Bug Summary

File:s/lib/libpkix/pkix/checker/pkix_policychecker.c
Warning:line 2761, column 9
Access to field 'certPoliciesExtension' results in a dereference of a null pointer (loaded from variable 'polCheckerState')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pkix_policychecker.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix/checker -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix/checker -resource-dir /usr/lib/llvm-18/lib/clang/18 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../../../dist/Linux4.19_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../../../dist/public/nss -I ../../../../../dist/private/nss -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-05-18-082241-28900-1 -x c pkix_policychecker.c
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/*
5 * pkix_policychecker.c
6 *
7 * Functions for Policy Checker
8 *
9 */
10#include "pkix_policychecker.h"
11
12/* --Forward declarations----------------------------------------------- */
13
14static PKIX_Error *
15pkix_PolicyChecker_MakeSingleton(
16 PKIX_PL_Object *listItem,
17 PKIX_Boolean immutability,
18 PKIX_List **pList,
19 void *plContext);
20
21/* --Private-PolicyCheckerState-Functions---------------------------------- */
22
23/*
24 * FUNCTION:pkix_PolicyCheckerState_Destroy
25 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
26 */
27static PKIX_Error *
28pkix_PolicyCheckerState_Destroy(
29 PKIX_PL_Object *object,
30 void *plContext)
31{
32 PKIX_PolicyCheckerState *checkerState = NULL((void*)0);
33
34 PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_Destroy")static const char cMyFuncName[] = {"pkix_PolicyCheckerState_Destroy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTPOLICYCHECKERSTATE_ERROR; ; do
{ if (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
35 PKIX_NULLCHECK_ONE(object)do { if ((object) == ((void*)0)){ stdVars.aPkixErrorReceived =
((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
36
37 PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTPOLICYCHECKERSTATE; goto cleanup; } } while (
0)
38 (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTPOLICYCHECKERSTATE; goto cleanup; } } while (
0)
39 PKIX_OBJECTNOTPOLICYCHECKERSTATE)do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTPOLICYCHECKERSTATE; goto cleanup; } } while (
0);
40
41 checkerState = (PKIX_PolicyCheckerState *)object;
42
43 PKIX_DECREF(checkerState->certPoliciesExtension)do { if (checkerState->certPoliciesExtension){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkerState->
certPoliciesExtension), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkerState->certPoliciesExtension
= ((void*)0); } } while (0);
44 PKIX_DECREF(checkerState->policyMappingsExtension)do { if (checkerState->policyMappingsExtension){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkerState->
policyMappingsExtension), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkerState->policyMappingsExtension
= ((void*)0); } } while (0);
45 PKIX_DECREF(checkerState->policyConstraintsExtension)do { if (checkerState->policyConstraintsExtension){ stdVars
.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(
checkerState->policyConstraintsExtension), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } checkerState->policyConstraintsExtension = ((void*
)0); } } while (0);
46 PKIX_DECREF(checkerState->inhibitAnyPolicyExtension)do { if (checkerState->inhibitAnyPolicyExtension){ stdVars
.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(
checkerState->inhibitAnyPolicyExtension), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } checkerState->inhibitAnyPolicyExtension = ((void*)
0); } } while (0);
47 PKIX_DECREF(checkerState->anyPolicyOID)do { if (checkerState->anyPolicyOID){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkerState->
anyPolicyOID), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } checkerState->anyPolicyOID = ((void*)0); }
} while (0);
48 PKIX_DECREF(checkerState->validPolicyTree)do { if (checkerState->validPolicyTree){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkerState->
validPolicyTree), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } checkerState->validPolicyTree = ((void*)0
); } } while (0);
49 PKIX_DECREF(checkerState->userInitialPolicySet)do { if (checkerState->userInitialPolicySet){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkerState->
userInitialPolicySet), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkerState->userInitialPolicySet
= ((void*)0); } } while (0);
50 PKIX_DECREF(checkerState->mappedUserInitialPolicySet)do { if (checkerState->mappedUserInitialPolicySet){ stdVars
.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(
checkerState->mappedUserInitialPolicySet), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } checkerState->mappedUserInitialPolicySet = ((void*
)0); } } while (0);
51
52 checkerState->policyQualifiersRejected = PKIX_FALSE((PKIX_Boolean) 0);
53 checkerState->explicitPolicy = 0;
54 checkerState->inhibitAnyPolicy = 0;
55 checkerState->policyMapping = 0;
56 checkerState->numCerts = 0;
57 checkerState->certsProcessed = 0;
58 checkerState->certPoliciesCritical = PKIX_FALSE((PKIX_Boolean) 0);
59
60 PKIX_DECREF(checkerState->anyPolicyNodeAtBottom)do { if (checkerState->anyPolicyNodeAtBottom){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkerState->
anyPolicyNodeAtBottom), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkerState->anyPolicyNodeAtBottom
= ((void*)0); } } while (0);
61 PKIX_DECREF(checkerState->newAnyPolicyNode)do { if (checkerState->newAnyPolicyNode){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkerState->
newAnyPolicyNode), plContext); if (stdVars.aPkixTempResult) {
PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkerState->newAnyPolicyNode
= ((void*)0); } } while (0);
62 PKIX_DECREF(checkerState->mappedPolicyOIDs)do { if (checkerState->mappedPolicyOIDs){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkerState->
mappedPolicyOIDs), plContext); if (stdVars.aPkixTempResult) {
PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkerState->mappedPolicyOIDs
= ((void*)0); } } while (0);
63
64cleanup:
65
66 PKIX_RETURN(CERTPOLICYCHECKERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_CERTPOLICYCHECKERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
67}
68
69/*
70 * FUNCTION: pkix_PolicyCheckerState_ToString
71 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
72 */
73static PKIX_Error *
74pkix_PolicyCheckerState_ToString(
75 PKIX_PL_Object *object,
76 PKIX_PL_String **pCheckerStateString,
77 void *plContext)
78{
79 PKIX_PolicyCheckerState *state = NULL((void*)0);
80 PKIX_PL_String *resultString = NULL((void*)0);
81 PKIX_PL_String *policiesExtOIDString = NULL((void*)0);
82 PKIX_PL_String *policyMapOIDString = NULL((void*)0);
83 PKIX_PL_String *policyConstrOIDString = NULL((void*)0);
84 PKIX_PL_String *inhAnyPolOIDString = NULL((void*)0);
85 PKIX_PL_String *anyPolicyOIDString = NULL((void*)0);
86 PKIX_PL_String *validPolicyTreeString = NULL((void*)0);
87 PKIX_PL_String *userInitialPolicySetString = NULL((void*)0);
88 PKIX_PL_String *mappedUserPolicySetString = NULL((void*)0);
89 PKIX_PL_String *mappedPolicyOIDsString = NULL((void*)0);
90 PKIX_PL_String *anyAtBottomString = NULL((void*)0);
91 PKIX_PL_String *newAnyPolicyString = NULL((void*)0);
92 PKIX_PL_String *formatString = NULL((void*)0);
93 PKIX_PL_String *trueString = NULL((void*)0);
94 PKIX_PL_String *falseString = NULL((void*)0);
95 PKIX_PL_String *nullString = NULL((void*)0);
96 PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE((PKIX_Boolean) 0);
97 PKIX_Boolean initialExplicitPolicy = PKIX_FALSE((PKIX_Boolean) 0);
98 PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE((PKIX_Boolean) 0);
99 PKIX_Boolean initialIsAnyPolicy = PKIX_FALSE((PKIX_Boolean) 0);
100 PKIX_Boolean policyQualifiersRejected = PKIX_FALSE((PKIX_Boolean) 0);
101 PKIX_Boolean certPoliciesCritical = PKIX_FALSE((PKIX_Boolean) 0);
102 char *asciiFormat =
103 "{\n"
104 "\tcertPoliciesExtension: \t%s\n"
105 "\tpolicyMappingsExtension: \t%s\n"
106 "\tpolicyConstraintsExtension:\t%s\n"
107 "\tinhibitAnyPolicyExtension:\t%s\n"
108 "\tanyPolicyOID: \t%s\n"
109 "\tinitialIsAnyPolicy: \t%s\n"
110 "\tvalidPolicyTree: \t%s\n"
111 "\tuserInitialPolicySet: \t%s\n"
112 "\tmappedUserPolicySet: \t%s\n"
113 "\tpolicyQualifiersRejected: \t%s\n"
114 "\tinitialPolMappingInhibit: \t%s\n"
115 "\tinitialExplicitPolicy: \t%s\n"
116 "\tinitialAnyPolicyInhibit: \t%s\n"
117 "\texplicitPolicy: \t%d\n"
118 "\tinhibitAnyPolicy: \t%d\n"
119 "\tpolicyMapping: \t%d\n"
120 "\tnumCerts: \t%d\n"
121 "\tcertsProcessed: \t%d\n"
122 "\tanyPolicyNodeAtBottom: \t%s\n"
123 "\tnewAnyPolicyNode: \t%s\n"
124 "\tcertPoliciesCritical: \t%s\n"
125 "\tmappedPolicyOIDs: \t%s\n"
126 "}";
127
128 PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_ToString")static const char cMyFuncName[] = {"pkix_PolicyCheckerState_ToString"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTPOLICYCHECKERSTATE_ERROR; ; do
{ if (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
129
130 PKIX_NULLCHECK_TWO(object, pCheckerStateString)do { if (((object) == ((void*)0)) || ((pCheckerStateString) ==
((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1
); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
131
132 PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTPOLICYCHECKERSTATE; goto cleanup; } } while (
0)
133 (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTPOLICYCHECKERSTATE; goto cleanup; } } while (
0)
134 PKIX_OBJECTNOTPOLICYCHECKERSTATE)do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTPOLICYCHECKERSTATE; goto cleanup; } } while (
0);
135
136 state = (PKIX_PolicyCheckerState *)object;
137 PKIX_NULLCHECK_THREEdo { if (((state->certPoliciesExtension) == ((void*)0)) ||
((state->policyMappingsExtension) == ((void*)0)) || ((state
->policyConstraintsExtension) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0)
138 (state->certPoliciesExtension,do { if (((state->certPoliciesExtension) == ((void*)0)) ||
((state->policyMappingsExtension) == ((void*)0)) || ((state
->policyConstraintsExtension) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0)
139 state->policyMappingsExtension,do { if (((state->certPoliciesExtension) == ((void*)0)) ||
((state->policyMappingsExtension) == ((void*)0)) || ((state
->policyConstraintsExtension) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0)
140 state->policyConstraintsExtension)do { if (((state->certPoliciesExtension) == ((void*)0)) ||
((state->policyMappingsExtension) == ((void*)0)) || ((state
->policyConstraintsExtension) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
141 PKIX_NULLCHECK_THREEdo { if (((state->inhibitAnyPolicyExtension) == ((void*)0)
) || ((state->anyPolicyOID) == ((void*)0)) || ((state->
userInitialPolicySet) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0)
142 (state->inhibitAnyPolicyExtension,do { if (((state->inhibitAnyPolicyExtension) == ((void*)0)
) || ((state->anyPolicyOID) == ((void*)0)) || ((state->
userInitialPolicySet) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0)
143 state->anyPolicyOID,do { if (((state->inhibitAnyPolicyExtension) == ((void*)0)
) || ((state->anyPolicyOID) == ((void*)0)) || ((state->
userInitialPolicySet) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0)
144 state->userInitialPolicySet)do { if (((state->inhibitAnyPolicyExtension) == ((void*)0)
) || ((state->anyPolicyOID) == ((void*)0)) || ((state->
userInitialPolicySet) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
145
146 PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
147 (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
148 PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0);
149 /*
150 * Create TRUE, FALSE, and "NULL" PKIX_PL_Strings. But creating a
151 * PKIX_PL_String is complicated enough, it's worth checking, for
152 * each, to make sure the string is needed.
153 */
154 initialPolicyMappingInhibit = state->initialPolicyMappingInhibit;
155 initialExplicitPolicy = state->initialExplicitPolicy;
156 initialAnyPolicyInhibit = state->initialAnyPolicyInhibit;
157 initialIsAnyPolicy = state->initialIsAnyPolicy;
158 policyQualifiersRejected = state->policyQualifiersRejected;
159 certPoliciesCritical = state->certPoliciesCritical;
160
161 if (initialPolicyMappingInhibit || initialExplicitPolicy ||
162 initialAnyPolicyInhibit || initialIsAnyPolicy ||
163 policyQualifiersRejected || certPoliciesCritical) {
164 PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "TRUE"
, 0, &trueString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
165 (PKIX_ESCASCII, "TRUE", 0, &trueString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "TRUE"
, 0, &trueString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
166 PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "TRUE"
, 0, &trueString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0);
167 }
168 if (!initialPolicyMappingInhibit || !initialExplicitPolicy ||
169 !initialAnyPolicyInhibit || !initialIsAnyPolicy ||
170 !policyQualifiersRejected || !certPoliciesCritical) {
171 PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "FALSE"
, 0, &falseString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
172 (PKIX_ESCASCII, "FALSE", 0, &falseString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "FALSE"
, 0, &falseString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
173 PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "FALSE"
, 0, &falseString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0);
174 }
175 if (!(state->anyPolicyNodeAtBottom) || !(state->newAnyPolicyNode)) {
176 PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "(null)"
, 0, &nullString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
177 (PKIX_ESCASCII, "(null)", 0, &nullString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "(null)"
, 0, &nullString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
178 PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, "(null)"
, 0, &nullString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0);
179 }
180
181 PKIX_TOSTRINGdo { int descNum; if ((state->certPoliciesExtension) != ((
void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->certPoliciesExtension), (&policiesExtOIDString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&policiesExtOIDString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
182 (state->certPoliciesExtension, &policiesExtOIDString, plContext,do { int descNum; if ((state->certPoliciesExtension) != ((
void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->certPoliciesExtension), (&policiesExtOIDString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&policiesExtOIDString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
183 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->certPoliciesExtension) != ((
void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->certPoliciesExtension), (&policiesExtOIDString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&policiesExtOIDString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0);
184
185 PKIX_TOSTRINGdo { int descNum; if ((state->policyMappingsExtension) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyMappingsExtension), (&
policyMapOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyMapOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
186 (state->policyMappingsExtension,do { int descNum; if ((state->policyMappingsExtension) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyMappingsExtension), (&
policyMapOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyMapOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
187 &policyMapOIDString,do { int descNum; if ((state->policyMappingsExtension) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyMappingsExtension), (&
policyMapOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyMapOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
188 plContext,do { int descNum; if ((state->policyMappingsExtension) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyMappingsExtension), (&
policyMapOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyMapOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
189 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->policyMappingsExtension) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyMappingsExtension), (&
policyMapOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyMapOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0);
190
191 PKIX_TOSTRINGdo { int descNum; if ((state->policyConstraintsExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyConstraintsExtension), (&
policyConstrOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyConstrOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
192 (state->policyConstraintsExtension,do { int descNum; if ((state->policyConstraintsExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyConstraintsExtension), (&
policyConstrOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyConstrOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
193 &policyConstrOIDString,do { int descNum; if ((state->policyConstraintsExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyConstraintsExtension), (&
policyConstrOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyConstrOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
194 plContext,do { int descNum; if ((state->policyConstraintsExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyConstraintsExtension), (&
policyConstrOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyConstrOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
195 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->policyConstraintsExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->policyConstraintsExtension), (&
policyConstrOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&policyConstrOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0);
196
197 PKIX_TOSTRINGdo { int descNum; if ((state->inhibitAnyPolicyExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->inhibitAnyPolicyExtension), (&
inhAnyPolOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&inhAnyPolOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
198 (state->inhibitAnyPolicyExtension,do { int descNum; if ((state->inhibitAnyPolicyExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->inhibitAnyPolicyExtension), (&
inhAnyPolOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&inhAnyPolOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
199 &inhAnyPolOIDString,do { int descNum; if ((state->inhibitAnyPolicyExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->inhibitAnyPolicyExtension), (&
inhAnyPolOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&inhAnyPolOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
200 plContext,do { int descNum; if ((state->inhibitAnyPolicyExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->inhibitAnyPolicyExtension), (&
inhAnyPolOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&inhAnyPolOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
201 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->inhibitAnyPolicyExtension) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->inhibitAnyPolicyExtension), (&
inhAnyPolOIDString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&inhAnyPolOIDString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0);
202
203 PKIX_TOSTRING(state->anyPolicyOID, &anyPolicyOIDString, plContext,do { int descNum; if ((state->anyPolicyOID) != ((void*)0))
{ stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->anyPolicyOID), (&anyPolicyOIDString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&anyPolicyOIDString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
204 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->anyPolicyOID) != ((void*)0))
{ stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->anyPolicyOID), (&anyPolicyOIDString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&anyPolicyOIDString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
205
206 PKIX_TOSTRING(state->validPolicyTree, &validPolicyTreeString, plContext,do { int descNum; if ((state->validPolicyTree) != ((void*)
0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->validPolicyTree), (&validPolicyTreeString),
(plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else {
stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&validPolicyTreeString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
207 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->validPolicyTree) != ((void*)
0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->validPolicyTree), (&validPolicyTreeString),
(plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else {
stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&validPolicyTreeString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0);
208
209 PKIX_TOSTRINGdo { int descNum; if ((state->userInitialPolicySet) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->userInitialPolicySet), (&userInitialPolicySetString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&userInitialPolicySetString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
210 (state->userInitialPolicySet,do { int descNum; if ((state->userInitialPolicySet) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->userInitialPolicySet), (&userInitialPolicySetString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&userInitialPolicySetString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
211 &userInitialPolicySetString,do { int descNum; if ((state->userInitialPolicySet) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->userInitialPolicySet), (&userInitialPolicySetString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&userInitialPolicySetString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
212 plContext,do { int descNum; if ((state->userInitialPolicySet) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->userInitialPolicySet), (&userInitialPolicySetString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&userInitialPolicySetString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0)
213 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->userInitialPolicySet) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->userInitialPolicySet), (&userInitialPolicySetString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&userInitialPolicySetString), (plContext)); descNum
= PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult =
(stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
(0);
214
215 PKIX_TOSTRINGdo { int descNum; if ((state->mappedUserInitialPolicySet) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->mappedUserInitialPolicySet), (&
mappedUserPolicySetString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&mappedUserPolicySetString), (plContext)
); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
= (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
216 (state->mappedUserInitialPolicySet,do { int descNum; if ((state->mappedUserInitialPolicySet) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->mappedUserInitialPolicySet), (&
mappedUserPolicySetString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&mappedUserPolicySetString), (plContext)
); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
= (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
217 &mappedUserPolicySetString,do { int descNum; if ((state->mappedUserInitialPolicySet) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->mappedUserInitialPolicySet), (&
mappedUserPolicySetString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&mappedUserPolicySetString), (plContext)
); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
= (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
218 plContext,do { int descNum; if ((state->mappedUserInitialPolicySet) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->mappedUserInitialPolicySet), (&
mappedUserPolicySetString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&mappedUserPolicySetString), (plContext)
); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
= (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
219 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->mappedUserInitialPolicySet) !=
((void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)(state->mappedUserInitialPolicySet), (&
mappedUserPolicySetString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&mappedUserPolicySetString), (plContext)
); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
= (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
220
221 if (state->anyPolicyNodeAtBottom) {
222 PKIX_CHECK(pkix_SinglePolicyNode_ToStringdo { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->anyPolicyNodeAtBottom, &anyAtBottomString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0)
223 (state->anyPolicyNodeAtBottom,do { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->anyPolicyNodeAtBottom, &anyAtBottomString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0)
224 &anyAtBottomString,do { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->anyPolicyNodeAtBottom, &anyAtBottomString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0)
225 plContext),do { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->anyPolicyNodeAtBottom, &anyAtBottomString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0)
226 PKIX_SINGLEPOLICYNODETOSTRINGFAILED)do { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->anyPolicyNodeAtBottom, &anyAtBottomString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0);
227 } else {
228 PKIX_INCREF(nullString)do { if (nullString){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(nullString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
(0);
229 anyAtBottomString = nullString;
230 }
231
232 if (state->newAnyPolicyNode) {
233 PKIX_CHECK(pkix_SinglePolicyNode_ToStringdo { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->newAnyPolicyNode, &newAnyPolicyString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0)
234 (state->newAnyPolicyNode,do { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->newAnyPolicyNode, &newAnyPolicyString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0)
235 &newAnyPolicyString,do { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->newAnyPolicyNode, &newAnyPolicyString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0)
236 plContext),do { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->newAnyPolicyNode, &newAnyPolicyString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0)
237 PKIX_SINGLEPOLICYNODETOSTRINGFAILED)do { stdVars.aPkixErrorResult = (pkix_SinglePolicyNode_ToString
(state->newAnyPolicyNode, &newAnyPolicyString, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SINGLEPOLICYNODETOSTRINGFAILED; goto cleanup; } } while
(0);
238 } else {
239 PKIX_INCREF(nullString)do { if (nullString){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(nullString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
(0);
240 newAnyPolicyString = nullString;
241 }
242
243 PKIX_TOSTRINGdo { int descNum; if ((state->mappedPolicyOIDs) != ((void*
)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->mappedPolicyOIDs), (&mappedPolicyOIDsString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&mappedPolicyOIDsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
244 (state->mappedPolicyOIDs,do { int descNum; if ((state->mappedPolicyOIDs) != ((void*
)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->mappedPolicyOIDs), (&mappedPolicyOIDsString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&mappedPolicyOIDsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
245 &mappedPolicyOIDsString,do { int descNum; if ((state->mappedPolicyOIDs) != ((void*
)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->mappedPolicyOIDs), (&mappedPolicyOIDsString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&mappedPolicyOIDsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
246 plContext,do { int descNum; if ((state->mappedPolicyOIDs) != ((void*
)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->mappedPolicyOIDs), (&mappedPolicyOIDsString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&mappedPolicyOIDsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
247 PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->mappedPolicyOIDs) != ((void*
)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
*)(state->mappedPolicyOIDs), (&mappedPolicyOIDsString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
{ stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&mappedPolicyOIDsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0);
248
249 PKIX_CHECK(PKIX_PL_Sprintfdo { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
250 (&resultString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
251 plContext,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
252 formatString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
253 policiesExtOIDString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
254 policyMapOIDString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
255 policyConstrOIDString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
256 inhAnyPolOIDString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
257 anyPolicyOIDString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
258 initialIsAnyPolicy?trueString:falseString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
259 validPolicyTreeString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
260 userInitialPolicySetString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
261 mappedUserPolicySetString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
262 policyQualifiersRejected?trueString:falseString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
263 initialPolicyMappingInhibit?trueString:falseString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
264 initialExplicitPolicy?trueString:falseString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
265 initialAnyPolicyInhibit?trueString:falseString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
266 state->explicitPolicy,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
267 state->inhibitAnyPolicy,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
268 state->policyMapping,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
269 state->numCerts,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
270 state->certsProcessed,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
271 anyAtBottomString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
272 newAnyPolicyString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
273 certPoliciesCritical?trueString:falseString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
274 mappedPolicyOIDsString),do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
275 PKIX_SPRINTFFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, policiesExtOIDString, policyMapOIDString
, policyConstrOIDString, inhAnyPolOIDString, anyPolicyOIDString
, initialIsAnyPolicy?trueString:falseString, validPolicyTreeString
, userInitialPolicySetString, mappedUserPolicySetString, policyQualifiersRejected
?trueString:falseString, initialPolicyMappingInhibit?trueString
:falseString, initialExplicitPolicy?trueString:falseString, initialAnyPolicyInhibit
?trueString:falseString, state->explicitPolicy, state->
inhibitAnyPolicy, state->policyMapping, state->numCerts
, state->certsProcessed, anyAtBottomString, newAnyPolicyString
, certPoliciesCritical?trueString:falseString, mappedPolicyOIDsString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0);
276
277 *pCheckerStateString = resultString;
278
279cleanup:
280 PKIX_DECREF(policiesExtOIDString)do { if (policiesExtOIDString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policiesExtOIDString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policiesExtOIDString
= ((void*)0); } } while (0);
281 PKIX_DECREF(policyMapOIDString)do { if (policyMapOIDString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyMapOIDString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policyMapOIDString
= ((void*)0); } } while (0);
282 PKIX_DECREF(policyConstrOIDString)do { if (policyConstrOIDString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyConstrOIDString), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } policyConstrOIDString = ((void*)0); } } while (0);
283 PKIX_DECREF(inhAnyPolOIDString)do { if (inhAnyPolOIDString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(inhAnyPolOIDString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } inhAnyPolOIDString
= ((void*)0); } } while (0);
284 PKIX_DECREF(anyPolicyOIDString)do { if (anyPolicyOIDString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anyPolicyOIDString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } anyPolicyOIDString
= ((void*)0); } } while (0);
285 PKIX_DECREF(validPolicyTreeString)do { if (validPolicyTreeString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(validPolicyTreeString), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } validPolicyTreeString = ((void*)0); } } while (0);
286 PKIX_DECREF(userInitialPolicySetString)do { if (userInitialPolicySetString){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userInitialPolicySetString
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } userInitialPolicySetString = ((void*)0); } }
while (0);
287 PKIX_DECREF(mappedUserPolicySetString)do { if (mappedUserPolicySetString){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(mappedUserPolicySetString
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } mappedUserPolicySetString = ((void*)0); } } while
(0);
288 PKIX_DECREF(anyAtBottomString)do { if (anyAtBottomString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anyAtBottomString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } anyAtBottomString
= ((void*)0); } } while (0);
289 PKIX_DECREF(newAnyPolicyString)do { if (newAnyPolicyString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(newAnyPolicyString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } newAnyPolicyString
= ((void*)0); } } while (0);
290 PKIX_DECREF(mappedPolicyOIDsString)do { if (mappedPolicyOIDsString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(mappedPolicyOIDsString), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } mappedPolicyOIDsString = ((void*)0); } } while (0);
291 PKIX_DECREF(formatString)do { if (formatString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(formatString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } formatString = ((void
*)0); } } while (0);
292 PKIX_DECREF(trueString)do { if (trueString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(trueString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trueString = ((void
*)0); } } while (0);
293 PKIX_DECREF(falseString)do { if (falseString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(falseString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } falseString = ((void
*)0); } } while (0);
294 PKIX_DECREF(nullString)do { if (nullString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nullString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } nullString = ((void
*)0); } } while (0);
295
296 PKIX_RETURN(CERTPOLICYCHECKERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_CERTPOLICYCHECKERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
297}
298
299/*
300 * FUNCTION: pkix_PolicyCheckerState_RegisterSelf
301 * DESCRIPTION:
302 *
303 * Registers PKIX_POLICYCHECKERSTATE_TYPE and its related functions
304 * with systemClasses[]
305 *
306 * PARAMETERS:
307 * "plContext"
308 * Platform-specific context pointer.
