File: | s/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c |
Warning: | line 2493, column 28 Branch condition evaluates to a garbage value |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* This Source Code Form is subject to the terms of the Mozilla Public | |||
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this | |||
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |||
4 | /* | |||
5 | * pkix_pl_cert.c | |||
6 | * | |||
7 | * Certificate Object Functions | |||
8 | * | |||
9 | */ | |||
10 | ||||
11 | #include "pkix_pl_cert.h" | |||
12 | ||||
13 | extern PKIX_PL_HashTable *cachedCertSigTable; | |||
14 | ||||
15 | /* --Private-Cert-Functions------------------------------------- */ | |||
16 | ||||
17 | /* | |||
18 | * FUNCTION: pkix_pl_Cert_IsExtensionCritical | |||
19 | * DESCRIPTION: | |||
20 | * | |||
21 | * Checks the Cert specified by "cert" to determine whether the extension | |||
22 | * whose tag is the UInt32 value given by "tag" is marked as a critical | |||
23 | * extension, and stores the result in "pCritical". | |||
24 | * | |||
25 | * Tags are the index into the table "oids" of SECOidData defined in the | |||
26 | * file secoid.c. Constants, such as SEC_OID_X509_CERTIFICATE_POLICIES, are | |||
27 | * are defined in secoidt.h for most of the table entries. | |||
28 | * | |||
29 | * If the specified tag is invalid (not in the list of tags) or if the | |||
30 | * extension is not found in the certificate, PKIX_FALSE is stored. | |||
31 | * | |||
32 | * PARAMETERS | |||
33 | * "cert" | |||
34 | * Address of Cert whose extensions are to be examined. Must be non-NULL. | |||
35 | * "tag" | |||
36 | * The UInt32 value of the tag for the extension whose criticality is | |||
37 | * to be determined | |||
38 | * "pCritical" | |||
39 | * Address where the Boolean value will be stored. Must be non-NULL. | |||
40 | * "plContext" | |||
41 | * Platform-specific context pointer. | |||
42 | * THREAD SAFETY: | |||
43 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
44 | * RETURNS: | |||
45 | * Returns NULL if the function succeeds. | |||
46 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
47 | */ | |||
48 | static PKIX_Error * | |||
49 | pkix_pl_Cert_IsExtensionCritical( | |||
50 | PKIX_PL_Cert *cert, | |||
51 | PKIX_UInt32 tag, | |||
52 | PKIX_Boolean *pCritical, | |||
53 | void *plContext) | |||
54 | { | |||
55 | PKIX_Boolean criticality = PKIX_FALSE((PKIX_Boolean) 0); | |||
56 | CERTCertExtension **extensions = NULL((void*)0); | |||
57 | SECStatus rv; | |||
58 | ||||
59 | PKIX_ENTER(CERT, "pkix_pl_Cert_IsExtensionCritical")static const char cMyFuncName[] = {"pkix_pl_Cert_IsExtensionCritical" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
60 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCritical)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pCritical) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
61 | ||||
62 | extensions = cert->nssCert->extensions; | |||
63 | PKIX_NULLCHECK_ONE(extensions)do { if ((extensions) == ((void*)0)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
64 | ||||
65 | PKIX_CERT_DEBUG("\t\tCalling CERT_GetExtenCriticality).\n"); | |||
66 | rv = CERT_GetExtenCriticality(extensions, tag, &criticality); | |||
67 | if (SECSuccess == rv) { | |||
68 | *pCritical = criticality; | |||
69 | } else { | |||
70 | *pCritical = PKIX_FALSE((PKIX_Boolean) 0); | |||
71 | } | |||
72 | ||||
73 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
74 | } | |||
75 | ||||
76 | /* | |||
77 | * FUNCTION: pkix_pl_Cert_DecodePolicyInfo | |||
78 | * DESCRIPTION: | |||
79 | * | |||
80 | * Decodes the contents of the CertificatePolicy extension in the | |||
81 | * CERTCertificate pointed to by "nssCert", to create a List of | |||
82 | * CertPolicyInfos, which is stored at the address "pCertPolicyInfos". | |||
83 | * A CERTCertificate contains the DER representation of the Cert. | |||
84 | * If this certificate does not have a CertificatePolicy extension, | |||
85 | * NULL will be stored. If a List is returned, it will be immutable. | |||
86 | * | |||
87 | * PARAMETERS | |||
88 | * "nssCert" | |||
89 | * Address of the Cert data whose extension is to be examined. Must be | |||
90 | * non-NULL. | |||
91 | * "pCertPolicyInfos" | |||
92 | * Address where the List of CertPolicyInfos will be stored. Must be | |||
93 | * non-NULL. | |||
94 | * "plContext" | |||
95 | * Platform-specific context pointer. | |||
96 | * THREAD SAFETY: | |||
97 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
98 | * RETURNS: | |||
99 | * Returns NULL if the function succeeds. | |||
100 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
101 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
102 | */ | |||
103 | static PKIX_Error * | |||
104 | pkix_pl_Cert_DecodePolicyInfo( | |||
105 | CERTCertificate *nssCert, | |||
106 | PKIX_List **pCertPolicyInfos, | |||
107 | void *plContext) | |||
108 | { | |||
109 | ||||
110 | SECStatus rv; | |||
111 | SECItem encodedCertPolicyInfo; | |||
112 | ||||
113 | /* Allocated in the arena; freed in CERT_Destroy... */ | |||
114 | CERTCertificatePolicies *certPol = NULL((void*)0); | |||
115 | CERTPolicyInfo **policyInfos = NULL((void*)0); | |||
116 | ||||
117 | /* Holder for the return value */ | |||
118 | PKIX_List *infos = NULL((void*)0); | |||
119 | ||||
120 | PKIX_PL_OID *pkixOID = NULL((void*)0); | |||
121 | PKIX_List *qualifiers = NULL((void*)0); | |||
122 | PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL((void*)0); | |||
123 | PKIX_PL_CertPolicyQualifier *certPolicyQualifier = NULL((void*)0); | |||
124 | PKIX_PL_ByteArray *qualifierArray = NULL((void*)0); | |||
125 | ||||
126 | PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyInfo")static const char cMyFuncName[] = {"pkix_pl_Cert_DecodePolicyInfo" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
127 | PKIX_NULLCHECK_TWO(nssCert, pCertPolicyInfos)do { if (((nssCert) == ((void*)0)) || ((pCertPolicyInfos) == ( (void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn (&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext );; } } while (0); | |||
128 | ||||
129 | /* get PolicyInfo as a SECItem */ | |||
130 | PKIX_CERT_DEBUG("\t\tCERT_FindCertExtension).\n"); | |||
131 | rv = CERT_FindCertExtension | |||
132 | (nssCert, | |||
133 | SEC_OID_X509_CERTIFICATE_POLICIES, | |||
134 | &encodedCertPolicyInfo); | |||
135 | if (SECSuccess != rv) { | |||
136 | *pCertPolicyInfos = NULL((void*)0); | |||
137 | goto cleanup; | |||
138 | } | |||
139 | ||||
140 | /* translate PolicyInfo to CERTCertificatePolicies */ | |||
141 | PKIX_CERT_DEBUG("\t\tCERT_DecodeCertificatePoliciesExtension).\n"); | |||
142 | certPol = CERT_DecodeCertificatePoliciesExtension | |||
143 | (&encodedCertPolicyInfo); | |||
144 | ||||
145 | PORT_FreePORT_Free_Util(encodedCertPolicyInfo.data); | |||
146 | ||||
147 | if (NULL((void*)0) == certPol) { | |||
148 | PKIX_ERROR(PKIX_CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED, ((void*) 0), stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED ; goto cleanup; }; | |||
149 | } | |||
150 | ||||
151 | /* | |||
152 | * Check whether there are any policyInfos, so we can | |||
153 | * avoid creating an unnecessary List | |||
154 | */ | |||
155 | policyInfos = certPol->policyInfos; | |||
156 | if (!policyInfos) { | |||
157 | *pCertPolicyInfos = NULL((void*)0); | |||
158 | goto cleanup; | |||
159 | } | |||
160 | ||||
161 | /* create a List of CertPolicyInfo Objects */ | |||
162 | PKIX_CHECK(PKIX_List_Create(&infos, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&infos, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
163 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&infos, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
164 | ||||
165 | /* | |||
166 | * Traverse the CERTCertificatePolicies structure, | |||
167 | * building each PKIX_PL_CertPolicyInfo object in turn | |||
168 | */ | |||
169 | while (*policyInfos != NULL((void*)0)) { | |||
170 | CERTPolicyInfo *policyInfo = *policyInfos; | |||
171 | CERTPolicyQualifier **policyQualifiers = | |||
172 | policyInfo->policyQualifiers; | |||
173 | if (policyQualifiers) { | |||
174 | /* create a PKIX_List of PKIX_PL_CertPolicyQualifiers */ | |||
175 | PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&qualifiers , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
176 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&qualifiers , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
177 | ||||
178 | while (*policyQualifiers != NULL((void*)0)) { | |||
179 | CERTPolicyQualifier *policyQualifier = | |||
180 | *policyQualifiers; | |||
181 | ||||
182 | /* create the qualifier's OID object */ | |||
183 | PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyQualifier->qualifierID, &pkixOID, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
184 | (&policyQualifier->qualifierID,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyQualifier->qualifierID, &pkixOID, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
185 | &pkixOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyQualifier->qualifierID, &pkixOID, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
186 | PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyQualifier->qualifierID, &pkixOID, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0); | |||
187 | ||||
188 | /* create qualifier's ByteArray object */ | |||
189 | ||||
190 | PKIX_CHECK(PKIX_PL_ByteArray_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier ->qualifierValue.data, policyQualifier->qualifierValue. len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0) | |||
191 | (policyQualifier->qualifierValue.data,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier ->qualifierValue.data, policyQualifier->qualifierValue. len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0) | |||
192 | policyQualifier->qualifierValue.len,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier ->qualifierValue.data, policyQualifier->qualifierValue. len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0) | |||
193 | &qualifierArray,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier ->qualifierValue.data, policyQualifier->qualifierValue. len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0) | |||
194 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier ->qualifierValue.data, policyQualifier->qualifierValue. len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0) | |||
195 | PKIX_BYTEARRAYCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (policyQualifier ->qualifierValue.data, policyQualifier->qualifierValue. len, &qualifierArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0); | |||
196 | ||||
197 | /* create a CertPolicyQualifier object */ | |||
198 | ||||
199 | PKIX_CHECK(pkix_pl_CertPolicyQualifier_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create (pkixOID, qualifierArray, &certPolicyQualifier, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while (0) | |||
200 | (pkixOID,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create (pkixOID, qualifierArray, &certPolicyQualifier, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while (0) | |||
201 | qualifierArray,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create (pkixOID, qualifierArray, &certPolicyQualifier, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while (0) | |||
202 | &certPolicyQualifier,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create (pkixOID, qualifierArray, &certPolicyQualifier, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while (0) | |||
203 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create (pkixOID, qualifierArray, &certPolicyQualifier, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while (0) | |||
204 | PKIX_CERTPOLICYQUALIFIERCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyQualifier_Create (pkixOID, qualifierArray, &certPolicyQualifier, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYQUALIFIERCREATEFAILED; goto cleanup; } } while (0); | |||
205 | ||||
206 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers , (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
207 | (qualifiers,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers , (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
208 | (PKIX_PL_Object *)certPolicyQualifier,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers , (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
209 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers , (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
210 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (qualifiers , (PKIX_PL_Object *)certPolicyQualifier, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0); | |||
211 | ||||
212 | PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*) 0); } } while (0); | |||
213 | PKIX_DECREF(qualifierArray)do { if (qualifierArray){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(qualifierArray), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } qualifierArray = ((void*)0); } } while (0); | |||
214 | PKIX_DECREF(certPolicyQualifier)do { if (certPolicyQualifier){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyQualifier), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyQualifier = ((void*)0); } } while (0); | |||
215 | ||||
216 | policyQualifiers++; | |||
217 | } | |||
218 | ||||
219 | PKIX_CHECK(PKIX_List_SetImmutabledo { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (qualifiers , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0) | |||
220 | (qualifiers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (qualifiers , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0) | |||
221 | PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (qualifiers , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0); | |||
222 | } | |||
223 | ||||
224 | ||||
225 | /* | |||
226 | * Create an OID object pkixOID from policyInfo->policyID. | |||
227 | * (The CERTPolicyInfo structure has an oid field, but it | |||
228 | * is of type SECOidTag. This function wants a SECItem.) | |||
229 | */ | |||
230 | PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyInfo->policyID, &pkixOID, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED ; goto cleanup; } } while (0) | |||
231 | (&policyInfo->policyID, &pkixOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyInfo->policyID, &pkixOID, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED ; goto cleanup; } } while (0) | |||
232 | PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyInfo->policyID, &pkixOID, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED ; goto cleanup; } } while (0); | |||
233 | ||||
234 | /* Create a CertPolicyInfo object */ | |||
235 | PKIX_CHECK(pkix_pl_CertPolicyInfo_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyInfo_Create (pkixOID, qualifiers, &certPolicyInfo, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOCREATEFAILED ; goto cleanup; } } while (0) | |||
236 | (pkixOID, qualifiers, &certPolicyInfo, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyInfo_Create (pkixOID, qualifiers, &certPolicyInfo, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOCREATEFAILED ; goto cleanup; } } while (0) | |||
237 | PKIX_CERTPOLICYINFOCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyInfo_Create (pkixOID, qualifiers, &certPolicyInfo, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOCREATEFAILED ; goto cleanup; } } while (0); | |||
238 | ||||
239 | /* Append the new CertPolicyInfo object to the list */ | |||
240 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (infos, (PKIX_PL_Object *)certPolicyInfo, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
241 | (infos, (PKIX_PL_Object *)certPolicyInfo, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (infos, (PKIX_PL_Object *)certPolicyInfo, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
242 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (infos, (PKIX_PL_Object *)certPolicyInfo, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
243 | ||||
244 | PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*) 0); } } while (0); | |||
245 | PKIX_DECREF(qualifiers)do { if (qualifiers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(qualifiers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } qualifiers = ((void *)0); } } while (0); | |||
246 | PKIX_DECREF(certPolicyInfo)do { if (certPolicyInfo){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyInfo), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyInfo = ((void*)0); } } while (0); | |||
247 | ||||
248 | policyInfos++; | |||
249 | } | |||
250 | ||||
251 | /* | |||
252 | * If there were no policies, we went straight to | |||
253 | * cleanup, so we don't have to NULLCHECK infos. | |||
254 | */ | |||
255 | PKIX_CHECK(PKIX_List_SetImmutable(infos, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(infos , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0) | |||
256 | PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(infos , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0); | |||
257 | ||||
258 | *pCertPolicyInfos = infos; | |||
259 | infos = NULL((void*)0); | |||
260 | ||||
261 | cleanup: | |||
262 | if (certPol) { | |||
263 | PKIX_CERT_DEBUG | |||
264 | ("\t\tCalling CERT_DestroyCertificatePoliciesExtension).\n"); | |||
265 | CERT_DestroyCertificatePoliciesExtension(certPol); | |||
266 | } | |||
267 | ||||
268 | PKIX_DECREF(infos)do { if (infos){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(infos), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } infos = ((void*)0) ; } } while (0); | |||
269 | PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*) 0); } } while (0); | |||
270 | PKIX_DECREF(qualifiers)do { if (qualifiers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(qualifiers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } qualifiers = ((void *)0); } } while (0); | |||
271 | PKIX_DECREF(certPolicyInfo)do { if (certPolicyInfo){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyInfo), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyInfo = ((void*)0); } } while (0); | |||
272 | PKIX_DECREF(certPolicyQualifier)do { if (certPolicyQualifier){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyQualifier), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyQualifier = ((void*)0); } } while (0); | |||
273 | PKIX_DECREF(qualifierArray)do { if (qualifierArray){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(qualifierArray), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } qualifierArray = ((void*)0); } } while (0); | |||
274 | ||||
275 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
276 | } | |||
277 | ||||
278 | /* | |||
279 | * FUNCTION: pkix_pl_Cert_DecodePolicyMapping | |||
280 | * DESCRIPTION: | |||
281 | * | |||
282 | * Decodes the contents of the PolicyMapping extension of the CERTCertificate | |||
283 | * pointed to by "nssCert", storing the resulting List of CertPolicyMaps at | |||
284 | * the address pointed to by "pCertPolicyMaps". If this certificate does not | |||
285 | * have a PolicyMapping extension, NULL will be stored. If a List is returned, | |||
286 | * it will be immutable. | |||
287 | * | |||
288 | * PARAMETERS | |||
289 | * "nssCert" | |||
290 | * Address of the Cert data whose extension is to be examined. Must be | |||
291 | * non-NULL. | |||
292 | * "pCertPolicyMaps" | |||
293 | * Address where the List of CertPolicyMaps will be stored. Must be | |||
294 | * non-NULL. | |||
295 | * "plContext" | |||
296 | * Platform-specific context pointer. | |||
297 | * THREAD SAFETY: | |||
298 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
299 | * RETURNS: | |||
300 | * Returns NULL if the function succeeds. | |||
301 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
302 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
303 | */ | |||
304 | static PKIX_Error * | |||
305 | pkix_pl_Cert_DecodePolicyMapping( | |||
306 | CERTCertificate *nssCert, | |||
307 | PKIX_List **pCertPolicyMaps, | |||
308 | void *plContext) | |||
309 | { | |||
310 | SECStatus rv; | |||
311 | SECItem encodedCertPolicyMaps; | |||
312 | ||||
313 | /* Allocated in the arena; freed in CERT_Destroy... */ | |||
314 | CERTCertificatePolicyMappings *certPolMaps = NULL((void*)0); | |||
315 | CERTPolicyMap **policyMaps = NULL((void*)0); | |||
316 | ||||
317 | /* Holder for the return value */ | |||
318 | PKIX_List *maps = NULL((void*)0); | |||
319 | ||||
320 | PKIX_PL_OID *issuerDomainOID = NULL((void*)0); | |||
321 | PKIX_PL_OID *subjectDomainOID = NULL((void*)0); | |||
322 | PKIX_PL_CertPolicyMap *certPolicyMap = NULL((void*)0); | |||
323 | ||||
324 | PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyMapping")static const char cMyFuncName[] = {"pkix_pl_Cert_DecodePolicyMapping" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
325 | PKIX_NULLCHECK_TWO(nssCert, pCertPolicyMaps)do { if (((nssCert) == ((void*)0)) || ((pCertPolicyMaps) == ( (void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn (&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext );; } } while (0); | |||
326 | ||||
327 | /* get PolicyMappings as a SECItem */ | |||
328 | PKIX_CERT_DEBUG("\t\tCERT_FindCertExtension).\n"); | |||
329 | rv = CERT_FindCertExtension | |||
330 | (nssCert, SEC_OID_X509_POLICY_MAPPINGS, &encodedCertPolicyMaps); | |||
331 | if (SECSuccess != rv) { | |||
332 | *pCertPolicyMaps = NULL((void*)0); | |||
333 | goto cleanup; | |||
334 | } | |||
335 | ||||
336 | /* translate PolicyMaps to CERTCertificatePolicyMappings */ | |||
337 | certPolMaps = CERT_DecodePolicyMappingsExtension | |||
338 | (&encodedCertPolicyMaps); | |||
339 | ||||
340 | PORT_FreePORT_Free_Util(encodedCertPolicyMaps.data); | |||
341 | ||||
342 | if (!certPolMaps) { | |||
343 | PKIX_ERROR(PKIX_CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED, ((void*)0), stdVars .aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED ; goto cleanup; }; | |||
344 | } | |||
345 | ||||
346 | PKIX_NULLCHECK_ONE(certPolMaps->policyMaps)do { if ((certPolMaps->policyMaps) == ((void*)0)){ stdVars .aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR ), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
347 | ||||
348 | policyMaps = certPolMaps->policyMaps; | |||
349 | ||||
350 | /* create a List of CertPolicyMap Objects */ | |||
351 | PKIX_CHECK(PKIX_List_Create(&maps, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&maps, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
352 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&maps, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
353 | ||||
354 | /* | |||
355 | * Traverse the CERTCertificatePolicyMappings structure, | |||
356 | * building each CertPolicyMap object in turn | |||
357 | */ | |||
358 | do { | |||
359 | CERTPolicyMap *policyMap = *policyMaps; | |||
360 | ||||
361 | /* create the OID for the issuer Domain Policy */ | |||
362 | PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyMap->issuerDomainPolicy, &issuerDomainOID, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
363 | (&policyMap->issuerDomainPolicy,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyMap->issuerDomainPolicy, &issuerDomainOID, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
364 | &issuerDomainOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyMap->issuerDomainPolicy, &issuerDomainOID, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
365 | PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyMap->issuerDomainPolicy, &issuerDomainOID, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0); | |||
366 | ||||
367 | /* create the OID for the subject Domain Policy */ | |||
368 | PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyMap->subjectDomainPolicy, &subjectDomainOID , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
369 | (&policyMap->subjectDomainPolicy,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyMap->subjectDomainPolicy, &subjectDomainOID , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
370 | &subjectDomainOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyMap->subjectDomainPolicy, &subjectDomainOID , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0) | |||
371 | PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( &policyMap->subjectDomainPolicy, &subjectDomainOID , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while (0); | |||
372 | ||||
373 | /* create the CertPolicyMap */ | |||
374 | ||||
375 | PKIX_CHECK(pkix_pl_CertPolicyMap_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create (issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0 ) | |||
376 | (issuerDomainOID,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create (issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0 ) | |||
377 | subjectDomainOID,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create (issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0 ) | |||
378 | &certPolicyMap,do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create (issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0 ) | |||
379 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create (issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0 ) | |||
380 | PKIX_CERTPOLICYMAPCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertPolicyMap_Create (issuerDomainOID, subjectDomainOID, &certPolicyMap, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPCREATEFAILED; goto cleanup; } } while (0 ); | |||
381 | ||||
382 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (maps, ( PKIX_PL_Object *)certPolicyMap, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
383 | (maps, (PKIX_PL_Object *)certPolicyMap, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (maps, ( PKIX_PL_Object *)certPolicyMap, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
384 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (maps, ( PKIX_PL_Object *)certPolicyMap, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
385 | ||||
386 | PKIX_DECREF(issuerDomainOID)do { if (issuerDomainOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(issuerDomainOID), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainOID = ((void*)0); } } while (0); | |||
387 | PKIX_DECREF(subjectDomainOID)do { if (subjectDomainOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(subjectDomainOID), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } subjectDomainOID = ((void*)0); } } while (0); | |||
388 | PKIX_DECREF(certPolicyMap)do { if (certPolicyMap){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyMap), plContext); if (stdVars. aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyMap = ((void*)0); } } while (0); | |||
389 | ||||
390 | policyMaps++; | |||
391 | } while (*policyMaps != NULL((void*)0)); | |||
392 | ||||
393 | PKIX_CHECK(PKIX_List_SetImmutable(maps, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(maps, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0) | |||
394 | PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(maps, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0); | |||
395 | ||||
396 | *pCertPolicyMaps = maps; | |||
397 | maps = NULL((void*)0); | |||
398 | ||||
399 | cleanup: | |||
400 | if (certPolMaps) { | |||
401 | PKIX_CERT_DEBUG | |||
402 | ("\t\tCalling CERT_DestroyPolicyMappingsExtension).\n"); | |||
403 | CERT_DestroyPolicyMappingsExtension(certPolMaps); | |||
404 | } | |||
405 | ||||
406 | PKIX_DECREF(maps)do { if (maps){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(maps), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } maps = ((void*)0); } } while (0); | |||
407 | PKIX_DECREF(issuerDomainOID)do { if (issuerDomainOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(issuerDomainOID), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainOID = ((void*)0); } } while (0); | |||
408 | PKIX_DECREF(subjectDomainOID)do { if (subjectDomainOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(subjectDomainOID), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } subjectDomainOID = ((void*)0); } } while (0); | |||
409 | PKIX_DECREF(certPolicyMap)do { if (certPolicyMap){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyMap), plContext); if (stdVars. aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyMap = ((void*)0); } } while (0); | |||
410 | ||||
411 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
412 | } | |||
413 | ||||
414 | /* | |||
415 | * FUNCTION: pkix_pl_Cert_DecodePolicyConstraints | |||
416 | * DESCRIPTION: | |||
417 | * | |||
418 | * Decodes the contents of the PolicyConstraints extension in the | |||
419 | * CERTCertificate pointed to by "nssCert", to obtain SkipCerts values | |||
420 | * which are stored at the addresses "pExplicitPolicySkipCerts" and | |||
421 | * "pInhibitMappingSkipCerts", respectively. If this certificate does | |||
422 | * not have an PolicyConstraints extension, or if either of the optional | |||
423 | * components is not supplied, this function stores a value of -1 for any | |||
424 | * missing component. | |||
425 | * | |||
426 | * PARAMETERS | |||
427 | * "nssCert" | |||
428 | * Address of the Cert data whose extension is to be examined. Must be | |||
429 | * non-NULL. | |||
430 | * "pExplicitPolicySkipCerts" | |||
431 | * Address where the SkipCert value for the requireExplicitPolicy | |||
432 | * component will be stored. Must be non-NULL. | |||
433 | * "pInhibitMappingSkipCerts" | |||
434 | * Address where the SkipCert value for the inhibitPolicyMapping | |||
435 | * component will be stored. Must be non-NULL. | |||
436 | * "plContext" | |||
437 | * Platform-specific context pointer. | |||
438 | * THREAD SAFETY: | |||
439 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
440 | * RETURNS: | |||
441 | * Returns NULL if the function succeeds. | |||
442 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
443 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
444 | */ | |||
445 | static PKIX_Error * | |||
446 | pkix_pl_Cert_DecodePolicyConstraints( | |||
447 | CERTCertificate *nssCert, | |||
448 | PKIX_Int32 *pExplicitPolicySkipCerts, | |||
449 | PKIX_Int32 *pInhibitMappingSkipCerts, | |||
450 | void *plContext) | |||
451 | { | |||
452 | CERTCertificatePolicyConstraints policyConstraints; | |||
453 | SECStatus rv; | |||
454 | SECItem encodedCertPolicyConstraints; | |||
455 | PKIX_Int32 explicitPolicySkipCerts = -1; | |||
456 | PKIX_Int32 inhibitMappingSkipCerts = -1; | |||
457 | ||||
458 | PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyConstraints")static const char cMyFuncName[] = {"pkix_pl_Cert_DecodePolicyConstraints" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
459 | PKIX_NULLCHECK_THREEdo { if (((nssCert) == ((void*)0)) || ((pExplicitPolicySkipCerts ) == ((void*)0)) || ((pInhibitMappingSkipCerts) == ((void*)0) )){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0) | |||
460 | (nssCert, pExplicitPolicySkipCerts, pInhibitMappingSkipCerts)do { if (((nssCert) == ((void*)0)) || ((pExplicitPolicySkipCerts ) == ((void*)0)) || ((pInhibitMappingSkipCerts) == ((void*)0) )){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
461 | ||||
