File: | s/lib/libpkix/pkix/top/pkix_validate.c |
Warning: | line 1078, column 23 The right operand of '<' is a garbage value |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* This Source Code Form is subject to the terms of the Mozilla Public | |||
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this | |||
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |||
4 | /* | |||
5 | * pkix_validate.c | |||
6 | * | |||
7 | * Top level validateChain function | |||
8 | * | |||
9 | */ | |||
10 | ||||
11 | #include "pkix_validate.h" | |||
12 | #include "pkix_pl_common.h" | |||
13 | ||||
14 | /* --Private-Functions-------------------------------------------- */ | |||
15 | ||||
16 | /* | |||
17 | * FUNCTION: pkix_AddToVerifyLog | |||
18 | * DESCRIPTION: | |||
19 | * | |||
20 | * This function returns immediately if the address for the VerifyNode tree | |||
21 | * pointed to by "pVerifyTree" is NULL. Otherwise it creates a new VerifyNode | |||
22 | * from the Cert pointed to by "cert" and the Error pointed to by "error", | |||
23 | * and inserts it at the depth in the VerifyNode tree determined by "depth". A | |||
24 | * depth of zero means that this function creates the root node of a new tree. | |||
25 | * | |||
26 | * Note: this function does not include the means of choosing among branches | |||
27 | * of a tree. It is intended for non-branching trees, that is, where each | |||
28 | * parent node has only a single child node. | |||
29 | * | |||
30 | * PARAMETERS: | |||
31 | * "cert" | |||
32 | * The address of the Cert to be included in the new VerifyNode. Must be | |||
33 | * non-NULL. | |||
34 | * "depth" | |||
35 | * The UInt32 value of the depth. | |||
36 | * "error" | |||
37 | * The address of the Error to be included in the new VerifyNode. | |||
38 | * "pVerifyTree" | |||
39 | * The address of the VerifyNode tree into which the created VerifyNode | |||
40 | * is to be inserted. The node is not created if VerifyTree is NULL. | |||
41 | * "plContext" | |||
42 | * Platform-specific context pointer. | |||
43 | * THREAD SAFETY: | |||
44 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
45 | * RETURNS: | |||
46 | * Returns NULL if the function succeeds. | |||
47 | * Returns a Validate Error if the function fails in a non-fatal way. | |||
48 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
49 | */ | |||
50 | static PKIX_Error * | |||
51 | pkix_AddToVerifyLog( | |||
52 | PKIX_PL_Cert *cert, | |||
53 | PKIX_UInt32 depth, | |||
54 | PKIX_Error *error, | |||
55 | PKIX_VerifyNode **pVerifyTree, | |||
56 | void *plContext) | |||
57 | { | |||
58 | ||||
59 | PKIX_VerifyNode *verifyNode = NULL((void*)0); | |||
60 | ||||
61 | PKIX_ENTER(VALIDATE, "pkix_AddToVerifyLog")static const char cMyFuncName[] = {"pkix_AddToVerifyLog"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
62 | PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = ( (PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
63 | ||||
64 | if (pVerifyTree) { /* nothing to do if no address given for log */ | |||
65 | ||||
66 | PKIX_CHECK(pkix_VerifyNode_Createdo { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (cert , depth, error, &verifyNode, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED; goto cleanup ; } } while (0) | |||
67 | (cert, depth, error, &verifyNode, plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (cert , depth, error, &verifyNode, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED; goto cleanup ; } } while (0) | |||
68 | PKIX_VERIFYNODECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (cert , depth, error, &verifyNode, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED; goto cleanup ; } } while (0); | |||
69 | ||||
70 | if (depth == 0) { | |||
71 | /* We just created the root node */ | |||
72 | *pVerifyTree = verifyNode; | |||
73 | } else { | |||
74 | PKIX_CHECK(pkix_VerifyNode_AddToChaindo { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToChain ( *pVerifyTree, verifyNode, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VERIFYNODEADDTOCHAINFAILED; goto cleanup; } } while (0) | |||
75 | (*pVerifyTree, verifyNode, plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToChain ( *pVerifyTree, verifyNode, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VERIFYNODEADDTOCHAINFAILED; goto cleanup; } } while (0) | |||
76 | PKIX_VERIFYNODEADDTOCHAINFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToChain ( *pVerifyTree, verifyNode, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VERIFYNODEADDTOCHAINFAILED; goto cleanup; } } while (0); | |||
77 | } | |||
78 | } | |||
79 | ||||
80 | cleanup: | |||
81 | ||||
82 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
83 | ||||
84 | } | |||
85 | ||||
86 | /* | |||
87 | * FUNCTION: pkix_CheckCert | |||
88 | * DESCRIPTION: | |||
89 | * | |||
90 | * Checks whether the Cert pointed to by "cert" successfully validates | |||
91 | * using the List of CertChainCheckers pointed to by "checkers". If the | |||
92 | * certificate does not validate, an Error pointer is returned. | |||
93 | * | |||
94 | * This function should be called initially with the UInt32 pointed to by | |||
95 | * "pCheckerIndex" containing zero, and the pointer at "pNBIOContext" | |||
96 | * containing NULL. If a checker does non-blocking I/O, this function will | |||
97 | * return with the index of that checker stored at "pCheckerIndex" and a | |||
98 | * platform-dependent non-blocking I/O context stored at "pNBIOContext". | |||
99 | * A subsequent call to this function with those values intact will allow the | |||
100 | * checking to resume where it left off. This should be repeated until the | |||
101 | * function returns with NULL stored at "pNBIOContext". | |||
102 | * | |||
103 | * PARAMETERS: | |||
104 | * "cert" | |||
105 | * Address of Cert to validate. Must be non-NULL. | |||
106 | * "checkers" | |||
107 | * List of CertChainCheckers which must each validate the certificate. | |||
108 | * Must be non-NULL. | |||
109 | * "checkedExtOIDs" | |||
110 | * List of PKIX_PL_OID that has been processed. If called from building | |||
111 | * chain, it is the list of critical extension OIDs that has been | |||
112 | * processed prior to validation. May be NULL. | |||
113 | * "pCheckerIndex" | |||
114 | * Address at which is stored the the index, within the List "checkers", | |||
115 | * of a checker whose processing was interrupted by non-blocking I/O. | |||
116 | * Must be non-NULL. | |||
117 | * "pNBIOContext" | |||
118 | * Address at which is stored platform-specific non-blocking I/O context. | |||
119 | * Must be non-NULL. | |||
120 | * "plContext" | |||
121 | * Platform-specific context pointer. | |||
122 | * THREAD SAFETY: | |||
123 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
124 | * RETURNS: | |||
125 | * Returns NULL if the function succeeds. | |||
126 | * Returns a Validate Error if the function fails in a non-fatal way. | |||
127 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
128 | */ | |||
129 | static PKIX_Error * | |||
130 | pkix_CheckCert( | |||
131 | PKIX_PL_Cert *cert, | |||
132 | PKIX_List *checkers, | |||
133 | PKIX_List *checkedExtOIDsList, | |||
134 | PKIX_UInt32 *pCheckerIndex, | |||
135 | void **pNBIOContext, | |||
136 | void *plContext) | |||
137 | { | |||
138 | PKIX_CertChainChecker_CheckCallback checkerCheck = NULL((void*)0); | |||
139 | PKIX_CertChainChecker *checker = NULL((void*)0); | |||
140 | PKIX_List *unresCritExtOIDs = NULL((void*)0); | |||
141 | PKIX_UInt32 numCheckers; | |||
142 | PKIX_UInt32 numUnresCritExtOIDs = 0; | |||
143 | PKIX_UInt32 checkerIndex = 0; | |||
144 | void *nbioContext = NULL((void*)0); | |||
145 | ||||
146 | PKIX_ENTER(VALIDATE, "pkix_CheckCert")static const char cMyFuncName[] = {"pkix_CheckCert"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
147 | PKIX_NULLCHECK_FOUR(cert, checkers, pCheckerIndex, pNBIOContext)do { if (((cert) == ((void*)0)) || ((checkers) == ((void*)0)) || ((pCheckerIndex) == ((void*)0)) || ((pNBIOContext) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
148 | ||||
149 | nbioContext = *pNBIOContext; | |||
150 | *pNBIOContext = NULL((void*)0); /* prepare for case of error exit */ | |||
151 | ||||
152 | PKIX_CHECK(PKIX_PL_Cert_GetCriticalExtensionOIDsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs (cert, &unresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0) | |||
153 | (cert, &unresCritExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs (cert, &unresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0) | |||
154 | PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs (cert, &unresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED ; goto cleanup; } } while (0); | |||
155 | ||||
156 | PKIX_CHECK(PKIX_List_GetLength(checkers, &numCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(checkers , &numCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
157 | PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(checkers , &numCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0); | |||
158 | ||||
159 | for (checkerIndex = *pCheckerIndex; | |||
160 | checkerIndex < numCheckers; | |||
161 | checkerIndex++) { | |||
162 | ||||
163 | PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
164 | (checkers,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
165 | checkerIndex,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
166 | (PKIX_PL_Object **)&checker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
167 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
168 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0); | |||
169 | ||||
170 | PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallbackdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback (checker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED ; goto cleanup; } } while (0) | |||
171 | (checker, &checkerCheck, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback (checker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED ; goto cleanup; } } while (0) | |||
172 | PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback (checker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED ; goto cleanup; } } while (0); | |||
173 | ||||
174 | PKIX_CHECK(checkerCheck(checker, cert, unresCritExtOIDs,do { stdVars.aPkixErrorResult = (checkerCheck(checker, cert, unresCritExtOIDs , &nbioContext, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERCHECKFAILED; goto cleanup; } } while (0) | |||
175 | &nbioContext, plContext),do { stdVars.aPkixErrorResult = (checkerCheck(checker, cert, unresCritExtOIDs , &nbioContext, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERCHECKFAILED; goto cleanup; } } while (0) | |||
176 | PKIX_CERTCHAINCHECKERCHECKFAILED)do { stdVars.aPkixErrorResult = (checkerCheck(checker, cert, unresCritExtOIDs , &nbioContext, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERCHECKFAILED; goto cleanup; } } while (0); | |||
177 | ||||
178 | if (nbioContext != NULL((void*)0)) { | |||
179 | *pCheckerIndex = checkerIndex; | |||
180 | *pNBIOContext = nbioContext; | |||
181 | goto cleanup; | |||
182 | } | |||
183 | ||||
184 | PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*) 0); } } while (0); | |||
185 | } | |||
186 | ||||
187 | if (unresCritExtOIDs){ | |||
188 | ||||
189 | #ifdef PKIX_VALIDATEDEBUG | |||
190 | { | |||
191 | PKIX_PL_String *oidString = NULL((void*)0); | |||
192 | PKIX_UInt32 length; | |||
193 | char *oidAscii = NULL((void*)0); | |||
194 | PKIX_TOSTRING(unresCritExtOIDs, &oidString, plContext,do { int descNum; if ((unresCritExtOIDs) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(unresCritExtOIDs), (&oidString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&oidString), (plContext )); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0) | |||
195 | PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((unresCritExtOIDs) != ((void*)0)) { stdVars .aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object * )(unresCritExtOIDs), (&oidString), (plContext)); descNum = (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&oidString), (plContext )); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while ( 0); } while (0); | |||
196 | PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString , 0, (void **) &oidAscii, &length, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED ; goto cleanup; } } while (0) | |||
197 | (oidString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString , 0, (void **) &oidAscii, &length, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED ; goto cleanup; } } while (0) | |||
198 | PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString , 0, (void **) &oidAscii, &length, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED ; goto cleanup; } } while (0) | |||
199 | (void **) &oidAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString , 0, (void **) &oidAscii, &length, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED ; goto cleanup; } } while (0) | |||
200 | &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString , 0, (void **) &oidAscii, &length, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED ; goto cleanup; } } while (0) | |||
201 | plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString , 0, (void **) &oidAscii, &length, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED ; goto cleanup; } } while (0) | |||
202 | PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString , 0, (void **) &oidAscii, &length, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED ; goto cleanup; } } while (0); | |||
203 | PKIX_VALIDATE_DEBUG_ARG | |||
204 | ("unrecognized critical extension OIDs:" | |||
205 | " %s\n", oidAscii); | |||
206 | PKIX_DECREF(oidString)do { if (oidString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(oidString), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } oidString = ((void *)0); } } while (0); | |||
207 | PKIX_PL_Free(oidAscii, plContext); | |||
