Bug Summary

File:s/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
Warning:line 629, column 21
Dereference of undefined pointer value (loaded from field 'nc')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pkix_pl_ldapcertstore.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix_pl_nss/module -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix_pl_nss/module -resource-dir /usr/lib/llvm-18/lib/clang/18 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D SHLIB_SUFFIX="so" -D SHLIB_PREFIX="lib" -D SHLIB_VERSION="" -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../../../dist/Linux4.19_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../../../dist/public/nss -I ../../../../../dist/private/nss -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-05-18-082241-28900-1 -x c pkix_pl_ldapcertstore.c
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/*
5 * pkix_pl_ldapcertstore.c
6 *
7 * LDAPCertStore Function Definitions
8 *
9 */
10
11/* We can't decode the length of a message without at least this many bytes */
12#define MINIMUM_MSG_LENGTH5 5
13
14#include "pkix_pl_ldapcertstore.h"
15
16/* --Private-Ldap-CertStore-Database-Functions----------------------- */
17
18/*
19 * FUNCTION: pkix_pl_LdapCertStore_DecodeCrossCertPair
20 * DESCRIPTION:
21 *
22 * This function decodes a DER-encoded CrossCertPair pointed to by
23 * "responseList" and extracts and decodes the Certificates in that pair,
24 * adding the resulting Certs, if the decoding was successful, to the List
25 * (possibly empty) pointed to by "certList". If none of the objects
26 * can be decoded into a Cert, the List is returned unchanged.
27 *
28 * PARAMETERS:
29 * "derCCPItem"
30 * The address of the SECItem containing the DER representation of the
31 * CrossCertPair. Must be non-NULL.
32 * "certList"
33 * The address of the List to which the decoded Certs are added. May be
34 * empty, but must be non-NULL.
35 * "plContext"
36 * Platform-specific context pointer.
37 * THREAD SAFETY:
38 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
39 * RETURNS:
40 * Returns NULL if the function succeeds.
41 * Returns a CertStore Error if the function fails in a non-fatal way.
42 * Returns a Fatal Error if the function fails in an unrecoverable way.
43 */
44PKIX_Error *
45pkix_pl_LdapCertStore_DecodeCrossCertPair(
46 SECItem *derCCPItem,
47 PKIX_List *certList,
48 void *plContext)
49{
50 LDAPCertPair certPair = {{ siBuffer, NULL((void*)0), 0 }, { siBuffer, NULL((void*)0), 0 }};
51 SECStatus rv = SECFailure;
52
53 PLArenaPool *tempArena = NULL((void*)0);
54
55 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_DecodeCrossCertPair")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_DecodeCrossCertPair"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
56 PKIX_NULLCHECK_TWO(derCCPItem, certList)do { if (((derCCPItem) == ((void*)0)) || ((certList) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
57
58 tempArena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
59 if (!tempArena) {
60 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
61 }
62
63 rv = SEC_ASN1DecodeItemSEC_ASN1DecodeItem_Util(tempArena, &certPair, PKIX_PL_LDAPCrossCertPairTemplate,
64 derCCPItem);
65 if (rv != SECSuccess) {
66 goto cleanup;
67 }
68
69 if (certPair.forward.data != NULL((void*)0)) {
70
71 PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList(&
certPair.forward, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup
; } } while (0)
72 pkix_pl_Cert_CreateToList(&certPair.forward, certList,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList(&
certPair.forward, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup
; } } while (0)
73 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList(&
certPair.forward, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup
; } } while (0)
74 PKIX_CERTCREATETOLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList(&
certPair.forward, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup
; } } while (0);
75 }
76
77 if (certPair.reverse.data != NULL((void*)0)) {
78
79 PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList(&
certPair.reverse, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup
; } } while (0)
80 pkix_pl_Cert_CreateToList(&certPair.reverse, certList,do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList(&
certPair.reverse, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup
; } } while (0)
81 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList(&
certPair.reverse, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup
; } } while (0)
82 PKIX_CERTCREATETOLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList(&
certPair.reverse, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup
; } } while (0);
83 }
84
85cleanup:
86 if (tempArena) {
87 PORT_FreeArenaPORT_FreeArena_Util(tempArena, PR_FALSE0);
88 }
89
90 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
91}
92
93/*
94 * FUNCTION: pkix_pl_LdapCertStore_BuildCertList
95 * DESCRIPTION:
96 *
97 * This function takes a List of LdapResponse objects pointed to by
98 * "responseList" and extracts and decodes the Certificates in those responses,
99 * storing the List of those Certificates at "pCerts". If none of the objects
100 * can be decoded into a Cert, the returned List is empty.
101 *
102 * PARAMETERS:
103 * "responseList"
104 * The address of the List of LdapResponses. Must be non-NULL.
105 * "pCerts"
106 * The address at which the result is stored. Must be non-NULL.
107 * "plContext"
108 * Platform-specific context pointer.
109 * THREAD SAFETY:
110 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
111 * RETURNS:
112 * Returns NULL if the function succeeds.
113 * Returns a CertStore Error if the function fails in a non-fatal way.
114 * Returns a Fatal Error if the function fails in an unrecoverable way.
115 */
116PKIX_Error *
117pkix_pl_LdapCertStore_BuildCertList(
118 PKIX_List *responseList,
119 PKIX_List **pCerts,
120 void *plContext)
121{
122 PKIX_UInt32 numResponses = 0;
123 PKIX_UInt32 respIx = 0;
124 LdapAttrMask attrBits = 0;
125 PKIX_PL_LdapResponse *response = NULL((void*)0);
126 PKIX_List *certList = NULL((void*)0);
127 LDAPMessage *message = NULL((void*)0);
128 LDAPSearchResponseEntry *sre = NULL((void*)0);
129 LDAPSearchResponseAttr **sreAttrArray = NULL((void*)0);
130 LDAPSearchResponseAttr *sreAttr = NULL((void*)0);
131 SECItem *attrType = NULL((void*)0);
132 SECItem **attrVal = NULL((void*)0);
133 SECItem *derCertItem = NULL((void*)0);
134
135
136 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_BuildCertList")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_BuildCertList"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
137 PKIX_NULLCHECK_TWO(responseList, pCerts)do { if (((responseList) == ((void*)0)) || ((pCerts) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
138
139 PKIX_CHECK(PKIX_List_Create(&certList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&certList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
140 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&certList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
141
142 /* extract certs from response */
143 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (responseList
, &numResponses, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
144 (responseList, &numResponses, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (responseList
, &numResponses, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
145 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (responseList
, &numResponses, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
146
147 for (respIx = 0; respIx < numResponses; respIx++) {
148 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
149 (responseList,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
150 respIx,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
151 (PKIX_PL_Object **)&response,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
152 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
153 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
154
155 PKIX_CHECK(pkix_pl_LdapResponse_GetMessagedo { stdVars.aPkixErrorResult = (pkix_pl_LdapResponse_GetMessage