462 | /* get the two skipCert values as SECItems */ | |||
463 | PKIX_CERT_DEBUG("\t\tCalling CERT_FindCertExtension).\n"); | |||
464 | rv = CERT_FindCertExtension | |||
465 | (nssCert, | |||
466 | SEC_OID_X509_POLICY_CONSTRAINTS, | |||
467 | &encodedCertPolicyConstraints); | |||
468 | ||||
469 | if (rv == SECSuccess) { | |||
470 | ||||
471 | policyConstraints.explicitPolicySkipCerts.data = | |||
472 | (unsigned char *)&explicitPolicySkipCerts; | |||
473 | policyConstraints.inhibitMappingSkipCerts.data = | |||
474 | (unsigned char *)&inhibitMappingSkipCerts; | |||
475 | ||||
476 | /* translate DER to CERTCertificatePolicyConstraints */ | |||
477 | rv = CERT_DecodePolicyConstraintsExtension | |||
478 | (&policyConstraints, &encodedCertPolicyConstraints); | |||
479 | ||||
480 | PORT_FreePORT_Free_Util(encodedCertPolicyConstraints.data); | |||
481 | ||||
482 | if (rv != SECSuccess) { | |||
483 | PKIX_ERROR{ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED, ((void*)0) , stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED ; goto cleanup; } | |||
484 | (PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED, ((void*)0) , stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED ; goto cleanup; }; | |||
485 | } | |||
486 | } | |||
487 | ||||
488 | *pExplicitPolicySkipCerts = explicitPolicySkipCerts; | |||
489 | *pInhibitMappingSkipCerts = inhibitMappingSkipCerts; | |||
490 | ||||
491 | cleanup: | |||
492 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
493 | } | |||
494 | ||||
495 | /* | |||
496 | * FUNCTION: pkix_pl_Cert_DecodeInhibitAnyPolicy | |||
497 | * DESCRIPTION: | |||
498 | * | |||
499 | * Decodes the contents of the InhibitAnyPolicy extension in the | |||
500 | * CERTCertificate pointed to by "nssCert", to obtain a SkipCerts value, | |||
501 | * which is stored at the address "pSkipCerts". If this certificate does | |||
502 | * not have an InhibitAnyPolicy extension, -1 will be stored. | |||
503 | * | |||
504 | * PARAMETERS | |||
505 | * "nssCert" | |||
506 | * Address of the Cert data whose InhibitAnyPolicy extension is to be | |||
507 | * processed. Must be non-NULL. | |||
508 | * "pSkipCerts" | |||
509 | * Address where the SkipCert value from the InhibitAnyPolicy extension | |||
510 | * will be stored. Must be non-NULL. | |||
511 | * "plContext" | |||
512 | * Platform-specific context pointer. | |||
513 | * THREAD SAFETY: | |||
514 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
515 | * RETURNS: | |||
516 | * Returns NULL if the function succeeds. | |||
517 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
518 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
519 | */ | |||
520 | PKIX_Error * | |||
521 | pkix_pl_Cert_DecodeInhibitAnyPolicy( | |||
522 | CERTCertificate *nssCert, | |||
523 | PKIX_Int32 *pSkipCerts, | |||
524 | void *plContext) | |||
525 | { | |||
526 | CERTCertificateInhibitAny inhibitAny; | |||
527 | SECStatus rv; | |||
528 | SECItem encodedCertInhibitAny; | |||
529 | PKIX_Int32 skipCerts = -1; | |||
530 | ||||
531 | PKIX_ENTER(CERT, "pkix_pl_Cert_DecodeInhibitAnyPolicy")static const char cMyFuncName[] = {"pkix_pl_Cert_DecodeInhibitAnyPolicy" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
532 | PKIX_NULLCHECK_TWO(nssCert, pSkipCerts)do { if (((nssCert) == ((void*)0)) || ((pSkipCerts) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
533 | ||||
534 | /* get InhibitAny as a SECItem */ | |||
535 | PKIX_CERT_DEBUG("\t\tCalling CERT_FindCertExtension).\n"); | |||
536 | rv = CERT_FindCertExtension | |||
537 | (nssCert, SEC_OID_X509_INHIBIT_ANY_POLICY, &encodedCertInhibitAny); | |||
538 | ||||
539 | if (rv == SECSuccess) { | |||
540 | inhibitAny.inhibitAnySkipCerts.data = | |||
541 | (unsigned char *)&skipCerts; | |||
542 | ||||
543 | /* translate DER to CERTCertificateInhibitAny */ | |||
544 | rv = CERT_DecodeInhibitAnyExtension | |||
545 | (&inhibitAny, &encodedCertInhibitAny); | |||
546 | ||||
547 | PORT_FreePORT_Free_Util(encodedCertInhibitAny.data); | |||
548 | ||||
549 | if (rv != SECSuccess) { | |||
550 | PKIX_ERROR(PKIX_CERTDECODEINHIBITANYEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTDECODEINHIBITANYEXTENSIONFAILED, ((void*)0), stdVars .aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEINHIBITANYEXTENSIONFAILED ; goto cleanup; }; | |||
551 | } | |||
552 | } | |||
553 | ||||
554 | *pSkipCerts = skipCerts; | |||
555 | ||||
556 | cleanup: | |||
557 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
558 | } | |||
559 | ||||
560 | /* | |||
561 | * FUNCTION: pkix_pl_Cert_GetNssSubjectAltNames | |||
562 | * DESCRIPTION: | |||
563 | * | |||
564 | * Retrieves the Subject Alternative Names of the certificate specified by | |||
565 | * "cert" and stores it at "pNssSubjAltNames". If the Subject Alternative | |||
566 | * Name extension is not present, NULL is returned at "pNssSubjAltNames". | |||
567 | * If the Subject Alternative Names has not been previously decoded, it is | |||
568 | * decoded here with lock on the "cert" unless the flag "hasLock" indicates | |||
569 | * the lock had been obtained at a higher call level. | |||
570 | * | |||
571 | * PARAMETERS | |||
572 | * "cert" | |||
573 | * Address of the certificate whose Subject Alternative Names extensions | |||
574 | * is retrieved. Must be non-NULL. | |||
575 | * "hasLock" | |||
576 | * Boolean indicates caller has acquired a lock. | |||
577 | * Must be non-NULL. | |||
578 | * "pNssSubjAltNames" | |||
579 | * Address where the returned Subject Alternative Names will be stored. | |||
580 | * Must be non-NULL. | |||
581 | * "plContext" | |||
582 | * Platform-specific context pointer. | |||
583 | * THREAD SAFETY: | |||
584 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
585 | * RETURNS: | |||
586 | * Returns NULL if the function succeeds. | |||
587 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
588 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
589 | */ | |||
590 | static PKIX_Error * | |||
591 | pkix_pl_Cert_GetNssSubjectAltNames( | |||
592 | PKIX_PL_Cert *cert, | |||
593 | PKIX_Boolean hasLock, | |||
594 | CERTGeneralName **pNssSubjAltNames, | |||
595 | void *plContext) | |||
596 | { | |||
597 | CERTCertificate *nssCert = NULL((void*)0); | |||
598 | CERTGeneralName *nssOriginalAltName = NULL((void*)0); | |||
599 | PLArenaPool *arena = NULL((void*)0); | |||
600 | SECItem altNameExtension = {siBuffer, NULL((void*)0), 0}; | |||
601 | SECStatus rv = SECFailure; | |||
602 | ||||
603 | PKIX_ENTER(CERT, "pkix_pl_Cert_GetNssSubjectAltNames")static const char cMyFuncName[] = {"pkix_pl_Cert_GetNssSubjectAltNames" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
604 | PKIX_NULLCHECK_THREE(cert, pNssSubjAltNames, cert->nssCert)do { if (((cert) == ((void*)0)) || ((pNssSubjAltNames) == ((void *)0)) || ((cert->nssCert) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
605 | ||||
606 | nssCert = cert->nssCert; | |||
607 | ||||
608 | if ((cert->nssSubjAltNames == NULL((void*)0)) && (!cert->subjAltNamesAbsent)){ | |||
609 | ||||
610 | if (!hasLock) { | |||
611 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
612 | } | |||
613 | ||||
614 | if ((cert->nssSubjAltNames == NULL((void*)0)) && | |||
615 | (!cert->subjAltNamesAbsent)){ | |||
616 | ||||
617 | PKIX_PL_NSSCALLRV(CERT, rv, CERT_FindCertExtension,; rv = (CERT_FindCertExtension (nssCert, SEC_OID_X509_SUBJECT_ALT_NAME , &altNameExtension)) | |||
618 | (nssCert,; rv = (CERT_FindCertExtension (nssCert, SEC_OID_X509_SUBJECT_ALT_NAME , &altNameExtension)) | |||
619 | SEC_OID_X509_SUBJECT_ALT_NAME,; rv = (CERT_FindCertExtension (nssCert, SEC_OID_X509_SUBJECT_ALT_NAME , &altNameExtension)) | |||
620 | &altNameExtension)); rv = (CERT_FindCertExtension (nssCert, SEC_OID_X509_SUBJECT_ALT_NAME , &altNameExtension)); | |||
621 | ||||
622 | if (rv != SECSuccess) { | |||
623 | *pNssSubjAltNames = NULL((void*)0); | |||
624 | cert->subjAltNamesAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
625 | goto cleanup; | |||
626 | } | |||
627 | ||||
628 | if (cert->arenaNameConstraints == NULL((void*)0)) { | |||
629 | PKIX_PL_NSSCALLRV(CERT, arena, PORT_NewArena,; arena = (PORT_NewArena_Util ((2048))) | |||
630 | (DER_DEFAULT_CHUNKSIZE)); arena = (PORT_NewArena_Util ((2048))); | |||
631 | ||||
632 | if (arena == NULL((void*)0)) { | |||
633 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
634 | } | |||
635 | cert->arenaNameConstraints = arena; | |||
636 | } | |||
637 | ||||
638 | PKIX_PL_NSSCALLRV; nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension (cert->arenaNameConstraints, &altNameExtension)) | |||
639 | (CERT,; nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension (cert->arenaNameConstraints, &altNameExtension)) | |||
640 | nssOriginalAltName,; nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension (cert->arenaNameConstraints, &altNameExtension)) | |||
641 | (CERTGeneralName *) CERT_DecodeAltNameExtension,; nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension (cert->arenaNameConstraints, &altNameExtension)) | |||
642 | (cert->arenaNameConstraints, &altNameExtension)); nssOriginalAltName = ((CERTGeneralName *) CERT_DecodeAltNameExtension (cert->arenaNameConstraints, &altNameExtension)); | |||
643 | ||||
644 | PKIX_PL_NSSCALL(CERT, PORT_Free, (altNameExtension.data)); (PORT_Free_Util (altNameExtension.data)); | |||
645 | ||||
646 | if (nssOriginalAltName == NULL((void*)0)) { | |||
647 | PKIX_ERROR(PKIX_CERTDECODEALTNAMEEXTENSIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTDECODEALTNAMEEXTENSIONFAILED, ((void*)0), stdVars. aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (( PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEALTNAMEEXTENSIONFAILED ; goto cleanup; }; | |||
648 | } | |||
649 | cert->nssSubjAltNames = nssOriginalAltName; | |||
650 | ||||
651 | } | |||
652 | ||||
653 | if (!hasLock) { | |||
654 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,654)); } } while (0); | |||
655 | } | |||
656 | } | |||
657 | ||||
658 | *pNssSubjAltNames = cert->nssSubjAltNames; | |||
659 | ||||
660 | cleanup: | |||
661 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",661)); } } while (0); | |||
662 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
663 | } | |||
664 | ||||
665 | /* | |||
666 | * FUNCTION: pkix_pl_Cert_CheckExtendKeyUsage | |||
667 | * DESCRIPTION: | |||
668 | * | |||
669 | * For each of the ON bit in "requiredExtendedKeyUsages" that represents its | |||
670 | * SECCertUsageEnum type, this function checks "cert"'s certType (extended | |||
671 | * key usage) and key usage with what is required for SECCertUsageEnum type. | |||
672 | * | |||
673 | * PARAMETERS | |||
674 | * "cert" | |||
675 | * Address of the certificate whose Extended Key Usage extensions | |||
676 | * is retrieved. Must be non-NULL. | |||
677 | * "requiredExtendedKeyUsages" | |||
678 | * An unsigned integer, its bit location is ON based on the required key | |||
679 | * usage value representing in SECCertUsageEnum. | |||
680 | * "pPass" | |||
681 | * Address where the return value, indicating key usage check passed, is | |||
682 | * stored. Must be non-NULL. | |||
683 | * "plContext" | |||
684 | * Platform-specific context pointer. | |||
685 | * THREAD SAFETY: | |||
686 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
687 | * RETURNS: | |||
688 | * Returns NULL if the function succeeds. | |||
689 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
690 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
691 | */ | |||
692 | PKIX_Error * | |||
693 | pkix_pl_Cert_CheckExtendedKeyUsage( | |||
694 | PKIX_PL_Cert *cert, | |||
695 | PKIX_UInt32 requiredExtendedKeyUsages, | |||
696 | PKIX_Boolean *pPass, | |||
697 | void *plContext) | |||
698 | { | |||
699 | PKIX_PL_CertBasicConstraints *basicConstraints = NULL((void*)0); | |||
700 | PKIX_UInt32 certType = 0; | |||
701 | PKIX_UInt32 requiredKeyUsage = 0; | |||
702 | PKIX_UInt32 requiredCertType = 0; | |||
703 | PKIX_UInt32 requiredExtendedKeyUsage = 0; | |||
704 | PKIX_UInt32 i; | |||
705 | PKIX_Boolean isCA = PKIX_FALSE((PKIX_Boolean) 0); | |||
706 | SECStatus rv = SECFailure; | |||
707 | ||||
708 | PKIX_ENTER(CERT, "pkix_pl_Cert_CheckExtendKeyUsage")static const char cMyFuncName[] = {"pkix_pl_Cert_CheckExtendKeyUsage" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
| ||||
709 | PKIX_NULLCHECK_THREE(cert, pPass, cert->nssCert)do { if (((cert) == ((void*)0)) || ((pPass) == ((void*)0)) || ((cert->nssCert) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
710 | ||||
711 | *pPass = PKIX_FALSE((PKIX_Boolean) 0); | |||
712 | ||||
713 | PKIX_CERT_DEBUG("\t\tCalling cert_GetCertType).\n"); | |||
714 | cert_GetCertType(cert->nssCert); | |||
715 | certType = cert->nssCert->nsCertType; | |||
716 | ||||
717 | PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraintsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints (cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED; goto cleanup; } } while (0) | |||
718 | (cert,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints (cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED; goto cleanup; } } while (0) | |||
719 | &basicConstraints,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints (cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED; goto cleanup; } } while (0) | |||
720 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints (cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED; goto cleanup; } } while (0) | |||
721 | PKIX_CERTGETBASICCONSTRAINTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints (cert, &basicConstraints, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTFAILED; goto cleanup; } } while (0); | |||
722 | ||||
723 | if (basicConstraints != NULL((void*)0)) { | |||
724 | PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlagdo { stdVars.aPkixErrorResult = (PKIX_PL_BasicConstraints_GetCAFlag (basicConstraints, &isCA, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSGETCAFLAGFAILED ; goto cleanup; } } while (0) | |||
725 | (basicConstraints, &isCA, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_BasicConstraints_GetCAFlag (basicConstraints, &isCA, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSGETCAFLAGFAILED ; goto cleanup; } } while (0) | |||
726 | PKIX_BASICCONSTRAINTSGETCAFLAGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_BasicConstraints_GetCAFlag (basicConstraints, &isCA, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSGETCAFLAGFAILED ; goto cleanup; } } while (0); | |||
727 | } | |||
728 | ||||
729 | i = 0; | |||
730 | while (requiredExtendedKeyUsages != 0) { | |||
731 | ||||
732 | /* Find the bit location of the right-most non-zero bit */ | |||
733 | while (requiredExtendedKeyUsages != 0) { | |||
734 | if (((1 << i) & requiredExtendedKeyUsages) != 0) { | |||
735 | requiredExtendedKeyUsage = 1 << i; | |||
736 | break; | |||
737 | } | |||
738 | i++; | |||
739 | } | |||
740 | requiredExtendedKeyUsages ^= requiredExtendedKeyUsage; | |||
741 | ||||
742 | requiredExtendedKeyUsage = i; | |||
743 | ||||
744 | PKIX_PL_NSSCALLRV(CERT, rv, CERT_KeyUsageAndTypeForCertUsage,; rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage , isCA, &requiredKeyUsage, &requiredCertType)) | |||
745 | (requiredExtendedKeyUsage,; rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage , isCA, &requiredKeyUsage, &requiredCertType)) | |||
746 | isCA,; rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage , isCA, &requiredKeyUsage, &requiredCertType)) | |||
747 | &requiredKeyUsage,; rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage , isCA, &requiredKeyUsage, &requiredCertType)) | |||
748 | &requiredCertType)); rv = (CERT_KeyUsageAndTypeForCertUsage (requiredExtendedKeyUsage , isCA, &requiredKeyUsage, &requiredCertType)); | |||
749 | ||||
750 | if (!(certType & requiredCertType)) { | |||
751 | goto cleanup; | |||
752 | } | |||
753 | ||||
754 | PKIX_PL_NSSCALLRV(CERT, rv, CERT_CheckKeyUsage,; rv = (CERT_CheckKeyUsage (cert->nssCert, requiredKeyUsage )) | |||
755 | (cert->nssCert, requiredKeyUsage)); rv = (CERT_CheckKeyUsage (cert->nssCert, requiredKeyUsage )); | |||
756 | if (rv != SECSuccess) { | |||
757 | goto cleanup; | |||
758 | } | |||
759 | i++; | |||
760 | ||||
761 | } | |||
762 | ||||
763 | *pPass = PKIX_TRUE((PKIX_Boolean) 1); | |||
764 | ||||
765 | cleanup: | |||
766 | PKIX_DECREF(basicConstraints)do { if (basicConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(basicConstraints), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } basicConstraints = ((void*)0); } } while (0); | |||
767 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
768 | } | |||
769 | ||||
770 | /* | |||
771 | * FUNCTION: pkix_pl_Cert_ToString_Helper | |||
772 | * DESCRIPTION: | |||
773 | * | |||
774 | * Helper function that creates a string representation of the Cert pointed | |||
775 | * to by "cert" and stores it at "pString", where the value of | |||
776 | * "partialString" determines whether a full or partial representation of | |||
777 | * the Cert is stored. | |||
778 | * | |||
779 | * PARAMETERS | |||
780 | * "cert" | |||
781 | * Address of Cert whose string representation is desired. | |||
782 | * Must be non-NULL. | |||
783 | * "partialString" | |||
784 | * Boolean indicating whether a partial Cert representation is desired. | |||
785 | * "pString" | |||
786 | * Address where object pointer will be stored. Must be non-NULL. | |||
787 | * "plContext" | |||
788 | * Platform-specific context pointer. | |||
789 | * THREAD SAFETY: | |||
790 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
791 | * RETURNS: | |||
792 | * Returns NULL if the function succeeds. | |||
793 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
794 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
795 | */ | |||
796 | PKIX_Error * | |||
797 | pkix_pl_Cert_ToString_Helper( | |||
798 | PKIX_PL_Cert *cert, | |||
799 | PKIX_Boolean partialString, | |||
800 | PKIX_PL_String **pString, | |||
801 | void *plContext) | |||
802 | { | |||
803 | PKIX_PL_String *certString = NULL((void*)0); | |||
804 | char *asciiFormat = NULL((void*)0); | |||
805 | PKIX_PL_String *formatString = NULL((void*)0); | |||
806 | PKIX_UInt32 certVersion; | |||
807 | PKIX_PL_BigInt *certSN = NULL((void*)0); | |||
808 | PKIX_PL_String *certSNString = NULL((void*)0); | |||
809 | PKIX_PL_X500Name *certIssuer = NULL((void*)0); | |||
810 | PKIX_PL_String *certIssuerString = NULL((void*)0); | |||
811 | PKIX_PL_X500Name *certSubject = NULL((void*)0); | |||
812 | PKIX_PL_String *certSubjectString = NULL((void*)0); | |||
813 | PKIX_PL_String *notBeforeString = NULL((void*)0); | |||
814 | PKIX_PL_String *notAfterString = NULL((void*)0); | |||
815 | PKIX_List *subjAltNames = NULL((void*)0); | |||
816 | PKIX_PL_String *subjAltNamesString = NULL((void*)0); | |||
817 | PKIX_PL_ByteArray *authKeyId = NULL((void*)0); | |||
818 | PKIX_PL_String *authKeyIdString = NULL((void*)0); | |||
819 | PKIX_PL_ByteArray *subjKeyId = NULL((void*)0); | |||
820 | PKIX_PL_String *subjKeyIdString = NULL((void*)0); | |||
821 | PKIX_PL_PublicKey *nssPubKey = NULL((void*)0); | |||
822 | PKIX_PL_String *nssPubKeyString = NULL((void*)0); | |||
823 | PKIX_List *critExtOIDs = NULL((void*)0); | |||
824 | PKIX_PL_String *critExtOIDsString = NULL((void*)0); | |||
825 | PKIX_List *extKeyUsages = NULL((void*)0); | |||
826 | PKIX_PL_String *extKeyUsagesString = NULL((void*)0); | |||
827 | PKIX_PL_CertBasicConstraints *basicConstraint = NULL((void*)0); | |||
828 | PKIX_PL_String *certBasicConstraintsString = NULL((void*)0); | |||
829 | PKIX_List *policyInfo = NULL((void*)0); | |||
830 | PKIX_PL_String *certPolicyInfoString = NULL((void*)0); | |||
831 | PKIX_List *certPolicyMappings = NULL((void*)0); | |||
832 | PKIX_PL_String *certPolicyMappingsString = NULL((void*)0); | |||
833 | PKIX_Int32 certExplicitPolicy = 0; | |||
834 | PKIX_Int32 certInhibitMapping = 0; | |||
835 | PKIX_Int32 certInhibitAnyPolicy = 0; | |||
836 | PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0); | |||
837 | PKIX_PL_String *nameConstraintsString = NULL((void*)0); | |||
838 | PKIX_List *authorityInfoAccess = NULL((void*)0); | |||
839 | PKIX_PL_String *authorityInfoAccessString = NULL((void*)0); | |||
840 | PKIX_List *subjectInfoAccess = NULL((void*)0); | |||
841 | PKIX_PL_String *subjectInfoAccessString = NULL((void*)0); | |||
842 | ||||
843 | PKIX_ENTER(CERT, "pkix_pl_Cert_ToString_Helper")static const char cMyFuncName[] = {"pkix_pl_Cert_ToString_Helper" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
844 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pString)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pString) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
845 | ||||
846 | /* | |||
847 | * XXX Add to this format as certificate components are developed. | |||
848 | */ | |||
849 | ||||
850 | if (partialString){ | |||
851 | asciiFormat = | |||
852 | "\t[Issuer: %s\n" | |||
853 | "\t Subject: %s]"; | |||
854 | } else { | |||
855 | asciiFormat = | |||
856 | "[\n" | |||
857 | "\tVersion: v%d\n" | |||
858 | "\tSerialNumber: %s\n" | |||
859 | "\tIssuer: %s\n" | |||
860 | "\tSubject: %s\n" | |||
861 | "\tValidity: [From: %s\n" | |||
862 | "\t To: %s]\n" | |||
863 | "\tSubjectAltNames: %s\n" | |||
864 | "\tAuthorityKeyId: %s\n" | |||
865 | "\tSubjectKeyId: %s\n" | |||
866 | "\tSubjPubKeyAlgId: %s\n" | |||
867 | "\tCritExtOIDs: %s\n" | |||
868 | "\tExtKeyUsages: %s\n" | |||
869 | "\tBasicConstraint: %s\n" | |||
870 | "\tCertPolicyInfo: %s\n" | |||
871 | "\tPolicyMappings: %s\n" | |||
872 | "\tExplicitPolicy: %d\n" | |||
873 | "\tInhibitMapping: %d\n" | |||
874 | "\tInhibitAnyPolicy:%d\n" | |||
875 | "\tNameConstraints: %s\n" | |||
876 | "\tAuthorityInfoAccess: %s\n" | |||
877 | "\tSubjectInfoAccess: %s\n" | |||
878 | "\tCacheFlag: %d\n" | |||
879 | "]\n"; | |||
880 | } | |||
881 | ||||
882 | ||||
883 | ||||
884 | PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat , 0, &formatString, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup ; } } while (0) | |||
885 | (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat , 0, &formatString, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup ; } } while (0) | |||
886 | PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat , 0, &formatString, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup ; } } while (0); | |||
887 | ||||
888 | /* Issuer */ | |||
889 | PKIX_CHECK(PKIX_PL_Cert_GetIssuerdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (cert , &certIssuer, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup ; } } while (0) | |||
890 | (cert, &certIssuer, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (cert , &certIssuer, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup ; } } while (0) | |||
891 | PKIX_CERTGETISSUERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (cert , &certIssuer, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup ; } } while (0); | |||
892 | ||||
893 | PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certIssuer, &certIssuerString, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMETOSTRINGFAILED ; goto cleanup; } } while (0) | |||
894 | ((PKIX_PL_Object *)certIssuer, &certIssuerString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certIssuer, &certIssuerString, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMETOSTRINGFAILED ; goto cleanup; } } while (0) | |||
895 | PKIX_X500NAMETOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certIssuer, &certIssuerString, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMETOSTRINGFAILED ; goto cleanup; } } while (0); | |||
896 | ||||
897 | /* Subject */ | |||
898 | PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &certSubject, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject(cert , &certSubject, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup ; } } while (0) | |||
899 | PKIX_CERTGETSUBJECTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject(cert , &certSubject, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup ; } } while (0); | |||
900 | ||||
901 | PKIX_TOSTRING(certSubject, &certSubjectString, plContext,do { int descNum; if ((certSubject) != ((void*)0)) { stdVars. aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *) (certSubject), (&certSubjectString), (plContext)); descNum = (PKIX_X500NAMETOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&certSubjectString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
902 | PKIX_X500NAMETOSTRINGFAILED)do { int descNum; if ((certSubject) != ((void*)0)) { stdVars. aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *) (certSubject), (&certSubjectString), (plContext)); descNum = (PKIX_X500NAMETOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&certSubjectString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
903 | ||||
904 | if (partialString){ | |||
905 | PKIX_CHECK(PKIX_PL_Sprintfdo { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certIssuerString, certSubjectString )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
906 | (&certString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certIssuerString, certSubjectString )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
907 | plContext,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certIssuerString, certSubjectString )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
908 | formatString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certIssuerString, certSubjectString )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
909 | certIssuerString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certIssuerString, certSubjectString )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
910 | certSubjectString),do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certIssuerString, certSubjectString )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
911 | PKIX_SPRINTFFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certIssuerString, certSubjectString )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0); | |||
912 | ||||
913 | *pString = certString; | |||
914 | goto cleanup; | |||
915 | } | |||
916 | ||||
917 | /* Version */ | |||
918 | PKIX_CHECK(PKIX_PL_Cert_GetVersion(cert, &certVersion, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetVersion(cert , &certVersion, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETVERSIONFAILED; goto cleanup ; } } while (0) | |||
919 | PKIX_CERTGETVERSIONFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetVersion(cert , &certVersion, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETVERSIONFAILED; goto cleanup ; } } while (0); | |||
920 | ||||
921 | /* SerialNumber */ | |||
922 | PKIX_CHECK(PKIX_PL_Cert_GetSerialNumber(cert, &certSN, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSerialNumber (cert, &certSN, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSERIALNUMBERFAILED; goto cleanup; } } while (0) | |||
923 | PKIX_CERTGETSERIALNUMBERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSerialNumber (cert, &certSN, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSERIALNUMBERFAILED; goto cleanup; } } while (0); | |||
924 | ||||
925 | PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certSN, &certSNString, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BIGINTTOSTRINGFAILED; goto cleanup ; } } while (0) | |||
926 | ((PKIX_PL_Object *)certSN, &certSNString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certSN, &certSNString, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BIGINTTOSTRINGFAILED; goto cleanup ; } } while (0) | |||
927 | PKIX_BIGINTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certSN, &certSNString, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BIGINTTOSTRINGFAILED; goto cleanup ; } } while (0); | |||
928 | ||||
929 | /* Validity: NotBefore */ | |||
930 | PKIX_CHECK(pkix_pl_Date_ToString_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notBefore), ¬BeforeString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0) | |||
931 | (&(cert->nssCert->validity.notBefore),do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notBefore), ¬BeforeString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0) | |||
932 | ¬BeforeString,do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notBefore), ¬BeforeString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0) | |||
933 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notBefore), ¬BeforeString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0) | |||
934 | PKIX_DATETOSTRINGHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notBefore), ¬BeforeString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0); | |||
935 | ||||
936 | /* Validity: NotAfter */ | |||
937 | PKIX_CHECK(pkix_pl_Date_ToString_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notAfter), ¬AfterString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0) | |||
938 | (&(cert->nssCert->validity.notAfter),do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notAfter), ¬AfterString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0) | |||
939 | ¬AfterString,do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notAfter), ¬AfterString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0) | |||
940 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notAfter), ¬AfterString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0) | |||
941 | PKIX_DATETOSTRINGHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Date_ToString_Helper (&(cert->nssCert->validity.notAfter), ¬AfterString , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_DATETOSTRINGHELPERFAILED; goto cleanup; } } while (0); | |||
942 | ||||
943 | /* SubjectAltNames */ | |||
944 | PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNamesdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectAltNames (cert, &subjAltNames, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
945 | (cert, &subjAltNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectAltNames (cert, &subjAltNames, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
946 | PKIX_CERTGETSUBJECTALTNAMESFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectAltNames (cert, &subjAltNames, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTALTNAMESFAILED; goto cleanup; } } while (0); | |||
947 | ||||
948 | PKIX_TOSTRING(subjAltNames, &subjAltNamesString, plContext,do { int descNum; if ((subjAltNames) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(subjAltNames), (&subjAltNamesString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&subjAltNamesString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
949 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((subjAltNames) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(subjAltNames), (&subjAltNamesString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&subjAltNamesString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
950 | ||||
951 | /* AuthorityKeyIdentifier */ | |||
952 | PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifierdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier (cert, &authKeyId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED ; goto cleanup; } } while (0) | |||
