📄 comp_set.c
字号:
attributeListPtr = findAttributeFieldEx( certInfoPtr->attributes,
CRYPT_CERTINFO_CERTPOLICYID );
ENSURES( attributeListPtr != NULL );
attributeListPtr->flags |= ATTR_FLAG_LOCKED;
}
return( status );
}
/* Set certificate cursor info */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
static int setCertCursorInfo( INOUT CERT_INFO *certInfoPtr,
IN_RANGE( CRYPT_CURSOR_LAST, \
CRYPT_CURSOR_FIRST ) /* Values are -ve */
const int cursorMoveType )
{
const BOOLEAN isCertChain = \
( certInfoPtr->type == CRYPT_CERTTYPE_CERTCHAIN ) ? \
TRUE : FALSE;
const BOOLEAN isRTCS = \
( certInfoPtr->type == CRYPT_CERTTYPE_RTCS_REQUEST || \
certInfoPtr->type == CRYPT_CERTTYPE_RTCS_RESPONSE ) ? \
TRUE : FALSE;
assert( isWritePtr( certInfoPtr, sizeof( CERT_INFO ) ) );
REQUIRES( cursorMoveType >= CRYPT_CURSOR_LAST && \
cursorMoveType <= CRYPT_CURSOR_FIRST ); /* Values are -ve */
REQUIRES( isCertChain || \
certInfoPtr->type == CRYPT_CERTTYPE_CERTIFICATE || \
certInfoPtr->type == CRYPT_CERTTYPE_CRL || isRTCS || \
certInfoPtr->type == CRYPT_CERTTYPE_OCSP_REQUEST || \
certInfoPtr->type == CRYPT_CERTTYPE_OCSP_RESPONSE );
/* If it's a single certificate, there's nothing to do. See the
CRYPT_CERTINFO_CURRENT_CERTIFICATE ACL comment for why we
(apparently) allow cursor movement movement in single certificates */
if( certInfoPtr->type == CRYPT_CERTTYPE_CERTIFICATE )
{
REQUIRES( certInfoPtr->cCertCert->chainEnd <= 0 );
return( ( cursorMoveType == CRYPT_CURSOR_FIRST || \
cursorMoveType == CRYPT_CURSOR_LAST ) ? \
CRYPT_OK : CRYPT_ERROR_NOTFOUND );
}
switch( cursorMoveType )
{
case CRYPT_CURSOR_FIRST:
if( isCertChain )
{
/* Set the chain position to -1 (= CRYPT_ERROR) to indicate
that it's at the leaf certificate, which is logically at
position -1 in the chain */
certInfoPtr->cCertCert->chainPos = CRYPT_ERROR;
break;
}
if( isRTCS )
{
CERT_VAL_INFO *certValInfo = certInfoPtr->cCertVal;
certValInfo->currentValidity = certValInfo->validityInfo;
if( certValInfo->currentValidity == NULL )
return( CRYPT_ERROR_NOTFOUND );
}
else
{
CERT_REV_INFO *certRevInfo = certInfoPtr->cCertRev;
certRevInfo->currentRevocation = certRevInfo->revocations;
if( certRevInfo->currentRevocation == NULL )
return( CRYPT_ERROR_NOTFOUND );
}
break;
case CRYPT_CURSOR_PREVIOUS:
if( isCertChain )
{
/* Adjust the chain position. Note that the value can go to
-1 (= CRYPT_ERROR) to indicate that it's at the leaf
certificate, which is logically at position -1 in the
chain */
if( certInfoPtr->cCertCert->chainPos < 0 )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->cCertCert->chainPos--;
break;
}
if( isRTCS )
{
CERT_VAL_INFO *certValInfo = certInfoPtr->cCertVal;
VALIDITY_INFO *valInfo = certValInfo->validityInfo;
int iterationCount;
if( valInfo == NULL || \
certValInfo->currentValidity == NULL || \
valInfo == certValInfo->currentValidity )
{
/* No validity info or we're already at the start of the
list */
return( CRYPT_ERROR_NOTFOUND );
}
/* Find the previous element in the list */
for( iterationCount = 0;
valInfo != NULL && \
valInfo->next != certValInfo->currentValidity && \
iterationCount < FAILSAFE_ITERATIONS_LARGE;
valInfo = valInfo->next, iterationCount++ );
ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
certValInfo->currentValidity = valInfo;
}
else
{
CERT_REV_INFO *certRevInfo = certInfoPtr->cCertRev;
REVOCATION_INFO *revInfo = certRevInfo->revocations;
int iterationCount;
