本文整理汇总了C++中PKIX_ENTER函数的典型用法代码示例。如果您正苦于以下问题:C++ PKIX_ENTER函数的具体用法?C++ PKIX_ENTER怎么用?C++ PKIX_ENTER使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了PKIX_ENTER函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: pkix_pl_CRL_Equals
/*
* FUNCTION: pkix_pl_CRL_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_CRL_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_PL_CRL *firstCrl = NULL;
PKIX_PL_CRL *secondCrl = NULL;
SECItem *crlDerOne = NULL, *crlDerTwo = NULL;
PKIX_UInt32 secondType;
PKIX_ENTER(CRL, "pkix_pl_CRL_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* test that firstObject is a CRL */
PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRL_TYPE, plContext),
PKIX_FIRSTOBJECTNOTCRL);
firstCrl = (PKIX_PL_CRL *)firstObject;
secondCrl = (PKIX_PL_CRL *)secondObject;
/*
* Since we know firstObject is a CRL, if both references are
* identical, they must be equal
*/
if (firstCrl == secondCrl){
*pResult = PKIX_TRUE;
goto cleanup;
}
/*
* If secondCrl isn't a CRL, we don't throw an error.
* We simply return a Boolean result of FALSE
*/
*pResult = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_Object_GetType
((PKIX_PL_Object *)secondCrl, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
if (secondType != PKIX_CRL_TYPE) goto cleanup;
if (firstCrl->adoptedDerCrl) {
crlDerOne = firstCrl->adoptedDerCrl;
} else if (firstCrl->nssSignedCrl && firstCrl->nssSignedCrl->derCrl) {
crlDerOne = firstCrl->nssSignedCrl->derCrl;
}
if (secondCrl->adoptedDerCrl) {
crlDerTwo = secondCrl->adoptedDerCrl;
} else if (secondCrl->nssSignedCrl && secondCrl->nssSignedCrl->derCrl) {
crlDerTwo = secondCrl->nssSignedCrl->derCrl;
}
if (SECITEM_CompareItem(crlDerOne, crlDerTwo) == SECEqual) {
*pResult = PKIX_TRUE;
}
cleanup:
PKIX_RETURN(CRL);
}示例2: PKIX_RevocationChecker_CreateAndAddMethod
/*
* FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
*/
PKIX_Error *
PKIX_RevocationChecker_CreateAndAddMethod(
PKIX_RevocationChecker *revChecker,
PKIX_ProcessingParams *params,
PKIX_RevocationMethodType methodType,
PKIX_UInt32 flags,
PKIX_UInt32 priority,
PKIX_PL_VerifyCallback verificationFn,
PKIX_Boolean isLeafMethod,
void *plContext)
{
PKIX_List **methodList = NULL;
PKIX_List *unsortedList = NULL;
PKIX_List *certStores = NULL;
pkix_RevocationMethod *method = NULL;
pkix_LocalRevocationCheckFn *localRevChecker = NULL;
pkix_ExternalRevocationCheckFn *externRevChecker = NULL;
PKIX_UInt32 miFlags;
PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_CreateAndAddMethod");
PKIX_NULLCHECK_ONE(revChecker);
/* If the caller has said "Either one is sufficient, then don't let the
* absence of any one method's info lead to an overall failure.
*/
miFlags = isLeafMethod ? revChecker->leafMethodListFlags
: revChecker->chainMethodListFlags;
if (miFlags & PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE)
flags &= ~PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
switch (methodType) {
case PKIX_RevocationMethod_CRL:
localRevChecker = pkix_CrlChecker_CheckLocal;
externRevChecker = pkix_CrlChecker_CheckExternal;
PKIX_CHECK(
PKIX_ProcessingParams_GetCertStores(params, &certStores,
plContext),
PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
PKIX_CHECK(
pkix_CrlChecker_Create(methodType, flags, priority,
localRevChecker, externRevChecker,
certStores, verificationFn,
&method,
plContext),
PKIX_COULDNOTCREATECRLCHECKEROBJECT);
break;
case PKIX_RevocationMethod_OCSP:
localRevChecker = pkix_OcspChecker_CheckLocal;
externRevChecker = pkix_OcspChecker_CheckExternal;
PKIX_CHECK(
pkix_OcspChecker_Create(methodType, flags, priority,
localRevChecker, externRevChecker,
verificationFn,
&method,
plContext),
PKIX_COULDNOTCREATEOCSPCHECKEROBJECT);
break;
default:
PKIX_ERROR(PKIX_INVALIDREVOCATIONMETHOD);
}
if (isLeafMethod) {
methodList = &revChecker->leafMethodList;
} else {
methodList = &revChecker->chainMethodList;
}
if (*methodList == NULL) {
PKIX_CHECK(
PKIX_List_Create(methodList, plContext),
PKIX_LISTCREATEFAILED);
}
unsortedList = *methodList;
PKIX_CHECK(
PKIX_List_AppendItem(unsortedList, (PKIX_PL_Object*)method, plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_CHECK(
pkix_List_BubbleSort(unsortedList,
pkix_RevocationChecker_SortComparator,
methodList, plContext),
PKIX_LISTBUBBLESORTFAILED);
cleanup:
PKIX_DECREF(method);
PKIX_DECREF(unsortedList);
PKIX_DECREF(certStores);
PKIX_RETURN(REVOCATIONCHECKER);
}示例3: pkix_Error_ToString
/*
* FUNCTION: pkix_Error_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_Error_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_Error *error = NULL;
PKIX_Error *cause = NULL;
PKIX_PL_String *desc = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *causeString = NULL;