953 | (cert, &authKeyId, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier (cert, &authKeyId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED ; goto cleanup; } } while (0) | |||
954 | PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier (cert, &authKeyId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED ; goto cleanup; } } while (0); | |||
955 | ||||
956 | PKIX_TOSTRING(authKeyId, &authKeyIdString, plContext,do { int descNum; if ((authKeyId) != ((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)(authKeyId), (& authKeyIdString), (plContext)); descNum = (PKIX_BYTEARRAYTOSTRINGFAILED ); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create( 0, "(null)", 0, (&authKeyIdString), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = descNum; goto cleanup; } } while (0); } while (0) | |||
957 | PKIX_BYTEARRAYTOSTRINGFAILED)do { int descNum; if ((authKeyId) != ((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)(authKeyId), (& authKeyIdString), (plContext)); descNum = (PKIX_BYTEARRAYTOSTRINGFAILED ); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create( 0, "(null)", 0, (&authKeyIdString), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = descNum; goto cleanup; } } while (0); } while (0); | |||
958 | ||||
959 | /* SubjectKeyIdentifier */ | |||
960 | PKIX_CHECK(PKIX_PL_Cert_GetSubjectKeyIdentifierdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectKeyIdentifier (cert, &subjKeyId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED ; goto cleanup; } } while (0) | |||
961 | (cert, &subjKeyId, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectKeyIdentifier (cert, &subjKeyId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED ; goto cleanup; } } while (0) | |||
962 | PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectKeyIdentifier (cert, &subjKeyId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED ; goto cleanup; } } while (0); | |||
963 | ||||
964 | PKIX_TOSTRING(subjKeyId, &subjKeyIdString, plContext,do { int descNum; if ((subjKeyId) != ((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)(subjKeyId), (& subjKeyIdString), (plContext)); descNum = (PKIX_BYTEARRAYTOSTRINGFAILED ); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create( 0, "(null)", 0, (&subjKeyIdString), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = descNum; goto cleanup; } } while (0); } while (0) | |||
965 | PKIX_BYTEARRAYTOSTRINGFAILED)do { int descNum; if ((subjKeyId) != ((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)(subjKeyId), (& subjKeyIdString), (plContext)); descNum = (PKIX_BYTEARRAYTOSTRINGFAILED ); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create( 0, "(null)", 0, (&subjKeyIdString), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = descNum; goto cleanup; } } while (0); } while (0); | |||
966 | ||||
967 | /* SubjectPublicKey */ | |||
968 | PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey (cert, &nssPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED ; goto cleanup; } } while (0) | |||
969 | (cert, &nssPubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey (cert, &nssPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED ; goto cleanup; } } while (0) | |||
970 | PKIX_CERTGETSUBJECTPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey (cert, &nssPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED ; goto cleanup; } } while (0); | |||
971 | ||||
972 | PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)nssPubKey, &nssPubKeyString, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYTOSTRINGFAILED ; goto cleanup; } } while (0) | |||
973 | ((PKIX_PL_Object *)nssPubKey, &nssPubKeyString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)nssPubKey, &nssPubKeyString, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYTOSTRINGFAILED ; goto cleanup; } } while (0) | |||
974 | PKIX_PUBLICKEYTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object *)nssPubKey, &nssPubKeyString, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYTOSTRINGFAILED ; goto cleanup; } } while (0); | |||
975 | ||||
976 | /* CriticalExtensionOIDs */ | |||
977 | PKIX_CHECK(PKIX_PL_Cert_GetCriticalExtensionOIDsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs (cert, &critExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0) | |||
978 | (cert, &critExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs (cert, &critExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0) | |||
979 | PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs (cert, &critExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0); | |||
980 | ||||
981 | PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,do { int descNum; if ((critExtOIDs) != ((void*)0)) { stdVars. aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *) (critExtOIDs), (&critExtOIDsString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&critExtOIDsString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
982 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((critExtOIDs) != ((void*)0)) { stdVars. aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *) (critExtOIDs), (&critExtOIDsString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&critExtOIDsString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
983 | ||||
984 | /* ExtendedKeyUsages */ | |||
985 | PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsagedo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetExtendedKeyUsage (cert, &extKeyUsages, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETEXTENDEDKEYUSAGEFAILED ; goto cleanup; } } while (0) | |||
986 | (cert, &extKeyUsages, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetExtendedKeyUsage (cert, &extKeyUsages, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETEXTENDEDKEYUSAGEFAILED ; goto cleanup; } } while (0) | |||
987 | PKIX_CERTGETEXTENDEDKEYUSAGEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetExtendedKeyUsage (cert, &extKeyUsages, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETEXTENDEDKEYUSAGEFAILED ; goto cleanup; } } while (0); | |||
988 | ||||
989 | PKIX_TOSTRING(extKeyUsages, &extKeyUsagesString, plContext,do { int descNum; if ((extKeyUsages) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(extKeyUsages), (&extKeyUsagesString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&extKeyUsagesString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
990 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((extKeyUsages) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(extKeyUsages), (&extKeyUsagesString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&extKeyUsagesString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
991 | ||||
992 | /* CertBasicConstraints */ | |||
993 | PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraintsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints (cert, &basicConstraint, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTSFAILED ; goto cleanup; } } while (0) | |||
994 | (cert, &basicConstraint, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints (cert, &basicConstraint, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTSFAILED ; goto cleanup; } } while (0) | |||
995 | PKIX_CERTGETBASICCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetBasicConstraints (cert, &basicConstraint, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETBASICCONSTRAINTSFAILED ; goto cleanup; } } while (0); | |||
996 | ||||
997 | PKIX_TOSTRING(basicConstraint, &certBasicConstraintsString, plContext,do { int descNum; if ((basicConstraint) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(basicConstraint), (&certBasicConstraintsString), (plContext )); descNum = (PKIX_CERTBASICCONSTRAINTSTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)" , 0, (&certBasicConstraintsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = descNum; goto cleanup; } } while (0); } while (0) | |||
998 | PKIX_CERTBASICCONSTRAINTSTOSTRINGFAILED)do { int descNum; if ((basicConstraint) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(basicConstraint), (&certBasicConstraintsString), (plContext )); descNum = (PKIX_CERTBASICCONSTRAINTSTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)" , 0, (&certBasicConstraintsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = descNum; goto cleanup; } } while (0); } while (0); | |||
999 | ||||
1000 | /* CertPolicyInfo */ | |||
1001 | PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformationdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation (cert, &policyInfo, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED ; goto cleanup; } } while (0) | |||
1002 | (cert, &policyInfo, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation (cert, &policyInfo, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED ; goto cleanup; } } while (0) | |||
1003 | PKIX_CERTGETPOLICYINFORMATIONFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation (cert, &policyInfo, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED ; goto cleanup; } } while (0); | |||
1004 | ||||
1005 | PKIX_TOSTRING(policyInfo, &certPolicyInfoString, plContext,do { int descNum; if ((policyInfo) != ((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)(policyInfo), (& certPolicyInfoString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED ); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create( 0, "(null)", 0, (&certPolicyInfoString), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = descNum; goto cleanup; } } while (0); } while (0) | |||
1006 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((policyInfo) != ((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)(policyInfo), (& certPolicyInfoString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED ); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create( 0, "(null)", 0, (&certPolicyInfoString), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = descNum; goto cleanup; } } while (0); } while (0); | |||
1007 | ||||
1008 | /* Advanced Policies */ | |||
1009 | PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings (cert, &certPolicyMappings, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto cleanup; } } while (0) | |||
1010 | (cert, &certPolicyMappings, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings (cert, &certPolicyMappings, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto cleanup; } } while (0) | |||
1011 | PKIX_CERTGETPOLICYMAPPINGSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings (cert, &certPolicyMappings, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto cleanup; } } while (0); | |||
1012 | ||||
1013 | PKIX_TOSTRING(certPolicyMappings, &certPolicyMappingsString, plContext,do { int descNum; if ((certPolicyMappings) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(certPolicyMappings), (&certPolicyMappingsString), (plContext )); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&certPolicyMappingsString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
1014 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((certPolicyMappings) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(certPolicyMappings), (&certPolicyMappingsString), (plContext )); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&certPolicyMappingsString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
1015 | ||||
1016 | PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy (cert, &certExplicitPolicy, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED ; goto cleanup; } } while (0) | |||
1017 | (cert, &certExplicitPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy (cert, &certExplicitPolicy, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED ; goto cleanup; } } while (0) | |||
1018 | PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy (cert, &certExplicitPolicy, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED ; goto cleanup; } } while (0); | |||
1019 | ||||
1020 | PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingInhibiteddo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited (cert, &certInhibitMapping, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED ; goto cleanup; } } while (0) | |||
1021 | (cert, &certInhibitMapping, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited (cert, &certInhibitMapping, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED ; goto cleanup; } } while (0) | |||
1022 | PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited (cert, &certInhibitMapping, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED ; goto cleanup; } } while (0); | |||
1023 | ||||
1024 | PKIX_CHECK(PKIX_PL_Cert_GetInhibitAnyPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy (cert, &certInhibitAnyPolicy, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED ; goto cleanup; } } while (0) | |||
1025 | (cert, &certInhibitAnyPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy (cert, &certInhibitAnyPolicy, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED ; goto cleanup; } } while (0) | |||
1026 | PKIX_CERTGETINHIBITANYPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy (cert, &certInhibitAnyPolicy, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED ; goto cleanup; } } while (0); | |||
1027 | ||||
1028 | /* Name Constraints */ | |||
1029 | PKIX_CHECK(PKIX_PL_Cert_GetNameConstraintsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetNameConstraints (cert, &nameConstraints, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETNAMECONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
1030 | (cert, &nameConstraints, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetNameConstraints (cert, &nameConstraints, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETNAMECONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
1031 | PKIX_CERTGETNAMECONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetNameConstraints (cert, &nameConstraints, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETNAMECONSTRAINTSFAILED; goto cleanup; } } while (0); | |||
1032 | ||||
1033 | PKIX_TOSTRING(nameConstraints, &nameConstraintsString, plContext,do { int descNum; if ((nameConstraints) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(nameConstraints), (&nameConstraintsString), (plContext) ); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&nameConstraintsString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
1034 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((nameConstraints) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(nameConstraints), (&nameConstraintsString), (plContext) ); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&nameConstraintsString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
1035 | ||||
1036 | /* Authority Information Access */ | |||
1037 | PKIX_CHECK(PKIX_PL_Cert_GetAuthorityInfoAccessdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityInfoAccess (cert, &authorityInfoAccess, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYINFOACCESSFAILED ; goto cleanup; } } while (0) | |||
1038 | (cert, &authorityInfoAccess, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityInfoAccess (cert, &authorityInfoAccess, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYINFOACCESSFAILED ; goto cleanup; } } while (0) | |||
1039 | PKIX_CERTGETAUTHORITYINFOACCESSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityInfoAccess (cert, &authorityInfoAccess, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYINFOACCESSFAILED ; goto cleanup; } } while (0); | |||
1040 | ||||
1041 | PKIX_TOSTRING(authorityInfoAccess, &authorityInfoAccessString, plContext,do { int descNum; if ((authorityInfoAccess) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(authorityInfoAccess), (&authorityInfoAccessString), (plContext )); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&authorityInfoAccessString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
1042 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((authorityInfoAccess) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(authorityInfoAccess), (&authorityInfoAccessString), (plContext )); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&authorityInfoAccessString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
1043 | ||||
1044 | /* Subject Information Access */ | |||
1045 | PKIX_CHECK(PKIX_PL_Cert_GetSubjectInfoAccessdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectInfoAccess (cert, &subjectInfoAccess, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTINFOACCESSFAILED ; goto cleanup; } } while (0) | |||
1046 | (cert, &subjectInfoAccess, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectInfoAccess (cert, &subjectInfoAccess, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTINFOACCESSFAILED ; goto cleanup; } } while (0) | |||
1047 | PKIX_CERTGETSUBJECTINFOACCESSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectInfoAccess (cert, &subjectInfoAccess, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTINFOACCESSFAILED ; goto cleanup; } } while (0); | |||
1048 | ||||
1049 | PKIX_TOSTRING(subjectInfoAccess, &subjectInfoAccessString, plContext,do { int descNum; if ((subjectInfoAccess) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(subjectInfoAccess), (&subjectInfoAccessString), (plContext )); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&subjectInfoAccessString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
1050 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((subjectInfoAccess) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(subjectInfoAccess), (&subjectInfoAccessString), (plContext )); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&subjectInfoAccessString ), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars .aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
1051 | ||||
1052 | PKIX_CHECK(PKIX_PL_Sprintfdo { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1053 | (&certString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1054 | plContext,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1055 | formatString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1056 | certVersion + 1,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1057 | certSNString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1058 | certIssuerString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1059 | certSubjectString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1060 | notBeforeString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1061 | notAfterString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1062 | subjAltNamesString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1063 | authKeyIdString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1064 | subjKeyIdString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1065 | nssPubKeyString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1066 | critExtOIDsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1067 | extKeyUsagesString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1068 | certBasicConstraintsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1069 | certPolicyInfoString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1070 | certPolicyMappingsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1071 | certExplicitPolicy, /* an Int32, not a String */do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1072 | certInhibitMapping, /* an Int32, not a String */do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1073 | certInhibitAnyPolicy, /* an Int32, not a String */do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1074 | nameConstraintsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1075 | authorityInfoAccessString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1076 | subjectInfoAccessString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1077 | cert->cacheFlag), /* a boolean */do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0) | |||
1078 | PKIX_SPRINTFFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&certString , plContext, formatString, certVersion + 1, certSNString, certIssuerString , certSubjectString, notBeforeString, notAfterString, subjAltNamesString , authKeyIdString, subjKeyIdString, nssPubKeyString, critExtOIDsString , extKeyUsagesString, certBasicConstraintsString, certPolicyInfoString , certPolicyMappingsString, certExplicitPolicy, certInhibitMapping , certInhibitAnyPolicy, nameConstraintsString, authorityInfoAccessString , subjectInfoAccessString, cert->cacheFlag)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while (0); | |||
1079 | ||||
1080 | *pString = certString; | |||
1081 | ||||
1082 | cleanup: | |||
1083 | PKIX_DECREF(certSN)do { if (certSN){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certSN), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } certSN = ((void*)0 ); } } while (0); | |||
1084 | PKIX_DECREF(certSNString)do { if (certSNString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certSNString), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } certSNString = ((void *)0); } } while (0); | |||
1085 | PKIX_DECREF(certIssuer)do { if (certIssuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certIssuer), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } certIssuer = ((void *)0); } } while (0); | |||
1086 | PKIX_DECREF(certIssuerString)do { if (certIssuerString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certIssuerString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certIssuerString = ((void*)0); } } while (0); | |||
1087 | PKIX_DECREF(certSubject)do { if (certSubject){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certSubject), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } certSubject = ((void *)0); } } while (0); | |||
1088 | PKIX_DECREF(certSubjectString)do { if (certSubjectString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certSubjectString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certSubjectString = ((void*)0); } } while (0); | |||
1089 | PKIX_DECREF(notBeforeString)do { if (notBeforeString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(notBeforeString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } notBeforeString = ((void*)0); } } while (0); | |||
1090 | PKIX_DECREF(notAfterString)do { if (notAfterString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(notAfterString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } notAfterString = ((void*)0); } } while (0); | |||
1091 | PKIX_DECREF(subjAltNames)do { if (subjAltNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(subjAltNames), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } subjAltNames = ((void *)0); } } while (0); | |||
1092 | PKIX_DECREF(subjAltNamesString)do { if (subjAltNamesString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(subjAltNamesString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } subjAltNamesString = ((void*)0); } } while (0); | |||
1093 | PKIX_DECREF(authKeyId)do { if (authKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(authKeyId), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } authKeyId = ((void *)0); } } while (0); | |||
1094 | PKIX_DECREF(authKeyIdString)do { if (authKeyIdString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(authKeyIdString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } authKeyIdString = ((void*)0); } } while (0); | |||
1095 | PKIX_DECREF(subjKeyId)do { if (subjKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(subjKeyId), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } subjKeyId = ((void *)0); } } while (0); | |||
1096 | PKIX_DECREF(subjKeyIdString)do { if (subjKeyIdString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(subjKeyIdString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } subjKeyIdString = ((void*)0); } } while (0); | |||
1097 | PKIX_DECREF(nssPubKey)do { if (nssPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(nssPubKey), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } nssPubKey = ((void *)0); } } while (0); | |||
1098 | PKIX_DECREF(nssPubKeyString)do { if (nssPubKeyString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(nssPubKeyString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } nssPubKeyString = ((void*)0); } } while (0); | |||
1099 | PKIX_DECREF(critExtOIDs)do { if (critExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(critExtOIDs), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } critExtOIDs = ((void *)0); } } while (0); | |||
1100 | PKIX_DECREF(critExtOIDsString)do { if (critExtOIDsString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(critExtOIDsString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } critExtOIDsString = ((void*)0); } } while (0); | |||
1101 | PKIX_DECREF(extKeyUsages)do { if (extKeyUsages){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(extKeyUsages), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } extKeyUsages = ((void *)0); } } while (0); | |||
1102 | PKIX_DECREF(extKeyUsagesString)do { if (extKeyUsagesString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(extKeyUsagesString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } extKeyUsagesString = ((void*)0); } } while (0); | |||
1103 | PKIX_DECREF(basicConstraint)do { if (basicConstraint){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(basicConstraint), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } basicConstraint = ((void*)0); } } while (0); | |||
1104 | PKIX_DECREF(certBasicConstraintsString)do { if (certBasicConstraintsString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certBasicConstraintsString ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } certBasicConstraintsString = ((void*)0); } } while (0); | |||
1105 | PKIX_DECREF(policyInfo)do { if (policyInfo){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(policyInfo), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } policyInfo = ((void *)0); } } while (0); | |||
1106 | PKIX_DECREF(certPolicyInfoString)do { if (certPolicyInfoString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyInfoString), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyInfoString = ((void*)0); } } while (0); | |||
1107 | PKIX_DECREF(certPolicyMappings)do { if (certPolicyMappings){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyMappings), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyMappings = ((void*)0); } } while (0); | |||
1108 | PKIX_DECREF(certPolicyMappingsString)do { if (certPolicyMappingsString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certPolicyMappingsString ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyMappingsString = ((void*)0); } } while (0); | |||
1109 | PKIX_DECREF(nameConstraints)do { if (nameConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(nameConstraints), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } nameConstraints = ((void*)0); } } while (0); | |||
1110 | PKIX_DECREF(nameConstraintsString)do { if (nameConstraintsString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(nameConstraintsString), plContext); if ( stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); } nameConstraintsString = ((void*)0); } } while (0); | |||
1111 | PKIX_DECREF(authorityInfoAccess)do { if (authorityInfoAccess){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(authorityInfoAccess), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } authorityInfoAccess = ((void*)0); } } while (0); | |||
1112 | PKIX_DECREF(authorityInfoAccessString)do { if (authorityInfoAccessString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(authorityInfoAccessString ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } authorityInfoAccessString = ((void*)0); } } while (0); | |||
1113 | PKIX_DECREF(subjectInfoAccess)do { if (subjectInfoAccess){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(subjectInfoAccess), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } subjectInfoAccess = ((void*)0); } } while (0); | |||
1114 | PKIX_DECREF(subjectInfoAccessString)do { if (subjectInfoAccessString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(subjectInfoAccessString), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); } subjectInfoAccessString = ((void*)0); } } while (0); | |||
1115 | PKIX_DECREF(formatString)do { if (formatString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(formatString), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } formatString = ((void *)0); } } while (0); | |||
1116 | ||||
1117 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1118 | } | |||
1119 | ||||
1120 | /* | |||
1121 | * FUNCTION: pkix_pl_Cert_Destroy | |||
1122 | * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) | |||
1123 | */ | |||
1124 | static PKIX_Error * | |||
1125 | pkix_pl_Cert_Destroy( | |||
1126 | PKIX_PL_Object *object, | |||
1127 | void *plContext) | |||
1128 | { | |||
1129 | PKIX_PL_Cert *cert = NULL((void*)0); | |||
1130 | ||||
1131 | PKIX_ENTER(CERT, "pkix_pl_Cert_Destroy")static const char cMyFuncName[] = {"pkix_pl_Cert_Destroy"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1132 | PKIX_NULLCHECK_ONE(object)do { if ((object) == ((void*)0)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1133 | ||||
1134 | PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0) | |||
1135 | PKIX_OBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0); | |||
1136 | ||||
1137 | cert = (PKIX_PL_Cert*)object; | |||
1138 | ||||
1139 | PKIX_DECREF(cert->subject)do { if (cert->subject){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->subject), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } cert-> subject = ((void*)0); } } while (0); | |||
1140 | PKIX_DECREF(cert->issuer)do { if (cert->issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->issuer), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } cert-> issuer = ((void*)0); } } while (0); | |||
1141 | PKIX_DECREF(cert->subjAltNames)do { if (cert->subjAltNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->subjAltNames), plContext); if ( stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); } cert->subjAltNames = ((void*)0); } } while (0); | |||
1142 | PKIX_DECREF(cert->publicKeyAlgId)do { if (cert->publicKeyAlgId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->publicKeyAlgId), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); } cert->publicKeyAlgId = ((void*)0); } } while (0); | |||
1143 | PKIX_DECREF(cert->publicKey)do { if (cert->publicKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->publicKey), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } cert-> publicKey = ((void*)0); } } while (0); | |||
1144 | PKIX_DECREF(cert->serialNumber)do { if (cert->serialNumber){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->serialNumber), plContext); if ( stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); } cert->serialNumber = ((void*)0); } } while (0); | |||
1145 | PKIX_DECREF(cert->critExtOids)do { if (cert->critExtOids){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->critExtOids), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } cert-> critExtOids = ((void*)0); } } while (0); | |||
