| blob | 0ab071083cede0eb3744df4fe8b9a261813ce2a2 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 * Sun Microsystems
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 *
36 * ***** END LICENSE BLOCK ***** */
37 /*
38 * pkix_policynode.c
39 *
40 * Policy Node Object Type Definition
41 *
42 */
46 /* --Private-PolicyNode-Functions---------------------------------- */
48 /*
49 * FUNCTION: pkix_PolicyNode_GetChildrenMutable
50 * DESCRIPTION:
51 *
52 * Retrieves the List of PolicyNodes representing the child nodes of the
53 * Policy Node pointed to by "node" and stores it at "pChildren". If "node"
54 * has no List of child nodes, this function stores NULL at "pChildren".
55 *
56 * Note that the List returned by this function may be mutable. This function
57 * differs from the public function PKIX_PolicyNode_GetChildren in that
58 * respect. (It also differs in that the public function creates an empty
59 * List, if necessary, rather than storing NULL.)
60 *
61 * During certificate processing, children Lists are created and modified.
62 * Once the list is accessed using the public call, the List is set immutable.
63 *
64 * PARAMETERS:
65 * "node"
66 * Address of PolicyNode whose child nodes are to be stored.
67 * Must be non-NULL.
68 * "pChildren"
69 * Address where object pointer will be stored. Must be non-NULL.
70 * "plContext"
71 * Platform-specific context pointer.
72 * THREAD SAFETY:
73 * Conditionally Thread Safe
74 * (see Thread Safety Definitions in Programmer's Guide)
75 * RETURNS:
76 * Returns NULL if the function succeeds.
77 * Returns a PolicyNode Error if the function fails in a non-fatal way.
78 * Returns a Fatal Error if the function fails in an unrecoverable way.
79 */
80 PKIX_Error *
85 {
96 }
98 /*
99 * FUNCTION: pkix_PolicyNode_Create
100 * DESCRIPTION:
101 *
102 * Creates a new PolicyNode using the OID pointed to by "validPolicy", the List
103 * of CertPolicyQualifiers pointed to by "qualifierSet", the criticality
104 * indicated by the Boolean value of "criticality", and the List of OIDs
105 * pointed to by "expectedPolicySet", and stores the result at "pObject". The
106 * criticality should be derived from whether the certificate policy extension
107 * was marked as critical in the certificate that led to creation of this
108 * PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made
109 * immutable. The PolicyNode pointers to parent and to children are initialized
110 * to NULL, and the depth is set to zero; those values should be set by using
111 * the pkix_PolicyNode_AddToParent function.
112 *
113 * PARAMETERS
114 * "validPolicy"
115 * Address of OID of the valid policy for the path. Must be non-NULL
116 * "qualifierSet"
117 * Address of List of CertPolicyQualifiers associated with the validpolicy.
118 * May be NULL
119 * "criticality"
120 * Boolean indicator of whether the criticality should be set in this
121 * PolicyNode
122 * "expectedPolicySet"
123 * Address of List of OIDs that would satisfy this policy in the next
124 * certificate. Must be non-NULL
125 * "pObject"
126 * Address where the PolicyNode pointer will be stored. Must be non-NULL.
127 * "plContext"
128 * Platform-specific context pointer.
129 * THREAD SAFETY:
130 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
131 * RETURNS:
132 * Returns NULL if the function succeeds.
133 * Returns a PolicyNode Error if the function fails in a non-fatal way.
134 * Returns a Fatal Error if the function fails in an unrecoverable way.
135 */
136 PKIX_Error *
140 PKIX_Boolean criticality,
144 {
155 plContext),
156 PKIX_COULDNOTCREATEPOLICYNODEOBJECT);
165 PKIX_LISTSETIMMUTABLEFAILED);
166 }
173 PKIX_LISTSETIMMUTABLEFAILED);
181 cleanup:
184 }
187 }
189 /*
190 * FUNCTION: pkix_PolicyNode_AddToParent
191 * DESCRIPTION:
192 *
193 * Adds the PolicyNode pointed to by "child" to the List of children of
194 * the PolicyNode pointed to by "parentNode". If "parentNode" had a
195 * NULL pointer for the List of children, a new List is created containing
196 * "child". Otherwise "child" is appended to the existing List. The
197 * parent field in "child" is set to "parent", and the depth field is
198 * set to one more than the corresponding value in "parent".
199 *
200 * Depth, in this context, means distance from the root node, which
201 * is at depth zero.
202 *
203 * PARAMETERS:
204 * "parentNode"
205 * Address of PolicyNode whose List of child PolicyNodes is to be
206 * created or appended to. Must be non-NULL.