208 | } | |||
209 | #endif | |||
210 | ||||
211 | if (checkedExtOIDsList != NULL((void*)0)) { | |||
212 | /* Take out OID's that had been processed, if any */ | |||
213 | PKIX_CHECK(pkix_List_RemoveItemsdo { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs , checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup ; } } while (0) | |||
214 | (unresCritExtOIDs,do { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs , checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup ; } } while (0) | |||
215 | checkedExtOIDsList,do { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs , checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup ; } } while (0) | |||
216 | plContext),do { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs , checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup ; } } while (0) | |||
217 | PKIX_LISTREMOVEITEMSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs , checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup ; } } while (0); | |||
218 | } | |||
219 | ||||
220 | PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (unresCritExtOIDs , &numUnresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
221 | (unresCritExtOIDs, &numUnresCritExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (unresCritExtOIDs , &numUnresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
222 | PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (unresCritExtOIDs , &numUnresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0); | |||
223 | ||||
224 | if (numUnresCritExtOIDs != 0){ | |||
225 | PKIX_ERROR(PKIX_UNRECOGNIZEDCRITICALEXTENSION){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_UNRECOGNIZEDCRITICALEXTENSION, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_UNRECOGNIZEDCRITICALEXTENSION ; goto cleanup; }; | |||
226 | } | |||
227 | ||||
228 | } | |||
229 | ||||
230 | cleanup: | |||
231 | ||||
232 | PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*) 0); } } while (0); | |||
233 | PKIX_DECREF(unresCritExtOIDs)do { if (unresCritExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(unresCritExtOIDs), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } unresCritExtOIDs = ((void*)0); } } while (0); | |||
234 | ||||
235 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
236 | ||||
237 | } | |||
238 | ||||
239 | /* | |||
240 | * FUNCTION: pkix_InitializeCheckers | |||
241 | * DESCRIPTION: | |||
242 | * | |||
243 | * Creates several checkers and initializes them with values derived from the | |||
244 | * TrustAnchor pointed to by "anchor", the ProcessingParams pointed to by | |||
245 | * "procParams", and the number of Certs in the Chain, represented by | |||
246 | * "numCerts". The List of checkers is stored at "pCheckers". | |||
247 | * | |||
248 | * PARAMETERS: | |||
249 | * "anchor" | |||
250 | * Address of TrustAnchor used to initialize the SignatureChecker and | |||
251 | * NameChainingChecker. Must be non-NULL. | |||
252 | * "procParams" | |||
253 | * Address of ProcessingParams used to initialize the ExpirationChecker | |||
254 | * and TargetCertChecker. Must be non-NULL. | |||
255 | * "numCerts" | |||
256 | * Number of certificates in the CertChain. | |||
257 | * "pCheckers" | |||
258 | * Address where object pointer will be stored. Must be non-NULL. | |||
259 | * "plContext" | |||
260 | * Platform-specific context pointer. | |||
261 | * THREAD SAFETY: | |||
262 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
263 | * RETURNS: | |||
264 | * Returns NULL if the function succeeds. | |||
265 | * Returns a Validate Error if the function fails in a non-fatal way. | |||
266 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
267 | */ | |||
268 | static PKIX_Error * | |||
269 | pkix_InitializeCheckers( | |||
270 | PKIX_TrustAnchor *anchor, | |||
271 | PKIX_ProcessingParams *procParams, | |||
272 | PKIX_UInt32 numCerts, | |||
273 | PKIX_List **pCheckers, | |||
274 | void *plContext) | |||
275 | { | |||
276 | PKIX_CertChainChecker *targetCertChecker = NULL((void*)0); | |||
277 | PKIX_CertChainChecker *expirationChecker = NULL((void*)0); | |||
278 | PKIX_CertChainChecker *nameChainingChecker = NULL((void*)0); | |||
279 | PKIX_CertChainChecker *nameConstraintsChecker = NULL((void*)0); | |||
280 | PKIX_CertChainChecker *basicConstraintsChecker = NULL((void*)0); | |||
281 | PKIX_CertChainChecker *policyChecker = NULL((void*)0); | |||
282 | PKIX_CertChainChecker *sigChecker = NULL((void*)0); | |||
283 | PKIX_CertChainChecker *defaultCrlChecker = NULL((void*)0); | |||
284 | PKIX_CertChainChecker *userChecker = NULL((void*)0); | |||
285 | PKIX_PL_X500Name *trustedCAName = NULL((void*)0); | |||
286 | PKIX_PL_PublicKey *trustedPubKey = NULL((void*)0); | |||
287 | PKIX_List *checkers = NULL((void*)0); | |||
288 | PKIX_PL_Date *testDate = NULL((void*)0); | |||
289 | PKIX_CertSelector *certSelector = NULL((void*)0); | |||
290 | PKIX_PL_Cert *trustedCert = NULL((void*)0); | |||
291 | PKIX_PL_CertNameConstraints *trustedNC = NULL((void*)0); | |||
292 | PKIX_List *initialPolicies = NULL((void*)0); | |||
293 | PKIX_Boolean policyQualifiersRejected = PKIX_FALSE((PKIX_Boolean) 0); | |||
294 | PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE((PKIX_Boolean) 0); | |||
295 | PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE((PKIX_Boolean) 0); | |||
296 | PKIX_Boolean initialExplicitPolicy = PKIX_FALSE((PKIX_Boolean) 0); | |||
297 | PKIX_List *userCheckersList = NULL((void*)0); | |||
298 | PKIX_List *certStores = NULL((void*)0); | |||
299 | PKIX_UInt32 numCertCheckers = 0; | |||
300 | PKIX_UInt32 i; | |||
301 | ||||
302 | PKIX_ENTER(VALIDATE, "pkix_InitializeCheckers")static const char cMyFuncName[] = {"pkix_InitializeCheckers"} ; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
303 | PKIX_NULLCHECK_THREE(anchor, procParams, pCheckers)do { if (((anchor) == ((void*)0)) || ((procParams) == ((void* )0)) || ((pCheckers) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
304 | PKIX_CHECK(PKIX_List_Create(&checkers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&checkers , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
305 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&checkers , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
306 | ||||
307 | /* | |||
308 | * The TrustAnchor may have been created using CreateWithCert | |||
309 | * (in which case GetCAPublicKey and GetCAName will return NULL) | |||
310 | * or may have been created using CreateWithNameKeyPair (in which | |||
311 | * case GetTrustedCert will return NULL. So we call GetTrustedCert | |||
312 | * and populate trustedPubKey and trustedCAName accordingly. | |||
313 | */ | |||
314 | ||||
315 | PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0) | |||
316 | (anchor, &trustedCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0) | |||
317 | PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0); | |||
318 | ||||
319 | if (trustedCert){ | |||
320 | PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey (trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED ; goto cleanup; } } while (0) | |||
321 | (trustedCert, &trustedPubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey (trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED ; goto cleanup; } } while (0) | |||
322 | PKIX_CERTGETSUBJECTPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey (trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED ; goto cleanup; } } while (0); | |||
323 | ||||
324 | PKIX_CHECK(PKIX_PL_Cert_GetSubjectdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject (trustedCert , &trustedCAName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup ; } } while (0) | |||
325 | (trustedCert, &trustedCAName, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject (trustedCert , &trustedCAName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup ; } } while (0) | |||
326 | PKIX_CERTGETSUBJECTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject (trustedCert , &trustedCAName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup ; } } while (0); | |||
327 | } else { | |||
328 | PKIX_CHECK(PKIX_TrustAnchor_GetCAPublicKeydo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAPublicKey (anchor, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED ; goto cleanup; } } while (0) | |||
329 | (anchor, &trustedPubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAPublicKey (anchor, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED ; goto cleanup; } } while (0) | |||
330 | PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAPublicKey (anchor, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED ; goto cleanup; } } while (0); | |||
331 | ||||
332 | PKIX_CHECK(PKIX_TrustAnchor_GetCANamedo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAName ( anchor, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCANAMEFAILED; goto cleanup; } } while (0) | |||
333 | (anchor, &trustedCAName, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAName ( anchor, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCANAMEFAILED; goto cleanup; } } while (0) | |||
334 | PKIX_TRUSTANCHORGETCANAMEFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAName ( anchor, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCANAMEFAILED; goto cleanup; } } while (0); | |||
335 | } | |||
336 | ||||
337 | PKIX_NULLCHECK_TWO(trustedPubKey, trustedCAName)do { if (((trustedPubKey) == ((void*)0)) || ((trustedCAName) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1 ); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn (&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext );; } } while (0); | |||
338 | ||||
339 | PKIX_CHECK(PKIX_TrustAnchor_GetNameConstraintsdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints (anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED ; goto cleanup; } } while (0) | |||
340 | (anchor, &trustedNC, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints (anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED ; goto cleanup; } } while (0) | |||
341 | PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints (anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED ; goto cleanup; } } while (0); | |||
342 | ||||
343 | PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraintsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints (procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED ; goto cleanup; } } while (0) | |||
344 | (procParams, &certSelector, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints (procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED ; goto cleanup; } } while (0) | |||
345 | PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints (procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED ; goto cleanup; } } while (0); | |||
346 | ||||
347 | PKIX_CHECK(PKIX_ProcessingParams_GetDatedo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate (procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED ; goto cleanup; } } while (0) | |||
348 | (procParams, &testDate, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate (procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED ; goto cleanup; } } while (0) | |||
349 | PKIX_PROCESSINGPARAMSGETDATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate (procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED ; goto cleanup; } } while (0); | |||
350 | ||||
351 | PKIX_CHECK(PKIX_ProcessingParams_GetInitialPoliciesdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies (procParams, &initialPolicies, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED ; goto cleanup; } } while (0) | |||
352 | (procParams, &initialPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies (procParams, &initialPolicies, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED ; goto cleanup; } } while (0) | |||
353 | PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies (procParams, &initialPolicies, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED ; goto cleanup; } } while (0); | |||
354 | ||||
355 | PKIX_CHECK(PKIX_ProcessingParams_GetPolicyQualifiersRejecteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected (procParams, &policyQualifiersRejected, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED ; goto cleanup; } } while (0) | |||
356 | (procParams, &policyQualifiersRejected, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected (procParams, &policyQualifiersRejected, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED ; goto cleanup; } } while (0) | |||
357 | PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected (procParams, &policyQualifiersRejected, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED ; goto cleanup; } } while (0); | |||
358 | ||||
359 | PKIX_CHECK(PKIX_ProcessingParams_IsPolicyMappingInhibiteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited (procParams, &initialPolicyMappingInhibit, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED ; goto cleanup; } } while (0) | |||
360 | (procParams, &initialPolicyMappingInhibit, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited (procParams, &initialPolicyMappingInhibit, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED ; goto cleanup; } } while (0) | |||
361 | PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited (procParams, &initialPolicyMappingInhibit, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED ; goto cleanup; } } while (0); | |||
362 | ||||
363 | PKIX_CHECK(PKIX_ProcessingParams_IsAnyPolicyInhibiteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited (procParams, &initialAnyPolicyInhibit, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED ; goto cleanup; } } while (0) | |||
364 | (procParams, &initialAnyPolicyInhibit, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited (procParams, &initialAnyPolicyInhibit, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED ; goto cleanup; } } while (0) | |||