1146 | PKIX_DECREF(cert->authKeyId)do { if (cert->authKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->authKeyId), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } cert-> authKeyId = ((void*)0); } } while (0); | |||
1147 | PKIX_DECREF(cert->subjKeyId)do { if (cert->subjKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->subjKeyId), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } cert-> subjKeyId = ((void*)0); } } while (0); | |||
1148 | PKIX_DECREF(cert->extKeyUsages)do { if (cert->extKeyUsages){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->extKeyUsages), plContext); if ( stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); } cert->extKeyUsages = ((void*)0); } } while (0); | |||
1149 | PKIX_DECREF(cert->certBasicConstraints)do { if (cert->certBasicConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->certBasicConstraints ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->certBasicConstraints = ((void*)0); } } while (0); | |||
1150 | PKIX_DECREF(cert->certPolicyInfos)do { if (cert->certPolicyInfos){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->certPolicyInfos ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->certPolicyInfos = ((void*)0); } } while (0); | |||
1151 | PKIX_DECREF(cert->certPolicyMappings)do { if (cert->certPolicyMappings){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->certPolicyMappings ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->certPolicyMappings = ((void*)0); } } while (0); | |||
1152 | PKIX_DECREF(cert->nameConstraints)do { if (cert->nameConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->nameConstraints ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->nameConstraints = ((void*)0); } } while (0); | |||
1153 | PKIX_DECREF(cert->store)do { if (cert->store){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->store), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } cert-> store = ((void*)0); } } while (0); | |||
1154 | PKIX_DECREF(cert->authorityInfoAccess)do { if (cert->authorityInfoAccess){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->authorityInfoAccess ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->authorityInfoAccess = ((void*)0); } } while (0); | |||
1155 | PKIX_DECREF(cert->subjectInfoAccess)do { if (cert->subjectInfoAccess){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->subjectInfoAccess ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } cert->subjectInfoAccess = ((void*)0); } } while (0); | |||
1156 | PKIX_DECREF(cert->crldpList)do { if (cert->crldpList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert->crldpList), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } cert-> crldpList = ((void*)0); } } while (0); | |||
1157 | ||||
1158 | if (cert->arenaNameConstraints){ | |||
1159 | /* This arena was allocated for SubjectAltNames */ | |||
1160 | PKIX_PL_NSSCALL(CERT, PORT_FreeArena,; (PORT_FreeArena_Util (cert->arenaNameConstraints, 0)) | |||
1161 | (cert->arenaNameConstraints, PR_FALSE)); (PORT_FreeArena_Util (cert->arenaNameConstraints, 0)); | |||
1162 | ||||
1163 | cert->arenaNameConstraints = NULL((void*)0); | |||
1164 | cert->nssSubjAltNames = NULL((void*)0); | |||
1165 | } | |||
1166 | ||||
1167 | CERT_DestroyCertificate(cert->nssCert); | |||
1168 | cert->nssCert = NULL((void*)0); | |||
1169 | ||||
1170 | cleanup: | |||
1171 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1172 | } | |||
1173 | ||||
1174 | /* | |||
1175 | * FUNCTION: pkix_pl_Cert_ToString | |||
1176 | * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) | |||
1177 | */ | |||
1178 | static PKIX_Error * | |||
1179 | pkix_pl_Cert_ToString( | |||
1180 | PKIX_PL_Object *object, | |||
1181 | PKIX_PL_String **pString, | |||
1182 | void *plContext) | |||
1183 | { | |||
1184 | PKIX_PL_String *certString = NULL((void*)0); | |||
1185 | PKIX_PL_Cert *pkixCert = NULL((void*)0); | |||
1186 | ||||
1187 | PKIX_ENTER(CERT, "pkix_pl_Cert_toString")static const char cMyFuncName[] = {"pkix_pl_Cert_toString"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1188 | PKIX_NULLCHECK_TWO(object, pString)do { if (((object) == ((void*)0)) || ((pString) == ((void*)0) )){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1189 | ||||
1190 | PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0) | |||
1191 | PKIX_OBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0); | |||
1192 | ||||
1193 | pkixCert = (PKIX_PL_Cert *)object; | |||
1194 | ||||
1195 | PKIX_CHECK(pkix_pl_Cert_ToString_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_ToString_Helper (pkixCert, ((PKIX_Boolean) 0), &certString, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTTOSTRINGHELPERFAILED ; goto cleanup; } } while (0) | |||
1196 | (pkixCert, PKIX_FALSE, &certString, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_ToString_Helper (pkixCert, ((PKIX_Boolean) 0), &certString, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTTOSTRINGHELPERFAILED ; goto cleanup; } } while (0) | |||
1197 | PKIX_CERTTOSTRINGHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_ToString_Helper (pkixCert, ((PKIX_Boolean) 0), &certString, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTTOSTRINGHELPERFAILED ; goto cleanup; } } while (0); | |||
1198 | ||||
1199 | *pString = certString; | |||
1200 | ||||
1201 | cleanup: | |||
1202 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1203 | } | |||
1204 | ||||
1205 | /* | |||
1206 | * FUNCTION: pkix_pl_Cert_Hashcode | |||
1207 | * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) | |||
1208 | */ | |||
1209 | static PKIX_Error * | |||
1210 | pkix_pl_Cert_Hashcode( | |||
1211 | PKIX_PL_Object *object, | |||
1212 | PKIX_UInt32 *pHashcode, | |||
1213 | void *plContext) | |||
1214 | { | |||
1215 | PKIX_PL_Cert *pkixCert = NULL((void*)0); | |||
1216 | CERTCertificate *nssCert = NULL((void*)0); | |||
1217 | unsigned char *derBytes = NULL((void*)0); | |||
1218 | PKIX_UInt32 derLength; | |||
1219 | PKIX_UInt32 certHash; | |||
1220 | ||||
1221 | PKIX_ENTER(CERT, "pkix_pl_Cert_Hashcode")static const char cMyFuncName[] = {"pkix_pl_Cert_Hashcode"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1222 | PKIX_NULLCHECK_TWO(object, pHashcode)do { if (((object) == ((void*)0)) || ((pHashcode) == ((void*) 0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1223 | ||||
1224 | PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0) | |||
1225 | PKIX_OBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(object, PKIX_CERT_TYPE , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0); | |||
1226 | ||||
1227 | pkixCert = (PKIX_PL_Cert *)object; | |||
1228 | ||||
1229 | nssCert = pkixCert->nssCert; | |||
1230 | derBytes = (nssCert->derCert).data; | |||
1231 | derLength = (nssCert->derCert).len; | |||
1232 | ||||
1233 | PKIX_CHECK(pkix_hash(derBytes, derLength, &certHash, plContext),do { stdVars.aPkixErrorResult = (pkix_hash(derBytes, derLength , &certHash, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_HASHFAILED; goto cleanup; } } while (0) | |||
1234 | PKIX_HASHFAILED)do { stdVars.aPkixErrorResult = (pkix_hash(derBytes, derLength , &certHash, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_HASHFAILED; goto cleanup; } } while (0); | |||
1235 | ||||
1236 | *pHashcode = certHash; | |||
1237 | ||||
1238 | cleanup: | |||
1239 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1240 | } | |||
1241 | ||||
1242 | ||||
1243 | /* | |||
1244 | * FUNCTION: pkix_pl_Cert_Equals | |||
1245 | * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h) | |||
1246 | */ | |||
1247 | static PKIX_Error * | |||
1248 | pkix_pl_Cert_Equals( | |||
1249 | PKIX_PL_Object *firstObject, | |||
1250 | PKIX_PL_Object *secondObject, | |||
1251 | PKIX_Boolean *pResult, | |||
1252 | void *plContext) | |||
1253 | { | |||
1254 | CERTCertificate *firstCert = NULL((void*)0); | |||
1255 | CERTCertificate *secondCert = NULL((void*)0); | |||
1256 | PKIX_UInt32 secondType; | |||
1257 | PKIX_Boolean cmpResult; | |||
1258 | ||||
1259 | PKIX_ENTER(CERT, "pkix_pl_Cert_Equals")static const char cMyFuncName[] = {"pkix_pl_Cert_Equals"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1260 | PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult)do { if (((firstObject) == ((void*)0)) || ((secondObject) == ( (void*)0)) || ((pResult) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1261 | ||||
1262 | /* test that firstObject is a Cert */ | |||
1263 | PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(firstObject, PKIX_CERT_TYPE , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_FIRSTOBJECTNOTCERT; goto cleanup; } } while (0) | |||
1264 | PKIX_FIRSTOBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(firstObject, PKIX_CERT_TYPE , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_FIRSTOBJECTNOTCERT; goto cleanup; } } while (0); | |||
1265 | ||||
1266 | /* | |||
1267 | * Since we know firstObject is a Cert, if both references are | |||
1268 | * identical, they must be equal | |||
1269 | */ | |||
1270 | if (firstObject == secondObject){ | |||
1271 | *pResult = PKIX_TRUE((PKIX_Boolean) 1); | |||
1272 | goto cleanup; | |||
1273 | } | |||
1274 | ||||
1275 | /* | |||
1276 | * If secondObject isn't a Cert, we don't throw an error. | |||
1277 | * We simply return a Boolean result of FALSE | |||
1278 | */ | |||
1279 | *pResult = PKIX_FALSE((PKIX_Boolean) 0); | |||
1280 | PKIX_CHECK(PKIX_PL_Object_GetTypedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType (secondObject , &secondType, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT ; goto cleanup; } } while (0) | |||
1281 | (secondObject, &secondType, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType (secondObject , &secondType, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT ; goto cleanup; } } while (0) | |||
1282 | PKIX_COULDNOTGETTYPEOFSECONDARGUMENT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType (secondObject , &secondType, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT ; goto cleanup; } } while (0); | |||
1283 | if (secondType != PKIX_CERT_TYPE) goto cleanup; | |||
1284 | ||||
1285 | firstCert = ((PKIX_PL_Cert *)firstObject)->nssCert; | |||
1286 | secondCert = ((PKIX_PL_Cert *)secondObject)->nssCert; | |||
1287 | ||||
1288 | PKIX_NULLCHECK_TWO(firstCert, secondCert)do { if (((firstCert) == ((void*)0)) || ((secondCert) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1289 | ||||
1290 | /* CERT_CompareCerts does byte comparison on DER encodings of certs */ | |||
1291 | PKIX_CERT_DEBUG("\t\tCalling CERT_CompareCerts).\n"); | |||
1292 | cmpResult = CERT_CompareCerts(firstCert, secondCert); | |||
1293 | ||||
1294 | *pResult = cmpResult; | |||
1295 | ||||
1296 | cleanup: | |||
1297 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1298 | } | |||
1299 | ||||
1300 | /* | |||
1301 | * FUNCTION: pkix_pl_Cert_RegisterSelf | |||
1302 | * DESCRIPTION: | |||
1303 | * Registers PKIX_CERT_TYPE and its related functions with systemClasses[] | |||
1304 | * THREAD SAFETY: | |||
1305 | * Not Thread Safe - for performance and complexity reasons | |||
1306 | * | |||
1307 | * Since this function is only called by PKIX_PL_Initialize, which should | |||
1308 | * only be called once, it is acceptable that this function is not | |||
1309 | * thread-safe. | |||
1310 | */ | |||
1311 | PKIX_Error * | |||
1312 | pkix_pl_Cert_RegisterSelf(void *plContext) | |||
1313 | { | |||
1314 | ||||
1315 | extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; | |||
1316 | pkix_ClassTable_Entry entry; | |||
1317 | ||||
1318 | PKIX_ENTER(CERT, "pkix_pl_Cert_RegisterSelf")static const char cMyFuncName[] = {"pkix_pl_Cert_RegisterSelf" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1319 | ||||
1320 | entry.description = "Cert"; | |||
1321 | entry.objCounter = 0; | |||
1322 | entry.typeObjectSize = sizeof(PKIX_PL_Cert); | |||
1323 | entry.destructor = pkix_pl_Cert_Destroy; | |||
1324 | entry.equalsFunction = pkix_pl_Cert_Equals; | |||
1325 | entry.hashcodeFunction = pkix_pl_Cert_Hashcode; | |||
1326 | entry.toStringFunction = pkix_pl_Cert_ToString; | |||
1327 | entry.comparator = NULL((void*)0); | |||
1328 | entry.duplicateFunction = pkix_duplicateImmutable; | |||
1329 | ||||
1330 | systemClasses[PKIX_CERT_TYPE] = entry; | |||
1331 | ||||
1332 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1333 | } | |||
1334 | ||||
1335 | /* | |||
1336 | * FUNCTION: pkix_pl_Cert_CreateWithNSSCert | |||
1337 | * DESCRIPTION: | |||
1338 | * | |||
1339 | * Creates a new certificate using the CERTCertificate pointed to by "nssCert" | |||
1340 | * and stores it at "pCert". Once created, a Cert is immutable. | |||
1341 | * | |||
1342 | * This function is primarily used as a convenience function for the | |||
1343 | * performance tests that have easy access to a CERTCertificate. | |||
1344 | * | |||
1345 | * PARAMETERS: | |||
1346 | * "nssCert" | |||
1347 | * Address of CERTCertificate representing the NSS certificate. | |||
1348 | * Must be non-NULL. | |||
1349 | * "pCert" | |||
1350 | * Address where object pointer will be stored. Must be non-NULL. | |||
1351 | * "plContext" | |||
1352 | * Platform-specific context pointer. | |||
1353 | * THREAD SAFETY: | |||
1354 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
1355 | * RETURNS: | |||
1356 | * Returns NULL if the function succeeds. | |||
1357 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
1358 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
1359 | */ | |||
1360 | PKIX_Error * | |||
1361 | pkix_pl_Cert_CreateWithNSSCert( | |||
1362 | CERTCertificate *nssCert, | |||
1363 | PKIX_PL_Cert **pCert, | |||
1364 | void *plContext) | |||
1365 | { | |||
1366 | PKIX_PL_Cert *cert = NULL((void*)0); | |||
1367 | ||||
1368 | PKIX_ENTER(CERT, "pkix_pl_Cert_CreateWithNSSCert")static const char cMyFuncName[] = {"pkix_pl_Cert_CreateWithNSSCert" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1369 | PKIX_NULLCHECK_TWO(pCert, nssCert)do { if (((pCert) == ((void*)0)) || ((nssCert) == ((void*)0)) ){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR ), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1370 | ||||
1371 | /* create a PKIX_PL_Cert object */ | |||
1372 | PKIX_CHECK(PKIX_PL_Object_Allocdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE , sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
1373 | (PKIX_CERT_TYPE,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE , sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
1374 | sizeof (PKIX_PL_Cert),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE , sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
1375 | (PKIX_PL_Object **)&cert,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE , sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
1376 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE , sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
1377 | PKIX_COULDNOTCREATEOBJECT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERT_TYPE , sizeof (PKIX_PL_Cert), (PKIX_PL_Object **)&cert, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0); | |||
1378 | ||||
1379 | /* populate the nssCert field */ | |||
1380 | cert->nssCert = nssCert; | |||
1381 | ||||
1382 | /* initialize remaining fields */ | |||
1383 | /* | |||
1384 | * Fields ending with Absent are initialized to PKIX_FALSE so that the | |||
1385 | * first time we need the value we will look for it. If we find it is | |||
1386 | * actually absent, the flag will at that time be set to PKIX_TRUE to | |||
1387 | * prevent searching for it later. | |||
1388 | * Fields ending with Processed are those where a value is defined | |||
1389 | * for the Absent case, and a value of zero is possible. When the | |||
1390 | * flag is still true we have to look for the field, set the default | |||
1391 | * value if necessary, and set the Processed flag to PKIX_TRUE. | |||
1392 | */ | |||
1393 | cert->subject = NULL((void*)0); | |||
1394 | cert->issuer = NULL((void*)0); | |||
1395 | cert->subjAltNames = NULL((void*)0); | |||
1396 | cert->subjAltNamesAbsent = PKIX_FALSE((PKIX_Boolean) 0); | |||
1397 | cert->publicKeyAlgId = NULL((void*)0); | |||
1398 | cert->publicKey = NULL((void*)0); | |||
1399 | cert->serialNumber = NULL((void*)0); | |||
1400 | cert->critExtOids = NULL((void*)0); | |||
1401 | cert->subjKeyId = NULL((void*)0); | |||
1402 | cert->subjKeyIdAbsent = PKIX_FALSE((PKIX_Boolean) 0); | |||
1403 | cert->authKeyId = NULL((void*)0); | |||
1404 | cert->authKeyIdAbsent = PKIX_FALSE((PKIX_Boolean) 0); | |||
1405 | cert->extKeyUsages = NULL((void*)0); | |||
1406 | cert->extKeyUsagesAbsent = PKIX_FALSE((PKIX_Boolean) 0); | |||
1407 | cert->certBasicConstraints = NULL((void*)0); | |||
1408 | cert->basicConstraintsAbsent = PKIX_FALSE((PKIX_Boolean) 0); | |||
1409 | cert->certPolicyInfos = NULL((void*)0); | |||
1410 | cert->policyInfoAbsent = PKIX_FALSE((PKIX_Boolean) 0); | |||
1411 | cert->policyMappingsAbsent = PKIX_FALSE((PKIX_Boolean) 0); | |||
1412 | cert->certPolicyMappings = NULL((void*)0); | |||
1413 | cert->policyConstraintsProcessed = PKIX_FALSE((PKIX_Boolean) 0); | |||
1414 | cert->policyConstraintsExplicitPolicySkipCerts = 0; | |||
1415 | cert->policyConstraintsInhibitMappingSkipCerts = 0; | |||
1416 | cert->inhibitAnyPolicyProcessed = PKIX_FALSE((PKIX_Boolean) 0); | |||
1417 | cert->inhibitAnySkipCerts = 0; | |||
1418 | cert->nameConstraints = NULL((void*)0); | |||
1419 | cert->nameConstraintsAbsent = PKIX_FALSE((PKIX_Boolean) 0); | |||
1420 | cert->arenaNameConstraints = NULL((void*)0); | |||
1421 | cert->nssSubjAltNames = NULL((void*)0); | |||
1422 | cert->cacheFlag = PKIX_FALSE((PKIX_Boolean) 0); | |||
1423 | cert->store = NULL((void*)0); | |||
1424 | cert->authorityInfoAccess = NULL((void*)0); | |||
1425 | cert->subjectInfoAccess = NULL((void*)0); | |||
1426 | cert->isUserTrustAnchor = PKIX_FALSE((PKIX_Boolean) 0); | |||
1427 | cert->crldpList = NULL((void*)0); | |||
1428 | ||||
1429 | *pCert = cert; | |||
1430 | ||||
1431 | cleanup: | |||
1432 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1433 | } | |||
1434 | ||||
1435 | /* | |||
1436 | * FUNCTION: pkix_pl_Cert_CreateToList | |||
1437 | * DESCRIPTION: | |||
1438 | * | |||
1439 | * Creates a new certificate using the DER-encoding pointed to by "derCertItem" | |||
1440 | * and appends it to the list pointed to by "certList". If Cert creation fails, | |||
1441 | * the function returns with certList unchanged, but any decoding Error is | |||
1442 | * discarded. | |||
1443 | * | |||
1444 | * PARAMETERS: | |||
1445 | * "derCertItem" | |||
1446 | * Address of SECItem containing the DER representation of a certificate. | |||
1447 | * Must be non-NULL. | |||
1448 | * "certList" | |||
1449 | * Address of List to which the Cert will be appended, if successfully | |||
1450 | * created. May be empty, but must be non-NULL. | |||
1451 | * "plContext" | |||
1452 | * Platform-specific context pointer. | |||
1453 | * THREAD SAFETY: | |||
1454 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
1455 | * RETURNS: | |||
1456 | * Returns NULL if the function succeeds. | |||
1457 | * Returns a Cert Error if the function fails in a non-fatal way. | |||
1458 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
1459 | */ | |||
1460 | PKIX_Error * | |||
1461 | pkix_pl_Cert_CreateToList( | |||
1462 | SECItem *derCertItem, | |||
1463 | PKIX_List *certList, | |||
1464 | void *plContext) | |||
1465 | { | |||
1466 | CERTCertificate *nssCert = NULL((void*)0); | |||
1467 | PKIX_PL_Cert *cert = NULL((void*)0); | |||
1468 | CERTCertDBHandle *handle; | |||
1469 | ||||
1470 | PKIX_ENTER(CERT, "pkix_pl_Cert_CreateToList")static const char cMyFuncName[] = {"pkix_pl_Cert_CreateToList" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1471 | PKIX_NULLCHECK_TWO(derCertItem, certList)do { if (((derCertItem) == ((void*)0)) || ((certList) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1472 | ||||
1473 | handle = CERT_GetDefaultCertDB(); | |||
1474 | nssCert = CERT_NewTempCertificate(handle, derCertItem, | |||
1475 | /* nickname */ NULL((void*)0), | |||
1476 | /* isPerm */ PR_FALSE0, | |||
1477 | /* copyDer */ PR_TRUE1); | |||
1478 | if (!nssCert) { | |||
1479 | goto cleanup; | |||
1480 | } | |||
1481 | ||||
1482 | PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCertdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0) | |||
1483 | (nssCert, &cert, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0) | |||
1484 | PKIX_CERTCREATEWITHNSSCERTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0); | |||
1485 | ||||
1486 | nssCert = NULL((void*)0); | |||
1487 | ||||
1488 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (certList , (PKIX_PL_Object *) cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
1489 | (certList, (PKIX_PL_Object *) cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (certList , (PKIX_PL_Object *) cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
1490 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (certList , (PKIX_PL_Object *) cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
1491 | ||||
1492 | cleanup: | |||
1493 | if (nssCert) { | |||
1494 | CERT_DestroyCertificate(nssCert); | |||
1495 | } | |||
1496 | ||||
1497 | PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0); } } while (0); | |||
1498 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1499 | } | |||
1500 | ||||
1501 | /* --Public-Functions------------------------------------------------------- */ | |||
1502 | ||||
1503 | /* | |||
1504 | * FUNCTION: PKIX_PL_Cert_Create (see comments in pkix_pl_pki.h) | |||
1505 | * XXX We may want to cache the cert after parsing it, so it can be reused | |||
1506 | * XXX Are the NSS/NSPR functions thread safe | |||
1507 | */ | |||
1508 | PKIX_Error * | |||
1509 | PKIX_PL_Cert_Create( | |||
1510 | PKIX_PL_ByteArray *byteArray, | |||
1511 | PKIX_PL_Cert **pCert, | |||
1512 | void *plContext) | |||
1513 | { | |||
1514 | CERTCertificate *nssCert = NULL((void*)0); | |||
1515 | SECItem *derCertItem = NULL((void*)0); | |||
1516 | void *derBytes = NULL((void*)0); | |||
1517 | PKIX_UInt32 derLength; | |||
1518 | PKIX_PL_Cert *cert = NULL((void*)0); | |||
1519 | CERTCertDBHandle *handle; | |||
1520 | ||||
1521 | PKIX_ENTER(CERT, "PKIX_PL_Cert_Create")static const char cMyFuncName[] = {"PKIX_PL_Cert_Create"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1522 | PKIX_NULLCHECK_TWO(pCert, byteArray)do { if (((pCert) == ((void*)0)) || ((byteArray) == ((void*)0 ))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1523 | ||||
1524 | PKIX_CHECK(PKIX_PL_ByteArray_GetPointerdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetPointer (byteArray, &derBytes, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETPOINTERFAILED; goto cleanup; } } while (0) | |||
1525 | (byteArray, &derBytes, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetPointer (byteArray, &derBytes, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETPOINTERFAILED; goto cleanup; } } while (0) | |||
1526 | PKIX_BYTEARRAYGETPOINTERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetPointer (byteArray, &derBytes, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETPOINTERFAILED; goto cleanup; } } while (0); | |||
1527 | ||||
1528 | PKIX_CHECK(PKIX_PL_ByteArray_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetLength ( byteArray, &derLength, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETLENGTHFAILED; goto cleanup; } } while (0) | |||
1529 | (byteArray, &derLength, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetLength ( byteArray, &derLength, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETLENGTHFAILED; goto cleanup; } } while (0) | |||
1530 | PKIX_BYTEARRAYGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_GetLength ( byteArray, &derLength, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYGETLENGTHFAILED; goto cleanup; } } while (0); | |||
1531 | ||||
1532 | derCertItem = SECITEM_AllocItemSECITEM_AllocItem_Util(NULL((void*)0), NULL((void*)0), derLength); | |||
1533 | if (derCertItem == NULL((void*)0)){ | |||
1534 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
1535 | } | |||
1536 | ||||
1537 | (void) PORT_Memcpymemcpy(derCertItem->data, derBytes, derLength); | |||
1538 | ||||
1539 | /* | |||
1540 | * setting copyDER to true forces NSS to make its own copy of the DER, | |||
1541 | * allowing us to free our copy without worrying about whether NSS | |||
1542 | * is still using it | |||
1543 | */ | |||
1544 | handle = CERT_GetDefaultCertDB(); | |||
1545 | nssCert = CERT_NewTempCertificate(handle, derCertItem, | |||
1546 | /* nickname */ NULL((void*)0), | |||
1547 | /* isPerm */ PR_FALSE0, | |||
1548 | /* copyDer */ PR_TRUE1); | |||
1549 | if (!nssCert){ | |||
1550 | PKIX_ERROR(PKIX_CERTDECODEDERCERTIFICATEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTDECODEDERCERTIFICATEFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEDERCERTIFICATEFAILED ; goto cleanup; }; | |||
1551 | } | |||
1552 | ||||
1553 | PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCertdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0) | |||
1554 | (nssCert, &cert, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0) | |||
1555 | PKIX_CERTCREATEWITHNSSCERTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0); | |||
1556 | ||||
1557 | *pCert = cert; | |||
1558 | ||||
1559 | cleanup: | |||
1560 | if (derCertItem){ | |||
1561 | SECITEM_FreeItemSECITEM_FreeItem_Util(derCertItem, PKIX_TRUE((PKIX_Boolean) 1)); | |||
1562 | } | |||
1563 | ||||
1564 | if (nssCert && PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList)){ | |||
1565 | PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyCertificate).\n"); | |||
1566 | CERT_DestroyCertificate(nssCert); | |||
1567 | nssCert = NULL((void*)0); | |||
1568 | } | |||
1569 | ||||
1570 | PKIX_FREE(derBytes)do { if (derBytes) { stdVars.aPkixTempResult = PKIX_PL_Free(( derBytes), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } derBytes = ((void*)0); } } while (0); | |||
1571 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1572 | } | |||
1573 | ||||
1574 | ||||
1575 | /* | |||
1576 | * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate | |||
1577 | * (see comments in pkix_pl_pki.h) | |||
1578 | */ | |||
1579 | PKIX_Error * | |||
1580 | PKIX_PL_Cert_CreateFromCERTCertificate( | |||
1581 | const CERTCertificate *nssCert, | |||
1582 | PKIX_PL_Cert **pCert, | |||
1583 | void *plContext) | |||
1584 | { | |||
1585 | void *buf = NULL((void*)0); | |||
1586 | PKIX_UInt32 len; | |||
1587 | PKIX_PL_ByteArray *byteArray = NULL((void*)0); | |||
1588 | ||||
1589 | PKIX_ENTER(CERT, "PKIX_PL_Cert_CreateWithNssCert")static const char cMyFuncName[] = {"PKIX_PL_Cert_CreateWithNssCert" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1590 | PKIX_NULLCHECK_TWO(pCert, nssCert)do { if (((pCert) == ((void*)0)) || ((nssCert) == ((void*)0)) ){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR ), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1591 | ||||
1592 | buf = (void*)nssCert->derCert.data; | |||
1593 | len = nssCert->derCert.len; | |||
1594 | ||||
1595 | PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create(buf , len, &byteArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0) | |||
1596 | PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create(buf , len, &byteArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0) | |||
1597 | PKIX_BYTEARRAYCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create(buf , len, &byteArray, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED; goto cleanup ; } } while (0); | |||
1598 | ||||
1599 | PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_Create(byteArray , pCert, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup ; } } while (0) | |||
1600 | PKIX_PL_Cert_Create(byteArray, pCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_Create(byteArray , pCert, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup ; } } while (0) | |||
1601 | PKIX_CERTCREATEWITHNSSCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_Create(byteArray , pCert, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup ; } } while (0); | |||
1602 | ||||
1603 | #ifdef PKIX_UNDEF | |||
1604 | /* will be tested and used as a patch for bug 391612 */ | |||
1605 | nssCert = CERT_DupCertificate(nssInCert); | |||
1606 | ||||
1607 | PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCertdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0) | |||
1608 | (nssCert, &cert, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0) | |||
1609 | PKIX_CERTCREATEWITHNSSCERTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateWithNSSCert (nssCert, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCREATEWITHNSSCERTFAILED; goto cleanup; } } while (0); | |||
1610 | #endif /* PKIX_UNDEF */ | |||
1611 | ||||
1612 | cleanup: | |||
1613 | ||||
1614 | #ifdef PKIX_UNDEF | |||
1615 | if (nssCert && PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList)){ | |||
1616 | PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyCertificate).\n"); | |||
1617 | CERT_DestroyCertificate(nssCert); | |||
1618 | nssCert = NULL((void*)0); | |||
1619 | } | |||
1620 | #endif /* PKIX_UNDEF */ | |||
1621 | ||||
1622 | PKIX_DECREF(byteArray)do { if (byteArray){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(byteArray), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } byteArray = ((void *)0); } } while (0); | |||
1623 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1624 | } | |||
1625 | ||||
1626 | ||||
1627 | /* | |||
1628 | * FUNCTION: PKIX_PL_Cert_GetVersion (see comments in pkix_pl_pki.h) | |||
1629 | */ | |||
1630 | PKIX_Error * | |||
1631 | PKIX_PL_Cert_GetVersion( | |||
1632 | PKIX_PL_Cert *cert, | |||
1633 | PKIX_UInt32 *pVersion, | |||
1634 | void *plContext) | |||
1635 | { | |||
1636 | CERTCertificate *nssCert = NULL((void*)0); | |||
1637 | PKIX_UInt32 myVersion = 0; /* v1 */ | |||
1638 | ||||
1639 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetVersion")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetVersion"} ; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1640 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pVersion)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pVersion) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1641 | ||||
1642 | nssCert = cert->nssCert; | |||
1643 | if (nssCert->version.len != 0) { | |||
1644 | myVersion = *(nssCert->version.data); | |||
1645 | } | |||
1646 | ||||
1647 | if (myVersion > 2){ | |||
1648 | PKIX_ERROR(PKIX_VERSIONVALUEMUSTBEV1V2ORV3){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_VERSIONVALUEMUSTBEV1V2ORV3, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_VERSIONVALUEMUSTBEV1V2ORV3 ; goto cleanup; }; | |||
1649 | } | |||
1650 | ||||
1651 | *pVersion = myVersion; | |||
1652 | ||||
1653 | cleanup: | |||
1654 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1655 | } | |||
1656 | ||||
1657 | /* | |||
1658 | * FUNCTION: PKIX_PL_Cert_GetSerialNumber (see comments in pkix_pl_pki.h) | |||
1659 | */ | |||
1660 | PKIX_Error * | |||
1661 | PKIX_PL_Cert_GetSerialNumber( | |||
1662 | PKIX_PL_Cert *cert, | |||
1663 | PKIX_PL_BigInt **pSerialNumber, | |||
