Lines Matching refs:pNode
542 * @param pNode The path node to check..
544 static bool rtCrX509CertPathsIsSelfIssued(PRTCRX509CERTPATHNODE pNode)
546 return pNode->pCert
547 && RTCrX509Name_MatchByRfc5280(&pNode->pCert->TbsCertificate.Subject, &pNode->pCert->TbsCertificate.Issuer);
565 PRTCRX509CERTPATHNODE pNode = (PRTCRX509CERTPATHNODE)RTMemAllocZ(sizeof(*pNode));
566 if (RT_LIKELY(pNode))
568 RTListInit(&pNode->SiblingEntry);
569 RTListInit(&pNode->ChildListOrLeafEntry);
570 pNode->rcVerify = VERR_CR_X509_NOT_VERIFIED;
572 return pNode;
580 static void rtCrX509CertPathsDestroyNode(PRTCRX509CERTPATHNODE pNode)
582 if (pNode->pCertCtx)
584 RTCrCertCtxRelease(pNode->pCertCtx);
585 pNode->pCertCtx = NULL;
587 RT_ZERO(*pNode);
588 RTMemFree(pNode);
648 static void rtCrX509CertPathsGetIssuersFromStore(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode,
661 rtCrX509CertPathsAddIssuer(pThis, pNode, pCertCtx->pCert, pCertCtx, uSrc);
669 static void rtCrX509CertPathsGetIssuers(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
671 Assert(RTListIsEmpty(&pNode->ChildListOrLeafEntry));
672 Assert(!pNode->fLeaf);
673 Assert(pNode->pCert);
678 if (RT_UNLIKELY(pNode->uDepth >= 50))
681 PCRTCRX509NAME const pIssuer = &pNode->pCert->TbsCertificate.Issuer;
688 rtCrX509CertPathsAddIssuer(pThis, pNode, pThis->pTrustedCert, NULL, RTCRX509CERTPATHNODE_SRC_TRUSTED_CERT);
694 rtCrX509CertPathsGetIssuersFromStore(pThis, pNode, pIssuer, pThis->hTrustedStore,
701 rtCrX509CertPathsGetIssuersFromStore(pThis, pNode, pIssuer, pThis->hTrustedStore,
710 rtCrX509CertPathsAddIssuer(pThis, pNode, &pThis->paUntrustedCerts[i], NULL,
726 rtCrX509CertPathsAddIssuer(pThis, pNode, paCerts[i].u.pX509Cert, NULL, RTCRX509CERTPATHNODE_SRC_UNTRUSTED_SET);
731 static PRTCRX509CERTPATHNODE rtCrX509CertPathsGetNextRightUp(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
736 PRTCRX509CERTPATHNODE pParent = pNode->pParent;
737 if (!pNode->pParent)
741 PRTCRX509CERTPATHNODE pNext = RTListGetNext(&pParent->ChildListOrLeafEntry, pNode, RTCRX509CERTPATHNODE, SiblingEntry);
746 pNode = pParent;
751 static PRTCRX509CERTPATHNODE rtCrX509CertPathsEliminatePath(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
755 Assert(RTListIsEmpty(&pNode->ChildListOrLeafEntry));
758 PRTCRX509CERTPATHNODE pParent = pNode->pParent;
764 PRTCRX509CERTPATHNODE pNext = RTListGetNext(&pParent->ChildListOrLeafEntry, pNode, RTCRX509CERTPATHNODE, SiblingEntry);
765 RTListNodeRemove(&pNode->SiblingEntry);
766 rtCrX509CertPathsDestroyNode(pNode);
776 pNode = pParent;
788 PRTCRX509CERTPATHNODE pNode, pNextLeaf;
789 RTListForEachSafe(&pThis->LeafList, pNode, pNextLeaf, RTCRX509CERTPATHNODE, ChildListOrLeafEntry)
791 RTListNodeRemove(&pNode->ChildListOrLeafEntry);
792 RTListInit(&pNode->ChildListOrLeafEntry);
796 PRTCRX509CERTPATHNODE pParent = pNode->pParent;
798 RTListNodeRemove(&pNode->SiblingEntry);
799 rtCrX509CertPathsDestroyNode(pNode);
810 pNode = pParent;
826 * @param pNode The leaf node.