365 | PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited (procParams, &initialAnyPolicyInhibit, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED ; goto cleanup; } } while (0); | |||
366 | ||||
367 | PKIX_CHECK(PKIX_ProcessingParams_IsExplicitPolicyRequireddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired (procParams, &initialExplicitPolicy, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED ; goto cleanup; } } while (0) | |||
368 | (procParams, &initialExplicitPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired (procParams, &initialExplicitPolicy, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED ; goto cleanup; } } while (0) | |||
369 | PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired (procParams, &initialExplicitPolicy, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED ; goto cleanup; } } while (0); | |||
370 | ||||
371 | PKIX_CHECK(PKIX_ProcessingParams_GetCertStoresdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores (procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED ; goto cleanup; } } while (0) | |||
372 | (procParams, &certStores, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores (procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED ; goto cleanup; } } while (0) | |||
373 | PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores (procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED ; goto cleanup; } } while (0); | |||
374 | ||||
375 | PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckersdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckersList, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0) | |||
376 | (procParams, &userCheckersList, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckersList, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0) | |||
377 | PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckersList, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0); | |||
378 | ||||
379 | /* now, initialize all the checkers */ | |||
380 | PKIX_CHECK(pkix_TargetCertChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize (certSelector, numCerts, &targetCertChecker, plContext)) ; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TARGETCERTCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
381 | (certSelector, numCerts, &targetCertChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize (certSelector, numCerts, &targetCertChecker, plContext)) ; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TARGETCERTCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
382 | PKIX_TARGETCERTCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize (certSelector, numCerts, &targetCertChecker, plContext)) ; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TARGETCERTCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0); | |||
383 | ||||
384 | PKIX_CHECK(pkix_ExpirationChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize (testDate, &expirationChecker, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
385 | (testDate, &expirationChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize (testDate, &expirationChecker, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
386 | PKIX_EXPIRATIONCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize (testDate, &expirationChecker, plContext)); if (stdVars. aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0); | |||
387 | ||||
388 | PKIX_CHECK(pkix_NameChainingChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_NameChainingChecker_Initialize (trustedCAName, &nameChainingChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_NAMECHAININGCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
389 | (trustedCAName, &nameChainingChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_NameChainingChecker_Initialize (trustedCAName, &nameChainingChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_NAMECHAININGCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
390 | PKIX_NAMECHAININGCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_NameChainingChecker_Initialize (trustedCAName, &nameChainingChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_NAMECHAININGCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0); | |||
391 | ||||
392 | PKIX_CHECK(pkix_NameConstraintsChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize (trustedNC, numCerts, &nameConstraintsChecker, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup; } } while (0) | |||
393 | (trustedNC, numCerts, &nameConstraintsChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize (trustedNC, numCerts, &nameConstraintsChecker, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup; } } while (0) | |||
394 | PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize (trustedNC, numCerts, &nameConstraintsChecker, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup; } } while (0); | |||
395 | ||||
396 | PKIX_CHECK(pkix_BasicConstraintsChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_BasicConstraintsChecker_Initialize (numCerts, &basicConstraintsChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
397 | (numCerts, &basicConstraintsChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_BasicConstraintsChecker_Initialize (numCerts, &basicConstraintsChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
398 | PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_BasicConstraintsChecker_Initialize (numCerts, &basicConstraintsChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED ; goto cleanup; } } while (0); | |||
399 | ||||
400 | PKIX_CHECK(pkix_PolicyChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
401 | (initialPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
402 | policyQualifiersRejected,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
403 | initialPolicyMappingInhibit,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
404 | initialExplicitPolicy,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
405 | initialAnyPolicyInhibit,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
406 | numCerts,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
407 | &policyChecker,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
408 | plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0) | |||
409 | PKIX_POLICYCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit , initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, & policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup ; } } while (0); | |||
410 | ||||
411 | PKIX_CHECK(pkix_SignatureChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize (trustedPubKey, numCerts, &sigChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
412 | (trustedPubKey, numCerts, &sigChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize (trustedPubKey, numCerts, &sigChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED ; goto cleanup; } } while (0) | |||
413 | PKIX_SIGNATURECHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize (trustedPubKey, numCerts, &sigChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED ; goto cleanup; } } while (0); | |||
414 | ||||
415 | if (userCheckersList != NULL((void*)0)) { | |||
416 | ||||
417 | PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckersList , &numCertCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
418 | (userCheckersList, &numCertCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckersList , &numCertCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
419 | PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckersList , &numCertCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0); | |||
420 | ||||
421 | for (i = 0; i < numCertCheckers; i++) { | |||
422 | ||||
423 | PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
424 | (userCheckersList,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
425 | i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
426 | (PKIX_PL_Object **) &userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
427 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
428 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0); | |||
429 | ||||
430 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
431 | (checkers,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
432 | (PKIX_PL_Object *)userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
433 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
434 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
435 | ||||
436 | PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void *)0); } } while (0); | |||
437 | } | |||
438 | } | |||
439 | ||||
440 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)targetCertChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
441 | (checkers, (PKIX_PL_Object *)targetCertChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)targetCertChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
442 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)targetCertChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0); | |||
443 | ||||
444 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)expirationChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
445 | (checkers, (PKIX_PL_Object *)expirationChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)expirationChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
446 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)expirationChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0); | |||
447 | ||||
448 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)nameChainingChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
449 | (checkers, (PKIX_PL_Object *)nameChainingChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)nameChainingChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
450 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)nameChainingChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0); | |||
451 | ||||
452 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
453 | (checkers, (PKIX_PL_Object *)nameConstraintsChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
454 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0); | |||
455 | ||||
456 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)basicConstraintsChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
457 | (checkers, (PKIX_PL_Object *)basicConstraintsChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)basicConstraintsChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0) | |||
458 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)basicConstraintsChecker, plContext)); if ( stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED ; goto cleanup; } } while (0); | |||
459 | ||||
460 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
461 | (checkers, (PKIX_PL_Object *)policyChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
462 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
463 | ||||
464 | PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
465 | (checkers, (PKIX_PL_Object *)sigChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0) | |||
466 | PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers , (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup ; } } while (0); | |||
467 | ||||
468 | *pCheckers = checkers; | |||
469 | ||||
470 | cleanup: | |||
471 | ||||
472 | if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList)){ | |||
473 | PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void* )0); } } while (0); | |||
474 | } | |||
475 | ||||
476 | PKIX_DECREF(certSelector)do { if (certSelector){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certSelector), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } certSelector = ((void *)0); } } while (0); | |||
477 | PKIX_DECREF(testDate)do { if (testDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(testDate), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } testDate = ((void* )0); } } while (0); | |||
478 | PKIX_DECREF(initialPolicies)do { if (initialPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(initialPolicies), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } initialPolicies = ((void*)0); } } while (0); | |||
479 | PKIX_DECREF(targetCertChecker)do { if (targetCertChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(targetCertChecker), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } targetCertChecker = ((void*)0); } } while (0); | |||
480 | PKIX_DECREF(expirationChecker)do { if (expirationChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(expirationChecker), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } expirationChecker = ((void*)0); } } while (0); | |||
481 | PKIX_DECREF(nameChainingChecker)do { if (nameChainingChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(nameChainingChecker), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } nameChainingChecker = ((void*)0); } } while (0); | |||
482 | PKIX_DECREF(nameConstraintsChecker)do { if (nameConstraintsChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(nameConstraintsChecker), plContext); if ( stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); } nameConstraintsChecker = ((void*)0); } } while (0); | |||
483 | PKIX_DECREF(basicConstraintsChecker)do { if (basicConstraintsChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(basicConstraintsChecker), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars .aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void *)0); } basicConstraintsChecker = ((void*)0); } } while (0); | |||
484 | PKIX_DECREF(policyChecker)do { if (policyChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(policyChecker), plContext); if (stdVars. aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } policyChecker = ((void*)0); } } while (0); | |||
485 | PKIX_DECREF(sigChecker)do { if (sigChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(sigChecker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } sigChecker = ((void *)0); } } while (0); | |||
