X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/7948e047ad0cdb129f10661905b2f3eecd5c85a0..df0e469fdcf0e0b3ef74bac6500e5751c40b4ec1:/AppleX509TP/tpCredRequest.cpp

diff --git a/AppleX509TP/tpCredRequest.cpp b/AppleX509TP/tpCredRequest.cpp
index 71b6e6f8..b5dd7efe 100644
--- a/AppleX509TP/tpCredRequest.cpp
+++ b/AppleX509TP/tpCredRequest.cpp
@@ -35,7 +35,7 @@
 #include <Security/cssmapple.h>
 #include <assert.h>
 
-#define tpCredDebug(args...)	debug("tpCred", ## args)
+#define tpCredDebug(args...)	secdebug("tpCred", ## args)
 
 /*
  * Build up a CSSM_X509_NAME from an arbitrary list of name/OID pairs. 
@@ -47,6 +47,11 @@ CSSM_X509_NAME * AppleTPSession::buildX509Name(
 {
 	CSSM_X509_NAME *top = (CSSM_X509_NAME *)malloc(sizeof(CSSM_X509_NAME));
 	top->numberOfRDNs = numNames;
+	if(numNames == 0) {
+		/* legal! */
+		top->RelativeDistinguishedName = NULL;
+		return top;
+	}
 	top->RelativeDistinguishedName = 
 		(CSSM_X509_RDN_PTR)malloc(sizeof(CSSM_X509_RDN) * numNames);
 	CSSM_X509_RDN_PTR rdn;
@@ -211,6 +216,7 @@ void AppleTPSession::refKeyToRaw(
 		tpCredDebug("AppleTPSession::refKeyToRaw: context err");
 		CssmError::throwMe(crtn);
 	}
+	
 	crtn = CSSM_WrapKey(ccHand,
 		&creds,
 		refKey,
@@ -424,7 +430,6 @@ CSSM_DATA_PTR AppleTPSession::getCertFromMap(
  */
 void AppleTPSession::SubmitCsrRequest(
 	const CSSM_TP_REQUEST_SET &RequestInput,
-	const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
 	sint32 &EstimatedTime,						// RETURNED
 	CssmData &ReferenceIdentifier)				// RETURNED
 {
@@ -445,10 +450,6 @@ void AppleTPSession::SubmitCsrRequest(
 	   (certReq->signatureOid.Data == NULL)) {
 		CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
 	}
-	if((certReq->subjectNames == NULL) ||
-	   (certReq->numSubjectNames == 0)) {
-		CssmError::throwMe(CSSMERR_TP_INVALID_NAME);
-	}
 	
 	/* convert ref public key to raw per CL requirements */
 	const CSSM_KEY *subjectPubKey = certReq->certPublicKey;
@@ -485,7 +486,7 @@ void AppleTPSession::SubmitCsrRequest(
 	CSSM_RETURN crtn;
 	crtn = CSSM_CSP_CreateSignatureContext(certReq->cspHand,
 			certReq->signatureAlg,
-			(CallerAuthContext ? CallerAuthContext->CallerCredentials : NULL),
+			NULL,				// AccessCred
 			certReq->issuerPrivateKey,
 			&sigHand);
 	if(crtn) {
@@ -575,7 +576,7 @@ void AppleTPSession::SubmitCredRequest(
 	if(tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid,
 		&CSSMOID_APPLE_TP_CSR_GEN)) {
 		/* break out to CSR-specific code */
-		SubmitCsrRequest(RequestInput, CallerAuthContext, EstimatedTime, ReferenceIdentifier);
+		SubmitCsrRequest(RequestInput, EstimatedTime, ReferenceIdentifier);
 		return;
 	}
 	else if(!tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid,
@@ -591,10 +592,6 @@ void AppleTPSession::SubmitCredRequest(
 	   (certReq->issuerPrivateKey == NULL)) {
 		CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
 	}
-	if((certReq->subjectNames == NULL) ||
-	   (certReq->numSubjectNames == 0)) {
-		CssmError::throwMe(CSSMERR_TP_INVALID_NAME);
-	}
 	if((certReq->numExtensions != 0) & (certReq->extensions == NULL)) {
 		CssmError::throwMe(CSSMERR_TP_INVALID_POINTER);
 	}