207 * "child"
208 * Address of PolicyNode to be added to parentNode's List. Must be
209 * non-NULL.
210 * "plContext"
211 * Platform-specific context pointer.
212 * THREAD SAFETY:
213 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
214 * RETURNS:
215 * Returns NULL if the function succeeds.
216 * Returns a PolicyNode Error if the function fails in a non-fatal way.
217 * Returns a Fatal Error if the function fails in an unrecoverable way.
218 */
219 PKIX_Error *
224 {
234 PKIX_LISTCREATEFAILED);
236 }
238 /*
239 * Note: this link is not reference-counted. The link from parent
240 * to child is counted (actually, the parent "owns" a List which
241 * "owns" children), but the children do not "own" the parent.
242 * Otherwise, there would be loops.
243 */
250 PKIX_COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST);
254 PKIX_OBJECTINVALIDATECACHEFAILED);
258 PKIX_OBJECTINVALIDATECACHEFAILED);
260 cleanup:
263 }
265 /*
266 * FUNCTION: pkix_PolicyNode_Prune
267 * DESCRIPTION:
268 *
269 * Prunes a tree below the PolicyNode whose address is pointed to by "node",
270 * using the UInt32 value of "height" as the distance from the leaf level,
271 * and storing at "pDelete" the Boolean value of whether this PolicyNode is,
272 * after pruning, childless and should be pruned.
273 *
274 * Any PolicyNode at height 0 is allowed to survive. If the height is greater
275 * than zero, pkix_PolicyNode_Prune is called recursively for each child of
276 * the current PolicyNode. After this process, a node with no children
277 * stores PKIX_TRUE in "pDelete" to indicate that it should be deleted.
278 *
279 * PARAMETERS:
280 * "node"
281 * Address of the PolicyNode to be pruned. Must be non-NULL.
282 * "height"
283 * UInt32 value for the distance from the leaf level
284 * "pDelete"
285 * Address to store the Boolean return value of PKIX_TRUE if this node
286 * should be pruned, or PKIX_FALSE if there remains at least one
287 * branch of the required height. Must be non-NULL.
288 * "plContext"
289 * Platform-specific context pointer.
290 * THREAD SAFETY:
291 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
292 * RETURNS:
293 * Returns NULL if the function succeeds.
294 * Returns a PolicyNode Error if the function fails in a non-fatal way.
295 * Returns a Fatal Error if the function fails in an unrecoverable way.
296 */
297 PKIX_Error *
300 PKIX_UInt32 height,
303 {
314 /* Don't prune at the leaf */
317 }
319 /* Above the bottom level, childless nodes get pruned */
323 }
325 /*
326 * This node has children. If they are leaf nodes,
327 * we know they will live. Otherwise, check them out.
328 */
332 PKIX_LISTGETLENGTHFAILED);
333 /*
334 * By working backwards from the end of the list,
335 * we avoid having to worry about possible
336 * decreases in the size of the list, as we
337 * delete items. The only nuisance is that since the
338 * index is UInt32, we can't check for it to reach -1;
339 * we have to use the 1-based index, rather than the
340 * 0-based index that PKIX_List functions require.
341 */
347 plContext),
348 PKIX_LISTGETITEMFAILED);
354 plContext),
355 PKIX_POLICYNODEPRUNEFAILED);
361 plContext),
362 PKIX_LISTDELETEITEMFAILED);
363 }
366 }
367 }
369 /* Prune if this node has *become* childless */
372 PKIX_LISTGETLENGTHFAILED);
375 }
377 /*
378 * Even if we did not change this node, or any of its children,
379 * maybe a [great-]*grandchild was pruned.
380 */
383 PKIX_OBJECTINVALIDATECACHEFAILED);
385 cleanup:
391 }
393 /*
394 * FUNCTION: pkix_SinglePolicyNode_ToString
395 * DESCRIPTION:
396 *
397 * Creates a String representation of the attributes of the PolicyNode
398 * pointed to by "node", other than its parents or children, and
399 * stores the result at "pString".
400 *
401 * PARAMETERS:
402 * "node"
403 * Address of PolicyNode to be described by the string. Must be non-NULL.
404 * "pString"
405 * Address where object pointer will be stored. Must be non-NULL.
406 * "plContext"
407 * Platform-specific context pointer.
408 * THREAD SAFETY:
409 * Conditionally Thread Safe
410 * (see Thread Safety Definitions in Programmer's Guide)
411 * RETURNS:
412 * Returns NULL if function succeeds
413 * Returns a PolicyNode Error if the function fails in a non-fatal way.