828 static PRTCRX509CERTPATHNODE rtCrX509CertPathsAddLeaf(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
830 pNode->fLeaf = true;
838 if ( pNode->uSrc > pCurLeaf->uSrc
839 || ( pNode->uSrc == pCurLeaf->uSrc
840 && pNode->uDepth < pCurLeaf->uDepth) )
842 RTListNodeInsertBefore(&pCurLeaf->ChildListOrLeafEntry, &pNode->ChildListOrLeafEntry);
844 return rtCrX509CertPathsGetNextRightUp(pThis, pNode);
848 RTListAppend(&pThis->LeafList, &pNode->ChildListOrLeafEntry);
850 return rtCrX509CertPathsGetNextRightUp(pThis, pNode);
1112 static const char *rtCrX509CertPathsNodeGetSourceName(PRTCRX509CERTPATHNODE pNode)
1114 switch (pNode->uSrc)
1579 PRTCRX509CERTPATHSPOLICYNODE pNode;
1580 pNode = (PRTCRX509CERTPATHSPOLICYNODE)rtCrX509CpvAllocZ(pThis, sizeof(*pNode), "policy tree node");
1581 if (pNode)
1583 pNode->pParent = pParent;
1585 RTListAppend(&pParent->ChildList, &pNode->SiblingEntry);
1589 pThis->v.pValidPolicyTree = pNode;
1590 RTListInit(&pNode->SiblingEntry);
1592 RTListInit(&pNode->ChildList);
1593 RTListAppend(&pThis->v.paValidPolicyDepthLists[iDepth], &pNode->DepthEntry);
1595 pNode->pValidPolicy = pValidPolicy;
1596 pNode->pPolicyQualifiers = pQualifiers;
1597 pNode->pExpectedPolicyFirst = pExpectedPolicy;
1598 pNode->cMoreExpectedPolicySet = 0;
1599 pNode->papMoreExpectedPolicySet = NULL;
1610 * @param pNode The node to destroy.
1612 static void rtCrX509CpvPolicyTreeDestroyNode(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHSPOLICYNODE pNode)
1614 Assert(RTListIsEmpty(&pNode->ChildList));
1615 if (pNode->pParent)
1616 RTListNodeRemove(&pNode->SiblingEntry);
1619 RTListNodeRemove(&pNode->DepthEntry);
1620 pNode->pParent = NULL;
1622 if (pNode->papMoreExpectedPolicySet)
1624 RTMemFree(pNode->papMoreExpectedPolicySet);
1625 pNode->papMoreExpectedPolicySet = NULL;
1627 RTMemFree(pNode);
1635 * @param pNode The node that is the root of the subtree.
1637 static void rtCrX509CpvPolicyTreeDestroySubtree(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHSPOLICYNODE pNode)
1639 if (!RTListIsEmpty(&pNode->ChildList))
1641 PRTCRX509CERTPATHSPOLICYNODE pCur = pNode;
1655 Assert(pCur != pNode);
1663 } while (RTListIsEmpty(&pCur->ChildList) && pCur != pNode);
1664 } while (pCur != pNode);
1667 rtCrX509CpvPolicyTreeDestroyNode(pThis, pNode);
1714 * Checks if @a pPolicy is the valid policy of a child of @a pNode.
1717 * @param pNode The node which children to check.
1720 static bool rtCrX509CpvPolicyTreeIsChild(PRTCRX509CERTPATHSPOLICYNODE pNode, PCRTASN1OBJID pPolicy)
1723 RTListForEach(&pNode->ChildList, pChild, RTCRX509CERTPATHSPOLICYNODE, SiblingEntry)
1983 static bool rtCrX509CpvCheckBasicCertInfo(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
1988 int rc = RTCrX509Certificate_VerifySignature(pNode->pCert, pThis->v.pWorkingPublicKeyAlgorithm,
2001 if (!RTCrX509Validity_IsValidAtTimeSpec(&pNode->pCert->TbsCertificate.Validity, &pThis->ValidTime))
2005 RTTimeToString(&pNode->pCert->TbsCertificate.Validity.NotBefore.Time, &pThis->szTmp[36], 36),
2006 RTTimeToString(&pNode->pCert->TbsCertificate.Validity.NotAfter.Time, &pThis->szTmp[2*36], 36) );
2016 if (!RTCrX509Name_MatchByRfc5280(&pNode->pCert->TbsCertificate.Issuer, pThis->v.pWorkingIssuer))
2026 static bool rtCrX509CpvCheckNameConstraints(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