PKIX_PL_String *optCauseString = NULL;
PKIX_PL_String *errorNameString = NULL;
char *format = NULL;
PKIX_ERRORCLASS errClass;
PKIX_ENTER(ERROR, "pkix_Error_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext),
PKIX_OBJECTNOTANERROR);
error = (PKIX_Error *)object;
/* Get this error's errClass, description and the string of its cause */
errClass = error->errClass;
/* Get the description string */
PKIX_Error_GetDescription(error, &desc, plContext);
/* Get the cause */
cause = error->cause;
/* Get the causes's description string */
if (cause != NULL) {
pkix_error_cause_depth++;
/* Get the cause string */
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object*)cause, &causeString, plContext),
PKIX_ERRORGETTINGCAUSESTRING);
format = "\n*** Cause (%d): %s";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
format,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
/* Create the optional Cause String */
PKIX_CHECK(PKIX_PL_Sprintf
(&optCauseString,
plContext,
formatString,
pkix_error_cause_depth,
causeString),
PKIX_SPRINTFFAILED);
PKIX_DECREF(formatString);
pkix_error_cause_depth--;
}
/* Create the Format String */
if (optCauseString != NULL) {
format = "*** %s Error- %s%s";
} else {
format = "*** %s Error- %s";
}
/* Ensure that error errClass is known, otherwise default to Object */
if (errClass >= PKIX_NUMERRORCLASSES) {
errClass = 0;
}
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
(void *)PKIX_ERRORCLASSNAMES[errClass],
0,
&errorNameString,
plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
format,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
/* Create the output String */
PKIX_CHECK(PKIX_PL_Sprintf
//.........这里部分代码省略.........
示例4: pkix_VerifyNode_ToString_Helper
/*
* FUNCTION: pkix_VerifyNode_ToString_Helper
* DESCRIPTION:
*
* Produces a String representation of a VerifyNode tree below the VerifyNode
* pointed to by "rootNode", with each line of output prefixed by the String
* pointed to by "indent", and stores the result at "pTreeString". It is
* called recursively, with ever-increasing indentation, for successively
* lower nodes on the tree.
*
* PARAMETERS:
* "rootNode"
* Address of VerifyNode subtree. Must be non-NULL.
* "indent"
* Address of String to be prefixed to each line of output. May be NULL
* if no indentation is desired
* "pTreeString"
* Address where the resulting String will be stored; must be non-NULL
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a VerifyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_VerifyNode_ToString_Helper(
PKIX_VerifyNode *rootNode,
PKIX_PL_String *indent,
PKIX_PL_String **pTreeString,
void *plContext)
{
PKIX_PL_String *nextIndentFormat = NULL;
PKIX_PL_String *thisNodeFormat = NULL;
PKIX_PL_String *childrenFormat = NULL;
PKIX_PL_String *nextIndentString = NULL;
PKIX_PL_String *resultString = NULL;
PKIX_PL_String *thisItemString = NULL;
PKIX_PL_String *childString = NULL;
PKIX_VerifyNode *childNode = NULL;
PKIX_UInt32 numberOfChildren = 0;
PKIX_UInt32 childIndex = 0;
PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_ToString_Helper");
PKIX_NULLCHECK_TWO(rootNode, pTreeString);
/* Create a string for this node */
PKIX_CHECK(pkix_SingleVerifyNode_ToString
(rootNode, &thisItemString, plContext),
PKIX_ERRORINSINGLEVERIFYNODETOSTRING);
if (indent) {
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
"%s%s",
0,
&thisNodeFormat,
plContext),
PKIX_ERRORCREATINGFORMATSTRING);
PKIX_CHECK(PKIX_PL_Sprintf
(&resultString,
plContext,
thisNodeFormat,
indent,
thisItemString),
PKIX_ERRORINSPRINTF);
} else {
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
"%s",
0,
&thisNodeFormat,
plContext),
PKIX_ERRORCREATINGFORMATSTRING);
PKIX_CHECK(PKIX_PL_Sprintf
(&resultString,
plContext,
thisNodeFormat,
thisItemString),
PKIX_ERRORINSPRINTF);
}
PKIX_DECREF(thisItemString);
thisItemString = resultString;
/* if no children, we are done */
if (rootNode->children) {
PKIX_CHECK(PKIX_List_GetLength
(rootNode->children, &numberOfChildren, plContext),
PKIX_LISTGETLENGTHFAILED);
}
if (numberOfChildren != 0) {
/*
//.........这里部分代码省略.........
示例5: pkix_VerifyNode_DuplicateHelper
/*
* FUNCTION: pkix_VerifyNode_DuplicateHelper
* DESCRIPTION:
*
* Duplicates the VerifyNode whose address is pointed to by "original",
* and stores the result at "pNewNode", if a non-NULL pointer is provided
* for "pNewNode". In addition, the created VerifyNode is added as a child
* to "parent", if a non-NULL pointer is provided for "parent". Then this
* function is called recursively to duplicate each of the children of
* "original". At the top level this function is called with a null
* "parent" and a non-NULL "pNewNode". Below the top level "parent" will
* be non-NULL and "pNewNode" will be NULL.