414 * Returns a Fatal Error if the function fails in a fatal way
415 */
416 PKIX_Error *
421 {
438 plContext),
439 PKIX_CANTCREATESTRING);
444 plContext),
445 PKIX_OIDTOSTRINGFAILED);
450 plContext),
451 PKIX_LISTTOSTRINGFAILED);
457 plContext),
458 PKIX_LISTTOSTRINGFAILED);
465 plContext),
466 PKIX_CANTCREATESTRING);
467 }
474 plContext),
475 PKIX_CANTCREATESTRING);
479 plContext,
480 fmtString,
481 validString,
482 qualifierString,
483 criticalityString,
484 expectedString,
486 PKIX_SPRINTFFAILED);
490 cleanup:
498 }
500 /*
501 * FUNCTION: pkix_PolicyNode_ToString_Helper
502 * DESCRIPTION:
503 *
504 * Produces a String representation of a PolicyNode tree below the PolicyNode
505 * pointed to by "rootNode", with each line of output prefixed by the String
506 * pointed to by "indent", and stores the result at "pTreeString". It is
507 * called recursively, with ever-increasing indentation, for successively
508 * lower nodes on the tree.
509 *
510 * PARAMETERS:
511 * "rootNode"
512 * Address of PolicyNode subtree. Must be non-NULL.
513 * "indent"
514 * Address of String to be prefixed to each line of output. May be NULL
515 * if no indentation is desired
516 * "pTreeString"
517 * Address where the resulting String will be stored; must be non-NULL
518 * "plContext"
519 * Platform-specific context pointer.
520 * THREAD SAFETY:
521 * Conditionally Thread Safe
522 * (see Thread Safety Definitions in Programmer's Guide)
523 * RETURNS:
524 * Returns NULL if the function succeeds.
525 * Returns a PolicyNode Error if the function fails in a non-fatal way.
526 * Returns a Fatal Error if the function fails in an unrecoverable way.
527 */
534 {
550 /* Create a string for this node */
553 PKIX_ERRORINSINGLEPOLICYNODETOSTRING);
561 plContext),
562 PKIX_ERRORCREATINGFORMATSTRING);
566 plContext,
567 thisNodeFormat,
568 indent,
569 thisItemString),
570 PKIX_ERRORINSPRINTF);
577 plContext),
578 PKIX_ERRORCREATINGFORMATSTRING);
582 plContext,
583 thisNodeFormat,
584 thisItemString),
585 PKIX_ERRORINSPRINTF);
586 }
591 /* if no children, we are done */
595 PKIX_LISTGETLENGTHFAILED);
596 }
599 /*
600 * We create a string for each child in turn,
601 * concatenating them to thisItemString.
602 */
604 /* Prepare an indent string for each child */
611 plContext),
612 PKIX_ERRORCREATINGFORMATSTRING);
616 plContext,
617 nextIndentFormat,
618 indent),
619 PKIX_ERRORINSPRINTF);
626 plContext),
627 PKIX_ERRORCREATINGINDENTSTRING);
628 }
630 /* Prepare the format for concatenation. */
636 plContext),
637 PKIX_ERRORCREATINGFORMATSTRING);
641 childIndex++) {
644 childIndex,
646 plContext),
647 PKIX_LISTGETITEMFAILED);
651 nextIndentString,
653 plContext),
654 PKIX_ERRORCREATINGCHILDSTRING);
659 plContext,
660 childrenFormat,
661 thisItemString,
662 childString),
663 PKIX_ERRORINSPRINTF);
670 }
671 }
675 cleanup:
678 }
688 }
690 /*
691 * FUNCTION: pkix_PolicyNode_ToString
692 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
693 */
699 {
708 PKIX_OBJECTNOTPOLICYNODE);
714 PKIX_ERRORCREATINGSUBTREESTRING);
718 cleanup:
721 }
723 /*
724 * FUNCTION: pkix_PolicyNode_Destroy
725 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
726 */
731 {
739 PKIX_OBJECTNOTPOLICYNODE);
749 /*
750 * Note: the link to parent is not reference-counted. See comment
751 * in pkix_PolicyNode_AddToParent for more details.
752 */
756 cleanup:
759 }
761 /*
762 * FUNCTION: pkix_SinglePolicyNode_Hashcode
763 * DESCRIPTION:
764 *
765 * Computes the hashcode of the attributes of the PolicyNode pointed to by
766 * "node", other than its parents and children, and stores the result at
767 * "pHashcode".
768 *
769 * PARAMETERS:
770 * "node"
771 * Address of PolicyNode to be hashcoded; must be non-NULL
772 * "pHashcode"
773 * Address where UInt32 result will be stored; must be non-NULL
774 * "plContext"
775 * Platform-specific context pointer.