(response, &message, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPRESPONSEGETMESSAGEFAILED;
goto cleanup; } } while (0)
156 (response, &message, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapResponse_GetMessage
(response, &message, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPRESPONSEGETMESSAGEFAILED;
goto cleanup; } } while (0)
157 PKIX_LDAPRESPONSEGETMESSAGEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapResponse_GetMessage
(response, &message, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPRESPONSEGETMESSAGEFAILED;
goto cleanup; } } while (0);
158
159 sre = &(message->protocolOp.op.searchResponseEntryMsg);
160 sreAttrArray = sre->attributes;
161
162 /* Get next element of null-terminated array */
163 sreAttr = *sreAttrArray++;
164 while (sreAttr != NULL((void*)0)) {
165 attrType = &(sreAttr->attrType);
166 PKIX_CHECK(pkix_pl_LdapRequest_AttrTypeToBitdo { stdVars.aPkixErrorResult = (pkix_pl_LdapRequest_AttrTypeToBit
(attrType, &attrBits, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPREQUESTATTRTYPETOBITFAILED
; goto cleanup; } } while (0)
167 (attrType, &attrBits, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapRequest_AttrTypeToBit
(attrType, &attrBits, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPREQUESTATTRTYPETOBITFAILED
; goto cleanup; } } while (0)
168 PKIX_LDAPREQUESTATTRTYPETOBITFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapRequest_AttrTypeToBit
(attrType, &attrBits, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPREQUESTATTRTYPETOBITFAILED
; goto cleanup; } } while (0);
169 /* Is this attrVal a Certificate? */
170 if (((LDAPATTR_CACERT(1<<0) | LDAPATTR_USERCERT(1<<1)) &
171 attrBits) == attrBits) {
172 attrVal = sreAttr->val;
173 derCertItem = *attrVal++;
174 while (derCertItem != 0) {
175 /* create a PKIX_PL_Cert from derCert */
176 PKIX_CHECK(pkix_pl_Cert_CreateToListdo { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList (derCertItem
, certList, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup; }
} while (0)
177 (derCertItem, certList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList (derCertItem
, certList, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup; }
} while (0)
178 PKIX_CERTCREATETOLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_Cert_CreateToList (derCertItem
, certList, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_CERTCREATETOLISTFAILED; goto cleanup; }
} while (0);
179 derCertItem = *attrVal++;
180 }
181 } else if ((LDAPATTR_CROSSPAIRCERT(1<<2) & attrBits) == attrBits){
182 /* Is this attrVal a CrossPairCertificate? */
183 attrVal = sreAttr->val;
184 derCertItem = *attrVal++;
185 while (derCertItem != 0) {
186 /* create PKIX_PL_Certs from derCert */
187 PKIX_CHECK(pkix_pl_LdapCertStore_DecodeCrossCertPairdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DecodeCrossCertPair
(derCertItem, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDECODECROSSCERTPAIRFAILED
; goto cleanup; } } while (0)
188 (derCertItem, certList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DecodeCrossCertPair
(derCertItem, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDECODECROSSCERTPAIRFAILED
; goto cleanup; } } while (0)
189 PKIX_LDAPCERTSTOREDECODECROSSCERTPAIRFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DecodeCrossCertPair
(derCertItem, certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDECODECROSSCERTPAIRFAILED
; goto cleanup; } } while (0);
190 derCertItem = *attrVal++;
191 }
192 }
193 sreAttr = *sreAttrArray++;
194 }
195 PKIX_DECREF(response)do { if (response){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(response), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } response = ((void*
)0); } } while (0);
196 }
197
198 *pCerts = certList;
199
200cleanup:
201 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
202 PKIX_DECREF(certList)do { if (certList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certList = ((void*
)0); } } while (0);
203 }
204
205 PKIX_DECREF(response)do { if (response){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(response), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } response = ((void*
)0); } } while (0);
206
207 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
208}
209
210/*
211 * FUNCTION: pkix_pl_LdapCertStore_BuildCrlList
212 * DESCRIPTION:
213 *
214 * This function takes a List of LdapResponse objects pointed to by
215 * "responseList" and extracts and decodes the CRLs in those responses, storing
216 * the List of those CRLs at "pCrls". If none of the objects can be decoded
217 * into a CRL, the returned List is empty.
218 *
219 * PARAMETERS:
220 * "responseList"
221 * The address of the List of LdapResponses. Must be non-NULL.
222 * "pCrls"
223 * The address at which the result is stored. Must be non-NULL.
224 * "plContext"
225 * Platform-specific context pointer.
226 * THREAD SAFETY:
227 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
228 * RETURNS:
229 * Returns NULL if the function succeeds.
230 * Returns a CertStore Error if the function fails in a non-fatal way.
231 * Returns a Fatal Error if the function fails in an unrecoverable way.
232 */
233PKIX_Error *
234pkix_pl_LdapCertStore_BuildCrlList(
235 PKIX_List *responseList,
236 PKIX_List **pCrls,
237 void *plContext)
238{
239 PKIX_UInt32 numResponses = 0;
240 PKIX_UInt32 respIx = 0;
241 LdapAttrMask attrBits = 0;
242 CERTSignedCrl *nssCrl = NULL((void*)0);
243 PKIX_PL_LdapResponse *response = NULL((void*)0);
244 PKIX_List *crlList = NULL((void*)0);
245 PKIX_PL_CRL *crl = NULL((void*)0);
246 LDAPMessage *message = NULL((void*)0);
247 LDAPSearchResponseEntry *sre = NULL((void*)0);
248 LDAPSearchResponseAttr **sreAttrArray = NULL((void*)0);
249 LDAPSearchResponseAttr *sreAttr = NULL((void*)0);
250 SECItem *attrType = NULL((void*)0);
251 SECItem **attrVal = NULL((void*)0);
252 SECItem *derCrlCopy = NULL((void*)0);
253 SECItem *derCrlItem = NULL((void*)0);
254
255 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_BuildCrlList")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_BuildCrlList"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
256 PKIX_NULLCHECK_TWO(responseList, pCrls)do { if (((responseList) == ((void*)0)) || ((pCrls) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
257
258 PKIX_CHECK(PKIX_List_Create(&crlList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&crlList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
259 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&crlList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
260
261 /* extract crls from response */
262 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (responseList
, &numResponses, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
263 (responseList, &numResponses, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (responseList
, &numResponses, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
264 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (responseList
, &numResponses, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
265
266 for (respIx = 0; respIx < numResponses; respIx++) {
267 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
268 (responseList,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
269 respIx,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
270 (PKIX_PL_Object **)&response,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
271 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
272 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (responseList
, respIx, (PKIX_PL_Object **)&response, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
273
274 PKIX_CHECK(pkix_pl_LdapResponse_GetMessagedo { stdVars.aPkixErrorResult = (pkix_pl_LdapResponse_GetMessage
(response, &message, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPRESPONSEGETMESSAGEFAILED;
goto cleanup; } } while (0)
275 (response, &message, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapResponse_GetMessage
(response, &message, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPRESPONSEGETMESSAGEFAILED;
goto cleanup; } } while (0)