2031 if ( pNode->pCert->TbsCertificate.Subject.cItems > 0
2032 && ( !rtCrX509CpvIsNamePermitted(pThis, &pNode->pCert->TbsCertificate.Subject)
2033 || rtCrX509CpvIsNameExcluded(pThis, &pNode->pCert->TbsCertificate.Subject)) )
2037 PCRTCRX509GENERALNAMES pAltSubjectName = pNode->pCert->TbsCertificate.T3.pAltSubjectName;
2055 static bool rtCrX509CpvWorkValidPolicyTree(PRTCRX509CERTPATHSINT pThis, uint32_t iDepth, PRTCRX509CERTPATHNODE pNode,
2058 PCRTCRX509CERTIFICATEPOLICIES pPolicies = pNode->pCert->TbsCertificate.T3.pCertificatePolicies;
2119 || (pNode->pParent && fSelfIssued) ) )
2267 static void rtCrX509CpvSetWorkingPublicKeyInfo(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
2269 PCRTCRX509TBSCERTIFICATE const pTbsCert = &pNode->pCert->TbsCertificate;
2345 static bool rtCrX509CpvCheckAndSoakUpBasicConstraintsAndKeyUsage(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode,
2349 if (RTAsn1Integer_UnsignedCompareWithU32(&pNode->pCert->TbsCertificate.T0.Version, RTCRX509TBSCERTIFICATE_V3) != 0)
2354 pNode->pCert->TbsCertificate.T0.Version.uValue);
2356 PCRTCRX509BASICCONSTRAINTS pBasicConstraints = pNode->pCert->TbsCertificate.T3.pBasicConstraints;
2383 PCRTCRX509TBSCERTIFICATE const pTbsCert = &pNode->pCert->TbsCertificate;
2397 static bool rtCrX509CpvCheckCriticalExtensions(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
2399 uint32_t cLeft = pNode->pCert->TbsCertificate.T3.Extensions.cItems;
2400 PCRTCRX509EXTENSION pCur = pNode->pCert->TbsCertificate.T3.Extensions.paItems;
2430 static bool rtCrX509CpvWrapUp(PRTCRX509CERTPATHSINT pThis, PRTCRX509CERTPATHNODE pNode)
2432 Assert(!pNode->pParent); Assert(pThis->pTarget == pNode->pCert);
2443 PCRTCRX509POLICYCONSTRAINTS pPolicyConstraints = pNode->pCert->TbsCertificate.T3.pPolicyConstraints;
2452 rtCrX509CpvSetWorkingPublicKeyInfo(pThis, pNode);
2457 if (!rtCrX509CpvCheckCriticalExtensions(pThis, pNode))
2498 PRTCRX509CERTPATHNODE pNode = pTrustAnchor->pParent;
2500 while (pNode && RT_SUCCESS(pThis->rc))
2505 if (!rtCrX509CpvCheckBasicCertInfo(pThis, pNode)) /* Step 6.1.3.a */
2508 bool const fSelfIssued = rtCrX509CertPathsIsSelfIssued(pNode);
2509 if (!fSelfIssued || !pNode->pParent) /* Step 6.1.3.b-c */
2510 if (!rtCrX509CpvCheckNameConstraints(pThis, pNode))
2513 if (!rtCrX509CpvWorkValidPolicyTree(pThis, iNode, pNode, fSelfIssued)) /* Step 6.1.3.d-f */
2519 if (!pNode->pParent) /* Step 6.1.5 */
2522 if (!rtCrX509CpvWrapUp(pThis, pNode))
2531 PCRTCRX509TBSCERTIFICATE const pTbsCert = &pNode->pCert->TbsCertificate;
2538 rtCrX509CpvSetWorkingPublicKeyInfo(pThis, pNode); /* Step 6.1.4.d-f */
2562 if (!rtCrX509CpvCheckAndSoakUpBasicConstraintsAndKeyUsage(pThis, pNode, fSelfIssued)) /* Step 6.1.4.k-n */
2565 if (!rtCrX509CpvCheckCriticalExtensions(pThis, pNode)) /* Step 6.1.4.o */
2571 pNode = pNode->pParent;
2789 PRTCRX509CERTPATHNODE pNode = rtCrX509CertPathsGetLeafByIndex(pThis, iPath);
2790 Assert(pNode);
2791 if (pNode)
2793 if (iNode <= pNode->uDepth)
2795 uint32_t uCertDepth = pNode->uDepth - iNode;
2796 while (pNode->uDepth > uCertDepth)
2797 pNode = pNode->pParent;
2798 Assert(pNode);
2799 Assert(pNode && pNode->uDepth == uCertDepth);
2800 return pNode;
2822 PRTCRX509CERTPATHNODE pNode = rtCrX509CertPathsGetPathNodeByIndexes(pThis, iPath, iNode);
2823 if (pNode)
2824 return pNode->pCert;