486 | PKIX_DECREF(trustedCAName)do { if (trustedCAName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(trustedCAName), plContext); if (stdVars. aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } trustedCAName = ((void*)0); } } while (0); | |||
487 | PKIX_DECREF(trustedPubKey)do { if (trustedPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(trustedPubKey), plContext); if (stdVars. aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } trustedPubKey = ((void*)0); } } while (0); | |||
488 | PKIX_DECREF(trustedNC)do { if (trustedNC){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(trustedNC), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } trustedNC = ((void *)0); } } while (0); | |||
489 | PKIX_DECREF(trustedCert)do { if (trustedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(trustedCert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } trustedCert = ((void *)0); } } while (0); | |||
490 | PKIX_DECREF(defaultCrlChecker)do { if (defaultCrlChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(defaultCrlChecker), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } defaultCrlChecker = ((void*)0); } } while (0); | |||
491 | PKIX_DECREF(userCheckersList)do { if (userCheckersList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userCheckersList), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckersList = ((void*)0); } } while (0); | |||
492 | PKIX_DECREF(certStores)do { if (certStores){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certStores), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } certStores = ((void *)0); } } while (0); | |||
493 | PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void *)0); } } while (0); | |||
494 | ||||
495 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
496 | } | |||
497 | ||||
498 | /* | |||
499 | * FUNCTION: pkix_RetrieveOutputs | |||
500 | * DESCRIPTION: | |||
501 | * | |||
502 | * This function queries the respective states of the List of checkers in | |||
503 | * "checkers" to to obtain the final public key from the SignatureChecker | |||
504 | * and the policy tree from the PolicyChecker, storing those values at | |||
505 | * "pFinalSubjPubKey" and "pPolicyTree", respectively. | |||
506 | * | |||
507 | * PARAMETERS: | |||
508 | * "checkers" | |||
509 | * Address of List of checkers to be queried. Must be non-NULL. | |||
510 | * "pFinalSubjPubKey" | |||
511 | * Address where final public key will be stored. Must be non-NULL. | |||
512 | * "pPolicyTree" | |||
513 | * Address where policy tree will be stored. Must be non-NULL. | |||
514 | * "plContext" | |||
515 | * Platform-specific context pointer. | |||
516 | * THREAD SAFETY: | |||
517 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
518 | * RETURNS: | |||
519 | * Returns NULL if the function succeeds. | |||
520 | * Returns a Validate Error if the function fails in a non-fatal way. | |||
521 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
522 | */ | |||
523 | static PKIX_Error * | |||
524 | pkix_RetrieveOutputs( | |||
525 | PKIX_List *checkers, | |||
526 | PKIX_PL_PublicKey **pFinalSubjPubKey, | |||
527 | PKIX_PolicyNode **pPolicyTree, | |||
528 | void *plContext) | |||
529 | { | |||
530 | PKIX_PL_PublicKey *finalSubjPubKey = NULL((void*)0); | |||
531 | PKIX_PolicyNode *validPolicyTree = NULL((void*)0); | |||
532 | PKIX_CertChainChecker *checker = NULL((void*)0); | |||
533 | PKIX_PL_Object *state = NULL((void*)0); | |||
534 | PKIX_UInt32 numCheckers = 0; | |||
535 | PKIX_UInt32 type; | |||
536 | PKIX_Int32 j; | |||
537 | ||||
538 | PKIX_ENTER(VALIDATE, "pkix_RetrieveOutputs")static const char cMyFuncName[] = {"pkix_RetrieveOutputs"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
539 | ||||
540 | PKIX_NULLCHECK_TWO(checkers, pPolicyTree)do { if (((checkers) == ((void*)0)) || ((pPolicyTree) == ((void *)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
541 | ||||
542 | /* | |||
543 | * To optimize the search, we guess that the sigChecker is | |||
544 | * last in the tree and is preceded by the policyChecker. We | |||
545 | * search toward the front of the chain. Remember that List | |||
546 | * items are indexed 0..(numItems - 1). | |||
547 | */ | |||
548 | ||||
549 | PKIX_CHECK(PKIX_List_GetLength(checkers, &numCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(checkers , &numCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
550 | PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(checkers , &numCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0); | |||
551 | ||||
552 | for (j = numCheckers - 1; j >= 0; j--){ | |||
553 | PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, j, (PKIX_PL_Object **)&checker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
554 | (checkers, j, (PKIX_PL_Object **)&checker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, j, (PKIX_PL_Object **)&checker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
555 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers, j, (PKIX_PL_Object **)&checker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0); | |||
556 | ||||
557 | PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerStatedo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState (checker, &state, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED ; goto cleanup; } } while (0) | |||
558 | (checker, &state, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState (checker, &state, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED ; goto cleanup; } } while (0) | |||
559 | PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState (checker, &state, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED ; goto cleanup; } } while (0); | |||
560 | ||||
561 | /* user defined checker may have no state */ | |||
562 | if (state != NULL((void*)0)) { | |||
563 | ||||
564 | PKIX_CHECK(PKIX_PL_Object_GetType(state, &type, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType(state , &type, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_OBJECTGETTYPEFAILED; goto cleanup; } } while (0) | |||
565 | PKIX_OBJECTGETTYPEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType(state , &type, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_OBJECTGETTYPEFAILED; goto cleanup; } } while (0); | |||
566 | ||||
567 | if (type == PKIX_SIGNATURECHECKERSTATE_TYPE){ | |||
568 | /* final pubKey will include any inherited DSA params */ | |||
569 | finalSubjPubKey = | |||
570 | ((pkix_SignatureCheckerState *)state)-> | |||
571 | prevPublicKey; | |||
572 | PKIX_INCREF(finalSubjPubKey)do { if (finalSubjPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(finalSubjPubKey), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
573 | *pFinalSubjPubKey = finalSubjPubKey; | |||
574 | } | |||
575 | ||||
576 | if (type == PKIX_CERTPOLICYCHECKERSTATE_TYPE) { | |||
577 | validPolicyTree = | |||
578 | ((PKIX_PolicyCheckerState *)state)->validPolicyTree; | |||
579 | break; | |||
580 | } | |||
581 | } | |||
582 | ||||
583 | PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*) 0); } } while (0); | |||
584 | PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0) ; } } while (0); | |||
585 | } | |||
586 | ||||
587 | PKIX_INCREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup ; } } } while (0); | |||
588 | *pPolicyTree = validPolicyTree; | |||
589 | ||||
590 | cleanup: | |||
591 | ||||
592 | PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*) 0); } } while (0); | |||
593 | PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0) ; } } while (0); | |||
594 | ||||
595 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
596 | ||||
597 | } | |||
598 | ||||
599 | /* | |||
600 | * FUNCTION: pkix_CheckChain | |||
601 | * DESCRIPTION: | |||
602 | * | |||
603 | * Checks whether the List of Certs pointed to by "certs", containing | |||
604 | * "numCerts" entries, successfully validates using each CertChainChecker in | |||
605 | * the List pointed to by "checkers" and has not been revoked, according to any | |||
606 | * of the Revocation Checkers in the List pointed to by "revChecker". Checkers | |||
607 | * are expected to remove from "removeCheckedExtOIDs" and extensions that they | |||
608 | * process. Indices to the certChain and the checkerChain are obtained and | |||
609 | * returned in "pCertCheckedIndex" and "pCheckerIndex", respectively. These | |||
610 | * should be set to zero prior to the initial call, but may be changed (and | |||
611 | * must be supplied on subsequent calls) if processing is suspended for non- | |||
612 | * blocking I/O. Each time a Cert passes from being validated by one of the | |||
613 | * CertChainCheckers to being checked by a Revocation Checker, the Boolean | |||
614 | * stored at "pRevChecking" is changed from FALSE to TRUE. If the Cert is | |||
615 | * rejected by a Revocation Checker, its reason code is returned at | |||
616 | * "pReasonCode. If the List of Certs successfully validates, the public key i | |||
617 | * the final certificate is obtained and stored at "pFinalSubjPubKey" and the | |||
618 | * validPolicyTree, which could be NULL, is stored at pPolicyTree. If the List | |||
619 | * of Certs fails to validate, an Error pointer is returned. | |||
620 | * | |||
621 | * If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which | |||
622 | * tracks the results of the validation. That is, either each node in the | |||
623 | * chain has a NULL Error component, or the last node contains an Error | |||
624 | * which indicates why the validation failed. | |||
625 | * | |||
626 | * The number of Certs in the List, represented by "numCerts", is used to | |||
627 | * determine which Cert is the final Cert. | |||
628 | * | |||
629 | * PARAMETERS: | |||
630 | * "certs" | |||
631 | * Address of List of Certs to validate. Must be non-NULL. | |||
632 | * "numCerts" | |||
633 | * Number of certificates in the List of certificates. | |||
634 | * "checkers" | |||
635 | * List of CertChainCheckers which must each validate the List of | |||
636 | * certificates. Must be non-NULL. | |||
637 | * "revChecker" | |||
638 | * List of RevocationCheckers which must each not reject the List of | |||
639 | * certificates. May be empty, but must be non-NULL. | |||
640 | * "removeCheckedExtOIDs" | |||
641 | * List of PKIX_PL_OID that has been processed. If called from building | |||
642 | * chain, it is the list of critical extension OIDs that has been | |||
643 | * processed prior to validation. Extension OIDs that may be processed by | |||
644 | * user defined checker processes are also in the list. May be NULL. | |||
645 | * "procParams" | |||
646 | * Address of ProcessingParams used to initialize various checkers. Must | |||
647 | * be non-NULL. | |||
648 | * "pCertCheckedIndex" | |||
649 | * Address where Int32 index to the Cert chain is obtained and | |||
650 | * returned. Must be non-NULL. | |||
651 | * "pCheckerIndex" | |||
652 | * Address where Int32 index to the CheckerChain is obtained and | |||
653 | * returned. Must be non-NULL. | |||
654 | * "pRevChecking" | |||
655 | * Address where Boolean is obtained and returned, indicating, if FALSE, | |||
656 | * that CertChainCheckers are being called; or, if TRUE, that RevChecker | |||
657 | * are being called. Must be non-NULL. | |||
658 | * "pReasonCode" | |||
659 | * Address where UInt32 results of revocation checking are stored. Must be | |||
660 | * non-NULL. | |||
661 | * "pNBIOContext" | |||
662 | * Address where platform-dependent context is stored if checking is | |||
663 | * suspended for non-blocking I/O. Must be non-NULL. | |||
664 | * "pFinalSubjPubKey" | |||
665 | * Address where the final public key will be stored. Must be non-NULL. | |||
666 | * "pPolicyTree" | |||
667 | * Address where the final validPolicyTree is stored. Must be non-NULL. | |||
668 | * "pVerifyTree" | |||
669 | * Address where a VerifyTree is stored, if non-NULL. | |||
670 | * "plContext" | |||
671 | * Platform-specific context pointer. | |||
672 | * THREAD SAFETY: | |||
673 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
674 | * RETURNS: | |||
675 | * Returns NULL if the function succeeds. | |||
676 | * Returns a Validate Error if the function fails in a non-fatal way. | |||
677 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
678 | */ | |||
679 | PKIX_Error * | |||
680 | pkix_CheckChain( | |||
681 | PKIX_List *certs, | |||
682 | PKIX_UInt32 numCerts, | |||
683 | PKIX_TrustAnchor *anchor, | |||
684 | PKIX_List *checkers, | |||
685 | PKIX_RevocationChecker *revChecker, | |||
686 | PKIX_List *removeCheckedExtOIDs, | |||
687 | PKIX_ProcessingParams *procParams, | |||
688 | PKIX_UInt32 *pCertCheckedIndex, | |||
689 | PKIX_UInt32 *pCheckerIndex, | |||
690 | PKIX_Boolean *pRevChecking, | |||
691 | PKIX_UInt32 *pReasonCode, | |||
692 | void **pNBIOContext, | |||
693 | PKIX_PL_PublicKey **pFinalSubjPubKey, | |||
694 | PKIX_PolicyNode **pPolicyTree, | |||
695 | PKIX_VerifyNode **pVerifyTree, | |||
696 | void *plContext) | |||
697 | { | |||
698 | PKIX_UInt32 j = 0; | |||
699 | PKIX_Boolean revChecking = PKIX_FALSE((PKIX_Boolean) 0); | |||
700 | PKIX_Error *checkCertError = NULL((void*)0); | |||
701 | void *nbioContext = NULL((void*)0); | |||
702 | PKIX_PL_Cert *cert = NULL((void*)0); | |||
703 | PKIX_PL_Cert *issuer = NULL((void*)0); | |||
704 | PKIX_PL_NssContext *nssContext = NULL((void*)0); | |||
705 | CERTCertList *certList = NULL((void*)0); | |||
706 | const CERTChainVerifyCallback *chainVerifyCallback = NULL((void*)0); | |||
707 | CERTCertificate *nssCert = NULL((void*)0); | |||
708 | ||||
709 | PKIX_ENTER(VALIDATE, "pkix_CheckChain")static const char cMyFuncName[] = {"pkix_CheckChain"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
710 | PKIX_NULLCHECK_FOUR(certs, checkers, revChecker, pCertCheckedIndex)do { if (((certs) == ((void*)0)) || ((checkers) == ((void*)0) ) || ((revChecker) == ((void*)0)) || ((pCertCheckedIndex) == ( (void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn (&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext );; } } while (0); | |||