276 PKIX_LDAPRESPONSEGETMESSAGEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapResponse_GetMessage
(response, &message, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPRESPONSEGETMESSAGEFAILED;
goto cleanup; } } while (0);
277
278 sre = &(message->protocolOp.op.searchResponseEntryMsg);
279 sreAttrArray = sre->attributes;
280
281 /* Get next element of null-terminated array */
282 sreAttr = *sreAttrArray++;
283 while (sreAttr != NULL((void*)0)) {
284 attrType = &(sreAttr->attrType);
285 PKIX_CHECK(pkix_pl_LdapRequest_AttrTypeToBitdo { stdVars.aPkixErrorResult = (pkix_pl_LdapRequest_AttrTypeToBit
(attrType, &attrBits, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPREQUESTATTRTYPETOBITFAILED
; goto cleanup; } } while (0)
286 (attrType, &attrBits, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapRequest_AttrTypeToBit
(attrType, &attrBits, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPREQUESTATTRTYPETOBITFAILED
; goto cleanup; } } while (0)
287 PKIX_LDAPREQUESTATTRTYPETOBITFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapRequest_AttrTypeToBit
(attrType, &attrBits, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPREQUESTATTRTYPETOBITFAILED
; goto cleanup; } } while (0);
288 /* Is this attrVal a Revocation List? */
289 if (((LDAPATTR_CERTREVLIST(1<<3) | LDAPATTR_AUTHREVLIST(1<<4)) &
290 attrBits) == attrBits) {
291 attrVal = sreAttr->val;
292 derCrlItem = *attrVal++;
293 while (derCrlItem != 0) {
294 /* create a PKIX_PL_Crl from derCrl */
295 derCrlCopy = SECITEM_DupItemSECITEM_DupItem_Util(derCrlItem);
296 if (!derCrlCopy) {
297 PKIX_ERROR(PKIX_ALLOCERROR){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_ALLOCERROR, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_ALLOCERROR; goto cleanup; };
298 }
299 /* crl will be based on derCrlCopy, but wont
300 * own the der. */
301 nssCrl =
302 CERT_DecodeDERCrlWithFlags(NULL((void*)0), derCrlCopy,
303 SEC_CRL_TYPE1,
304 CRL_DECODE_DONT_COPY_DER0x00000001 |
305 CRL_DECODE_SKIP_ENTRIES0x00000002);
306 if (!nssCrl) {
307 SECITEM_FreeItemSECITEM_FreeItem_Util(derCrlCopy, PKIX_TRUE((PKIX_Boolean) 1));
308 continue;
309 }
310 /* pkix crl own the der. */
311 PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_pl_CRL_CreateWithSignedCRL
(nssCrl, derCrlCopy, ((void*)0), &crl, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLCREATEWITHSIGNEDCRLFAILED
; goto cleanup; } } while (0)
312 pkix_pl_CRL_CreateWithSignedCRL(nssCrl,do { stdVars.aPkixErrorResult = (pkix_pl_CRL_CreateWithSignedCRL
(nssCrl, derCrlCopy, ((void*)0), &crl, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLCREATEWITHSIGNEDCRLFAILED
; goto cleanup; } } while (0)
313 derCrlCopy, NULL, &crl, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CRL_CreateWithSignedCRL
(nssCrl, derCrlCopy, ((void*)0), &crl, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLCREATEWITHSIGNEDCRLFAILED
; goto cleanup; } } while (0)
314 PKIX_CRLCREATEWITHSIGNEDCRLFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CRL_CreateWithSignedCRL
(nssCrl, derCrlCopy, ((void*)0), &crl, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLCREATEWITHSIGNEDCRLFAILED
; goto cleanup; } } while (0);
315 /* Left control over memory pointed by derCrlCopy and
316 * nssCrl to pkix crl. */
317 derCrlCopy = NULL((void*)0);
318 nssCrl = NULL((void*)0);
319 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (crlList
, (PKIX_PL_Object *) crl, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
320 (crlList, (PKIX_PL_Object *) crl, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (crlList
, (PKIX_PL_Object *) crl, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
321 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (crlList
, (PKIX_PL_Object *) crl, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
322 PKIX_DECREF(crl)do { if (crl){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(crl), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } crl = ((void*)0); }
} while (0);
323 derCrlItem = *attrVal++;
324 }
325 /* Clean up after PKIX_CHECK_ONLY_FATAL */
326 pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_FALSE((PKIX_Boolean) 0);
327 }
328 sreAttr = *sreAttrArray++;
329 }
330 PKIX_DECREF(response)do { if (response){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(response), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } response = ((void*
)0); } } while (0);
331 }
332
333 *pCrls = crlList;
334 crlList = NULL((void*)0);
335cleanup:
336 if (derCrlCopy) {
337 SECITEM_FreeItemSECITEM_FreeItem_Util(derCrlCopy, PKIX_TRUE((PKIX_Boolean) 1));
338 }
339 if (nssCrl) {
340 SEC_DestroyCrl(nssCrl);
341 }
342 PKIX_DECREF(crl)do { if (crl){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(crl), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } crl = ((void*)0); }
} while (0);
343 PKIX_DECREF(crlList)do { if (crlList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(crlList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } crlList = ((void*)
0); } } while (0);
344 PKIX_DECREF(response)do { if (response){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(response), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } response = ((void*
)0); } } while (0);
345
346 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
347}
348
349/*
350 * FUNCTION: pkix_pl_LdapCertStore_DestroyAVAList
351 * DESCRIPTION:
352 *
353 * This function frees the space allocated for the components of the
354 * equalFilters that make up the andFilter pointed to by "filter".
355 *
356 * PARAMETERS:
357 * "requestParams"
358 * The address of the andFilter whose components are to be freed. Must be
359 * non-NULL.
360 * "plContext"
361 * Platform-specific context pointer
362 * THREAD SAFETY:
363 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
364 * RETURNS:
365 * Returns NULL if the function succeeds.
366 * Returns a CertStore Error if the function fails in a non-fatal way.
367 * Returns a Fatal Error if the function fails in an unrecoverable way.
368 */
369static PKIX_Error *
370pkix_pl_LdapCertStore_DestroyAVAList(
371 LDAPNameComponent **nameComponents,
372 void *plContext)
373{
374 LDAPNameComponent **currentNC = NULL((void*)0);
375 unsigned char *component = NULL((void*)0);
376
377 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_DestroyAVAList")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_DestroyAVAList"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
378 PKIX_NULLCHECK_ONE(nameComponents)do { if ((nameComponents) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
379
380 /* Set currentNC to point to first AVA pointer */
381 currentNC = nameComponents;
382
383 while ((*currentNC) != NULL((void*)0)) {
384 component = (*currentNC)->attrValue;
385 if (component != NULL((void*)0)) {
386 PORT_FreePORT_Free_Util(component);
387 }
388 currentNC++;
389 }
390
391 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
392}
393
394/*
395 * FUNCTION: pkix_pl_LdapCertStore_MakeNameAVAList
396 * DESCRIPTION:
397 *
398 * This function allocates space from the arena pointed to by "arena" to
399 * construct a filter that will match components of the X500Name pointed to
400 * by "name", and stores the resulting filter at "pFilter".
401 *
402 * "name" is checked for commonName and organizationName components (cn=,
403 * and o=). The component strings are extracted using the family of
404 * CERT_Get* functions, and each must be freed with PORT_Free.
405 *
406 * It is not clear which components should be in a request, so, for now,
407 * we stop adding components after we have found one.
408 *
409 * PARAMETERS:
410 * "arena"
411 * The address of the PLArenaPool used in creating the filter. Must be
412 * non-NULL.
413 * "name"
414 * The address of the X500Name whose components define the desired
415 * matches. Must be non-NULL.
416 * "pList"
417 * The address at which the result is stored.
418 * "plContext"
419 * Platform-specific context pointer
420 * THREAD SAFETY:
421 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
422 * RETURNS:
423 * Returns NULL if the function succeeds.
424 * Returns a CertStore Error if the function fails in a non-fatal way.
425 * Returns a Fatal Error if the function fails in an unrecoverable way.
