mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-13 11:10:13 +01:00
30d33aa8e8
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
526 lines
15 KiB
C
526 lines
15 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
/*
|
|
* pkix_trustanchor.c
|
|
*
|
|
* TrustAnchor Object Functions
|
|
*
|
|
*/
|
|
|
|
#include "pkix_trustanchor.h"
|
|
|
|
/* --Private-Functions-------------------------------------------- */
|
|
|
|
/*
|
|
* FUNCTION: pkix_TrustAnchor_Destroy
|
|
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
|
|
*/
|
|
static PKIX_Error *
|
|
pkix_TrustAnchor_Destroy(
|
|
PKIX_PL_Object *object,
|
|
void *plContext)
|
|
{
|
|
PKIX_TrustAnchor *anchor = NULL;
|
|
|
|
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Destroy");
|
|
PKIX_NULLCHECK_ONE(object);
|
|
|
|
/* Check that this object is a trust anchor */
|
|
PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
|
|
PKIX_OBJECTNOTTRUSTANCHOR);
|
|
|
|
anchor = (PKIX_TrustAnchor *)object;
|
|
|
|
PKIX_DECREF(anchor->trustedCert);
|
|
PKIX_DECREF(anchor->caName);
|
|
PKIX_DECREF(anchor->caPubKey);
|
|
PKIX_DECREF(anchor->nameConstraints);
|
|
|
|
cleanup:
|
|
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: pkix_TrustAnchor_Equals
|
|
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
|
|
*/
|
|
static PKIX_Error *
|
|
pkix_TrustAnchor_Equals(
|
|
PKIX_PL_Object *first,
|
|
PKIX_PL_Object *second,
|
|
PKIX_Boolean *pResult,
|
|
void *plContext)
|
|
{
|
|
PKIX_UInt32 secondType;
|
|
PKIX_Boolean cmpResult;
|
|
PKIX_TrustAnchor *firstAnchor = NULL;
|
|
PKIX_TrustAnchor *secondAnchor = NULL;
|
|
PKIX_PL_Cert *firstCert = NULL;
|
|
PKIX_PL_Cert *secondCert = NULL;
|
|
|
|
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
|
|
PKIX_NULLCHECK_THREE(first, second, pResult);
|
|
|
|
PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
|
|
PKIX_FIRSTOBJECTNOTTRUSTANCHOR);
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
|
|
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
|
|
|
|
*pResult = PKIX_FALSE;
|
|
|
|
if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;
|
|
|
|
firstAnchor = (PKIX_TrustAnchor *)first;
|
|
secondAnchor = (PKIX_TrustAnchor *)second;
|
|
|
|
firstCert = firstAnchor->trustedCert;
|
|
secondCert = secondAnchor->trustedCert;
|
|
|
|
if ((firstCert && !secondCert) || (!firstCert && secondCert)){
|
|
goto cleanup;
|
|
}
|
|
|
|
if (firstCert && secondCert){
|
|
PKIX_CHECK(PKIX_PL_Object_Equals
|
|
((PKIX_PL_Object *)firstCert,
|
|
(PKIX_PL_Object *)secondCert,
|
|
&cmpResult,
|
|
plContext),
|
|
PKIX_OBJECTEQUALSFAILED);
|
|
} else {
|
|
PKIX_CHECK(PKIX_PL_Object_Equals
|
|
((PKIX_PL_Object *)firstAnchor->caName,
|
|
(PKIX_PL_Object *)secondAnchor->caName,
|
|
&cmpResult,
|
|
plContext),
|
|
PKIX_OBJECTEQUALSFAILED);
|
|
|
|
if (!cmpResult) goto cleanup;
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_Equals
|
|
((PKIX_PL_Object *)firstAnchor->caPubKey,
|
|
(PKIX_PL_Object *)secondAnchor->caPubKey,
|
|
&cmpResult,
|
|
plContext),
|
|
PKIX_OBJECTEQUALSFAILED);
|
|
|
|
if (!cmpResult) goto cleanup;
|
|
|
|
PKIX_EQUALS
|
|
(firstAnchor->nameConstraints,
|
|
secondAnchor->nameConstraints,
|
|
&cmpResult,
|
|
plContext,
|
|
PKIX_OBJECTEQUALSFAILED);
|
|
|
|
if (!cmpResult) goto cleanup;
|
|
|
|
}
|
|
|
|
*pResult = cmpResult;
|
|
|
|
cleanup:
|
|
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: pkix_TrustAnchor_Hashcode
|
|
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
|
|
*/
|
|
static PKIX_Error *
|
|
pkix_TrustAnchor_Hashcode(
|