1664 | void *plContext) | |||
1665 | { | |||
1666 | CERTCertificate *nssCert = NULL((void*)0); | |||
1667 | SECItem serialNumItem; | |||
1668 | PKIX_PL_BigInt *serialNumber = NULL((void*)0); | |||
1669 | char *bytes = NULL((void*)0); | |||
1670 | PKIX_UInt32 length; | |||
1671 | ||||
1672 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSerialNumber")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSerialNumber" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1673 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSerialNumber)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pSerialNumber) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1674 | ||||
1675 | if (cert->serialNumber == NULL((void*)0)){ | |||
1676 | ||||
1677 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
1678 | ||||
1679 | if (cert->serialNumber == NULL((void*)0)){ | |||
1680 | ||||
1681 | nssCert = cert->nssCert; | |||
1682 | serialNumItem = nssCert->serialNumber; | |||
1683 | ||||
1684 | length = serialNumItem.len; | |||
1685 | bytes = (char *)serialNumItem.data; | |||
1686 | ||||
1687 | PKIX_CHECK(pkix_pl_BigInt_CreateWithBytesdo { stdVars.aPkixErrorResult = (pkix_pl_BigInt_CreateWithBytes (bytes, length, &serialNumber, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BIGINTCREATEWITHBYTESFAILED ; goto cleanup; } } while (0) | |||
1688 | (bytes, length, &serialNumber, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_BigInt_CreateWithBytes (bytes, length, &serialNumber, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BIGINTCREATEWITHBYTESFAILED ; goto cleanup; } } while (0) | |||
1689 | PKIX_BIGINTCREATEWITHBYTESFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_BigInt_CreateWithBytes (bytes, length, &serialNumber, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BIGINTCREATEWITHBYTESFAILED ; goto cleanup; } } while (0); | |||
1690 | ||||
1691 | /* save a cached copy in case it is asked for again */ | |||
1692 | cert->serialNumber = serialNumber; | |||
1693 | } | |||
1694 | ||||
1695 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,1695)); } } while (0); | |||
1696 | } | |||
1697 | ||||
1698 | PKIX_INCREF(cert->serialNumber)do { if (cert->serialNumber){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->serialNumber), plContext); if ( stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); goto cleanup; } } } while (0); | |||
1699 | *pSerialNumber = cert->serialNumber; | |||
1700 | ||||
1701 | cleanup: | |||
1702 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",1702)); } } while (0); | |||
1703 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1704 | } | |||
1705 | ||||
1706 | /* | |||
1707 | * FUNCTION: PKIX_PL_Cert_GetSubject (see comments in pkix_pl_pki.h) | |||
1708 | */ | |||
1709 | PKIX_Error * | |||
1710 | PKIX_PL_Cert_GetSubject( | |||
1711 | PKIX_PL_Cert *cert, | |||
1712 | PKIX_PL_X500Name **pCertSubject, | |||
1713 | void *plContext) | |||
1714 | { | |||
1715 | PKIX_PL_X500Name *pkixSubject = NULL((void*)0); | |||
1716 | CERTName *subjName = NULL((void*)0); | |||
1717 | SECItem *derSubjName = NULL((void*)0); | |||
1718 | ||||
1719 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubject")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubject"} ; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1720 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCertSubject)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pCertSubject) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1721 | ||||
1722 | /* if we don't have a cached copy from before, we create one */ | |||
1723 | if (cert->subject == NULL((void*)0)){ | |||
1724 | ||||
1725 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
1726 | ||||
1727 | if (cert->subject == NULL((void*)0)){ | |||
1728 | ||||
1729 | subjName = &cert->nssCert->subject; | |||
1730 | derSubjName = &cert->nssCert->derSubject; | |||
1731 | ||||
1732 | /* if there is no subject name */ | |||
1733 | if (derSubjName->data == NULL((void*)0)) { | |||
1734 | ||||
1735 | pkixSubject = NULL((void*)0); | |||
1736 | ||||
1737 | } else { | |||
1738 | PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTNamedo { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName (derSubjName, subjName, &pkixSubject, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED ; goto cleanup; } } while (0) | |||
1739 | (derSubjName, subjName, &pkixSubject,do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName (derSubjName, subjName, &pkixSubject, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED ; goto cleanup; } } while (0) | |||
1740 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName (derSubjName, subjName, &pkixSubject, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED ; goto cleanup; } } while (0) | |||
1741 | PKIX_X500NAMECREATEFROMCERTNAMEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName (derSubjName, subjName, &pkixSubject, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED ; goto cleanup; } } while (0); | |||
1742 | ||||
1743 | } | |||
1744 | /* save a cached copy in case it is asked for again */ | |||
1745 | cert->subject = pkixSubject; | |||
1746 | } | |||
1747 | ||||
1748 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,1748)); } } while (0); | |||
1749 | } | |||
1750 | ||||
1751 | PKIX_INCREF(cert->subject)do { if (cert->subject){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->subject), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
1752 | *pCertSubject = cert->subject; | |||
1753 | ||||
1754 | cleanup: | |||
1755 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",1755)); } } while (0); | |||
1756 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1757 | } | |||
1758 | ||||
1759 | /* | |||
1760 | * FUNCTION: PKIX_PL_Cert_GetIssuer (see comments in pkix_pl_pki.h) | |||
1761 | */ | |||
1762 | PKIX_Error * | |||
1763 | PKIX_PL_Cert_GetIssuer( | |||
1764 | PKIX_PL_Cert *cert, | |||
1765 | PKIX_PL_X500Name **pCertIssuer, | |||
1766 | void *plContext) | |||
1767 | { | |||
1768 | PKIX_PL_X500Name *pkixIssuer = NULL((void*)0); | |||
1769 | SECItem *derIssuerName = NULL((void*)0); | |||
1770 | CERTName *issuerName = NULL((void*)0); | |||
1771 | ||||
1772 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetIssuer")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetIssuer"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1773 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCertIssuer)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pCertIssuer) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1774 | ||||
1775 | /* if we don't have a cached copy from before, we create one */ | |||
1776 | if (cert->issuer == NULL((void*)0)){ | |||
1777 | ||||
1778 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
1779 | ||||
1780 | if (cert->issuer == NULL((void*)0)){ | |||
1781 | ||||
1782 | issuerName = &cert->nssCert->issuer; | |||
1783 | derIssuerName = &cert->nssCert->derIssuer; | |||
1784 | ||||
1785 | /* if there is no subject name */ | |||
1786 | PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTNamedo { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName (derIssuerName, issuerName, &pkixIssuer, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED ; goto cleanup; } } while (0) | |||
1787 | (derIssuerName, issuerName,do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName (derIssuerName, issuerName, &pkixIssuer, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED ; goto cleanup; } } while (0) | |||
1788 | &pkixIssuer, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName (derIssuerName, issuerName, &pkixIssuer, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED ; goto cleanup; } } while (0) | |||
1789 | PKIX_X500NAMECREATEFROMCERTNAMEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_X500Name_CreateFromCERTName (derIssuerName, issuerName, &pkixIssuer, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_X500NAMECREATEFROMCERTNAMEFAILED ; goto cleanup; } } while (0); | |||
1790 | ||||
1791 | /* save a cached copy in case it is asked for again */ | |||
1792 | cert->issuer = pkixIssuer; | |||
1793 | } | |||
1794 | ||||
1795 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,1795)); } } while (0); | |||
1796 | } | |||
1797 | ||||
1798 | PKIX_INCREF(cert->issuer)do { if (cert->issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->issuer), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
1799 | *pCertIssuer = cert->issuer; | |||
1800 | ||||
1801 | cleanup: | |||
1802 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1803 | } | |||
1804 | ||||
1805 | /* | |||
1806 | * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames (see comments in pkix_pl_pki.h) | |||
1807 | */ | |||
1808 | PKIX_Error * | |||
1809 | PKIX_PL_Cert_GetSubjectAltNames( | |||
1810 | PKIX_PL_Cert *cert, | |||
1811 | PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */ | |||
1812 | void *plContext) | |||
1813 | { | |||
1814 | PKIX_PL_GeneralName *pkixAltName = NULL((void*)0); | |||
1815 | PKIX_List *altNamesList = NULL((void*)0); | |||
1816 | ||||
1817 | CERTGeneralName *nssOriginalAltName = NULL((void*)0); | |||
1818 | CERTGeneralName *nssTempAltName = NULL((void*)0); | |||
1819 | ||||
1820 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectAltNames")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectAltNames" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1821 | PKIX_NULLCHECK_TWO(cert, pSubjectAltNames)do { if (((cert) == ((void*)0)) || ((pSubjectAltNames) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1822 | ||||
1823 | /* if we don't have a cached copy from before, we create one */ | |||
1824 | if ((cert->subjAltNames == NULL((void*)0)) && (!cert->subjAltNamesAbsent)){ | |||
1825 | ||||
1826 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
1827 | ||||
1828 | if ((cert->subjAltNames == NULL((void*)0)) && | |||
1829 | (!cert->subjAltNamesAbsent)){ | |||
1830 | ||||
1831 | PKIX_CHECK(pkix_pl_Cert_GetNssSubjectAltNamesdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1832 | (cert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1833 | PKIX_TRUE,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1834 | &nssOriginalAltName,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1835 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1836 | PKIX_CERTGETNSSSUBJECTALTNAMESFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 1), &nssOriginalAltName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0); | |||
1837 | ||||
1838 | if (nssOriginalAltName == NULL((void*)0)) { | |||
1839 | cert->subjAltNamesAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
1840 | pSubjectAltNames = NULL((void*)0); | |||
1841 | goto cleanup; | |||
1842 | } | |||
1843 | ||||
1844 | nssTempAltName = nssOriginalAltName; | |||
1845 | ||||
1846 | PKIX_CHECK(PKIX_List_Create(&altNamesList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&altNamesList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
1847 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&altNamesList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
1848 | ||||
1849 | do { | |||
1850 | PKIX_CHECK(pkix_pl_GeneralName_Createdo { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create ( nssTempAltName, &pkixAltName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED; goto cleanup; } } while (0) | |||
1851 | (nssTempAltName, &pkixAltName, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create ( nssTempAltName, &pkixAltName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED; goto cleanup; } } while (0) | |||
1852 | PKIX_GENERALNAMECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create ( nssTempAltName, &pkixAltName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED; goto cleanup; } } while (0); | |||
1853 | ||||
1854 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList , (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
1855 | (altNamesList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList , (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
1856 | (PKIX_PL_Object *)pkixAltName,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList , (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
1857 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList , (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
1858 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (altNamesList , (PKIX_PL_Object *)pkixAltName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
1859 | ||||
1860 | PKIX_DECREF(pkixAltName)do { if (pkixAltName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixAltName), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pkixAltName = ((void *)0); } } while (0); | |||
1861 | ||||
1862 | PKIX_CERT_DEBUG | |||
1863 | ("\t\tCalling CERT_GetNextGeneralName).\n"); | |||
1864 | nssTempAltName = CERT_GetNextGeneralName | |||
1865 | (nssTempAltName); | |||
1866 | ||||
1867 | } while (nssTempAltName != nssOriginalAltName); | |||
1868 | ||||
1869 | /* save a cached copy in case it is asked for again */ | |||
1870 | cert->subjAltNames = altNamesList; | |||
1871 | PKIX_CHECK(PKIX_List_SetImmutabledo { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (cert ->subjAltNames, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup ; } } while (0) | |||
1872 | (cert->subjAltNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (cert ->subjAltNames, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup ; } } while (0) | |||
1873 | PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (cert ->subjAltNames, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup ; } } while (0); | |||
1874 | ||||
1875 | } | |||
1876 | ||||
1877 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,1877)); } } while (0); | |||
1878 | } | |||
1879 | ||||
1880 | PKIX_INCREF(cert->subjAltNames)do { if (cert->subjAltNames){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->subjAltNames), plContext); if ( stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); goto cleanup; } } } while (0); | |||
1881 | ||||
1882 | *pSubjectAltNames = cert->subjAltNames; | |||
1883 | ||||
1884 | cleanup: | |||
1885 | PKIX_DECREF(pkixAltName)do { if (pkixAltName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixAltName), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pkixAltName = ((void *)0); } } while (0); | |||
1886 | if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList)){ | |||
1887 | PKIX_DECREF(altNamesList)do { if (altNamesList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(altNamesList), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } altNamesList = ((void *)0); } } while (0); | |||
1888 | } | |||
1889 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1890 | } | |||
1891 | ||||
1892 | /* | |||
1893 | * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames (see comments in pkix_pl_pki.h) | |||
1894 | */ | |||
1895 | PKIX_Error * | |||
1896 | PKIX_PL_Cert_GetAllSubjectNames( | |||
1897 | PKIX_PL_Cert *cert, | |||
1898 | PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */ | |||
1899 | void *plContext) | |||
1900 | { | |||
1901 | CERTGeneralName *nssOriginalSubjectName = NULL((void*)0); | |||
1902 | CERTGeneralName *nssTempSubjectName = NULL((void*)0); | |||
1903 | PKIX_List *allSubjectNames = NULL((void*)0); | |||
1904 | PKIX_PL_GeneralName *pkixSubjectName = NULL((void*)0); | |||
1905 | PLArenaPool *arena = NULL((void*)0); | |||
1906 | ||||
1907 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAllSubjectNames")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetAllSubjectNames" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1908 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAllSubjectNames)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pAllSubjectNames) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1909 | ||||
1910 | ||||
1911 | if (cert->nssCert->subjectName == NULL((void*)0)){ | |||
1912 | /* if there is no subject DN, just get altnames */ | |||
1913 | ||||
1914 | PKIX_CHECK(pkix_pl_Cert_GetNssSubjectAltNamesdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1915 | (cert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1916 | PKIX_FALSE, /* hasLock */do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1917 | &nssOriginalSubjectName,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1918 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0) | |||
1919 | PKIX_CERTGETNSSSUBJECTALTNAMESFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_GetNssSubjectAltNames (cert, ((PKIX_Boolean) 0), &nssOriginalSubjectName, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETNSSSUBJECTALTNAMESFAILED; goto cleanup; } } while (0); | |||
1920 | ||||
1921 | } else { /* get subject DN and altnames */ | |||
1922 | ||||
1923 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); | |||
1924 | if (arena == NULL((void*)0)) { | |||
1925 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
1926 | } | |||
1927 | ||||
1928 | /* This NSS call returns both Subject and Subject Alt Names */ | |||
1929 | PKIX_CERT_DEBUG("\t\tCalling CERT_GetCertificateNames\n"); | |||
1930 | nssOriginalSubjectName = | |||
1931 | CERT_GetCertificateNames(cert->nssCert, arena); | |||
1932 | } | |||
1933 | ||||
1934 | if (nssOriginalSubjectName == NULL((void*)0)) { | |||
1935 | pAllSubjectNames = NULL((void*)0); | |||
1936 | goto cleanup; | |||
1937 | } | |||
1938 | ||||
1939 | nssTempSubjectName = nssOriginalSubjectName; | |||
1940 | ||||
1941 | PKIX_CHECK(PKIX_List_Create(&allSubjectNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&allSubjectNames , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
1942 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&allSubjectNames , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
1943 | ||||
1944 | do { | |||
1945 | PKIX_CHECK(pkix_pl_GeneralName_Createdo { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create ( nssTempSubjectName, &pkixSubjectName, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED ; goto cleanup; } } while (0) | |||
1946 | (nssTempSubjectName, &pkixSubjectName, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create ( nssTempSubjectName, &pkixSubjectName, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED ; goto cleanup; } } while (0) | |||
1947 | PKIX_GENERALNAMECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create ( nssTempSubjectName, &pkixSubjectName, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED ; goto cleanup; } } while (0); | |||
1948 | ||||
1949 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames , (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
1950 | (allSubjectNames,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames , (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
1951 | (PKIX_PL_Object *)pkixSubjectName,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames , (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
1952 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames , (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
1953 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (allSubjectNames , (PKIX_PL_Object *)pkixSubjectName, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0); | |||
1954 | ||||
1955 | PKIX_DECREF(pkixSubjectName)do { if (pkixSubjectName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixSubjectName), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } pkixSubjectName = ((void*)0); } } while (0); | |||
1956 | ||||
1957 | PKIX_CERT_DEBUG | |||
1958 | ("\t\tCalling CERT_GetNextGeneralName).\n"); | |||
1959 | nssTempSubjectName = CERT_GetNextGeneralName | |||
1960 | (nssTempSubjectName); | |||
1961 | } while (nssTempSubjectName != nssOriginalSubjectName); | |||
1962 | ||||
1963 | *pAllSubjectNames = allSubjectNames; | |||
1964 | ||||
1965 | cleanup: | |||
1966 | if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList)){ | |||
1967 | PKIX_DECREF(allSubjectNames)do { if (allSubjectNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(allSubjectNames), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } allSubjectNames = ((void*)0); } } while (0); | |||
1968 | } | |||
1969 | ||||
1970 | if (arena){ | |||
1971 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | |||
1972 | } | |||
1973 | PKIX_DECREF(pkixSubjectName)do { if (pkixSubjectName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixSubjectName), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } pkixSubjectName = ((void*)0); } } while (0); | |||
1974 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1975 | } | |||
1976 | ||||
1977 | /* | |||
1978 | * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId | |||
1979 | * (see comments in pkix_pl_pki.h) | |||
1980 | */ | |||
1981 | PKIX_Error * | |||
1982 | PKIX_PL_Cert_GetSubjectPublicKeyAlgId( | |||
1983 | PKIX_PL_Cert *cert, | |||
1984 | PKIX_PL_OID **pSubjKeyAlgId, | |||
1985 | void *plContext) | |||
1986 | { | |||
1987 | PKIX_PL_OID *pubKeyAlgId = NULL((void*)0); | |||
1988 | ||||
1989 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectPublicKeyAlgId")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectPublicKeyAlgId" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1990 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSubjKeyAlgId)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pSubjKeyAlgId) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1991 | ||||
1992 | /* if we don't have a cached copy from before, we create one */ | |||
1993 | if (cert->publicKeyAlgId == NULL((void*)0)){ | |||
1994 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
1995 | if (cert->publicKeyAlgId == NULL((void*)0)){ | |||
1996 | CERTCertificate *nssCert = cert->nssCert; | |||
1997 | SECAlgorithmID *algorithm; | |||
1998 | SECItem *algBytes; | |||
1999 | ||||
2000 | algorithm = &nssCert->subjectPublicKeyInfo.algorithm; | |||
2001 | algBytes = &algorithm->algorithm; | |||
2002 | if (!algBytes->data || !algBytes->len) { | |||
2003 | PKIX_ERROR_FATAL(PKIX_ALGORITHMBYTESLENGTH0){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_ALGORITHMBYTESLENGTH0; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR ; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext ); } }; goto cleanup; }; | |||
2004 | } | |||
2005 | PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( algBytes, &pubKeyAlgId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup ; } } while (0) | |||
2006 | (algBytes, &pubKeyAlgId, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( algBytes, &pubKeyAlgId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup ; } } while (0) | |||
2007 | PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( algBytes, &pubKeyAlgId, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup ; } } while (0); | |||
2008 | ||||
2009 | /* save a cached copy in case it is asked for again */ | |||
2010 | cert->publicKeyAlgId = pubKeyAlgId; | |||
2011 | pubKeyAlgId = NULL((void*)0); | |||
2012 | } | |||
2013 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2013)); } } while (0); | |||
2014 | } | |||
2015 | ||||
2016 | PKIX_INCREF(cert->publicKeyAlgId)do { if (cert->publicKeyAlgId){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->publicKeyAlgId), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); goto cleanup; } } } while (0); | |||
2017 | *pSubjKeyAlgId = cert->publicKeyAlgId; | |||
2018 | ||||
2019 | cleanup: | |||
2020 | PKIX_DECREF(pubKeyAlgId)do { if (pubKeyAlgId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pubKeyAlgId), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pubKeyAlgId = ((void *)0); } } while (0); | |||
2021 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2022 | } | |||
2023 | ||||
2024 | /* | |||
2025 | * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey (see comments in pkix_pl_pki.h) | |||
2026 | */ | |||
2027 | PKIX_Error * | |||
2028 | PKIX_PL_Cert_GetSubjectPublicKey( | |||
2029 | PKIX_PL_Cert *cert, | |||
2030 | PKIX_PL_PublicKey **pPublicKey, | |||
2031 | void *plContext) | |||
2032 | { | |||
2033 | PKIX_PL_PublicKey *pkixPubKey = NULL((void*)0); | |||
2034 | SECStatus rv; | |||
2035 | ||||
2036 | CERTSubjectPublicKeyInfo *from = NULL((void*)0); | |||
2037 | CERTSubjectPublicKeyInfo *to = NULL((void*)0); | |||
2038 | SECItem *fromItem = NULL((void*)0); | |||
2039 | SECItem *toItem = NULL((void*)0); | |||
2040 | ||||
2041 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectPublicKey")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectPublicKey" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2042 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPublicKey)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pPublicKey) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2043 | ||||
2044 | /* if we don't have a cached copy from before, we create one */ | |||
2045 | if (cert->publicKey == NULL((void*)0)){ | |||
2046 | ||||
2047 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2048 | ||||
2049 | if (cert->publicKey == NULL((void*)0)){ | |||
2050 | ||||
2051 | /* create a PKIX_PL_PublicKey object */ | |||
2052 | PKIX_CHECK(PKIX_PL_Object_Allocdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE , sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
2053 | (PKIX_PUBLICKEY_TYPE,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE , sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
2054 | sizeof (PKIX_PL_PublicKey),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE , sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
2055 | (PKIX_PL_Object **)&pkixPubKey,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE , sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
2056 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE , sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0) | |||
2057 | PKIX_COULDNOTCREATEOBJECT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_PUBLICKEY_TYPE , sizeof (PKIX_PL_PublicKey), (PKIX_PL_Object **)&pkixPubKey , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATEOBJECT; goto cleanup; } } while (0); | |||
2058 | ||||
2059 | /* initialize fields */ | |||
2060 | pkixPubKey->nssSPKI = NULL((void*)0); | |||
2061 | ||||
2062 | /* populate the SPKI field */ | |||
2063 | PKIX_CHECK(PKIX_PL_Mallocdo { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo ), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto cleanup; } } while (0) | |||
2064 | (sizeof (CERTSubjectPublicKeyInfo),do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo ), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto cleanup; } } while (0) | |||
2065 | (void **)&pkixPubKey->nssSPKI,do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo ), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto cleanup; } } while (0) | |||
2066 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo ), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto cleanup; } } while (0) | |||
2067 | PKIX_MALLOCFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTSubjectPublicKeyInfo ), (void **)&pkixPubKey->nssSPKI, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto cleanup; } } while (0); | |||
2068 | ||||
2069 | to = pkixPubKey->nssSPKI; | |||
2070 | from = &cert->nssCert->subjectPublicKeyInfo; | |||
2071 | ||||
2072 | PKIX_NULLCHECK_TWO(to, from)do { if (((to) == ((void*)0)) || ((from) == ((void*)0))){ stdVars .aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR ), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
2073 | ||||
2074 | PKIX_CERT_DEBUG | |||
2075 | ("\t\tCalling SECOID_CopyAlgorithmID).\n"); | |||
2076 | rv = SECOID_CopyAlgorithmIDSECOID_CopyAlgorithmID_Util | |||
2077 | (NULL((void*)0), &to->algorithm, &from->algorithm); | |||
2078 | if (rv != SECSuccess) { | |||
2079 | PKIX_ERROR(PKIX_SECOIDCOPYALGORITHMIDFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_SECOIDCOPYALGORITHMIDFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_SECOIDCOPYALGORITHMIDFAILED ; goto cleanup; }; | |||
2080 | } | |||
2081 | ||||
2082 | /* | |||
2083 | * NSS stores the length of subjectPublicKey in bits. | |||
2084 | * Therefore, we use that length converted to bytes | |||
2085 | * using ((length+7)>>3) before calling PORT_Memcpy | |||
2086 | * in order to avoid "read from uninitialized memory" | |||
2087 | * errors. | |||
2088 | */ | |||
2089 | ||||
2090 | toItem = &to->subjectPublicKey; | |||
2091 | fromItem = &from->subjectPublicKey; | |||
2092 | ||||
2093 | PKIX_NULLCHECK_TWO(toItem, fromItem)do { if (((toItem) == ((void*)0)) || ((fromItem) == ((void*)0 ))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
2094 | ||||
2095 | toItem->type = fromItem->type; | |||
2096 | ||||
2097 | toItem->data = | |||
2098 | (unsigned char*) PORT_ZAllocPORT_ZAlloc_Util(fromItem->len); | |||
2099 | if (!toItem->data){ | |||
2100 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
2101 | } | |||
2102 | ||||
2103 | (void) PORT_Memcpymemcpy(toItem->data, | |||
2104 | fromItem->data, | |||
2105 | (fromItem->len + 7)>>3); | |||
2106 | toItem->len = fromItem->len; | |||
2107 | ||||
2108 | /* save a cached copy in case it is asked for again */ | |||
2109 | cert->publicKey = pkixPubKey; | |||
2110 | } | |||
2111 | ||||
2112 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2112)); } } while (0); | |||
2113 | } | |||
2114 | ||||
2115 | PKIX_INCREF(cert->publicKey)do { if (cert->publicKey){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->publicKey), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
2116 | *pPublicKey = cert->publicKey; | |||
2117 | ||||
2118 | cleanup: | |||
2119 | ||||
2120 | if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList) && pkixPubKey){ | |||
2121 | PKIX_DECREF(pkixPubKey)do { if (pkixPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixPubKey), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pkixPubKey = ((void *)0); } } while (0); | |||
2122 | cert->publicKey = NULL((void*)0); | |||
2123 | } | |||
2124 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2125 | } | |||
2126 | ||||
2127 | /* | |||
2128 | * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs | |||
2129 | * (see comments in pkix_pl_pki.h) | |||
2130 | */ | |||
2131 | PKIX_Error * | |||
2132 | PKIX_PL_Cert_GetCriticalExtensionOIDs( | |||
2133 | PKIX_PL_Cert *cert, | |||
2134 | PKIX_List **pList, /* list of PKIX_PL_OID */ | |||
2135 | void *plContext) | |||
2136 | { | |||
2137 | PKIX_List *oidsList = NULL((void*)0); | |||
2138 | CERTCertExtension **extensions = NULL((void*)0); | |||
2139 | CERTCertificate *nssCert = NULL((void*)0); | |||
2140 | ||||
2141 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCriticalExtensionOIDs")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetCriticalExtensionOIDs" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2142 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pList)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pList) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2143 | ||||
2144 | /* if we don't have a cached copy from before, we create one */ | |||
2145 | if (cert->critExtOids == NULL((void*)0)) { | |||
