+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-//
-// Apple X.509 CRL-related session functions.
-//
-
-#include "AppleX509CLSession.h"
-#include "clNssUtils.h"
-#include "clNameUtils.h"
-
-void
-AppleX509CLSession::CrlDescribeFormat(
- uint32 &NumberOfFields,
- CSSM_OID_PTR &OidList)
-{
- DecodedCrl::describeFormat(*this, NumberOfFields, OidList);
-}
-
-
-void
-AppleX509CLSession::CrlGetAllFields(
- const CssmData &Crl,
- uint32 &NumberOfCrlFields,
- CSSM_FIELD_PTR &CrlFields)
-{
- class DecodedCrl decodedCrl(*this, Crl);
- decodedCrl.getAllParsedCrlFields(NumberOfCrlFields, CrlFields);
-}
-
-
-CSSM_HANDLE
-AppleX509CLSession::CrlGetFirstFieldValue(
- const CssmData &Crl,
- const CssmData &CrlField,
- uint32 &NumberOfMatchedFields,
- CSSM_DATA_PTR &Value)
-{
- NumberOfMatchedFields = 0;
- Value = NULL;
- CssmAutoData aData(*this);
-
- DecodedCrl *decodedCrl = new DecodedCrl(*this, Crl);
- uint32 numMatches;
-
- /* this returns false if field not there, throws on bad OID */
- bool brtn;
- try {
- brtn = decodedCrl->getCrlFieldData(CrlField,
- 0, // index
- numMatches,
- aData);
- }
- catch (...) {
- delete decodedCrl;
- throw;
- }
- if(!brtn) {
- delete decodedCrl;
- return CSSM_INVALID_HANDLE;
- }
-
- /* cook up a CLCachedCRL, stash it in cache */
- CLCachedCRL *cachedCrl = new CLCachedCRL(*decodedCrl);
- cacheMap.addEntry(*cachedCrl, cachedCrl->handle());
-
- /* cook up a CLQuery, stash it */
- CLQuery *query = new CLQuery(
- CLQ_CRL,
- CrlField,
- numMatches,
- false, // isFromCache
- cachedCrl->handle());
- queryMap.addEntry(*query, query->handle());
-
- /* success - copy field data to outgoing Value */
- Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
- *Value = aData.release();
- NumberOfMatchedFields = numMatches;
- return query->handle();
-}
-
-
-bool
-AppleX509CLSession::CrlGetNextFieldValue(
- CSSM_HANDLE ResultsHandle,
- CSSM_DATA_PTR &Value)
-{
- /* fetch & validate the query */
- CLQuery *query = queryMap.lookupEntry(ResultsHandle);
- if(query == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE);
- }
- if(query->queryType() != CLQ_CRL) {
- clErrorLog("CrlGetNextFieldValue: bad queryType (%d)",
- (int)query->queryType());
- CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE);
- }
- if(query->nextIndex() >= query->numFields()) {
- return false;
- }
-
- /* fetch the associated cached CRL */
- CLCachedCRL *cachedCrl = lookupCachedCRL(query->cachedObject());
- uint32 dummy;
- CssmAutoData aData(*this);
- if(!cachedCrl->crl().getCrlFieldData(query->fieldId(),
- query->nextIndex(),
- dummy,
- aData)) {
- return false;
- }
-
- /* success - copy field data to outgoing Value */
- Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
- *Value = aData.release();
- query->incrementIndex();
- return true;
-}
-
-
-void
-AppleX509CLSession::IsCertInCrl(
- const CssmData &Cert,
- const CssmData &Crl,
- CSSM_BOOL &CertFound)
-{
- /*
- * Decode the two entities. Note that doing it this way incurs
- * the unnecessary (for our purposes) overhead of decoding
- * extensions, but doing it this way is so spiffy that I can't
- * resist.
- */
- DecodedCert decodedCert(*this, Cert);
- DecodedCrl decodedCrl(*this, Crl);
-
- NSS_TBSCertificate &tbsCert = decodedCert.mCert.tbs;
- NSS_TBSCrl &tbsCrl = decodedCrl.mCrl.tbs;
-
- /* trivial case - empty CRL */
- unsigned numCrlEntries =
- clNssArraySize((const void **)tbsCrl.revokedCerts);
- if(numCrlEntries == 0) {
- clFieldLog("IsCertInCrl: empty CRL");
- CertFound = CSSM_FALSE;
- return;
- }
-
- /*
- * Get normalized and encoded versions of issuer names.