*
* PARAMETERS:
* "original"
* Address of VerifyNode to be copied; must be non-NULL
* "parent"
* Address of VerifyNode to which the created node is to be added as a
* child; NULL for the top-level call and non-NULL below the top level
* "pNewNode"
* Address to store the node created; should be NULL if "parent" is
* non-NULL and vice versa
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if function succeeds
* Returns a VerifyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in a fatal way
*/
static PKIX_Error *
pkix_VerifyNode_DuplicateHelper(
PKIX_VerifyNode *original,
PKIX_VerifyNode *parent,
PKIX_VerifyNode **pNewNode,
void *plContext)
{
PKIX_UInt32 numChildren = 0;
PKIX_UInt32 childIndex = 0;
PKIX_List *children = NULL; /* List of PKIX_VerifyNode */
PKIX_VerifyNode *copy = NULL;
PKIX_VerifyNode *child = NULL;
PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_DuplicateHelper");
PKIX_NULLCHECK_TWO
(original, original->verifyCert);
/*
* These components are immutable, so copying the pointers
* is sufficient. The create function increments the reference
* counts as it stores the pointers into the new object.
*/
PKIX_CHECK(pkix_VerifyNode_Create
(original->verifyCert,
original->depth,
original->error,
©,
plContext),
PKIX_VERIFYNODECREATEFAILED);
/* Are there any children to duplicate? */
children = original->children;
if (children) {
PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
PKIX_LISTGETLENGTHFAILED);
}
for (childIndex = 0; childIndex < numChildren; childIndex++) {
PKIX_CHECK(PKIX_List_GetItem
(children,
childIndex,
(PKIX_PL_Object **)&child,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(pkix_VerifyNode_DuplicateHelper
(child, copy, NULL, plContext),
PKIX_VERIFYNODEDUPLICATEHELPERFAILED);
PKIX_DECREF(child);
}
if (pNewNode) {
*pNewNode = copy;
copy = NULL; /* no DecRef if we give our handle away */
}
cleanup:
PKIX_DECREF(copy);
PKIX_DECREF(child);
PKIX_RETURN(VERIFYNODE);
}示例6: pkix_pl_LdapCertStore_GetCRL
/*
* FUNCTION: pkix_pl_LdapCertStore_GetCRL
* (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
*/
PKIX_Error *
pkix_pl_LdapCertStore_GetCRL(
PKIX_CertStore *store,
PKIX_CRLSelector *selector,
void **pNBIOContext,
PKIX_List **pCrlList,
void *plContext)
{
LDAPRequestParams requestParams;
void *pollDesc = NULL;
PRArenaPool *requestArena = NULL;
PKIX_UInt32 numNames = 0;
PKIX_UInt32 thisName = 0;
PKIX_PL_CRL *candidate = NULL;
PKIX_List *responses = NULL;
PKIX_List *issuerNames = NULL;
PKIX_List *filteredCRLs = NULL;
PKIX_List *unfilteredCRLs = NULL;
PKIX_PL_X500Name *issuer = NULL;
PKIX_PL_LdapCertStoreContext *lcs = NULL;
PKIX_ComCRLSelParams *params = NULL;
PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCRL");
PKIX_NULLCHECK_THREE(store, selector, pCrlList);
requestParams.baseObject = "c=US";
requestParams.scope = WHOLE_SUBTREE;
requestParams.derefAliases = NEVER_DEREF;
requestParams.sizeLimit = 0;
requestParams.timeLimit = 0;
requestParams.attributes = LDAPATTR_CERTREVLIST | LDAPATTR_AUTHREVLIST;
/* Prepare elements for request filter */
/* XXX Place CRLDP code here. Handle the case when */
/* RFC 5280. Paragraph: 4.2.1.13: */
/* If the distributionPoint field contains a directoryName, the entry */
/* for that directoryName contains the current CRL for the associated */
/* reasons and the CRL is issued by the associated cRLIssuer. The CRL */
/* may be stored in either the certificateRevocationList or */
/* authorityRevocationList attribute. The CRL is to be obtained by the */
/* application from whatever directory server is locally configured. */
/* The protocol the application uses to access the directory (e.g., DAP */
/* or LDAP) is a local matter. */
/*
* Get a short-lived arena. We'll be done with this space once
* the request is encoded.
*/
PKIX_PL_NSSCALLRV
(CERTSTORE, requestArena, PORT_NewArena, (DER_DEFAULT_CHUNKSIZE));
if (!requestArena) {
PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
}
PKIX_CHECK(PKIX_CRLSelector_GetCommonCRLSelectorParams
(selector, ¶ms, plContext),
PKIX_CRLSELECTORGETCOMCERTSELPARAMSFAILED);
PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames
(params, &issuerNames, plContext),
PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED);
/*
* The specification for PKIX_ComCRLSelParams_GetIssuerNames in
* pkix_crlsel.h says that if the criterion is not set we get a null
* pointer. If we get an empty List the criterion is impossible to
* meet ("must match at least one of the names in the List").
*/
if (issuerNames) {
PKIX_CHECK(PKIX_List_GetLength
(issuerNames, &numNames, plContext),
PKIX_LISTGETLENGTHFAILED);
if (numNames > 0) {
for (thisName = 0; thisName < numNames; thisName++) {
PKIX_CHECK(PKIX_List_GetItem
(issuerNames,
thisName,
(PKIX_PL_Object **)&issuer,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK
(pkix_pl_LdapCertStore_MakeNameAVAList
(requestArena,
issuer,
&(requestParams.nc),
plContext),
PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED);
PKIX_DECREF(issuer);
//.........这里部分代码省略.........