426 */
427static PKIX_Error *
428pkix_pl_LdapCertStore_MakeNameAVAList(
429 PLArenaPool *arena,
430 PKIX_PL_X500Name *subjectName,
431 LDAPNameComponent ***pList,
432 void *plContext)
433{
434 LDAPNameComponent **setOfNameComponents;
435 LDAPNameComponent *currentNameComponent = NULL((void*)0);
436 PKIX_UInt32 componentsPresent = 0;
437 void *v = NULL((void*)0);
438 unsigned char *component = NULL((void*)0);
439
440 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_MakeNameAVAList")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_MakeNameAVAList"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
23
Assuming 'pkixLoggersDebugTrace' is null
24
Taking false branch
441 PKIX_NULLCHECK_THREE(arena, subjectName, pList)do { if (((arena) == ((void*)0)) || ((subjectName) == ((void*
)0)) || ((pList) == ((void*)0))){ stdVars.aPkixErrorReceived =
((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
25
Loop condition is false. Exiting loop
26
Taking false branch
27
Loop condition is false. Exiting loop
442
443 /* Increase this if additional components may be extracted */
444#define MAX_NUM_COMPONENTS3 3
445
446 /* Space for (MAX_NUM_COMPONENTS + 1) pointers to LDAPNameComponents */
447 PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZAlloc,; v = (PORT_ArenaZAlloc_Util (arena, (3 + 1)*sizeof(LDAPNameComponent
*)))
448 (arena, (MAX_NUM_COMPONENTS + 1)*sizeof(LDAPNameComponent *))); v = (PORT_ArenaZAlloc_Util (arena, (3 + 1)*sizeof(LDAPNameComponent
*)));
449 setOfNameComponents = (LDAPNameComponent **)v;
450
451 /* Space for MAX_NUM_COMPONENTS LDAPNameComponents */
452 PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZNewArray,; v = ((LDAPNameComponent *)PORT_ArenaZAlloc_Util(arena, sizeof
(LDAPNameComponent) * (3)))
453 (arena, LDAPNameComponent, MAX_NUM_COMPONENTS)); v = ((LDAPNameComponent *)PORT_ArenaZAlloc_Util(arena, sizeof
(LDAPNameComponent) * (3)));
454
455 currentNameComponent = (LDAPNameComponent *)v;
456
457 /* Try for commonName */
458 PKIX_CHECK(pkix_pl_X500Name_GetCommonNamedo { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetCommonName
(subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETCOMMONNAMEFAILED; goto
cleanup; } } while (0)
28
Assuming field 'aPkixErrorResult' is non-null
29
Taking true branch
30
Control jumps to line 506
459 (subjectName, &component, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetCommonName
(subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETCOMMONNAMEFAILED; goto
cleanup; } } while (0)
460 PKIX_X500NAMEGETCOMMONNAMEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetCommonName
(subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETCOMMONNAMEFAILED; goto
cleanup; } } while (0);
461 if (component) {
462 setOfNameComponents[componentsPresent] = currentNameComponent;
463 currentNameComponent->attrType = (unsigned char *)"cn";
464 currentNameComponent->attrValue = component;
465 componentsPresent++;
466 currentNameComponent++;
467 }
468
469 /*
470 * The LDAP specification says we can send multiple name components
471 * in an "AND" filter, but the LDAP Servers don't seem to be able to
472 * handle such requests. So we'll quit after the cn component.
473 */
474#if 0
475 /* Try for orgName */
476 PKIX_CHECK(pkix_pl_X500Name_GetOrgNamedo { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetOrgName (
subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETORGNAMEFAILED; goto
cleanup; } } while (0)
477 (subjectName, &component, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetOrgName (
subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETORGNAMEFAILED; goto
cleanup; } } while (0)
478 PKIX_X500NAMEGETORGNAMEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetOrgName (
subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETORGNAMEFAILED; goto
cleanup; } } while (0);
479 if (component) {
480 setOfNameComponents[componentsPresent] = currentNameComponent;
481 currentNameComponent->attrType = (unsigned char *)"o";
482 currentNameComponent->attrValue = component;
483 componentsPresent++;
484 currentNameComponent++;
485 }
486
487 /* Try for countryName */
488 PKIX_CHECK(pkix_pl_X500Name_GetCountryNamedo { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetCountryName
(subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETCOUNTRYNAMEFAILED;
goto cleanup; } } while (0)
489 (subjectName, &component, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetCountryName
(subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETCOUNTRYNAMEFAILED;
goto cleanup; } } while (0)
490 PKIX_X500NAMEGETCOUNTRYNAMEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_X500Name_GetCountryName
(subjectName, &component, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_X500NAMEGETCOUNTRYNAMEFAILED;
goto cleanup; } } while (0);
491 if (component) {
492 setOfNameComponents[componentsPresent] = currentNameComponent;
493 currentNameComponent->attrType = (unsigned char *)"c";
494 currentNameComponent->attrValue = component;
495 componentsPresent++;
496 currentNameComponent++;
497 }
498#endif
499
500 setOfNameComponents[componentsPresent] = NULL((void*)0);
501
502 *pList = setOfNameComponents;
503
504cleanup:
505
506 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
31
Returning without writing to '*pList'
32
Returning pointer, which participates in a condition later
507
508}
509
510#if 0
511/*
512 * FUNCTION: pkix_pl_LdapCertstore_ConvertCertResponses
513 * DESCRIPTION:
514 *
515 * This function processes the List of LDAPResponses pointed to by "responses"
516 * into a List of resulting Certs, storing the result at "pCerts". If there
517 * are no responses converted successfully, a NULL may be stored.
518 *
519 * PARAMETERS:
520 * "responses"
521 * The LDAPResponses whose contents are to be converted. Must be non-NULL.
522 * "pCerts"
523 * Address at which the returned List is stored. Must be non-NULL.
524 * "plContext"
525 * Platform-specific context pointer.
526 * THREAD SAFETY:
527 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
528 * RETURNS:
529 * Returns NULL if the function succeeds.
530 * Returns a CertStore Error if the function fails in a non-fatal way
531 * Returns a Fatal Error if the function fails in an unrecoverable way.
532 */
533PKIX_Error *
534pkix_pl_LdapCertStore_ConvertCertResponses(
535 PKIX_List *responses,
536 PKIX_List **pCerts,
537 void *plContext)
538{
539 PKIX_List *unfiltered = NULL((void*)0);
540
541 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_ConvertCertResponses")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_ConvertCertResponses"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
542 PKIX_NULLCHECK_TWO(responses, pCerts)do { if (((responses) == ((void*)0)) || ((pCerts) == ((void*)
0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
543
544 /*
545 * We have a List of LdapResponse objects that have to be
546 * turned into Certs.
547 */
548 PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfiltered, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0)
549 (responses, &unfiltered, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfiltered, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0)
550 PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfiltered, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0);
551
552 *pCerts = unfiltered;
553
554cleanup:
555
556 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
557}
558#endif
559
560/*
561 * FUNCTION: pkix_pl_LdapCertStore_GetCert
562 * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
563 */
564PKIX_Error *
565pkix_pl_LdapCertStore_GetCert(
566 PKIX_CertStore *store,
567 PKIX_CertSelector *selector,
568 PKIX_VerifyNode *verifyNode,
569 void **pNBIOContext,
570 PKIX_List **pCertList,
571 void *plContext)
572{
573 PLArenaPool *requestArena = NULL((void*)0);
574 LDAPRequestParams requestParams;
575 void *pollDesc = NULL((void*)0);
576 PKIX_Int32 minPathLen = 0;
577 PKIX_Boolean cacheFlag = PKIX_FALSE((PKIX_Boolean) 0);
578 PKIX_ComCertSelParams *params = NULL((void*)0);
579 PKIX_PL_LdapCertStoreContext *lcs = NULL((void*)0);
580 PKIX_List *responses = NULL((void*)0);
581 PKIX_List *unfilteredCerts = NULL((void*)0);
582 PKIX_List *filteredCerts = NULL((void*)0);
583 PKIX_PL_X500Name *subjectName = 0;
584
585 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCert")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_GetCert"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1
Assuming 'pkixLoggersDebugTrace' is null
2
Taking false branch
586 PKIX_NULLCHECK_THREE(store, selector, pCertList)do { if (((store) == ((void*)0)) || ((selector) == ((void*)0)
) || ((pCertList) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
3
Loop condition is false. Exiting loop
4
Assuming 'store' is not equal to null
5
Assuming 'selector' is not equal to null
6
Assuming 'pCertList' is not equal to null
7
Taking false branch
8
Loop condition is false. Exiting loop
587
588 requestParams.baseObject = "c=US";
589 requestParams.scope = WHOLE_SUBTREE;
590 requestParams.derefAliases = NEVER_DEREF;
591 requestParams.sizeLimit = 0;
592 requestParams.timeLimit = 0;
593
594 /* Prepare elements for request filter */
595
596 /*
597 * Get a short-lived arena. We'll be done with this space once
598 * the request is encoded.