309 * THREAD SAFETY:
310 * Not Thread Safe - for performance and complexity reasons
311 *
312 * Since this function is only called by PKIX_PL_Initialize, which should
313 * only be called once, it is acceptable that this function is not
314 * thread-safe.
315 */
316PKIX_Error *
317pkix_PolicyCheckerState_RegisterSelf(void *plContext)
318{
319 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
320 pkix_ClassTable_Entry entry;
321
322 PKIX_ENTERstatic const char cMyFuncName[] = {"pkix_PolicyCheckerState_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTPOLICYCHECKERSTATE_ERROR; ; do
{ if (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
323 (CERTPOLICYCHECKERSTATE,static const char cMyFuncName[] = {"pkix_PolicyCheckerState_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTPOLICYCHECKERSTATE_ERROR; ; do
{ if (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
324 "pkix_PolicyCheckerState_RegisterSelf")static const char cMyFuncName[] = {"pkix_PolicyCheckerState_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTPOLICYCHECKERSTATE_ERROR; ; do
{ if (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
325
326 entry.description = "PolicyCheckerState";
327 entry.objCounter = 0;
328 entry.typeObjectSize = sizeof(PKIX_PolicyCheckerState);
329 entry.destructor = pkix_PolicyCheckerState_Destroy;
330 entry.equalsFunction = NULL((void*)0);
331 entry.hashcodeFunction = NULL((void*)0);
332 entry.toStringFunction = pkix_PolicyCheckerState_ToString;
333 entry.comparator = NULL((void*)0);
334 entry.duplicateFunction = NULL((void*)0);
335
336 systemClasses[PKIX_CERTPOLICYCHECKERSTATE_TYPE] = entry;
337
338 PKIX_RETURN(CERTPOLICYCHECKERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_CERTPOLICYCHECKERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
339}
340
341/*
342 * FUNCTION:pkix_PolicyCheckerState_Create
343 * DESCRIPTION:
344 *
345 * Creates a PolicyCheckerState Object, using the List pointed to
346 * by "initialPolicies" for the user-initial-policy-set, the Boolean value
347 * of "policyQualifiersRejected" for the policyQualifiersRejected parameter,
348 * the Boolean value of "initialPolicyMappingInhibit" for the
349 * inhibitPolicyMappings parameter, the Boolean value of
350 * "initialExplicitPolicy" for the initialExplicitPolicy parameter, the
351 * Boolean value of "initialAnyPolicyInhibit" for the inhibitAnyPolicy
352 * parameter, and the UInt32 value of "numCerts" as the number of
353 * certificates in the chain; and stores the Object at "pCheckerState".
354 *
355 * PARAMETERS:
356 * "initialPolicies"
357 * Address of List of OIDs comprising the user-initial-policy-set; the List
358 * may be empty, but must be non-NULL
359 * "policyQualifiersRejected"
360 * Boolean value of the policyQualifiersRejected parameter
361 * "initialPolicyMappingInhibit"
362 * Boolean value of the inhibitPolicyMappings parameter
363 * "initialExplicitPolicy"
364 * Boolean value of the initialExplicitPolicy parameter
365 * "initialAnyPolicyInhibit"
366 * Boolean value of the inhibitAnyPolicy parameter
367 * "numCerts"
368 * Number of certificates in the chain to be validated
369 * "pCheckerState"
370 * Address where PolicyCheckerState will be stored. Must be non-NULL.
371 * "plContext"
372 * Platform-specific context pointer.
373 * THREAD SAFETY:
374 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
375 * RETURNS:
376 * Returns NULL if the function succeeds
377 * Returns a CertPolicyCheckerState Error if the functions fails in a
378 * non-fatal way
379 * Returns a Fatal Error if the function fails in an unrecoverable way
380 */
381static PKIX_Error *
382pkix_PolicyCheckerState_Create(
383 PKIX_List *initialPolicies,
384 PKIX_Boolean policyQualifiersRejected,
385 PKIX_Boolean initialPolicyMappingInhibit,
386 PKIX_Boolean initialExplicitPolicy,
387 PKIX_Boolean initialAnyPolicyInhibit,
388 PKIX_UInt32 numCerts,
389 PKIX_PolicyCheckerState **pCheckerState,
390 void *plContext)
391{
392 PKIX_PolicyCheckerState *checkerState = NULL((void*)0);
393 PKIX_PolicyNode *policyNode = NULL((void*)0);
394 PKIX_List *anyPolicyList = NULL((void*)0);
395 PKIX_Boolean initialPoliciesIsEmpty = PKIX_FALSE((PKIX_Boolean) 0);
396
397 PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_Create")static const char cMyFuncName[] = {"pkix_PolicyCheckerState_Create"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTPOLICYCHECKERSTATE_ERROR; ; do
{ if (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
9
Taking false branch
398 PKIX_NULLCHECK_TWO(initialPolicies, pCheckerState)do { if (((initialPolicies) == ((void*)0)) || ((pCheckerState
) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
10
Loop condition is false. Exiting loop
11
Assuming 'initialPolicies' is equal to null
12
Returning without writing to '*pCheckerState'
13
Returning pointer, which participates in a condition later
399
400 PKIX_CHECK(PKIX_PL_Object_Allocdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTPOLICYCHECKERSTATE_TYPE
, sizeof (PKIX_PolicyCheckerState), (PKIX_PL_Object **)&checkerState
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT; goto cleanup;
} } while (0)
401 (PKIX_CERTPOLICYCHECKERSTATE_TYPE,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTPOLICYCHECKERSTATE_TYPE
, sizeof (PKIX_PolicyCheckerState), (PKIX_PL_Object **)&checkerState
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT; goto cleanup;
} } while (0)
402 sizeof (PKIX_PolicyCheckerState),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTPOLICYCHECKERSTATE_TYPE
, sizeof (PKIX_PolicyCheckerState), (PKIX_PL_Object **)&checkerState
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT; goto cleanup;
} } while (0)
403 (PKIX_PL_Object **)&checkerState,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTPOLICYCHECKERSTATE_TYPE
, sizeof (PKIX_PolicyCheckerState), (PKIX_PL_Object **)&checkerState
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT; goto cleanup;
} } while (0)
404 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTPOLICYCHECKERSTATE_TYPE
, sizeof (PKIX_PolicyCheckerState), (PKIX_PL_Object **)&checkerState
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT; goto cleanup;
} } while (0)
405 PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTPOLICYCHECKERSTATE_TYPE
, sizeof (PKIX_PolicyCheckerState), (PKIX_PL_Object **)&checkerState
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT; goto cleanup;
} } while (0);
406
407 /* Create constant PKIX_PL_OIDs: */
408
409 PKIX_CHECK(PKIX_PL_OID_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_CERTIFICATE_POLICIES
, &(checkerState->certPoliciesExtension), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
410 (PKIX_CERTIFICATEPOLICIES_OID,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_CERTIFICATE_POLICIES
, &(checkerState->certPoliciesExtension), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
411 &(checkerState->certPoliciesExtension),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_CERTIFICATE_POLICIES
, &(checkerState->certPoliciesExtension), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
412 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_CERTIFICATE_POLICIES
, &(checkerState->certPoliciesExtension), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
413 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_CERTIFICATE_POLICIES
, &(checkerState->certPoliciesExtension), plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0);
414
415 PKIX_CHECK(PKIX_PL_OID_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_MAPPINGS
, &(checkerState->policyMappingsExtension), plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
416 (PKIX_POLICYMAPPINGS_OID,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_MAPPINGS
, &(checkerState->policyMappingsExtension), plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
417 &(checkerState->policyMappingsExtension),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_MAPPINGS
, &(checkerState->policyMappingsExtension), plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
418 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_MAPPINGS
, &(checkerState->policyMappingsExtension), plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0)
419 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_MAPPINGS
, &(checkerState->policyMappingsExtension), plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED
; goto cleanup; } } while (0);
420
421 PKIX_CHECK(PKIX_PL_OID_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_CONSTRAINTS
, &(checkerState->policyConstraintsExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
422 (PKIX_POLICYCONSTRAINTS_OID,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_CONSTRAINTS
, &(checkerState->policyConstraintsExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
423 &(checkerState->policyConstraintsExtension),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_CONSTRAINTS
, &(checkerState->policyConstraintsExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
424 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_CONSTRAINTS
, &(checkerState->policyConstraintsExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
425 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_POLICY_CONSTRAINTS
, &(checkerState->policyConstraintsExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0);
426
427 PKIX_CHECK(PKIX_PL_OID_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_INHIBIT_ANY_POLICY
, &(checkerState->inhibitAnyPolicyExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
428 (PKIX_INHIBITANYPOLICY_OID,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_INHIBIT_ANY_POLICY
, &(checkerState->inhibitAnyPolicyExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
429 &(checkerState->inhibitAnyPolicyExtension),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_INHIBIT_ANY_POLICY
, &(checkerState->inhibitAnyPolicyExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
430 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_INHIBIT_ANY_POLICY
, &(checkerState->inhibitAnyPolicyExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0)
431 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_INHIBIT_ANY_POLICY
, &(checkerState->inhibitAnyPolicyExtension), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OIDCREATEFAILED; goto cleanup; } } while (0);
432
433 PKIX_CHECK(PKIX_PL_OID_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_ANY_POLICY
, &(checkerState->anyPolicyOID), plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED;
goto cleanup; } } while (0)
434 (PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID,do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_ANY_POLICY
, &(checkerState->anyPolicyOID), plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED;
goto cleanup; } } while (0)
435 &(checkerState->anyPolicyOID),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_ANY_POLICY
, &(checkerState->anyPolicyOID), plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED;
goto cleanup; } } while (0)
436 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_ANY_POLICY
, &(checkerState->anyPolicyOID), plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED;
goto cleanup; } } while (0)
437 PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (SEC_OID_X509_ANY_POLICY
, &(checkerState->anyPolicyOID), plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_OIDCREATEFAILED;
goto cleanup; } } while (0);
438
439 /* Create an initial policy set from argument supplied */
440 PKIX_INCREF(initialPolicies)do { if (initialPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(initialPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
441 checkerState->userInitialPolicySet = initialPolicies;
442 PKIX_INCREF(initialPolicies)do { if (initialPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(initialPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
443 checkerState->mappedUserInitialPolicySet = initialPolicies;
444
445 PKIX_CHECK(PKIX_List_IsEmptydo { stdVars.aPkixErrorResult = (PKIX_List_IsEmpty (initialPolicies
, &initialPoliciesIsEmpty, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTISEMPTYFAILED; goto cleanup
; } } while (0)
446 (initialPolicies,do { stdVars.aPkixErrorResult = (PKIX_List_IsEmpty (initialPolicies
, &initialPoliciesIsEmpty, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTISEMPTYFAILED; goto cleanup
; } } while (0)
447 &initialPoliciesIsEmpty,do { stdVars.aPkixErrorResult = (PKIX_List_IsEmpty (initialPolicies
, &initialPoliciesIsEmpty, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTISEMPTYFAILED; goto cleanup
; } } while (0)
448 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_IsEmpty (initialPolicies
, &initialPoliciesIsEmpty, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTISEMPTYFAILED; goto cleanup
; } } while (0)
449 PKIX_LISTISEMPTYFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_IsEmpty (initialPolicies
, &initialPoliciesIsEmpty, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTISEMPTYFAILED; goto cleanup
; } } while (0);
450 if (initialPoliciesIsEmpty) {
451 checkerState->initialIsAnyPolicy = PKIX_TRUE((PKIX_Boolean) 1);
452 } else {
453 PKIX_CHECK(pkix_List_Containsdo { stdVars.aPkixErrorResult = (pkix_List_Contains (initialPolicies
, (PKIX_PL_Object *)(checkerState->anyPolicyOID), &(checkerState
->initialIsAnyPolicy), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup
; } } while (0)
454 (initialPolicies,do { stdVars.aPkixErrorResult = (pkix_List_Contains (initialPolicies
, (PKIX_PL_Object *)(checkerState->anyPolicyOID), &(checkerState
->initialIsAnyPolicy), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup
; } } while (0)
455 (PKIX_PL_Object *)(checkerState->anyPolicyOID),do { stdVars.aPkixErrorResult = (pkix_List_Contains (initialPolicies
, (PKIX_PL_Object *)(checkerState->anyPolicyOID), &(checkerState
->initialIsAnyPolicy), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup
; } } while (0)
456 &(checkerState->initialIsAnyPolicy),do { stdVars.aPkixErrorResult = (pkix_List_Contains (initialPolicies
, (PKIX_PL_Object *)(checkerState->anyPolicyOID), &(checkerState
->initialIsAnyPolicy), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup
; } } while (0)
457 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Contains (initialPolicies
, (PKIX_PL_Object *)(checkerState->anyPolicyOID), &(checkerState
->initialIsAnyPolicy), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup
; } } while (0)
458 PKIX_LISTCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Contains (initialPolicies
, (PKIX_PL_Object *)(checkerState->anyPolicyOID), &(checkerState
->initialIsAnyPolicy), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup
; } } while (0);
459 }
460
461 checkerState->policyQualifiersRejected =
462 policyQualifiersRejected;
463 checkerState->initialExplicitPolicy = initialExplicitPolicy;
464 checkerState->explicitPolicy =
465 (initialExplicitPolicy? 0: numCerts + 1);
466 checkerState->initialAnyPolicyInhibit = initialAnyPolicyInhibit;
467 checkerState->inhibitAnyPolicy =
468 (initialAnyPolicyInhibit? 0: numCerts + 1);
469 checkerState->initialPolicyMappingInhibit = initialPolicyMappingInhibit;
470 checkerState->policyMapping =
471 (initialPolicyMappingInhibit? 0: numCerts + 1);
472 ;
473 checkerState->numCerts = numCerts;
474 checkerState->certsProcessed = 0;
475 checkerState->certPoliciesCritical = PKIX_FALSE((PKIX_Boolean) 0);
476
477 /* Create a valid_policy_tree as in RFC3280 6.1.2(a) */
478 PKIX_CHECK(pkix_PolicyChecker_MakeSingletondo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(checkerState->anyPolicyOID), ((PKIX_Boolean
) 1), &anyPolicyList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
479 ((PKIX_PL_Object *)(checkerState->anyPolicyOID),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(checkerState->anyPolicyOID), ((PKIX_Boolean
) 1), &anyPolicyList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
480 PKIX_TRUE,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(checkerState->anyPolicyOID), ((PKIX_Boolean
) 1), &anyPolicyList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
481 &anyPolicyList,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(checkerState->anyPolicyOID), ((PKIX_Boolean
) 1), &anyPolicyList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
482 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(checkerState->anyPolicyOID), ((PKIX_Boolean
) 1), &anyPolicyList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
483 PKIX_POLICYCHECKERMAKESINGLETONFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(checkerState->anyPolicyOID), ((PKIX_Boolean
) 1), &anyPolicyList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0);
484
485 PKIX_CHECK(pkix_PolicyNode_Createdo { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (checkerState
->anyPolicyOID, ((void*)0), ((PKIX_Boolean) 0), anyPolicyList
, &policyNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup
; } } while (0)
486 (checkerState->anyPolicyOID, /* validPolicy */do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (checkerState
->anyPolicyOID, ((void*)0), ((PKIX_Boolean) 0), anyPolicyList
, &policyNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup
; } } while (0)
487 NULL, /* qualifier set */do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (checkerState
->anyPolicyOID, ((void*)0), ((PKIX_Boolean) 0), anyPolicyList
, &policyNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup
; } } while (0)
488 PKIX_FALSE, /* criticality */do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (checkerState
->anyPolicyOID, ((void*)0), ((PKIX_Boolean) 0), anyPolicyList
, &policyNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup
; } } while (0)
489 anyPolicyList, /* expectedPolicySet */do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (checkerState
->anyPolicyOID, ((void*)0), ((PKIX_Boolean) 0), anyPolicyList
, &policyNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup
; } } while (0)
490 &policyNode,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (checkerState
->anyPolicyOID, ((void*)0), ((PKIX_Boolean) 0), anyPolicyList
, &policyNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup
; } } while (0)
491 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (checkerState
->anyPolicyOID, ((void*)0), ((PKIX_Boolean) 0), anyPolicyList
, &policyNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup
; } } while (0)
492 PKIX_POLICYNODECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (checkerState
->anyPolicyOID, ((void*)0), ((PKIX_Boolean) 0), anyPolicyList
, &policyNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup
; } } while (0);
493 checkerState->validPolicyTree = policyNode;
494
495 /*
496 * Since the initial validPolicyTree specifies
497 * ANY_POLICY, begin with a pointer to the root node.
498 */
499 PKIX_INCREF(policyNode)do { if (policyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(policyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
(0);
500 checkerState->anyPolicyNodeAtBottom = policyNode;
501
502 checkerState->newAnyPolicyNode = NULL((void*)0);
503
504 checkerState->mappedPolicyOIDs = NULL((void*)0);
505
506 *pCheckerState = checkerState;
507 checkerState = NULL((void*)0);
508
509cleanup:
510
511 PKIX_DECREF(checkerState)do { if (checkerState){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checkerState), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkerState = ((void
*)0); } } while (0);
512
513 PKIX_DECREF(anyPolicyList)do { if (anyPolicyList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anyPolicyList), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } anyPolicyList
= ((void*)0); } } while (0);
514
515 PKIX_RETURN(CERTPOLICYCHECKERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_CERTPOLICYCHECKERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
516}
517
518/* --Private-PolicyChecker-Functions--------------------------------------- */
519
520/*
521 * FUNCTION: pkix_PolicyChecker_MapContains
522 * DESCRIPTION:
523 *
524 * Checks the List of CertPolicyMaps pointed to by "certPolicyMaps", to
525 * determine whether the OID pointed to by "policy" is among the
526 * issuerDomainPolicies or subjectDomainPolicies of "certPolicyMaps", and
527 * stores the result in "pFound".