2146 | ||||
2147 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2148 | ||||
2149 | if (cert->critExtOids == NULL((void*)0)) { | |||
2150 | ||||
2151 | nssCert = cert->nssCert; | |||
2152 | ||||
2153 | /* | |||
2154 | * ASN.1 for Extension | |||
2155 | * | |||
2156 | * Extension ::= SEQUENCE { | |||
2157 | * extnID OBJECT IDENTIFIER, | |||
2158 | * critical BOOLEAN DEFAULT FALSE, | |||
2159 | * extnValue OCTET STRING } | |||
2160 | * | |||
2161 | */ | |||
2162 | ||||
2163 | extensions = nssCert->extensions; | |||
2164 | ||||
2165 | PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDsdo { stdVars.aPkixErrorResult = (pkix_pl_OID_GetCriticalExtensionOIDs (extensions, &oidsList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_GETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0) | |||
2166 | (extensions, &oidsList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_OID_GetCriticalExtensionOIDs (extensions, &oidsList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_GETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0) | |||
2167 | PKIX_GETCRITICALEXTENSIONOIDSFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_OID_GetCriticalExtensionOIDs (extensions, &oidsList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_GETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0); | |||
2168 | ||||
2169 | /* save a cached copy in case it is asked for again */ | |||
2170 | cert->critExtOids = oidsList; | |||
2171 | } | |||
2172 | ||||
2173 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2173)); } } while (0); | |||
2174 | } | |||
2175 | ||||
2176 | /* We should return a copy of the List since this list changes */ | |||
2177 | PKIX_DUPLICATE(cert->critExtOids, pList, plContext,do { if ((cert->critExtOids) != ((void*)0)) { do { stdVars .aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)(cert->critExtOids), (PKIX_PL_Object **)(pList), (plContext ))); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTDUPLICATELISTFAILED); goto cleanup; } } while ( 0); } else { *(pList) = (cert->critExtOids); } } while (0) | |||
2178 | PKIX_OBJECTDUPLICATELISTFAILED)do { if ((cert->critExtOids) != ((void*)0)) { do { stdVars .aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)(cert->critExtOids), (PKIX_PL_Object **)(pList), (plContext ))); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTDUPLICATELISTFAILED); goto cleanup; } } while ( 0); } else { *(pList) = (cert->critExtOids); } } while (0); | |||
2179 | ||||
2180 | cleanup: | |||
2181 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2181)); } } while (0); | |||
2182 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2183 | } | |||
2184 | ||||
2185 | /* | |||
2186 | * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier | |||
2187 | * (see comments in pkix_pl_pki.h) | |||
2188 | */ | |||
2189 | PKIX_Error * | |||
2190 | PKIX_PL_Cert_GetAuthorityKeyIdentifier( | |||
2191 | PKIX_PL_Cert *cert, | |||
2192 | PKIX_PL_ByteArray **pAuthKeyId, | |||
2193 | void *plContext) | |||
2194 | { | |||
2195 | PKIX_PL_ByteArray *authKeyId = NULL((void*)0); | |||
2196 | CERTCertificate *nssCert = NULL((void*)0); | |||
2197 | CERTAuthKeyID *authKeyIdExtension = NULL((void*)0); | |||
2198 | PLArenaPool *arena = NULL((void*)0); | |||
2199 | SECItem retItem; | |||
2200 | ||||
2201 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAuthorityKeyIdentifier")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetAuthorityKeyIdentifier" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2202 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAuthKeyId)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pAuthKeyId) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2203 | ||||
2204 | /* if we don't have a cached copy from before, we create one */ | |||
2205 | if ((cert->authKeyId == NULL((void*)0)) && (!cert->authKeyIdAbsent)){ | |||
2206 | ||||
2207 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2208 | ||||
2209 | if ((cert->authKeyId == NULL((void*)0)) && (!cert->authKeyIdAbsent)){ | |||
2210 | ||||
2211 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); | |||
2212 | if (arena == NULL((void*)0)) { | |||
2213 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
2214 | } | |||
2215 | ||||
2216 | nssCert = cert->nssCert; | |||
2217 | ||||
2218 | authKeyIdExtension = | |||
2219 | CERT_FindAuthKeyIDExten(arena, nssCert); | |||
2220 | if (authKeyIdExtension == NULL((void*)0)){ | |||
2221 | cert->authKeyIdAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
2222 | *pAuthKeyId = NULL((void*)0); | |||
2223 | goto cleanup; | |||
2224 | } | |||
2225 | ||||
2226 | retItem = authKeyIdExtension->keyID; | |||
2227 | ||||
2228 | if (retItem.len == 0){ | |||
2229 | cert->authKeyIdAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
2230 | *pAuthKeyId = NULL((void*)0); | |||
2231 | goto cleanup; | |||
2232 | } | |||
2233 | ||||
2234 | PKIX_CHECK(PKIX_PL_ByteArray_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem .data, retItem.len, &authKeyId, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2235 | (retItem.data,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem .data, retItem.len, &authKeyId, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2236 | retItem.len,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem .data, retItem.len, &authKeyId, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2237 | &authKeyId,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem .data, retItem.len, &authKeyId, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2238 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem .data, retItem.len, &authKeyId, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2239 | PKIX_BYTEARRAYCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem .data, retItem.len, &authKeyId, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0); | |||
2240 | ||||
2241 | /* save a cached copy in case it is asked for again */ | |||
2242 | cert->authKeyId = authKeyId; | |||
2243 | } | |||
2244 | ||||
2245 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2245)); } } while (0); | |||
2246 | } | |||
2247 | ||||
2248 | PKIX_INCREF(cert->authKeyId)do { if (cert->authKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->authKeyId), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
2249 | *pAuthKeyId = cert->authKeyId; | |||
2250 | ||||
2251 | cleanup: | |||
2252 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2252)); } } while (0); | |||
2253 | if (arena){ | |||
2254 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | |||
2255 | } | |||
2256 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2257 | } | |||
2258 | ||||
2259 | /* | |||
2260 | * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier | |||
2261 | * (see comments in pkix_pl_pki.h) | |||
2262 | */ | |||
2263 | PKIX_Error * | |||
2264 | PKIX_PL_Cert_GetSubjectKeyIdentifier( | |||
2265 | PKIX_PL_Cert *cert, | |||
2266 | PKIX_PL_ByteArray **pSubjKeyId, | |||
2267 | void *plContext) | |||
2268 | { | |||
2269 | PKIX_PL_ByteArray *subjKeyId = NULL((void*)0); | |||
2270 | CERTCertificate *nssCert = NULL((void*)0); | |||
2271 | SECItem *retItem = NULL((void*)0); | |||
2272 | SECStatus status; | |||
2273 | ||||
2274 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectKeyIdentifier")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectKeyIdentifier" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2275 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSubjKeyId)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pSubjKeyId) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2276 | ||||
2277 | /* if we don't have a cached copy from before, we create one */ | |||
2278 | if ((cert->subjKeyId == NULL((void*)0)) && (!cert->subjKeyIdAbsent)){ | |||
2279 | ||||
2280 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2281 | ||||
2282 | if ((cert->subjKeyId == NULL((void*)0)) && (!cert->subjKeyIdAbsent)){ | |||
2283 | ||||
2284 | retItem = SECITEM_AllocItemSECITEM_AllocItem_Util(NULL((void*)0), NULL((void*)0), 0); | |||
2285 | if (retItem == NULL((void*)0)){ | |||
2286 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
2287 | } | |||
2288 | ||||
2289 | nssCert = cert->nssCert; | |||
2290 | ||||
2291 | status = CERT_FindSubjectKeyIDExtension | |||
2292 | (nssCert, retItem); | |||
2293 | if (status != SECSuccess) { | |||
2294 | cert->subjKeyIdAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
2295 | *pSubjKeyId = NULL((void*)0); | |||
2296 | goto cleanup; | |||
2297 | } | |||
2298 | ||||
2299 | PKIX_CHECK(PKIX_PL_ByteArray_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem ->data, retItem->len, &subjKeyId, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2300 | (retItem->data,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem ->data, retItem->len, &subjKeyId, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2301 | retItem->len,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem ->data, retItem->len, &subjKeyId, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2302 | &subjKeyId,do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem ->data, retItem->len, &subjKeyId, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2303 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem ->data, retItem->len, &subjKeyId, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0) | |||
2304 | PKIX_BYTEARRAYCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_ByteArray_Create (retItem ->data, retItem->len, &subjKeyId, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_BYTEARRAYCREATEFAILED ; goto cleanup; } } while (0); | |||
2305 | ||||
2306 | /* save a cached copy in case it is asked for again */ | |||
2307 | cert->subjKeyId = subjKeyId; | |||
2308 | } | |||
2309 | ||||
2310 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2310)); } } while (0); | |||
2311 | } | |||
2312 | ||||
2313 | PKIX_INCREF(cert->subjKeyId)do { if (cert->subjKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->subjKeyId), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
2314 | *pSubjKeyId = cert->subjKeyId; | |||
2315 | ||||
2316 | cleanup: | |||
2317 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2317)); } } while (0); | |||
2318 | if (retItem){ | |||
2319 | SECITEM_FreeItemSECITEM_FreeItem_Util(retItem, PKIX_TRUE((PKIX_Boolean) 1)); | |||
2320 | } | |||
2321 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2322 | } | |||
2323 | ||||
2324 | /* | |||
2325 | * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage (see comments in pkix_pl_pki.h) | |||
2326 | */ | |||
2327 | PKIX_Error * | |||
2328 | PKIX_PL_Cert_GetExtendedKeyUsage( | |||
2329 | PKIX_PL_Cert *cert, | |||
2330 | PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */ | |||
2331 | void *plContext) | |||
2332 | { | |||
2333 | CERTOidSequence *extKeyUsage = NULL((void*)0); | |||
2334 | CERTCertificate *nssCert = NULL((void*)0); | |||
2335 | PKIX_PL_OID *pkixOID = NULL((void*)0); | |||
2336 | PKIX_List *oidsList = NULL((void*)0); | |||
2337 | SECItem **oids = NULL((void*)0); | |||
2338 | SECItem encodedExtKeyUsage; | |||
2339 | SECStatus rv; | |||
2340 | ||||
2341 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetExtendedKeyUsage")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetExtendedKeyUsage" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2342 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pKeyUsage)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pKeyUsage) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2343 | ||||
2344 | /* if we don't have a cached copy from before, we create one */ | |||
2345 | if ((cert->extKeyUsages == NULL((void*)0)) && (!cert->extKeyUsagesAbsent)){ | |||
2346 | ||||
2347 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2348 | ||||
2349 | if ((cert->extKeyUsages == NULL((void*)0)) && | |||
2350 | (!cert->extKeyUsagesAbsent)){ | |||
2351 | ||||
2352 | nssCert = cert->nssCert; | |||
2353 | ||||
2354 | rv = CERT_FindCertExtension | |||
2355 | (nssCert, SEC_OID_X509_EXT_KEY_USAGE, | |||
2356 | &encodedExtKeyUsage); | |||
2357 | if (rv != SECSuccess){ | |||
2358 | cert->extKeyUsagesAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
2359 | *pKeyUsage = NULL((void*)0); | |||
2360 | goto cleanup; | |||
2361 | } | |||
2362 | ||||
2363 | extKeyUsage = | |||
2364 | CERT_DecodeOidSequence(&encodedExtKeyUsage); | |||
2365 | if (extKeyUsage == NULL((void*)0)){ | |||
2366 | PKIX_ERROR(PKIX_CERTDECODEOIDSEQUENCEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTDECODEOIDSEQUENCEFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CERTDECODEOIDSEQUENCEFAILED ; goto cleanup; }; | |||
2367 | } | |||
2368 | ||||
2369 | PORT_FreePORT_Free_Util(encodedExtKeyUsage.data); | |||
2370 | ||||
2371 | oids = extKeyUsage->oids; | |||
2372 | ||||
2373 | if (!oids){ | |||
2374 | /* no extended key usage extensions found */ | |||
2375 | cert->extKeyUsagesAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
2376 | *pKeyUsage = NULL((void*)0); | |||
2377 | goto cleanup; | |||
2378 | } | |||
2379 | ||||
2380 | PKIX_CHECK(PKIX_List_Create(&oidsList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&oidsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
2381 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&oidsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
2382 | ||||
2383 | while (*oids){ | |||
2384 | SECItem *oid = *oids++; | |||
2385 | ||||
2386 | PKIX_CHECK(PKIX_PL_OID_CreateBySECItemdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( oid, &pkixOID, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup ; } } while (0) | |||
2387 | (oid, &pkixOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( oid, &pkixOID, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup ; } } while (0) | |||
2388 | PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_CreateBySECItem ( oid, &pkixOID, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup ; } } while (0); | |||
2389 | ||||
2390 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList , (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
2391 | (oidsList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList , (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
2392 | (PKIX_PL_Object *)pkixOID,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList , (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
2393 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList , (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
2394 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (oidsList , (PKIX_PL_Object *)pkixOID, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
2395 | PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*) 0); } } while (0); | |||
2396 | } | |||
2397 | ||||
2398 | PKIX_CHECK(PKIX_List_SetImmutabledo { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (oidsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0) | |||
2399 | (oidsList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (oidsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0) | |||
2400 | PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (oidsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0); | |||
2401 | ||||
2402 | /* save a cached copy in case it is asked for again */ | |||
2403 | cert->extKeyUsages = oidsList; | |||
2404 | oidsList = NULL((void*)0); | |||
2405 | } | |||
2406 | ||||
2407 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2407)); } } while (0); | |||
2408 | } | |||
2409 | ||||
2410 | PKIX_INCREF(cert->extKeyUsages)do { if (cert->extKeyUsages){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->extKeyUsages), plContext); if ( stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); goto cleanup; } } } while (0); | |||
2411 | *pKeyUsage = cert->extKeyUsages; | |||
2412 | ||||
2413 | cleanup: | |||
2414 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2414)); } } while (0); | |||
2415 | ||||
2416 | PKIX_DECREF(pkixOID)do { if (pkixOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(pkixOID), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } pkixOID = ((void*) 0); } } while (0); | |||
2417 | PKIX_DECREF(oidsList)do { if (oidsList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(oidsList), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } oidsList = ((void* )0); } } while (0); | |||
2418 | CERT_DestroyOidSequence(extKeyUsage); | |||
2419 | ||||
2420 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2421 | } | |||
2422 | ||||
2423 | /* | |||
2424 | * FUNCTION: PKIX_PL_Cert_GetBasicConstraints | |||
2425 | * (see comments in pkix_pl_pki.h) | |||
2426 | */ | |||
2427 | PKIX_Error * | |||
2428 | PKIX_PL_Cert_GetBasicConstraints( | |||
2429 | PKIX_PL_Cert *cert, | |||
2430 | PKIX_PL_CertBasicConstraints **pBasicConstraints, | |||
2431 | void *plContext) | |||
2432 | { | |||
2433 | CERTCertificate *nssCert = NULL((void*)0); | |||
2434 | CERTBasicConstraints nssBasicConstraint; | |||
2435 | SECStatus rv; | |||
2436 | PKIX_PL_CertBasicConstraints *basic; | |||
2437 | PKIX_Int32 pathLen = 0; | |||
2438 | PKIX_Boolean isCA = PKIX_FALSE((PKIX_Boolean) 0); | |||
2439 | enum { | |||
2440 | realBC, synthBC, absentBC | |||
2441 | } constraintSource = absentBC; | |||
2442 | ||||
2443 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetBasicConstraints")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetBasicConstraints" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2444 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pBasicConstraints)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pBasicConstraints) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2445 | ||||
2446 | /* if we don't have a cached copy from before, we create one */ | |||
2447 | if ((cert->certBasicConstraints == NULL((void*)0)) && | |||
2448 | (!cert->basicConstraintsAbsent)) { | |||
2449 | ||||
2450 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2451 | ||||
2452 | if ((cert->certBasicConstraints == NULL((void*)0)) && | |||
2453 | (!cert->basicConstraintsAbsent)) { | |||
2454 | ||||
2455 | nssCert = cert->nssCert; | |||
2456 | ||||
2457 | PKIX_CERT_DEBUG( | |||
2458 | "\t\tCalling Cert_FindBasicConstraintExten\n"); | |||
2459 | rv = CERT_FindBasicConstraintExten | |||
2460 | (nssCert, &nssBasicConstraint); | |||
2461 | if (rv == SECSuccess) { | |||
2462 | constraintSource = realBC; | |||
2463 | } | |||
2464 | ||||
2465 | if (constraintSource == absentBC) { | |||
2466 | /* can we deduce it's a CA and create a | |||
2467 | synthetic constraint? | |||
2468 | */ | |||
2469 | CERTCertTrust trust; | |||
2470 | rv = CERT_GetCertTrust(nssCert, &trust); | |||
2471 | if (rv == SECSuccess) { | |||
2472 | int anyWantedFlag = CERTDB_TRUSTED_CA(1u << 4) | CERTDB_VALID_CA(1u << 3); | |||
2473 | if ((trust.sslFlags & anyWantedFlag) | |||
2474 | || (trust.emailFlags & anyWantedFlag) | |||
2475 | || (trust.objectSigningFlags & anyWantedFlag)) { | |||
2476 | ||||
2477 | constraintSource = synthBC; | |||
2478 | } | |||
2479 | } | |||
2480 | } | |||
2481 | ||||
2482 | if (constraintSource == absentBC) { | |||
2483 | cert->basicConstraintsAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
2484 | *pBasicConstraints = NULL((void*)0); | |||
2485 | goto cleanup; | |||
2486 | } | |||
2487 | } | |||
2488 | ||||
2489 | if (constraintSource
| |||
2490 | isCA = PKIX_TRUE((PKIX_Boolean) 1); | |||
2491 | pathLen = PKIX_UNLIMITED_PATH_CONSTRAINT((PKIX_Int32) -1); | |||
2492 | } else { | |||
2493 | isCA = (nssBasicConstraint.isCA)?PKIX_TRUE((PKIX_Boolean) 1):PKIX_FALSE((PKIX_Boolean) 0); | |||
| ||||
2494 | ||||
2495 | /* The pathLen has meaning only for CAs */ | |||
2496 | if (isCA) { | |||
2497 | if (CERT_UNLIMITED_PATH_CONSTRAINT-2 == | |||
2498 | nssBasicConstraint.pathLenConstraint) { | |||
2499 | pathLen = PKIX_UNLIMITED_PATH_CONSTRAINT((PKIX_Int32) -1); | |||
2500 | } else { | |||
2501 | pathLen = nssBasicConstraint.pathLenConstraint; | |||
2502 | } | |||
2503 | } | |||
2504 | } | |||
2505 | ||||
2506 | PKIX_CHECK(pkix_pl_CertBasicConstraints_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertBasicConstraints_Create (isCA, pathLen, &basic, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTBASICCONSTRAINTSCREATEFAILED ; goto cleanup; } } while (0) | |||
2507 | (isCA, pathLen, &basic, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertBasicConstraints_Create (isCA, pathLen, &basic, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTBASICCONSTRAINTSCREATEFAILED ; goto cleanup; } } while (0) | |||
2508 | PKIX_CERTBASICCONSTRAINTSCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertBasicConstraints_Create (isCA, pathLen, &basic, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTBASICCONSTRAINTSCREATEFAILED ; goto cleanup; } } while (0); | |||
2509 | ||||
2510 | /* save a cached copy in case it is asked for again */ | |||
2511 | cert->certBasicConstraints = basic; | |||
2512 | } | |||
2513 | ||||
2514 | PKIX_INCREF(cert->certBasicConstraints)do { if (cert->certBasicConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->certBasicConstraints ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while (0); | |||
2515 | *pBasicConstraints = cert->certBasicConstraints; | |||
2516 | ||||
2517 | cleanup: | |||
2518 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2518)); } } while (0); | |||
2519 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2520 | } | |||
2521 | ||||
2522 | /* | |||
2523 | * FUNCTION: PKIX_PL_Cert_GetPolicyInformation | |||
2524 | * (see comments in pkix_pl_pki.h) | |||
2525 | */ | |||
2526 | PKIX_Error * | |||
2527 | PKIX_PL_Cert_GetPolicyInformation( | |||
2528 | PKIX_PL_Cert *cert, | |||
2529 | PKIX_List **pPolicyInfo, | |||
2530 | void *plContext) | |||
2531 | { | |||
2532 | PKIX_List *policyList = NULL((void*)0); | |||
2533 | ||||
2534 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyInformation")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetPolicyInformation" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2535 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPolicyInfo)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pPolicyInfo) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2536 | ||||
2537 | /* if we don't have a cached copy from before, we create one */ | |||
2538 | if ((cert->certPolicyInfos == NULL((void*)0)) && | |||
2539 | (!cert->policyInfoAbsent)) { | |||
2540 | ||||
2541 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2542 | ||||
2543 | if ((cert->certPolicyInfos == NULL((void*)0)) && | |||
2544 | (!cert->policyInfoAbsent)) { | |||
2545 | ||||
2546 | PKIX_CHECK(pkix_pl_Cert_DecodePolicyInfodo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyInfo (cert->nssCert, &policyList, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYINFOFAILED ; goto cleanup; } } while (0) | |||
2547 | (cert->nssCert, &policyList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyInfo (cert->nssCert, &policyList, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYINFOFAILED ; goto cleanup; } } while (0) | |||
2548 | PKIX_CERTDECODEPOLICYINFOFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyInfo (cert->nssCert, &policyList, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYINFOFAILED ; goto cleanup; } } while (0); | |||
2549 | ||||
2550 | if (!policyList) { | |||
2551 | cert->policyInfoAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
2552 | *pPolicyInfo = NULL((void*)0); | |||
2553 | goto cleanup; | |||
2554 | } | |||
2555 | } | |||
2556 | ||||
2557 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2557)); } } while (0); | |||
2558 | ||||
2559 | /* save a cached copy in case it is asked for again */ | |||
2560 | cert->certPolicyInfos = policyList; | |||
2561 | policyList = NULL((void*)0); | |||
2562 | } | |||
2563 | ||||
2564 | PKIX_INCREF(cert->certPolicyInfos)do { if (cert->certPolicyInfos){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->certPolicyInfos ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while (0); | |||
2565 | *pPolicyInfo = cert->certPolicyInfos; | |||
2566 | ||||
2567 | cleanup: | |||
2568 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2568)); } } while (0); | |||
2569 | ||||
2570 | PKIX_DECREF(policyList)do { if (policyList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(policyList), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } policyList = ((void *)0); } } while (0); | |||
2571 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2572 | } | |||
2573 | ||||
2574 | /* | |||
2575 | * FUNCTION: PKIX_PL_Cert_GetPolicyMappings (see comments in pkix_pl_pki.h) | |||
2576 | */ | |||
2577 | PKIX_Error * | |||
2578 | PKIX_PL_Cert_GetPolicyMappings( | |||
2579 | PKIX_PL_Cert *cert, | |||
2580 | PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */ | |||
2581 | void *plContext) | |||
2582 | { | |||
2583 | PKIX_List *policyMappings = NULL((void*)0); /* list of PKIX_PL_CertPolicyMap */ | |||
2584 | ||||
2585 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyMappings")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetPolicyMappings" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2586 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPolicyMappings)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pPolicyMappings) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2587 | ||||
2588 | /* if we don't have a cached copy from before, we create one */ | |||
2589 | if (!(cert->certPolicyMappings) && !(cert->policyMappingsAbsent)) { | |||
2590 | ||||
2591 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2592 | ||||
2593 | if (!(cert->certPolicyMappings) && | |||
2594 | !(cert->policyMappingsAbsent)) { | |||
2595 | ||||
2596 | PKIX_CHECK(pkix_pl_Cert_DecodePolicyMappingdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyMapping (cert->nssCert, &policyMappings, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYMAPPINGFAILED ; goto cleanup; } } while (0) | |||
2597 | (cert->nssCert, &policyMappings, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyMapping (cert->nssCert, &policyMappings, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYMAPPINGFAILED ; goto cleanup; } } while (0) | |||
2598 | PKIX_CERTDECODEPOLICYMAPPINGFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyMapping (cert->nssCert, &policyMappings, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYMAPPINGFAILED ; goto cleanup; } } while (0); | |||
2599 | ||||
2600 | if (!policyMappings) { | |||
2601 | cert->policyMappingsAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
2602 | *pPolicyMappings = NULL((void*)0); | |||
2603 | goto cleanup; | |||
2604 | } | |||
2605 | } | |||
2606 | ||||
2607 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2607)); } } while (0); | |||
2608 | ||||
2609 | /* save a cached copy in case it is asked for again */ | |||
2610 | cert->certPolicyMappings = policyMappings; | |||
2611 | policyMappings = NULL((void*)0); | |||
2612 | } | |||
2613 | ||||
2614 | PKIX_INCREF(cert->certPolicyMappings)do { if (cert->certPolicyMappings){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->certPolicyMappings ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while (0); | |||
2615 | *pPolicyMappings = cert->certPolicyMappings; | |||
2616 | ||||
2617 | cleanup: | |||
2618 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2618)); } } while (0); | |||
2619 | ||||
2620 | PKIX_DECREF(policyMappings)do { if (policyMappings){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(policyMappings), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } policyMappings = ((void*)0); } } while (0); | |||
2621 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2622 | } | |||
2623 | ||||
2624 | /* | |||
2625 | * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy | |||
2626 | * (see comments in pkix_pl_pki.h) | |||
2627 | */ | |||
2628 | PKIX_Error * | |||
2629 | PKIX_PL_Cert_GetRequireExplicitPolicy( | |||
2630 | PKIX_PL_Cert *cert, | |||
2631 | PKIX_Int32 *pSkipCerts, | |||
2632 | void *plContext) | |||
2633 | { | |||
2634 | PKIX_Int32 explicitPolicySkipCerts = 0; | |||
2635 | PKIX_Int32 inhibitMappingSkipCerts = 0; | |||
2636 | ||||
2637 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetRequireExplicitPolicy")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetRequireExplicitPolicy" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2638 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pSkipCerts) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2639 | ||||
2640 | if (!(cert->policyConstraintsProcessed)) { | |||
2641 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2642 | ||||
2643 | if (!(cert->policyConstraintsProcessed)) { | |||
2644 | ||||
2645 | /* | |||
2646 | * If we can't process it now, we probably will be | |||
2647 | * unable to process it later. Set the default value. | |||
2648 | */ | |||
2649 | cert->policyConstraintsProcessed = PKIX_TRUE((PKIX_Boolean) 1); | |||
2650 | cert->policyConstraintsExplicitPolicySkipCerts = -1; | |||
2651 | cert->policyConstraintsInhibitMappingSkipCerts = -1; | |||
2652 | ||||
2653 | PKIX_CHECK(pkix_pl_Cert_DecodePolicyConstraintsdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2654 | (cert->nssCert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2655 | &explicitPolicySkipCerts,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2656 | &inhibitMappingSkipCerts,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2657 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2658 | PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0); | |||
2659 | ||||
2660 | cert->policyConstraintsExplicitPolicySkipCerts = | |||
2661 | explicitPolicySkipCerts; | |||
2662 | cert->policyConstraintsInhibitMappingSkipCerts = | |||
2663 | inhibitMappingSkipCerts; | |||
2664 | } | |||
2665 | ||||
2666 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2666)); } } while (0); | |||
2667 | } | |||
2668 | ||||
2669 | *pSkipCerts = cert->policyConstraintsExplicitPolicySkipCerts; | |||
2670 | ||||
2671 | cleanup: | |||
2672 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2672)); } } while (0); | |||
2673 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2674 | } | |||
2675 | ||||
2676 | /* | |||
2677 | * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited | |||
2678 | * (see comments in pkix_pl_pki.h) | |||
2679 | */ | |||
2680 | PKIX_Error * | |||
2681 | PKIX_PL_Cert_GetPolicyMappingInhibited( | |||
2682 | PKIX_PL_Cert *cert, | |||
2683 | PKIX_Int32 *pSkipCerts, | |||
2684 | void *plContext) | |||
2685 | { | |||
2686 | PKIX_Int32 explicitPolicySkipCerts = 0; | |||
2687 | PKIX_Int32 inhibitMappingSkipCerts = 0; | |||
2688 | ||||
2689 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyMappingInhibited")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetPolicyMappingInhibited" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2690 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pSkipCerts) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2691 | ||||
2692 | if (!(cert->policyConstraintsProcessed)) { | |||
2693 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2694 | ||||
