tor-browser

pkix_pl_basicconstraints.c (12385B)

---

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* pkix_pl_basicconstraints.c
*
* BasicConstraints Object Functions
*
*/

#include "pkix_pl_basicconstraints.h"

/*
* FUNCTION: pkix_pl_CertBasicConstraints_Create
* DESCRIPTION:
*
*  Creates a new CertBasicConstraints object whose CA Flag has the value
*  given by the Boolean value of "isCA" and whose path length field has the
*  value given by the "pathLen" argument and stores it at "pObject".
*
* PARAMETERS
*  "isCA"
*      Boolean value with the desired value of CA Flag.
*  "pathLen"
*      a PKIX_Int32 with the desired value of path length
*  "pObject"
*      Address of object pointer's destination. Must be non-NULL.
*  "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
*  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
*  Returns NULL if the function succeeds.
*  Returns a CertBasicConstraints Error if the function fails
*  in a non-fatal way.
*  Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CertBasicConstraints_Create(
       PKIX_Boolean isCA,
       PKIX_Int32 pathLen,
       PKIX_PL_CertBasicConstraints **pObject,
       void *plContext)
{
       PKIX_PL_CertBasicConstraints *basic = NULL;

       PKIX_ENTER(CERTBASICCONSTRAINTS,
                   "pkix_pl_CertBasicConstraints_Create");
       PKIX_NULLCHECK_ONE(pObject);

       PKIX_CHECK(PKIX_PL_Object_Alloc
                   (PKIX_CERTBASICCONSTRAINTS_TYPE,
                   sizeof (PKIX_PL_CertBasicConstraints),
                   (PKIX_PL_Object **)&basic,
                   plContext),
                   PKIX_COULDNOTCREATECERTBASICCONSTRAINTSOBJECT);

       basic->isCA = isCA;

       /* pathLen has meaning only for CAs, but it's not worth checking */
       basic->pathLen = pathLen;

       *pObject = basic;

cleanup:

       PKIX_RETURN(CERTBASICCONSTRAINTS);
}

/*
* FUNCTION: pkix_pl_CertBasicConstraints_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_CertBasicConstraints_Destroy(
       PKIX_PL_Object *object,
       void *plContext)
{
       PKIX_PL_CertBasicConstraints *certB = NULL;

       PKIX_ENTER(CERTBASICCONSTRAINTS,
               "pkix_pl_CertBasicConstraints_Destroy");
       PKIX_NULLCHECK_ONE(object);

       PKIX_CHECK(pkix_CheckType
                   (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
                   PKIX_OBJECTNOTCERTBASICCONSTRAINTS);

       certB = (PKIX_PL_CertBasicConstraints*)object;

       certB->isCA = PKIX_FALSE;
       certB->pathLen = 0;

cleanup:

       PKIX_RETURN(CERTBASICCONSTRAINTS);
}

/*
* FUNCTION: pkix_pl_CertBasicConstraints_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_CertBasicConstraints_ToString(
       PKIX_PL_Object *object,
       PKIX_PL_String **pString,
       void *plContext)
{
       PKIX_PL_String *certBasicConstraintsString = NULL;
       PKIX_PL_CertBasicConstraints *certB = NULL;
       PKIX_Boolean isCA = PKIX_FALSE;
       PKIX_Int32 pathLen = 0;
       PKIX_PL_String *outString = NULL;
       char *fmtString = NULL;
       PKIX_Boolean pathlenArg = PKIX_FALSE;

       PKIX_ENTER(CERTBASICCONSTRAINTS,
               "pkix_pl_CertBasicConstraints_toString");
       PKIX_NULLCHECK_TWO(object, pString);

       PKIX_CHECK(pkix_CheckType
                   (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
                   PKIX_FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT);

       certB = (PKIX_PL_CertBasicConstraints *)object;