528 *
529 * This function is intended to allow an efficient check that the proscription
530 * against anyPolicy being mapped, described in RFC3280 Section 6.1.4(a), is
531 * not violated.
532 *
533 * PARAMETERS:
534 * "certPolicyMaps"
535 * Address of List of CertPolicyMaps to be searched. May be empty, but
536 * must be non-NULL
537 * "policy"
538 * Address of OID to be checked for. Must be non-NULL
539 * "pFound"
540 * Address where the result of the search will be stored. Must be non-NULL.
541 * "plContext"
542 * platform-specific context pointer
543 * THREAD SAFETY:
544 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
545 * RETURNS:
546 * Returns NULL if the function succeeds
547 * Returns a CertChainChecker Error if the function fails in a non-fatal way.
548 * Returns a Fatal Error if the function fails in an unrecoverable way
549 */
550PKIX_Error *
551pkix_PolicyChecker_MapContains(
552 PKIX_List *certPolicyMaps,
553 PKIX_PL_OID *policy,
554 PKIX_Boolean *pFound,
555 void *plContext)
556{
557 PKIX_PL_CertPolicyMap *map = NULL((void*)0);
558 PKIX_UInt32 numEntries = 0;
559 PKIX_UInt32 index = 0;
560 PKIX_Boolean match = PKIX_FALSE((PKIX_Boolean) 0);
561 PKIX_PL_OID *issuerDomainPolicy = NULL((void*)0);
562 PKIX_PL_OID *subjectDomainPolicy = NULL((void*)0);
563
564 PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MapContains")static const char cMyFuncName[] = {"pkix_PolicyChecker_MapContains"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
565 PKIX_NULLCHECK_THREE(certPolicyMaps, policy, pFound)do { if (((certPolicyMaps) == ((void*)0)) || ((policy) == ((void
*)0)) || ((pFound) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
566
567 PKIX_CHECK(PKIX_List_GetLength(certPolicyMaps, &numEntries, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
568 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
569
570 for (index = 0; (!match) && (index < numEntries); index++) {
571 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
572 (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
573 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
574
575 PKIX_NULLCHECK_ONE(map)do { if ((map) == ((void*)0)){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
576
577 PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
578 (map, &issuerDomainPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
579 PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0);
580
581 PKIX_EQUALSdo { if ((policy) != ((void*)0) && (issuerDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(issuerDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(issuerDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0)
582 (policy, issuerDomainPolicy, &match, plContext,do { if ((policy) != ((void*)0) && (issuerDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(issuerDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(issuerDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0)
583 PKIX_OBJECTEQUALSFAILED)do { if ((policy) != ((void*)0) && (issuerDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(issuerDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(issuerDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0);
584
585 if (!match) {
586 PKIX_CHECK(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
(map, &subjectDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
587 (map, &subjectDomainPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
(map, &subjectDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
588 PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
(map, &subjectDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED
; goto cleanup; } } while (0);
589
590 PKIX_EQUALSdo { if ((policy) != ((void*)0) && (subjectDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(subjectDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(subjectDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0)
591 (policy, subjectDomainPolicy, &match, plContext,do { if ((policy) != ((void*)0) && (subjectDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(subjectDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(subjectDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0)
592 PKIX_OBJECTEQUALSFAILED)do { if ((policy) != ((void*)0) && (subjectDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(subjectDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(subjectDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0);
593 }
594
595 PKIX_DECREF(map)do { if (map){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(map), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } map = ((void*)0); }
} while (0);
596 PKIX_DECREF(issuerDomainPolicy)do { if (issuerDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainPolicy
= ((void*)0); } } while (0);
597 PKIX_DECREF(subjectDomainPolicy)do { if (subjectDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjectDomainPolicy
= ((void*)0); } } while (0);
598 }
599
600 *pFound = match;
601
602cleanup:
603
604 PKIX_DECREF(map)do { if (map){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(map), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } map = ((void*)0); }
} while (0);
605 PKIX_DECREF(issuerDomainPolicy)do { if (issuerDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainPolicy
= ((void*)0); } } while (0);
606 PKIX_DECREF(subjectDomainPolicy)do { if (subjectDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjectDomainPolicy
= ((void*)0); } } while (0);
607 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
608}
609
610/*
611 * FUNCTION: pkix_PolicyChecker_MapGetSubjectDomainPolicies
612 * DESCRIPTION:
613 *
614 * Checks the List of CertPolicyMaps pointed to by "certPolicyMaps", to create
615 * a list of all SubjectDomainPolicies for which the IssuerDomainPolicy is the
616 * policy pointed to by "policy", and stores the result in
617 * "pSubjectDomainPolicies".
618 *
619 * If the List of CertPolicyMaps provided in "certPolicyMaps" is NULL, the
620 * resulting List will be NULL. If there are CertPolicyMaps, but none that
621 * include "policy" as an IssuerDomainPolicy, the returned List pointer will
622 * be NULL. Otherwise, the returned List will contain the SubjectDomainPolicies
623 * of all CertPolicyMaps for which "policy" is the IssuerDomainPolicy. If a
624 * List is returned it will be immutable.
625 *
626 * PARAMETERS:
627 * "certPolicyMaps"
628 * Address of List of CertPolicyMaps to be searched. May be empty or NULL.
629 * "policy"
630 * Address of OID to be checked for. Must be non-NULL
631 * "pSubjectDomainPolicies"
632 * Address where the result of the search will be stored. Must be non-NULL.
633 * "plContext"
634 * platform-specific context pointer
635 * THREAD SAFETY:
636 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
637 * RETURNS:
638 * Returns NULL if the function succeeds
639 * Returns a CertChainChecker Error if the function fails in a non-fatal way.
640 * Returns a Fatal Error if the function fails in an unrecoverable way
641 */
642PKIX_Error *
643pkix_PolicyChecker_MapGetSubjectDomainPolicies(
644 PKIX_List *certPolicyMaps,
645 PKIX_PL_OID *policy,
646 PKIX_List **pSubjectDomainPolicies,
647 void *plContext)
648{
649 PKIX_PL_CertPolicyMap *map = NULL((void*)0);
650 PKIX_List *subjectList = NULL((void*)0);
651 PKIX_UInt32 numEntries = 0;
652 PKIX_UInt32 index = 0;
653 PKIX_Boolean match = PKIX_FALSE((PKIX_Boolean) 0);
654 PKIX_PL_OID *issuerDomainPolicy = NULL((void*)0);
655 PKIX_PL_OID *subjectDomainPolicy = NULL((void*)0);
656
657 PKIX_ENTERstatic const char cMyFuncName[] = {"pkix_PolicyChecker_MapGetSubjectDomainPolicies"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
658 (CERTCHAINCHECKER,static const char cMyFuncName[] = {"pkix_PolicyChecker_MapGetSubjectDomainPolicies"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
659 "pkix_PolicyChecker_MapGetSubjectDomainPolicies")static const char cMyFuncName[] = {"pkix_PolicyChecker_MapGetSubjectDomainPolicies"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
660 PKIX_NULLCHECK_TWO(policy, pSubjectDomainPolicies)do { if (((policy) == ((void*)0)) || ((pSubjectDomainPolicies
) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
661
662 if (certPolicyMaps) {
663 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
664 (certPolicyMaps,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
665 &numEntries,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
666 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
667 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
668 }
669
670 for (index = 0; index < numEntries; index++) {
671 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
672 (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
673 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
674
675 PKIX_NULLCHECK_ONE(map)do { if ((map) == ((void*)0)){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
676
677 PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
678 (map, &issuerDomainPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
679 PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0);
680
681 PKIX_EQUALSdo { if ((policy) != ((void*)0) && (issuerDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(issuerDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(issuerDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0)
682 (policy, issuerDomainPolicy, &match, plContext,do { if ((policy) != ((void*)0) && (issuerDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(issuerDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(issuerDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0)
683 PKIX_OBJECTEQUALSFAILED)do { if ((policy) != ((void*)0) && (issuerDomainPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policy), (PKIX_PL_Object*)(issuerDomainPolicy
), (&match), (plContext))); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policy) == ((void*)0) &&
(issuerDomainPolicy) == ((void*)0)) { *(&match) = ((PKIX_Boolean
) 1); } else { *(&match) = ((PKIX_Boolean) 0); } } while (
0);
684
685 if (match) {
686 if (!subjectList) {
687 PKIX_CHECK(PKIX_List_Create(&subjectList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&subjectList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
688 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&subjectList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
689 }
690
691 PKIX_CHECK(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
(map, &subjectDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
692 (map, &subjectDomainPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
(map, &subjectDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
693 PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
(map, &subjectDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED
; goto cleanup; } } while (0);
694
695 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (subjectList
, (PKIX_PL_Object *)subjectDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
696 (subjectList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (subjectList
, (PKIX_PL_Object *)subjectDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
697 (PKIX_PL_Object *)subjectDomainPolicy,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (subjectList
, (PKIX_PL_Object *)subjectDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
698 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (subjectList
, (PKIX_PL_Object *)subjectDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
699 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (subjectList
, (PKIX_PL_Object *)subjectDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
700 }
701
702 PKIX_DECREF(map)do { if (map){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(map), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } map = ((void*)0); }
} while (0);
703 PKIX_DECREF(issuerDomainPolicy)do { if (issuerDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainPolicy
= ((void*)0); } } while (0);
704 PKIX_DECREF(subjectDomainPolicy)do { if (subjectDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjectDomainPolicy
= ((void*)0); } } while (0);
705 }
706
707 if (subjectList) {
708 PKIX_CHECK(PKIX_List_SetImmutable(subjectList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(subjectList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
709 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(subjectList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
710 }
711
712 *pSubjectDomainPolicies = subjectList;
713
714cleanup:
715
716 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
717 PKIX_DECREF(subjectList)do { if (subjectList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjectList = ((void
*)0); } } while (0);
718 }
719
720 PKIX_DECREF(map)do { if (map){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(map), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } map = ((void*)0); }
} while (0);
721 PKIX_DECREF(issuerDomainPolicy)do { if (issuerDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainPolicy
= ((void*)0); } } while (0);
722 PKIX_DECREF(subjectDomainPolicy)do { if (subjectDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subjectDomainPolicy
= ((void*)0); } } while (0);
723
724 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
725}
726
727/*
728 * FUNCTION: pkix_PolicyChecker_MapGetMappedPolicies
729 * DESCRIPTION:
730 *
731 * Checks the List of CertPolicyMaps pointed to by "certPolicyMaps" to create a
732 * List of all IssuerDomainPolicies, and stores the result in
733 * "pMappedPolicies".
734 *
735 * The caller may not rely on the IssuerDomainPolicies to be in any particular
736 * order. IssuerDomainPolicies that appear in more than one CertPolicyMap will
737 * only appear once in "pMappedPolicies". If "certPolicyMaps" is empty the
738 * result will be an empty List. The created List is mutable.
739 *
740 * PARAMETERS:
741 * "certPolicyMaps"
742 * Address of List of CertPolicyMaps to be searched. May be empty, but
743 * must be non-NULL.
744 * "pMappedPolicies"
745 * Address where the result will be stored. Must be non-NULL.
746 * "plContext"
747 * platform-specific context pointer
748 * THREAD SAFETY:
749 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
750 * RETURNS:
751 * Returns NULL if the function succeeds
752 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
753 * Returns a Fatal Error if the function fails in an unrecoverable way
754 */
755PKIX_Error *
756pkix_PolicyChecker_MapGetMappedPolicies(
757 PKIX_List *certPolicyMaps,
758 PKIX_List **pMappedPolicies,
759 void *plContext)
760{
761 PKIX_PL_CertPolicyMap *map = NULL((void*)0);
762 PKIX_List *mappedList = NULL((void*)0);
763 PKIX_UInt32 numEntries = 0;
764 PKIX_UInt32 index = 0;
765 PKIX_Boolean isContained = PKIX_FALSE((PKIX_Boolean) 0);
766 PKIX_PL_OID *issuerDomainPolicy = NULL((void*)0);
767
768 PKIX_ENTERstatic const char cMyFuncName[] = {"pkix_PolicyChecker_MapGetMappedPolicies"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
769 (CERTCHAINCHECKER, "pkix_PolicyChecker_MapGetMappedPolicies")static const char cMyFuncName[] = {"pkix_PolicyChecker_MapGetMappedPolicies"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
770 PKIX_NULLCHECK_TWO(certPolicyMaps, pMappedPolicies)do { if (((certPolicyMaps) == ((void*)0)) || ((pMappedPolicies
) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
771
772 PKIX_CHECK(PKIX_List_Create(&mappedList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&mappedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
773 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&mappedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
774
775 PKIX_CHECK(PKIX_List_GetLength(certPolicyMaps, &numEntries, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
776 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(certPolicyMaps
, &numEntries, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
777
778 for (index = 0; index < numEntries; index++) {
779 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
780 (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
781 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyMaps
, index, (PKIX_PL_Object **)&map, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
782
783 PKIX_NULLCHECK_ONE(map)do { if ((map) == ((void*)0)){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
784
785 PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
786 (map, &issuerDomainPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0)
787 PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
(map, &issuerDomainPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED
; goto cleanup; } } while (0);
788
789 PKIX_CHECK(pkix_List_Containsdo { stdVars.aPkixErrorResult = (pkix_List_Contains (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, &isContained, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
790 (mappedList,do { stdVars.aPkixErrorResult = (pkix_List_Contains (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, &isContained, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
791 (PKIX_PL_Object *)issuerDomainPolicy,do { stdVars.aPkixErrorResult = (pkix_List_Contains (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, &isContained, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
792 &isContained,do { stdVars.aPkixErrorResult = (pkix_List_Contains (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, &isContained, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
793 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Contains (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, &isContained, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
794 PKIX_LISTCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Contains (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, &isContained, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0);
795
796 if (isContained == PKIX_FALSE((PKIX_Boolean) 0)) {
797 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
798 (mappedList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
799 (PKIX_PL_Object *)issuerDomainPolicy,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
800 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
801 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (mappedList
, (PKIX_PL_Object *)issuerDomainPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
802 }
803
804 PKIX_DECREF(map)do { if (map){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(map), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } map = ((void*)0); }
} while (0);
805 PKIX_DECREF(issuerDomainPolicy)do { if (issuerDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainPolicy
= ((void*)0); } } while (0);
806 }
807
808 *pMappedPolicies = mappedList;
809
810cleanup:
811
812 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
813 PKIX_DECREF(mappedList)do { if (mappedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(mappedList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } mappedList = ((void
*)0); } } while (0);
814 }
815
816 PKIX_DECREF(map)do { if (map){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(map), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } map = ((void*)0); }
} while (0);
817 PKIX_DECREF(issuerDomainPolicy)do { if (issuerDomainPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuerDomainPolicy), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } issuerDomainPolicy
= ((void*)0); } } while (0);
818
819 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
820}
821
822/*
823 * FUNCTION: pkix_PolicyChecker_MakeMutableCopy
824 * DESCRIPTION:
825 *
826 * Creates a mutable copy of the List pointed to by "list", which may or may
827 * not be immutable, and stores the address at "pMutableCopy".
828 *
829 * PARAMETERS:
830 * "list"
831 * Address of List to be copied. Must be non-NULL.
832 * "pMutableCopy"
833 * Address where mutable copy will be stored. Must be non-NULL.
834 * "plContext"
835 * Platform-specific context pointer.
836 * THREAD SAFETY:
837 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
838 * RETURNS:
839 * Returns NULL if the function succeeds
840 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
841 * Returns a Fatal Error if the function fails in an unrecoverable way
842 */
843static PKIX_Error *
844pkix_PolicyChecker_MakeMutableCopy(
845 PKIX_List *list,
846 PKIX_List **pMutableCopy,
847 void *plContext)
848{
849 PKIX_List *newList = NULL((void*)0);
850 PKIX_UInt32 listLen = 0;
851 PKIX_UInt32 listIx = 0;
852 PKIX_PL_Object *object = NULL((void*)0);
853
854 PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MakeMutableCopy")static const char cMyFuncName[] = {"pkix_PolicyChecker_MakeMutableCopy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
855 PKIX_NULLCHECK_TWO(list, pMutableCopy)do { if (((list) == ((void*)0)) || ((pMutableCopy) == ((void*
)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
856
857 PKIX_CHECK(PKIX_List_Create(&newList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&newList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
858 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&newList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
859
860 PKIX_CHECK(PKIX_List_GetLength(list, &listLen, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(list, &
listLen, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } }
while (0)
861 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(list, &
listLen, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } }
while (0);
862
863 for (listIx = 0; listIx < listLen; listIx++) {
864
865 PKIX_CHECK(PKIX_List_GetItem(list, listIx, &object, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(list, listIx
, &object, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup; } } while
(0)
866 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(list, listIx
, &object, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup; } } while
(0);
867
868 PKIX_CHECK(PKIX_List_AppendItem(newList, object, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(newList
, object, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } }
while (0)
869 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(newList
, object, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } }
while (0);
870
871 PKIX_DECREF(object)do { if (object){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(object), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } object = ((void*)0
); } } while (0);
872 }
873
874 *pMutableCopy = newList;
875 newList = NULL((void*)0);
876
877cleanup:
878 PKIX_DECREF(newList)do { if (newList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(newList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } newList = ((void*)
0); } } while (0);
879 PKIX_DECREF(object)do { if (object){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(object), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } object = ((void*)0
); } } while (0);
880
881 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
882}
883
884/*
885 * FUNCTION: pkix_PolicyChecker_MakeSingleton
886 * DESCRIPTION:
887 *
888 * Creates a new List containing the Object pointed to by "listItem", using
889 * the Boolean value of "immutability" to determine whether to set the List
890 * immutable, and stores the address at "pList".
891 *
892 * PARAMETERS:
893 * "listItem"
894 * Address of Object to be inserted into the new List. Must be non-NULL.
895 * "immutability"
896 * Boolean value indicating whether new List is to be immutable
897 * "pList"
898 * Address where List will be stored. Must be non-NULL.
899 * "plContext"
900 * Platform-specific context pointer.
901 * THREAD SAFETY:
902 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
903 * RETURNS:
904 * Returns NULL if the function succeeds
905 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
906 * Returns a Fatal Error if the function fails in an unrecoverable way
907 */
908static PKIX_Error *
909pkix_PolicyChecker_MakeSingleton(
910 PKIX_PL_Object *listItem,
911 PKIX_Boolean immutability,
912 PKIX_List **pList,
913 void *plContext)
914{
915 PKIX_List *newList = NULL((void*)0);
916
917 PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MakeSingleton")static const char cMyFuncName[] = {"pkix_PolicyChecker_MakeSingleton"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
918 PKIX_NULLCHECK_TWO(listItem, pList)do { if (((listItem) == ((void*)0)) || ((pList) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
919
920 PKIX_CHECK(PKIX_List_Create(&newList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&newList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
921 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&newList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
922
923 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (newList
, (PKIX_PL_Object *)listItem, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
924 (newList, (PKIX_PL_Object *)listItem, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (newList
, (PKIX_PL_Object *)listItem, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
925 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (newList
, (PKIX_PL_Object *)listItem, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
926
927 if (immutability) {
928 PKIX_CHECK(PKIX_List_SetImmutable(newList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(newList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
929 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(newList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
930 }
931
932 *pList = newList;
933
934cleanup:
935 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
936 PKIX_DECREF(newList)do { if (newList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(newList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } newList = ((void*)
0); } } while (0);
937 }
938
939 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
940}
941
942/*
943 * FUNCTION: pkix_PolicyChecker_Spawn
944 * DESCRIPTION:
945 *
946 * Creates a new childNode for the parent pointed to by "parent", using
947 * the OID pointed to by "policyOID", the List of CertPolicyQualifiers
948 * pointed to by "qualifiers", the List of OIDs pointed to by
949 * "subjectDomainPolicies", and the PolicyCheckerState pointed to by
950 * "state". The new node will be added to "parent".
951 *
952 * The validPolicy of the new node is set from the OID pointed to by
953 * "policyOID". The policy qualifiers for the new node is set from the
954 * List of qualifiers pointed to by "qualifiers", and may be NULL or
955 * empty if the argument provided was NULL or empty. The criticality is
956 * set according to the criticality obtained from the PolicyCheckerState.
957 * If "subjectDomainPolicies" is NULL, the expectedPolicySet of the
958 * child is set to contain the same policy as the validPolicy. If
959 * "subjectDomainPolicies" is not NULL, it is used as the value for
960 * the expectedPolicySet.
961 *
962 * The PolicyCheckerState also contains a constant, anyPolicy, which is
963 * compared to "policyOID". If they match, the address of the childNode
964 * is saved in the state's newAnyPolicyNode.
965 *
966 * PARAMETERS:
967 * "parent"
968 * Address of PolicyNode to which the child will be linked. Must be
969 * non-NULL.
970 * "policyOID"
971 * Address of OID of the new child's validPolicy and also, if
972 * subjectDomainPolicies is NULL, of the new child's expectedPolicySet.
973 * Must be non-NULL.
974 * "qualifiers"
975 * Address of List of CertPolicyQualifiers. May be NULL or empty.
976 * "subjectDomainPolicies"
977 * Address of List of OIDs indicating the policies to which "policy" is
978 * mapped. May be empty or NULL.
979 * "state"
980 * Address of the current PKIX_PolicyCheckerState. Must be non-NULL..
981 * "plContext"
982 * Platform-specific context pointer.