776 * THREAD SAFETY:
777 * Conditionally Thread Safe
778 * (see Thread Safety Definitions in Programmer's Guide)
779 * RETURNS:
780 * Returns NULL if function succeeds
781 * Returns a PolicyNode Error if the function fails in a non-fatal way.
782 * Returns a Fatal Error if the function fails in a fatal way
783 */
789 {
797 PKIX_HASHCODE
800 plContext,
801 PKIX_FAILUREHASHINGLISTQUALIFIERSET);
807 }
812 plContext),
813 PKIX_FAILUREHASHINGOIDVALIDPOLICY);
820 plContext),
821 PKIX_FAILUREHASHINGLISTEXPECTEDPOLICYSET);
827 cleanup:
830 }
832 /*
833 * FUNCTION: pkix_PolicyNode_Hashcode
834 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
835 */
841 {
851 PKIX_OBJECTNOTPOLICYNODE);
857 PKIX_SINGLEPOLICYNODEHASHCODEFAILED);
861 PKIX_HASHCODE
864 plContext,
865 PKIX_OBJECTHASHCODEFAILED);
871 cleanup:
874 }
876 /*
877 * FUNCTION: pkix_SinglePolicyNode_Equals
878 * DESCRIPTION:
879 *
880 * Compares for equality the components of the PolicyNode pointed to by
881 * "firstPN", other than its parents and children, with those of the
882 * PolicyNode pointed to by "secondPN" and stores the result at "pResult"
883 * (PKIX_TRUE if equal; PKIX_FALSE if not).
884 *
885 * PARAMETERS:
886 * "firstPN"
887 * Address of first of the PolicyNodes to be compared; must be non-NULL
888 * "secondPN"
889 * Address of second of the PolicyNodes to be compared; must be non-NULL
890 * "pResult"
891 * Address where Boolean will be stored; must be non-NULL
892 * "plContext"
893 * Platform-specific context pointer.
894 * THREAD SAFETY:
895 * Conditionally Thread Safe
896 * (see Thread Safety Definitions in Programmer's Guide)
897 * RETURNS:
898 * Returns NULL if function succeeds
899 * Returns a PolicyNode Error if the function fails in a non-fatal way.
900 * Returns a Fatal Error if the function fails in a fatal way
901 */
908 {
914 /* If both references are identical, they must be equal */
918 }
920 /*
921 * It seems we have to do the comparisons. Do
922 * the easiest ones first.
923 */
926 }
929 }
931 PKIX_EQUALS
935 plContext,
936 PKIX_OBJECTEQUALSFAILED);
940 }
942 /* These fields must be non-NULL */
945 PKIX_EQUALS
949 plContext,
950 PKIX_OBJECTEQUALSFAILED);
954 }
956 /* These fields must be non-NULL */
957 PKIX_NULLCHECK_TWO
960 PKIX_EQUALS
964 plContext,
965 PKIX_OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS);
967 cleanup:
972 }
974 /*
975 * FUNCTION: pkix_PolicyNode_Equals
976 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
977 */
984 {
987 PKIX_UInt32 secondType;
993 /* test that firstObject is a PolicyNode */
996 PKIX_FIRSTOBJECTNOTPOLICYNODE);
998 /*
999 * Since we know firstObject is a PolicyNode,
1000 * if both references are identical, they must be equal
1001 */
1005 }
1007 /*
1008 * If secondObject isn't a PolicyNode, we
1009 * don't throw an error. We simply return FALSE.
1010 */
1013 PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
1017 }
1019 /*
1020 * Oh, well, we have to do the comparisons. Do
1021 * the easiest ones first.
1022 */
1026 /*
1027 * We don't require the parents to be identical. In the
1028 * course of traversing the tree, we will have checked the
1029 * attributes of the parent nodes, and checking the lists
1030 * of children will determine whether they match.
1031 */
1033 PKIX_EQUALS
1037 plContext,
1038 PKIX_OBJECTEQUALSFAILEDONCHILDREN);
1042 }
1046 PKIX_SINGLEPOLICYNODEEQUALSFAILED);
1048 cleanup:
1053 }
1055 /*
1056 * FUNCTION: pkix_PolicyNode_DuplicateHelper
1057 * DESCRIPTION:
1058 *
1059 * Duplicates the PolicyNode whose address is pointed to by "original",
1060 * and stores the result at "pNewNode", if a non-NULL pointer is provided
1061 * for "pNewNode". In addition, the created PolicyNode is added as a child
1062 * to "parent", if a non-NULL pointer is provided for "parent". Then this
1063 * function is called recursively to duplicate each of the children of
1064 * "original". At the top level this function is called with a null
1065 * "parent" and a non-NULL "pNewNode". Below the top level "parent" will
1066 * be non-NULL and "pNewNode" will be NULL.