711 | PKIX_NULLCHECK_FOUR(pCheckerIndex, pRevChecking, pReasonCode, anchor)do { if (((pCheckerIndex) == ((void*)0)) || ((pRevChecking) == ((void*)0)) || ((pReasonCode) == ((void*)0)) || ((anchor) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1 ); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn (&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext );; } } while (0); | |||
712 | PKIX_NULLCHECK_THREE(pNBIOContext, pFinalSubjPubKey, pPolicyTree)do { if (((pNBIOContext) == ((void*)0)) || ((pFinalSubjPubKey ) == ((void*)0)) || ((pPolicyTree) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
713 | ||||
714 | nbioContext = *pNBIOContext; | |||
715 | *pNBIOContext = NULL((void*)0); | |||
716 | revChecking = *pRevChecking; | |||
717 | nssContext = (PKIX_PL_NssContext *)plContext; | |||
718 | chainVerifyCallback = &nssContext->chainVerifyCallback; | |||
719 | ||||
720 | if (chainVerifyCallback->isChainValid != NULL((void*)0)) { | |||
721 | PRBool chainOK = PR_FALSE0; /*assume failure*/ | |||
722 | SECStatus rv; | |||
723 | ||||
724 | certList = CERT_NewCertList(); | |||
725 | if (certList == NULL((void*)0)) { | |||
726 | PKIX_ERROR_ALLOC_ERROR(){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_ALLOCERROR, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorResult = PKIX_ALLOC_ERROR(); goto cleanup; }; | |||
727 | } | |||
728 | ||||
729 | /* Add the trust anchor to the list */ | |||
730 | PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0) | |||
731 | (anchor, &cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0) | |||
732 | PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0); | |||
733 | ||||
734 | PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate (cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED; goto cleanup; } } while (0) | |||
735 | PKIX_PL_Cert_GetCERTCertificate(cert, &nssCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate (cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED; goto cleanup; } } while (0) | |||
736 | PKIX_CERTGETCERTCERTIFICATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate (cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED; goto cleanup; } } while (0); | |||
737 | ||||
738 | rv = CERT_AddCertToListHead(certList, nssCert); | |||
739 | if (rv != SECSuccess) { | |||
740 | PKIX_ERROR_ALLOC_ERROR(){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_ALLOCERROR, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorResult = PKIX_ALLOC_ERROR(); goto cleanup; }; | |||
741 | } | |||
742 | /* the certList takes ownership of nssCert on success */ | |||
743 | nssCert = NULL((void*)0); | |||
744 | PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0); } } while (0); | |||
745 | ||||
746 | /* Add the rest of the chain to the list */ | |||
747 | for (j = *pCertCheckedIndex; j < numCerts; j++) { | |||
748 | PKIX_CHECK(PKIX_List_GetItem(do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j, (PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0) | |||
749 | certs, j, (PKIX_PL_Object **)&cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j, (PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0) | |||
750 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j, (PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0); | |||
751 | ||||
752 | PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate (cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED; goto cleanup; } } while (0) | |||
753 | PKIX_PL_Cert_GetCERTCertificate(cert, &nssCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate (cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED; goto cleanup; } } while (0) | |||
754 | PKIX_CERTGETCERTCERTIFICATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate (cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED; goto cleanup; } } while (0); | |||
755 | ||||
756 | rv = CERT_AddCertToListHead(certList, nssCert); | |||
757 | if (rv != SECSuccess) { | |||
758 | PKIX_ERROR_ALLOC_ERROR(){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_ALLOCERROR, ((void*)0), stdVars.aPkixType, 2, plContext ); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorResult = PKIX_ALLOC_ERROR(); goto cleanup; }; | |||
759 | } | |||
760 | /* the certList takes ownership of nssCert on success */ | |||
761 | nssCert = NULL((void*)0); | |||
762 | PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0); } } while (0); | |||
763 | } | |||
764 | ||||
765 | rv = (*chainVerifyCallback->isChainValid) | |||
766 | (chainVerifyCallback->isChainValidArg, certList, &chainOK); | |||
767 | if (rv != SECSuccess) { | |||
768 | PKIX_ERROR_FATAL(PKIX_CHAINVERIFYCALLBACKFAILED){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_CHAINVERIFYCALLBACKFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR ; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext ); } }; goto cleanup; }; | |||
769 | } | |||
770 | ||||
771 | if (!chainOK) { | |||
772 | PKIX_ERROR(PKIX_CHAINVERIFYCALLBACKFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_CHAINVERIFYCALLBACKFAILED, ((void*)0), stdVars.aPkixType , 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean ) 1); stdVars.aPkixErrorCode = PKIX_CHAINVERIFYCALLBACKFAILED ; goto cleanup; }; | |||
773 | } | |||
774 | ||||
775 | } | |||
776 | ||||
777 | PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0) | |||
778 | (anchor, &cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0) | |||
779 | PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert (anchor, &cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED ; goto cleanup; } } while (0); | |||
780 | ||||
781 | for (j = *pCertCheckedIndex; j < numCerts; j++) { | |||
782 | ||||
783 | PORT_Assert(cert)((cert)?((void)0):PR_Assert("cert","pkix_validate.c",783)); | |||
784 | PKIX_DECREF(issuer)do { if (issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(issuer), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } issuer = ((void*)0 ); } } while (0); | |||
785 | issuer = cert; | |||
786 | cert = NULL((void*)0); | |||
787 | ||||
788 | PKIX_CHECK(PKIX_List_GetItem(do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j, (PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0) | |||
789 | certs, j, (PKIX_PL_Object **)&cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j, (PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0) | |||
790 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j, (PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0); | |||
791 | ||||
792 | /* check if cert pointer is valid */ | |||
793 | PORT_Assert(cert)((cert)?((void)0):PR_Assert("cert","pkix_validate.c",793)); | |||
794 | if (cert == NULL((void*)0)) { | |||
795 | continue; | |||
796 | } | |||
797 | ||||
798 | if (revChecking == PKIX_FALSE((PKIX_Boolean) 0)) { | |||
799 | ||||
800 | PKIX_CHECK(pkix_CheckCertdo { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers , removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CHECKCERTFAILED; goto cleanup; } } while (0) | |||
801 | (cert,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers , removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CHECKCERTFAILED; goto cleanup; } } while (0) | |||
802 | checkers,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers , removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CHECKCERTFAILED; goto cleanup; } } while (0) | |||
803 | removeCheckedExtOIDs,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers , removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CHECKCERTFAILED; goto cleanup; } } while (0) | |||
804 | pCheckerIndex,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers , removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CHECKCERTFAILED; goto cleanup; } } while (0) | |||
805 | &nbioContext,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers , removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CHECKCERTFAILED; goto cleanup; } } while (0) | |||
806 | plContext),do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers , removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CHECKCERTFAILED; goto cleanup; } } while (0) | |||
807 | PKIX_CHECKCERTFAILED)do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers , removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CHECKCERTFAILED; goto cleanup; } } while (0); | |||
808 | ||||
809 | if (nbioContext != NULL((void*)0)) { | |||
810 | *pCertCheckedIndex = j; | |||
811 | *pRevChecking = revChecking; | |||
812 | *pNBIOContext = nbioContext; | |||
813 | goto cleanup; | |||
814 | } | |||
815 | ||||
816 | revChecking = PKIX_TRUE((PKIX_Boolean) 1); | |||
817 | *pCheckerIndex = 0; | |||
818 | } | |||
819 | ||||
820 | if (revChecking == PKIX_TRUE((PKIX_Boolean) 1)) { | |||
821 | PKIX_RevocationStatus revStatus; | |||
822 | pkixErrorResultstdVars.aPkixErrorResult = | |||
823 | PKIX_RevocationChecker_Check( | |||
824 | cert, issuer, revChecker, | |||
825 | procParams, PKIX_TRUE((PKIX_Boolean) 1), | |||
826 | (j == numCerts - 1) ? PKIX_TRUE((PKIX_Boolean) 1) : PKIX_FALSE((PKIX_Boolean) 0), | |||
827 | &revStatus, pReasonCode, | |||
828 | &nbioContext, plContext); | |||
829 | if (nbioContext != NULL((void*)0)) { | |||
830 | *pCertCheckedIndex = j; | |||
831 | *pRevChecking = revChecking; | |||
832 | *pNBIOContext = nbioContext; | |||
833 | goto cleanup; | |||
834 | } | |||
835 | if (revStatus == PKIX_RevStatus_Revoked || | |||
836 | pkixErrorResultstdVars.aPkixErrorResult) { | |||
837 | if (!pkixErrorResultstdVars.aPkixErrorResult) { | |||
838 | /* if pkixErrorResult is returned then | |||
839 | * use it as it has a detailed revocation | |||
840 | * error code. Otherwise create a new error */ | |||
841 | PKIX_ERROR_CREATE(VALIDATE,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_VALIDATE_ERROR , stdVars.aMyFuncName, PKIX_CERTIFICATEREVOKED, PKIX_VALIDATE_ERROR , stdVars.aPkixErrorResult, &stdVars.aPkixErrorResult, plContext ); if (stdVars.aPkixTempResult) { stdVars.aPkixErrorResult = stdVars .aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } } | |||
842 | PKIX_CERTIFICATEREVOKED,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_VALIDATE_ERROR , stdVars.aMyFuncName, PKIX_CERTIFICATEREVOKED, PKIX_VALIDATE_ERROR , stdVars.aPkixErrorResult, &stdVars.aPkixErrorResult, plContext ); if (stdVars.aPkixTempResult) { stdVars.aPkixErrorResult = stdVars .aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } } | |||
843 | pkixErrorResult){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_VALIDATE_ERROR , stdVars.aMyFuncName, PKIX_CERTIFICATEREVOKED, PKIX_VALIDATE_ERROR , stdVars.aPkixErrorResult, &stdVars.aPkixErrorResult, plContext ); if (stdVars.aPkixTempResult) { stdVars.aPkixErrorResult = stdVars .aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }; | |||
844 | } | |||
845 | goto cleanup; | |||
846 | } | |||
847 | revChecking = PKIX_FALSE((PKIX_Boolean) 0); | |||
848 | *pCheckerIndex = 0; | |||
849 | } | |||
850 | ||||
851 | PKIX_CHECK(pkix_AddToVerifyLogdo { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog (cert, j , ((void*)0), pVerifyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; goto cleanup ; } } while (0) | |||
852 | (cert, j, NULL, pVerifyTree, plContext),do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog (cert, j , ((void*)0), pVerifyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; goto cleanup ; } } while (0) | |||
853 | PKIX_ADDTOVERIFYLOGFAILED)do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog (cert, j , ((void*)0), pVerifyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; goto cleanup ; } } while (0); | |||
854 | } | |||
855 | ||||
856 | PKIX_CHECK(pkix_RetrieveOutputsdo { stdVars.aPkixErrorResult = (pkix_RetrieveOutputs (checkers , pFinalSubjPubKey, pPolicyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_RETRIEVEOUTPUTSFAILED; goto cleanup ; } } while (0) | |||
857 | (checkers, pFinalSubjPubKey, pPolicyTree, plContext),do { stdVars.aPkixErrorResult = (pkix_RetrieveOutputs (checkers , pFinalSubjPubKey, pPolicyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_RETRIEVEOUTPUTSFAILED; goto cleanup ; } } while (0) | |||
858 | PKIX_RETRIEVEOUTPUTSFAILED)do { stdVars.aPkixErrorResult = (pkix_RetrieveOutputs (checkers , pFinalSubjPubKey, pPolicyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_RETRIEVEOUTPUTSFAILED; goto cleanup ; } } while (0); | |||
859 | ||||
860 | *pNBIOContext = NULL((void*)0); | |||
861 | ||||
862 | cleanup: | |||
863 | if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList) && cert) { | |||
864 | checkCertError = pkixErrorResultstdVars.aPkixErrorResult; | |||
865 | ||||
866 | PKIX_CHECK_FATAL(do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode (pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars .aPkixType, 1, plContext); } }; goto fatal; } } while (0) | |||
867 | pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree,do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode (pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars .aPkixType, 1, plContext); } }; goto fatal; } } while (0) | |||
868 | plContext),do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode (pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars .aPkixType, 1, plContext); } }; goto fatal; } } while (0) | |||
869 | PKIX_ADDTOVERIFYLOGFAILED)do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars. aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode (pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars .aPkixType, 1, plContext); } }; goto fatal; } } while (0); | |||
870 | pkixErrorResultstdVars.aPkixErrorResult = checkCertError; | |||
871 | pkixErrorCodestdVars.aPkixErrorCode = pkixErrorResultstdVars.aPkixErrorResult->errCode; | |||
872 | checkCertError = NULL((void*)0); | |||
873 | } | |||
874 | ||||
875 | fatal: | |||
876 | if (nssCert) { | |||
877 | CERT_DestroyCertificate(nssCert); | |||
878 | } | |||
879 | ||||