983 * THREAD SAFETY:
984 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
985 * RETURNS:
986 * Returns NULL if the function succeeds
987 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
988 * Returns a Fatal Error if the function fails in an unrecoverable way
989 */
990static PKIX_Error *
991pkix_PolicyChecker_Spawn(
992 PKIX_PolicyNode *parent,
993 PKIX_PL_OID *policyOID,
994 PKIX_List *qualifiers, /* CertPolicyQualifiers */
995 PKIX_List *subjectDomainPolicies,
996 PKIX_PolicyCheckerState *state,
997 void *plContext)
998{
999 PKIX_List *expectedSet = NULL((void*)0); /* OIDs */
1000 PKIX_PolicyNode *childNode = NULL((void*)0);
1001 PKIX_Boolean match = PKIX_FALSE((PKIX_Boolean) 0);
1002
1003 PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Spawn")static const char cMyFuncName[] = {"pkix_PolicyChecker_Spawn"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
1004 PKIX_NULLCHECK_THREE(policyOID, parent, state)do { if (((policyOID) == ((void*)0)) || ((parent) == ((void*)
0)) || ((state) == ((void*)0))){ stdVars.aPkixErrorReceived =
((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1005
1006 if (subjectDomainPolicies) {
1007
1008 PKIX_INCREF(subjectDomainPolicies)do { if (subjectDomainPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(subjectDomainPolicies), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
1009 expectedSet = subjectDomainPolicies;
1010
1011 } else {
1012 /* Create the child's ExpectedPolicy Set */
1013 PKIX_CHECK(pkix_PolicyChecker_MakeSingletondo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)policyOID, ((PKIX_Boolean) 1), &expectedSet
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAKESINGLETONFAILED; goto cleanup; } } while
(0)
1014 ((PKIX_PL_Object *)policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)policyOID, ((PKIX_Boolean) 1), &expectedSet
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAKESINGLETONFAILED; goto cleanup; } } while
(0)
1015 PKIX_TRUE, /* make expectedPolicySet immutable */do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)policyOID, ((PKIX_Boolean) 1), &expectedSet
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAKESINGLETONFAILED; goto cleanup; } } while
(0)
1016 &expectedSet,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)policyOID, ((PKIX_Boolean) 1), &expectedSet
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAKESINGLETONFAILED; goto cleanup; } } while
(0)
1017 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)policyOID, ((PKIX_Boolean) 1), &expectedSet
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAKESINGLETONFAILED; goto cleanup; } } while
(0)
1018 PKIX_POLICYCHECKERMAKESINGLETONFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)policyOID, ((PKIX_Boolean) 1), &expectedSet
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAKESINGLETONFAILED; goto cleanup; } } while
(0);
1019 }
1020
1021 PKIX_CHECK(pkix_PolicyNode_Createdo { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (policyOID
, qualifiers, state->certPoliciesCritical, expectedSet, &
childNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup; }
} while (0)
1022 (policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (policyOID
, qualifiers, state->certPoliciesCritical, expectedSet, &
childNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup; }
} while (0)
1023 qualifiers,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (policyOID
, qualifiers, state->certPoliciesCritical, expectedSet, &
childNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup; }
} while (0)
1024 state->certPoliciesCritical,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (policyOID
, qualifiers, state->certPoliciesCritical, expectedSet, &
childNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup; }
} while (0)
1025 expectedSet,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (policyOID
, qualifiers, state->certPoliciesCritical, expectedSet, &
childNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup; }
} while (0)
1026 &childNode,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (policyOID
, qualifiers, state->certPoliciesCritical, expectedSet, &
childNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup; }
} while (0)
1027 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (policyOID
, qualifiers, state->certPoliciesCritical, expectedSet, &
childNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup; }
} while (0)
1028 PKIX_POLICYNODECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Create (policyOID
, qualifiers, state->certPoliciesCritical, expectedSet, &
childNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODECREATEFAILED; goto cleanup; }
} while (0);
1029
1030 /*
1031 * If we had a non-empty mapping, we know the new node could not
1032 * have been created with a validPolicy of anyPolicy. Otherwise,
1033 * check whether we just created a new node with anyPolicy, because
1034 * in that case we want to save the child pointer in newAnyPolicyNode.
1035 */
1036 if (!subjectDomainPolicies) {
1037 PKIX_EQUALS(policyOID, state->anyPolicyOID, &match, plContext,do { if ((policyOID) != ((void*)0) && (state->anyPolicyOID
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policyOID), (PKIX_PL_Object*)(state->
anyPolicyOID), (&match), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policyOID) == ((void*)0) &&
(state->anyPolicyOID) == ((void*)0)) { *(&match) = ((
PKIX_Boolean) 1); } else { *(&match) = ((PKIX_Boolean) 0)
; } } while (0)
1038 PKIX_OBJECTEQUALSFAILED)do { if ((policyOID) != ((void*)0) && (state->anyPolicyOID
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policyOID), (PKIX_PL_Object*)(state->
anyPolicyOID), (&match), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policyOID) == ((void*)0) &&
(state->anyPolicyOID) == ((void*)0)) { *(&match) = ((
PKIX_Boolean) 1); } else { *(&match) = ((PKIX_Boolean) 0)
; } } while (0);
1039
1040 if (match) {
1041 PKIX_DECREF(state->newAnyPolicyNode)do { if (state->newAnyPolicyNode){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->newAnyPolicyNode
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->newAnyPolicyNode = ((void*)0); } }
while (0);
1042 PKIX_INCREF(childNode)do { if (childNode){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(childNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
(0);
1043 state->newAnyPolicyNode = childNode;
1044 }
1045 }
1046
1047 PKIX_CHECK(pkix_PolicyNode_AddToParent(parent, childNode, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyNode_AddToParent(
parent, childNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEADDTOPARENTFAILED; goto
cleanup; } } while (0)
1048 PKIX_POLICYNODEADDTOPARENTFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyNode_AddToParent(
parent, childNode, plContext)); if (stdVars.aPkixErrorResult)
{ stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEADDTOPARENTFAILED; goto
cleanup; } } while (0);
1049
1050 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
1051 ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
1052 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0);
1053
1054cleanup:
1055 PKIX_DECREF(childNode)do { if (childNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(childNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childNode = ((void
*)0); } } while (0);
1056 PKIX_DECREF(expectedSet)do { if (expectedSet){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(expectedSet), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } expectedSet = ((void
*)0); } } while (0);
1057 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
1058}
1059
1060/*
1061 * FUNCTION: pkix_PolicyChecker_CheckPolicyRecursive
1062 * DESCRIPTION:
1063 *
1064 * Performs policy processing for the policy whose OID is pointed to by
1065 * "policyOID" and whose List of CertPolicyQualifiers is pointed to by
1066 * "policyQualifiers", using the List of policy OIDs pointed to by
1067 * "subjectDomainPolicies" and the PolicyNode pointed to by "currentNode",
1068 * in accordance with the current PolicyCheckerState pointed to by "state",
1069 * and setting "pChildNodeCreated" to TRUE if a new childNode is created.
1070 * Note: "pChildNodeCreated" is not set to FALSE if no childNode is created.
1071 * The intent of the design is that the caller can set a variable to FALSE
1072 * initially, prior to a recursive set of calls. At the end, the variable
1073 * can be tested to see whether *any* of the calls created a child node.
1074 *
1075 * If the currentNode is not at the bottom of the tree, this function
1076 * calls itself recursively for each child of currentNode. At the bottom of
1077 * the tree, it creates new child nodes as appropriate. This function will
1078 * never be called with policy = anyPolicy.
1079 *
1080 * This function implements the processing described in RFC3280
1081 * Section 6.1.3(d)(1)(i).
1082 *
1083 * PARAMETERS:
1084 * "policyOID"
1085 * Address of OID of the policy to be checked for. Must be non-NULL.
1086 * "policyQualifiers"
1087 * Address of List of CertPolicyQualifiers of the policy to be checked for.
1088 * May be empty or NULL.
1089 * "subjectDomainPolicies"
1090 * Address of List of OIDs indicating the policies to which "policy" is
1091 * mapped. May be empty or NULL.
1092 * "currentNode"
1093 * Address of PolicyNode whose descendants will be checked, if not at the
1094 * bottom of the tree; or whose expectedPolicySet will be compared to
1095 * "policy", if at the bottom. Must be non-NULL.
1096 * "state"
1097 * Address of PolicyCheckerState of the current PolicyChecker. Must be
1098 * non-NULL.
1099 * "pChildNodeCreated"
1100 * Address of the Boolean that will be set TRUE if this function
1101 * creates a child node. Must be non-NULL.
1102 * "plContext"
1103 * Platform-specific context pointer.
1104 * THREAD SAFETY:
1105 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1106 * RETURNS:
1107 * Returns NULL if the function succeeds
1108 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
1109 * Returns a Fatal Error if the function fails in an unrecoverable way
1110 */
1111static PKIX_Error *
1112pkix_PolicyChecker_CheckPolicyRecursive(
1113 PKIX_PL_OID *policyOID,
1114 PKIX_List *policyQualifiers,
1115 PKIX_List *subjectDomainPolicies,
1116 PKIX_PolicyNode *currentNode,
1117 PKIX_PolicyCheckerState *state,
1118 PKIX_Boolean *pChildNodeCreated,
1119 void *plContext)
1120{
1121 PKIX_UInt32 depth = 0;
1122 PKIX_UInt32 numChildren = 0;
1123 PKIX_UInt32 childIx = 0;
1124 PKIX_Boolean isIncluded = PKIX_FALSE((PKIX_Boolean) 0);
1125 PKIX_List *children = NULL((void*)0); /* PolicyNodes */
1126 PKIX_PolicyNode *childNode = NULL((void*)0);
1127 PKIX_List *expectedPolicies = NULL((void*)0); /* OIDs */
1128
1129 PKIX_ENTERstatic const char cMyFuncName[] = {"pkix_PolicyChecker_CheckPolicyRecursive"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
1130 (CERTCHAINCHECKER,static const char cMyFuncName[] = {"pkix_PolicyChecker_CheckPolicyRecursive"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
1131 "pkix_PolicyChecker_CheckPolicyRecursive")static const char cMyFuncName[] = {"pkix_PolicyChecker_CheckPolicyRecursive"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
1132 PKIX_NULLCHECK_FOUR(policyOID, currentNode, state, pChildNodeCreated)do { if (((policyOID) == ((void*)0)) || ((currentNode) == ((void
*)0)) || ((state) == ((void*)0)) || ((pChildNodeCreated) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
1133
1134 /* if not at the bottom of the tree */
1135 PKIX_CHECK(PKIX_PolicyNode_GetDepthdo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0)
1136 (currentNode, &depth, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0)
1137 PKIX_POLICYNODEGETDEPTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0);
1138
1139 if (depth < (state->certsProcessed)) {
1140 PKIX_CHECK(pkix_PolicyNode_GetChildrenMutabledo { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0)
1141 (currentNode, &children, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0)
1142 PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0);
1143
1144 if (children) {
1145 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1146 (children, &numChildren, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1147 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1148 }
1149
1150 for (childIx = 0; childIx < numChildren; childIx++) {
1151
1152 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1153 (children,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1154 childIx,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1155 (PKIX_PL_Object **)&childNode,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1156 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1157 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1158
1159 PKIX_CHECK(pkix_PolicyChecker_CheckPolicyRecursivedo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1160 (policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1161 policyQualifiers,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1162 subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1163 childNode,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1164 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1165 pChildNodeCreated,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1166 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1167 PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, childNode
, state, pChildNodeCreated, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0);
1168
1169 PKIX_DECREF(childNode)do { if (childNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(childNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childNode = ((void
*)0); } } while (0);
1170 }
1171 } else { /* if at the bottom of the tree */
1172
1173 /* Check whether policy is in this node's expectedPolicySet */
1174 PKIX_CHECK(PKIX_PolicyNode_GetExpectedPoliciesdo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetExpectedPolicies
(currentNode, &expectedPolicies, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED
; goto cleanup; } } while (0)
1175 (currentNode, &expectedPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetExpectedPolicies
(currentNode, &expectedPolicies, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED
; goto cleanup; } } while (0)
1176 PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetExpectedPolicies
(currentNode, &expectedPolicies, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED
; goto cleanup; } } while (0);
1177
1178 PKIX_NULLCHECK_ONE(expectedPolicies)do { if ((expectedPolicies) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1179
1180 PKIX_CHECK(pkix_List_Containsdo { stdVars.aPkixErrorResult = (pkix_List_Contains (expectedPolicies
, (PKIX_PL_Object *)policyOID, &isIncluded, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
1181 (expectedPolicies,do { stdVars.aPkixErrorResult = (pkix_List_Contains (expectedPolicies
, (PKIX_PL_Object *)policyOID, &isIncluded, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
1182 (PKIX_PL_Object *)policyOID,do { stdVars.aPkixErrorResult = (pkix_List_Contains (expectedPolicies
, (PKIX_PL_Object *)policyOID, &isIncluded, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
1183 &isIncluded,do { stdVars.aPkixErrorResult = (pkix_List_Contains (expectedPolicies
, (PKIX_PL_Object *)policyOID, &isIncluded, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
1184 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Contains (expectedPolicies
, (PKIX_PL_Object *)policyOID, &isIncluded, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
1185 PKIX_LISTCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Contains (expectedPolicies
, (PKIX_PL_Object *)policyOID, &isIncluded, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0);
1186
1187 if (isIncluded) {
1188 PKIX_CHECK(pkix_PolicyChecker_Spawndo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, policyQualifiers, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1189 (currentNode,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, policyQualifiers, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1190 policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, policyQualifiers, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1191 policyQualifiers,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, policyQualifiers, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1192 subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, policyQualifiers, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1193 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, policyQualifiers, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1194 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, policyQualifiers, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1195 PKIX_POLICYCHECKERSPAWNFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, policyQualifiers, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0);
1196
1197 *pChildNodeCreated = PKIX_TRUE((PKIX_Boolean) 1);
1198 }
1199 }
1200
1201cleanup:
1202
1203 PKIX_DECREF(children)do { if (children){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(children), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } children = ((void*
)0); } } while (0);
1204 PKIX_DECREF(childNode)do { if (childNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(childNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childNode = ((void
*)0); } } while (0);
1205 PKIX_DECREF(expectedPolicies)do { if (expectedPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(expectedPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } expectedPolicies
= ((void*)0); } } while (0);
1206
1207 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
1208}
1209
1210/*
1211 * FUNCTION: pkix_PolicyChecker_CheckPolicy
1212 * DESCRIPTION:
1213 *
1214 * Performs the non-recursive portion of the policy processing for the policy
1215 * whose OID is pointed to by "policyOID" and whose List of
1216 * CertPolicyQualifiers is pointed to by "policyQualifiers", for the
1217 * Certificate pointed to by "cert" with the List of CertPolicyMaps pointed
1218 * to by "maps", in accordance with the current PolicyCheckerState pointed
1219 * to by "state".
1220 *
1221 * This function implements the processing described in RFC3280
1222 * Section 6.1.3(d)(1)(i).
1223 *
1224 * PARAMETERS:
1225 * "policyOID"
1226 * Address of OID of the policy to be checked for. Must be non-NULL.
1227 * "policyQualifiers"
1228 * Address of List of CertPolicyQualifiers of the policy to be checked for.
1229 * May be empty or NULL.
1230 * "cert"
1231 * Address of the current certificate. Must be non-NULL.
1232 * "maps"
1233 * Address of List of CertPolicyMaps for the current certificate
1234 * "state"
1235 * Address of PolicyCheckerState of the current PolicyChecker. Must be
1236 * non-NULL.
1237 * "plContext"
1238 * Platform-specific context pointer.
1239 * THREAD SAFETY:
1240 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1241 * RETURNS:
1242 * Returns NULL if the function succeeds
1243 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
1244 * Returns a Fatal Error if the function fails in an unrecoverable way
1245 */
1246static PKIX_Error *
1247pkix_PolicyChecker_CheckPolicy(
1248 PKIX_PL_OID *policyOID,
1249 PKIX_List *policyQualifiers,
1250 PKIX_PL_Cert *cert,
1251 PKIX_List *maps,
1252 PKIX_PolicyCheckerState *state,
1253 void *plContext)
1254{
1255 PKIX_Boolean childNodeCreated = PKIX_FALSE((PKIX_Boolean) 0);
1256 PKIX_Boolean okToSpawn = PKIX_FALSE((PKIX_Boolean) 0);
1257 PKIX_Boolean found = PKIX_FALSE((PKIX_Boolean) 0);
1258 PKIX_List *subjectDomainPolicies = NULL((void*)0);
1259
1260 PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_CheckPolicy")static const char cMyFuncName[] = {"pkix_PolicyChecker_CheckPolicy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
1261 PKIX_NULLCHECK_THREE(policyOID, cert, state)do { if (((policyOID) == ((void*)0)) || ((cert) == ((void*)0)
) || ((state) == ((void*)0))){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1262
1263 /*
1264 * If this is not the last certificate, get the set of
1265 * subjectDomainPolicies that "policy" maps to, according to the
1266 * current cert's policy mapping extension. That set will be NULL
1267 * if the current cert does not have a policy mapping extension,
1268 * or if the current policy is not mapped.
1269 */
1270 if (state->certsProcessed != (state->numCerts - 1)) {
1271 PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPoliciesdo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(maps, policyOID, &subjectDomainPolicies, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED
; goto cleanup; } } while (0)
1272 (maps, policyOID, &subjectDomainPolicies, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(maps, policyOID, &subjectDomainPolicies, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED
; goto cleanup; } } while (0)
1273 PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(maps, policyOID, &subjectDomainPolicies, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED
; goto cleanup; } } while (0);
1274 }
1275
1276 /*
1277 * Section 6.1.4(b)(2) tells us that if policyMapping is zero, we
1278 * will have to delete any nodes created with validPolicies equal to
1279 * policies that appear as issuerDomainPolicies in a policy mapping
1280 * extension. Let's avoid creating any such nodes.
1281 */
1282 if ((state->policyMapping) == 0) {
1283 if (subjectDomainPolicies) {
1284 goto cleanup;
1285 }
1286 }
1287
1288 PKIX_CHECK(pkix_PolicyChecker_CheckPolicyRecursivedo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1289 (policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1290 policyQualifiers,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1291 subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1292 state->validPolicyTree,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1293 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1294 &childNodeCreated,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1295 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0)
1296 PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckPolicyRecursive
(policyOID, policyQualifiers, subjectDomainPolicies, state->
validPolicyTree, state, &childNodeCreated, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED
; goto cleanup; } } while (0);
1297
1298 if (!childNodeCreated) {
1299 /*
1300 * Section 6.1.3(d)(1)(ii)
1301 * There was no match. If there was a node at
1302 * depth i-1 with valid policy anyPolicy,
1303 * generate a node subordinate to that.
1304 *
1305 * But that means this created node would be in
1306 * the valid-policy-node-set, and will be
1307 * pruned in 6.1.5(g)(iii)(2) unless it is in
1308 * the user-initial-policy-set or the user-
1309 * initial-policy-set is {anyPolicy}. So check,
1310 * and don't create it if it will be pruned.
1311 */
1312 if (state->anyPolicyNodeAtBottom) {
1313 if (state->initialIsAnyPolicy) {
1314 okToSpawn = PKIX_TRUE((PKIX_Boolean) 1);
1315 } else {
1316 PKIX_CHECK(pkix_List_Containsdo { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedUserInitialPolicySet, (PKIX_PL_Object *)policyOID, &
okToSpawn, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while
(0)
1317 (state->mappedUserInitialPolicySet,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedUserInitialPolicySet, (PKIX_PL_Object *)policyOID, &
okToSpawn, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while
(0)
1318 (PKIX_PL_Object *)policyOID,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedUserInitialPolicySet, (PKIX_PL_Object *)policyOID, &
okToSpawn, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while
(0)
1319 &okToSpawn,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedUserInitialPolicySet, (PKIX_PL_Object *)policyOID, &
okToSpawn, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while
(0)
1320 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedUserInitialPolicySet, (PKIX_PL_Object *)policyOID, &
okToSpawn, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while
(0)
1321 PKIX_LISTCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedUserInitialPolicySet, (PKIX_PL_Object *)policyOID, &
okToSpawn, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while
(0);
1322 }
1323 if (okToSpawn) {
1324 PKIX_CHECK(pkix_PolicyChecker_Spawndo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, policyQualifiers, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1325 (state->anyPolicyNodeAtBottom,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, policyQualifiers, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1326 policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, policyQualifiers, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1327 policyQualifiers,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, policyQualifiers, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1328 subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, policyQualifiers, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1329 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, policyQualifiers, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1330 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, policyQualifiers, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1331 PKIX_POLICYCHECKERSPAWNFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, policyQualifiers, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0);
1332 childNodeCreated = PKIX_TRUE((PKIX_Boolean) 1);
1333 }
1334 }
1335 }
1336
1337 if (childNodeCreated) {
1338 /*
1339 * If this policy had qualifiers, and the certificate policies
1340 * extension was marked critical, and the user cannot deal with
1341 * policy qualifiers, throw an error.
1342 */
1343 if (policyQualifiers &&
1344 state->certPoliciesCritical &&
1345 state->policyQualifiersRejected) {
1346 PKIX_ERROR{ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION, ((void
*)0), stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION
; goto cleanup; }
1347 (PKIX_QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION, ((void
*)0), stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION
; goto cleanup; };
1348 }
1349 /*
1350 * If the policy we just propagated was in the list of mapped
1351 * policies, remove it from the list. That list is used, at the
1352 * end, to determine policies that have not been propagated.