       /*
        * if CA == TRUE
        *      if pathLen == CERT_UNLIMITED_PATH_CONSTRAINT
        *              print "CA(-1)"
        *      else print "CA(nnn)"
        * if CA == FALSE, print "~CA"
        */

       isCA = certB->isCA;

       if (isCA) {
               pathLen = certB->pathLen;

               if (pathLen == CERT_UNLIMITED_PATH_CONSTRAINT) {
                       /* print "CA(-1)" */
                       fmtString = "CA(-1)";
                       pathlenArg = PKIX_FALSE;
               } else {
                       /* print "CA(pathLen)" */
                       fmtString = "CA(%d)";
                       pathlenArg = PKIX_TRUE;
               }
       } else {
               /* print "~CA" */
               fmtString = "~CA";
               pathlenArg = PKIX_FALSE;
       }

       PKIX_CHECK(PKIX_PL_String_Create
                   (PKIX_ESCASCII,
                   fmtString,
                   0,
                   &certBasicConstraintsString,
                   plContext),
                   PKIX_STRINGCREATEFAILED);

       if (pathlenArg) {
               PKIX_CHECK(PKIX_PL_Sprintf
                           (&outString,
                           plContext,
                           certBasicConstraintsString,
                           pathLen),
                           PKIX_SPRINTFFAILED);
       } else {
               PKIX_CHECK(PKIX_PL_Sprintf
                           (&outString,
                           plContext,
                           certBasicConstraintsString),
                           PKIX_SPRINTFFAILED);
       }

       *pString = outString;

cleanup:

       PKIX_DECREF(certBasicConstraintsString);

       PKIX_RETURN(CERTBASICCONSTRAINTS);
}

/*
* FUNCTION: pkix_pl_CertBasicConstraints_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_CertBasicConstraints_Hashcode(
       PKIX_PL_Object *object,
       PKIX_UInt32 *pHashcode,
       void *plContext)
{
       PKIX_PL_CertBasicConstraints *certB = NULL;
       PKIX_Boolean isCA = PKIX_FALSE;
       PKIX_Int32 pathLen = 0;
       PKIX_Int32 hashInput = 0;
       PKIX_UInt32 cbcHash = 0;

       PKIX_ENTER(CERTBASICCONSTRAINTS,
               "pkix_pl_CertBasicConstraints_Hashcode");
       PKIX_NULLCHECK_TWO(object, pHashcode);

       PKIX_CHECK(pkix_CheckType
                   (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
                   PKIX_OBJECTNOTCERTBASICCONSTRAINTS);

       certB = (PKIX_PL_CertBasicConstraints *)object;

       /*
        * if CA == TRUE
        *      hash(pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT)
        * if CA == FALSE, hash(0)
        */

       isCA = certB->isCA;

       if (isCA) {
               pathLen = certB->pathLen;

               hashInput = pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT;
       }

       PKIX_CHECK(pkix_hash
                   ((const unsigned char *)&hashInput,
                   sizeof (hashInput),
                   &cbcHash,
                   plContext),
                   PKIX_HASHFAILED);

       *pHashcode = cbcHash;

cleanup:

       PKIX_RETURN(CERTBASICCONSTRAINTS);
}


/*
* FUNCTION: pkix_pl_CertBasicConstraints_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_CertBasicConstraints_Equals(
       PKIX_PL_Object *firstObject,
       PKIX_PL_Object *secondObject,
       PKIX_Boolean *pResult,
       void *plContext)
{
       PKIX_PL_CertBasicConstraints *firstCBC = NULL;
       PKIX_PL_CertBasicConstraints *secondCBC = NULL;
       PKIX_UInt32 secondType;
       PKIX_Boolean firstIsCA = PKIX_FALSE;
       PKIX_Boolean secondIsCA = PKIX_FALSE;
       PKIX_Int32 firstPathLen = 0;
       PKIX_Int32 secondPathLen = 0;

       PKIX_ENTER(CERTBASICCONSTRAINTS,
               "pkix_pl_CertBasicConstraints_Equals");
       PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

       /* test that firstObject is a CertBasicConstraints */
       PKIX_CHECK(pkix_CheckType
                   (firstObject, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
                   PKIX_FIRSTOBJECTNOTCERTBASICCONSTRAINTS);

       /*
        * Since we know firstObject is a CertBasicConstraints,
        * if both references are identical, they must be equal
        */
       if (firstObject == secondObject){
               *pResult = PKIX_TRUE;
               goto cleanup;
       }

