1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
14 * The Original Code is the PKIX-C library.
16 * The Initial Developer of the Original Code is
17 * Sun Microsystems, Inc.
18 * Portions created by the Initial Developer are
19 * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
22 * Sun Microsystems, Inc.
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
36 * ***** END LICENSE BLOCK ***** */
38 * pkix_pl_basicconstraints.c
40 * BasicConstraints Object Functions
44 #include "pkix_pl_basicconstraints.h"
47 * FUNCTION: pkix_pl_CertBasicConstraints_Create
50 * Creates a new CertBasicConstraints object whose CA Flag has the value
51 * given by the Boolean value of "isCA" and whose path length field has the
52 * value given by the "pathLen" argument and stores it at "pObject".
56 * Boolean value with the desired value of CA Flag.
58 * a PKIX_Int32 with the desired value of path length
60 * Address of object pointer's destination. Must be non-NULL.
61 * "plContext" - Platform-specific context pointer.
63 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
65 * Returns NULL if the function succeeds.
66 * Returns a CertBasicConstraints Error if the function fails
68 * Returns a Fatal Error if the function fails in an unrecoverable way.
71 pkix_pl_CertBasicConstraints_Create(
74 PKIX_PL_CertBasicConstraints **pObject,
77 PKIX_PL_CertBasicConstraints *basic = NULL;
79 PKIX_ENTER(CERTBASICCONSTRAINTS,
80 "pkix_pl_CertBasicConstraints_Create");
81 PKIX_NULLCHECK_ONE(pObject);
83 PKIX_CHECK(PKIX_PL_Object_Alloc
84 (PKIX_CERTBASICCONSTRAINTS_TYPE,
85 sizeof (PKIX_PL_CertBasicConstraints),
86 (PKIX_PL_Object **)&basic,
88 PKIX_COULDNOTCREATECERTBASICCONSTRAINTSOBJECT);
92 /* pathLen has meaning only for CAs, but it's not worth checking */
93 basic->pathLen = pathLen;
99 PKIX_RETURN(CERTBASICCONSTRAINTS);
103 * FUNCTION: pkix_pl_CertBasicConstraints_Destroy
104 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
107 pkix_pl_CertBasicConstraints_Destroy(
108 PKIX_PL_Object *object,
111 PKIX_PL_CertBasicConstraints *certB = NULL;
113 PKIX_ENTER(CERTBASICCONSTRAINTS,
114 "pkix_pl_CertBasicConstraints_Destroy");
115 PKIX_NULLCHECK_ONE(object);
117 PKIX_CHECK(pkix_CheckType
118 (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
119 PKIX_OBJECTNOTCERTBASICCONSTRAINTS);
121 certB = (PKIX_PL_CertBasicConstraints*)object;
123 certB->isCA = PKIX_FALSE;
128 PKIX_RETURN(CERTBASICCONSTRAINTS);
132 * FUNCTION: pkix_pl_CertBasicConstraints_ToString
133 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
136 pkix_pl_CertBasicConstraints_ToString(
137 PKIX_PL_Object *object,
138 PKIX_PL_String **pString,
141 PKIX_PL_String *certBasicConstraintsString = NULL;
142 PKIX_PL_CertBasicConstraints *certB = NULL;
143 PKIX_Boolean isCA = PKIX_FALSE;
144 PKIX_Int32 pathLen = 0;
145 PKIX_PL_String *outString = NULL;
146 char *fmtString = NULL;
147 PKIX_Boolean pathlenArg = PKIX_FALSE;
149 PKIX_ENTER(CERTBASICCONSTRAINTS,
150 "pkix_pl_CertBasicConstraints_toString");
151 PKIX_NULLCHECK_TWO(object, pString);