示例7: pkix_VerifyNode_AddToChain
/*
* FUNCTION: pkix_VerifyNode_AddToChain
* DESCRIPTION:
*
* Adds the VerifyNode pointed to by "child", at the appropriate depth, to the
* List of children of the VerifyNode pointed to by "parentNode". The chain of
* VerifyNodes is traversed until a VerifyNode is found at a depth one less
* than that specified in "child". An Error is returned if there is no parent
* at a suitable depth.
*
* If "parentNode" has a NULL pointer for the List of children, a new List is
* created containing "child". Otherwise "child" is appended to the existing
* List.
*
* Depth, in this context, means distance from the root node, which
* is at depth zero.
*
* PARAMETERS:
* "parentNode"
* Address of VerifyNode whose List of child VerifyNodes is to be
* created or appended to. Must be non-NULL.
* "child"
* Address of VerifyNode to be added to parentNode's List. Must be
* non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a VerifyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_VerifyNode_AddToChain(
PKIX_VerifyNode *parentNode,
PKIX_VerifyNode *child,
void *plContext)
{
PKIX_VerifyNode *successor = NULL;
PKIX_List *listOfChildren = NULL;
PKIX_UInt32 numChildren = 0;
PKIX_UInt32 parentDepth = 0;
PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToChain");
PKIX_NULLCHECK_TWO(parentNode, child);
parentDepth = parentNode->depth;
listOfChildren = parentNode->children;
if (listOfChildren == NULL) {
if (parentDepth != (child->depth - 1)) {
PKIX_ERROR(PKIX_NODESMISSINGFROMCHAIN);
}
PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
PKIX_LISTCREATEFAILED);
PKIX_CHECK(PKIX_List_AppendItem
(listOfChildren, (PKIX_PL_Object *)child, plContext),
PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST);
parentNode->children = listOfChildren;
} else {
/* get number of children */
PKIX_CHECK(PKIX_List_GetLength
(listOfChildren, &numChildren, plContext),
PKIX_LISTGETLENGTHFAILED);
if (numChildren != 1) {
PKIX_ERROR(PKIX_AMBIGUOUSPARENTAGEOFVERIFYNODE);
}
/* successor = listOfChildren[0] */
PKIX_CHECK(PKIX_List_GetItem
(listOfChildren,
0,
(PKIX_PL_Object **)&successor,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(pkix_VerifyNode_AddToChain
(successor, child, plContext),
PKIX_VERIFYNODEADDTOCHAINFAILED);
}
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)parentNode, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_DECREF(successor);
PKIX_RETURN(VERIFYNODE);
}示例8: pkix_pl_helperBytes2Ascii
/*
* FUNCTION: pkix_pl_helperBytes2Ascii
* DESCRIPTION:
*
* Converts an array of integers pointed to by "tokens" with a length of
* "numTokens", to an ASCII string consisting of those integers with dots in
* between them and stores the result at "pAscii". The ASCII representation is
* guaranteed to end with a NUL character. This is particularly useful for
* OID's and IP Addresses.
*
* The return value "pAscii" is not reference-counted and will need to
* be freed with PKIX_PL_Free.
*
* PARAMETERS
* "tokens"
* Address of array of integers. Must be non-NULL.
* "numTokens"
* Length of array of integers. Must be non-zero.
* "pAscii"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Object Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_helperBytes2Ascii(
PKIX_UInt32 *tokens,
PKIX_UInt32 numTokens,
char **pAscii,
void *plContext)
{
char *tempString = NULL;
char *outputString = NULL;
char *format = "%d";
PKIX_UInt32 i = 0;
PKIX_UInt32 outputLen = 0;
PKIX_Int32 error;
PKIX_ENTER(OBJECT, "pkix_pl_helperBytes2Ascii");
PKIX_NULLCHECK_TWO(tokens, pAscii);
if (numTokens == 0) {
PKIX_ERROR_FATAL(PKIX_HELPERBYTES2ASCIINUMTOKENSZERO);
}
/*
* tempString will hold the string representation of a PKIX_UInt32 type
* The maximum value that can be held by an unsigned 32-bit integer
* is (2^32 - 1) = 4294967295 (which is ten digits long)
* Since tempString will hold the string representation of a
* PKIX_UInt32, we allocate 11 bytes for it (1 byte for '\0')
*/
PKIX_CHECK(PKIX_PL_Malloc
(MAX_DIGITS_32 + 1, (void **)&tempString, plContext),
PKIX_MALLOCFAILED);
for (i = 0; i < numTokens; i++){
PKIX_OBJECT_DEBUG("\tCalling PR_snprintf).\n");
error = PR_snprintf(tempString,
MAX_DIGITS_32 + 1,
format,
tokens[i]);
if (error == -1){
PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
}
PKIX_OBJECT_DEBUG("\tCalling PL_strlen).\n");
outputLen += PL_strlen(tempString);
/* Include a dot to separate each number */
outputLen++;
}
/* Allocate space for the destination string */
PKIX_CHECK(PKIX_PL_Malloc
(outputLen, (void **)&outputString, plContext),
PKIX_MALLOCFAILED);
*outputString = '\0';
/* Concatenate all strings together */
for (i = 0; i < numTokens; i++){
PKIX_OBJECT_DEBUG("\tCalling PR_snprintf).\n");
error = PR_snprintf(tempString,
MAX_DIGITS_32 + 1,
format,
tokens[i]);
if (error == -1){
PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
}
PKIX_OBJECT_DEBUG("\tCalling PL_strcat).\n");
(void) PL_strcat(outputString, tempString);
//.........这里部分代码省略.........