880 | if (certList) { | |||
881 | CERT_DestroyCertList(certList); | |||
882 | } | |||
883 | ||||
884 | PKIX_DECREF(checkCertError)do { if (checkCertError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkCertError), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } checkCertError = ((void*)0); } } while (0); | |||
885 | PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0); } } while (0); | |||
886 | PKIX_DECREF(issuer)do { if (issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(issuer), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } issuer = ((void*)0 ); } } while (0); | |||
887 | ||||
888 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
889 | } | |||
890 | ||||
891 | /* | |||
892 | * FUNCTION: pkix_ExtractParameters | |||
893 | * DESCRIPTION: | |||
894 | * | |||
895 | * Extracts several parameters from the ValidateParams object pointed to by | |||
896 | * "valParams" and stores the CertChain at "pChain", the List of Certs at | |||
897 | * "pCerts", the number of Certs in the chain at "pNumCerts", the | |||
898 | * ProcessingParams object at "pProcParams", the List of TrustAnchors at | |||
899 | * "pAnchors", and the number of TrustAnchors at "pNumAnchors". | |||
900 | * | |||
901 | * PARAMETERS: | |||
902 | * "valParams" | |||
903 | * Address of ValidateParams from which the parameters are extracted. | |||
904 | * Must be non-NULL. | |||
905 | * "pCerts" | |||
906 | * Address where object pointer for List of Certs will be stored. | |||
907 | * Must be non-NULL. | |||
908 | * "pNumCerts" | |||
909 | * Address where number of Certs will be stored. Must be non-NULL. | |||
910 | * "pProcParams" | |||
911 | * Address where object pointer for ProcessingParams will be stored. | |||
912 | * Must be non-NULL. | |||
913 | * "pAnchors" | |||
914 | * Address where object pointer for List of Anchors will be stored. | |||
915 | * Must be non-NULL. | |||
916 | * "pNumAnchors" | |||
917 | * Address where number of Anchors will be stored. Must be non-NULL. | |||
918 | * "plContext" | |||
919 | * Platform-specific context pointer. | |||
920 | * THREAD SAFETY: | |||
921 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
922 | * RETURNS: | |||
923 | * Returns NULL if the function succeeds. | |||
924 | * Returns a Validate Error if the function fails in a non-fatal way. | |||
925 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
926 | */ | |||
927 | static PKIX_Error * | |||
928 | pkix_ExtractParameters( | |||
929 | PKIX_ValidateParams *valParams, | |||
930 | PKIX_List **pCerts, | |||
931 | PKIX_UInt32 *pNumCerts, | |||
932 | PKIX_ProcessingParams **pProcParams, | |||
933 | PKIX_List **pAnchors, | |||
934 | PKIX_UInt32 *pNumAnchors, | |||
935 | void *plContext) | |||
936 | { | |||
937 | PKIX_ENTER(VALIDATE, "pkix_ExtractParameters")static const char cMyFuncName[] = {"pkix_ExtractParameters"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
938 | PKIX_NULLCHECK_THREE(valParams, pCerts, pNumCerts)do { if (((valParams) == ((void*)0)) || ((pCerts) == ((void*) 0)) || ((pNumCerts) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
939 | PKIX_NULLCHECK_THREE(pProcParams, pAnchors, pNumAnchors)do { if (((pProcParams) == ((void*)0)) || ((pAnchors) == ((void *)0)) || ((pNumAnchors) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
940 | ||||
941 | /* extract relevant parameters from chain */ | |||
942 | PKIX_CHECK(PKIX_ValidateParams_GetCertChaindo { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetCertChain (valParams, pCerts, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETCERTCHAINFAILED ; goto cleanup; } } while (0) | |||
943 | (valParams, pCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetCertChain (valParams, pCerts, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETCERTCHAINFAILED ; goto cleanup; } } while (0) | |||
944 | PKIX_VALIDATEPARAMSGETCERTCHAINFAILED)do { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetCertChain (valParams, pCerts, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETCERTCHAINFAILED ; goto cleanup; } } while (0); | |||
945 | ||||
946 | PKIX_CHECK(PKIX_List_GetLength(*pCerts, pNumCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(*pCerts, pNumCerts, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } } while (0) | |||
947 | PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(*pCerts, pNumCerts, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } } while (0); | |||
948 | ||||
949 | /* extract relevant parameters from procParams */ | |||
950 | PKIX_CHECK(PKIX_ValidateParams_GetProcessingParamsdo { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetProcessingParams (valParams, pProcParams, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED ; goto cleanup; } } while (0) | |||
951 | (valParams, pProcParams, plContext),do { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetProcessingParams (valParams, pProcParams, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED ; goto cleanup; } } while (0) | |||
952 | PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetProcessingParams (valParams, pProcParams, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED ; goto cleanup; } } while (0); | |||
953 | ||||
954 | PKIX_CHECK(PKIX_ProcessingParams_GetTrustAnchorsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors (*pProcParams, pAnchors, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED ; goto cleanup; } } while (0) | |||
955 | (*pProcParams, pAnchors, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors (*pProcParams, pAnchors, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED ; goto cleanup; } } while (0) | |||
956 | PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors (*pProcParams, pAnchors, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED ; goto cleanup; } } while (0); | |||
957 | ||||
958 | PKIX_CHECK(PKIX_List_GetLength(*pAnchors, pNumAnchors, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(*pAnchors , pNumAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } } while (0) | |||
959 | PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(*pAnchors , pNumAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } } while (0); | |||
960 | ||||
961 | cleanup: | |||
962 | ||||
963 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
964 | } | |||
965 | ||||
966 | /* --Public-Functions--------------------------------------------- */ | |||
967 | ||||
968 | /* | |||
969 | * FUNCTION: PKIX_ValidateChain (see comments in pkix.h) | |||
970 | */ | |||
971 | PKIX_Error * | |||
972 | PKIX_ValidateChain( | |||
973 | PKIX_ValidateParams *valParams, | |||
974 | PKIX_ValidateResult **pResult, | |||
975 | PKIX_VerifyNode **pVerifyTree, | |||
976 | void *plContext) | |||
977 | { | |||
978 | PKIX_Error *chainFailed = NULL((void*)0); | |||
979 | ||||
980 | PKIX_ProcessingParams *procParams = NULL((void*)0); | |||
981 | PKIX_CertChainChecker *userChecker = NULL((void*)0); | |||
982 | PKIX_RevocationChecker *revChecker = NULL((void*)0); | |||
983 | PKIX_List *certs = NULL((void*)0); | |||
984 | PKIX_List *checkers = NULL((void*)0); | |||
985 | PKIX_List *anchors = NULL((void*)0); | |||
986 | PKIX_List *userCheckers = NULL((void*)0); | |||
987 | PKIX_List *userCheckerExtOIDs = NULL((void*)0); | |||
988 | PKIX_List *validateCheckedCritExtOIDsList = NULL((void*)0); | |||
989 | PKIX_TrustAnchor *anchor = NULL((void*)0); | |||
990 | PKIX_ValidateResult *valResult = NULL((void*)0); | |||
991 | PKIX_PL_PublicKey *finalPubKey = NULL((void*)0); | |||
992 | PKIX_PolicyNode *validPolicyTree = NULL((void*)0); | |||
993 | PKIX_Boolean supportForwarding = PKIX_FALSE((PKIX_Boolean) 0); | |||
994 | PKIX_Boolean revChecking = PKIX_FALSE((PKIX_Boolean) 0); | |||
995 | PKIX_UInt32 i, numCerts, numAnchors; | |||
| ||||
996 | PKIX_UInt32 numUserCheckers = 0; | |||
997 | PKIX_UInt32 certCheckedIndex = 0; | |||
998 | PKIX_UInt32 checkerIndex = 0; | |||
999 | PKIX_UInt32 reasonCode = 0; | |||
1000 | void *nbioContext = NULL((void*)0); | |||
1001 | ||||
1002 | PKIX_ENTER(VALIDATE, "PKIX_ValidateChain")static const char cMyFuncName[] = {"PKIX_ValidateChain"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1003 | PKIX_NULLCHECK_TWO(valParams, pResult)do { if (((valParams) == ((void*)0)) || ((pResult) == ((void* )0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars .aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(& stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);; } } while (0); | |||
1004 | ||||
1005 | /* extract various parameters from valParams */ | |||
1006 | PKIX_CHECK(pkix_ExtractParametersdo { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1007 | (valParams,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1008 | &certs,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1009 | &numCerts,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1010 | &procParams,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1011 | &anchors,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1012 | &numAnchors,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1013 | plContext),do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1014 | PKIX_EXTRACTPARAMETERSFAILED)do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0); | |||
1015 | ||||
1016 | /* | |||
1017 | * setup an extension OID list that user had defined for his checker | |||
1018 | * processing. User checker is not responsible for taking out OIDs | |||
1019 | * from unresolved critical extension list as the libpkix checker | |||
1020 | * is doing. Here we add those user checkers' OIDs to the removal | |||
1021 | * list to be taken out by CheckChain | |||
1022 | */ | |||
1023 | PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckersdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0) | |||
1024 | (procParams, &userCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0) | |||
1025 | PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0); | |||
1026 | ||||
1027 | if (userCheckers != NULL((void*)0)) { | |||
1028 | ||||
1029 | PKIX_CHECK(PKIX_List_Createdo { stdVars.aPkixErrorResult = (PKIX_List_Create (&validateCheckedCritExtOIDsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
1030 | (&validateCheckedCritExtOIDsList,do { stdVars.aPkixErrorResult = (PKIX_List_Create (&validateCheckedCritExtOIDsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
1031 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create (&validateCheckedCritExtOIDsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
1032 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create (&validateCheckedCritExtOIDsList , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
1033 | ||||
1034 | PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers , &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
1035 | (userCheckers, &numUserCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers , &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
1036 | PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers , &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0); | |||
1037 | ||||
1038 | for (i = 0; i < numUserCheckers; i++) { | |||
1039 | ||||
1040 | PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1041 | (userCheckers,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1042 | i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1043 | (PKIX_PL_Object **) &userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1044 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1045 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0); | |||
1046 | ||||
1047 | PKIX_CHECKdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported (userChecker, &supportForwarding, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED ; goto cleanup; } } while (0) | |||
1048 | (PKIX_CertChainChecker_IsForwardCheckingSupporteddo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported (userChecker, &supportForwarding, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED ; goto cleanup; } } while (0) | |||
1049 | (userChecker, &supportForwarding, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported (userChecker, &supportForwarding, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED ; goto cleanup; } } while (0) | |||
1050 | PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported (userChecker, &supportForwarding, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED ; goto cleanup; } } while (0); | |||
1051 | ||||
1052 | if (supportForwarding == PKIX_FALSE((PKIX_Boolean) 0)) { | |||
1053 | ||||
1054 | PKIX_CHECKdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED ; goto cleanup; } } while (0) | |||
1055 | (PKIX_CertChainChecker_GetSupportedExtensionsdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED ; goto cleanup; } } while (0) | |||
1056 | (userChecker, &userCheckerExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED ; goto cleanup; } } while (0) | |||
1057 | PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED ; goto cleanup; } } while (0); | |||
1058 | ||||
1059 | if (userCheckerExtOIDs != NULL((void*)0)) { | |||
1060 | PKIX_CHECK(pkix_List_AppendListdo { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList , userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup ; } } while (0) | |||
1061 | (validateCheckedCritExtOIDsList,do { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList , userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup ; } } while (0) | |||
1062 | userCheckerExtOIDs,do { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList , userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup ; } } while (0) | |||
1063 | plContext),do { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList , userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup ; } } while (0) | |||
1064 | PKIX_LISTAPPENDLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList , userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup ; } } while (0); | |||