       /*
        * If secondObject isn't a CertBasicConstraints, we
        * don't throw an error. We simply return FALSE.
        */
       PKIX_CHECK(PKIX_PL_Object_GetType
                   (secondObject, &secondType, plContext),
                   PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
       if (secondType != PKIX_CERTBASICCONSTRAINTS_TYPE) {
               *pResult = PKIX_FALSE;
               goto cleanup;
       }

       firstCBC = (PKIX_PL_CertBasicConstraints *)firstObject;
       secondCBC = (PKIX_PL_CertBasicConstraints *)secondObject;

       /*
        * Compare the value of the CAFlag components
        */

       firstIsCA = firstCBC->isCA;

       /*
        * Failure here would be an error, not merely a miscompare,
        * since we know second is a CertBasicConstraints.
        */
       secondIsCA = secondCBC->isCA;

       /*
        * If isCA flags differ, the objects are not equal.
        */
       if (secondIsCA != firstIsCA) {
               *pResult = PKIX_FALSE;
               goto cleanup;
       }

       /*
        * If isCA was FALSE, the objects are equal, because
        * pathLen is meaningless in that case.
        */
       if (!firstIsCA) {
               *pResult = PKIX_TRUE;
               goto cleanup;
       }

       firstPathLen = firstCBC->pathLen;
       secondPathLen = secondCBC->pathLen;

       *pResult = (secondPathLen == firstPathLen);

cleanup:

       PKIX_RETURN(CERTBASICCONSTRAINTS);
}

/*
* FUNCTION: pkix_pl_CertBasicConstraints_RegisterSelf
* DESCRIPTION:
*  Registers PKIX_CERTBASICCONSTRAINTS_TYPE and its related
*  functions with systemClasses[]
* THREAD SAFETY:
*  Not Thread Safe - for performance and complexity reasons
*
*  Since this function is only called by PKIX_PL_Initialize,
*  which should only be called once, it is acceptable that
*  this function is not thread-safe.
*/
PKIX_Error *
pkix_pl_CertBasicConstraints_RegisterSelf(void *plContext)
{

       extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
       pkix_ClassTable_Entry entry;

       PKIX_ENTER(CERTBASICCONSTRAINTS,
               "pkix_pl_CertBasicConstraints_RegisterSelf");

       entry.description = "CertBasicConstraints";
       entry.objCounter = 0;
       entry.typeObjectSize = sizeof(PKIX_PL_CertBasicConstraints);
       entry.destructor = pkix_pl_CertBasicConstraints_Destroy;
       entry.equalsFunction = pkix_pl_CertBasicConstraints_Equals;
       entry.hashcodeFunction = pkix_pl_CertBasicConstraints_Hashcode;
       entry.toStringFunction = pkix_pl_CertBasicConstraints_ToString;
       entry.comparator = NULL;
       entry.duplicateFunction = pkix_duplicateImmutable;

       systemClasses[PKIX_CERTBASICCONSTRAINTS_TYPE] = entry;

       PKIX_RETURN(CERTBASICCONSTRAINTS);
}

/* --Public-Functions------------------------------------------------------- */

/*
* FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_BasicConstraints_GetCAFlag(
       PKIX_PL_CertBasicConstraints *basicConstraints,
       PKIX_Boolean *pResult,
       void *plContext)
{
       PKIX_ENTER(CERTBASICCONSTRAINTS,
               "PKIX_PL_BasicConstraintsGetCAFlag");
       PKIX_NULLCHECK_TWO(basicConstraints, pResult);

       *pResult = basicConstraints->isCA;

       PKIX_RETURN(CERTBASICCONSTRAINTS);
}

/*
* FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_BasicConstraints_GetPathLenConstraint(
       PKIX_PL_CertBasicConstraints *basicConstraints,
       PKIX_Int32 *pPathLenConstraint,
       void *plContext)
{
       PKIX_ENTER(CERTBASICCONSTRAINTS,
               "PKIX_PL_BasicConstraintsGetPathLenConstraint");
       PKIX_NULLCHECK_TWO(basicConstraints, pPathLenConstraint);

       *pPathLenConstraint = basicConstraints->pathLen;

       PKIX_RETURN(CERTBASICCONSTRAINTS);
}