599 */
600 requestArena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
601 if (!requestArena) {
9
Assuming 'requestArena' is non-null
10
Taking false branch
602 PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_OUTOFMEMORY; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto cleanup; };
603 }
604
605 PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParamsdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
(selector, &params, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMCERTSELPARAMSFAILED
; goto cleanup; } } while (0)
11
Assuming field 'aPkixErrorResult' is null
12
Taking false branch
13
Loop condition is false. Exiting loop
606 (selector, &params, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
(selector, &params, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMCERTSELPARAMSFAILED
; goto cleanup; } } while (0)
607 PKIX_CERTSELECTORGETCOMCERTSELPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
(selector, &params, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMCERTSELPARAMSFAILED
; goto cleanup; } } while (0);
608
609 /*
610 * If we have the subject name for the desired subject,
611 * ask the server for Certs with that subject.
612 */
613 PKIX_CHECK(PKIX_ComCertSelParams_GetSubjectdo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetSubject
(params, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETSUBJECTFAILED
; goto cleanup; } } while (0)
14
Assuming field 'aPkixErrorResult' is null
15
Taking false branch
16
Loop condition is false. Exiting loop
614 (params, &subjectName, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetSubject
(params, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETSUBJECTFAILED
; goto cleanup; } } while (0)
615 PKIX_COMCERTSELPARAMSGETSUBJECTFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetSubject
(params, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETSUBJECTFAILED
; goto cleanup; } } while (0);
616
617 PKIX_CHECK(PKIX_ComCertSelParams_GetBasicConstraintsdo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetBasicConstraints
(params, &minPathLen, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0)
17
Assuming field 'aPkixErrorResult' is null
18
Taking false branch
19
Loop condition is false. Exiting loop
618 (params, &minPathLen, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetBasicConstraints
(params, &minPathLen, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0)
619 PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetBasicConstraints
(params, &minPathLen, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0);
620
621 if (subjectName) {
20
Assuming 'subjectName' is non-null
21
Taking true branch
622 PKIX_CHECK(pkix_pl_LdapCertStore_MakeNameAVAListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, subjectName, &(requestParams.nc), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED; goto cleanup; } }
while (0)
22
Calling 'pkix_pl_LdapCertStore_MakeNameAVAList'
33
Returning from 'pkix_pl_LdapCertStore_MakeNameAVAList'
34
Assuming field 'aPkixErrorResult' is null
35
Taking false branch
36
Loop condition is false. Exiting loop
623 (requestArena,do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, subjectName, &(requestParams.nc), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED; goto cleanup; } }
while (0)
624 subjectName,do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, subjectName, &(requestParams.nc), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED; goto cleanup; } }
while (0)
625 &(requestParams.nc),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, subjectName, &(requestParams.nc), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED; goto cleanup; } }
while (0)
626 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, subjectName, &(requestParams.nc), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED; goto cleanup; } }
while (0)
627 PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, subjectName, &(requestParams.nc), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED; goto cleanup; } }
while (0);
628
629 if (*requestParams.nc == NULL((void*)0)) {
37
Dereference of undefined pointer value (loaded from field 'nc')
630 /*
631 * The subjectName may not include any components
632 * that we know how to encode. We do not return
633 * an error, because the caller did not necessarily
634 * do anything wrong, but we return an empty List.
635 */
636 PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,; (PORT_FreeArena_Util (requestArena, 0))
637 (requestArena, PR_FALSE)); (PORT_FreeArena_Util (requestArena, 0));
638
639 PKIX_CHECK(PKIX_List_Create(&filteredCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&filteredCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
640 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&filteredCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
641
642 PKIX_CHECK(PKIX_List_SetImmutabledo { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (filteredCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
643 (filteredCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (filteredCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
644 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (filteredCerts
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
645
646 *pNBIOContext = NULL((void*)0);
647 *pCertList = filteredCerts;
648 filteredCerts = NULL((void*)0);
649 goto cleanup;
650 }
651 } else {
652 PKIX_ERROR(PKIX_INSUFFICIENTCRITERIAFORCERTQUERY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_INSUFFICIENTCRITERIAFORCERTQUERY, ((void*)0), stdVars.
aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_INSUFFICIENTCRITERIAFORCERTQUERY
; goto cleanup; };
653 }
654
655 /* Prepare attribute field of request */
656
657 requestParams.attributes = 0;
658
659 if (minPathLen < 0) {
660 requestParams.attributes |= LDAPATTR_USERCERT(1<<1);
661 }
662
663 if (minPathLen > -2) {
664 requestParams.attributes |=
665 LDAPATTR_CACERT(1<<0) | LDAPATTR_CROSSPAIRCERT(1<<2);
666 }
667
668 /* All request fields are done */
669
670 PKIX_CHECK(PKIX_CertStore_GetCertStoreContextdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0)
671 (store, (PKIX_PL_Object **)&lcs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0)
672 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0);
673
674 PKIX_CHECK(PKIX_PL_LdapClient_InitiateRequestdo { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
675 ((PKIX_PL_LdapClient *)lcs,do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
676 &requestParams,do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
677 &pollDesc,do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
678 &responses,do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
679 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
680 PKIX_LDAPCLIENTINITIATEREQUESTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0);
681
682 PKIX_CHECK(pkix_pl_LdapCertStore_DestroyAVAListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DestroyAVAList
(requestParams.nc, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED
; goto cleanup; } } while (0)
683 (requestParams.nc, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DestroyAVAList
(requestParams.nc, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED
; goto cleanup; } } while (0)
684 PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DestroyAVAList
(requestParams.nc, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED
; goto cleanup; } } while (0);
685
686 if (requestArena) {
687 PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,; (PORT_FreeArena_Util (requestArena, 0))
688 (requestArena, PR_FALSE)); (PORT_FreeArena_Util (requestArena, 0));
689 requestArena = NULL((void*)0);
690 }
691
692 if (pollDesc != NULL((void*)0)) {
693 /* client is waiting for non-blocking I/O to complete */
694 *pNBIOContext = (void *)pollDesc;
695 *pCertList = NULL((void*)0);
696 goto cleanup;
697 }
698 /* LdapClient has given us a response! */
699
700 if (responses) {
701 PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlagdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
(store, &cacheFlag, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0)
702 (store, &cacheFlag, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
(store, &cacheFlag, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0)
703 PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
(store, &cacheFlag, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0);
704
705 PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfilteredCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0)
706 (responses, &unfilteredCerts, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfilteredCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0)
707 PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfilteredCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0);
708
709 PKIX_CHECK(pkix_CertSelector_Selectdo { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (selector
, unfilteredCerts, &filteredCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
710 (selector, unfilteredCerts, &filteredCerts, plContext),do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (selector
, unfilteredCerts, &filteredCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
711 PKIX_CERTSELECTORSELECTFAILED)do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (selector
, unfilteredCerts, &filteredCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0);
712 }
713
714 *pNBIOContext = NULL((void*)0);
715 *pCertList = filteredCerts;
716 filteredCerts = NULL((void*)0);
717
718cleanup:
719
720 PKIX_DECREF(params)do { if (params){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(params), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } params = ((void*)0
); } } while (0);
721 PKIX_DECREF(subjectName)do { if (subjectName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectName), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjectName = ((void
*)0); } } while (0);