1065 | } | |||
1066 | } | |||
1067 | ||||
1068 | PKIX_DECREF(userCheckerExtOIDs)do { if (userCheckerExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userCheckerExtOIDs), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckerExtOIDs = ((void*)0); } } while (0); | |||
1069 | PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void *)0); } } while (0); | |||
1070 | } | |||
1071 | } | |||
1072 | ||||
1073 | PKIX_CHECK(PKIX_ProcessingParams_GetRevocationCheckerdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED ; goto cleanup; } } while (0) | |||
1074 | (procParams, &revChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED ; goto cleanup; } } while (0) | |||
1075 | PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED ; goto cleanup; } } while (0); | |||
1076 | ||||
1077 | /* try to validate the chain with each anchor */ | |||
1078 | for (i = 0; i < numAnchors; i++){ | |||
| ||||
1079 | ||||
1080 | /* get trust anchor */ | |||
1081 | PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i , (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0) | |||
1082 | (anchors, i, (PKIX_PL_Object **)&anchor, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i , (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0) | |||
1083 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i , (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0); | |||
1084 | ||||
1085 | /* initialize checkers using information from trust anchor */ | |||
1086 | PKIX_CHECK(pkix_InitializeCheckersdo { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0) | |||
1087 | (anchor, procParams, numCerts, &checkers, plContext),do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0) | |||
1088 | PKIX_INITIALIZECHECKERSFAILED)do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0); | |||
1089 | ||||
1090 | /* | |||
1091 | * Validate the chain using this trust anchor and these | |||
1092 | * checkers. (WARNING: checkers that use non-blocking I/O | |||
1093 | * are not currently supported.) | |||
1094 | */ | |||
1095 | certCheckedIndex = 0; | |||
1096 | checkerIndex = 0; | |||
1097 | revChecking = PKIX_FALSE((PKIX_Boolean) 0); | |||
1098 | chainFailed = pkix_CheckChain | |||
1099 | (certs, | |||
1100 | numCerts, | |||
1101 | anchor, | |||
1102 | checkers, | |||
1103 | revChecker, | |||
1104 | validateCheckedCritExtOIDsList, | |||
1105 | procParams, | |||
1106 | &certCheckedIndex, | |||
1107 | &checkerIndex, | |||
1108 | &revChecking, | |||
1109 | &reasonCode, | |||
1110 | &nbioContext, | |||
1111 | &finalPubKey, | |||
1112 | &validPolicyTree, | |||
1113 | pVerifyTree, | |||
1114 | plContext); | |||
1115 | ||||
1116 | if (chainFailed) { | |||
1117 | ||||
1118 | /* cert chain failed to validate */ | |||
1119 | ||||
1120 | PKIX_DECREF(chainFailed)do { if (chainFailed){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(chainFailed), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } chainFailed = ((void *)0); } } while (0); | |||
1121 | PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0 ); } } while (0); | |||
1122 | PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void* )0); } } while (0); | |||
1123 | PKIX_DECREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } validPolicyTree = ((void*)0); } } while (0); | |||
1124 | ||||
1125 | /* if last anchor, we fail; else, we try next anchor */ | |||
1126 | if (i == (numAnchors - 1)) { /* last anchor */ | |||
1127 | PKIX_ERROR(PKIX_VALIDATECHAINFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_VALIDATECHAINFAILED, ((void*)0), stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VALIDATECHAINFAILED; goto cleanup ; }; | |||
1128 | } | |||
1129 | ||||
1130 | } else { | |||
1131 | ||||
1132 | /* XXX Remove this assertion after 2014-12-31. | |||
1133 | * See bug 946984. */ | |||
1134 | PORT_Assert(reasonCode == 0)((reasonCode == 0)?((void)0):PR_Assert("reasonCode == 0","pkix_validate.c" ,1134)); | |||
1135 | ||||
1136 | /* cert chain successfully validated! */ | |||
1137 | PKIX_CHECK(pkix_ValidateResult_Createdo { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1138 | (finalPubKey,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1139 | anchor,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1140 | validPolicyTree,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1141 | &valResult,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1142 | plContext),do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1143 | PKIX_VALIDATERESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0); | |||
1144 | ||||
1145 | *pResult = valResult; | |||
1146 | ||||
1147 | /* no need to try any more anchors in the loop */ | |||
1148 | goto cleanup; | |||
1149 | } | |||
1150 | } | |||
1151 | ||||
1152 | cleanup: | |||
1153 | ||||
1154 | PKIX_DECREF(finalPubKey)do { if (finalPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(finalPubKey), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } finalPubKey = ((void *)0); } } while (0); | |||
1155 | PKIX_DECREF(certs)do { if (certs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certs), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } certs = ((void*)0) ; } } while (0); | |||
1156 | PKIX_DECREF(anchors)do { if (anchors){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(anchors), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } anchors = ((void*) 0); } } while (0); | |||
1157 | PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0 ); } } while (0); | |||
1158 | PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void* )0); } } while (0); | |||
1159 | PKIX_DECREF(revChecker)do { if (revChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(revChecker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } revChecker = ((void *)0); } } while (0); | |||
1160 | PKIX_DECREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } validPolicyTree = ((void*)0); } } while (0); | |||
1161 | PKIX_DECREF(chainFailed)do { if (chainFailed){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(chainFailed), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } chainFailed = ((void *)0); } } while (0); | |||
1162 | PKIX_DECREF(procParams)do { if (procParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(procParams), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } procParams = ((void *)0); } } while (0); | |||
1163 | PKIX_DECREF(userCheckers)do { if (userCheckers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userCheckers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } userCheckers = ((void *)0); } } while (0); | |||
1164 | PKIX_DECREF(validateCheckedCritExtOIDsList)do { if (validateCheckedCritExtOIDsList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(validateCheckedCritExtOIDsList ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } validateCheckedCritExtOIDsList = ((void*)0); } } while (0); | |||
1165 | ||||
1166 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1167 | } | |||
1168 | ||||
1169 | /* | |||
1170 | * FUNCTION: pkix_Validate_BuildUserOIDs | |||
1171 | * DESCRIPTION: | |||
1172 | * | |||
1173 | * This function creates a List of the OIDs that are processed by the user | |||
1174 | * checkers in the List pointed to by "userCheckers", storing the resulting | |||
1175 | * List at "pUserCritOIDs". If the List of userCheckers is NULL, the output | |||
1176 | * List will be NULL. Otherwise the output List will be non-NULL, but may be | |||
1177 | * empty. | |||
1178 | * | |||
1179 | * PARAMETERS: | |||
1180 | * "userCheckers" | |||
1181 | * The address of the List of userCheckers. | |||
1182 | * "pUserCritOIDs" | |||
1183 | * The address at which the List is stored. Must be non-NULL. | |||
1184 | * "plContext" | |||
1185 | * Platform-specific context pointer. | |||
1186 | * THREAD SAFETY: | |||
1187 | * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |||
1188 | * RETURNS: | |||
1189 | * Returns NULL if the function succeeds. | |||
1190 | * Returns a VALIDATE Error if the function fails in a non-fatal way. | |||
1191 | * Returns a Fatal Error if the function fails in an unrecoverable way. | |||
1192 | */ | |||
1193 | static PKIX_Error * | |||
1194 | pkix_Validate_BuildUserOIDs( | |||
1195 | PKIX_List *userCheckers, | |||
1196 | PKIX_List **pUserCritOIDs, | |||
1197 | void *plContext) | |||
1198 | { | |||
1199 | PKIX_UInt32 numUserCheckers = 0; | |||
1200 | PKIX_UInt32 i = 0; | |||
1201 | PKIX_List *userCritOIDs = NULL((void*)0); | |||
1202 | PKIX_List *userCheckerExtOIDs = NULL((void*)0); | |||
1203 | PKIX_Boolean supportForwarding = PKIX_FALSE((PKIX_Boolean) 0); | |||
1204 | PKIX_CertChainChecker *userChecker = NULL((void*)0); | |||
1205 | ||||
1206 | PKIX_ENTER(VALIDATE, "pkix_Validate_BuildUserOIDs")static const char cMyFuncName[] = {"pkix_Validate_BuildUserOIDs" }; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName ; stdVars.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1207 | PKIX_NULLCHECK_ONE(pUserCritOIDs)do { if ((pUserCritOIDs) == ((void*)0)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT ; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean ) 1), plContext);; } } while (0); | |||
1208 | ||||
1209 | if (userCheckers != NULL((void*)0)) { | |||
1210 | PKIX_CHECK(PKIX_List_Create(&userCritOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&userCritOIDs , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0) | |||
1211 | PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&userCritOIDs , plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0); | |||
1212 | ||||
1213 | PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers , &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
1214 | (userCheckers, &numUserCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers , &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0) | |||
1215 | PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers , &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup ; } } while (0); | |||
1216 | ||||
1217 | for (i = 0; i < numUserCheckers; i++) { | |||
1218 | PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1219 | (userCheckers,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1220 | i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1221 | (PKIX_PL_Object **) &userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1222 | plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0) | |||
1223 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers , i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED ; goto cleanup; } } while (0); | |||
1224 | ||||
1225 | PKIX_CHECK(PKIX_CertChainChecker_IsForwardCheckingSupporteddo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported (userChecker, &supportForwarding, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED ; goto cleanup; } } while (0) | |||
1226 | (userChecker, &supportForwarding, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported (userChecker, &supportForwarding, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED ; goto cleanup; } } while (0) | |||
1227 | PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported (userChecker, &supportForwarding, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED ; goto cleanup; } } while (0); | |||
1228 | ||||
1229 | if (supportForwarding == PKIX_FALSE((PKIX_Boolean) 0)) { | |||
1230 | ||||
1231 | PKIX_CHECK(PKIX_CertChainChecker_GetSupportedExtensionsdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED ; goto cleanup; } } while (0) | |||
1232 | (userChecker, &userCheckerExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED ; goto cleanup; } } while (0) | |||
1233 | PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED ; goto cleanup; } } while (0); | |||
1234 | ||||
1235 | if (userCheckerExtOIDs != NULL((void*)0)) { | |||
1236 | PKIX_CHECK(pkix_List_AppendListdo { stdVars.aPkixErrorResult = (pkix_List_AppendList (userCritOIDs , userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup ; } } while (0) | |||
1237 | (userCritOIDs, userCheckerExtOIDs, plContext),do { stdVars.aPkixErrorResult = (pkix_List_AppendList (userCritOIDs , userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup ; } } while (0) | |||
1238 | PKIX_LISTAPPENDLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_List_AppendList (userCritOIDs , userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup ; } } while (0); | |||
1239 | } | |||
1240 | } | |||
1241 | ||||
1242 | PKIX_DECREF(userCheckerExtOIDs)do { if (userCheckerExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userCheckerExtOIDs), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckerExtOIDs = ((void*)0); } } while (0); | |||
1243 | PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void *)0); } } while (0); | |||
1244 | } | |||
1245 | } | |||
1246 | ||||
1247 | *pUserCritOIDs = userCritOIDs; | |||
1248 | ||||
1249 | cleanup: | |||
1250 | ||||
1251 | if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars .aPkixTempErrorReceived || stdVars.aPkixErrorList)){ | |||
1252 | PKIX_DECREF(userCritOIDs)do { if (userCritOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userCritOIDs), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } userCritOIDs = ((void *)0); } } while (0); | |||
1253 | } | |||
1254 | ||||
1255 | PKIX_DECREF(userCheckerExtOIDs)do { if (userCheckerExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userCheckerExtOIDs), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckerExtOIDs = ((void*)0); } } while (0); | |||
1256 | PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void *)0); } } while (0); | |||
1257 | ||||
1258 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1259 | } | |||
1260 | ||||
1261 | /* | |||
1262 | * FUNCTION: PKIX_ValidateChain_nb (see comments in pkix.h) | |||
1263 | */ | |||
1264 | PKIX_Error * | |||
1265 | PKIX_ValidateChain_NB( | |||
1266 | PKIX_ValidateParams *valParams, | |||
1267 | PKIX_UInt32 *pCertIndex, | |||
1268 | PKIX_UInt32 *pAnchorIndex, | |||