示例9: pkix_pl_oidBytes2Ascii
/*
* FUNCTION: pkix_pl_oidBytes2Ascii
* DESCRIPTION:
*
* Converts the DER encoding of an OID pointed to by "secItem" to an ASCII
* representation and stores it at "pAscii". The ASCII representation is
* guaranteed to end with a NUL character. The input SECItem must contain
* non-NULL data and must have a positive length.
*
* Example: the six bytes {2a 86 48 86 f7 0d} represent the
* four integer tokens {1, 2, 840, 113549}, which we will convert
* into ASCII yielding "1.2.840.113549"
*
* The return value "pAscii" is not reference-counted and will need to
* be freed with PKIX_PL_Free.
*
* PARAMETERS
* "secItem"
* Address of SECItem which contains bytes and length of DER encoding.
* Must be non-NULL.
* "pAscii"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an OID Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_oidBytes2Ascii(
SECItem *secItem,
char **pAscii,
void *plContext)
{
char *data = NULL;
PKIX_UInt32 *tokens = NULL;
PKIX_UInt32 token = 0;
PKIX_UInt32 numBytes = 0;
PKIX_UInt32 numTokens = 0;
PKIX_UInt32 i = 0, x = 0, y = 0;
PKIX_UInt32 index = 0;
char *asciiString = NULL;
PKIX_ENTER(OID, "pkix_pl_oidBytes2Ascii");
PKIX_NULLCHECK_THREE(secItem, pAscii, secItem->data);
if (secItem->len == 0) {
PKIX_ERROR_FATAL(PKIX_OIDBYTES2ASCIIDATALENGTHZERO);
}
data = (char *)(secItem->data);
numBytes = secItem->len;
numTokens = 0;
/* calculate how many integer tokens are represented by the bytes. */
for (i = 0; i < numBytes; i++){
if ((data[i] & 0x080) == 0){
numTokens++;
}
}
/* if we are unable to retrieve any tokens at all, we throw an error */
if (numTokens == 0){
PKIX_ERROR(PKIX_INVALIDDERENCODINGFOROID);
}
/* add one more token b/c the first byte always contains two tokens */
numTokens++;
/* allocate space for array of integers */
PKIX_CHECK(PKIX_PL_Malloc
(numTokens * sizeof (PKIX_UInt32),
(void **)&tokens,
plContext),
PKIX_MALLOCFAILED);
/* populate array of integers */
for (i = 0; i < numTokens; i++){
/* retrieve integer token */
PKIX_CHECK(pkix_pl_getOIDToken
(data, index, &token, &index, plContext),
PKIX_GETOIDTOKENFAILED);
if (i == 0){
/*
* special case: the first DER-encoded byte represents
* two tokens. We take advantage of fact that first
* token must be 0, 1, or 2; and second token must be
* between {0, 39} inclusive if first token is 0 or 1.
*/
if (token < 40)
x = 0;
else if (token < 80)
x = 1;
//.........这里部分代码省略.........
示例10: pkix_pl_CollectionCertStoreContext_GetSelectedCert
/*
* FUNCTION: pkix_pl_CollectionCertStoreContext_GetSelectedCert
* DESCRIPTION:
*
* Finds the Certs that match the criterion of the CertSelector pointed
* to by "selector" using the List of Certs pointed to by "certList" and
* stores the matching Certs at "pSelectedCertList".
*
* Not recursive to sub-directory.
*
* PARAMETERS
* "certList" - Address of List of Certs to be searched. Must be non-NULL.
* "colCertStoreContext" - Address of CollectionCertStoreContext
* where the cached Certs are stored.
* "selector" - CertSelector for chosing Cert based on Params set
* "pSelectedCertList" - Certs that qualified by selector.
* "plContext" - Platform-specific context pointer.
*
* THREAD SAFETY:
* Not Thread Safe - A lock at top level is required.