722 PKIX_DECREF(responses)do { if (responses){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(responses), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } responses = ((void
*)0); } } while (0);
723 PKIX_DECREF(unfilteredCerts)do { if (unfilteredCerts){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(unfilteredCerts), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } unfilteredCerts
= ((void*)0); } } while (0);
724 PKIX_DECREF(filteredCerts)do { if (filteredCerts){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(filteredCerts), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } filteredCerts
= ((void*)0); } } while (0);
725 PKIX_DECREF(lcs)do { if (lcs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(lcs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } lcs = ((void*)0); }
} while (0);
726
727 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
728}
729
730/*
731 * FUNCTION: pkix_pl_LdapCertStore_GetCertContinue
732 * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
733 */
734PKIX_Error *
735pkix_pl_LdapCertStore_GetCertContinue(
736 PKIX_CertStore *store,
737 PKIX_CertSelector *selector,
738 PKIX_VerifyNode *verifyNode,
739 void **pNBIOContext,
740 PKIX_List **pCertList,
741 void *plContext)
742{
743 PKIX_Boolean cacheFlag = PKIX_FALSE((PKIX_Boolean) 0);
744 PKIX_PL_LdapCertStoreContext *lcs = NULL((void*)0);
745 void *pollDesc = NULL((void*)0);
746 PKIX_List *responses = NULL((void*)0);
747 PKIX_List *unfilteredCerts = NULL((void*)0);
748 PKIX_List *filteredCerts = NULL((void*)0);
749
750 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCertContinue")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_GetCertContinue"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
751 PKIX_NULLCHECK_THREE(store, selector, pCertList)do { if (((store) == ((void*)0)) || ((selector) == ((void*)0)
) || ((pCertList) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
752
753 PKIX_CHECK(PKIX_CertStore_GetCertStoreContextdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0)
754 (store, (PKIX_PL_Object **)&lcs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0)
755 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0);
756
757 PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequestdo { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_ResumeRequest
((PKIX_PL_LdapClient *)lcs, &pollDesc, &responses, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCLIENTRESUMEREQUESTFAILED; goto cleanup; } } while
(0)
758 ((PKIX_PL_LdapClient *)lcs, &pollDesc, &responses, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_ResumeRequest
((PKIX_PL_LdapClient *)lcs, &pollDesc, &responses, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCLIENTRESUMEREQUESTFAILED; goto cleanup; } } while
(0)
759 PKIX_LDAPCLIENTRESUMEREQUESTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_ResumeRequest
((PKIX_PL_LdapClient *)lcs, &pollDesc, &responses, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCLIENTRESUMEREQUESTFAILED; goto cleanup; } } while
(0);
760
761 if (pollDesc != NULL((void*)0)) {
762 /* client is waiting for non-blocking I/O to complete */
763 *pNBIOContext = (void *)pollDesc;
764 *pCertList = NULL((void*)0);
765 goto cleanup;
766 }
767 /* LdapClient has given us a response! */
768
769 if (responses) {
770 PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlagdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
(store, &cacheFlag, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0)
771 (store, &cacheFlag, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
(store, &cacheFlag, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0)
772 PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
(store, &cacheFlag, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0);
773
774 PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfilteredCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0)
775 (responses, &unfilteredCerts, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfilteredCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0)
776 PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCertList
(responses, &unfilteredCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED
; goto cleanup; } } while (0);
777
778 PKIX_CHECK(pkix_CertSelector_Selectdo { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (selector
, unfilteredCerts, &filteredCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
779 (selector, unfilteredCerts, &filteredCerts, plContext),do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (selector
, unfilteredCerts, &filteredCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
780 PKIX_CERTSELECTORSELECTFAILED)do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (selector
, unfilteredCerts, &filteredCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0);
781 }
782
783 *pNBIOContext = NULL((void*)0);
784 *pCertList = filteredCerts;
785
786cleanup:
787
788 PKIX_DECREF(responses)do { if (responses){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(responses), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } responses = ((void
*)0); } } while (0);
789 PKIX_DECREF(unfilteredCerts)do { if (unfilteredCerts){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(unfilteredCerts), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } unfilteredCerts
= ((void*)0); } } while (0);
790 PKIX_DECREF(lcs)do { if (lcs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(lcs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } lcs = ((void*)0); }
} while (0);
791
792 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
793}
794
795/*
796 * FUNCTION: pkix_pl_LdapCertStore_GetCRL
797 * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
798 */
799PKIX_Error *
800pkix_pl_LdapCertStore_GetCRL(
801 PKIX_CertStore *store,
802 PKIX_CRLSelector *selector,
803 void **pNBIOContext,
804 PKIX_List **pCrlList,
805 void *plContext)
806{
807 LDAPRequestParams requestParams;
808 void *pollDesc = NULL((void*)0);
809 PLArenaPool *requestArena = NULL((void*)0);
810 PKIX_UInt32 numNames = 0;
811 PKIX_UInt32 thisName = 0;
812 PKIX_PL_CRL *candidate = NULL((void*)0);
813 PKIX_List *responses = NULL((void*)0);
814 PKIX_List *issuerNames = NULL((void*)0);
815 PKIX_List *filteredCRLs = NULL((void*)0);
816 PKIX_List *unfilteredCRLs = NULL((void*)0);
817 PKIX_PL_X500Name *issuer = NULL((void*)0);
818 PKIX_PL_LdapCertStoreContext *lcs = NULL((void*)0);
819 PKIX_ComCRLSelParams *params = NULL((void*)0);
820
821 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCRL")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_GetCRL"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
822 PKIX_NULLCHECK_THREE(store, selector, pCrlList)do { if (((store) == ((void*)0)) || ((selector) == ((void*)0)
) || ((pCrlList) == ((void*)0))){ stdVars.aPkixErrorReceived =
((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
823
824 requestParams.baseObject = "c=US";
825 requestParams.scope = WHOLE_SUBTREE;
826 requestParams.derefAliases = NEVER_DEREF;
827 requestParams.sizeLimit = 0;
828 requestParams.timeLimit = 0;
829 requestParams.attributes = LDAPATTR_CERTREVLIST(1<<3) | LDAPATTR_AUTHREVLIST(1<<4);
830 /* Prepare elements for request filter */
831
832 /* XXX Place CRLDP code here. Handle the case when */
833 /* RFC 5280. Paragraph: 4.2.1.13: */
834 /* If the distributionPoint field contains a directoryName, the entry */
835 /* for that directoryName contains the current CRL for the associated */
836 /* reasons and the CRL is issued by the associated cRLIssuer. The CRL */
837 /* may be stored in either the certificateRevocationList or */
838 /* authorityRevocationList attribute. The CRL is to be obtained by the */
839 /* application from whatever directory server is locally configured. */
840 /* The protocol the application uses to access the directory (e.g., DAP */
841 /* or LDAP) is a local matter. */
842
843
844
845 /*
846 * Get a short-lived arena. We'll be done with this space once
847 * the request is encoded.
848 */
849 PKIX_PL_NSSCALLRV; requestArena = (PORT_NewArena_Util ((2048)))
850 (CERTSTORE, requestArena, PORT_NewArena, (DER_DEFAULT_CHUNKSIZE)); requestArena = (PORT_NewArena_Util ((2048)));
851
852 if (!requestArena) {
853 PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_OUTOFMEMORY; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto cleanup; };
854 }
855
856 PKIX_CHECK(PKIX_CRLSelector_GetCommonCRLSelectorParamsdo { stdVars.aPkixErrorResult = (PKIX_CRLSelector_GetCommonCRLSelectorParams
(selector, &params, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CRLSELECTORGETCOMCERTSELPARAMSFAILED
; goto cleanup; } } while (0)
857 (selector, &params, plContext),do { stdVars.aPkixErrorResult = (PKIX_CRLSelector_GetCommonCRLSelectorParams
(selector, &params, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CRLSELECTORGETCOMCERTSELPARAMSFAILED
; goto cleanup; } } while (0)
858 PKIX_CRLSELECTORGETCOMCERTSELPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CRLSelector_GetCommonCRLSelectorParams
(selector, &params, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CRLSELECTORGETCOMCERTSELPARAMSFAILED
; goto cleanup; } } while (0);
859
860 PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNamesdo { stdVars.aPkixErrorResult = (PKIX_ComCRLSelParams_GetIssuerNames
(params, &issuerNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED
; goto cleanup; } } while (0)
861 (params, &issuerNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCRLSelParams_GetIssuerNames
(params, &issuerNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED
; goto cleanup; } } while (0)
862 PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCRLSelParams_GetIssuerNames
(params, &issuerNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED
; goto cleanup; } } while (0);
863
864 /*
865 * The specification for PKIX_ComCRLSelParams_GetIssuerNames in
866 * pkix_crlsel.h says that if the criterion is not set we get a null
867 * pointer. If we get an empty List the criterion is impossible to
868 * meet ("must match at least one of the names in the List").
