177
177
hcv1 = &(httpClient->fcnTable.ftable1);
179
if (ocspRsp->requestSession != NULL) {
180
hcv1->freeFcn(ocspRsp->requestSession);
181
ocspRsp->requestSession = NULL;
179
if (ocspRsp->sessionRequest != NULL) {
180
(*hcv1->freeFcn)(ocspRsp->sessionRequest);
181
ocspRsp->sessionRequest = NULL;
184
184
if (ocspRsp->serverSession != NULL) {
185
hcv1->freeSessionFcn(ocspRsp->serverSession);
186
ocspRsp->serverSession = NULL;
185
(*hcv1->freeSessionFcn)(ocspRsp->serverSession);
186
ocspRsp->serverSession = NULL;
331
331
pkix_pl_OcspResponse_RegisterSelf(void *plContext)
333
333
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
334
pkix_ClassTable_Entry entry;
334
pkix_ClassTable_Entry *entry = &systemClasses[PKIX_OCSPRESPONSE_TYPE];
336
336
PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_RegisterSelf");
338
entry.description = "OcspResponse";
339
entry.objCounter = 0;
340
entry.typeObjectSize = sizeof(PKIX_PL_OcspResponse);
341
entry.destructor = pkix_pl_OcspResponse_Destroy;
342
entry.equalsFunction = pkix_pl_OcspResponse_Equals;
343
entry.hashcodeFunction = pkix_pl_OcspResponse_Hashcode;
344
entry.toStringFunction = NULL;
345
entry.comparator = NULL;
346
entry.duplicateFunction = pkix_duplicateImmutable;
348
systemClasses[PKIX_OCSPRESPONSE_TYPE] = entry;
338
entry->description = "OcspResponse";
339
entry->typeObjectSize = sizeof(PKIX_PL_OcspResponse);
340
entry->destructor = pkix_pl_OcspResponse_Destroy;
341
entry->equalsFunction = pkix_pl_OcspResponse_Equals;
342
entry->hashcodeFunction = pkix_pl_OcspResponse_Hashcode;
343
entry->duplicateFunction = pkix_duplicateImmutable;
350
345
PKIX_RETURN(OCSPRESPONSE);
416
411
char *location = NULL;
417
412
char *hostname = NULL;
418
413
char *path = NULL;
414
char *responseContentType = NULL;
419
415
PRUint16 port = 0;
420
416
SEC_HTTP_SERVER_SESSION serverSession = NULL;
421
SEC_HTTP_REQUEST_SESSION requestSession = NULL;
417
SEC_HTTP_REQUEST_SESSION sessionRequest = NULL;
422
418
SECItem *encodedRequest = NULL;
423
419
PRUint16 responseCode = 0;
424
420
char *responseData = NULL;
425
PRUint32 responseDataLen = 0;
427
422
PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Create");
428
423
PKIX_NULLCHECK_TWO(pNBIOContext, pResponse);
438
433
httpClient = ocspResponse->httpClient;
439
434
serverSession = ocspResponse->serverSession;
440
requestSession = ocspResponse->requestSession;
441
PKIX_NULLCHECK_THREE(httpClient, serverSession, requestSession);
435
sessionRequest = ocspResponse->sessionRequest;
436
PKIX_NULLCHECK_THREE(httpClient, serverSession, sessionRequest);
439
PKIX_UInt32 timeout =
440
((PKIX_PL_NssContext*)plContext)->timeoutSeconds;
445
442
PKIX_NULLCHECK_ONE(request);
451
448
/* prepare initial message to HTTPClient */
453
450
/* Is there a default responder and is it enabled? */
458
(void *)SEC_GetRegisteredHttpClient,
452
httpClient = (const SEC_HttpClientFcn *)responder;
454
httpClient = SEC_GetRegisteredHttpClient();
462
httpClient = (const SEC_HttpClientFcn *)responder;
464
457
if (httpClient && (httpClient->version == 1)) {
466
459
hcv1 = &(httpClient->fcnTable.ftable1);
470
463
PKIX_OCSPREQUESTGETLOCATIONFAILED);
472
465
/* parse location -> hostname, port, path */
473
PKIX_PL_NSSCALLRV(OCSPRESPONSE, rv, CERT_ParseURL,
474
(location, &hostname, &port, &path));
476
if ((hostname == NULL) || (path == NULL)) {
466
rv = CERT_ParseURL(location, &hostname, &port, &path);
467
if (rv == SECFailure || hostname == NULL || path == NULL) {
477
468
PKIX_ERROR(PKIX_URLPARSINGFAILED);
483
hcv1->createSessionFcn,
484
(hostname, port, &serverSession));
486
if (rv != SECSuccess) {
487
PKIX_ERROR(PKIX_OCSPSERVERERROR);
491
(OCSPRESPONSE, rv, hcv1->createFcn,
496
PR_TicksPerSecond() * 60,
499
if (rv != SECSuccess) {
500
PKIX_ERROR(PKIX_OCSPSERVERERROR);
504
(OCSPRESPONSE, rv, hcv1->setPostDataFcn,
506