2695 | if (!(cert->policyConstraintsProcessed)) { | |||
2696 | ||||
2697 | /* | |||
2698 | * If we can't process it now, we probably will be | |||
2699 | * unable to process it later. Set the default value. | |||
2700 | */ | |||
2701 | cert->policyConstraintsProcessed = PKIX_TRUE((PKIX_Boolean) 1); | |||
2702 | cert->policyConstraintsExplicitPolicySkipCerts = -1; | |||
2703 | cert->policyConstraintsInhibitMappingSkipCerts = -1; | |||
2704 | ||||
2705 | PKIX_CHECK(pkix_pl_Cert_DecodePolicyConstraintsdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2706 | (cert->nssCert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2707 | &explicitPolicySkipCerts,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2708 | &inhibitMappingSkipCerts,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2709 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0) | |||
2710 | PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodePolicyConstraints (cert->nssCert, &explicitPolicySkipCerts, &inhibitMappingSkipCerts , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED; goto cleanup; } } while (0); | |||
2711 | ||||
2712 | cert->policyConstraintsExplicitPolicySkipCerts = | |||
2713 | explicitPolicySkipCerts; | |||
2714 | cert->policyConstraintsInhibitMappingSkipCerts = | |||
2715 | inhibitMappingSkipCerts; | |||
2716 | } | |||
2717 | ||||
2718 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2718)); } } while (0); | |||
2719 | } | |||
2720 | ||||
2721 | *pSkipCerts = cert->policyConstraintsInhibitMappingSkipCerts; | |||
2722 | ||||
2723 | cleanup: | |||
2724 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2724)); } } while (0); | |||
2725 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2726 | } | |||
2727 | ||||
2728 | /* | |||
2729 | * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy (see comments in pkix_pl_pki.h) | |||
2730 | */ | |||
2731 | PKIX_Error * | |||
2732 | PKIX_PL_Cert_GetInhibitAnyPolicy( | |||
2733 | PKIX_PL_Cert *cert, | |||
2734 | PKIX_Int32 *pSkipCerts, | |||
2735 | void *plContext) | |||
2736 | { | |||
2737 | PKIX_Int32 skipCerts = 0; | |||
2738 | ||||
2739 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetInhibitAnyPolicy")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetInhibitAnyPolicy" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2740 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pSkipCerts) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2741 | ||||
2742 | if (!(cert->inhibitAnyPolicyProcessed)) { | |||
2743 | ||||
2744 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
2745 | ||||
2746 | if (!(cert->inhibitAnyPolicyProcessed)) { | |||
2747 | ||||
2748 | /* | |||
2749 | * If we can't process it now, we probably will be | |||
2750 | * unable to process it later. Set the default value. | |||
2751 | */ | |||
2752 | cert->inhibitAnyPolicyProcessed = PKIX_TRUE((PKIX_Boolean) 1); | |||
2753 | cert->inhibitAnySkipCerts = -1; | |||
2754 | ||||
2755 | PKIX_CHECK(pkix_pl_Cert_DecodeInhibitAnyPolicydo { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodeInhibitAnyPolicy (cert->nssCert, &skipCerts, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEINHIBITANYPOLICYFAILED ; goto cleanup; } } while (0) | |||
2756 | (cert->nssCert, &skipCerts, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodeInhibitAnyPolicy (cert->nssCert, &skipCerts, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEINHIBITANYPOLICYFAILED ; goto cleanup; } } while (0) | |||
2757 | PKIX_CERTDECODEINHIBITANYPOLICYFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_DecodeInhibitAnyPolicy (cert->nssCert, &skipCerts, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTDECODEINHIBITANYPOLICYFAILED ; goto cleanup; } } while (0); | |||
2758 | ||||
2759 | cert->inhibitAnySkipCerts = skipCerts; | |||
2760 | } | |||
2761 | ||||
2762 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,2762)); } } while (0); | |||
2763 | } | |||
2764 | ||||
2765 | cleanup: | |||
2766 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",2766)); } } while (0); | |||
2767 | *pSkipCerts = cert->inhibitAnySkipCerts; | |||
2768 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2769 | } | |||
2770 | ||||
2771 | /* | |||
2772 | * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical | |||
2773 | * (see comments in pkix_pl_pki.h) | |||
2774 | */ | |||
2775 | PKIX_Error * | |||
2776 | PKIX_PL_Cert_AreCertPoliciesCritical( | |||
2777 | PKIX_PL_Cert *cert, | |||
2778 | PKIX_Boolean *pCritical, | |||
2779 | void *plContext) | |||
2780 | { | |||
2781 | PKIX_Boolean criticality = PKIX_FALSE((PKIX_Boolean) 0); | |||
2782 | ||||
2783 | PKIX_ENTER(CERT, "PKIX_PL_Cert_AreCertPoliciesCritical")static const char cMyFuncName[] = {"PKIX_PL_Cert_AreCertPoliciesCritical" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2784 | PKIX_NULLCHECK_TWO(cert, pCritical)do { if (((cert) == ((void*)0)) || ((pCritical) == ((void*)0) )){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
2785 | ||||
2786 | PKIX_CHECK(pkix_pl_Cert_IsExtensionCritical(do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical ( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while (0) | |||
2787 | cert,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical ( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while (0) | |||
2788 | SEC_OID_X509_CERTIFICATE_POLICIES,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical ( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while (0) | |||
2789 | &criticality,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical ( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while (0) | |||
2790 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical ( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while (0) | |||
2791 | PKIX_CERTISEXTENSIONCRITICALFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_IsExtensionCritical ( cert, SEC_OID_X509_CERTIFICATE_POLICIES, &criticality, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISEXTENSIONCRITICALFAILED; goto cleanup; } } while (0); | |||
2792 | ||||
2793 | *pCritical = criticality; | |||
2794 | ||||
2795 | cleanup: | |||
2796 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2797 | } | |||
2798 | ||||
2799 | /* | |||
2800 | * FUNCTION: PKIX_PL_Cert_VerifySignature (see comments in pkix_pl_pki.h) | |||
2801 | */ | |||
2802 | PKIX_Error * | |||
2803 | PKIX_PL_Cert_VerifySignature( | |||
2804 | PKIX_PL_Cert *cert, | |||
2805 | PKIX_PL_PublicKey *pubKey, | |||
2806 | void *plContext) | |||
2807 | { | |||
2808 | CERTCertificate *nssCert = NULL((void*)0); | |||
2809 | SECKEYPublicKey *nssPubKey = NULL((void*)0); | |||
2810 | CERTSignedData *tbsCert = NULL((void*)0); | |||
2811 | PKIX_PL_Cert *cachedCert = NULL((void*)0); | |||
2812 | PKIX_Error *verifySig = NULL((void*)0); | |||
2813 | PKIX_Error *cachedSig = NULL((void*)0); | |||
2814 | PKIX_Error *checkSig = NULL((void*)0); | |||
2815 | SECStatus status; | |||
2816 | PKIX_Boolean certEqual = PKIX_FALSE((PKIX_Boolean) 0); | |||
2817 | PKIX_Boolean certInHash = PKIX_FALSE((PKIX_Boolean) 0); | |||
2818 | PKIX_Boolean checkCertSig = PKIX_TRUE((PKIX_Boolean) 1); | |||
2819 | void* wincx = NULL((void*)0); | |||
2820 | ||||
2821 | PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifySignature")static const char cMyFuncName[] = {"PKIX_PL_Cert_VerifySignature" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2822 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pubKey)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pubKey) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2823 | ||||
2824 | /* if the cert check flag is off, skip the check */ | |||
2825 | checkSig = pkix_pl_NssContext_GetCertSignatureCheck( | |||
2826 | (PKIX_PL_NssContext *)plContext, &checkCertSig); | |||
2827 | if ((checkCertSig == PKIX_FALSE((PKIX_Boolean) 0)) && (checkSig == NULL((void*)0))) { | |||
2828 | goto cleanup; | |||
2829 | } | |||
2830 | ||||
2831 | verifySig = PKIX_PL_HashTable_Lookup | |||
2832 | (cachedCertSigTable, | |||
2833 | (PKIX_PL_Object *) pubKey, | |||
2834 | (PKIX_PL_Object **) &cachedCert, | |||
2835 | plContext); | |||
2836 | ||||
2837 | if (cachedCert != NULL((void*)0) && verifySig == NULL((void*)0)) { | |||
2838 | /* Cached Signature Table lookup succeed */ | |||
2839 | PKIX_EQUALS(cert, cachedCert, &certEqual, plContext,do { if ((cert) != ((void*)0) && (cachedCert) != ((void *)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals ((PKIX_PL_Object *)(cert), (PKIX_PL_Object*)(cachedCert), (& certEqual), (plContext))); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup; } } while (0); } else if ((cert) == ((void*)0) && (cachedCert ) == ((void*)0)) { *(&certEqual) = ((PKIX_Boolean) 1); } else { *(&certEqual) = ((PKIX_Boolean) 0); } } while (0) | |||
2840 | PKIX_OBJECTEQUALSFAILED)do { if ((cert) != ((void*)0) && (cachedCert) != ((void *)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals ((PKIX_PL_Object *)(cert), (PKIX_PL_Object*)(cachedCert), (& certEqual), (plContext))); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup; } } while (0); } else if ((cert) == ((void*)0) && (cachedCert ) == ((void*)0)) { *(&certEqual) = ((PKIX_Boolean) 1); } else { *(&certEqual) = ((PKIX_Boolean) 0); } } while (0); | |||
2841 | if (certEqual == PKIX_TRUE((PKIX_Boolean) 1)) { | |||
2842 | goto cleanup; | |||
2843 | } | |||
2844 | /* Different PubKey may hash to same value, skip add */ | |||
2845 | certInHash = PKIX_TRUE((PKIX_Boolean) 1); | |||
2846 | } | |||
2847 | ||||
2848 | nssCert = cert->nssCert; | |||
2849 | tbsCert = &nssCert->signatureWrap; | |||
2850 | ||||
2851 | PKIX_CERT_DEBUG("\t\tCalling SECKEY_ExtractPublicKey).\n"); | |||
2852 | nssPubKey = SECKEY_ExtractPublicKey(pubKey->nssSPKI); | |||
2853 | if (!nssPubKey){ | |||
2854 | PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_SECKEYEXTRACTPUBLICKEYFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_SECKEYEXTRACTPUBLICKEYFAILED ; goto cleanup; }; | |||
2855 | } | |||
2856 | ||||
2857 | PKIX_CERT_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey).\n"); | |||
2858 | ||||
2859 | PKIX_CHECK(pkix_pl_NssContext_GetWincxdo { stdVars.aPkixErrorResult = (pkix_pl_NssContext_GetWincx ( (PKIX_PL_NssContext *)plContext, &wincx)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_NSSCONTEXTGETWINCXFAILED; goto cleanup; } } while (0) | |||
2860 | ((PKIX_PL_NssContext *)plContext, &wincx),do { stdVars.aPkixErrorResult = (pkix_pl_NssContext_GetWincx ( (PKIX_PL_NssContext *)plContext, &wincx)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_NSSCONTEXTGETWINCXFAILED; goto cleanup; } } while (0) | |||
2861 | PKIX_NSSCONTEXTGETWINCXFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_NssContext_GetWincx ( (PKIX_PL_NssContext *)plContext, &wincx)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_NSSCONTEXTGETWINCXFAILED; goto cleanup; } } while (0); | |||
2862 | ||||
2863 | status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx); | |||
2864 | ||||
2865 | if (status != SECSuccess) { | |||
2866 | if (PORT_GetErrorPORT_GetError_Util() != SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) { | |||
2867 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_SIGNATURE); | |||
2868 | } | |||
2869 | PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY, ((void*)0), stdVars .aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY ; goto cleanup; }; | |||
2870 | } | |||
2871 | ||||
2872 | if (certInHash == PKIX_FALSE((PKIX_Boolean) 0)) { | |||
2873 | cachedSig = PKIX_PL_HashTable_Add | |||
2874 | (cachedCertSigTable, | |||
2875 | (PKIX_PL_Object *) pubKey, | |||
2876 | (PKIX_PL_Object *) cert, | |||
2877 | plContext); | |||
2878 | ||||
2879 | if (cachedSig != NULL((void*)0)) { | |||
2880 | PKIX_DEBUG("PKIX_PL_HashTable_Add skipped: entry existed\n")do { do { if (pkixLoggersErrors) { pkix_Logger_Check(pkixLoggersDebugTrace , stdVars.aMyFuncName, "PKIX_PL_HashTable_Add skipped: entry existed\n" , stdVars.aPkixType, 4, plContext); } } while (0); (void) fprintf (stderr, "(%s: ", stdVars.aMyFuncName); (void) fprintf(stderr , "PKIX_PL_HashTable_Add skipped: entry existed\n"); } while ( 0); | |||
2881 | } | |||
2882 | } | |||
2883 | ||||
2884 | cleanup: | |||
2885 | if (nssPubKey){ | |||
2886 | PKIX_CERT_DEBUG("\t\tCalling SECKEY_DestroyPublicKey).\n"); | |||
2887 | SECKEY_DestroyPublicKey(nssPubKey); | |||
2888 | } | |||
2889 | ||||
2890 | PKIX_DECREF(cachedCert)do { if (cachedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cachedCert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } cachedCert = ((void *)0); } } while (0); | |||
2891 | PKIX_DECREF(checkSig)do { if (checkSig){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkSig), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checkSig = ((void* )0); } } while (0); | |||
2892 | PKIX_DECREF(verifySig)do { if (verifySig){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(verifySig), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } verifySig = ((void *)0); } } while (0); | |||
2893 | PKIX_DECREF(cachedSig)do { if (cachedSig){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cachedSig), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } cachedSig = ((void *)0); } } while (0); | |||
2894 | ||||
2895 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2896 | } | |||
2897 | ||||
2898 | /* | |||
2899 | * FUNCTION: PKIX_PL_Cert_CheckValidity (see comments in pkix_pl_pki.h) | |||
2900 | */ | |||
2901 | PKIX_Error * | |||
2902 | PKIX_PL_Cert_CheckValidity( | |||
2903 | PKIX_PL_Cert *cert, | |||
2904 | PKIX_PL_Date *date, | |||
2905 | void *plContext) | |||
2906 | { | |||
2907 | SECCertTimeValidity val; | |||
2908 | PRTime timeToCheck; | |||
2909 | PKIX_Boolean allowOverride; | |||
2910 | SECCertificateUsage requiredUsages; | |||
2911 | ||||
2912 | PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckValidity")static const char cMyFuncName[] = {"PKIX_PL_Cert_CheckValidity" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2913 | PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
2914 | ||||
2915 | /* if the caller supplies a date, we use it; else, use current time */ | |||
2916 | if (date != NULL((void*)0)){ | |||
2917 | PKIX_CHECK(pkix_pl_Date_GetPRTimedo { stdVars.aPkixErrorResult = (pkix_pl_Date_GetPRTime (date , &timeToCheck, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_DATEGETPRTIMEFAILED; goto cleanup ; } } while (0) | |||
2918 | (date, &timeToCheck, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Date_GetPRTime (date , &timeToCheck, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_DATEGETPRTIMEFAILED; goto cleanup ; } } while (0) | |||
2919 | PKIX_DATEGETPRTIMEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Date_GetPRTime (date , &timeToCheck, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_DATEGETPRTIMEFAILED; goto cleanup ; } } while (0); | |||
2920 | } else { | |||
2921 | timeToCheck = PR_Now(); | |||
2922 | } | |||
2923 | ||||
2924 | requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage; | |||
2925 | allowOverride = | |||
2926 | (PRBool)((requiredUsages & certificateUsageSSLServer(0x0002)) || | |||
2927 | (requiredUsages & certificateUsageSSLServerWithStepUp(0x0004)) || | |||
2928 | (requiredUsages & certificateUsageIPsec(0x1000))); | |||
2929 | val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride); | |||
2930 | if (val != secCertTimeValid){ | |||
2931 | PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTCHECKCERTVALIDTIMESFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CERTCHECKCERTVALIDTIMESFAILED ; goto cleanup; }; | |||
2932 | } | |||
2933 | ||||
2934 | cleanup: | |||
2935 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2936 | } | |||
2937 | ||||
2938 | /* | |||
2939 | * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter (see comments in pkix_pl_pki.h) | |||
2940 | */ | |||
2941 | PKIX_Error * | |||
2942 | PKIX_PL_Cert_GetValidityNotAfter( | |||
2943 | PKIX_PL_Cert *cert, | |||
2944 | PKIX_PL_Date **pDate, | |||
2945 | void *plContext) | |||
2946 | { | |||
2947 | PRTime prtime; | |||
2948 | SECStatus rv = SECFailure; | |||
2949 | ||||
2950 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetValidityNotAfter")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetValidityNotAfter" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2951 | PKIX_NULLCHECK_TWO(cert, pDate)do { if (((cert) == ((void*)0)) || ((pDate) == ((void*)0))){ stdVars .aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR ), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
2952 | ||||
2953 | PKIX_DATE_DEBUG("\t\tCalling DER_DecodeTimeChoice).\n"); | |||
2954 | rv = DER_DecodeTimeChoiceDER_DecodeTimeChoice_Util(&prtime, &(cert->nssCert->validity.notAfter)); | |||
2955 | if (rv != SECSuccess){ | |||
2956 | PKIX_ERROR(PKIX_DERDECODETIMECHOICEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_DERDECODETIMECHOICEFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_DERDECODETIMECHOICEFAILED ; goto cleanup; }; | |||
2957 | } | |||
2958 | ||||
2959 | PKIX_CHECK(pkix_pl_Date_CreateFromPRTimedo { stdVars.aPkixErrorResult = (pkix_pl_Date_CreateFromPRTime (prtime, pDate, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_DATECREATEFROMPRTIMEFAILED; goto cleanup; } } while (0) | |||
2960 | (prtime, pDate, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Date_CreateFromPRTime (prtime, pDate, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_DATECREATEFROMPRTIMEFAILED; goto cleanup; } } while (0) | |||
2961 | PKIX_DATECREATEFROMPRTIMEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Date_CreateFromPRTime (prtime, pDate, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_DATECREATEFROMPRTIMEFAILED; goto cleanup; } } while (0); | |||
2962 | ||||
2963 | cleanup: | |||
2964 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
2965 | } | |||
2966 | ||||
2967 | /* | |||
2968 | * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType (see comments in pkix_pl_pki.h) | |||
2969 | */ | |||
2970 | PKIX_Error * | |||
2971 | PKIX_PL_Cert_VerifyCertAndKeyType( | |||
2972 | PKIX_PL_Cert *cert, | |||
2973 | PKIX_Boolean isChainCert, | |||
2974 | void *plContext) | |||
2975 | { | |||
2976 | PKIX_PL_CertBasicConstraints *basicConstraints = NULL((void*)0); | |||
2977 | SECCertificateUsage certificateUsage; | |||
2978 | SECCertUsage certUsage = 0; | |||
2979 | unsigned int requiredKeyUsage; | |||
2980 | unsigned int requiredCertType; | |||
2981 | unsigned int certType; | |||
2982 | SECStatus rv = SECSuccess; | |||
2983 | ||||
2984 | PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifyCertType")static const char cMyFuncName[] = {"PKIX_PL_Cert_VerifyCertType" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
2985 | PKIX_NULLCHECK_TWO(cert, plContext)do { if (((cert) == ((void*)0)) || ((plContext) == ((void*)0) )){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
2986 | ||||
2987 | certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage; | |||
2988 | ||||
2989 | /* ensure we obtained a single usage bit only */ | |||
2990 | PORT_Assert(!(certificateUsage & (certificateUsage - 1)))((!(certificateUsage & (certificateUsage - 1)))?((void)0) :PR_Assert("!(certificateUsage & (certificateUsage - 1))" ,"pkix_pl_cert.c",2990)); | |||
2991 | ||||
2992 | /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */ | |||
2993 | while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; } | |||
2994 | ||||
2995 | /* check key usage and netscape cert type */ | |||
2996 | cert_GetCertType(cert->nssCert); | |||
2997 | certType = cert->nssCert->nsCertType; | |||
2998 | if (isChainCert || | |||
2999 | (certUsage != certUsageVerifyCA && certUsage != certUsageAnyCA)) { | |||
3000 | rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, isChainCert, | |||
3001 | &requiredKeyUsage, | |||
3002 | &requiredCertType); | |||
3003 | if (rv == SECFailure) { | |||
3004 | PKIX_ERROR(PKIX_UNSUPPORTEDCERTUSAGE){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_UNSUPPORTEDCERTUSAGE, ((void*)0), stdVars.aPkixType, 2 , plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_UNSUPPORTEDCERTUSAGE; goto cleanup; }; | |||
3005 | } | |||
3006 | } else { | |||
3007 | /* use this key usage and cert type for certUsageAnyCA and | |||
3008 | * certUsageVerifyCA. */ | |||
3009 | requiredKeyUsage = KU_KEY_CERT_SIGN(0x04); | |||
3010 | requiredCertType = NS_CERT_TYPE_CA((0x04) | (0x02) | (0x01) | (0x4000) | (0x200)); | |||
3011 | } | |||
3012 | if (CERT_CheckKeyUsage(cert->nssCert, requiredKeyUsage) != SECSuccess) { | |||
3013 | PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTCHECKKEYUSAGEFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CERTCHECKKEYUSAGEFAILED; goto cleanup; }; | |||
3014 | } | |||
3015 | if (!(certType & requiredCertType)) { | |||
3016 | PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTCHECKCERTTYPEFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CERTCHECKCERTTYPEFAILED; goto cleanup; }; | |||
3017 | } | |||
3018 | cleanup: | |||
3019 | PKIX_DECREF(basicConstraints)do { if (basicConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(basicConstraints), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } basicConstraints = ((void*)0); } } while (0); | |||
3020 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3021 | } | |||
3022 | ||||
3023 | /* | |||
3024 | * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage (see comments in pkix_pl_pki.h) | |||
3025 | */ | |||
3026 | PKIX_Error * | |||
3027 | PKIX_PL_Cert_VerifyKeyUsage( | |||
3028 | PKIX_PL_Cert *cert, | |||
3029 | PKIX_UInt32 keyUsage, | |||
3030 | void *plContext) | |||
3031 | { | |||
3032 | CERTCertificate *nssCert = NULL((void*)0); | |||
3033 | PKIX_UInt32 nssKeyUsage = 0; | |||
3034 | SECStatus status; | |||
3035 | ||||
3036 | PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifyKeyUsage")static const char cMyFuncName[] = {"PKIX_PL_Cert_VerifyKeyUsage" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3037 | PKIX_NULLCHECK_TWO(cert, cert->nssCert)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
3038 | ||||
3039 | nssCert = cert->nssCert; | |||
3040 | ||||
3041 | /* if cert doesn't have keyUsage extension, all keyUsages are valid */ | |||
3042 | if (!nssCert->keyUsagePresent){ | |||
3043 | goto cleanup; | |||
3044 | } | |||
3045 | ||||
3046 | if (keyUsage & PKIX_DIGITAL_SIGNATURE0x001){ | |||
3047 | nssKeyUsage = nssKeyUsage | KU_DIGITAL_SIGNATURE(0x80); | |||
3048 | } | |||
3049 | ||||
3050 | if (keyUsage & PKIX_NON_REPUDIATION0x002){ | |||
3051 | nssKeyUsage = nssKeyUsage | KU_NON_REPUDIATION(0x40); | |||
3052 | } | |||
3053 | ||||
3054 | if (keyUsage & PKIX_KEY_ENCIPHERMENT0x004){ | |||
3055 | nssKeyUsage = nssKeyUsage | KU_KEY_ENCIPHERMENT(0x20); | |||
3056 | } | |||
3057 | ||||
3058 | if (keyUsage & PKIX_DATA_ENCIPHERMENT0x008){ | |||
3059 | nssKeyUsage = nssKeyUsage | KU_DATA_ENCIPHERMENT(0x10); | |||
3060 | } | |||
3061 | ||||
3062 | if (keyUsage & PKIX_KEY_AGREEMENT0x010){ | |||
3063 | nssKeyUsage = nssKeyUsage | KU_KEY_AGREEMENT(0x08); | |||
3064 | } | |||
3065 | ||||
3066 | if (keyUsage & PKIX_KEY_CERT_SIGN0x020){ | |||
3067 | nssKeyUsage = nssKeyUsage | KU_KEY_CERT_SIGN(0x04); | |||
3068 | } | |||
3069 | ||||
3070 | if (keyUsage & PKIX_CRL_SIGN0x040){ | |||
3071 | nssKeyUsage = nssKeyUsage | KU_CRL_SIGN(0x02); | |||
3072 | } | |||
3073 | ||||
3074 | if (keyUsage & PKIX_ENCIPHER_ONLY0x080){ | |||
3075 | nssKeyUsage = nssKeyUsage | 0x01; | |||
3076 | } | |||
3077 | ||||
3078 | if (keyUsage & PKIX_DECIPHER_ONLY0x100){ | |||
3079 | /* XXX we should support this once it is fixed in NSS */ | |||
3080 | PKIX_ERROR(PKIX_DECIPHERONLYKEYUSAGENOTSUPPORTED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_DECIPHERONLYKEYUSAGENOTSUPPORTED, ((void*)0), stdVars. aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (( PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_DECIPHERONLYKEYUSAGENOTSUPPORTED ; goto cleanup; }; | |||
3081 | } | |||
3082 | ||||
3083 | status = CERT_CheckKeyUsage(nssCert, nssKeyUsage); | |||
3084 | if (status != SECSuccess) { | |||
3085 | PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTCHECKKEYUSAGEFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CERTCHECKKEYUSAGEFAILED; goto cleanup; }; | |||
3086 | } | |||
3087 | ||||
3088 | cleanup: | |||
3089 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3090 | } | |||
3091 | ||||
3092 | /* | |||
3093 | * FUNCTION: PKIX_PL_Cert_GetNameConstraints | |||
3094 | * (see comments in pkix_pl_pki.h) | |||
3095 | */ | |||
3096 | PKIX_Error * | |||
3097 | PKIX_PL_Cert_GetNameConstraints( | |||
3098 | PKIX_PL_Cert *cert, | |||
3099 | PKIX_PL_CertNameConstraints **pNameConstraints, | |||
3100 | void *plContext) | |||
3101 | { | |||
3102 | PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0); | |||
3103 | ||||
3104 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetNameConstraints")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetNameConstraints" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3105 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pNameConstraints)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pNameConstraints) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
3106 | ||||
3107 | /* if we don't have a cached copy from before, we create one */ | |||
3108 | if (cert->nameConstraints == NULL((void*)0) && !cert->nameConstraintsAbsent) { | |||
3109 | ||||
3110 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
3111 | ||||
3112 | if (cert->nameConstraints == NULL((void*)0) && | |||
3113 | !cert->nameConstraintsAbsent) { | |||
3114 | ||||
3115 | PKIX_CHECK(pkix_pl_CertNameConstraints_Createdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create (cert->nssCert, &nameConstraints, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEFAILED ; goto cleanup; } } while (0) | |||
3116 | (cert->nssCert, &nameConstraints, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create (cert->nssCert, &nameConstraints, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEFAILED ; goto cleanup; } } while (0) | |||
3117 | PKIX_CERTNAMECONSTRAINTSCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create (cert->nssCert, &nameConstraints, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEFAILED ; goto cleanup; } } while (0); | |||
3118 | ||||
3119 | if (nameConstraints == NULL((void*)0)) { | |||
3120 | cert->nameConstraintsAbsent = PKIX_TRUE((PKIX_Boolean) 1); | |||
3121 | } | |||
3122 | ||||
3123 | cert->nameConstraints = nameConstraints; | |||
3124 | } | |||
3125 | ||||
3126 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,3126)); } } while (0); | |||
3127 | ||||
3128 | } | |||
3129 | ||||
3130 | PKIX_INCREF(cert->nameConstraints)do { if (cert->nameConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->nameConstraints ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while (0); | |||
3131 | ||||
3132 | *pNameConstraints = cert->nameConstraints; | |||
3133 | ||||
3134 | cleanup: | |||
3135 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",3135)); } } while (0); | |||
3136 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3137 | } | |||
3138 | ||||
3139 | /* | |||
3140 | * FUNCTION: PKIX_PL_Cert_CheckNameConstraints | |||
3141 | * (see comments in pkix_pl_pki.h) | |||
3142 | */ | |||
3143 | PKIX_Error * | |||
3144 | PKIX_PL_Cert_CheckNameConstraints( | |||
3145 | PKIX_PL_Cert *cert, | |||
3146 | PKIX_PL_CertNameConstraints *nameConstraints, | |||
3147 | PKIX_Boolean treatCommonNameAsDNSName, | |||
3148 | void *plContext) | |||
3149 | { | |||
3150 | PKIX_Boolean checkPass = PKIX_TRUE((PKIX_Boolean) 1); | |||
3151 | CERTGeneralName *nssSubjectNames = NULL((void*)0); | |||
3152 | PLArenaPool *arena = NULL((void*)0); | |||
3153 | ||||
3154 | PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckNameConstraints")static const char cMyFuncName[] = {"PKIX_PL_Cert_CheckNameConstraints" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3155 | PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
3156 | ||||
3157 | if (nameConstraints != NULL((void*)0)) { | |||
3158 | ||||
3159 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); | |||
3160 | if (arena == NULL((void*)0)) { | |||
3161 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
3162 | } | |||
3163 | /* only check common Name if the usage requires it */ | |||
3164 | if (treatCommonNameAsDNSName) { | |||
3165 | SECCertificateUsage certificateUsage; | |||
3166 | certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage; | |||
3167 | if ((certificateUsage != certificateUsageSSLServer(0x0002)) && | |||
3168 | (certificateUsage != certificateUsageIPsec(0x1000))) { | |||
3169 | treatCommonNameAsDNSName = PKIX_FALSE((PKIX_Boolean) 0); | |||
3170 | } | |||
3171 | } | |||
3172 | ||||
3173 | /* This NSS call returns Subject Alt Names. If | |||
3174 | * treatCommonNameAsDNSName is true, it also returns the | |||
3175 | * Subject Common Name | |||
3176 | */ | |||
3177 | PKIX_CERT_DEBUG | |||
3178 | ("\t\tCalling CERT_GetConstrainedCertificateNames\n"); | |||
3179 | nssSubjectNames = CERT_GetConstrainedCertificateNames | |||
3180 | (cert->nssCert, arena, treatCommonNameAsDNSName); | |||
3181 | ||||
3182 | PKIX_CHECK(pkix_pl_CertNameConstraints_CheckNameSpaceNssNamesdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, nameConstraints, &checkPass, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto cleanup; } } while (0) | |||
3183 | (nssSubjectNames,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, nameConstraints, &checkPass, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto cleanup; } } while (0) | |||
3184 | nameConstraints,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, nameConstraints, &checkPass, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto cleanup; } } while (0) | |||
3185 | &checkPass,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, nameConstraints, &checkPass, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto cleanup; } } while (0) | |||
3186 | plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, nameConstraints, &checkPass, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto cleanup; } } while (0) | |||
3187 | PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, nameConstraints, &checkPass, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED; goto cleanup; } } while (0); | |||
3188 | ||||
3189 | if (checkPass != PKIX_TRUE((PKIX_Boolean) 1)) { | |||
3190 | PKIX_ERROR(PKIX_CERTFAILEDNAMECONSTRAINTSCHECKING){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTFAILEDNAMECONSTRAINTSCHECKING, ((void*)0), stdVars .aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTFAILEDNAMECONSTRAINTSCHECKING ; goto cleanup; }; | |||
3191 | } | |||
3192 | } | |||
3193 | ||||
3194 | cleanup: | |||
3195 | if (arena){ | |||
3196 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | |||
3197 | } | |||
3198 | ||||
3199 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3200 | } | |||
3201 | ||||
3202 | /* | |||
3203 | * FUNCTION: PKIX_PL_Cert_MergeNameConstraints | |||
3204 | * (see comments in pkix_pl_pki.h) | |||