869 */
870 if (issuerNames) {
871
872 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (issuerNames
, &numNames, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
873 (issuerNames, &numNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (issuerNames
, &numNames, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
874 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (issuerNames
, &numNames, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
875
876 if (numNames > 0) {
877 /*
878 * LDAP Servers don't seem to be able to handle
879 * requests with more than more than one name.
880 * So only use first name.
881 */
882 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (issuerNames
, thisName, (PKIX_PL_Object **)&issuer, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
883 (issuerNames,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (issuerNames
, thisName, (PKIX_PL_Object **)&issuer, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
884 thisName,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (issuerNames
, thisName, (PKIX_PL_Object **)&issuer, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
885 (PKIX_PL_Object **)&issuer,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (issuerNames
, thisName, (PKIX_PL_Object **)&issuer, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
886 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (issuerNames
, thisName, (PKIX_PL_Object **)&issuer, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
887 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (issuerNames
, thisName, (PKIX_PL_Object **)&issuer, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
888
889 PKIX_CHECKdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, issuer, &(requestParams.nc), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED
; goto cleanup; } } while (0)
890 (pkix_pl_LdapCertStore_MakeNameAVAListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, issuer, &(requestParams.nc), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED
; goto cleanup; } } while (0)
891 (requestArena,do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, issuer, &(requestParams.nc), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED
; goto cleanup; } } while (0)
892 issuer,do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, issuer, &(requestParams.nc), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED
; goto cleanup; } } while (0)
893 &(requestParams.nc),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, issuer, &(requestParams.nc), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED
; goto cleanup; } } while (0)
894 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, issuer, &(requestParams.nc), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED
; goto cleanup; } } while (0)
895 PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena, issuer, &(requestParams.nc), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED
; goto cleanup; } } while (0);
896
897 PKIX_DECREF(issuer)do { if (issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuer), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } issuer = ((void*)0
); } } while (0);
898
899 if (*requestParams.nc == NULL((void*)0)) {
900 /*
901 * The issuer may not include any
902 * components that we know how to
903 * encode. We do not return an error,
904 * because the caller did not
905 * necessarily do anything wrong, but
906 * we return an empty List.
907 */
908 PKIX_PL_NSSCALL; (PORT_FreeArena_Util (requestArena, 0))
909 (CERTSTORE, PORT_FreeArena,; (PORT_FreeArena_Util (requestArena, 0))
910 (requestArena, PR_FALSE)); (PORT_FreeArena_Util (requestArena, 0));
911
912 PKIX_CHECK(PKIX_List_Createdo { stdVars.aPkixErrorResult = (PKIX_List_Create (&filteredCRLs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
913 (&filteredCRLs, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create (&filteredCRLs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
914 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create (&filteredCRLs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
915
916 PKIX_CHECK(PKIX_List_SetImmutabledo { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (filteredCRLs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
917 (filteredCRLs, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (filteredCRLs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
918 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable (filteredCRLs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
919
920 *pNBIOContext = NULL((void*)0);
921 *pCrlList = filteredCRLs;
922 goto cleanup;
923 }
924 } else {
925 PKIX_ERROR(PKIX_IMPOSSIBLECRITERIONFORCRLQUERY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_IMPOSSIBLECRITERIONFORCRLQUERY, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_IMPOSSIBLECRITERIONFORCRLQUERY
; goto cleanup; };
926 }
927 } else {
928 PKIX_ERROR(PKIX_IMPOSSIBLECRITERIONFORCRLQUERY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_IMPOSSIBLECRITERIONFORCRLQUERY, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_IMPOSSIBLECRITERIONFORCRLQUERY
; goto cleanup; };
929 }
930
931 /* All request fields are done */
932
933 PKIX_CHECK(PKIX_CertStore_GetCertStoreContextdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0)
934 (store, (PKIX_PL_Object **)&lcs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0)
935 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0);
936
937 PKIX_CHECK(PKIX_PL_LdapClient_InitiateRequestdo { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
938 ((PKIX_PL_LdapClient *)lcs,do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
939 &requestParams,do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
940 &pollDesc,do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
941 &responses,do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
942 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0)
943 PKIX_LDAPCLIENTINITIATEREQUESTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_InitiateRequest
((PKIX_PL_LdapClient *)lcs, &requestParams, &pollDesc
, &responses, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCLIENTINITIATEREQUESTFAILED
; goto cleanup; } } while (0);
944
945 PKIX_CHECK(pkix_pl_LdapCertStore_DestroyAVAListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DestroyAVAList
(requestParams.nc, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED
; goto cleanup; } } while (0)
946 (requestParams.nc, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DestroyAVAList
(requestParams.nc, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED
; goto cleanup; } } while (0)
947 PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_DestroyAVAList
(requestParams.nc, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED
; goto cleanup; } } while (0);
948
949 if (requestArena) {
950 PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,; (PORT_FreeArena_Util (requestArena, 0))
951 (requestArena, PR_FALSE)); (PORT_FreeArena_Util (requestArena, 0));
952 }
953
954 if (pollDesc != NULL((void*)0)) {
955 /* client is waiting for non-blocking I/O to complete */
956 *pNBIOContext = (void *)pollDesc;
957 *pCrlList = NULL((void*)0);
958 goto cleanup;
959 }
960 /* client has finished! */
961
962 if (responses) {
963
964 /*
965 * We have a List of LdapResponse objects that still have to be
966 * turned into Crls.