1269 | PKIX_UInt32 *pCheckerIndex, | |||
1270 | PKIX_Boolean *pRevChecking, | |||
1271 | PKIX_List **pCheckers, | |||
1272 | void **pNBIOContext, | |||
1273 | PKIX_ValidateResult **pResult, | |||
1274 | PKIX_VerifyNode **pVerifyTree, | |||
1275 | void *plContext) | |||
1276 | { | |||
1277 | PKIX_UInt32 numCerts = 0; | |||
1278 | PKIX_UInt32 numAnchors = 0; | |||
1279 | PKIX_UInt32 i = 0; | |||
1280 | PKIX_UInt32 certIndex = 0; | |||
1281 | PKIX_UInt32 anchorIndex = 0; | |||
1282 | PKIX_UInt32 checkerIndex = 0; | |||
1283 | PKIX_UInt32 reasonCode = 0; | |||
1284 | PKIX_Boolean revChecking = PKIX_FALSE((PKIX_Boolean) 0); | |||
1285 | PKIX_List *certs = NULL((void*)0); | |||
1286 | PKIX_List *anchors = NULL((void*)0); | |||
1287 | PKIX_List *checkers = NULL((void*)0); | |||
1288 | PKIX_List *userCheckers = NULL((void*)0); | |||
1289 | PKIX_List *validateCheckedCritExtOIDsList = NULL((void*)0); | |||
1290 | PKIX_TrustAnchor *anchor = NULL((void*)0); | |||
1291 | PKIX_ValidateResult *valResult = NULL((void*)0); | |||
1292 | PKIX_PL_PublicKey *finalPubKey = NULL((void*)0); | |||
1293 | PKIX_PolicyNode *validPolicyTree = NULL((void*)0); | |||
1294 | PKIX_ProcessingParams *procParams = NULL((void*)0); | |||
1295 | PKIX_RevocationChecker *revChecker = NULL((void*)0); | |||
1296 | PKIX_Error *chainFailed = NULL((void*)0); | |||
1297 | void *nbioContext = NULL((void*)0); | |||
1298 | ||||
1299 | PKIX_ENTER(VALIDATE, "PKIX_ValidateChain_NB")static const char cMyFuncName[] = {"PKIX_ValidateChain_NB"}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars .aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace ) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName , ">>>", stdVars.aPkixType, 5, plContext); } } while (0);; | |||
1300 | PKIX_NULLCHECK_FOURdo { if (((valParams) == ((void*)0)) || ((pCertIndex) == ((void *)0)) || ((pAnchorIndex) == ((void*)0)) || ((pCheckerIndex) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1 ); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn (&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext );; } } while (0) | |||
1301 | (valParams, pCertIndex, pAnchorIndex, pCheckerIndex)do { if (((valParams) == ((void*)0)) || ((pCertIndex) == ((void *)0)) || ((pAnchorIndex) == ((void*)0)) || ((pCheckerIndex) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1 ); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn (&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext );; } } while (0); | |||
1302 | PKIX_NULLCHECK_FOUR(pRevChecking, pCheckers, pNBIOContext, pResult)do { if (((pRevChecking) == ((void*)0)) || ((pCheckers) == (( void*)0)) || ((pNBIOContext) == ((void*)0)) || ((pResult) == ( (void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn (&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext );; } } while (0); | |||
1303 | ||||
1304 | nbioContext = *pNBIOContext; | |||
1305 | *pNBIOContext = NULL((void*)0); | |||
1306 | ||||
1307 | /* extract various parameters from valParams */ | |||
1308 | PKIX_CHECK(pkix_ExtractParametersdo { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1309 | (valParams,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1310 | &certs,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1311 | &numCerts,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1312 | &procParams,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1313 | &anchors,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1314 | &numAnchors,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1315 | plContext),do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0) | |||
1316 | PKIX_EXTRACTPARAMETERSFAILED)do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams , &certs, &numCerts, &procParams, &anchors, & numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars .aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars .aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup; } } while (0); | |||
1317 | ||||
1318 | /* | |||
1319 | * Create a List of the OIDs that will be processed by the user | |||
1320 | * checkers. User checkers are not responsible for removing OIDs from | |||
1321 | * the List of unresolved critical extensions, as libpkix checkers are. | |||
1322 | * So we add those user checkers' OIDs to the removal list to be taken | |||
1323 | * out by CheckChain. | |||
1324 | */ | |||
1325 | PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckersdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0) | |||
1326 | (procParams, &userCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0) | |||
1327 | PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED ; goto cleanup; } } while (0); | |||
1328 | ||||
1329 | PKIX_CHECK(pkix_Validate_BuildUserOIDsdo { stdVars.aPkixErrorResult = (pkix_Validate_BuildUserOIDs ( userCheckers, &validateCheckedCritExtOIDsList, plContext) ); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATEBUILDUSEROIDSFAILED ; goto cleanup; } } while (0) | |||
1330 | (userCheckers, &validateCheckedCritExtOIDsList, plContext),do { stdVars.aPkixErrorResult = (pkix_Validate_BuildUserOIDs ( userCheckers, &validateCheckedCritExtOIDsList, plContext) ); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATEBUILDUSEROIDSFAILED ; goto cleanup; } } while (0) | |||
1331 | PKIX_VALIDATEBUILDUSEROIDSFAILED)do { stdVars.aPkixErrorResult = (pkix_Validate_BuildUserOIDs ( userCheckers, &validateCheckedCritExtOIDsList, plContext) ); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars .aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATEBUILDUSEROIDSFAILED ; goto cleanup; } } while (0); | |||
1332 | ||||
1333 | PKIX_CHECK(PKIX_ProcessingParams_GetRevocationCheckerdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED ; goto cleanup; } } while (0) | |||
1334 | (procParams, &revChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED ; goto cleanup; } } while (0) | |||
1335 | PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED ; goto cleanup; } } while (0); | |||
1336 | ||||
1337 | /* Are we resuming after a WOULDBLOCK return, or starting anew ? */ | |||
1338 | if (nbioContext != NULL((void*)0)) { | |||
1339 | /* Resuming */ | |||
1340 | certIndex = *pCertIndex; | |||
1341 | anchorIndex = *pAnchorIndex; | |||
1342 | checkerIndex = *pCheckerIndex; | |||
1343 | revChecking = *pRevChecking; | |||
1344 | checkers = *pCheckers; | |||
1345 | *pCheckers = NULL((void*)0); | |||
1346 | } | |||
1347 | ||||
1348 | /* try to validate the chain with each anchor */ | |||
1349 | for (i = anchorIndex; i < numAnchors; i++) { | |||
1350 | ||||
1351 | /* get trust anchor */ | |||
1352 | PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i , (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0) | |||
1353 | (anchors, i, (PKIX_PL_Object **)&anchor, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i , (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0) | |||
1354 | PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i , (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult ) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass ; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup ; } } while (0); | |||
1355 | ||||
1356 | /* initialize checkers using information from trust anchor */ | |||
1357 | if (nbioContext == NULL((void*)0)) { | |||
1358 | PKIX_CHECK(pkix_InitializeCheckersdo { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0) | |||
1359 | (anchor,do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0) | |||
1360 | procParams,do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0) | |||
1361 | numCerts,do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0) | |||
1362 | &checkers,do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0) | |||
1363 | plContext),do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0) | |||
1364 | PKIX_INITIALIZECHECKERSFAILED)do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor , procParams, numCerts, &checkers, plContext)); if (stdVars .aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult ->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED ; goto cleanup; } } while (0); | |||
1365 | } | |||
1366 | ||||
1367 | /* | |||
1368 | * Validate the chain using this trust anchor and these | |||
1369 | * checkers. | |||
1370 | */ | |||
1371 | chainFailed = pkix_CheckChain | |||
1372 | (certs, | |||
1373 | numCerts, | |||
1374 | anchor, | |||
1375 | checkers, | |||
1376 | revChecker, | |||
1377 | validateCheckedCritExtOIDsList, | |||
1378 | procParams, | |||
1379 | &certIndex, | |||
1380 | &checkerIndex, | |||
1381 | &revChecking, | |||
1382 | &reasonCode, | |||
1383 | &nbioContext, | |||
1384 | &finalPubKey, | |||
1385 | &validPolicyTree, | |||
1386 | pVerifyTree, | |||
1387 | plContext); | |||
1388 | ||||
1389 | if (nbioContext != NULL((void*)0)) { | |||
1390 | *pCertIndex = certIndex; | |||
1391 | *pAnchorIndex = anchorIndex; | |||
1392 | *pCheckerIndex = checkerIndex; | |||
1393 | *pRevChecking = revChecking; | |||
1394 | PKIX_INCREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while (0); | |||
1395 | *pCheckers = checkers; | |||
1396 | *pNBIOContext = nbioContext; | |||
1397 | goto cleanup; | |||
1398 | } | |||
1399 | ||||
1400 | if (chainFailed) { | |||
1401 | ||||
1402 | /* cert chain failed to validate */ | |||
1403 | ||||
1404 | PKIX_DECREF(chainFailed)do { if (chainFailed){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(chainFailed), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } chainFailed = ((void *)0); } } while (0); | |||
1405 | PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0 ); } } while (0); | |||
1406 | PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void* )0); } } while (0); | |||
1407 | PKIX_DECREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } validPolicyTree = ((void*)0); } } while (0); | |||
1408 | ||||
1409 | /* if last anchor, we fail; else, we try next anchor */ | |||
1410 | if (i == (numAnchors - 1)) { /* last anchor */ | |||
1411 | PKIX_ERROR(PKIX_VALIDATECHAINFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors , PKIX_VALIDATECHAINFAILED, ((void*)0), stdVars.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VALIDATECHAINFAILED; goto cleanup ; }; | |||
1412 | } | |||
1413 | ||||
1414 | } else { | |||
1415 | ||||
1416 | /* XXX Remove this assertion after 2014-12-31. | |||
1417 | * See bug 946984. */ | |||
1418 | PORT_Assert(reasonCode == 0)((reasonCode == 0)?((void)0):PR_Assert("reasonCode == 0","pkix_validate.c" ,1418)); | |||
1419 | ||||
1420 | /* cert chain successfully validated! */ | |||
1421 | PKIX_CHECK(pkix_ValidateResult_Createdo { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1422 | (finalPubKey,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1423 | anchor,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1424 | validPolicyTree,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1425 | &valResult,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1426 | plContext),do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0) | |||
1427 | PKIX_VALIDATERESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create ( finalPubKey, anchor, validPolicyTree, &valResult, plContext )); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while ( 0); | |||
1428 | ||||
1429 | *pResult = valResult; | |||
1430 | ||||
1431 | /* no need to try any more anchors in the loop */ | |||
1432 | goto cleanup; | |||
1433 | } | |||
1434 | } | |||
1435 | ||||
1436 | cleanup: | |||
1437 | ||||
1438 | PKIX_DECREF(finalPubKey)do { if (finalPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(finalPubKey), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } finalPubKey = ((void *)0); } } while (0); | |||
1439 | PKIX_DECREF(certs)do { if (certs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(certs), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } certs = ((void*)0) ; } } while (0); | |||
1440 | PKIX_DECREF(anchors)do { if (anchors){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(anchors), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } anchors = ((void*) 0); } } while (0); | |||
1441 | PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0 ); } } while (0); | |||
1442 | PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void* )0); } } while (0); | |||
1443 | PKIX_DECREF(revChecker)do { if (revChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(revChecker), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } revChecker = ((void *)0); } } while (0); | |||
1444 | PKIX_DECREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars .aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult , plContext); stdVars.aPkixTempResult = ((void*)0); } validPolicyTree = ((void*)0); } } while (0); | |||
1445 | PKIX_DECREF(chainFailed)do { if (chainFailed){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(chainFailed), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } chainFailed = ((void *)0); } } while (0); | |||
1446 | PKIX_DECREF(procParams)do { if (procParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(procParams), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } procParams = ((void *)0); } } while (0); | |||
1447 | PKIX_DECREF(userCheckers)do { if (userCheckers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(userCheckers), plContext); if (stdVars.aPkixTempResult ) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext ); stdVars.aPkixTempResult = ((void*)0); } userCheckers = ((void *)0); } } while (0); | |||
1448 | PKIX_DECREF(validateCheckedCritExtOIDsList)do { if (validateCheckedCritExtOIDsList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(validateCheckedCritExtOIDsList ), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError (&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void*)0); } validateCheckedCritExtOIDsList = ((void*)0); } } while (0); | |||
1449 | ||||
1450 | PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean ) 1), plContext);; | |||
1451 | } |