1353 */
1354 if (state->mappedPolicyOIDs) {
1355 PKIX_CHECK(pkix_List_Containsdo { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, &found, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1356 (state->mappedPolicyOIDs,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, &found, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1357 (PKIX_PL_Object *)policyOID,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, &found, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1358 &found,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, &found, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1359 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, &found, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1360 PKIX_LISTCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, &found, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0);
1361 if (found) {
1362 PKIX_CHECK(pkix_List_Removedo { stdVars.aPkixErrorResult = (pkix_List_Remove (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED
; goto cleanup; } } while (0)
1363 (state->mappedPolicyOIDs,do { stdVars.aPkixErrorResult = (pkix_List_Remove (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED
; goto cleanup; } } while (0)
1364 (PKIX_PL_Object *)policyOID,do { stdVars.aPkixErrorResult = (pkix_List_Remove (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED
; goto cleanup; } } while (0)
1365 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Remove (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED
; goto cleanup; } } while (0)
1366 PKIX_LISTREMOVEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Remove (state->
mappedPolicyOIDs, (PKIX_PL_Object *)policyOID, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED
; goto cleanup; } } while (0);
1367 }
1368 }
1369 }
1370
1371cleanup:
1372
1373 PKIX_DECREF(subjectDomainPolicies)do { if (subjectDomainPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicies), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } subjectDomainPolicies = ((void*)0); } } while (0);
1374
1375 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
1376}
1377
1378/*
1379 * FUNCTION: pkix_PolicyChecker_CheckAny
1380 * DESCRIPTION:
1381 * Performs the creation of PolicyNodes, for the PolicyNode pointed to by
1382 * "currentNode" and PolicyNodes subordinate to it, using the List of
1383 * qualifiers pointed to by "qualsOfAny", in accordance with the current
1384 * certificate's PolicyMaps pointed to by "policyMaps" and the current
1385 * PolicyCheckerState pointed to by "state".
1386 *
1387 * If the currentNode is not just above the bottom of the validPolicyTree, this
1388 * function calls itself recursively for each child of currentNode. At the
1389 * level just above the bottom, for each policy in the currentNode's
1390 * expectedPolicySet not already present in a child node, it creates a new
1391 * child node. The validPolicy of the child created, and its expectedPolicySet,
1392 * will be the policy from the currentNode's expectedPolicySet. The policy
1393 * qualifiers will be the qualifiers from the current certificate's anyPolicy,
1394 * the "qualsOfAny" parameter. If the currentNode's expectedSet includes
1395 * anyPolicy, a childNode will be created with a policy of anyPolicy. This is
1396 * the only way such a node can be created.
1397 *
1398 * This function is called only when anyPolicy is one of the current
1399 * certificate's policies. This function implements the processing described
1400 * in RFC3280 Section 6.1.3(d)(2).
1401 *
1402 * PARAMETERS:
1403 * "currentNode"
1404 * Address of PolicyNode whose descendants will be checked, if not at the
1405 * bottom of the tree; or whose expectedPolicySet will be compared to those
1406 * in "alreadyPresent", if at the bottom. Must be non-NULL.
1407 * "qualsOfAny"
1408 * Address of List of qualifiers of the anyPolicy in the current
1409 * certificate. May be empty or NULL.
1410 * "policyMaps"
1411 * Address of the List of PolicyMaps of the current certificate. May be
1412 * empty or NULL.
1413 * "state"
1414 * Address of the current state of the PKIX_PolicyChecker.
1415 * Must be non-NULL.
1416 * "plContext"
1417 * Platform-specific context pointer.
1418 * THREAD SAFETY:
1419 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1420 * RETURNS:
1421 * Returns NULL if the function succeeds
1422 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
1423 * Returns a Fatal Error if the function fails in an unrecoverable way
1424 */
1425static PKIX_Error *
1426pkix_PolicyChecker_CheckAny(
1427 PKIX_PolicyNode *currentNode,
1428 PKIX_List *qualsOfAny, /* CertPolicyQualifiers */
1429 PKIX_List *policyMaps, /* CertPolicyMaps */
1430 PKIX_PolicyCheckerState *state,
1431 void *plContext)
1432{
1433 PKIX_UInt32 depth = 0;
1434 PKIX_UInt32 numChildren = 0;
1435 PKIX_UInt32 childIx = 0;
1436 PKIX_UInt32 numPolicies = 0;
1437 PKIX_UInt32 polx = 0;
1438 PKIX_Boolean isIncluded = PKIX_FALSE((PKIX_Boolean) 0);
1439 PKIX_List *children = NULL((void*)0); /* PolicyNodes */
1440 PKIX_PolicyNode *childNode = NULL((void*)0);
1441 PKIX_List *expectedPolicies = NULL((void*)0); /* OIDs */
1442 PKIX_PL_OID *policyOID = NULL((void*)0);
1443 PKIX_PL_OID *childPolicy = NULL((void*)0);
1444 PKIX_List *subjectDomainPolicies = NULL((void*)0); /* OIDs */
1445
1446 PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_CheckAny")static const char cMyFuncName[] = {"pkix_PolicyChecker_CheckAny"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
1447 PKIX_NULLCHECK_TWO(currentNode, state)do { if (((currentNode) == ((void*)0)) || ((state) == ((void*
)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
1448
1449 PKIX_CHECK(PKIX_PolicyNode_GetDepthdo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0)
1450 (currentNode, &depth, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0)
1451 PKIX_POLICYNODEGETDEPTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0);
1452
1453 PKIX_CHECK(pkix_PolicyNode_GetChildrenMutabledo { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0)
1454 (currentNode, &children, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0)
1455 PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0);
1456
1457 if (children) {
1458 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1459 (children, &numChildren, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1460 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1461 }
1462
1463 if (depth < (state->certsProcessed)) {
1464 for (childIx = 0; childIx < numChildren; childIx++) {
1465
1466 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1467 (children,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1468 childIx,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1469 (PKIX_PL_Object **)&childNode,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1470 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1471 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1472
1473 PKIX_NULLCHECK_ONE(childNode)do { if ((childNode) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1474 PKIX_CHECK(pkix_PolicyChecker_CheckAnydo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckAny (
childNode, qualsOfAny, policyMaps, state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKANYFAILED
; goto cleanup; } } while (0)
1475 (childNode,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckAny (
childNode, qualsOfAny, policyMaps, state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKANYFAILED
; goto cleanup; } } while (0)
1476 qualsOfAny,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckAny (
childNode, qualsOfAny, policyMaps, state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKANYFAILED
; goto cleanup; } } while (0)
1477 policyMaps,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckAny (
childNode, qualsOfAny, policyMaps, state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKANYFAILED
; goto cleanup; } } while (0)
1478 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckAny (
childNode, qualsOfAny, policyMaps, state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKANYFAILED
; goto cleanup; } } while (0)
1479 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckAny (
childNode, qualsOfAny, policyMaps, state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKANYFAILED
; goto cleanup; } } while (0)
1480 PKIX_POLICYCHECKERCHECKANYFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CheckAny (
childNode, qualsOfAny, policyMaps, state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCHECKANYFAILED
; goto cleanup; } } while (0);
1481
1482 PKIX_DECREF(childNode)do { if (childNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(childNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childNode = ((void
*)0); } } while (0);
1483 }
1484 } else { /* if at the bottom of the tree */
1485
1486 PKIX_CHECK(PKIX_PolicyNode_GetExpectedPoliciesdo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetExpectedPolicies
(currentNode, &expectedPolicies, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED
; goto cleanup; } } while (0)
1487 (currentNode, &expectedPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetExpectedPolicies
(currentNode, &expectedPolicies, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED
; goto cleanup; } } while (0)
1488 PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetExpectedPolicies
(currentNode, &expectedPolicies, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED
; goto cleanup; } } while (0);
1489
1490 /* Expected Policy Set is not allowed to be NULL */
1491 PKIX_NULLCHECK_ONE(expectedPolicies)do { if ((expectedPolicies) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1492
1493 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (expectedPolicies
, &numPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1494 (expectedPolicies, &numPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (expectedPolicies
, &numPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1495 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (expectedPolicies
, &numPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1496
1497 for (polx = 0; polx < numPolicies; polx++) {
1498 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (expectedPolicies
, polx, (PKIX_PL_Object **)&policyOID, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1499 (expectedPolicies,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (expectedPolicies
, polx, (PKIX_PL_Object **)&policyOID, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1500 polx,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (expectedPolicies
, polx, (PKIX_PL_Object **)&policyOID, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1501 (PKIX_PL_Object **)&policyOID,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (expectedPolicies
, polx, (PKIX_PL_Object **)&policyOID, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1502 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (expectedPolicies
, polx, (PKIX_PL_Object **)&policyOID, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1503 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (expectedPolicies
, polx, (PKIX_PL_Object **)&policyOID, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1504
1505 PKIX_NULLCHECK_ONE(policyOID)do { if ((policyOID) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1506
1507 isIncluded = PKIX_FALSE((PKIX_Boolean) 0);
1508
1509 for (childIx = 0;
1510 (!isIncluded && (childIx < numChildren));
1511 childIx++) {
1512
1513 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1514 (children,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1515 childIx,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1516 (PKIX_PL_Object **)&childNode,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1517 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1518 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIx, (PKIX_PL_Object **)&childNode, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1519
1520 PKIX_NULLCHECK_ONE(childNode)do { if ((childNode) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1521
1522 PKIX_CHECK(PKIX_PolicyNode_GetValidPolicydo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(childNode, &childPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0)
1523 (childNode, &childPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(childNode, &childPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0)
1524 PKIX_POLICYNODEGETVALIDPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(childNode, &childPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0);
1525
1526 PKIX_NULLCHECK_ONE(childPolicy)do { if ((childPolicy) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1527
1528 PKIX_EQUALS(policyOID, childPolicy, &isIncluded, plContext,do { if ((policyOID) != ((void*)0) && (childPolicy) !=
((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policyOID), (PKIX_PL_Object*)(childPolicy
), (&isIncluded), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policyOID) == ((void*)0) &&
(childPolicy) == ((void*)0)) { *(&isIncluded) = ((PKIX_Boolean
) 1); } else { *(&isIncluded) = ((PKIX_Boolean) 0); } } while
(0)
1529 PKIX_OBJECTEQUALSFAILED)do { if ((policyOID) != ((void*)0) && (childPolicy) !=
((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(policyOID), (PKIX_PL_Object*)(childPolicy
), (&isIncluded), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((policyOID) == ((void*)0) &&
(childPolicy) == ((void*)0)) { *(&isIncluded) = ((PKIX_Boolean
) 1); } else { *(&isIncluded) = ((PKIX_Boolean) 0); } } while
(0);
1530
1531 PKIX_DECREF(childNode)do { if (childNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(childNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childNode = ((void
*)0); } } while (0);
1532 PKIX_DECREF(childPolicy)do { if (childPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(childPolicy), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childPolicy = ((void
*)0); } } while (0);
1533 }
1534
1535 if (!isIncluded) {
1536 if (policyMaps) {
1537 PKIX_CHECKdo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1538 (pkix_PolicyChecker_MapGetSubjectDomainPoliciesdo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1539 (policyMaps,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1540 policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1541 &subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1542 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1543 PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0);
1544 }
1545 PKIX_CHECK(pkix_PolicyChecker_Spawndo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, qualsOfAny, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1546 (currentNode,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, qualsOfAny, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1547 policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, qualsOfAny, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1548 qualsOfAny,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, qualsOfAny, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1549 subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, qualsOfAny, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1550 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, qualsOfAny, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1551 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, qualsOfAny, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1552 PKIX_POLICYCHECKERSPAWNFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (currentNode
, policyOID, qualsOfAny, subjectDomainPolicies, state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0);
1553 PKIX_DECREF(subjectDomainPolicies)do { if (subjectDomainPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicies), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } subjectDomainPolicies = ((void*)0); } } while (0);
1554 }
1555
1556 PKIX_DECREF(policyOID)do { if (policyOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyOID = ((void
*)0); } } while (0);
1557 }
1558 }
1559
1560cleanup:
1561
1562 PKIX_DECREF(children)do { if (children){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(children), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } children = ((void*
)0); } } while (0);
1563 PKIX_DECREF(childNode)do { if (childNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(childNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childNode = ((void
*)0); } } while (0);
1564 PKIX_DECREF(expectedPolicies)do { if (expectedPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(expectedPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } expectedPolicies
= ((void*)0); } } while (0);
1565 PKIX_DECREF(policyOID)do { if (policyOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyOID = ((void
*)0); } } while (0);
1566 PKIX_DECREF(childPolicy)do { if (childPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(childPolicy), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childPolicy = ((void
*)0); } } while (0);
1567 PKIX_DECREF(subjectDomainPolicies)do { if (subjectDomainPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicies), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } subjectDomainPolicies = ((void*)0); } } while (0);
1568
1569 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
1570
1571}
1572
1573/*
1574 * FUNCTION: pkix_PolicyChecker_CalculateIntersection
1575 * DESCRIPTION:
1576 *
1577 * Processes the PolicyNode pointed to by "currentNode", and its descendants,
1578 * using the PolicyCheckerState pointed to by "state", using the List at
1579 * the address pointed to by "nominees" the OIDs of policies that are in the
1580 * user-initial-policy-set but are not represented among the nodes at the
1581 * bottom of the tree, and storing at "pShouldBePruned" the value TRUE if
1582 * currentNode is childless at the end of this processing, FALSE if it has
1583 * children or is at the bottom of the tree.
1584 *
1585 * When this function is called at the top level, "nominees" should be the List
1586 * of all policies in the user-initial-policy-set. Policies that are
1587 * represented in the valid-policy-node-set are removed from this List. As a
1588 * result when nodes are created according to 6.1.5.(g)(iii)(3)(b), a node will
1589 * be created for each policy remaining in this List.
1590 *
1591 * This function implements the calculation of the intersection of the
1592 * validPolicyTree with the user-initial-policy-set, as described in
1593 * RFC 3280 6.1.5(g)(iii).
1594 *
1595 * PARAMETERS:
1596 * "currentNode"
1597 * Address of PolicyNode whose descendants will be processed as described.
1598 * Must be non-NULL.
1599 * "state"
1600 * Address of the current state of the PKIX_PolicyChecker. Must be non-NULL
1601 * "nominees"
1602 * Address of List of the OIDs for which nodes should be created to replace
1603 * anyPolicy nodes. Must be non-NULL but may be empty.
1604 * "pShouldBePruned"
1605 * Address where Boolean return value, set to TRUE if this PolicyNode
1606 * should be deleted, is stored. Must be non-NULL.
1607 * "plContext"
1608 * Platform-specific context pointer.
1609 * THREAD SAFETY:
1610 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1611 * RETURNS:
1612 * Returns NULL if the function succeeds
1613 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
1614 * Returns a Fatal Error if the function fails in an unrecoverable way
1615 */
1616static PKIX_Error *
1617pkix_PolicyChecker_CalculateIntersection(
1618 PKIX_PolicyNode *currentNode,
1619 PKIX_PolicyCheckerState *state,
1620 PKIX_List *nominees, /* OIDs */
1621 PKIX_Boolean *pShouldBePruned,
1622 void *plContext)
1623{
1624 PKIX_Boolean currentPolicyIsAny = PKIX_FALSE((PKIX_Boolean) 0);
1625 PKIX_Boolean parentPolicyIsAny = PKIX_FALSE((PKIX_Boolean) 0);
1626 PKIX_Boolean currentPolicyIsValid = PKIX_FALSE((PKIX_Boolean) 0);
1627 PKIX_Boolean shouldBePruned = PKIX_FALSE((PKIX_Boolean) 0);
1628 PKIX_Boolean priorCriticality = PKIX_FALSE((PKIX_Boolean) 0);
1629 PKIX_UInt32 depth = 0;
1630 PKIX_UInt32 numChildren = 0;
1631 PKIX_UInt32 childIndex = 0;
1632 PKIX_UInt32 numNominees = 0;
1633 PKIX_UInt32 polIx = 0;
1634 PKIX_PL_OID *currentPolicy = NULL((void*)0);
1635 PKIX_PL_OID *parentPolicy = NULL((void*)0);
1636 PKIX_PL_OID *substPolicy = NULL((void*)0);
1637 PKIX_PolicyNode *parent = NULL((void*)0);
1638 PKIX_PolicyNode *child = NULL((void*)0);
1639 PKIX_List *children = NULL((void*)0); /* PolicyNodes */
1640 PKIX_List *policyQualifiers = NULL((void*)0);
1641
1642 PKIX_ENTERstatic const char cMyFuncName[] = {"pkix_PolicyChecker_CalculateIntersection"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
1643 (CERTCHAINCHECKER,static const char cMyFuncName[] = {"pkix_PolicyChecker_CalculateIntersection"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
1644 "pkix_PolicyChecker_CalculateIntersection")static const char cMyFuncName[] = {"pkix_PolicyChecker_CalculateIntersection"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
1645
1646 /*
1647 * We call this function if the valid_policy_tree is not NULL and
1648 * the user-initial-policy-set is not any-policy.
1649 */
1650 if (!state->validPolicyTree || state->initialIsAnyPolicy) {
1651 PKIX_ERROR(PKIX_PRECONDITIONFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_PRECONDITIONFAILED, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_PRECONDITIONFAILED; goto cleanup; };
1652 }
1653
1654 PKIX_NULLCHECK_FOUR(currentNode, state, nominees, pShouldBePruned)do { if (((currentNode) == ((void*)0)) || ((state) == ((void*
)0)) || ((nominees) == ((void*)0)) || ((pShouldBePruned) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
1655
1656 PKIX_CHECK(PKIX_PolicyNode_GetValidPolicydo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(currentNode, &currentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0)
1657 (currentNode, &currentPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(currentNode, &currentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0)
1658 PKIX_POLICYNODEGETVALIDPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(currentNode, &currentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0);
1659
1660 PKIX_NULLCHECK_TWO(state->anyPolicyOID, currentPolicy)do { if (((state->anyPolicyOID) == ((void*)0)) || ((currentPolicy
) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
1661
1662 PKIX_EQUALSdo { if ((state->anyPolicyOID) != ((void*)0) && (currentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(currentPolicy), (&currentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (currentPolicy) == ((void*)0)) { *
(&currentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
currentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1663 (state->anyPolicyOID,do { if ((state->anyPolicyOID) != ((void*)0) && (currentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(currentPolicy), (&currentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (currentPolicy) == ((void*)0)) { *
(&currentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
currentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1664 currentPolicy,do { if ((state->anyPolicyOID) != ((void*)0) && (currentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(currentPolicy), (&currentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (currentPolicy) == ((void*)0)) { *
(&currentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
currentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1665 &currentPolicyIsAny,do { if ((state->anyPolicyOID) != ((void*)0) && (currentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(currentPolicy), (&currentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (currentPolicy) == ((void*)0)) { *
(&currentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
currentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1666 plContext,do { if ((state->anyPolicyOID) != ((void*)0) && (currentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(currentPolicy), (&currentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (currentPolicy) == ((void*)0)) { *
(&currentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
currentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1667 PKIX_OBJECTEQUALSFAILED)do { if ((state->anyPolicyOID) != ((void*)0) && (currentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(currentPolicy), (&currentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (currentPolicy) == ((void*)0)) { *
(&currentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
currentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0);
1668
1669 PKIX_CHECK(PKIX_PolicyNode_GetParent(currentNode, &parent, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetParent(currentNode
, &parent, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETPARENTFAILED; goto cleanup
; } } while (0)
1670 PKIX_POLICYNODEGETPARENTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetParent(currentNode
, &parent, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETPARENTFAILED; goto cleanup
; } } while (0);
1671
1672 if (currentPolicyIsAny == PKIX_FALSE((PKIX_Boolean) 0)) {
1673
1674 /*
1675 * If we are at the top of the tree, or if our
1676 * parent's validPolicy is anyPolicy, we are in
1677 * the valid policy node set.
1678 */
1679 if (parent) {
1680 PKIX_CHECK(PKIX_PolicyNode_GetValidPolicydo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(parent, &parentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0)
1681 (parent, &parentPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(parent, &parentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0)
1682 PKIX_POLICYNODEGETVALIDPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetValidPolicy
(parent, &parentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETVALIDPOLICYFAILED
; goto cleanup; } } while (0);
1683
1684 PKIX_NULLCHECK_ONE(parentPolicy)do { if ((parentPolicy) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1685
1686 PKIX_EQUALSdo { if ((state->anyPolicyOID) != ((void*)0) && (parentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(parentPolicy), (&parentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (parentPolicy) == ((void*)0)) { *(
&parentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
parentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1687 (state->anyPolicyOID,do { if ((state->anyPolicyOID) != ((void*)0) && (parentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(parentPolicy), (&parentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (parentPolicy) == ((void*)0)) { *(
&parentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
parentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1688 parentPolicy,do { if ((state->anyPolicyOID) != ((void*)0) && (parentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(parentPolicy), (&parentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (parentPolicy) == ((void*)0)) { *(
&parentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
parentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1689 &parentPolicyIsAny,do { if ((state->anyPolicyOID) != ((void*)0) && (parentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(parentPolicy), (&parentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (parentPolicy) == ((void*)0)) { *(
&parentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
parentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1690 plContext,do { if ((state->anyPolicyOID) != ((void*)0) && (parentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(parentPolicy), (&parentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (parentPolicy) == ((void*)0)) { *(
&parentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
parentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0)
1691 PKIX_OBJECTEQUALSFAILED)do { if ((state->anyPolicyOID) != ((void*)0) && (parentPolicy
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(parentPolicy), (&parentPolicyIsAny), (plContext))); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED
); goto cleanup; } } while (0); } else if ((state->anyPolicyOID
) == ((void*)0) && (parentPolicy) == ((void*)0)) { *(
&parentPolicyIsAny) = ((PKIX_Boolean) 1); } else { *(&
parentPolicyIsAny) = ((PKIX_Boolean) 0); } } while (0);
1692 }
1693
1694 /*
1695 * Section 6.1.5(g)(iii)(2)
1696 * If this node's policy is not in the user-initial-policy-set,
1697 * it is not in the intersection. Prune it.
1698 */
1699 if (!parent || parentPolicyIsAny) {
1700 PKIX_CHECK(pkix_List_Containsdo { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
userInitialPolicySet, (PKIX_PL_Object *)currentPolicy, &currentPolicyIsValid
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1701 (state->userInitialPolicySet,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
userInitialPolicySet, (PKIX_PL_Object *)currentPolicy, &currentPolicyIsValid
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1702 (PKIX_PL_Object *)currentPolicy,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
userInitialPolicySet, (PKIX_PL_Object *)currentPolicy, &currentPolicyIsValid
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1703 &currentPolicyIsValid,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
userInitialPolicySet, (PKIX_PL_Object *)currentPolicy, &currentPolicyIsValid
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1704 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
userInitialPolicySet, (PKIX_PL_Object *)currentPolicy, &currentPolicyIsValid
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
1705 PKIX_LISTCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
userInitialPolicySet, (PKIX_PL_Object *)currentPolicy, &currentPolicyIsValid
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0);
1706 if (!currentPolicyIsValid) {
1707 *pShouldBePruned = PKIX_TRUE((PKIX_Boolean) 1);
1708 goto cleanup;
1709 }
1710
1711 /*
1712 * If this node's policy is in the user-initial-policy-
1713 * set, it will propagate that policy into the next
1714 * level of the tree. Remove the policy from the list
1715 * of policies that an anyPolicy will spawn.
1716 */
1717 PKIX_CHECK(pkix_List_Removedo { stdVars.aPkixErrorResult = (pkix_List_Remove (nominees, (
PKIX_PL_Object *)currentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED; goto cleanup
; } } while (0)
1718 (nominees,do { stdVars.aPkixErrorResult = (pkix_List_Remove (nominees, (
PKIX_PL_Object *)currentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED; goto cleanup
; } } while (0)
1719 (PKIX_PL_Object *)currentPolicy,do { stdVars.aPkixErrorResult = (pkix_List_Remove (nominees, (
PKIX_PL_Object *)currentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED; goto cleanup
; } } while (0)
1720 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Remove (nominees, (
PKIX_PL_Object *)currentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED; goto cleanup
; } } while (0)
1721 PKIX_LISTREMOVEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Remove (nominees, (
PKIX_PL_Object *)currentPolicy, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEFAILED; goto cleanup
; } } while (0);
1722 }
1723 }
1724
1725
1726 /* Are we at the bottom of the tree? */
1727
1728 PKIX_CHECK(PKIX_PolicyNode_GetDepthdo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0)
1729 (currentNode, &depth, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0)
1730 PKIX_POLICYNODEGETDEPTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetDepth (currentNode
, &depth, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYNODEGETDEPTHFAILED; goto cleanup
; } } while (0);
1731
1732 if (depth == (state->numCerts)) {
1733 /*
1734 * Section 6.1.5(g)(iii)(3)
1735 * Replace anyPolicy nodes...
1736 */
1737 if (currentPolicyIsAny == PKIX_TRUE((PKIX_Boolean) 1)) {
1738
1739 /* replace this node */
1740
1741 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (nominees
, &numNominees, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1742 (nominees, &numNominees, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (nominees
, &numNominees, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1743 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (nominees
, &numNominees, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1744
1745 if (numNominees) {
1746
1747 PKIX_CHECK(PKIX_PolicyNode_GetPolicyQualifiersdo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetPolicyQualifiers
(currentNode, &policyQualifiers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETPOLICYQUALIFIERSFAILED
; goto cleanup; } } while (0)
1748 (currentNode,do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetPolicyQualifiers
(currentNode, &policyQualifiers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETPOLICYQUALIFIERSFAILED
; goto cleanup; } } while (0)
1749 &policyQualifiers,do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetPolicyQualifiers
(currentNode, &policyQualifiers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETPOLICYQUALIFIERSFAILED
; goto cleanup; } } while (0)
1750 plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetPolicyQualifiers
(currentNode, &policyQualifiers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETPOLICYQUALIFIERSFAILED
; goto cleanup; } } while (0)
1751 PKIX_POLICYNODEGETPOLICYQUALIFIERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_GetPolicyQualifiers
(currentNode, &policyQualifiers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETPOLICYQUALIFIERSFAILED
; goto cleanup; } } while (0);
1752
1753 PKIX_CHECK(PKIX_PolicyNode_IsCriticaldo { stdVars.aPkixErrorResult = (PKIX_PolicyNode_IsCritical (
currentNode, &priorCriticality, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEISCRITICALFAILED
; goto cleanup; } } while (0)
1754 (currentNode, &priorCriticality, plContext),do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_IsCritical (
currentNode, &priorCriticality, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEISCRITICALFAILED
; goto cleanup; } } while (0)
1755 PKIX_POLICYNODEISCRITICALFAILED)do { stdVars.aPkixErrorResult = (PKIX_PolicyNode_IsCritical (
currentNode, &priorCriticality, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_POLICYNODEISCRITICALFAILED
; goto cleanup; } } while (0);
1756 }
1757
1758 PKIX_NULLCHECK_ONE(parent)do { if ((parent) == ((void*)0)){ stdVars.aPkixErrorReceived =
((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1759
1760 for (polIx = 0; polIx < numNominees; polIx++) {
1761
1762 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nominees,
polIx, (PKIX_PL_Object **)&substPolicy, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1763 (nominees,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nominees,
polIx, (PKIX_PL_Object **)&substPolicy, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1764 polIx,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nominees,
polIx, (PKIX_PL_Object **)&substPolicy, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1765 (PKIX_PL_Object **)&substPolicy,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nominees,
polIx, (PKIX_PL_Object **)&substPolicy, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1766 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nominees,
polIx, (PKIX_PL_Object **)&substPolicy, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1767 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nominees,
polIx, (PKIX_PL_Object **)&substPolicy, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1768
1769 PKIX_CHECK(pkix_PolicyChecker_Spawndo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (parent
, substPolicy, policyQualifiers, ((void*)0), state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1770 (parent,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (parent
, substPolicy, policyQualifiers, ((void*)0), state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1771 substPolicy,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (parent
, substPolicy, policyQualifiers, ((void*)0), state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1772 policyQualifiers,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (parent
, substPolicy, policyQualifiers, ((void*)0), state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1773 NULL,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (parent
, substPolicy, policyQualifiers, ((void*)0), state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1774 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (parent
, substPolicy, policyQualifiers, ((void*)0), state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1775 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (parent
, substPolicy, policyQualifiers, ((void*)0), state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0)
1776 PKIX_POLICYCHECKERSPAWNFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (parent
, substPolicy, policyQualifiers, ((void*)0), state, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup; } } while (0);
1777
1778 PKIX_DECREF(substPolicy)do { if (substPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(substPolicy), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } substPolicy = ((void
*)0); } } while (0);
1779
1780 }
1781 /* remove currentNode from parent */
1782 *pShouldBePruned = PKIX_TRUE((PKIX_Boolean) 1);
1783 /*
1784 * We can get away with augmenting the parent's List
1785 * of children because we started at the end and went
1786 * toward the beginning. New nodes are added at the end.
1787 */
1788 }
1789 } else {
1790 /*
1791 * Section 6.1.5(g)(iii)(4)
1792 * Prune any childless nodes above the bottom level
1793 */
1794 PKIX_CHECK(pkix_PolicyNode_GetChildrenMutabledo { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0)
1795 (currentNode, &children, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0)
1796 PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyNode_GetChildrenMutable
(currentNode, &children, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED
; goto cleanup; } } while (0);
1797
1798 /* CurrentNode should have been pruned if childless. */
1799 PKIX_NULLCHECK_ONE(children)do { if ((children) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1800
1801 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1802 (children, &numChildren, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1803 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1804
1805 for (childIndex = numChildren; childIndex > 0; childIndex--) {
1806
1807 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIndex - 1, (PKIX_PL_Object **)&child, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1808 (children,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIndex - 1, (PKIX_PL_Object **)&child, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1809 childIndex - 1,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIndex - 1, (PKIX_PL_Object **)&child, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1810 (PKIX_PL_Object **)&child,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIndex - 1, (PKIX_PL_Object **)&child, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1811 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIndex - 1, (PKIX_PL_Object **)&child, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1812 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (children,
childIndex - 1, (PKIX_PL_Object **)&child, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1813
1814 PKIX_CHECK(pkix_PolicyChecker_CalculateIntersectiondo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(child, state, nominees, &shouldBePruned, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED
; goto cleanup; } } while (0)
1815 (child, state, nominees, &shouldBePruned, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(child, state, nominees, &shouldBePruned, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED
; goto cleanup; } } while (0)
1816 PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(child, state, nominees, &shouldBePruned, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED
; goto cleanup; } } while (0);
1817
1818 if (PKIX_TRUE((PKIX_Boolean) 1) == shouldBePruned) {
1819
1820 PKIX_CHECK(PKIX_List_DeleteItemdo { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (children
, childIndex - 1, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup
; } } while (0)
1821 (children, childIndex - 1, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (children
, childIndex - 1, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup
; } } while (0)
1822 PKIX_LISTDELETEITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (children
, childIndex - 1, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup
; } } while (0);
1823 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
1824 ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
1825 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0);
1826 }
1827
1828 PKIX_DECREF(child)do { if (child){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(child), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } child = ((void*)0)
; } } while (0);
1829 }
1830
1831 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1832 (children, &numChildren, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1833 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (children
, &numChildren, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1834
1835 if (numChildren == 0) {
1836 *pShouldBePruned = PKIX_TRUE((PKIX_Boolean) 1);
1837 }
1838 }
1839cleanup:
1840 PKIX_DECREF(currentPolicy)do { if (currentPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(currentPolicy), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } currentPolicy
= ((void*)0); } } while (0);
1841 PKIX_DECREF(parentPolicy)do { if (parentPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(parentPolicy), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } parentPolicy = ((void
*)0); } } while (0);
1842 PKIX_DECREF(substPolicy)do { if (substPolicy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(substPolicy), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } substPolicy = ((void
*)0); } } while (0);
1843 PKIX_DECREF(parent)do { if (parent){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(parent), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } parent = ((void*)0
); } } while (0);
1844 PKIX_DECREF(child)do { if (child){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(child), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } child = ((void*)0)
; } } while (0);
1845 PKIX_DECREF(children)do { if (children){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(children), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } children = ((void*
)0); } } while (0);
1846 PKIX_DECREF(policyQualifiers)do { if (policyQualifiers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyQualifiers), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policyQualifiers
= ((void*)0); } } while (0);
1847
1848 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
1849
1850}
1851
1852/*
1853 * FUNCTION: pkix_PolicyChecker_PolicyMapProcessing
1854 * DESCRIPTION:
1855 *
1856 * Performs the processing of Policies in the List of CertPolicyMaps pointed
1857 * to by "policyMaps", using and updating the PolicyCheckerState pointed to by
1858 * "state".
1859 *
1860 * This function implements the policyMap processing described in RFC3280
1861 * Section 6.1.4(b)(1), after certificate i has been processed, in preparation
1862 * for certificate i+1. Section references are to that document.
1863 *
1864 * PARAMETERS:
1865 * "policyMaps"
1866 * Address of the List of CertPolicyMaps presented by certificate i.
1867 * Must be non-NULL.
1868 * "certPoliciesIncludeAny"
1869 * Boolean value which is PKIX_TRUE if the current certificate asserts
1870 * anyPolicy, PKIX_FALSE otherwise.
1871 * "qualsOfAny"
1872 * Address of List of qualifiers of the anyPolicy in the current
1873 * certificate. May be empty or NULL.
1874 * "state"
1875 * Address of the current state of the PKIX_PolicyChecker.
1876 * Must be non-NULL.
1877 * "plContext"
1878 * Platform-specific context pointer.
1879 * THREAD SAFETY:
1880 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1881 * RETURNS:
1882 * Returns NULL if the function succeeds
1883 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
1884 * Returns a Fatal Error if the function fails in an unrecoverable way
1885 */
1886static PKIX_Error *
1887pkix_PolicyChecker_PolicyMapProcessing(
1888 PKIX_List *policyMaps, /* CertPolicyMaps */
1889 PKIX_Boolean certPoliciesIncludeAny,
1890 PKIX_List *qualsOfAny,
1891 PKIX_PolicyCheckerState *state,
1892 void *plContext)
1893{
1894 PKIX_UInt32 numPolicies = 0;
1895 PKIX_UInt32 polX = 0;
1896 PKIX_PL_OID *policyOID = NULL((void*)0);
1897 PKIX_List *newMappedPolicies = NULL((void*)0); /* OIDs */
1898 PKIX_List *subjectDomainPolicies = NULL((void*)0); /* OIDs */
1899
1900 PKIX_ENTERstatic const char cMyFuncName[] = {"pkix_PolicyChecker_PolicyMapProcessing"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
1901 (CERTCHAINCHECKER,static const char cMyFuncName[] = {"pkix_PolicyChecker_PolicyMapProcessing"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
1902 "pkix_PolicyChecker_PolicyMapProcessing")static const char cMyFuncName[] = {"pkix_PolicyChecker_PolicyMapProcessing"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
1903 PKIX_NULLCHECK_THREEdo { if (((policyMaps) == ((void*)0)) || ((state) == ((void*)
0)) || ((state->mappedUserInitialPolicySet) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0)
1904 (policyMaps,do { if (((policyMaps) == ((void*)0)) || ((state) == ((void*)
0)) || ((state->mappedUserInitialPolicySet) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0)
1905 state,do { if (((policyMaps) == ((void*)0)) || ((state) == ((void*)
0)) || ((state->mappedUserInitialPolicySet) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0)
1906 state->mappedUserInitialPolicySet)do { if (((policyMaps) == ((void*)0)) || ((state) == ((void*)
0)) || ((state->mappedUserInitialPolicySet) == ((void*)0))
){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
1907
1908 /*
1909 * For each policy in mappedUserInitialPolicySet, if it is not mapped,
1910 * append it to new policySet; if it is mapped, append its
1911 * subjectDomainPolicies to new policySet. When done, this new
1912 * policySet will replace mappedUserInitialPolicySet.
1913 */
1914 PKIX_CHECK(PKIX_List_Createdo { stdVars.aPkixErrorResult = (PKIX_List_Create (&newMappedPolicies
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1915 (&newMappedPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create (&newMappedPolicies
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1916 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create (&newMappedPolicies
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
1917
1918 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedUserInitialPolicySet, &numPolicies, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1919 (state->mappedUserInitialPolicySet,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedUserInitialPolicySet, &numPolicies, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1920 &numPolicies,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedUserInitialPolicySet, &numPolicies, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1921 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedUserInitialPolicySet, &numPolicies, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1922 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedUserInitialPolicySet, &numPolicies, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0);
1923
1924 for (polX = 0; polX < numPolicies; polX++) {
1925
1926 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedUserInitialPolicySet, polX, (PKIX_PL_Object **)&policyOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1927 (state->mappedUserInitialPolicySet,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedUserInitialPolicySet, polX, (PKIX_PL_Object **)&policyOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1928 polX,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedUserInitialPolicySet, polX, (PKIX_PL_Object **)&policyOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1929 (PKIX_PL_Object **)&policyOID,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedUserInitialPolicySet, polX, (PKIX_PL_Object **)&policyOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1930 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedUserInitialPolicySet, polX, (PKIX_PL_Object **)&policyOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1931 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedUserInitialPolicySet, polX, (PKIX_PL_Object **)&policyOID
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0);
1932
1933 PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPoliciesdo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1934 (policyMaps,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1935 policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1936 &subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1937 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1938 PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0);
1939
1940 if (subjectDomainPolicies) {
1941
1942 PKIX_CHECK(pkix_List_AppendUniquedo { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0)
1943 (newMappedPolicies,do { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0)
1944 subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0)
1945 plContext),do { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0)
1946 PKIX_LISTAPPENDUNIQUEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0);
1947
1948 PKIX_DECREF(subjectDomainPolicies)do { if (subjectDomainPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicies), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } subjectDomainPolicies = ((void*)0); } } while (0);
1949
1950 } else {
1951 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (newMappedPolicies
, (PKIX_PL_Object *)policyOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1952 (newMappedPolicies,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (newMappedPolicies
, (PKIX_PL_Object *)policyOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1953 (PKIX_PL_Object *)policyOID,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (newMappedPolicies
, (PKIX_PL_Object *)policyOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1954 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (newMappedPolicies
, (PKIX_PL_Object *)policyOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1955 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (newMappedPolicies
, (PKIX_PL_Object *)policyOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1956 }
1957 PKIX_DECREF(policyOID)do { if (policyOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyOID = ((void
*)0); } } while (0);
1958 }
1959
1960 /*
1961 * For each policy ID-P remaining in mappedPolicyOIDs, it has not been
1962 * propagated to the bottom of the tree (depth i). If policyMapping
1963 * is greater than zero and this cert contains anyPolicy and the tree
1964 * contains an anyPolicy node at depth i-1, then we must create a node
1965 * with validPolicy ID-P, the policy qualifiers of anyPolicy in
1966 * this certificate, and expectedPolicySet the subjectDomainPolicies
1967 * that ID-P maps to. We also then add those subjectDomainPolicies to
1968 * the list of policies that will be accepted in the next certificate,
1969 * the mappedUserInitialPolicySet.
1970 */
1971
1972 if ((state->policyMapping > 0) && (certPoliciesIncludeAny) &&
1973 (state->anyPolicyNodeAtBottom) && (state->mappedPolicyOIDs)) {
1974
1975 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedPolicyOIDs, &numPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1976 (state->mappedPolicyOIDs,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedPolicyOIDs, &numPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1977 &numPolicies,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedPolicyOIDs, &numPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1978 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedPolicyOIDs, &numPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1979 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
mappedPolicyOIDs, &numPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0);
1980
1981 for (polX = 0; polX < numPolicies; polX++) {
1982
1983 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedPolicyOIDs, polX, (PKIX_PL_Object **)&policyOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1984 (state->mappedPolicyOIDs,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedPolicyOIDs, polX, (PKIX_PL_Object **)&policyOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1985 polX,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedPolicyOIDs, polX, (PKIX_PL_Object **)&policyOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1986 (PKIX_PL_Object **)&policyOID,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedPolicyOIDs, polX, (PKIX_PL_Object **)&policyOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1987 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedPolicyOIDs, polX, (PKIX_PL_Object **)&policyOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1988 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
mappedPolicyOIDs, polX, (PKIX_PL_Object **)&policyOID, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0);
1989
1990 PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPoliciesdo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1991 (policyMaps,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1992 policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1993 &subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1994 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0)
1995 PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetSubjectDomainPolicies
(policyMaps, policyOID, &subjectDomainPolicies, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED; goto cleanup
; } } while (0);
1996
1997 PKIX_CHECK(pkix_PolicyChecker_Spawndo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, qualsOfAny, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1998 (state->anyPolicyNodeAtBottom,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, qualsOfAny, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
1999 policyOID,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, qualsOfAny, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
2000 qualsOfAny,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, qualsOfAny, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
2001 subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, qualsOfAny, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
2002 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, qualsOfAny, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
2003 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, qualsOfAny, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0)
2004 PKIX_POLICYCHECKERSPAWNFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Spawn (state
->anyPolicyNodeAtBottom, policyOID, qualsOfAny, subjectDomainPolicies
, state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERSPAWNFAILED; goto cleanup
; } } while (0);
2005
2006 PKIX_CHECK(pkix_List_AppendUniquedo { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0)
2007 (newMappedPolicies,do { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0)
2008 subjectDomainPolicies,do { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0)
2009 plContext),do { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0)
2010 PKIX_LISTAPPENDUNIQUEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_AppendUnique (newMappedPolicies
, subjectDomainPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDUNIQUEFAILED; goto cleanup
; } } while (0);
2011
2012 PKIX_DECREF(subjectDomainPolicies)do { if (subjectDomainPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicies), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } subjectDomainPolicies = ((void*)0); } } while (0);
2013 PKIX_DECREF(policyOID)do { if (policyOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyOID = ((void
*)0); } } while (0);
2014 }
2015 }
2016
2017 PKIX_CHECK(PKIX_List_SetImmutable(newMappedPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(newMappedPolicies
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
2018 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(newMappedPolicies
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
2019
2020 PKIX_DECREF(state->mappedUserInitialPolicySet)do { if (state->mappedUserInitialPolicySet){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->mappedUserInitialPolicySet
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->mappedUserInitialPolicySet = ((void
*)0); } } while (0);
2021 PKIX_INCREF(newMappedPolicies)do { if (newMappedPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(newMappedPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
2022
2023 state->mappedUserInitialPolicySet = newMappedPolicies;
2024
2025cleanup:
2026
2027 PKIX_DECREF(policyOID)do { if (policyOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyOID = ((void
*)0); } } while (0);
2028 PKIX_DECREF(newMappedPolicies)do { if (newMappedPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(newMappedPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } newMappedPolicies
= ((void*)0); } } while (0);
2029 PKIX_DECREF(subjectDomainPolicies)do { if (subjectDomainPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subjectDomainPolicies), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } subjectDomainPolicies = ((void*)0); } } while (0);
2030
2031 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
2032}
2033
2034/*
2035 * FUNCTION: pkix_PolicyChecker_WrapUpProcessing
2036 * DESCRIPTION:
2037 *
2038 * Performs the wrap-up processing for the Cert pointed to by "cert",
2039 * using and updating the PolicyCheckerState pointed to by "state".
2040 *
2041 * This function implements the wrap-up processing described in RFC3280
2042 * Section 6.1.5, after the final certificate has been processed. Section
2043 * references in the comments are to that document.
2044 *
2045 * PARAMETERS:
2046 * "cert"
2047 * Address of the current (presumably the end entity) certificate.
2048 * Must be non-NULL.
2049 * "state"
2050 * Address of the current state of the PKIX_PolicyChecker.
2051 * Must be non-NULL.
2052 * "plContext"
2053 * Platform-specific context pointer.
2054 * THREAD SAFETY:
2055 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2056 * RETURNS:
2057 * Returns NULL if the function succeeds
2058 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
2059 * Returns a Fatal Error if the function fails in an unrecoverable way
2060 */
2061static PKIX_Error *
2062pkix_PolicyChecker_WrapUpProcessing(
2063 PKIX_PL_Cert *cert,
2064 PKIX_PolicyCheckerState *state,
2065 void *plContext)
2066{
2067 PKIX_Int32 explicitPolicySkipCerts = 0;
2068 PKIX_Boolean isSelfIssued = PKIX_FALSE((PKIX_Boolean) 0);
2069 PKIX_Boolean shouldBePruned = PKIX_FALSE((PKIX_Boolean) 0);
2070 PKIX_List *nominees = NULL((void*)0); /* OIDs */
2071#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
2072 PKIX_PL_String *stateString = NULL((void*)0);
2073 char *stateAscii = NULL((void*)0);
2074 PKIX_UInt32 length;
2075#endif
2076
2077 PKIX_ENTERstatic const char cMyFuncName[] = {"pkix_PolicyChecker_WrapUpProcessing"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
2078 (CERTCHAINCHECKER,static const char cMyFuncName[] = {"pkix_PolicyChecker_WrapUpProcessing"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
2079 "pkix_PolicyChecker_WrapUpProcessing")static const char cMyFuncName[] = {"pkix_PolicyChecker_WrapUpProcessing"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
2080 PKIX_NULLCHECK_THREE(cert, state, state->userInitialPolicySet)do { if (((cert) == ((void*)0)) || ((state) == ((void*)0)) ||
((state->userInitialPolicySet) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2081
2082#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
2083 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2084 ((PKIX_PL_Object*)state, &stateString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2085 PKIX_OBJECTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0);
2086
2087 PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2088 (stateString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2089 PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2090 (void **)&stateAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2091 &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2092 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2093 PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
2094
2095 PKIX_DEBUG_ARG("%s\n", stateAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("%s\n", stateAscii); } while (0);
2096
2097 PKIX_FREE(stateAscii)do { if (stateAscii) { stdVars.aPkixTempResult = PKIX_PL_Free
((stateAscii), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stateAscii = ((void*)0); } } while (0);
2098 PKIX_DECREF(stateString)do { if (stateString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(stateString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stateString = ((void
*)0); } } while (0);
2099#endif
2100
2101 /* Section 6.1.5(a) ... */
2102 PKIX_CHECK(pkix_IsCertSelfIssueddo { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&isSelfIssued, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0)
2103 (cert, &isSelfIssued, plContext),do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&isSelfIssued, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0)
2104 PKIX_ISCERTSELFISSUEDFAILED)do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&isSelfIssued, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0);
2105
2106 if (!isSelfIssued) {
2107 if (state->explicitPolicy > 0) {
2108
2109 state->explicitPolicy--;
2110
2111 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2112 ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2113 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0);
2114 }
2115 }
2116
2117 /* Section 6.1.5(b) ... */
2118 PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &explicitPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0)
2119 (cert, &explicitPolicySkipCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &explicitPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0)
2120 PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &explicitPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0);
2121
2122 if (explicitPolicySkipCerts == 0) {
2123 state->explicitPolicy = 0;
2124 }
2125
2126 /* Section 6.1.5(g)(i) ... */
2127
2128 if (!(state->validPolicyTree)) {
2129 goto cleanup;
2130 }
2131
2132 /* Section 6.1.5(g)(ii) ... */
2133
2134 if (state->initialIsAnyPolicy) {
2135 goto cleanup;
2136 }
2137
2138 /*
2139 * Section 6.1.5(g)(iii) ...
2140 * Create a list of policies which could be substituted for anyPolicy.
2141 * Start with a (mutable) copy of user-initial-policy-set.
2142 */
2143 PKIX_CHECK(pkix_PolicyChecker_MakeMutableCopydo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeMutableCopy
(state->userInitialPolicySet, &nominees, plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKEMUTABLECOPYFAILED
; goto cleanup; } } while (0)
2144 (state->userInitialPolicySet, &nominees, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeMutableCopy
(state->userInitialPolicySet, &nominees, plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKEMUTABLECOPYFAILED
; goto cleanup; } } while (0)
2145 PKIX_POLICYCHECKERMAKEMUTABLECOPYFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeMutableCopy
(state->userInitialPolicySet, &nominees, plContext));
if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKEMUTABLECOPYFAILED
; goto cleanup; } } while (0);
2146
2147 PKIX_CHECK(pkix_PolicyChecker_CalculateIntersectiondo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(state->validPolicyTree, state, nominees, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED; goto cleanup
; } } while (0)
2148 (state->validPolicyTree, /* node at top of tree */do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(state->validPolicyTree, state, nominees, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED; goto cleanup
; } } while (0)
2149 state,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(state->validPolicyTree, state, nominees, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED; goto cleanup
; } } while (0)
2150 nominees,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(state->validPolicyTree, state, nominees, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED; goto cleanup
; } } while (0)
2151 &shouldBePruned,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(state->validPolicyTree, state, nominees, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED; goto cleanup
; } } while (0)
2152 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(state->validPolicyTree, state, nominees, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED; goto cleanup
; } } while (0)
2153 PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_CalculateIntersection
(state->validPolicyTree, state, nominees, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED; goto cleanup
; } } while (0);
2154
2155 if (PKIX_TRUE((PKIX_Boolean) 1) == shouldBePruned) {
2156 PKIX_DECREF(state->validPolicyTree)do { if (state->validPolicyTree){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->validPolicyTree
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->validPolicyTree = ((void*)0); } } while
(0);
2157 }
2158
2159 if (state->validPolicyTree) {
2160 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state->validPolicyTree, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED
; goto cleanup; } } while (0)
2161 ((PKIX_PL_Object *)state->validPolicyTree, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state->validPolicyTree, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED
; goto cleanup; } } while (0)
2162 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state->validPolicyTree, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED
; goto cleanup; } } while (0);
2163 }
2164
2165 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2166 ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2167 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0);
2168
2169#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
2170 if (state->validPolicyTree) {
2171 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2172 ((PKIX_PL_Object*)state, &stateString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2173 PKIX_OBJECTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0);
2174
2175 PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2176 (stateString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2177 PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2178 (void **)&stateAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2179 &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2180 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2181 PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
2182
2183 PKIX_DEBUG_ARGdo { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("After CalculateIntersection:\n%s\n", stateAscii); } while (
0)
2184 ("After CalculateIntersection:\n%s\n", stateAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("After CalculateIntersection:\n%s\n", stateAscii); } while (
0);
2185
2186 PKIX_FREE(stateAscii)do { if (stateAscii) { stdVars.aPkixTempResult = PKIX_PL_Free
((stateAscii), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stateAscii = ((void*)0); } } while (0);
2187 PKIX_DECREF(stateString)do { if (stateString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(stateString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stateString = ((void
*)0); } } while (0);
2188 } else {
2189 PKIX_DEBUG("validPolicyTree is NULL\n")do { do { if (pkixLoggersErrors) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, "validPolicyTree is NULL\n", stdVars.aPkixType
, 4, plContext); } } while (0); (void) fprintf(stderr, "(%s: "
, stdVars.aMyFuncName); (void) fprintf(stderr, "validPolicyTree is NULL\n"
); } while (0);
2190 }
2191#endif
2192
2193 /* Section 6.1.5(g)(iii)(4) ... */
2194
2195 if (state->validPolicyTree) {
2196
2197 PKIX_CHECK(pkix_PolicyNode_Prunedo { stdVars.aPkixErrorResult = (pkix_PolicyNode_Prune (state
->validPolicyTree, state->numCerts, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYNODEPRUNEFAILED; goto cleanup; } } while (0)
2198 (state->validPolicyTree,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Prune (state
->validPolicyTree, state->numCerts, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYNODEPRUNEFAILED; goto cleanup; } } while (0)
2199 state->numCerts,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Prune (state
->validPolicyTree, state->numCerts, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYNODEPRUNEFAILED; goto cleanup; } } while (0)
2200 &shouldBePruned,do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Prune (state
->validPolicyTree, state->numCerts, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYNODEPRUNEFAILED; goto cleanup; } } while (0)
2201 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Prune (state
->validPolicyTree, state->numCerts, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYNODEPRUNEFAILED; goto cleanup; } } while (0)
2202 PKIX_POLICYNODEPRUNEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyNode_Prune (state
->validPolicyTree, state->numCerts, &shouldBePruned
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_POLICYNODEPRUNEFAILED; goto cleanup; } } while (0);
2203
2204 if (shouldBePruned) {
2205 PKIX_DECREF(state->validPolicyTree)do { if (state->validPolicyTree){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->validPolicyTree
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->validPolicyTree = ((void*)0); } } while
(0);
2206 }
2207 }
2208
2209 if (state->validPolicyTree) {
2210 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state->validPolicyTree, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED
; goto cleanup; } } while (0)
2211 ((PKIX_PL_Object *)state->validPolicyTree, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state->validPolicyTree, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED
; goto cleanup; } } while (0)
2212 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state->validPolicyTree, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED
; goto cleanup; } } while (0);
2213 }
2214
2215 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2216 ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2217 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0);
2218
2219#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
2220 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2221 ((PKIX_PL_Object*)state, &stateString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2222 PKIX_OBJECTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0);
2223 PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2224 (stateString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2225 PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2226 (void **)&stateAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2227 &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2228 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2229 PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
2230 PKIX_DEBUG_ARG("%s\n", stateAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("%s\n", stateAscii); } while (0);
2231
2232 PKIX_FREE(stateAscii)do { if (stateAscii) { stdVars.aPkixTempResult = PKIX_PL_Free
((stateAscii), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stateAscii = ((void*)0); } } while (0);
2233 PKIX_DECREF(stateString)do { if (stateString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(stateString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stateString = ((void
*)0); } } while (0);
2234#endif
2235
2236cleanup:
2237
2238 PKIX_DECREF(nominees)do { if (nominees){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nominees), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } nominees = ((void*
)0); } } while (0);
2239
2240 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
2241}
2242
2243
2244/*
2245 * FUNCTION: pkix_PolicyChecker_Check
2246 * (see comments in pkix_checker.h for PKIX_CertChainChecker_CheckCallback)
2247 *
2248 * Labels referring to sections, such as "Section 6.1.3(d)", refer to
2249 * sections of RFC3280, Section 6.1.3 Basic Certificate Processing.
2250 *
2251 * If a non-fatal error occurs, it is unlikely that policy processing can
2252 * continue. But it is still possible that chain validation could succeed if
2253 * policy processing is non-critical. So if this function receives a non-fatal
2254 * error from a lower level routine, it aborts policy processing by setting
2255 * the validPolicyTree to NULL and tries to continue.
2256 *
2257 */
2258static PKIX_Error *
2259pkix_PolicyChecker_Check(
2260 PKIX_CertChainChecker *checker,
2261 PKIX_PL_Cert *cert,
2262 PKIX_List *unresolvedCriticals, /* OIDs */
2263 void **pNBIOContext,
2264 void *plContext)
2265{
2266 PKIX_UInt32 numPolicies = 0;
2267 PKIX_UInt32 polX = 0;
2268 PKIX_Boolean result = PKIX_FALSE((PKIX_Boolean) 0);
2269 PKIX_Int32 inhibitMappingSkipCerts = 0;
2270 PKIX_Int32 explicitPolicySkipCerts = 0;
2271 PKIX_Int32 inhibitAnyPolicySkipCerts = 0;
2272 PKIX_Boolean shouldBePruned = PKIX_FALSE((PKIX_Boolean) 0);
2273 PKIX_Boolean isSelfIssued = PKIX_FALSE((PKIX_Boolean) 0);
2274 PKIX_Boolean certPoliciesIncludeAny = PKIX_FALSE((PKIX_Boolean) 0);
2275 PKIX_Boolean doAnyPolicyProcessing = PKIX_FALSE((PKIX_Boolean) 0);
2276
2277 PKIX_PolicyCheckerState *state = NULL((void*)0);
2278 PKIX_List *certPolicyInfos = NULL((void*)0); /* CertPolicyInfos */
2279 PKIX_PL_CertPolicyInfo *policy = NULL((void*)0);
2280 PKIX_PL_OID *policyOID = NULL((void*)0);
2281 PKIX_List *qualsOfAny = NULL((void*)0); /* CertPolicyQualifiers */
2282 PKIX_List *policyQualifiers = NULL((void*)0); /* CertPolicyQualifiers */
2283 PKIX_List *policyMaps = NULL((void*)0); /* CertPolicyMaps */
2284 PKIX_List *mappedPolicies = NULL((void*)0); /* OIDs */
2285 PKIX_Error *subroutineErr = NULL((void*)0);
2286#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
2287 PKIX_PL_String *stateString = NULL((void*)0);
2288 char *stateAscii = NULL((void*)0);
2289 PKIX_PL_String *certString = NULL((void*)0);
2290 char *certAscii = NULL((void*)0);
2291 PKIX_UInt32 length;
2292#endif
2293
2294 PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Check")static const char cMyFuncName[] = {"pkix_PolicyChecker_Check"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
2295 PKIX_NULLCHECK_FOUR(checker, cert, unresolvedCriticals, pNBIOContext)do { if (((checker) == ((void*)0)) || ((cert) == ((void*)0)) ||
((unresolvedCriticals) == ((void*)0)) || ((pNBIOContext) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
2296
2297 *pNBIOContext = NULL((void*)0); /* we never block on pending I/O */
2298
2299 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerStatedo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0)
2300 (checker, (PKIX_PL_Object **)&state, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0)
2301 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&state, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0);
2302
2303 PKIX_NULLCHECK_TWO(state, state->certPoliciesExtension)do { if (((state) == ((void*)0)) || ((state->certPoliciesExtension
) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
2304
2305#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
2306 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2307 ((PKIX_PL_Object*)state, &stateString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2308 PKIX_OBJECTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0);
2309 PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2310 (stateString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2311 PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2312 (void **)&stateAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2313 &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2314 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2315 PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
2316 PKIX_DEBUG_ARG("On entry %s\n", stateAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("On entry %s\n", stateAscii); } while (0);
2317 PKIX_FREE(stateAscii)do { if (stateAscii) { stdVars.aPkixTempResult = PKIX_PL_Free
((stateAscii), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stateAscii = ((void*)0); } } while (0);
2318 PKIX_DECREF(stateString)do { if (stateString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(stateString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stateString = ((void
*)0); } } while (0);
2319#endif
2320
2321 /*
2322 * Section 6.1.4(a)
2323 * If this is not the last certificate, and if
2324 * policyMapping extension is present, check that no
2325 * issuerDomainPolicy or subjectDomainPolicy is equal to the
2326 * special policy anyPolicy.
2327 */
2328 if (state->certsProcessed != (state->numCerts - 1)) {
2329 PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings
(cert, &policyMaps, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto
cleanup; } } while (0)
2330 (cert, &policyMaps, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings
(cert, &policyMaps, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto
cleanup; } } while (0)
2331 PKIX_CERTGETPOLICYMAPPINGSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappings
(cert, &policyMaps, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGSFAILED; goto
cleanup; } } while (0);
2332 }
2333
2334 if (policyMaps) {
2335
2336 PKIX_CHECK(pkix_PolicyChecker_MapContainsdo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapContains
(policyMaps, state->anyPolicyOID, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPCONTAINSFAILED
; goto cleanup; } } while (0)
2337 (policyMaps, state->anyPolicyOID, &result, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapContains
(policyMaps, state->anyPolicyOID, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPCONTAINSFAILED
; goto cleanup; } } while (0)
2338 PKIX_POLICYCHECKERMAPCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapContains
(policyMaps, state->anyPolicyOID, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPCONTAINSFAILED
; goto cleanup; } } while (0);
2339
2340 if (result) {
2341 PKIX_ERROR(PKIX_INVALIDPOLICYMAPPINGINCLUDESANYPOLICY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_INVALIDPOLICYMAPPINGINCLUDESANYPOLICY, ((void*)0), stdVars
.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_INVALIDPOLICYMAPPINGINCLUDESANYPOLICY
; goto cleanup; };
2342 }
2343
2344 PKIX_CHECK(pkix_PolicyChecker_MapGetMappedPoliciesdo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetMappedPolicies
(policyMaps, &mappedPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED
; goto cleanup; } } while (0)
2345 (policyMaps, &mappedPolicies, plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetMappedPolicies
(policyMaps, &mappedPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED
; goto cleanup; } } while (0)
2346 PKIX_POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MapGetMappedPolicies
(policyMaps, &mappedPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED
; goto cleanup; } } while (0);
2347
2348 PKIX_DECREF(state->mappedPolicyOIDs)do { if (state->mappedPolicyOIDs){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->mappedPolicyOIDs
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->mappedPolicyOIDs = ((void*)0); } }
while (0);
2349 PKIX_INCREF(mappedPolicies)do { if (mappedPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(mappedPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
2350 state->mappedPolicyOIDs = mappedPolicies;
2351 }
2352
2353 /* Section 6.1.3(d) */
2354 if (state->validPolicyTree) {
2355
2356 PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformationdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation
(cert, &certPolicyInfos, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED
; goto cleanup; } } while (0)
2357 (cert, &certPolicyInfos, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation
(cert, &certPolicyInfos, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED
; goto cleanup; } } while (0)
2358 PKIX_CERTGETPOLICYINFORMATIONFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyInformation
(cert, &certPolicyInfos, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYINFORMATIONFAILED
; goto cleanup; } } while (0);
2359
2360 if (certPolicyInfos) {
2361 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certPolicyInfos
, &numPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2362 (certPolicyInfos, &numPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certPolicyInfos
, &numPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2363 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certPolicyInfos
, &numPolicies, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
2364 }
2365
2366 if (numPolicies > 0) {
2367
2368 PKIX_CHECK(PKIX_PL_Cert_AreCertPoliciesCriticaldo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_AreCertPoliciesCritical
(cert, &(state->certPoliciesCritical), plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTARECERTPOLICIESCRITICALFAILED
; goto cleanup; } } while (0)
2369 (cert, &(state->certPoliciesCritical), plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_AreCertPoliciesCritical
(cert, &(state->certPoliciesCritical), plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTARECERTPOLICIESCRITICALFAILED
; goto cleanup; } } while (0)
2370 PKIX_CERTARECERTPOLICIESCRITICALFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_AreCertPoliciesCritical
(cert, &(state->certPoliciesCritical), plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTARECERTPOLICIESCRITICALFAILED
; goto cleanup; } } while (0);
2371
2372 /* Section 6.1.3(d)(1) For each policy not equal to anyPolicy */
2373 for (polX = 0; polX < numPolicies; polX++) {
2374
2375 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyInfos
, polX, (PKIX_PL_Object **)&policy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
2376 (certPolicyInfos,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyInfos
, polX, (PKIX_PL_Object **)&policy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
2377 polX,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyInfos
, polX, (PKIX_PL_Object **)&policy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
2378 (PKIX_PL_Object **)&policy,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyInfos
, polX, (PKIX_PL_Object **)&policy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
2379 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyInfos
, polX, (PKIX_PL_Object **)&policy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
2380 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (certPolicyInfos
, polX, (PKIX_PL_Object **)&policy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
2381
2382 PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolicyIddo { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyInfo_GetPolicyId
(policy, &policyOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOGETPOLICYIDFAILED
; goto cleanup; } } while (0)
2383 (policy, &policyOID, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyInfo_GetPolicyId
(policy, &policyOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOGETPOLICYIDFAILED
; goto cleanup; } } while (0)
2384 PKIX_CERTPOLICYINFOGETPOLICYIDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyInfo_GetPolicyId
(policy, &policyOID, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOGETPOLICYIDFAILED
; goto cleanup; } } while (0);
2385
2386 PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolQualifiersdo { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyInfo_GetPolQualifiers
(policy, &policyQualifiers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOGETPOLQUALIFIERSFAILED
; goto cleanup; } } while (0)
2387 (policy, &policyQualifiers, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyInfo_GetPolQualifiers
(policy, &policyQualifiers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOGETPOLQUALIFIERSFAILED
; goto cleanup; } } while (0)
2388 PKIX_CERTPOLICYINFOGETPOLQUALIFIERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_CertPolicyInfo_GetPolQualifiers
(policy, &policyQualifiers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTPOLICYINFOGETPOLQUALIFIERSFAILED
; goto cleanup; } } while (0);
2389
2390 PKIX_EQUALSdo { if ((state->anyPolicyOID) != ((void*)0) && (policyOID
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(policyOID), (&result), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OIDEQUALFAILED); goto cleanup
; } } while (0); } else if ((state->anyPolicyOID) == ((void
*)0) && (policyOID) == ((void*)0)) { *(&result) =
((PKIX_Boolean) 1); } else { *(&result) = ((PKIX_Boolean
) 0); } } while (0)
2391 (state->anyPolicyOID,do { if ((state->anyPolicyOID) != ((void*)0) && (policyOID
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(policyOID), (&result), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OIDEQUALFAILED); goto cleanup
; } } while (0); } else if ((state->anyPolicyOID) == ((void
*)0) && (policyOID) == ((void*)0)) { *(&result) =
((PKIX_Boolean) 1); } else { *(&result) = ((PKIX_Boolean
) 0); } } while (0)
2392 policyOID,do { if ((state->anyPolicyOID) != ((void*)0) && (policyOID
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(policyOID), (&result), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OIDEQUALFAILED); goto cleanup
; } } while (0); } else if ((state->anyPolicyOID) == ((void
*)0) && (policyOID) == ((void*)0)) { *(&result) =
((PKIX_Boolean) 1); } else { *(&result) = ((PKIX_Boolean
) 0); } } while (0)
2393 &result,do { if ((state->anyPolicyOID) != ((void*)0) && (policyOID
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(policyOID), (&result), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OIDEQUALFAILED); goto cleanup
; } } while (0); } else if ((state->anyPolicyOID) == ((void
*)0) && (policyOID) == ((void*)0)) { *(&result) =
((PKIX_Boolean) 1); } else { *(&result) = ((PKIX_Boolean
) 0); } } while (0)
2394 plContext,do { if ((state->anyPolicyOID) != ((void*)0) && (policyOID
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(policyOID), (&result), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OIDEQUALFAILED); goto cleanup
; } } while (0); } else if ((state->anyPolicyOID) == ((void
*)0) && (policyOID) == ((void*)0)) { *(&result) =
((PKIX_Boolean) 1); } else { *(&result) = ((PKIX_Boolean
) 0); } } while (0)
2395 PKIX_OIDEQUALFAILED)do { if ((state->anyPolicyOID) != ((void*)0) && (policyOID
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(state->anyPolicyOID), (PKIX_PL_Object
*)(policyOID), (&result), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OIDEQUALFAILED); goto cleanup
; } } while (0); } else if ((state->anyPolicyOID) == ((void
*)0) && (policyOID) == ((void*)0)) { *(&result) =
((PKIX_Boolean) 1); } else { *(&result) = ((PKIX_Boolean
) 0); } } while (0);
2396
2397 if (result == PKIX_FALSE((PKIX_Boolean) 0)) {
2398
2399 /* Section 6.1.3(d)(1)(i) */
2400 subroutineErr = pkix_PolicyChecker_CheckPolicy
2401 (policyOID,
2402 policyQualifiers,
2403 cert,
2404 policyMaps,
2405 state,
2406 plContext);
2407 if (subroutineErr) {
2408 goto subrErrorCleanup;
2409 }
2410
2411 } else {
2412 /*
2413 * No descent (yet) for anyPolicy, but we will need
2414 * the policyQualifiers for anyPolicy in 6.1.3(d)(2)
2415 */
2416 PKIX_DECREF(qualsOfAny)do { if (qualsOfAny){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(qualsOfAny), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } qualsOfAny = ((void
*)0); } } while (0);
2417 PKIX_INCREF(policyQualifiers)do { if (policyQualifiers){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(policyQualifiers), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
2418 qualsOfAny = policyQualifiers;
2419 certPoliciesIncludeAny = PKIX_TRUE((PKIX_Boolean) 1);
2420 }
2421 PKIX_DECREF(policy)do { if (policy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policy), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policy = ((void*)0
); } } while (0);
2422 PKIX_DECREF(policyOID)do { if (policyOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyOID = ((void
*)0); } } while (0);
2423 PKIX_DECREF(policyQualifiers)do { if (policyQualifiers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyQualifiers), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policyQualifiers
= ((void*)0); } } while (0);
2424 }
2425
2426 /* Section 6.1.3(d)(2) */
2427 if (certPoliciesIncludeAny == PKIX_TRUE((PKIX_Boolean) 1)) {
2428 if (state->inhibitAnyPolicy > 0) {
2429 doAnyPolicyProcessing = PKIX_TRUE((PKIX_Boolean) 1);
2430 } else {
2431 /* We haven't yet counted the current cert */
2432 if (((state->certsProcessed) + 1) <
2433 (state->numCerts)) {
2434
2435 PKIX_CHECK(pkix_IsCertSelfIssueddo { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&doAnyPolicyProcessing, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0)
2436 (cert,do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&doAnyPolicyProcessing, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0)
2437 &doAnyPolicyProcessing,do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&doAnyPolicyProcessing, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0)
2438 plContext),do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&doAnyPolicyProcessing, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0)
2439 PKIX_ISCERTSELFISSUEDFAILED)do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&doAnyPolicyProcessing, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0);
2440 }
2441 }
2442 if (doAnyPolicyProcessing) {
2443 subroutineErr = pkix_PolicyChecker_CheckAny
2444 (state->validPolicyTree,
2445 qualsOfAny,
2446 policyMaps,
2447 state,
2448 plContext);
2449 if (subroutineErr) {
2450 goto subrErrorCleanup;
2451 }
2452 }
2453 }
2454
2455 /* Section 6.1.3(d)(3) */
2456 if (state->validPolicyTree) {
2457 subroutineErr = pkix_PolicyNode_Prune
2458 (state->validPolicyTree,
2459 state->certsProcessed + 1,
2460 &shouldBePruned,
2461 plContext);
2462 if (subroutineErr) {
2463 goto subrErrorCleanup;
2464 }
2465 if (shouldBePruned) {
2466 PKIX_DECREF(state->validPolicyTree)do { if (state->validPolicyTree){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->validPolicyTree
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->validPolicyTree = ((void*)0); } } while
(0);
2467 PKIX_DECREF(state->anyPolicyNodeAtBottom)do { if (state->anyPolicyNodeAtBottom){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->anyPolicyNodeAtBottom
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->anyPolicyNodeAtBottom = ((void*)0)
; } } while (0);
2468 }
2469 }
2470
2471 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2472 ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2473 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0);
2474
2475 } else {
2476 /* Section 6.1.3(e) */
2477 PKIX_DECREF(state->validPolicyTree)do { if (state->validPolicyTree){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->validPolicyTree
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->validPolicyTree = ((void*)0); } } while
(0);
2478 PKIX_DECREF(state->anyPolicyNodeAtBottom)do { if (state->anyPolicyNodeAtBottom){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->anyPolicyNodeAtBottom
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->anyPolicyNodeAtBottom = ((void*)0)
; } } while (0);
2479 PKIX_DECREF(state->newAnyPolicyNode)do { if (state->newAnyPolicyNode){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->newAnyPolicyNode
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->newAnyPolicyNode = ((void*)0); } }
while (0);
2480
2481 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2482 ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2483 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0);
2484 }
2485 }
2486
2487 /* Section 6.1.3(f) */
2488 if ((0 == state->explicitPolicy) && (!state->validPolicyTree)) {
2489 PKIX_ERROR(PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION, ((void*)0),
stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION
; goto cleanup; };
2490 }
2491
2492 /*
2493 * Remove Policy OIDs from list of unresolved critical
2494 * extensions, if present.
