess_CreateListdo { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList
(aia, &aiaList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto
cleanup; } } while (0)
3543 (aia, &aiaList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList
(aia, &aiaList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto
cleanup; } } while (0)
3544 PKIX_INFOACCESSCREATELISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList
(aia, &aiaList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto
cleanup; } } while (0);
3545
3546 cert->authorityInfoAccess = aiaList;
3547 }
3548
3549 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,3549)); } } while (0);
3550 }
3551
3552 PKIX_INCREF(cert->authorityInfoAccess)do { if (cert->authorityInfoAccess){ stdVars.aPkixTempResult
= PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->authorityInfoAccess
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); goto cleanup; } } } while (0);
3553
3554 *pAiaList = cert->authorityInfoAccess;
3555
3556cleanup:
3557 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",3557)); } } while (0);
3558 if (arena != NULL((void*)0)) {
3559 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
3560 }
3561
3562 if (encodedAIA != NULL((void*)0)) {
3563 SECITEM_FreeItemSECITEM_FreeItem_Util(encodedAIA, PR_TRUE1);
3564 }
3565
3566 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3567}
3568
3569/* XXX Following defines belongs to NSS */
3570static const unsigned char siaOIDString[] = {0x2b, 0x06, 0x01, 0x05, 0x05,
3571 0x07, 0x01, 0x0b};
3572#define OI(x){ siDEROID, (unsigned char *)x, sizeof x } { siDEROID, (unsigned char *)x, sizeof x }
3573
3574/*
3575 * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess
3576 * (see comments in pkix_pl_pki.h)
3577 */
3578PKIX_Error *
3579PKIX_PL_Cert_GetSubjectInfoAccess(
3580 PKIX_PL_Cert *cert,
3581 PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */
3582 void *plContext)
3583{
3584 PKIX_List *siaList; /* of PKIX_PL_InfoAccess */
3585 SECItem siaOID = OI(siaOIDString){ siDEROID, (unsigned char *)siaOIDString, sizeof siaOIDString
};
3586 SECItem *encodedSubjInfoAccess = NULL((void*)0);
3587 CERTAuthInfoAccess **subjInfoAccess = NULL((void*)0);
3588 PLArenaPool *arena = NULL((void*)0);
3589 SECStatus rv;
3590
3591 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectInfoAccess")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectInfoAccess"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3592 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSiaList)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pSiaList) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3593
3594 /* XXX
3595 * Codes to deal with SubjectInfoAccess OID should be moved to
3596 * NSS soon. I implemented them here so we don't touch NSS
3597 * source tree, from JP's suggestion.
3598 */
3599
3600 /* if we don't have a cached copy from before, we create one */
3601 if (cert->subjectInfoAccess == NULL((void*)0)) {
3602
3603 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
3604
3605 if (cert->subjectInfoAccess == NULL((void*)0)) {
3606
3607 encodedSubjInfoAccess = SECITEM_AllocItemSECITEM_AllocItem_Util(NULL((void*)0), NULL((void*)0), 0);
3608 if (encodedSubjInfoAccess == NULL((void*)0)) {
3609 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
3610 }
3611
3612 PKIX_CERT_DEBUG
3613 ("\t\tCalling CERT_FindCertExtensionByOID).\n");
3614 rv = CERT_FindCertExtensionByOID
3615 (cert->nssCert, &siaOID, encodedSubjInfoAccess);
3616
3617 if (rv == SECFailure) {
3618 goto cleanup;
3619 }
3620
3621 arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
3622 if (arena == NULL((void*)0)) {
3623 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
3624 }
3625
3626 /* XXX
3627 * Decode Subject Information Access -
3628 * since its type is the same as Authority Information
3629 * Access, reuse the call. NSS- change name to avoid
3630 * confusion.