if( revInfo == NULL || \
certRevInfo->currentRevocation == NULL || \
revInfo == certRevInfo->currentRevocation )
{
/* No revocations or we're already at the start of the
list */
return( CRYPT_ERROR_NOTFOUND );
}
/* Find the previous element in the list. We use
FAILSAFE_ITERATIONS_MAX as the bound because CRLs can
become enormous */
for( iterationCount = 0;
revInfo != NULL && \
revInfo->next != certRevInfo->currentRevocation && \
iterationCount < FAILSAFE_ITERATIONS_MAX;
revInfo = revInfo->next, iterationCount++ );
ENSURES( iterationCount < FAILSAFE_ITERATIONS_MAX );
certRevInfo->currentRevocation = revInfo;
}
break;
case CRYPT_CURSOR_NEXT:
if( isCertChain )
{
if( certInfoPtr->cCertCert->chainPos >= certInfoPtr->cCertCert->chainEnd - 1 )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->cCertCert->chainPos++;
break;
}
if( isRTCS )
{
CERT_VAL_INFO *certValInfo = certInfoPtr->cCertVal;
if( certValInfo->currentValidity == NULL || \
certValInfo->currentValidity->next == NULL )
return( CRYPT_ERROR_NOTFOUND );
certValInfo->currentValidity = certValInfo->currentValidity->next;
}
else
{
CERT_REV_INFO *certRevInfo = certInfoPtr->cCertRev;
if( certRevInfo->currentRevocation == NULL || \
certRevInfo->currentRevocation->next == NULL )
return( CRYPT_ERROR_NOTFOUND );
certRevInfo->currentRevocation = certRevInfo->currentRevocation->next;
}
break;
case CRYPT_CURSOR_LAST:
if( isCertChain )
{
certInfoPtr->cCertCert->chainPos = certInfoPtr->cCertCert->chainEnd - 1;
break;
}
if( isRTCS )
{
CERT_VAL_INFO *certValInfo = certInfoPtr->cCertVal;
VALIDITY_INFO *valInfo = certValInfo->validityInfo;
int iterationCount;
if( valInfo == NULL )
{
/* No validity info present */
return( CRYPT_ERROR_NOTFOUND );
}
/* Go to the end of the list */
for( iterationCount = 0;
valInfo->next != NULL && \
iterationCount < FAILSAFE_ITERATIONS_LARGE;
valInfo = valInfo->next, iterationCount++ );
ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
certValInfo->currentValidity = valInfo;
}
else
{
CERT_REV_INFO *certRevInfo = certInfoPtr->cCertRev;
REVOCATION_INFO *revInfo = certRevInfo->revocations;
int iterationCount;
if( revInfo == NULL )
{
/* No revocations present */
return( CRYPT_ERROR_NOTFOUND );
}
/* Go to the end of the list. We use FAILSAFE_ITERATIONS_MAX
as the bound because CRLs can become enormous */
for( iterationCount = 0;
revInfo->next != NULL && \
iterationCount < FAILSAFE_ITERATIONS_MAX;
revInfo = revInfo->next, iterationCount++ );
ENSURES( iterationCount < FAILSAFE_ITERATIONS_MAX );
certRevInfo->currentRevocation = revInfo;
}
break;
default:
return( CRYPT_ARGERROR_NUM1 );
}
return( CRYPT_OK );
}
/* Set attribute cursor info */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
static int setCursorInfo( INOUT CERT_INFO *certInfoPtr,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType,
const int value )
{
assert( isWritePtr( certInfoPtr, sizeof( CERT_INFO ) ) );
REQUIRES( certInfoType == CRYPT_ATTRIBUTE_CURRENT_GROUP || \
certInfoType == CRYPT_ATTRIBUTE_CURRENT || \
certInfoType == CRYPT_ATTRIBUTE_CURRENT_INSTANCE );
REQUIRES( ( value <= CRYPT_CURSOR_FIRST && \
value >= CRYPT_CURSOR_LAST ) || \
( value >= CRYPT_CERTINFO_FIRST_EXTENSION && \
value <= CRYPT_CERTINFO_LAST_EXTENSION ) );
/* See comment below for the odd CRYPT_CURSOR_xxx comparison */
/* If the new position is specified relative to a previous position, try
and move to that position. Note that the seemingly illogical