153 PKIX_CHECK(pkix_CheckType
154 (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
155 PKIX_FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT);
157 certB = (PKIX_PL_CertBasicConstraints *)object;
161 * if pathLen == CERT_UNLIMITED_PATH_CONSTRAINT
163 * else print "CA(nnn)"
164 * if CA == FALSE, print "~CA"
170 pathLen = certB->pathLen;
172 if (pathLen == CERT_UNLIMITED_PATH_CONSTRAINT) {
174 fmtString = "CA(-1)";
175 pathlenArg = PKIX_FALSE;
177 /* print "CA(pathLen)" */
178 fmtString = "CA(%d)";
179 pathlenArg = PKIX_TRUE;
184 pathlenArg = PKIX_FALSE;
187 PKIX_CHECK(PKIX_PL_String_Create
191 &certBasicConstraintsString,
193 PKIX_STRINGCREATEFAILED);
196 PKIX_CHECK(PKIX_PL_Sprintf
199 certBasicConstraintsString,
203 PKIX_CHECK(PKIX_PL_Sprintf
206 certBasicConstraintsString),
210 *pString = outString;
214 PKIX_DECREF(certBasicConstraintsString);
216 PKIX_RETURN(CERTBASICCONSTRAINTS);
220 * FUNCTION: pkix_pl_CertBasicConstraints_Hashcode
221 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
224 pkix_pl_CertBasicConstraints_Hashcode(
225 PKIX_PL_Object *object,
226 PKIX_UInt32 *pHashcode,
229 PKIX_PL_CertBasicConstraints *certB = NULL;
230 PKIX_Boolean isCA = PKIX_FALSE;
231 PKIX_Int32 pathLen = 0;
232 PKIX_Int32 hashInput = 0;
233 PKIX_UInt32 cbcHash = 0;
235 PKIX_ENTER(CERTBASICCONSTRAINTS,
236 "pkix_pl_CertBasicConstraints_Hashcode");
237 PKIX_NULLCHECK_TWO(object, pHashcode);
239 PKIX_CHECK(pkix_CheckType
240 (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
241 PKIX_OBJECTNOTCERTBASICCONSTRAINTS);
243 certB = (PKIX_PL_CertBasicConstraints *)object;
247 * hash(pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT)
248 * if CA == FALSE, hash(0)
254 pathLen = certB->pathLen;
256 hashInput = pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT;
260 ((const unsigned char *)&hashInput,
266 *pHashcode = cbcHash;
270 PKIX_RETURN(CERTBASICCONSTRAINTS);
275 * FUNCTION: pkix_pl_CertBasicConstraints_Equals
276 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
279 pkix_pl_CertBasicConstraints_Equals(
280 PKIX_PL_Object *firstObject,
281 PKIX_PL_Object *secondObject,
282 PKIX_Boolean *pResult,
285 PKIX_PL_CertBasicConstraints *firstCBC = NULL;
286 PKIX_PL_CertBasicConstraints *secondCBC = NULL;
287 PKIX_UInt32 secondType;
288 PKIX_Boolean firstIsCA = PKIX_FALSE;
289 PKIX_Boolean secondIsCA = PKIX_FALSE;
290 PKIX_Int32 firstPathLen = 0;
291 PKIX_Int32 secondPathLen = 0;
293 PKIX_ENTER(CERTBASICCONSTRAINTS,
294 "pkix_pl_CertBasicConstraints_Equals");
295 PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
297 /* test that firstObject is a CertBasicConstraints */
298 PKIX_CHECK(pkix_CheckType
299 (firstObject, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
300 PKIX_FIRSTOBJECTNOTCERTBASICCONSTRAINTS);
303 * Since we know firstObject is a CertBasicConstraints,
304 * if both references are identical, they must be equal
306 if (firstObject == secondObject){
307 *pResult = PKIX_TRUE;
312 * If secondObject isn't a CertBasicConstraints, we
313 * don't throw an error. We simply return FALSE.