3631 */
3632 PKIX_CERT_DEBUG
3633 ("\t\tCalling CERT_DecodeAuthInfoAccessExtension).\n");
3634 subjInfoAccess = CERT_DecodeAuthInfoAccessExtension
3635 (arena, encodedSubjInfoAccess);
3636
3637 PKIX_CHECK(pkix_pl_InfoAccess_CreateListdo { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList
(subjInfoAccess, &siaList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto
cleanup; } } while (0)
3638 (subjInfoAccess, &siaList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList
(subjInfoAccess, &siaList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto
cleanup; } } while (0)
3639 PKIX_INFOACCESSCREATELISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList
(subjInfoAccess, &siaList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto
cleanup; } } while (0);
3640
3641 cert->subjectInfoAccess = siaList;
3642
3643 }
3644
3645 PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object
*)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock (
(PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject
= ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0)
)?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c"
,3645)); } } while (0);
3646 }
3647
3648 PKIX_INCREF(cert->subjectInfoAccess)do { if (cert->subjectInfoAccess){ stdVars.aPkixTempResult
= PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->subjectInfoAccess
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); goto cleanup; } } } while (0);
3649 *pSiaList = cert->subjectInfoAccess;
3650
3651cleanup:
3652 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",3652)); } } while (0);
3653 if (arena != NULL((void*)0)) {
3654 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
3655 }
3656
3657 if (encodedSubjInfoAccess != NULL((void*)0)) {
3658 SECITEM_FreeItemSECITEM_FreeItem_Util(encodedSubjInfoAccess, PR_TRUE1);
3659 }
3660 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3661}
3662
3663/*
3664 * FUNCTION: PKIX_PL_Cert_GetCrlDp
3665 * (see comments in pkix_pl_pki.h)
3666 */
3667PKIX_Error *
3668PKIX_PL_Cert_GetCrlDp(
3669 PKIX_PL_Cert *cert,
3670 PKIX_List **pDpList,
3671 void *plContext)
3672{
3673 PKIX_UInt32 dpIndex = 0;
3674 pkix_pl_CrlDp *dp = NULL((void*)0);
3675 CERTCrlDistributionPoints *dpoints = NULL((void*)0);
3676
3677 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCrlDp")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetCrlDp"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3678 PKIX_NULLCHECK_THREE(cert, cert->nssCert, pDpList)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void
*)0)) || ((pDpList) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3679
3680 /* if we don't have a cached copy from before, we create one */
3681 if (cert->crldpList == NULL((void*)0)) {
3682 PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(cert); } } while (0);
3683 if (cert->crldpList != NULL((void*)0)) {
3684 goto cleanup;
3685 }
3686 PKIX_CHECK(PKIX_List_Create(&cert->crldpList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&cert->
crldpList, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while
(0)
3687 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&cert->
crldpList, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while
(0);
3688 dpoints = CERT_FindCRLDistributionPoints(cert->nssCert);
3689 if (!dpoints || !dpoints->distPoints) {
3690 goto cleanup;
3691 }
3692 for (;dpoints->distPoints[dpIndex];dpIndex++) {
3693 PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints
->distPoints[dpIndex], &cert->nssCert->issuer, &
dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0)
3694 pkix_pl_CrlDp_Create(dpoints->distPoints[dpIndex],do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints
->distPoints[dpIndex], &cert->nssCert->issuer, &
dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0)
3695 &cert->nssCert->issuer,do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints
->distPoints[dpIndex], &cert->nssCert->issuer, &
dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0)
3696 &dp, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints
->distPoints[dpIndex], &cert->nssCert->issuer, &
dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0)
3697 PKIX_CRLDPCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints
->distPoints[dpIndex], &cert->nssCert->issuer, &
dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0);
3698 /* Create crldp list in reverse order in attempt to get
3699 * to the whole crl first. */
3700 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert->
crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
3701 PKIX_List_InsertItem(cert->crldpList, 0,do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert->
crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
3702 (PKIX_PL_Object*)dp,do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert->
crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
3703 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert->
crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
3704 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert->
crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
3705 PKIX_DECREF(dp)do { if (dp){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(dp), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } dp = ((void*)0); }
} while (0);
3706 }
3707 }
3708cleanup:
3709 PKIX_INCREF(cert->crldpList)do { if (cert->crldpList){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(cert->crldpList), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
3710 *pDpList = cert->crldpList;
3711
3712 PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject
== (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult
= PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_cert.c",3712)); } } while (0);
3713 PKIX_DECREF(dp)do { if (dp){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(dp), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } dp = ((void*)0); }
} while (0);
3714
3715 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3716}
3717
3718/*
3719 * FUNCTION: PKIX_PL_Cert_GetCERTCertificate
3720 * (see comments in pkix_pl_pki.h)
3721 */
3722PKIX_Error *
3723PKIX_PL_Cert_GetCERTCertificate(
3724 PKIX_PL_Cert *cert,
3725 CERTCertificate **pnssCert,
3726 void *plContext)
3727{
3728 PKIX_ENTER(CERT, "PKIX_PL_Cert_GetNssCert")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetNssCert"}
; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
3729 PKIX_NULLCHECK_TWO(cert, pnssCert)do { if (((cert) == ((void*)0)) || ((pnssCert) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
3730
3731 *pnssCert = CERT_DupCertificate(cert->nssCert);
3732
3733 PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean
) 1), plContext);;
3734}