/*-----------------------------------------------------------------------
 * File: COMMON.C
 *
 * Copyright (c) 1995-2000 Intel Corporation. All rights reserved.
 *-----------------------------------------------------------------------
 */
 
/*
 * This file contains the code used for self-check and bilateral.
 */

/*
 * OpenVMS History
 *
 *    26-Jun-2002       Wayne Morrison
 *              o Fix warning when built against newer compiler
 *                (Check for unsigned less than 0).
 */

#include "cssm.h"
#include "trc_util.h"
#include "cssm_codefile.h"
#ifdef ISL_INCLUDED
#include "callouts.h"
#include "cssmport.h"
#include "eislapi.h"
#include "common.h"
#include "cssmMemTrack.h"

#define MAX_CERTS 5

CSSM_RETURN cssm_FreeManifestSections( ISL_MANIFEST_SECTION_PTR* ManifestSectionPtrArr, 
                                      uint32 NumSections)
{
    uint32 i;
    ISL_STATUS isl_status;
    ISL_VERIFIED_SIGNATURE_ROOT_PTR SigRoot = NULL;
    for(i=0;  i< NumSections; i++)
    {
        if(ManifestSectionPtrArr[i] != NULL)
        {
            SigRoot = EISL_GetManifestSignatureRoot(ManifestSectionPtrArr[i]);
            if(SigRoot != NULL)
                isl_status = EISL_RecycleVerifiedSignatureRoot(SigRoot);
        }
        
    }
    return CSSM_OK;
}
CSSM_RETURN cssm_FreeVerifiedCredentials( ISL_VERIFIED_MODULE_PTR* VerifiedModulePtrArr, 
                                      uint32 NumSections)
{
    uint32 i;
    ISL_STATUS isl_status;
    ISL_VERIFIED_SIGNATURE_ROOT_PTR SigRoot = NULL;
    for(i=0;  i< NumSections; i++)
    {
        if(VerifiedModulePtrArr[i] != NULL)
        {
            isl_status = EISL_RecycleVerifiedModuleCredentials(VerifiedModulePtrArr[i]);
        }
        
    }
    return CSSM_OK;
}

/*---------------------------------------------------------------
 *
 *Name: cssm_VerifyCredentialsAndLoadModules
 *
 *Description:
 *   This function will verify all sections of the Credential that is passed in 
 *   based on the export root or integrity root and
 *   verify and load module or verify loaded module based on the 
 *   bLoadModule parameter. An array of the verified module ptrs will 
 *   returned and the total number of sections will be returned.
 *   Memory functions need to be supplied for allocation of the memory.
 *Parameters: 
 *  ISL_CONST_DATA Credentials,
 *  uint32 KeyType,
 *  CSSM_BOOL bLoadModule,
 *  uint32 *NumSections, 
 *  CSSM_API_MEMORY_FUNCS MemoryFuncs
 *
 *Returns:
 * Array of verified moduleptrs ISL_VERIFIED_MODULE_PTR
 *
 *----------------------------------------------------------------*/

ISL_VERIFIED_MODULE_PTR*
cssm_VerifyCredentialsAndLoadModules(ISL_CONST_DATA ModuleCredential,
        ISL_CONST_DATA ModuleSearchPath,uint32 KeyType,CSSM_BOOL bLoadModule,
        uint32 *NumSections, CSSM_API_MEMORY_FUNCS_PTR MemoryFuncs)
{
    int j =0;
    uint32 NumManifestSections = 0;
    ISL_VERIFIED_MODULE_PTR* VerifiedModulePtrArr = NULL;
    ISL_MANIFEST_SECTION_PTR* ManifestSectionPtrArr = NULL;
    ManifestSectionPtrArr = cssm_VerifyCredentials( ModuleCredential, ModuleSearchPath, KeyType, NumSections, MemoryFuncs);
    if( (ManifestSectionPtrArr == NULL) || (*NumSections==0) )
        return NULL;
    VerifiedModulePtrArr = cssm_VerifyLoadedOrLoadAllModules( ManifestSectionPtrArr, NumSections,
                                   bLoadModule, MemoryFuncs);
    
