/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * pkix_pl_crldp.c * * Crl DP Object Functions * */ #include "pkix_pl_crldp.h" static PKIX_Error * pkix_pl_CrlDp_Destroy( PKIX_PL_Object *object, void *plContext) { pkix_pl_CrlDp *crldp = NULL; PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_Destroy"); PKIX_NULLCHECK_ONE(object); /* Check that this object is a default CRL checker state */ PKIX_CHECK( pkix_CheckType(object, PKIX_CRLDP_TYPE, plContext), PKIX_OBJECTNOTCRLCHECKER); crldp = (pkix_pl_CrlDp *)object; if (crldp->distPointType == relativeDistinguishedName) { CERT_DestroyName(crldp->name.issuerName); crldp->name.issuerName = NULL; } crldp->nssdp = NULL; cleanup: PKIX_RETURN(CRLCHECKER); } /* * FUNCTION: pkix_pl_CrlDp_RegisterSelf * * DESCRIPTION: * Registers PKIX_CRLDP_TYPE and its related functions * with systemClasses[] * * THREAD SAFETY: * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide) * * Since this function is only called by PKIX_PL_Initialize, which should * only be called once, it is acceptable that this function is not * thread-safe. */ PKIX_Error * pkix_pl_CrlDp_RegisterSelf(void *plContext) { extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; pkix_ClassTable_Entry* entry = &systemClasses[PKIX_CRLDP_TYPE]; PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_RegisterSelf"); entry->description = "CrlDistPoint"; entry->typeObjectSize = sizeof(pkix_pl_CrlDp); entry->destructor = pkix_pl_CrlDp_Destroy; entry->duplicateFunction = pkix_duplicateImmutable; PKIX_RETURN(CRLCHECKER); } PKIX_Error * pkix_pl_CrlDp_Create( const CRLDistributionPoint *dp, const CERTName *certIssuerName, pkix_pl_CrlDp **pPkixDP, void *plContext) { PLArenaPool *rdnArena = NULL; CERTName *issuerNameCopy = NULL; pkix_pl_CrlDp *dpl = NULL; /* Need to save the following info to update crl cache: * - reasons if partitioned(but can not return revocation check * success if not all crl are downloaded) * - issuer name if different from issuer of the cert * - url to upload a crl if needed. * */ PKIX_ENTER(CRLDP, "pkix_pl_CrlDp_Create"); PKIX_NULLCHECK_ONE(dp); PKIX_CHECK( PKIX_PL_Object_Alloc(PKIX_CRLDP_TYPE, sizeof (pkix_pl_CrlDp), (PKIX_PL_Object **)&dpl, plContext), PKIX_COULDNOTCREATEOBJECT); dpl->nssdp = dp; dpl->isPartitionedByReasonCode = PKIX_FALSE; if (dp->reasons.data) { dpl->isPartitionedByReasonCode = PKIX_TRUE; } if (dp->distPointType == generalName) { dpl->distPointType = generalName; dpl->name.fullName = dp->distPoint.fullName; } else { SECStatus rv; const CERTName *issuerName = NULL; const CERTRDN *relName = &dp->distPoint.relativeName; if (dp->crlIssuer) { if (dp->crlIssuer->l.next) { /* Violate RFC 5280: in this case crlIssuer * should have only one name and should be * a distinguish name. */ PKIX_ERROR(PKIX_NOTCONFORMINGCRLDP); } issuerName = &dp->crlIssuer->name.directoryName; } else { issuerName = certIssuerName; } rdnArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!rdnArena) { PKIX_ERROR(PKIX_PORTARENAALLOCFAILED); } issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName); if (!issuerNameCopy) { PKIX_ERROR(PKIX_ALLOCERROR); } rv = CERT_CopyName(rdnArena, issuerNameCopy, (CERTName*)issuerName); if (rv == SECFailure) { PKIX_ERROR(PKIX_ALLOCERROR); } rv = CERT_AddRDN(issuerNameCopy, (CERTRDN*)relName); if (rv == SECFailure) { PKIX_ERROR(PKIX_ALLOCERROR); } dpl->distPointType = relativeDistinguishedName; dpl->name.issuerName = issuerNameCopy; rdnArena = NULL; } *pPkixDP = dpl; dpl = NULL; cleanup: if (rdnArena) { PORT_FreeArena(rdnArena, PR_FALSE); } PKIX_DECREF(dpl); PKIX_RETURN(CRLDP); }