2495 */
2496 PKIX_CHECK(pkix_List_Removedo { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->certPoliciesExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2497 (unresolvedCriticals,do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->certPoliciesExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2498 (PKIX_PL_Object *)state->certPoliciesExtension,do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->certPoliciesExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2499 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->certPoliciesExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2500 PKIX_LISTREMOVEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->certPoliciesExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0);
2501
2502 PKIX_CHECK(pkix_List_Removedo { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyMappingsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2503 (unresolvedCriticals,do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyMappingsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2504 (PKIX_PL_Object *)state->policyMappingsExtension,do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyMappingsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2505 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyMappingsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2506 PKIX_LISTREMOVEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyMappingsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0);
2507
2508 PKIX_CHECK(pkix_List_Removedo { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyConstraintsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2509 (unresolvedCriticals,do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyConstraintsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2510 (PKIX_PL_Object *)state->policyConstraintsExtension,do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyConstraintsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2511 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyConstraintsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2512 PKIX_LISTREMOVEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->policyConstraintsExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0);
2513
2514 PKIX_CHECK(pkix_List_Removedo { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->inhibitAnyPolicyExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2515 (unresolvedCriticals,do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->inhibitAnyPolicyExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2516 (PKIX_PL_Object *)state->inhibitAnyPolicyExtension,do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->inhibitAnyPolicyExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2517 plContext),do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->inhibitAnyPolicyExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0)
2518 PKIX_LISTREMOVEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Remove (unresolvedCriticals
, (PKIX_PL_Object *)state->inhibitAnyPolicyExtension, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTREMOVEFAILED; goto cleanup; } } while (0);
2519
2520 state->certsProcessed++;
2521
2522 /* If this was not the last certificate, do next-cert preparation */
2523 if (state->certsProcessed != state->numCerts) {
2524
2525 if (policyMaps) {
2526 subroutineErr = pkix_PolicyChecker_PolicyMapProcessing
2527 (policyMaps,
2528 certPoliciesIncludeAny,
2529 qualsOfAny,
2530 state,
2531 plContext);
2532 if (subroutineErr) {
2533 goto subrErrorCleanup;
2534 }
2535 }
2536
2537 /* update anyPolicyNodeAtBottom pointer */
2538 PKIX_DECREF(state->anyPolicyNodeAtBottom)do { if (state->anyPolicyNodeAtBottom){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->anyPolicyNodeAtBottom
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->anyPolicyNodeAtBottom = ((void*)0)
; } } while (0);
2539 state->anyPolicyNodeAtBottom = state->newAnyPolicyNode;
2540 state->newAnyPolicyNode = NULL((void*)0);
2541
2542 /* Section 6.1.4(h) */
2543 PKIX_CHECK(pkix_IsCertSelfIssueddo { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&isSelfIssued, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0)
2544 (cert, &isSelfIssued, plContext),do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&isSelfIssued, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0)
2545 PKIX_ISCERTSELFISSUEDFAILED)do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (cert,
&isSelfIssued, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED; goto cleanup
; } } while (0);
2546
2547 if (!isSelfIssued) {
2548 if (state->explicitPolicy > 0) {
2549 state->explicitPolicy--;
2550 }
2551 if (state->policyMapping > 0) {
2552 state->policyMapping--;
2553 }
2554 if (state->inhibitAnyPolicy > 0) {
2555 state->inhibitAnyPolicy--;
2556 }
2557 }
2558
2559 /* Section 6.1.4(i) */
2560 PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &explicitPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0)
2561 (cert, &explicitPolicySkipCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &explicitPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0)
2562 PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetRequireExplicitPolicy
(cert, &explicitPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED
; goto cleanup; } } while (0);
2563
2564 if (explicitPolicySkipCerts != -1) {
2565 if (((PKIX_UInt32)explicitPolicySkipCerts) <
2566 (state->explicitPolicy)) {
2567 state->explicitPolicy =
2568 ((PKIX_UInt32) explicitPolicySkipCerts);
2569 }
2570 }
2571
2572 PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingInhibiteddo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited
(cert, &inhibitMappingSkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0)
2573 (cert, &inhibitMappingSkipCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited
(cert, &inhibitMappingSkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0)
2574 PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetPolicyMappingInhibited
(cert, &inhibitMappingSkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0);
2575
2576 if (inhibitMappingSkipCerts != -1) {
2577 if (((PKIX_UInt32)inhibitMappingSkipCerts) <
2578 (state->policyMapping)) {
2579 state->policyMapping =
2580 ((PKIX_UInt32)inhibitMappingSkipCerts);
2581 }
2582 }
2583
2584 PKIX_CHECK(PKIX_PL_Cert_GetInhibitAnyPolicydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy
(cert, &inhibitAnyPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0)
2585 (cert, &inhibitAnyPolicySkipCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy
(cert, &inhibitAnyPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0)
2586 PKIX_CERTGETINHIBITANYPOLICYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetInhibitAnyPolicy
(cert, &inhibitAnyPolicySkipCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETINHIBITANYPOLICYFAILED
; goto cleanup; } } while (0);
2587
2588 if (inhibitAnyPolicySkipCerts != -1) {
2589 if (((PKIX_UInt32)inhibitAnyPolicySkipCerts) <
2590 (state->inhibitAnyPolicy)) {
2591 state->inhibitAnyPolicy =
2592 ((PKIX_UInt32)inhibitAnyPolicySkipCerts);
2593 }
2594 }
2595
2596 PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2597 ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0)
2598 PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
cleanup; } } while (0);
2599
2600 } else { /* If this was the last certificate, do wrap-up processing */
2601
2602 /* Section 6.1.5 */
2603 subroutineErr = pkix_PolicyChecker_WrapUpProcessing
2604 (cert, state, plContext);
2605 if (subroutineErr) {
2606 goto subrErrorCleanup;
2607 }
2608
2609 if ((0 == state->explicitPolicy) && (!state->validPolicyTree)) {
2610 PKIX_ERROR(PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION, ((void*)0),
stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION
; goto cleanup; };
2611 }
2612
2613 PKIX_DECREF(state->anyPolicyNodeAtBottom)do { if (state->anyPolicyNodeAtBottom){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->anyPolicyNodeAtBottom
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->anyPolicyNodeAtBottom = ((void*)0)
; } } while (0);
2614 PKIX_DECREF(state->newAnyPolicyNode)do { if (state->newAnyPolicyNode){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->newAnyPolicyNode
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->newAnyPolicyNode = ((void*)0); } }
while (0);
2615 }
2616
2617
2618 if (subroutineErr) {
2619
2620subrErrorCleanup:
2621 /* We had an error. Was it a fatal error? */
2622 pkixErrorClassstdVars.aPkixErrorClass = subroutineErr->errClass;
2623 if (pkixErrorClassstdVars.aPkixErrorClass == PKIX_FATAL_ERROR) {
2624 pkixErrorResultstdVars.aPkixErrorResult = subroutineErr;
2625 subroutineErr = NULL((void*)0);
2626 goto cleanup;
2627 }
2628 /*
2629 * Abort policy processing, and then determine whether
2630 * we can continue without policy processing.
2631 */
2632 PKIX_DECREF(state->validPolicyTree)do { if (state->validPolicyTree){ stdVars.aPkixTempResult =
PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->validPolicyTree
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->validPolicyTree = ((void*)0); } } while
(0);
2633 PKIX_DECREF(state->anyPolicyNodeAtBottom)do { if (state->anyPolicyNodeAtBottom){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->anyPolicyNodeAtBottom
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->anyPolicyNodeAtBottom = ((void*)0)
; } } while (0);
2634 PKIX_DECREF(state->newAnyPolicyNode)do { if (state->newAnyPolicyNode){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->newAnyPolicyNode
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } state->newAnyPolicyNode = ((void*)0); } }
while (0);
2635 if (state->explicitPolicy == 0) {
2636 PKIX_ERROR{ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION, ((void*)0),
stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION
; goto cleanup; }
2637 (PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION, ((void*)0),
stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION
; goto cleanup; };
2638 }
2639 }
2640
2641 /* Checking is complete. Save state for the next certificate. */
2642 PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerStatedo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_SetCertChainCheckerState
(checker, (PKIX_PL_Object *)state, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0)
2643 (checker, (PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_SetCertChainCheckerState
(checker, (PKIX_PL_Object *)state, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0)
2644 PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_SetCertChainCheckerState
(checker, (PKIX_PL_Object *)state, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0);
2645
2646cleanup:
2647
2648#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
2649 if (cert) {
2650 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)cert, &certString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2651 ((PKIX_PL_Object*)cert, &certString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)cert, &certString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2652 PKIX_OBJECTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)cert, &certString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0);
2653 PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (certString
, 0, (void **)&certAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2654 (certString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (certString
, 0, (void **)&certAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2655 PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (certString
, 0, (void **)&certAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2656 (void **)&certAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (certString
, 0, (void **)&certAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2657 &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (certString
, 0, (void **)&certAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2658 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (certString
, 0, (void **)&certAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2659 PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (certString
, 0, (void **)&certAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
2660 PKIX_DEBUG_ARG("Cert was %s\n", certAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("Cert was %s\n", certAscii); } while (0);
2661 PKIX_FREE(certAscii)do { if (certAscii) { stdVars.aPkixTempResult = PKIX_PL_Free(
(certAscii), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } certAscii = ((void*)0); } } while (0);
2662 PKIX_DECREF(certString)do { if (certString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certString = ((void
*)0); } } while (0);
2663 }
2664 if (state) {
2665 PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2666 ((PKIX_PL_Object*)state, &stateString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
2667 PKIX_OBJECTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0);
2668 PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2669 (stateString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2670 PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2671 (void **)&stateAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2672 &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2673 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2674 PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
2675 PKIX_DEBUG_ARG("On exit %s\n", stateAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("On exit %s\n", stateAscii); } while (0);
2676 PKIX_FREE(stateAscii)do { if (stateAscii) { stdVars.aPkixTempResult = PKIX_PL_Free
((stateAscii), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stateAscii = ((void*)0); } } while (0);
2677 PKIX_DECREF(stateString)do { if (stateString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(stateString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stateString = ((void
*)0); } } while (0);
2678 }
2679#endif
2680
2681 PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
2682 PKIX_DECREF(certPolicyInfos)do { if (certPolicyInfos){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certPolicyInfos), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certPolicyInfos
= ((void*)0); } } while (0);
2683 PKIX_DECREF(policy)do { if (policy){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policy), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policy = ((void*)0
); } } while (0);
2684 PKIX_DECREF(qualsOfAny)do { if (qualsOfAny){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(qualsOfAny), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } qualsOfAny = ((void
*)0); } } while (0);
2685 PKIX_DECREF(policyQualifiers)do { if (policyQualifiers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyQualifiers), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policyQualifiers
= ((void*)0); } } while (0);
2686 PKIX_DECREF(policyOID)do { if (policyOID){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyOID), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyOID = ((void
*)0); } } while (0);
2687 PKIX_DECREF(subroutineErr)do { if (subroutineErr){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(subroutineErr), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } subroutineErr
= ((void*)0); } } while (0);
2688 PKIX_DECREF(policyMaps)do { if (policyMaps){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyMaps), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyMaps = ((void
*)0); } } while (0);
2689 PKIX_DECREF(mappedPolicies)do { if (mappedPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(mappedPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } mappedPolicies
= ((void*)0); } } while (0);
2690
2691 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
2692}
2693
2694/*
2695 * FUNCTION: pkix_PolicyChecker_Initialize
2696 * DESCRIPTION:
2697 *
2698 * Creates and initializes a PolicyChecker, using the List pointed to
2699 * by "initialPolicies" for the user-initial-policy-set, the Boolean value
2700 * of "policyQualifiersRejected" for the policyQualifiersRejected parameter,
2701 * the Boolean value of "initialPolicyMappingInhibit" for the
2702 * inhibitPolicyMappings parameter, the Boolean value of
2703 * "initialExplicitPolicy" for the initialExplicitPolicy parameter, the
2704 * Boolean value of "initialAnyPolicyInhibit" for the inhibitAnyPolicy
2705 * parameter, and the UInt32 value of "numCerts" as the number of
2706 * certificates in the chain; and stores the Checker at "pChecker".
2707 *
2708 * PARAMETERS:
2709 * "initialPolicies"
2710 * Address of List of OIDs comprising the user-initial-policy-set; the List
2711 * may be empty or NULL
2712 * "policyQualifiersRejected"
2713 * Boolean value of the policyQualifiersRejected parameter
2714 * "initialPolicyMappingInhibit"
2715 * Boolean value of the inhibitPolicyMappings parameter
2716 * "initialExplicitPolicy"
2717 * Boolean value of the initialExplicitPolicy parameter
2718 * "initialAnyPolicyInhibit"
2719 * Boolean value of the inhibitAnyPolicy parameter
2720 * "numCerts"
2721 * Number of certificates in the chain to be validated
2722 * "pChecker"
2723 * Address to store the created PolicyChecker. Must be non-NULL.
2724 * "plContext"
2725 * Platform-specific context pointer.
2726 * THREAD SAFETY:
2727 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2728 * RETURNS:
2729 * Returns NULL if the function succeeds
2730 * Returns a CertChainChecker Error if the functions fails in a non-fatal way
2731 * Returns a Fatal Error if the function fails in an unrecoverable way
2732 */
2733PKIX_Error *
2734pkix_PolicyChecker_Initialize(
2735 PKIX_List *initialPolicies,
2736 PKIX_Boolean policyQualifiersRejected,
2737 PKIX_Boolean initialPolicyMappingInhibit,
2738 PKIX_Boolean initialExplicitPolicy,
2739 PKIX_Boolean initialAnyPolicyInhibit,
2740 PKIX_UInt32 numCerts,
2741 PKIX_CertChainChecker **pChecker,
2742 void *plContext)
2743{
2744 PKIX_PolicyCheckerState *polCheckerState = NULL((void*)0);
1
'polCheckerState' initialized to a null pointer value
2745 PKIX_List *policyExtensions = NULL((void*)0); /* OIDs */
2746 PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Initialize")static const char cMyFuncName[] = {"pkix_PolicyChecker_Initialize"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTCHAINCHECKER_ERROR; ; do { if (
pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
2
Assuming 'pkixLoggersDebugTrace' is null
3
Taking false branch
4
Loop condition is false. Exiting loop
2747 PKIX_NULLCHECK_ONE(pChecker)do { if ((pChecker) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
5
Assuming 'pChecker' is not equal to null
6
Taking false branch
7
Loop condition is false. Exiting loop
2748
2749 PKIX_CHECK(pkix_PolicyCheckerState_Createdo { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
8
Calling 'pkix_PolicyCheckerState_Create'
14
Returning from 'pkix_PolicyCheckerState_Create'
15
Assuming field 'aPkixErrorResult' is null
16
Taking false branch
17
Loop condition is false. Exiting loop
2750 (initialPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
2751 policyQualifiersRejected,do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
2752 initialPolicyMappingInhibit,do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
2753 initialExplicitPolicy,do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
2754 initialAnyPolicyInhibit,do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
2755 numCerts,do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
2756 &polCheckerState,do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
2757 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0)
2758 PKIX_POLICYCHECKERSTATECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyCheckerState_Create
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
polCheckerState, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERSTATECREATEFAILED
; goto cleanup; } } while (0);
2759
2760 /* Create the list of extensions that we handle */
2761 PKIX_CHECK(pkix_PolicyChecker_MakeSingletondo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension
), ((PKIX_Boolean) 1), &policyExtensions, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
18
Access to field 'certPoliciesExtension' results in a dereference of a null pointer (loaded from variable 'polCheckerState')
2762 ((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension
), ((PKIX_Boolean) 1), &policyExtensions, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
2763 PKIX_TRUE,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension
), ((PKIX_Boolean) 1), &policyExtensions, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
2764 &policyExtensions,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension
), ((PKIX_Boolean) 1), &policyExtensions, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
2765 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension
), ((PKIX_Boolean) 1), &policyExtensions, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0)
2766 PKIX_POLICYCHECKERMAKESINGLETONFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_MakeSingleton
((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension
), ((PKIX_Boolean) 1), &policyExtensions, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERMAKESINGLETONFAILED
; goto cleanup; } } while (0);
2767
2768 PKIX_CHECK(PKIX_CertChainChecker_Createdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0)
2769 (pkix_PolicyChecker_Check,do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0)
2770 PKIX_FALSE, /* forwardCheckingSupported */do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0)
2771 PKIX_FALSE,do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0)
2772 policyExtensions,do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0)
2773 (PKIX_PL_Object *)polCheckerState,do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0)
2774 pChecker,do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0)
2775 plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0)
2776 PKIX_CERTCHAINCHECKERCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_Create
(pkix_PolicyChecker_Check, ((PKIX_Boolean) 0), ((PKIX_Boolean
) 0), policyExtensions, (PKIX_PL_Object *)polCheckerState, pChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTCHAINCHECKERCREATEFAILED; goto cleanup; } } while
(0);
2777
2778cleanup:
2779 PKIX_DECREF(polCheckerState)do { if (polCheckerState){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(polCheckerState), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } polCheckerState
= ((void*)0); } } while (0);
2780 PKIX_DECREF(policyExtensions)do { if (policyExtensions){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyExtensions), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policyExtensions
= ((void*)0); } } while (0);
2781 PKIX_RETURN(CERTCHAINCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_CERTCHAINCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
2782
2783}