3205 | */ | |||
3206 | PKIX_Error * | |||
3207 | PKIX_PL_Cert_MergeNameConstraints( | |||
3208 | PKIX_PL_CertNameConstraints *firstNC, | |||
3209 | PKIX_PL_CertNameConstraints *secondNC, | |||
3210 | PKIX_PL_CertNameConstraints **pResultNC, | |||
3211 | void *plContext) | |||
3212 | { | |||
3213 | PKIX_PL_CertNameConstraints *mergedNC = NULL((void*)0); | |||
3214 | ||||
3215 | PKIX_ENTER(CERT, "PKIX_PL_Cert_MergeNameConstraints")static const char cMyFuncName[] = {"PKIX_PL_Cert_MergeNameConstraints" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3216 | PKIX_NULLCHECK_TWO(firstNC, pResultNC)do { if (((firstNC) == ((void*)0)) || ((pResultNC) == ((void* )0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
3217 | ||||
3218 | if (secondNC == NULL((void*)0)) { | |||
3219 | ||||
3220 | PKIX_INCREF(firstNC)do { if (firstNC){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(firstNC), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while (0); | |||
3221 | *pResultNC = firstNC; | |||
3222 | ||||
3223 | goto cleanup; | |||
3224 | } | |||
3225 | ||||
3226 | PKIX_CHECK(pkix_pl_CertNameConstraints_Mergedo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Merge (firstNC, secondNC, &mergedNC, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSMERGEFAILED ; goto cleanup; } } while (0) | |||
3227 | (firstNC, secondNC, &mergedNC, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Merge (firstNC, secondNC, &mergedNC, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSMERGEFAILED ; goto cleanup; } } while (0) | |||
3228 | PKIX_CERTNAMECONSTRAINTSMERGEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Merge (firstNC, secondNC, &mergedNC, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSMERGEFAILED ; goto cleanup; } } while (0); | |||
3229 | ||||
3230 | *pResultNC = mergedNC; | |||
3231 | ||||
3232 | cleanup: | |||
3233 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3234 | } | |||
3235 | ||||
3236 | /* | |||
3237 | * Find out the state of the NSS trust bits for the requested usage. | |||
3238 | * Returns SECFailure if the cert is explicitly distrusted. | |||
3239 | * Returns SECSuccess if the cert can be used to form a chain (normal case), | |||
3240 | * or it is explicitly trusted. The trusted bool is set to true if it is | |||
3241 | * explicitly trusted. | |||
3242 | */ | |||
3243 | static SECStatus | |||
3244 | pkix_pl_Cert_GetTrusted(void *plContext, | |||
3245 | PKIX_PL_Cert *cert, | |||
3246 | PKIX_Boolean *trusted, | |||
3247 | PKIX_Boolean isCA) | |||
3248 | { | |||
3249 | SECStatus rv; | |||
3250 | CERTCertificate *nssCert = NULL((void*)0); | |||
3251 | SECCertUsage certUsage = 0; | |||
3252 | SECCertificateUsage certificateUsage; | |||
3253 | SECTrustType trustType; | |||
3254 | unsigned int trustFlags; | |||
3255 | unsigned int requiredFlags; | |||
3256 | CERTCertTrust trust; | |||
3257 | ||||
3258 | *trusted = PKIX_FALSE((PKIX_Boolean) 0); | |||
3259 | ||||
3260 | /* no key usage information */ | |||
3261 | if (plContext == NULL((void*)0)) { | |||
3262 | return SECSuccess; | |||
3263 | } | |||
3264 | ||||
3265 | certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage; | |||
3266 | ||||
3267 | /* ensure we obtained a single usage bit only */ | |||
3268 | PORT_Assert(!(certificateUsage & (certificateUsage - 1)))((!(certificateUsage & (certificateUsage - 1)))?((void)0) :PR_Assert("!(certificateUsage & (certificateUsage - 1))" ,"pkix_pl_cert.c",3268)); | |||
3269 | ||||
3270 | /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */ | |||
3271 | while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; } | |||
3272 | ||||
3273 | nssCert = cert->nssCert; | |||
3274 | ||||
3275 | if (!isCA) { | |||
3276 | PRBool prTrusted; | |||
3277 | unsigned int failedFlags; | |||
3278 | rv = cert_CheckLeafTrust(nssCert, certUsage, | |||
3279 | &failedFlags, &prTrusted); | |||
3280 | *trusted = (PKIX_Boolean) prTrusted; | |||
3281 | return rv; | |||
3282 | } | |||
3283 | rv = CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags, | |||
3284 | &trustType); | |||
3285 | if (rv != SECSuccess) { | |||
3286 | return SECSuccess; | |||
3287 | } | |||
3288 | ||||
3289 | rv = CERT_GetCertTrust(nssCert, &trust); | |||
3290 | if (rv != SECSuccess) { | |||
3291 | return SECSuccess; | |||
3292 | } | |||
3293 | trustFlags = SEC_GET_TRUST_FLAGS(&trust, trustType)(((trustType) == trustSSL) ? ((&trust)->sslFlags) : (( (trustType) == trustEmail) ? ((&trust)->emailFlags) : ( ((trustType) == trustObjectSigning) ? ((&trust)->objectSigningFlags ) : 0))); | |||
3294 | /* normally trustTypeNone usages accept any of the given trust bits | |||
3295 | * being on as acceptable. If any are distrusted (and none are trusted), | |||
3296 | * then we will also distrust the cert */ | |||
3297 | if ((trustFlags == 0) && (trustType == trustTypeNone)) { | |||
3298 | trustFlags = trust.sslFlags | trust.emailFlags | | |||
3299 | trust.objectSigningFlags; | |||
3300 | } | |||
3301 | if ((trustFlags & requiredFlags) == requiredFlags) { | |||
3302 | *trusted = PKIX_TRUE((PKIX_Boolean) 1); | |||
3303 | return SECSuccess; | |||
3304 | } | |||
3305 | if ((trustFlags & CERTDB_TERMINAL_RECORD(1u << 0)) && | |||
3306 | ((trustFlags & (CERTDB_VALID_CA(1u << 3)|CERTDB_TRUSTED(1u << 1))) == 0)) { | |||
3307 | return SECFailure; | |||
3308 | } | |||
3309 | return SECSuccess; | |||
3310 | } | |||
3311 | ||||
3312 | /* | |||
3313 | * FUNCTION: PKIX_PL_Cert_IsCertTrusted | |||
3314 | * (see comments in pkix_pl_pki.h) | |||
3315 | */ | |||
3316 | PKIX_Error * | |||
3317 | PKIX_PL_Cert_IsCertTrusted( | |||
3318 | PKIX_PL_Cert *cert, | |||
3319 | PKIX_PL_TrustAnchorMode trustAnchorMode, | |||
3320 | PKIX_Boolean *pTrusted, | |||
3321 | void *plContext) | |||
3322 | { | |||
3323 | PKIX_CertStore_CheckTrustCallback trustCallback = NULL((void*)0); | |||
3324 | PKIX_Boolean trusted = PKIX_FALSE((PKIX_Boolean) 0); | |||
3325 | SECStatus rv = SECFailure; | |||
3326 | ||||
3327 | PKIX_ENTER(CERT, "PKIX_PL_Cert_IsCertTrusted")static const char cMyFuncName[] = {"PKIX_PL_Cert_IsCertTrusted" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3328 | PKIX_NULLCHECK_TWO(cert, pTrusted)do { if (((cert) == ((void*)0)) || ((pTrusted) == ((void*)0)) ){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR ), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
3329 | ||||
3330 | /* Call GetTrusted first to see if we are going to distrust the | |||
3331 | * certificate */ | |||
3332 | rv = pkix_pl_Cert_GetTrusted(plContext, cert, &trusted, PKIX_TRUE((PKIX_Boolean) 1)); | |||
3333 | if (rv != SECSuccess) { | |||
3334 | /* Failure means the cert is explicitly distrusted, | |||
3335 | * let the next level know not to use it. */ | |||
3336 | *pTrusted = PKIX_FALSE((PKIX_Boolean) 0); | |||
3337 | PKIX_ERROR(PKIX_CERTISCERTTRUSTEDFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTISCERTTRUSTEDFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto cleanup; }; | |||
3338 | } | |||
3339 | ||||
3340 | if (trustAnchorMode == PKIX_PL_TrustAnchorMode_Exclusive || | |||
3341 | (trustAnchorMode == PKIX_PL_TrustAnchorMode_Additive && | |||
3342 | cert->isUserTrustAnchor)) { | |||
3343 | /* Use the trust anchor's |trusted| value */ | |||
3344 | *pTrusted = cert->isUserTrustAnchor; | |||
3345 | goto cleanup; | |||
3346 | } | |||
3347 | ||||
3348 | /* no key usage information or store is not trusted */ | |||
3349 | if (plContext == NULL((void*)0) || cert->store == NULL((void*)0)) { | |||
3350 | *pTrusted = PKIX_FALSE((PKIX_Boolean) 0); | |||
3351 | goto cleanup; | |||
3352 | } | |||
3353 | ||||
3354 | PKIX_CHECK(PKIX_CertStore_GetTrustCallbackdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback (cert->store, &trustCallback, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETTRUSTCALLBACKFAILED ; goto cleanup; } } while (0) | |||
3355 | (cert->store, &trustCallback, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback (cert->store, &trustCallback, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETTRUSTCALLBACKFAILED ; goto cleanup; } } while (0) | |||
3356 | PKIX_CERTSTOREGETTRUSTCALLBACKFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback (cert->store, &trustCallback, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETTRUSTCALLBACKFAILED ; goto cleanup; } } while (0); | |||
3357 | ||||
3358 | PKIX_CHECK_ONLY_FATAL(trustCallbackdo { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars .aPkixErrorResult = (trustCallback (cert->store, cert, & trusted, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; } do { if (stdVars.aPkixErrorResult ){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while (0); } } while (0) | |||
3359 | (cert->store, cert, &trusted, plContext),do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars .aPkixErrorResult = (trustCallback (cert->store, cert, & trusted, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; } do { if (stdVars.aPkixErrorResult ){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while (0); } } while (0) | |||
3360 | PKIX_CHECKTRUSTCALLBACKFAILED)do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars .aPkixErrorResult = (trustCallback (cert->store, cert, & trusted, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; } do { if (stdVars.aPkixErrorResult ){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while (0); } } while (0); | |||
3361 | ||||
3362 | /* allow trust store to override if we can trust the trust | |||
3363 | * bits */ | |||
3364 | if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList) || (trusted == PKIX_FALSE((PKIX_Boolean) 0))) { | |||
3365 | *pTrusted = PKIX_FALSE((PKIX_Boolean) 0); | |||
3366 | goto cleanup; | |||
3367 | } | |||
3368 | ||||
3369 | *pTrusted = trusted; | |||
3370 | ||||
3371 | cleanup: | |||
3372 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3373 | } | |||
3374 | ||||
3375 | /* | |||
3376 | * FUNCTION: PKIX_PL_Cert_IsLeafCertTrusted | |||
3377 | * (see comments in pkix_pl_pki.h) | |||
3378 | */ | |||
3379 | PKIX_Error * | |||
3380 | PKIX_PL_Cert_IsLeafCertTrusted( | |||
3381 | PKIX_PL_Cert *cert, | |||
3382 | PKIX_Boolean *pTrusted, | |||
3383 | void *plContext) | |||
3384 | { | |||
3385 | SECStatus rv; | |||
3386 | ||||
3387 | PKIX_ENTER(CERT, "PKIX_PL_Cert_IsLeafCertTrusted")static const char cMyFuncName[] = {"PKIX_PL_Cert_IsLeafCertTrusted" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3388 | PKIX_NULLCHECK_TWO(cert, pTrusted)do { if (((cert) == ((void*)0)) || ((pTrusted) == ((void*)0)) ){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR ), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
3389 | ||||
3390 | *pTrusted = PKIX_FALSE((PKIX_Boolean) 0); | |||
3391 | ||||
3392 | rv = pkix_pl_Cert_GetTrusted(plContext, cert, pTrusted, PKIX_FALSE((PKIX_Boolean) 0)); | |||
3393 | if (rv != SECSuccess) { | |||
3394 | /* Failure means the cert is explicitly distrusted, | |||
3395 | * let the next level know not to use it. */ | |||
3396 | *pTrusted = PKIX_FALSE((PKIX_Boolean) 0); | |||
3397 | PKIX_ERROR(PKIX_CERTISCERTTRUSTEDFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CERTISCERTTRUSTEDFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto cleanup; }; | |||
3398 | } | |||
3399 | ||||
3400 | cleanup: | |||
3401 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3402 | } | |||
3403 | ||||
3404 | /* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */ | |||
3405 | PKIX_Error* | |||
3406 | PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert, | |||
3407 | void *plContext) | |||
3408 | { | |||
3409 | PKIX_ENTER(CERT, "PKIX_PL_Cert_SetAsTrustAnchor")static const char cMyFuncName[] = {"PKIX_PL_Cert_SetAsTrustAnchor" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3410 | PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
3411 | ||||
3412 | cert->isUserTrustAnchor = PKIX_TRUE((PKIX_Boolean) 1); | |||
3413 | ||||
3414 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3415 | } | |||
3416 | ||||
3417 | /* | |||
3418 | * FUNCTION: PKIX_PL_Cert_GetCacheFlag (see comments in pkix_pl_pki.h) | |||
3419 | */ | |||
3420 | PKIX_Error * | |||
3421 | PKIX_PL_Cert_GetCacheFlag( | |||
3422 | PKIX_PL_Cert *cert, | |||
3423 | PKIX_Boolean *pCacheFlag, | |||
3424 | void *plContext) | |||
3425 | { | |||
3426 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCacheFlag")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetCacheFlag" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3427 | PKIX_NULLCHECK_TWO(cert, pCacheFlag)do { if (((cert) == ((void*)0)) || ((pCacheFlag) == ((void*)0 ))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
3428 | ||||
3429 | *pCacheFlag = cert->cacheFlag; | |||
3430 | ||||
3431 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3432 | } | |||
3433 | ||||
3434 | /* | |||
3435 | * FUNCTION: PKIX_PL_Cert_SetCacheFlag (see comments in pkix_pl_pki.h) | |||
3436 | */ | |||
3437 | PKIX_Error * | |||
3438 | PKIX_PL_Cert_SetCacheFlag( | |||
3439 | PKIX_PL_Cert *cert, | |||
3440 | PKIX_Boolean cacheFlag, | |||
3441 | void *plContext) | |||
3442 | { | |||
3443 | PKIX_ENTER(CERT, "PKIX_PL_Cert_SetCacheFlag")static const char cMyFuncName[] = {"PKIX_PL_Cert_SetCacheFlag" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3444 | PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
3445 | ||||
3446 | cert->cacheFlag = cacheFlag; | |||
3447 | ||||
3448 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3449 | } | |||
3450 | ||||
3451 | /* | |||
3452 | * FUNCTION: PKIX_PL_Cert_GetTrustCertStore (see comments in pkix_pl_pki.h) | |||
3453 | */ | |||
3454 | PKIX_Error * | |||
3455 | PKIX_PL_Cert_GetTrustCertStore( | |||
3456 | PKIX_PL_Cert *cert, | |||
3457 | PKIX_CertStore **pTrustCertStore, | |||
3458 | void *plContext) | |||
3459 | { | |||
3460 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetTrustCertStore")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetTrustCertStore" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3461 | PKIX_NULLCHECK_TWO(cert, pTrustCertStore)do { if (((cert) == ((void*)0)) || ((pTrustCertStore) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
3462 | ||||
3463 | PKIX_INCREF(cert->store)do { if (cert->store){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->store), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
3464 | *pTrustCertStore = cert->store; | |||
3465 | ||||
3466 | cleanup: | |||
3467 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3468 | } | |||
3469 | ||||
3470 | /* | |||
3471 | * FUNCTION: PKIX_PL_Cert_SetTrustCertStore (see comments in pkix_pl_pki.h) | |||
3472 | */ | |||
3473 | PKIX_Error * | |||
3474 | PKIX_PL_Cert_SetTrustCertStore( | |||
3475 | PKIX_PL_Cert *cert, | |||
3476 | PKIX_CertStore *trustCertStore, | |||
3477 | void *plContext) | |||
3478 | { | |||
3479 | PKIX_ENTER(CERT, "PKIX_PL_Cert_SetTrustCertStore")static const char cMyFuncName[] = {"PKIX_PL_Cert_SetTrustCertStore" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3480 | PKIX_NULLCHECK_TWO(cert, trustCertStore)do { if (((cert) == ((void*)0)) || ((trustCertStore) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
3481 | ||||
3482 | PKIX_INCREF(trustCertStore)do { if (trustCertStore){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(trustCertStore), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
3483 | cert->store = trustCertStore; | |||
3484 | ||||
3485 | cleanup: | |||
3486 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3487 | } | |||
3488 | ||||
3489 | /* | |||
3490 | * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess | |||
3491 | * (see comments in pkix_pl_pki.h) | |||
3492 | */ | |||
3493 | PKIX_Error * | |||
3494 | PKIX_PL_Cert_GetAuthorityInfoAccess( | |||
3495 | PKIX_PL_Cert *cert, | |||
3496 | PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */ | |||
3497 | void *plContext) | |||
3498 | { | |||
3499 | PKIX_List *aiaList = NULL((void*)0); /* of PKIX_PL_InfoAccess */ | |||
3500 | SECItem *encodedAIA = NULL((void*)0); | |||
3501 | CERTAuthInfoAccess **aia = NULL((void*)0); | |||
3502 | PLArenaPool *arena = NULL((void*)0); | |||
3503 | SECStatus rv; | |||
3504 | ||||
3505 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAuthorityInfoAccess")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetAuthorityInfoAccess" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3506 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAiaList)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pAiaList) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
3507 | ||||
3508 | /* if we don't have a cached copy from before, we create one */ | |||
3509 | if (cert->authorityInfoAccess == NULL((void*)0)) { | |||
3510 | ||||
3511 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
3512 | ||||
3513 | if (cert->authorityInfoAccess == NULL((void*)0)) { | |||
3514 | ||||
3515 | PKIX_PL_NSSCALLRV(CERT, encodedAIA, SECITEM_AllocItem,; encodedAIA = (SECITEM_AllocItem_Util (((void*)0), ((void*)0 ), 0)) | |||
3516 | (NULL, NULL, 0)); encodedAIA = (SECITEM_AllocItem_Util (((void*)0), ((void*)0 ), 0)); | |||
3517 | ||||
3518 | if (encodedAIA == NULL((void*)0)) { | |||
3519 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
3520 | } | |||
3521 | ||||
3522 | PKIX_PL_NSSCALLRV(CERT, rv, CERT_FindCertExtension,; rv = (CERT_FindCertExtension (cert->nssCert, SEC_OID_X509_AUTH_INFO_ACCESS , encodedAIA)) | |||
3523 | (cert->nssCert,; rv = (CERT_FindCertExtension (cert->nssCert, SEC_OID_X509_AUTH_INFO_ACCESS , encodedAIA)) | |||
3524 | SEC_OID_X509_AUTH_INFO_ACCESS,; rv = (CERT_FindCertExtension (cert->nssCert, SEC_OID_X509_AUTH_INFO_ACCESS , encodedAIA)) | |||
3525 | encodedAIA)); rv = (CERT_FindCertExtension (cert->nssCert, SEC_OID_X509_AUTH_INFO_ACCESS , encodedAIA)); | |||
3526 | ||||
3527 | if (rv == SECFailure) { | |||
3528 | goto cleanup; | |||
3529 | } | |||
3530 | ||||
3531 | PKIX_PL_NSSCALLRV(CERT, arena, PORT_NewArena,; arena = (PORT_NewArena_Util ((2048))) | |||
3532 | (DER_DEFAULT_CHUNKSIZE)); arena = (PORT_NewArena_Util ((2048))); | |||
3533 | ||||
3534 | if (arena == NULL((void*)0)) { | |||
3535 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
3536 | } | |||
3537 | ||||
3538 | PKIX_PL_NSSCALLRV; aia = (CERT_DecodeAuthInfoAccessExtension (arena, encodedAIA )) | |||
3539 | (CERT, aia, CERT_DecodeAuthInfoAccessExtension,; aia = (CERT_DecodeAuthInfoAccessExtension (arena, encodedAIA )) | |||
3540 | (arena, encodedAIA)); aia = (CERT_DecodeAuthInfoAccessExtension (arena, encodedAIA )); | |||
3541 | ||||
3542 | PKIX_CHECK(pkix_pl_InfoAccess_CreateListdo { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList (aia, &aiaList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto cleanup; } } while (0) | |||
3543 | (aia, &aiaList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList (aia, &aiaList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto cleanup; } } while (0) | |||
3544 | PKIX_INFOACCESSCREATELISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList (aia, &aiaList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto cleanup; } } while (0); | |||
3545 | ||||
3546 | cert->authorityInfoAccess = aiaList; | |||
3547 | } | |||
3548 | ||||
3549 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,3549)); } } while (0); | |||
3550 | } | |||
3551 | ||||
3552 | PKIX_INCREF(cert->authorityInfoAccess)do { if (cert->authorityInfoAccess){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->authorityInfoAccess ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while (0); | |||
3553 | ||||
3554 | *pAiaList = cert->authorityInfoAccess; | |||
3555 | ||||
3556 | cleanup: | |||
3557 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",3557)); } } while (0); | |||
3558 | if (arena != NULL((void*)0)) { | |||
3559 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | |||
3560 | } | |||
3561 | ||||
3562 | if (encodedAIA != NULL((void*)0)) { | |||
3563 | SECITEM_FreeItemSECITEM_FreeItem_Util(encodedAIA, PR_TRUE1); | |||
3564 | } | |||
3565 | ||||
3566 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3567 | } | |||
3568 | ||||
3569 | /* XXX Following defines belongs to NSS */ | |||
3570 | static const unsigned char siaOIDString[] = {0x2b, 0x06, 0x01, 0x05, 0x05, | |||
3571 | 0x07, 0x01, 0x0b}; | |||
3572 | #define OI(x){ siDEROID, (unsigned char *)x, sizeof x } { siDEROID, (unsigned char *)x, sizeof x } | |||
3573 | ||||
3574 | /* | |||
3575 | * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess | |||
3576 | * (see comments in pkix_pl_pki.h) | |||
3577 | */ | |||
3578 | PKIX_Error * | |||
3579 | PKIX_PL_Cert_GetSubjectInfoAccess( | |||
3580 | PKIX_PL_Cert *cert, | |||
3581 | PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */ | |||
3582 | void *plContext) | |||
3583 | { | |||
3584 | PKIX_List *siaList; /* of PKIX_PL_InfoAccess */ | |||
3585 | SECItem siaOID = OI(siaOIDString){ siDEROID, (unsigned char *)siaOIDString, sizeof siaOIDString }; | |||
3586 | SECItem *encodedSubjInfoAccess = NULL((void*)0); | |||
3587 | CERTAuthInfoAccess **subjInfoAccess = NULL((void*)0); | |||
3588 | PLArenaPool *arena = NULL((void*)0); | |||
3589 | SECStatus rv; | |||
3590 | ||||
3591 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectInfoAccess")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetSubjectInfoAccess" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3592 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSiaList)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pSiaList) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
3593 | ||||
3594 | /* XXX | |||
3595 | * Codes to deal with SubjectInfoAccess OID should be moved to | |||
3596 | * NSS soon. I implemented them here so we don't touch NSS | |||
3597 | * source tree, from JP's suggestion. | |||
3598 | */ | |||
3599 | ||||
3600 | /* if we don't have a cached copy from before, we create one */ | |||
3601 | if (cert->subjectInfoAccess == NULL((void*)0)) { | |||
3602 | ||||
3603 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
3604 | ||||
3605 | if (cert->subjectInfoAccess == NULL((void*)0)) { | |||
3606 | ||||
3607 | encodedSubjInfoAccess = SECITEM_AllocItemSECITEM_AllocItem_Util(NULL((void*)0), NULL((void*)0), 0); | |||
3608 | if (encodedSubjInfoAccess == NULL((void*)0)) { | |||
3609 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
3610 | } | |||
3611 | ||||
3612 | PKIX_CERT_DEBUG | |||
3613 | ("\t\tCalling CERT_FindCertExtensionByOID).\n"); | |||
3614 | rv = CERT_FindCertExtensionByOID | |||
3615 | (cert->nssCert, &siaOID, encodedSubjInfoAccess); | |||
3616 | ||||
3617 | if (rv == SECFailure) { | |||
3618 | goto cleanup; | |||
3619 | } | |||
3620 | ||||
3621 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); | |||
3622 | if (arena == NULL((void*)0)) { | |||
3623 | PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; }; | |||
3624 | } | |||
3625 | ||||
3626 | /* XXX | |||
3627 | * Decode Subject Information Access - | |||
3628 | * since its type is the same as Authority Information | |||
3629 | * Access, reuse the call. NSS- change name to avoid | |||
3630 | * confusion. | |||
3631 | */ | |||
3632 | PKIX_CERT_DEBUG | |||
3633 | ("\t\tCalling CERT_DecodeAuthInfoAccessExtension).\n"); | |||
3634 | subjInfoAccess = CERT_DecodeAuthInfoAccessExtension | |||
3635 | (arena, encodedSubjInfoAccess); | |||
3636 | ||||
3637 | PKIX_CHECK(pkix_pl_InfoAccess_CreateListdo { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList (subjInfoAccess, &siaList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto cleanup; } } while (0) | |||
3638 | (subjInfoAccess, &siaList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList (subjInfoAccess, &siaList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto cleanup; } } while (0) | |||
3639 | PKIX_INFOACCESSCREATELISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_InfoAccess_CreateList (subjInfoAccess, &siaList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_INFOACCESSCREATELISTFAILED; goto cleanup; } } while (0); | |||
3640 | ||||
3641 | cert->subjectInfoAccess = siaList; | |||
3642 | ||||
3643 | } | |||
3644 | ||||
3645 | PKIX_OBJECT_UNLOCK(cert)do { if (cert && stdVars.aLockedObject == (PKIX_PL_Object *)(cert)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ( (PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0) )?((void)0):PR_Assert("lockedObject == NULL","pkix_pl_cert.c" ,3645)); } } while (0); | |||
3646 | } | |||
3647 | ||||
3648 | PKIX_INCREF(cert->subjectInfoAccess)do { if (cert->subjectInfoAccess){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->subjectInfoAccess ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while (0); | |||
3649 | *pSiaList = cert->subjectInfoAccess; | |||
3650 | ||||
3651 | cleanup: | |||
3652 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",3652)); } } while (0); | |||
3653 | if (arena != NULL((void*)0)) { | |||
3654 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | |||
3655 | } | |||
3656 | ||||
3657 | if (encodedSubjInfoAccess != NULL((void*)0)) { | |||
3658 | SECITEM_FreeItemSECITEM_FreeItem_Util(encodedSubjInfoAccess, PR_TRUE1); | |||
3659 | } | |||
3660 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3661 | } | |||
3662 | ||||
3663 | /* | |||
3664 | * FUNCTION: PKIX_PL_Cert_GetCrlDp | |||
3665 | * (see comments in pkix_pl_pki.h) | |||
3666 | */ | |||
3667 | PKIX_Error * | |||
3668 | PKIX_PL_Cert_GetCrlDp( | |||
3669 | PKIX_PL_Cert *cert, | |||
3670 | PKIX_List **pDpList, | |||
3671 | void *plContext) | |||
3672 | { | |||
3673 | PKIX_UInt32 dpIndex = 0; | |||
3674 | pkix_pl_CrlDp *dp = NULL((void*)0); | |||
3675 | CERTCrlDistributionPoints *dpoints = NULL((void*)0); | |||
3676 | ||||
3677 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCrlDp")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetCrlDp"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3678 | PKIX_NULLCHECK_THREE(cert, cert->nssCert, pDpList)do { if (((cert) == ((void*)0)) || ((cert->nssCert) == ((void *)0)) || ((pDpList) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
3679 | ||||
3680 | /* if we don't have a cached copy from before, we create one */ | |||
3681 | if (cert->crldpList == NULL((void*)0)) { | |||
3682 | PKIX_OBJECT_LOCK(cert)do { if (cert) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock ((PKIX_PL_Object*)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode = PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject = (PKIX_PL_Object *)(cert); } } while (0); | |||
3683 | if (cert->crldpList != NULL((void*)0)) { | |||
3684 | goto cleanup; | |||
3685 | } | |||
3686 | PKIX_CHECK(PKIX_List_Create(&cert->crldpList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&cert-> crldpList, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
3687 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&cert-> crldpList, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
3688 | dpoints = CERT_FindCRLDistributionPoints(cert->nssCert); | |||
3689 | if (!dpoints || !dpoints->distPoints) { | |||
3690 | goto cleanup; | |||
3691 | } | |||
3692 | for (;dpoints->distPoints[dpIndex];dpIndex++) { | |||
3693 | PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints ->distPoints[dpIndex], &cert->nssCert->issuer, & dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0) | |||
3694 | pkix_pl_CrlDp_Create(dpoints->distPoints[dpIndex],do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints ->distPoints[dpIndex], &cert->nssCert->issuer, & dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0) | |||
3695 | &cert->nssCert->issuer,do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints ->distPoints[dpIndex], &cert->nssCert->issuer, & dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0) | |||
3696 | &dp, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints ->distPoints[dpIndex], &cert->nssCert->issuer, & dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0) | |||
3697 | PKIX_CRLDPCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CrlDp_Create(dpoints ->distPoints[dpIndex], &cert->nssCert->issuer, & dp, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CRLDPCREATEFAILED; goto cleanup; } } while (0); | |||
3698 | /* Create crldp list in reverse order in attempt to get | |||
3699 | * to the whole crl first. */ | |||
3700 | PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert-> crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
3701 | PKIX_List_InsertItem(cert->crldpList, 0,do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert-> crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
3702 | (PKIX_PL_Object*)dp,do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert-> crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
3703 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert-> crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
3704 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem(cert-> crldpList, 0, (PKIX_PL_Object*)dp, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
3705 | PKIX_DECREF(dp)do { if (dp){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(dp), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } dp = ((void*)0); } } while (0); | |||
3706 | } | |||
3707 | } | |||
3708 | cleanup: | |||
3709 | PKIX_INCREF(cert->crldpList)do { if (cert->crldpList){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(cert->crldpList), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
3710 | *pDpList = cert->crldpList; | |||
3711 | ||||
3712 | PKIX_OBJECT_UNLOCK(lockedObject)do { if (stdVars.aLockedObject && stdVars.aLockedObject == (PKIX_PL_Object *)(stdVars.aLockedObject)){ stdVars.aPkixTempResult = PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(stdVars.aLockedObject ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } stdVars.aLockedObject = ((void*)0); } else { ((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL" ,"pkix_pl_cert.c",3712)); } } while (0); | |||
3713 | PKIX_DECREF(dp)do { if (dp){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(dp), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } dp = ((void*)0); } } while (0); | |||
3714 | ||||
3715 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3716 | } | |||
3717 | ||||
3718 | /* | |||
3719 | * FUNCTION: PKIX_PL_Cert_GetCERTCertificate | |||
3720 | * (see comments in pkix_pl_pki.h) | |||
3721 | */ | |||
3722 | PKIX_Error * | |||
3723 | PKIX_PL_Cert_GetCERTCertificate( | |||
3724 | PKIX_PL_Cert *cert, | |||
3725 | CERTCertificate **pnssCert, | |||
3726 | void *plContext) | |||
3727 | { | |||
3728 | PKIX_ENTER(CERT, "PKIX_PL_Cert_GetNssCert")static const char cMyFuncName[] = {"PKIX_PL_Cert_GetNssCert"} ; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_CERT_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
3729 | PKIX_NULLCHECK_TWO(cert, pnssCert)do { if (((cert) == ((void*)0)) || ((pnssCert) == ((void*)0)) ){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR ), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
3730 | ||||
3731 | *pnssCert = CERT_DupCertificate(cert->nssCert); | |||
3732 | ||||
3733 | PKIX_RETURN(CERT)return PKIX_DoReturn(&stdVars, (PKIX_CERT_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
3734 | } |