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CollectionCertStoreContext Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CollectionCertStoreContext_GetSelectedCert(
PKIX_List *certList,
PKIX_CertSelector *selector,
PKIX_List **pSelectedCertList,
void *plContext)
{
PKIX_List *selectCertList = NULL;
PKIX_PL_Cert *certItem = NULL;
PKIX_CertSelector_MatchCallback certSelectorMatch = NULL;
PKIX_UInt32 numCerts = 0;
PKIX_UInt32 i = 0;
PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
"pkix_pl_CollectionCertStoreContext_GetSelectedCert");
PKIX_NULLCHECK_THREE(certList, selector, pSelectedCertList);
PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
(selector, &certSelectorMatch, plContext),
PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
PKIX_CHECK(PKIX_List_GetLength(certList, &numCerts, plContext),
PKIX_LISTGETLENGTHFAILED);
if (certSelectorMatch) {
PKIX_CHECK(PKIX_List_Create(&selectCertList, plContext),
PKIX_LISTCREATEFAILED);
for (i = 0; i < numCerts; i++) {
PKIX_CHECK_ONLY_FATAL
(PKIX_List_GetItem
(certList,
i,
(PKIX_PL_Object **) &certItem,
plContext),
PKIX_LISTGETITEMFAILED);
if (!PKIX_ERROR_RECEIVED){
PKIX_CHECK_ONLY_FATAL
(certSelectorMatch
(selector, certItem, plContext),
PKIX_CERTSELECTORMATCHFAILED);
if (!PKIX_ERROR_RECEIVED){
PKIX_CHECK_ONLY_FATAL
(PKIX_List_AppendItem
(selectCertList,
(PKIX_PL_Object *)certItem,
plContext),
PKIX_LISTAPPENDITEMFAILED);
}
}
PKIX_DECREF(certItem);
}
} else {
PKIX_INCREF(certList);
selectCertList = certList;
}
*pSelectedCertList = selectCertList;
cleanup:
PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
}示例11: pkix_pl_CollectionCertStoreContext_GetSelectedCRL
/*
* FUNCTION: pkix_pl_CollectionCertStoreContext_GetSelectedCRL
* DESCRIPTION:
*
* Finds the CRLs that match the criterion of the CRLSelector pointed
* to by "selector" using the List of CRLs pointed to by "crlList" and
* stores the matching CRLs at "pSelectedCrlList".
*
* Not recursive to sub-directory.
*
* PARAMETERS
* "crlList" - Address of List of CRLs to be searched. Must be non-NULL
* "selector" - CRLSelector for chosing CRL based on Params set
* "pSelectedCrlList" - CRLs that qualified by selector.
* "plContext" - Platform-specific context pointer.
*
* THREAD SAFETY:
* Not Thread Safe - A lock at top level is required.
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CollectionCertStoreContext Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CollectionCertStoreContext_GetSelectedCRL(
PKIX_List *crlList,
PKIX_CRLSelector *selector,
PKIX_List **pSelectedCrlList,
void *plContext)
{
PKIX_List *selectCrlList = NULL;
PKIX_PL_CRL *crlItem = NULL;
PKIX_CRLSelector_MatchCallback crlSelectorMatch = NULL;
PKIX_UInt32 numCrls = 0;
PKIX_UInt32 i = 0;
PKIX_Boolean match = PKIX_FALSE;
PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
"pkix_pl_CollectionCertStoreContext_GetSelectedCRL");
PKIX_NULLCHECK_THREE(crlList, selector, pSelectedCrlList);
PKIX_CHECK(PKIX_CRLSelector_GetMatchCallback
(selector, &crlSelectorMatch, plContext),
PKIX_CRLSELECTORGETMATCHCALLBACKFAILED);
PKIX_CHECK(PKIX_List_GetLength(crlList, &numCrls, plContext),
PKIX_LISTGETLENGTHFAILED);
if (crlSelectorMatch) {
PKIX_CHECK(PKIX_List_Create(&selectCrlList, plContext),
PKIX_LISTCREATEFAILED);
for (i = 0; i < numCrls; i++) {
PKIX_CHECK_ONLY_FATAL(PKIX_List_GetItem
(crlList,
i,
(PKIX_PL_Object **) &crlItem,
plContext),
PKIX_LISTGETITEMFAILED);
if (!PKIX_ERROR_RECEIVED){
PKIX_CHECK_ONLY_FATAL
(crlSelectorMatch
(selector, crlItem, &match, plContext),
PKIX_CRLSELECTORMATCHFAILED);
if (!(PKIX_ERROR_RECEIVED) && match) {
PKIX_CHECK_ONLY_FATAL
(PKIX_List_AppendItem
(selectCrlList,
(PKIX_PL_Object *)crlItem,
plContext),
PKIX_LISTAPPENDITEMFAILED);
}
}
PKIX_DECREF(crlItem);
}
} else {
PKIX_INCREF(crlList);
selectCrlList = crlList;
}
/* Don't throw away the list if one CRL was bad! */
pkixTempErrorReceived = PKIX_FALSE;
*pSelectedCrlList = selectCrlList;
cleanup:
PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
}示例12: pkix_pl_CollectionCertStoreContext_PopulateCRL
/*
* FUNCTION: pkix_pl_CollectionCertStoreContext_PopulateCRL
* DESCRIPTION:
*
* Create list of CRLs from *.crl files at directory specified in dirName,
* Not recursive to sub-dirctory. Also assume the directory contents are
* not changed dynamically.
*
* PARAMETERS
* "colCertStoreContext" - Address of CollectionCertStoreContext
* where the dirName is specified and where the return
* CRLs are stored as a list. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
*
* THREAD SAFETY:
* Not Thread Safe - A lock at top level is required.