|
PKIX_PL_Object *object,
|
|
PKIX_UInt32 *pHashcode,
|
|
void *plContext)
|
|
{
|
|
PKIX_TrustAnchor *anchor = NULL;
|
|
PKIX_PL_Cert *cert = NULL;
|
|
PKIX_UInt32 hash = 0;
|
|
PKIX_UInt32 certHash = 0;
|
|
PKIX_UInt32 nameHash = 0;
|
|
PKIX_UInt32 pubKeyHash = 0;
|
|
PKIX_UInt32 ncHash = 0;
|
|
|
|
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Hashcode");
|
|
PKIX_NULLCHECK_TWO(object, pHashcode);
|
|
|
|
PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
|
|
PKIX_OBJECTNOTTRUSTANCHOR);
|
|
|
|
anchor = (PKIX_TrustAnchor*)object;
|
|
cert = anchor->trustedCert;
|
|
|
|
if (cert){
|
|
PKIX_CHECK(PKIX_PL_Object_Hashcode
|
|
((PKIX_PL_Object *)cert,
|
|
&certHash,
|
|
plContext),
|
|
PKIX_OBJECTHASHCODEFAILED);
|
|
|
|
hash = certHash;
|
|
|
|
} else {
|
|
PKIX_CHECK(PKIX_PL_Object_Hashcode
|
|
((PKIX_PL_Object *)anchor->caName,
|
|
&nameHash,
|
|
plContext),
|
|
PKIX_OBJECTHASHCODEFAILED);
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_Hashcode
|
|
((PKIX_PL_Object *)anchor->caPubKey,
|
|
&pubKeyHash,
|
|
plContext),
|
|
PKIX_OBJECTHASHCODEFAILED);
|
|
|
|
PKIX_HASHCODE(anchor->nameConstraints, &ncHash, plContext,
|
|
PKIX_OBJECTHASHCODEFAILED);
|
|
|
|
hash = 31 * nameHash + pubKeyHash + ncHash;
|
|
|
|
}
|
|
|
|
*pHashcode = hash;
|
|
|
|
cleanup:
|
|
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: pkix_TrustAnchor_ToString
|
|
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
|
|
*/
|
|
static PKIX_Error *
|
|
pkix_TrustAnchor_ToString(
|
|
PKIX_PL_Object *object,
|
|
PKIX_PL_String **pString,
|
|
void *plContext)
|
|
{
|
|
PKIX_TrustAnchor *anchor = NULL;
|
|
char *asciiFormat = NULL;
|
|
PKIX_PL_String *formatString = NULL;
|
|
PKIX_PL_String *anchorString = NULL;
|
|
PKIX_PL_String *certString = NULL;
|
|
PKIX_PL_String *nameString = NULL;
|
|
PKIX_PL_String *pubKeyString = NULL;
|
|
PKIX_PL_String *nameConstraintsString = NULL;
|
|
|
|
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString");
|
|
PKIX_NULLCHECK_TWO(object, pString);
|
|
|
|
PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
|
|
PKIX_OBJECTNOTTRUSTANCHOR);
|
|
|
|
anchor = (PKIX_TrustAnchor*)object;
|
|
|
|
if (anchor->trustedCert){
|
|
asciiFormat =
|
|
"[\n"
|
|
"\tTrusted Cert: %s\n"
|
|
"]\n";
|
|
|
|
PKIX_CHECK(PKIX_PL_String_Create
|
|
(PKIX_ESCASCII,
|
|
asciiFormat,
|
|
0,
|
|
&formatString,
|
|
plContext),
|
|
PKIX_STRINGCREATEFAILED);
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_ToString
|
|
((PKIX_PL_Object *)anchor->trustedCert,
|
|
&certString,
|
|
plContext),
|
|
PKIX_OBJECTTOSTRINGFAILED);
|
|
|
|
PKIX_CHECK(PKIX_PL_Sprintf
|
|
(&anchorString,
|
|
plContext,
|
|
formatString,
|
|
certString),
|
|
PKIX_SPRINTFFAILED);
|
|
} else {
|
|
asciiFormat =
|
|
"[\n"
|
|
"\tTrusted CA Name: %s\n"
|
|
"\tTrusted CA PublicKey: %s\n"
|
|
"\tInitial Name Constraints:%s\n"
|
|
"]\n";
|
|
|
|
PKIX_CHECK(PKIX_PL_String_Create
|
|
(PKIX_ESCASCII,
|
|
asciiFormat,
|
|
0,
|
|
&formatString,
|
|
plContext),
|
|
PKIX_STRINGCREATEFAILED);
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_ToString
|
|
((PKIX_PL_Object *)anchor->caName,
|
|
&nameString,
|
|
plContext),
|
|
PKIX_OBJECTTOSTRINGFAILED);
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_ToString
|
|
((PKIX_PL_Object *)anchor->caPubKey,
|
|
&pubKeyString,
|
|
plContext),
|
|
PKIX_OBJECTTOSTRINGFAILED);
|
|
|
|
PKIX_TOSTRING
|
|
(anchor->nameConstraints,
|
|
&nameConstraintsString,
|
|
plContext,
|
|
PKIX_OBJECTTOSTRINGFAILED);
|
|
|
|
PKIX_CHECK(PKIX_PL_Sprintf
|
|
(&anchorString,