967 */
968 PKIX_CHECK(pkix_pl_LdapCertStore_BuildCrlListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCrlList
(responses, &unfilteredCRLs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED
; goto cleanup; } } while (0)
969 (responses, &unfilteredCRLs, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCrlList
(responses, &unfilteredCRLs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED
; goto cleanup; } } while (0)
970 PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCrlList
(responses, &unfilteredCRLs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED
; goto cleanup; } } while (0);
971
972 PKIX_CHECK(pkix_CRLSelector_Selectdo { stdVars.aPkixErrorResult = (pkix_CRLSelector_Select (selector
, unfilteredCRLs, &filteredCRLs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLSELECTORSELECTFAILED
; goto cleanup; } } while (0)
973 (selector, unfilteredCRLs, &filteredCRLs, plContext),do { stdVars.aPkixErrorResult = (pkix_CRLSelector_Select (selector
, unfilteredCRLs, &filteredCRLs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLSELECTORSELECTFAILED
; goto cleanup; } } while (0)
974 PKIX_CRLSELECTORSELECTFAILED)do { stdVars.aPkixErrorResult = (pkix_CRLSelector_Select (selector
, unfilteredCRLs, &filteredCRLs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLSELECTORSELECTFAILED
; goto cleanup; } } while (0);
975
976 }
977
978 /* Don't throw away the list if one CRL was bad! */
979 pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_FALSE((PKIX_Boolean) 0);
980
981 *pNBIOContext = NULL((void*)0);
982 *pCrlList = filteredCRLs;
983
984cleanup:
985
986 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
987 PKIX_DECREF(filteredCRLs)do { if (filteredCRLs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(filteredCRLs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } filteredCRLs = ((void
*)0); } } while (0);
988 }
989
990 PKIX_DECREF(params)do { if (params){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(params), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } params = ((void*)0
); } } while (0);
991 PKIX_DECREF(issuerNames)do { if (issuerNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerNames), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } issuerNames = ((void
*)0); } } while (0);
992 PKIX_DECREF(issuer)do { if (issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuer), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } issuer = ((void*)0
); } } while (0);
993 PKIX_DECREF(candidate)do { if (candidate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(candidate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } candidate = ((void
*)0); } } while (0);
994 PKIX_DECREF(responses)do { if (responses){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(responses), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } responses = ((void
*)0); } } while (0);
995 PKIX_DECREF(unfilteredCRLs)do { if (unfilteredCRLs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(unfilteredCRLs), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } unfilteredCRLs
= ((void*)0); } } while (0);
996 PKIX_DECREF(lcs)do { if (lcs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(lcs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } lcs = ((void*)0); }
} while (0);
997
998 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
999}
1000
1001/*
1002 * FUNCTION: pkix_pl_LdapCertStore_GetCRLContinue
1003 * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
1004 */
1005PKIX_Error *
1006pkix_pl_LdapCertStore_GetCRLContinue(
1007 PKIX_CertStore *store,
1008 PKIX_CRLSelector *selector,
1009 void **pNBIOContext,
1010 PKIX_List **pCrlList,
1011 void *plContext)
1012{
1013 void *nbio = NULL((void*)0);
1014 PKIX_PL_CRL *candidate = NULL((void*)0);
1015 PKIX_List *responses = NULL((void*)0);
1016 PKIX_PL_LdapCertStoreContext *lcs = NULL((void*)0);
1017 PKIX_List *filteredCRLs = NULL((void*)0);
1018 PKIX_List *unfilteredCRLs = NULL((void*)0);
1019
1020 PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCRLContinue")static const char cMyFuncName[] = {"pkix_pl_LdapCertStore_GetCRLContinue"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1021 PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList)do { if (((store) == ((void*)0)) || ((selector) == ((void*)0)
) || ((pNBIOContext) == ((void*)0)) || ((pCrlList) == ((void*
)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1022
1023 PKIX_CHECK(PKIX_CertStore_GetCertStoreContextdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0)
1024 (store, (PKIX_PL_Object **)&lcs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0)
1025 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED
; goto cleanup; } } while (0);
1026
1027 PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequestdo { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_ResumeRequest
((PKIX_PL_LdapClient *)lcs, &nbio, &responses, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCLIENTRESUMEREQUESTFAILED; goto cleanup; } } while
(0)
1028 ((PKIX_PL_LdapClient *)lcs, &nbio, &responses, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_ResumeRequest
((PKIX_PL_LdapClient *)lcs, &nbio, &responses, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCLIENTRESUMEREQUESTFAILED; goto cleanup; } } while
(0)
1029 PKIX_LDAPCLIENTRESUMEREQUESTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_LdapClient_ResumeRequest
((PKIX_PL_LdapClient *)lcs, &nbio, &responses, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LDAPCLIENTRESUMEREQUESTFAILED; goto cleanup; } } while
(0);
1030
1031 if (nbio != NULL((void*)0)) {
1032 /* client is waiting for non-blocking I/O to complete */
1033 *pNBIOContext = (void *)nbio;
1034 *pCrlList = NULL((void*)0);
1035 goto cleanup;
1036 }
1037 /* client has finished! */
1038
1039 if (responses) {
1040
1041 /*
1042 * We have a List of LdapResponse objects that still have to be
1043 * turned into Crls.
1044 */
1045 PKIX_CHECK(pkix_pl_LdapCertStore_BuildCrlListdo { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCrlList
(responses, &unfilteredCRLs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED
; goto cleanup; } } while (0)
1046 (responses, &unfilteredCRLs, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCrlList
(responses, &unfilteredCRLs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED
; goto cleanup; } } while (0)
1047 PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_LdapCertStore_BuildCrlList
(responses, &unfilteredCRLs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED
; goto cleanup; } } while (0);
1048
1049 PKIX_CHECK(pkix_CRLSelector_Selectdo { stdVars.aPkixErrorResult = (pkix_CRLSelector_Select (selector
, unfilteredCRLs, &filteredCRLs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLSELECTORSELECTFAILED
; goto cleanup; } } while (0)
1050 (selector, unfilteredCRLs, &filteredCRLs, plContext),do { stdVars.aPkixErrorResult = (pkix_CRLSelector_Select (selector
, unfilteredCRLs, &filteredCRLs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLSELECTORSELECTFAILED
; goto cleanup; } } while (0)
1051 PKIX_CRLSELECTORSELECTFAILED)do { stdVars.aPkixErrorResult = (pkix_CRLSelector_Select (selector
, unfilteredCRLs, &filteredCRLs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CRLSELECTORSELECTFAILED
; goto cleanup; } } while (0);
1052
1053 PKIX_CHECK(PKIX_List_SetImmutable(filteredCRLs, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(filteredCRLs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
1054 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(filteredCRLs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
1055
1056 }
1057
1058 /* Don't throw away the list if one CRL was bad! */
1059 pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_FALSE((PKIX_Boolean) 0);
1060
1061 *pCrlList = filteredCRLs;
1062
1063cleanup:
1064 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
1065 PKIX_DECREF(filteredCRLs)do { if (filteredCRLs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(filteredCRLs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } filteredCRLs = ((void
*)0); } } while (0);
1066 }
1067
1068 PKIX_DECREF(candidate)do { if (candidate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(candidate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } candidate = ((void
*)0); } } while (0);
1069 PKIX_DECREF(responses)do { if (responses){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(responses), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } responses = ((void
*)0); } } while (0);
1070 PKIX_DECREF(unfilteredCRLs)do { if (unfilteredCRLs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(unfilteredCRLs), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } unfilteredCRLs
= ((void*)0); } } while (0);
1071 PKIX_DECREF(lcs)do { if (lcs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(lcs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } lcs = ((void*)0); }
} while (0);
1072
1073 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
1074}
1075
1076/* --Public-LdapCertStore-Functions----------------------------------- */
1077
1078/*
1079 * FUNCTION: PKIX_PL_LdapCertStore_Create
1080 * (see comments in pkix_samples_modules.h)
1081 */
1082PKIX_Error *
1083PKIX_PL_LdapCertStore_Create(
1084 PKIX_PL_LdapClient *client,
1085 PKIX_CertStore **pCertStore,
1086 void *plContext)
1087{
1088 PKIX_CertStore *certStore = NULL((void*)0);
1089
1090 PKIX_ENTER(CERTSTORE, "PKIX_PL_LdapCertStore_Create")static const char cMyFuncName[] = {"PKIX_PL_LdapCertStore_Create"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTSTORE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1091 PKIX_NULLCHECK_TWO(client, pCertStore)do { if (((client) == ((void*)0)) || ((pCertStore) == ((void*
)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1092
1093 PKIX_CHECK(PKIX_CertStore_Createdo { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1094 (pkix_pl_LdapCertStore_GetCert,do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1095 pkix_pl_LdapCertStore_GetCRL,do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1096 pkix_pl_LdapCertStore_GetCertContinue,do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1097 pkix_pl_LdapCertStore_GetCRLContinue,do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1098 NULL, /* don't support trust */do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1099 NULL, /* can not store crls */do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1100 NULL, /* can not do revocation check */do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1101 (PKIX_PL_Object *)client,do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1102 PKIX_TRUE, /* cache flag */do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1103 PKIX_FALSE, /* not local */do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1104 &certStore,do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1105 plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0)
1106 PKIX_CERTSTORECREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_Create (pkix_pl_LdapCertStore_GetCert
, pkix_pl_LdapCertStore_GetCRL, pkix_pl_LdapCertStore_GetCertContinue
, pkix_pl_LdapCertStore_GetCRLContinue, ((void*)0), ((void*)0
), ((void*)0), (PKIX_PL_Object *)client, ((PKIX_Boolean) 1), (
(PKIX_Boolean) 0), &certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECREATEFAILED; goto cleanup
; } } while (0);
1107
1108 *pCertStore = certStore;
1109
1110cleanup:
1111
1112 PKIX_RETURN(CERTSTORE)return PKIX_DoReturn(&stdVars, (PKIX_CERTSTORE_ERROR), ((
PKIX_Boolean) 1), plContext);;
1113}