Security-163.tar.gz

[apple/security.git] / AppleX509TP / tpCredRequest.cpp

diff --git a/AppleX509TP/tpCredRequest.cpp b/AppleX509TP/tpCredRequest.cpp
index 71b6e6f80c6f02aacdd0103f074ba6973fd59a1f..b5dd7efe5d5b80f44876abb127108c4481098ad3 100644 (file)
--- a/AppleX509TP/tpCredRequest.cpp
+++ b/AppleX509TP/tpCredRequest.cpp
@@ -35,7 +35,7 @@
 #include <Security/cssmapple.h>
 #include <assert.h>
 
-#define tpCredDebug(args...)   debug("tpCred", ## args)
+#define tpCredDebug(args...)   secdebug("tpCred", ## args)
 
 /*
  * Build up a CSSM_X509_NAME from an arbitrary list of name/OID pairs. 
@@ -47,6 +47,11 @@ CSSM_X509_NAME * AppleTPSession::buildX509Name(
 {
        CSSM_X509_NAME *top = (CSSM_X509_NAME *)malloc(sizeof(CSSM_X509_NAME));
        top->numberOfRDNs = numNames;
+       if(numNames == 0) {
+               /* legal! */
+               top->RelativeDistinguishedName = NULL;
+               return top;
+       }
        top->RelativeDistinguishedName = 
                (CSSM_X509_RDN_PTR)malloc(sizeof(CSSM_X509_RDN) * numNames);
        CSSM_X509_RDN_PTR rdn;
@@ -211,6 +216,7 @@ void AppleTPSession::refKeyToRaw(
                tpCredDebug("AppleTPSession::refKeyToRaw: context err");
                CssmError::throwMe(crtn);
        }
+       
        crtn = CSSM_WrapKey(ccHand,
                &creds,
                refKey,
@@ -424,7 +430,6 @@ CSSM_DATA_PTR AppleTPSession::getCertFromMap(
  */
 void AppleTPSession::SubmitCsrRequest(
        const CSSM_TP_REQUEST_SET &RequestInput,
-       const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
        sint32 &EstimatedTime,                                          // RETURNED
        CssmData &ReferenceIdentifier)                          // RETURNED
 {
@@ -445,10 +450,6 @@ void AppleTPSession::SubmitCsrRequest(
           (certReq->signatureOid.Data == NULL)) {
                CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
        }
-       if((certReq->subjectNames == NULL) ||
-          (certReq->numSubjectNames == 0)) {
-               CssmError::throwMe(CSSMERR_TP_INVALID_NAME);
-       }
        
        /* convert ref public key to raw per CL requirements */
        const CSSM_KEY *subjectPubKey = certReq->certPublicKey;
@@ -485,7 +486,7 @@ void AppleTPSession::SubmitCsrRequest(
        CSSM_RETURN crtn;
        crtn = CSSM_CSP_CreateSignatureContext(certReq->cspHand,
                        certReq->signatureAlg,
-                       (CallerAuthContext ? CallerAuthContext->CallerCredentials : NULL),
+                       NULL,                           // AccessCred
                        certReq->issuerPrivateKey,
                        &sigHand);
        if(crtn) {
@@ -575,7 +576,7 @@ void AppleTPSession::SubmitCredRequest(
        if(tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid,
                &CSSMOID_APPLE_TP_CSR_GEN)) {
                /* break out to CSR-specific code */
-               SubmitCsrRequest(RequestInput, CallerAuthContext, EstimatedTime, ReferenceIdentifier);
+               SubmitCsrRequest(RequestInput, EstimatedTime, ReferenceIdentifier);
                return;
        }
        else if(!tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid,
@@ -591,10 +592,6 @@ void AppleTPSession::SubmitCredRequest(
           (certReq->issuerPrivateKey == NULL)) {
                CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
        }
-       if((certReq->subjectNames == NULL) ||
-          (certReq->numSubjectNames == 0)) {
-               CssmError::throwMe(CSSMERR_TP_INVALID_NAME);
-       }
        if((certReq->numExtensions != 0) & (certReq->extensions == NULL)) {
                CssmError::throwMe(CSSMERR_TP_INVALID_POINTER);
        }