|
|
plContext,
|
|
formatString,
|
|
nameString,
|
|
pubKeyString,
|
|
nameConstraintsString),
|
|
PKIX_SPRINTFFAILED);
|
|
}
|
|
|
|
*pString = anchorString;
|
|
|
|
cleanup:
|
|
|
|
PKIX_DECREF(formatString);
|
|
PKIX_DECREF(certString);
|
|
PKIX_DECREF(nameString);
|
|
PKIX_DECREF(pubKeyString);
|
|
PKIX_DECREF(nameConstraintsString);
|
|
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: pkix_TrustAnchor_RegisterSelf
|
|
* DESCRIPTION:
|
|
* Registers PKIX_TRUSTANCHOR_TYPE and its related functions with
|
|
* systemClasses[]
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe - for performance and complexity reasons
|
|
*
|
|
* Since this function is only called by PKIX_PL_Initialize, which should
|
|
* only be called once, it is acceptable that this function is not
|
|
* thread-safe.
|
|
*/
|
|
PKIX_Error *
|
|
pkix_TrustAnchor_RegisterSelf(void *plContext)
|
|
{
|
|
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
|
|
pkix_ClassTable_Entry entry;
|
|
|
|
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_RegisterSelf");
|
|
|
|
entry.description = "TrustAnchor";
|
|
entry.objCounter = 0;
|
|
entry.typeObjectSize = sizeof(PKIX_TrustAnchor);
|
|
entry.destructor = pkix_TrustAnchor_Destroy;
|
|
entry.equalsFunction = pkix_TrustAnchor_Equals;
|
|
entry.hashcodeFunction = pkix_TrustAnchor_Hashcode;
|
|
entry.toStringFunction = pkix_TrustAnchor_ToString;
|
|
entry.comparator = NULL;
|
|
entry.duplicateFunction = pkix_duplicateImmutable;
|
|
|
|
systemClasses[PKIX_TRUSTANCHOR_TYPE] = entry;
|
|
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
}
|
|
|
|
/* --Public-Functions--------------------------------------------- */
|
|
|
|
|
|
/*
|
|
* FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h)
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_TrustAnchor_CreateWithCert(
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_TrustAnchor **pAnchor,
|
|
void *plContext)
|
|
{
|
|
PKIX_TrustAnchor *anchor = NULL;
|
|
|
|
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert");
|
|
PKIX_NULLCHECK_TWO(cert, pAnchor);
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_Alloc
|
|
(PKIX_TRUSTANCHOR_TYPE,
|
|
sizeof (PKIX_TrustAnchor),
|
|
(PKIX_PL_Object **)&anchor,
|
|
plContext),
|
|
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
|
|
|
|
/* initialize fields */
|
|
PKIX_CHECK(
|
|
PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
|
|
PKIX_CERTSETASTRUSTANCHORFAILED);
|
|
|
|
PKIX_INCREF(cert);
|
|
anchor->trustedCert = cert;
|
|
|
|
anchor->caName = NULL;
|
|
anchor->caPubKey = NULL;
|
|
|
|
PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
|
|
(anchor->trustedCert, &anchor->nameConstraints, plContext),
|
|
PKIX_CERTGETNAMECONSTRAINTSFAILED);
|
|
|
|
|
|
*pAnchor = anchor;
|
|
anchor = NULL;
|
|
|
|
cleanup:
|
|
|
|
PKIX_DECREF(anchor);
|
|
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
|
|
* (see comments in pkix_params.h)
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_TrustAnchor_CreateWithNameKeyPair(
|
|
PKIX_PL_X500Name *name,
|
|
PKIX_PL_PublicKey *pubKey,
|
|
PKIX_PL_CertNameConstraints *nameConstraints,
|
|
PKIX_TrustAnchor **pAnchor,
|
|
void *plContext)
|
|
{
|
|
PKIX_TrustAnchor *anchor = NULL;
|
|
|
|
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
|
|
|
|
#ifndef BUILD_LIBPKIX_TESTS
|
|
/* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
|
|
* function as the complete trusted cert structure, and not only cert
|
|
* public key, is required for chain building and validation processes.