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CollectionCertStoreContext Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CollectionCertStoreContext_PopulateCRL(
PKIX_PL_CollectionCertStoreContext *colCertStoreContext,
void *plContext)
{
PKIX_List *crlList = NULL;
PKIX_PL_CRL *crlItem = NULL;
char *dirName = NULL;
char *pathName = NULL;
PKIX_UInt32 dirNameLen = 0;
PRErrorCode prError = 0;
PRDir *dir = NULL;
PRDirEntry *dirEntry = NULL;
PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
"pkix_pl_CollectionCertStoreContext_PopulateCRL");
PKIX_NULLCHECK_ONE(colCertStoreContext);
/* convert directory to ascii */
PKIX_CHECK(PKIX_PL_String_GetEncoded
(colCertStoreContext->storeDir,
PKIX_ESCASCII,
(void **)&dirName,
&dirNameLen,
plContext),
PKIX_STRINGGETENCODEDFAILED);
/* create CRL list, if no CRL file, should return an empty list */
PKIX_CHECK(PKIX_List_Create(&crlList, plContext),
PKIX_LISTCREATEFAILED);
/* open directory and read in .crl files */
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_OpenDir.\n");
dir = PR_OpenDir(dirName);
if (!dir) {
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG
("\t\t Directory Name:%s\n", dirName);
PKIX_ERROR(PKIX_CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY);
}
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_ReadDir.\n");
dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
if (!dirEntry) {
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
("\t\t Empty directory.\n");
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
("\t\t Calling PR_GetError.\n");
prError = PR_GetError();
}
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_SetError.\n");
PR_SetError(0, 0);
while (dirEntry != NULL && prError == 0) {
if (PL_strrstr(dirEntry->name, ".crl") ==
dirEntry->name + PL_strlen(dirEntry->name) - 4) {
PKIX_CHECK_ONLY_FATAL
(PKIX_PL_Malloc
(dirNameLen + PL_strlen(dirEntry->name) + 2,
(void **)&pathName,
plContext),
PKIX_MALLOCFAILED);
if ((!PKIX_ERROR_RECEIVED) && (pathName != NULL)){
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
("\t\t Calling PL_strcpy for dirName.\n");
PL_strcpy(pathName, dirName);
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
("\t\t Calling PL_strcat for dirName.\n");
PL_strcat(pathName, "/");
//.........这里部分代码省略.........
示例13: pkix_pl_CollectionCertStoreContext_CreateCRL
/*
* FUNCTION: pkix_pl_CollectionCertStoreContext_CreateCRL
* DESCRIPTION:
*
* Creates CRL using data file path name pointed to by "crlFileName" and
* stores it at "pCrl". If the CRL can not be decoded, NULL is stored
* at "pCrl".
*
* PARAMETERS
* "crlFileName" - Address of CRL data file path name. Must be non-NULL.
* "pCrl" - Address where object pointer will be stored. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CollectionCertStoreContext Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CollectionCertStoreContext_CreateCRL(
const char *crlFileName,
PKIX_PL_CRL **pCrl,
void *plContext)
{
PKIX_PL_ByteArray *byteArray = NULL;
PKIX_PL_CRL *crl = NULL;
PRFileDesc *inFile = NULL;
SECItem crlDER;
void *buf = NULL;
PKIX_UInt32 len;
SECStatus rv;
PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
"pkix_pl_CollectionCertStoreContext_CreateCRL");
PKIX_NULLCHECK_TWO(crlFileName, pCrl);
*pCrl = NULL;
crlDER.data = NULL;
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_Open.\n");
inFile = PR_Open(crlFileName, PR_RDONLY, 0);
if (!inFile){
PKIX_ERROR(PKIX_UNABLETOOPENCRLFILE);
} else {
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
("\t\t Calling SECU_ReadDerFromFile.\n");
rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
if (!rv){
buf = (void *)crlDER.data;
len = crlDER.len;
PKIX_CHECK(PKIX_PL_ByteArray_Create
(buf, len, &byteArray, plContext),
PKIX_BYTEARRAYCREATEFAILED);
PKIX_CHECK(PKIX_PL_CRL_Create
(byteArray, &crl, plContext),
PKIX_CRLCREATEFAILED);
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
("\t\t Calling SECITEM_FreeItem.\n");
SECITEM_FreeItem(&crlDER, PR_FALSE);
} else {
PKIX_ERROR(PKIX_UNABLETOREADDERFROMCRLFILE);
}
}
*pCrl = crl;
cleanup:
if (inFile){
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
("\t\t Calling PR_CloseDir.\n");
PR_Close(inFile);
}
if (PKIX_ERROR_RECEIVED){
PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
("\t\t Calling SECITEM_FreeItem).\n");
SECITEM_FreeItem(&crlDER, PR_FALSE);
PKIX_DECREF(crl);
if (crlDER.data != NULL) {
SECITEM_FreeItem(&crlDER, PR_FALSE);
}
}
PKIX_DECREF(byteArray);
PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
}示例14: PKIX_PL_CRL_VerifySignature
/*
* FUNCTION: PKIX_PL_CRL_VerifySignature (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_VerifySignature(
PKIX_PL_CRL *crl,
PKIX_PL_PublicKey *pubKey,
void *plContext)
{
PKIX_PL_CRL *cachedCrl = NULL;
PKIX_Error *verifySig = NULL;
PKIX_Error *cachedSig = NULL;
PKIX_Boolean crlEqual = PKIX_FALSE;
PKIX_Boolean crlInHash= PKIX_FALSE;
CERTSignedCrl *nssSignedCrl = NULL;
SECKEYPublicKey *nssPubKey = NULL;
CERTSignedData *tbsCrl = NULL;
