tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pkix_pl_crldp.c (4506B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 * pkix_pl_crldp.c
      6 *
      7 * Crl DP Object Functions
      8 *
      9 */
     10 
     11 #include "pkix_pl_crldp.h"
     12 
     13 static PKIX_Error *
     14 pkix_pl_CrlDp_Destroy(
     15        PKIX_PL_Object *object,
     16        void *plContext)
     17 {
     18    pkix_pl_CrlDp *crldp = NULL;
     19    
     20    PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_Destroy");
     21    PKIX_NULLCHECK_ONE(object);
     22    
     23    /* Check that this object is a default CRL checker state */
     24    PKIX_CHECK(
     25        pkix_CheckType(object, PKIX_CRLDP_TYPE, plContext),
     26        PKIX_OBJECTNOTCRLCHECKER);
     27    
     28    crldp = (pkix_pl_CrlDp *)object;
     29    if (crldp->distPointType == relativeDistinguishedName) {
     30        CERT_DestroyName(crldp->name.issuerName);
     31        crldp->name.issuerName = NULL;
     32    }
     33    crldp->nssdp = NULL;
     34 cleanup:
     35    PKIX_RETURN(CRLCHECKER);
     36 }
     37 
     38 /*
     39 * FUNCTION: pkix_pl_CrlDp_RegisterSelf
     40 *
     41 * DESCRIPTION:
     42 *  Registers PKIX_CRLDP_TYPE and its related functions
     43 *  with systemClasses[]
     44 *
     45 * THREAD SAFETY:
     46 *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
     47 *
     48 *  Since this function is only called by PKIX_PL_Initialize, which should
     49 *  only be called once, it is acceptable that this function is not
     50 *  thread-safe.
     51 */
     52 PKIX_Error *
     53 pkix_pl_CrlDp_RegisterSelf(void *plContext)
     54 {
     55        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
     56        pkix_ClassTable_Entry* entry = &systemClasses[PKIX_CRLDP_TYPE];
     57 
     58        PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_RegisterSelf");
     59 
     60        entry->description = "CrlDistPoint";
     61        entry->typeObjectSize = sizeof(pkix_pl_CrlDp);
     62        entry->destructor = pkix_pl_CrlDp_Destroy;
     63        entry->duplicateFunction = pkix_duplicateImmutable;
     64 
     65        PKIX_RETURN(CRLCHECKER);
     66 }
     67 
     68 
     69 
     70 PKIX_Error *
     71 pkix_pl_CrlDp_Create(
     72    const CRLDistributionPoint *dp,
     73    const CERTName *certIssuerName,
     74    pkix_pl_CrlDp **pPkixDP,
     75    void *plContext)
     76 {
     77    PLArenaPool *rdnArena = NULL;
     78    CERTName *issuerNameCopy = NULL;
     79    pkix_pl_CrlDp *dpl = NULL;
     80 
     81    /* Need to save the following info to update crl cache:
     82     * - reasons if partitioned(but can not return revocation check
     83     *   success if not all crl are downloaded)
     84     * - issuer name if different from issuer of the cert
     85     * - url to upload a crl if needed.
     86     * */
     87    PKIX_ENTER(CRLDP, "pkix_pl_CrlDp_Create");
     88    PKIX_NULLCHECK_ONE(dp);
     89 
     90    PKIX_CHECK(
     91        PKIX_PL_Object_Alloc(PKIX_CRLDP_TYPE,
     92                             sizeof (pkix_pl_CrlDp),
     93                             (PKIX_PL_Object **)&dpl,
     94                             plContext),
     95        PKIX_COULDNOTCREATEOBJECT);
     96 
     97    dpl->nssdp = dp;
     98    dpl->isPartitionedByReasonCode = PKIX_FALSE;
     99    if (dp->reasons.data) {
    100        dpl->isPartitionedByReasonCode = PKIX_TRUE;
    101    }
    102    if (dp->distPointType == generalName) {
    103        dpl->distPointType = generalName;
    104        dpl->name.fullName = dp->distPoint.fullName;
    105    } else {
    106        SECStatus rv;
    107        const CERTName *issuerName = NULL;
    108        const CERTRDN *relName = &dp->distPoint.relativeName;
    109 
    110        if (dp->crlIssuer) {
    111            if (dp->crlIssuer->l.next) {
    112                /* Violate RFC 5280: in this case crlIssuer
    113                 * should have only one name and should be
    114                 * a distinguish name. */
    115                PKIX_ERROR(PKIX_NOTCONFORMINGCRLDP);
    116            }
    117            issuerName = &dp->crlIssuer->name.directoryName;
    118        } else {
    119            issuerName = certIssuerName;
    120        }
    121        rdnArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    122        if (!rdnArena) {
    123            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
    124        }
    125        issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName);
    126        if (!issuerNameCopy) {
    127            PKIX_ERROR(PKIX_ALLOCERROR);
    128        }
    129        rv = CERT_CopyName(rdnArena, issuerNameCopy, (CERTName*)issuerName);
    130        if (rv == SECFailure) {
    131            PKIX_ERROR(PKIX_ALLOCERROR);
    132        }
    133        rv = CERT_AddRDN(issuerNameCopy, (CERTRDN*)relName);
    134        if (rv == SECFailure) {
    135            PKIX_ERROR(PKIX_ALLOCERROR);
    136        }
    137        dpl->distPointType = relativeDistinguishedName;
    138        dpl->name.issuerName = issuerNameCopy;
    139        rdnArena = NULL;
    140    }
    141    *pPkixDP = dpl;
    142    dpl = NULL;
    143 
    144 cleanup:
    145    if (rdnArena) {
    146        PORT_FreeArena(rdnArena, PR_FALSE);
    147    }
    148    PKIX_DECREF(dpl);
    149 
    150    PKIX_RETURN(CRLDP);
    151 }