1067 *
1068 * PARAMETERS:
1069 * "original"
1070 * Address of PolicyNode to be copied; must be non-NULL
1071 * "parent"
1072 * Address of PolicyNode to which the created node is to be added as a
1073 * child; NULL for the top-level call and non-NULL below the top level
1074 * "pNewNode"
1075 * Address to store the node created; should be NULL if "parent" is
1076 * non-NULL and vice versa
1077 * "plContext"
1078 * Platform-specific context pointer.
1079 * THREAD SAFETY:
1080 * Conditionally Thread Safe
1081 * (see Thread Safety Definitions in Programmer's Guide)
1082 * RETURNS:
1083 * Returns NULL if function succeeds
1084 * Returns a PolicyNode Error if the function fails in a non-fatal way.
1085 * Returns a Fatal Error if the function fails in a fatal way
1086 */
1093 {
1102 PKIX_NULLCHECK_THREE
1105 /*
1106 * These components are immutable, so copying the pointers
1107 * is sufficient. The create function increments the reference
1108 * counts as it stores the pointers into the new object.
1109 */
1116 plContext),
1117 PKIX_POLICYNODECREATEFAILED);
1121 PKIX_POLICYNODEADDTOPARENTFAILED);
1122 }
1124 /* Are there any children to duplicate? */
1129 PKIX_LISTGETLENGTHFAILED);
1130 }
1135 childIndex,
1137 plContext),
1138 PKIX_LISTGETITEMFAILED);
1142 PKIX_POLICYNODEDUPLICATEHELPERFAILED);
1145 }
1150 }
1152 cleanup:
1157 }
1159 /*
1160 * FUNCTION: pkix_PolicyNode_Duplicate
1161 * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
1162 */
1168 {
1178 PKIX_OBJECTNOTPOLICYNODE);
1184 PKIX_POLICYNODEDUPLICATEHELPERFAILED);
1188 cleanup:
1191 }
1193 /*
1194 * FUNCTION: pkix_PolicyNode_RegisterSelf
1195 * DESCRIPTION:
1196 *
1197 * Registers PKIX_CERTPOLICYNODE_TYPE and its related
1198 * functions with systemClasses[]
1199 *
1200 * THREAD SAFETY:
1201 * Not Thread Safe - for performance and complexity reasons
1202 *
1203 * Since this function is only called by PKIX_PL_Initialize,
1204 * which should only be called once, it is acceptable that
1205 * this function is not thread-safe.
1206 */
1207 PKIX_Error *
1209 {
1212 pkix_ClassTable_Entry entry;
1227 }
1230 /* --Public-PolicyNode-Functions----------------------------------- */
1232 /*
1233 * FUNCTION: PKIX_PolicyNode_GetChildren
1234 * (see description of this function in pkix_results.h)
1235 */
1236 PKIX_Error *
1241 {
1253 PKIX_LISTCREATEFAILED);
1254 }
1257 PKIX_LISTSETIMMUTABLEFAILED);
1261 cleanup:
1264 }
1267 }
1269 /*
1270 * FUNCTION: PKIX_PolicyNode_GetParent
1271 * (see description of this function in pkix_results.h)
1272 */
1273 PKIX_Error *
1278 {
1288 }
1290 /*
1291 * FUNCTION: PKIX_PolicyNode_GetValidPolicy
1292 * (see description of this function in pkix_results.h)
1293 */
1294 PKIX_Error *
1299 {
1309 }
1311 /*
1312 * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
1313 * (see description of this function in pkix_results.h)
1314 */
1315 PKIX_Error *
1320 {
1332 PKIX_LISTCREATEFAILED);
1333 }
1336 PKIX_LISTSETIMMUTABLEFAILED);
1340 cleanup:
1343 }
1345 /*
1346 * FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
1347 * (see description of this function in pkix_results.h)
1348 */
1349 PKIX_Error *
1354 {
1364 }
1366 /*
1367 * FUNCTION: PKIX_PolicyNode_IsCritical
1368 * (see description of this function in pkix_results.h)
1369 */
1370 PKIX_Error *
1375 {
1384 }
1386 /*
1387 * FUNCTION: PKIX_PolicyNode_GetDepth
1388 * (see description of this function in pkix_results.h)
1389 */
1390 PKIX_Error *
1395 {
1404 }