void* wincx = NULL;
SECStatus status;
PKIX_ENTER(CRL, "PKIX_PL_CRL_VerifySignature");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pubKey);
/* Can call this function only with der been adopted. */
PORT_Assert(crl->adoptedDerCrl);
verifySig = PKIX_PL_HashTable_Lookup
(cachedCrlSigTable,
(PKIX_PL_Object *) pubKey,
(PKIX_PL_Object **) &cachedCrl,
plContext);
if (cachedCrl != NULL && verifySig == NULL) {
/* Cached Signature Table lookup succeed */
PKIX_EQUALS(crl, cachedCrl, &crlEqual, plContext,
PKIX_OBJECTEQUALSFAILED);
if (crlEqual == PKIX_TRUE) {
goto cleanup;
}
/* Different PubKey may hash to same value, skip add */
crlInHash = PKIX_TRUE;
}
nssSignedCrl = crl->nssSignedCrl;
tbsCrl = &nssSignedCrl->signatureWrap;
PKIX_CRL_DEBUG("\t\tCalling SECKEY_ExtractPublicKey\n");
nssPubKey = SECKEY_ExtractPublicKey(pubKey->nssSPKI);
if (!nssPubKey){
PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED);
}
PKIX_CHECK(pkix_pl_NssContext_GetWincx
((PKIX_PL_NssContext *)plContext, &wincx),
PKIX_NSSCONTEXTGETWINCXFAILED);
PKIX_CRL_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey\n");
status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, wincx);
if (status != SECSuccess) {
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
}
if (crlInHash == PKIX_FALSE) {
cachedSig = PKIX_PL_HashTable_Add
(cachedCrlSigTable,
(PKIX_PL_Object *) pubKey,
(PKIX_PL_Object *) crl,
plContext);
if (cachedSig != NULL) {
PKIX_DEBUG("PKIX_PL_HashTable_Add skipped: entry existed\n");
}
}
cleanup:
if (nssPubKey){
PKIX_CRL_DEBUG("\t\tCalling SECKEY_DestroyPublicKey\n");
SECKEY_DestroyPublicKey(nssPubKey);
nssPubKey = NULL;
}
PKIX_DECREF(cachedCrl);
PKIX_DECREF(verifySig);
PKIX_DECREF(cachedSig);
PKIX_RETURN(CRL);
}示例15: pkix_pl_LdapCertStore_MakeNameAVAList
/*
* FUNCTION: pkix_pl_LdapCertStore_MakeNameAVAList
* DESCRIPTION:
*
* This function allocates space from the arena pointed to by "arena" to
* construct a filter that will match components of the X500Name pointed to
* by "name", and stores the resulting filter at "pFilter".
*
* "name" is checked for commonName and organizationName components (cn=,
* and o=). The component strings are extracted using the family of
* CERT_Get* functions, and each must be freed with PORT_Free.
*
* It is not clear which components should be in a request, so, for now,
* we stop adding components after we have found one.
*
* PARAMETERS:
* "arena"
* The address of the PRArenaPool used in creating the filter. Must be
* non-NULL.
* "name"
* The address of the X500Name whose components define the desired
* matches. Must be non-NULL.
* "pList"
* The address at which the result is stored.
* "plContext"
* Platform-specific context pointer
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_LdapCertStore_MakeNameAVAList(
PRArenaPool *arena,
PKIX_PL_X500Name *subjectName,
LDAPNameComponent ***pList,
void *plContext)
{
LDAPNameComponent **setOfNameComponents;
LDAPNameComponent *currentNameComponent = NULL;
PKIX_UInt32 componentsPresent = 0;
void *v = NULL;
unsigned char *component = NULL;
PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_MakeNameAVAList");
PKIX_NULLCHECK_THREE(arena, subjectName, pList);
/* Increase this if additional components may be extracted */
#define MAX_NUM_COMPONENTS 3
/* Space for (MAX_NUM_COMPONENTS + 1) pointers to LDAPNameComponents */
PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZAlloc,
(arena, (MAX_NUM_COMPONENTS + 1)*sizeof(LDAPNameComponent *)));
setOfNameComponents = (LDAPNameComponent **)v;
/* Space for MAX_NUM_COMPONENTS LDAPNameComponents */
PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZNewArray,
(arena, LDAPNameComponent, MAX_NUM_COMPONENTS));
currentNameComponent = (LDAPNameComponent *)v;
/* Try for commonName */
PKIX_CHECK(pkix_pl_X500Name_GetCommonName
(subjectName, &component, plContext),
PKIX_X500NAMEGETCOMMONNAMEFAILED);
if (component) {
setOfNameComponents[componentsPresent] = currentNameComponent;
currentNameComponent->attrType = (unsigned char *)"cn";
currentNameComponent->attrValue = component;
componentsPresent++;
currentNameComponent++;
}
/*
* The LDAP specification says we can send multiple name components
* in an "AND" filter, but the LDAP Servers don't seem to be able to
* handle such requests. So we'll quit after the cn component.
*/
#if 0
/* Try for orgName */
PKIX_CHECK(pkix_pl_X500Name_GetOrgName
(subjectName, &component, plContext),
PKIX_X500NAMEGETORGNAMEFAILED);
if (component) {
setOfNameComponents[componentsPresent] = currentNameComponent;
currentNameComponent->attrType = (unsigned char *)"o";
currentNameComponent->attrValue = component;
componentsPresent++;
currentNameComponent++;
}
/* Try for countryName */
PKIX_CHECK(pkix_pl_X500Name_GetCountryName
(subjectName, &component, plContext),
PKIX_X500NAMEGETCOUNTRYNAMEFAILED);
if (component) {
setOfNameComponents[componentsPresent] = currentNameComponent;
currentNameComponent->attrType = (unsigned char *)"c";
//.........这里部分代码省略.........