comparison is used because the cursor positioning codes are negative
values */
if( value <= CRYPT_CURSOR_FIRST && value >= CRYPT_CURSOR_LAST )
{
ATTRIBUTE_LIST *attributeCursor;
/* If we're moving to an extension field and there's a saved
GeneralName selection present we've tried to select a non-present
GeneralName so we can't move to a field in it */
if( certInfoType != CRYPT_ATTRIBUTE_CURRENT_GROUP && \
certInfoPtr->currentSelection.generalName != CRYPT_ATTRIBUTE_NONE )
return( CRYPT_ERROR_NOTFOUND );
/* If it's an absolute positioning code, pre-set the attribute
cursor if required */
if( value == CRYPT_CURSOR_FIRST || value == CRYPT_CURSOR_LAST )
{
if( certInfoPtr->attributes == NULL )
return( CRYPT_ERROR_NOTFOUND );
/* It's an absolute attribute positioning code, reset the
attribute cursor to the start of the list before we try to
move it */
if( certInfoType == CRYPT_ATTRIBUTE_CURRENT_GROUP )
certInfoPtr->attributeCursor = certInfoPtr->attributes;
else
{
/* It's a field or component positioning code, initialise the
attribute cursor if necessary */
if( certInfoPtr->attributeCursor == NULL )
certInfoPtr->attributeCursor = certInfoPtr->attributes;
}
/* If there are no attributes present return the appropriate
error code */
if( certInfoPtr->attributeCursor == NULL )
{
return( ( value == CRYPT_CURSOR_FIRST || \
value == CRYPT_CURSOR_LAST ) ? \
CRYPT_ERROR_NOTFOUND : CRYPT_ERROR_NOTINITED );
}
}
else
{
/* It's a relative positioning code, return a not-inited error
rather than a not-found error if the cursor isn't set since
there may be attributes present but the cursor hasn't been
initialised yet by selecting the first or last absolute
attribute */
if( certInfoPtr->attributeCursor == NULL )
return( CRYPT_ERROR_NOTINITED );
}
/* Move the attribute cursor */
attributeCursor = certMoveAttributeCursor( certInfoPtr->attributeCursor,
certInfoType, value );
if( attributeCursor == NULL )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->attributeCursor = attributeCursor;
syncSelection( certInfoPtr );
return( CRYPT_OK );
}
/* It's a field in an extension, try and move to the start of the
extension that contains this field */
if( certInfoType == CRYPT_ATTRIBUTE_CURRENT_GROUP )
{
ATTRIBUTE_LIST *attributeListPtr;
attributeListPtr = findAttribute( certInfoPtr->attributes, value,
TRUE );
if( attributeListPtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->attributeCursor = attributeListPtr;
syncSelection( certInfoPtr );
return( CRYPT_OK );
}
ENSURES( certInfoType == CRYPT_ATTRIBUTE_CURRENT || \
certInfoType == CRYPT_ATTRIBUTE_CURRENT_INSTANCE );
ENSURES( value >= CRYPT_CERTINFO_FIRST_EXTENSION && \
value <= CRYPT_CERTINFO_LAST_EXTENSION );
/* If it's a GeneralName selection component, locate the attribute field
that it corresponds to */
if( isGeneralNameSelectionComponent( value ) )
return( selectGeneralName( certInfoPtr, value, MAY_BE_ABSENT ) );
/* It's a standard attribute field, try and locate it */
return( moveCursorToField( certInfoPtr, value ) );
}
/****************************************************************************
* *
* Add a Component *
* *
****************************************************************************/
/* Add a certificate component */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int addCertComponent( INOUT CERT_INFO *certInfoPtr,
IN_ATTRIBUTE const CRY⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -