diff options
Diffstat (limited to 'security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c')
-rw-r--r-- | security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c | 407 |
1 files changed, 407 insertions, 0 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c new file mode 100644 index 000000000..81615da37 --- /dev/null +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c @@ -0,0 +1,407 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_pl_basicconstraints.c + * + * BasicConstraints Object Functions + * + */ + +#include "pkix_pl_basicconstraints.h" + +/* + * FUNCTION: pkix_pl_CertBasicConstraints_Create + * DESCRIPTION: + * + * Creates a new CertBasicConstraints object whose CA Flag has the value + * given by the Boolean value of "isCA" and whose path length field has the + * value given by the "pathLen" argument and stores it at "pObject". + * + * PARAMETERS + * "isCA" + * Boolean value with the desired value of CA Flag. + * "pathLen" + * a PKIX_Int32 with the desired value of path length + * "pObject" + * Address of object pointer's destination. Must be non-NULL. + * "plContext" - Platform-specific context pointer. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns NULL if the function succeeds. + * Returns a CertBasicConstraints Error if the function fails + * in a non-fatal way. + * Returns a Fatal Error if the function fails in an unrecoverable way. + */ +PKIX_Error * +pkix_pl_CertBasicConstraints_Create( + PKIX_Boolean isCA, + PKIX_Int32 pathLen, + PKIX_PL_CertBasicConstraints **pObject, + void *plContext) +{ + PKIX_PL_CertBasicConstraints *basic = NULL; + + PKIX_ENTER(CERTBASICCONSTRAINTS, + "pkix_pl_CertBasicConstraints_Create"); + PKIX_NULLCHECK_ONE(pObject); + + PKIX_CHECK(PKIX_PL_Object_Alloc + (PKIX_CERTBASICCONSTRAINTS_TYPE, + sizeof (PKIX_PL_CertBasicConstraints), + (PKIX_PL_Object **)&basic, + plContext), + PKIX_COULDNOTCREATECERTBASICCONSTRAINTSOBJECT); + + basic->isCA = isCA; + + /* pathLen has meaning only for CAs, but it's not worth checking */ + basic->pathLen = pathLen; + + *pObject = basic; + +cleanup: + + PKIX_RETURN(CERTBASICCONSTRAINTS); +} + +/* + * FUNCTION: pkix_pl_CertBasicConstraints_Destroy + * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_pl_CertBasicConstraints_Destroy( + PKIX_PL_Object *object, + void *plContext) +{ + PKIX_PL_CertBasicConstraints *certB = NULL; + + PKIX_ENTER(CERTBASICCONSTRAINTS, + "pkix_pl_CertBasicConstraints_Destroy"); + PKIX_NULLCHECK_ONE(object); + + PKIX_CHECK(pkix_CheckType + (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext), + PKIX_OBJECTNOTCERTBASICCONSTRAINTS); + + certB = (PKIX_PL_CertBasicConstraints*)object; + + certB->isCA = PKIX_FALSE; + certB->pathLen = 0; + +cleanup: + + PKIX_RETURN(CERTBASICCONSTRAINTS); +} + +/* + * FUNCTION: pkix_pl_CertBasicConstraints_ToString + * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_pl_CertBasicConstraints_ToString( + PKIX_PL_Object *object, + PKIX_PL_String **pString, + void *plContext) +{ + PKIX_PL_String *certBasicConstraintsString = NULL; + PKIX_PL_CertBasicConstraints *certB = NULL; + PKIX_Boolean isCA = PKIX_FALSE; + PKIX_Int32 pathLen = 0; + PKIX_PL_String *outString = NULL; + char *fmtString = NULL; + PKIX_Boolean pathlenArg = PKIX_FALSE; + + PKIX_ENTER(CERTBASICCONSTRAINTS, + "pkix_pl_CertBasicConstraints_toString"); + PKIX_NULLCHECK_TWO(object, pString); + + PKIX_CHECK(pkix_CheckType + (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext), + PKIX_FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT); + + certB = (PKIX_PL_CertBasicConstraints *)object; + + /* + * if CA == TRUE + * if pathLen == CERT_UNLIMITED_PATH_CONSTRAINT + * print "CA(-1)" + * else print "CA(nnn)" + * if CA == FALSE, print "~CA" + */ + + isCA = certB->isCA; + + if (isCA) { + pathLen = certB->pathLen; + + if (pathLen == CERT_UNLIMITED_PATH_CONSTRAINT) { + /* print "CA(-1)" */ + fmtString = "CA(-1)"; + pathlenArg = PKIX_FALSE; + } else { + /* print "CA(pathLen)" */ + fmtString = "CA(%d)"; + pathlenArg = PKIX_TRUE; + } + } else { + /* print "~CA" */ + fmtString = "~CA"; + pathlenArg = PKIX_FALSE; + } + + PKIX_CHECK(PKIX_PL_String_Create + (PKIX_ESCASCII, + fmtString, + 0, + &certBasicConstraintsString, + plContext), + PKIX_STRINGCREATEFAILED); + + if (pathlenArg) { + PKIX_CHECK(PKIX_PL_Sprintf + (&outString, + plContext, + certBasicConstraintsString, + pathLen), + PKIX_SPRINTFFAILED); + } else { + PKIX_CHECK(PKIX_PL_Sprintf + (&outString, + plContext, + certBasicConstraintsString), + PKIX_SPRINTFFAILED); + } + + *pString = outString; + +cleanup: + + PKIX_DECREF(certBasicConstraintsString); + + PKIX_RETURN(CERTBASICCONSTRAINTS); +} + +/* + * FUNCTION: pkix_pl_CertBasicConstraints_Hashcode + * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_pl_CertBasicConstraints_Hashcode( + PKIX_PL_Object *object, + PKIX_UInt32 *pHashcode, + void *plContext) +{ + PKIX_PL_CertBasicConstraints *certB = NULL; + PKIX_Boolean isCA = PKIX_FALSE; + PKIX_Int32 pathLen = 0; + PKIX_Int32 hashInput = 0; + PKIX_UInt32 cbcHash = 0; + + PKIX_ENTER(CERTBASICCONSTRAINTS, + "pkix_pl_CertBasicConstraints_Hashcode"); + PKIX_NULLCHECK_TWO(object, pHashcode); + + PKIX_CHECK(pkix_CheckType + (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext), + PKIX_OBJECTNOTCERTBASICCONSTRAINTS); + + certB = (PKIX_PL_CertBasicConstraints *)object; + + /* + * if CA == TRUE + * hash(pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT) + * if CA == FALSE, hash(0) + */ + + isCA = certB->isCA; + + if (isCA) { + pathLen = certB->pathLen; + + hashInput = pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT; + } + + PKIX_CHECK(pkix_hash + ((const unsigned char *)&hashInput, + sizeof (hashInput), + &cbcHash, + plContext), + PKIX_HASHFAILED); + + *pHashcode = cbcHash; + +cleanup: + + PKIX_RETURN(CERTBASICCONSTRAINTS); +} + + +/* + * FUNCTION: pkix_pl_CertBasicConstraints_Equals + * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_pl_CertBasicConstraints_Equals( + PKIX_PL_Object *firstObject, + PKIX_PL_Object *secondObject, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_PL_CertBasicConstraints *firstCBC = NULL; + PKIX_PL_CertBasicConstraints *secondCBC = NULL; + PKIX_UInt32 secondType; + PKIX_Boolean firstIsCA = PKIX_FALSE; + PKIX_Boolean secondIsCA = PKIX_FALSE; + PKIX_Int32 firstPathLen = 0; + PKIX_Int32 secondPathLen = 0; + + PKIX_ENTER(CERTBASICCONSTRAINTS, + "pkix_pl_CertBasicConstraints_Equals"); + PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult); + + /* test that firstObject is a CertBasicConstraints */ + PKIX_CHECK(pkix_CheckType + (firstObject, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext), + PKIX_FIRSTOBJECTNOTCERTBASICCONSTRAINTS); + + /* + * Since we know firstObject is a CertBasicConstraints, + * if both references are identical, they must be equal + */ + if (firstObject == secondObject){ + *pResult = PKIX_TRUE; + goto cleanup; + } + + /* + * If secondObject isn't a CertBasicConstraints, we + * don't throw an error. We simply return FALSE. + */ + PKIX_CHECK(PKIX_PL_Object_GetType + (secondObject, &secondType, plContext), + PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); + if (secondType != PKIX_CERTBASICCONSTRAINTS_TYPE) { + *pResult = PKIX_FALSE; + goto cleanup; + } + + firstCBC = (PKIX_PL_CertBasicConstraints *)firstObject; + secondCBC = (PKIX_PL_CertBasicConstraints *)secondObject; + + /* + * Compare the value of the CAFlag components + */ + + firstIsCA = firstCBC->isCA; + + /* + * Failure here would be an error, not merely a miscompare, + * since we know second is a CertBasicConstraints. + */ + secondIsCA = secondCBC->isCA; + + /* + * If isCA flags differ, the objects are not equal. + */ + if (secondIsCA != firstIsCA) { + *pResult = PKIX_FALSE; + goto cleanup; + } + + /* + * If isCA was FALSE, the objects are equal, because + * pathLen is meaningless in that case. + */ + if (!firstIsCA) { + *pResult = PKIX_TRUE; + goto cleanup; + } + + firstPathLen = firstCBC->pathLen; + secondPathLen = secondCBC->pathLen; + + *pResult = (secondPathLen == firstPathLen); + +cleanup: + + PKIX_RETURN(CERTBASICCONSTRAINTS); +} + +/* + * FUNCTION: pkix_pl_CertBasicConstraints_RegisterSelf + * DESCRIPTION: + * Registers PKIX_CERTBASICCONSTRAINTS_TYPE and its related + * functions with systemClasses[] + * THREAD SAFETY: + * Not Thread Safe - for performance and complexity reasons + * + * Since this function is only called by PKIX_PL_Initialize, + * which should only be called once, it is acceptable that + * this function is not thread-safe. + */ +PKIX_Error * +pkix_pl_CertBasicConstraints_RegisterSelf(void *plContext) +{ + + extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; + pkix_ClassTable_Entry entry; + + PKIX_ENTER(CERTBASICCONSTRAINTS, + "pkix_pl_CertBasicConstraints_RegisterSelf"); + + entry.description = "CertBasicConstraints"; + entry.objCounter = 0; + entry.typeObjectSize = sizeof(PKIX_PL_CertBasicConstraints); + entry.destructor = pkix_pl_CertBasicConstraints_Destroy; + entry.equalsFunction = pkix_pl_CertBasicConstraints_Equals; + entry.hashcodeFunction = pkix_pl_CertBasicConstraints_Hashcode; + entry.toStringFunction = pkix_pl_CertBasicConstraints_ToString; + entry.comparator = NULL; + entry.duplicateFunction = pkix_duplicateImmutable; + + systemClasses[PKIX_CERTBASICCONSTRAINTS_TYPE] = entry; + + PKIX_RETURN(CERTBASICCONSTRAINTS); +} + +/* --Public-Functions------------------------------------------------------- */ + +/* + * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag + * (see comments in pkix_pl_pki.h) + */ +PKIX_Error * +PKIX_PL_BasicConstraints_GetCAFlag( + PKIX_PL_CertBasicConstraints *basicConstraints, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_ENTER(CERTBASICCONSTRAINTS, + "PKIX_PL_BasicConstraintsGetCAFlag"); + PKIX_NULLCHECK_TWO(basicConstraints, pResult); + + *pResult = basicConstraints->isCA; + + PKIX_RETURN(CERTBASICCONSTRAINTS); +} + +/* + * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint + * (see comments in pkix_pl_pki.h) + */ +PKIX_Error * +PKIX_PL_BasicConstraints_GetPathLenConstraint( + PKIX_PL_CertBasicConstraints *basicConstraints, + PKIX_Int32 *pPathLenConstraint, + void *plContext) +{ + PKIX_ENTER(CERTBASICCONSTRAINTS, + "PKIX_PL_BasicConstraintsGetPathLenConstraint"); + PKIX_NULLCHECK_TWO(basicConstraints, pPathLenConstraint); + + *pPathLenConstraint = basicConstraints->pathLen; + + PKIX_RETURN(CERTBASICCONSTRAINTS); +} |