- * Since the decoded entities are local, we can normalize in place.
- */
- CssmAutoData encCertIssuer(*this);
- CssmAutoData encCrlIssuer(*this);
- try {
- /* snag a handy temp allocator */
- SecNssCoder &coder = decodedCert.coder();
- CL_normalizeX509NameNSS(tbsCert.issuer, coder);
- PRErrorCode prtn = SecNssEncodeItemOdata(&tbsCert.issuer,
- kSecAsn1NameTemplate, encCertIssuer);
- if(prtn) {
- CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
- }
-
- CL_normalizeX509NameNSS(tbsCrl.issuer, coder);
- prtn = SecNssEncodeItemOdata(&tbsCrl.issuer,
- kSecAsn1NameTemplate, encCrlIssuer);
- if(prtn) {
- CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
- }
- }
- catch(...) {
- clFieldLog("IsCertInCrl: normalize failure");
- throw;
- }
-
- /* issuer names match? */
- CertFound = CSSM_FALSE;
- if(encCertIssuer.get() != encCrlIssuer.get()) {
- clFieldLog("IsCertInCrl: issuer name mismatch");
- return;
- }
-
- /* is this cert's serial number in the CRL? */
- CSSM_DATA &certSerial = tbsCert.serialNumber;
- for(unsigned dex=0; dex<numCrlEntries; dex++) {
- NSS_RevokedCert *revokedCert = tbsCrl.revokedCerts[dex];
- assert(revokedCert != NULL);
- CSSM_DATA &revokedSerial = revokedCert->userCertificate;
- if(clCompareCssmData(&certSerial, &revokedSerial)) {
- /* success */
- CertFound = CSSM_TRUE;
- break;
- }
- }
-}
-
-#pragma mark --- Cached ---
-
-void
-AppleX509CLSession::CrlCache(
- const CssmData &Crl,
- CSSM_HANDLE &CrlHandle)
-{
- DecodedCrl *decodedCrl = new DecodedCrl(*this, Crl);
-
- /* cook up a CLCachedCRL, stash it in cache */
- CLCachedCRL *cachedCrl = new CLCachedCRL(*decodedCrl);
- cacheMap.addEntry(*cachedCrl, cachedCrl->handle());
- CrlHandle = cachedCrl->handle();
-}
-
-/*
- * FIXME - CrlRecordIndex not supported, it'll require mods to
- * the DecodedCrl::getCrlFieldData mechanism
- */
-CSSM_HANDLE
-AppleX509CLSession::CrlGetFirstCachedFieldValue(
- CSSM_HANDLE CrlHandle,
- const CssmData *CrlRecordIndex,
- const CssmData &CrlField,
- uint32 &NumberOfMatchedFields,
- CSSM_DATA_PTR &Value)
-{
- if(CrlRecordIndex != NULL) {
- /* not yet */
- CssmError::throwMe(CSSMERR_CL_INVALID_CRL_INDEX);
- }
-
- /* fetch the associated cached CRL */
- CLCachedCRL *cachedCrl = lookupCachedCRL(CrlHandle);
- if(cachedCrl == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_CACHE_HANDLE);
- }
-
- CssmAutoData aData(*this);
- uint32 numMatches;
-
- /* this returns false if field not there, throws on bad OID */
- if(!cachedCrl->crl().getCrlFieldData(CrlField,
- 0, // index
- numMatches,
- aData)) {
- return CSSM_INVALID_HANDLE;
- }
-
- /* cook up a CLQuery, stash it */
- CLQuery *query = new CLQuery(
- CLQ_CRL,
- CrlField,
- numMatches,
- true, // isFromCache
- cachedCrl->handle());
- queryMap.addEntry(*query, query->handle());
-
- /* success - copy field data to outgoing Value */
- Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
- *Value = aData.release();
- NumberOfMatchedFields = numMatches;
- return query->handle();
-}
-
-
-bool
-AppleX509CLSession::CrlGetNextCachedFieldValue(
- CSSM_HANDLE ResultsHandle,
- CSSM_DATA_PTR &Value)
-{
- /* Identical to, so just call... */
- return CrlGetNextFieldValue(ResultsHandle, Value);
-}
-
-
-void
-AppleX509CLSession::IsCertInCachedCrl(
- const CssmData &Cert,
- CSSM_HANDLE CrlHandle,
- CSSM_BOOL &CertFound,
- CssmData &CrlRecordIndex)
-{
- unimplemented();
-}
-
-
-void
-AppleX509CLSession::CrlAbortCache(
- CSSM_HANDLE CrlHandle)
-{
- /* fetch the associated cached CRL, remove from map, delete it */
- CLCachedCRL *cachedCrl = lookupCachedCRL(CrlHandle);
- if(cachedCrl == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_CACHE_HANDLE);
- }
- cacheMap.removeEntry(cachedCrl->handle());
- delete cachedCrl;
-}
-
-
-void
-AppleX509CLSession::CrlAbortQuery(
- CSSM_HANDLE ResultsHandle)
-{
- /* fetch & validate the query */
- CLQuery *query = queryMap.lookupEntry(ResultsHandle);
- if(query == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE);
- }
- if(query->queryType() != CLQ_CRL) {
- clErrorLog("CrlAbortQuery: bad queryType (%d)", (int)query->queryType());
- CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE);
- }
-
- if(!query->fromCache()) {
- /* the associated cached CRL was created just for this query; dispose */
- CLCachedCRL *cachedCrl = lookupCachedCRL(query->cachedObject());
- if(cachedCrl == NULL) {
- /* should never happen */
- CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR);
- }
- cacheMap.removeEntry(cachedCrl->handle());
- delete cachedCrl;
- }
- queryMap.removeEntry(query->handle());
- delete query;
-}
-
-#pragma mark --- Template ---
-
-void
-AppleX509CLSession::CrlCreateTemplate(
- uint32 NumberOfFields,
- const CSSM_FIELD *CrlTemplate,
- CssmData &NewCrl)
-{
- unimplemented();
-}
-
-
-void
-AppleX509CLSession::CrlSetFields(
- uint32 NumberOfFields,
- const CSSM_FIELD *CrlTemplate,
- const CssmData &OldCrl,
- CssmData &ModifiedCrl)
-{
- unimplemented();
-}
-
-
-void
-AppleX509CLSession::CrlAddCert(
- CSSM_CC_HANDLE CCHandle,
- const CssmData &Cert,
- uint32 NumberOfFields,
- const CSSM_FIELD CrlEntryFields[],
- const CssmData &OldCrl,
- CssmData &NewCrl)
-{
- unimplemented();
-}
-
-
-void
-AppleX509CLSession::CrlRemoveCert(
- const CssmData &Cert,
- const CssmData &OldCrl,
- CssmData &NewCrl)
-{
- unimplemented();
-}
-
-
-void
-AppleX509CLSession::CrlGetAllCachedRecordFields(
- CSSM_HANDLE CrlHandle,
- const CssmData &CrlRecordIndex,
- uint32 &NumberOfFields,
- CSSM_FIELD_PTR &CrlFields)
-{
- unimplemented();
-}
-
-/*
- * These are functionally identical to the corresponding
- * Cert functions.
- */
-void
-AppleX509CLSession::CrlVerifyWithKey(
- CSSM_CC_HANDLE CCHandle,
- const CssmData &CrlToBeVerified)
-{
- CertVerifyWithKey(CCHandle, CrlToBeVerified);
-}
-
-
-void
-AppleX509CLSession::CrlVerify(
- CSSM_CC_HANDLE CCHandle,
- const CssmData &CrlToBeVerified,
- const CssmData *SignerCert,
- const CSSM_FIELD *VerifyScope,
- uint32 ScopeSize)
-{
- CertVerify(CCHandle, CrlToBeVerified, SignerCert, VerifyScope,
- ScopeSize);
-}
-
-void
-AppleX509CLSession::CrlSign(
- CSSM_CC_HANDLE CCHandle,
- const CssmData &UnsignedCrl,
- const CSSM_FIELD *SignScope,
- uint32 ScopeSize,
- CssmData &SignedCrl)
-{
- unimplemented();
-}
-
-
-
-
projects / apple / security.git / blobdiff