(char *)encodedRequest->data,
508
"application/ocsp-request"));
471
rv = (*hcv1->createSessionFcn)(hostname, port,
473
if (rv != SECSuccess) {
474
PKIX_ERROR(PKIX_OCSPSERVERERROR);
477
rv = (*hcv1->createFcn)(serverSession, "http", path,
479
PR_SecondsToInterval(timeout),
481
if (rv != SECSuccess) {
482
PKIX_ERROR(PKIX_OCSPSERVERERROR);
485
rv = (*hcv1->setPostDataFcn)(sessionRequest,
486
(char *)encodedRequest->data,
488
"application/ocsp-request");
510
489
if (rv != SECSuccess) {
511
490
PKIX_ERROR(PKIX_OCSPSERVERERROR);
523
502
ocspResponse->request = request;
524
503
ocspResponse->httpClient = httpClient;
525
504
ocspResponse->serverSession = serverSession;
526
ocspResponse->requestSession = requestSession;
505
ocspResponse->sessionRequest = sessionRequest;
527
506
ocspResponse->verifyFcn = verifyFcn;
528
507
ocspResponse->handle = CERT_GetDefaultCertDB();
529
508
ocspResponse->encodedResponse = NULL;
539
518
/* begin or resume IO to HTTPClient */
540
519
if (httpClient && (httpClient->version == 1)) {
520
PRUint32 responseDataLen =
521
((PKIX_PL_NssContext*)plContext)->maxResponseLength;
542
523
hcv1 = &(httpClient->fcnTable.ftable1);
544
responseDataLen = MAX_OCSP_RESPONSE_LEN;
546
PKIX_PL_NSSCALLRV(OCSPRESPONSE, rv, hcv1->trySendAndReceiveFcn,
525
rv = (*hcv1->trySendAndReceiveFcn)(sessionRequest,
548
526
(PRPollDesc **)&nbioContext,
550
NULL, /* responseContentType */
528
&responseContentType,
551
529
NULL, /* responseHeaders */
552
530
(const char **)&responseData,
555
533
if (rv != SECSuccess) {
556
534
PKIX_ERROR(PKIX_OCSPSERVERERROR);
536
/* responseContentType is a pointer to the null-terminated
537
* string returned by httpclient. Memory allocated for context
538
* type will be freed with freeing of the HttpClient struct. */
539
if (PORT_Strcasecmp(responseContentType,
540
"application/ocsp-response")) {
541
PKIX_ERROR(PKIX_OCSPSERVERERROR);
559
543
if (nbioContext != NULL) {
560
544
*pNBIOContext = nbioContext;
564
547
if (responseCode != 200) {
565
548
PKIX_ERROR(PKIX_OCSPBADHTTPRESPONSE);
570
(OCSPRESPONSE, ocspResponse->arena, PORT_NewArena,
571
(DER_DEFAULT_CHUNKSIZE));
550
ocspResponse->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
573
551
if (ocspResponse->arena == NULL) {
574
552
PKIX_ERROR(PKIX_OUTOFMEMORY);
579
ocspResponse->encodedResponse,
581
(ocspResponse->arena, NULL, responseDataLen));
554
ocspResponse->encodedResponse = SECITEM_AllocItem
555
(ocspResponse->arena, NULL, responseDataLen);
583
556
if (ocspResponse->encodedResponse == NULL) {
584
557
PKIX_ERROR(PKIX_OUTOFMEMORY);
587
PKIX_PL_NSSCALL(OCSPRESPONSE, PORT_Memcpy,
588
(ocspResponse->encodedResponse->data,
559
PORT_Memcpy(ocspResponse->encodedResponse->data,
560
responseData, responseDataLen);
594
562
*pResponse = ocspResponse;
598
566
if (path != NULL) {
599
PKIX_PL_NSSCALL(OCSPRESPONSE, PORT_Free, (path));
602
570
if (hostname != NULL) {
603
PKIX_PL_NSSCALL(OCSPRESPONSE, PORT_Free, (hostname));
606
574
if (PKIX_ERROR_RECEIVED){
607
576
PKIX_DECREF(ocspResponse);
579
hcv1->freeSessionFcn(serverSession);
581
hcv1->freeFcn(sessionRequest);
610
585
PKIX_RETURN(OCSPRESPONSE);
734
709
PKIX_NSSCONTEXTCREATEFAILED);
737
(response->verifyFcn)(response->pkixSignerCert,
738
response->producedAtDate,
712
(response->verifyFcn)((PKIX_PL_Object*)response->pkixSignerCert,
713
NULL, response->producedAtDate,
739
714
procParams, pNBIOContext,
740
715
state, buildResult,
741
716
NULL, lplContext),
914
889
SECCertUsage certUsage;
915
890
if (CERT_IsCACert(response->signerCert, NULL)) {
916
certUsage = certUsageVerifyCA;
891
certUsage = certUsageAnyCA;
918
893
certUsage = certUsageStatusResponder;
920
895
PKIX_CHECK_ONLY_FATAL(
921
pkix_pl_OcspResponse_CallCertVerify(response, procParams,
896
pkix_pl_OcspResponse_VerifyResponse(response, procParams,
922
897
certUsage, &state,
923
898
&buildResult, &nbio,