315 PKIX_CHECK(PKIX_PL_Object_GetType
316 (secondObject, &secondType, plContext),
317 PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
318 if (secondType != PKIX_CERTBASICCONSTRAINTS_TYPE) {
319 *pResult = PKIX_FALSE;
323 firstCBC = (PKIX_PL_CertBasicConstraints *)firstObject;
324 secondCBC = (PKIX_PL_CertBasicConstraints *)secondObject;
327 * Compare the value of the CAFlag components
330 firstIsCA = firstCBC->isCA;
333 * Failure here would be an error, not merely a miscompare,
334 * since we know second is a CertBasicConstraints.
336 secondIsCA = secondCBC->isCA;
339 * If isCA flags differ, the objects are not equal.
341 if (secondIsCA != firstIsCA) {
342 *pResult = PKIX_FALSE;
347 * If isCA was FALSE, the objects are equal, because
348 * pathLen is meaningless in that case.
351 *pResult = PKIX_TRUE;
355 firstPathLen = firstCBC->pathLen;
356 secondPathLen = secondCBC->pathLen;
358 *pResult = (secondPathLen == firstPathLen);
362 PKIX_RETURN(CERTBASICCONSTRAINTS);
366 * FUNCTION: pkix_pl_CertBasicConstraints_RegisterSelf
368 * Registers PKIX_CERTBASICCONSTRAINTS_TYPE and its related
369 * functions with systemClasses[]
371 * Not Thread Safe - for performance and complexity reasons
373 * Since this function is only called by PKIX_PL_Initialize,
374 * which should only be called once, it is acceptable that
375 * this function is not thread-safe.
378 pkix_pl_CertBasicConstraints_RegisterSelf(void *plContext)
381 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
382 pkix_ClassTable_Entry entry;
384 PKIX_ENTER(CERTBASICCONSTRAINTS,
385 "pkix_pl_CertBasicConstraints_RegisterSelf");
387 entry.description = "CertBasicConstraints";
388 entry.objCounter = 0;
389 entry.typeObjectSize = sizeof(PKIX_PL_CertBasicConstraints);
390 entry.destructor = pkix_pl_CertBasicConstraints_Destroy;
391 entry.equalsFunction = pkix_pl_CertBasicConstraints_Equals;
392 entry.hashcodeFunction = pkix_pl_CertBasicConstraints_Hashcode;
393 entry.toStringFunction = pkix_pl_CertBasicConstraints_ToString;
394 entry.comparator = NULL;
395 entry.duplicateFunction = pkix_duplicateImmutable;
397 systemClasses[PKIX_CERTBASICCONSTRAINTS_TYPE] = entry;
399 PKIX_RETURN(CERTBASICCONSTRAINTS);
402 /* --Public-Functions------------------------------------------------------- */
405 * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
406 * (see comments in pkix_pl_pki.h)
409 PKIX_PL_BasicConstraints_GetCAFlag(
410 PKIX_PL_CertBasicConstraints *basicConstraints,
411 PKIX_Boolean *pResult,
414 PKIX_ENTER(CERTBASICCONSTRAINTS,
415 "PKIX_PL_BasicConstraintsGetCAFlag");
416 PKIX_NULLCHECK_TWO(basicConstraints, pResult);
418 *pResult = basicConstraints->isCA;
420 PKIX_RETURN(CERTBASICCONSTRAINTS);
424 * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
425 * (see comments in pkix_pl_pki.h)
428 PKIX_PL_BasicConstraints_GetPathLenConstraint(
429 PKIX_PL_CertBasicConstraints *basicConstraints,
430 PKIX_Int32 *pPathLenConstraint,
433 PKIX_ENTER(CERTBASICCONSTRAINTS,
434 "PKIX_PL_BasicConstraintsGetPathLenConstraint");
435 PKIX_NULLCHECK_TWO(basicConstraints, pPathLenConstraint);
437 *pPathLenConstraint = basicConstraints->pathLen;
439 PKIX_RETURN(CERTBASICCONSTRAINTS);