|
|
* Restricting this function for been used only in libpkix unit
|
|
* tests. */
|
|
PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
|
|
#endif
|
|
|
|
PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_Alloc
|
|
(PKIX_TRUSTANCHOR_TYPE,
|
|
sizeof (PKIX_TrustAnchor),
|
|
(PKIX_PL_Object **)&anchor,
|
|
plContext),
|
|
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
|
|
|
|
/* initialize fields */
|
|
anchor->trustedCert = NULL;
|
|
|
|
PKIX_INCREF(name);
|
|
anchor->caName = name;
|
|
|
|
PKIX_INCREF(pubKey);
|
|
anchor->caPubKey = pubKey;
|
|
|
|
PKIX_INCREF(nameConstraints);
|
|
anchor->nameConstraints = nameConstraints;
|
|
|
|
*pAnchor = anchor;
|
|
anchor = NULL;
|
|
cleanup:
|
|
|
|
PKIX_DECREF(anchor);
|
|
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: PKIX_TrustAnchor_GetTrustedCert (see comments in pkix_params.h)
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_TrustAnchor_GetTrustedCert(
|
|
PKIX_TrustAnchor *anchor,
|
|
PKIX_PL_Cert **pCert,
|
|
void *plContext)
|
|
{
|
|
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetTrustedCert");
|
|
PKIX_NULLCHECK_TWO(anchor, pCert);
|
|
|
|
PKIX_INCREF(anchor->trustedCert);
|
|
|
|
*pCert = anchor->trustedCert;
|
|
|
|
cleanup:
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: PKIX_TrustAnchor_GetCAName (see comments in pkix_params.h)
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_TrustAnchor_GetCAName(
|
|
PKIX_TrustAnchor *anchor,
|
|
PKIX_PL_X500Name **pCAName,
|
|
void *plContext)
|
|
{
|
|
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAName");
|
|
PKIX_NULLCHECK_TWO(anchor, pCAName);
|
|
|
|
PKIX_INCREF(anchor->caName);
|
|
|
|
*pCAName = anchor->caName;
|
|
|
|
cleanup:
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: PKIX_TrustAnchor_GetCAPublicKey (see comments in pkix_params.h)
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_TrustAnchor_GetCAPublicKey(
|
|
PKIX_TrustAnchor *anchor,
|
|
PKIX_PL_PublicKey **pPubKey,
|
|
void *plContext)
|
|
{
|
|
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAPublicKey");
|
|
PKIX_NULLCHECK_TWO(anchor, pPubKey);
|
|
|
|
PKIX_INCREF(anchor->caPubKey);
|
|
|
|
*pPubKey = anchor->caPubKey;
|
|
|
|
cleanup:
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: PKIX_TrustAnchor_GetNameConstraints
|
|
* (see comments in pkix_params.h)
|
|
*/
|
|
PKIX_Error *
|
|
PKIX_TrustAnchor_GetNameConstraints(
|
|
PKIX_TrustAnchor *anchor,
|
|
PKIX_PL_CertNameConstraints **pNameConstraints,
|
|
void *plContext)
|
|
{
|
|
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetNameConstraints");
|
|
PKIX_NULLCHECK_TWO(anchor, pNameConstraints);
|
|
|
|
PKIX_INCREF(anchor->nameConstraints);
|
|
|
|
*pNameConstraints = anchor->nameConstraints;
|
|
|
|
cleanup:
|
|
PKIX_RETURN(TRUSTANCHOR);
|
|
}
|