    return VerifiedModulePtrArr;
}

/*---------------------------------------------------------------
 *
 *Name: cssm_VerifyCredentials
 *
 *Description:
 *   This function will verify all sections of the Credential that is passed in 
 *   based on the export root or integrity root An array of the Section ptrs will 
 *   returned and the total number of sections will be returned.
 *   Memory functions need to be supplied for allocation of the memory.
 *Parameters: 
 *  ISL_CONST_DATA Credentials,
 *  uint32 KeyType,
 *  uint32 *NumSections, 
 *  CSSM_API_MEMORY_FUNCS MemoryFuncs
 *
 *Returns:
 * Array of verified manifest sections ISL_MANIFEST_SECTION_PTR
 *
 *----------------------------------------------------------------*/

ISL_MANIFEST_SECTION_PTR*
cssm_VerifyCredentials(ISL_CONST_DATA ModuleCredential, ISL_CONST_DATA ModuleSearchPath,
        uint32 KeyType, uint32 *NumSections, CSSM_API_MEMORY_FUNCS_PTR MemoryFuncs)
{

    ISL_VERIFIED_SIGNATURE_ROOT_PTR SigRoot = NULL;
    ISL_VERIFIED_CERTIFICATE_PTR    SigCert = NULL;
    uint32 NumCerts = 0;
    uint32 NumKeys=0;
    uint32 NumIssuerNames =0;
    uint32 NumKeysToGet = 1;
    uint32 NumNamesToGet = 1;
    uint32 i,j;
    ISL_CONST_DATA_PTR RootKeys = NULL;
    ISL_CONST_DATA_PTR RootNames = NULL;
    ISL_ITERATOR_PTR ManifestIterator = NULL;
    ISL_MANIFEST_SECTION_PTR* ManifestSectionPtrArr = NULL; 
    uint32 NumManifestSections = 1;
    CSSM_BOOL bSuccess = CSSM_TRUE;
    /* This code is awaiting certificate library coding */
    ISL_VERIFIED_CERTIFICATE_CHAIN_PTR  CertChain = NULL;
    ISL_VERIFIED_CERTIFICATE_PTR    Certs[MAX_CERTS];
    /* If called with NULL for 1st param, then returns NumKeys and StartIndex*/
    /* Subsequent calls, returns the key at the index specified by StartIndex*/
    if(KeyType == EXPORT_KEY)
        NumKeys = cssm_GetExportRootKeys(NULL);
    else if(KeyType == INTEGRITY_KEY)
        NumKeys = cssm_GetIntegrityRootKeys(NULL);
    if(NumKeys == 0) return NULL;
    
    RootKeys = CSSM_CALLOC_WRAPPER(MemoryFuncs->calloc_func, sizeof(ISL_CONST_DATA)*NumKeys,1,MemoryFuncs->AllocRef);
    RootNames = CSSM_CALLOC_WRAPPER(MemoryFuncs->calloc_func, sizeof(ISL_CONST_DATA)*NumKeys,1,MemoryFuncs->AllocRef);

    for(i=0; i<NumKeys;i++)
    {
        RootKeys[i].Length = MAX_ISSUER_INFO_BUFFER;
        RootKeys[i].Data = CSSM_CALLOC_WRAPPER(MemoryFuncs->calloc_func, MAX_ISSUER_INFO_BUFFER, 1,MemoryFuncs->AllocRef);
        if(RootKeys[i].Data == NULL)
        {
            for (j=i-1;j == 0;j--)
            {
                 CSSM_FREE_WRAPPER(MemoryFuncs->free_func, (void*)RootKeys[j].Data, MemoryFuncs->AllocRef);
                 CSSM_FREE_WRAPPER(MemoryFuncs->free_func, (void*)RootNames[j].Data, MemoryFuncs->AllocRef);
            }
            return NULL;
        }
        RootNames[i].Length = MAX_ISSUER_INFO_BUFFER;
        RootNames[i].Data = CSSM_CALLOC_WRAPPER(MemoryFuncs->calloc_func, MAX_ISSUER_INFO_BUFFER, 1,MemoryFuncs->AllocRef);
        if(RootNames[i].Data == NULL)
        {
            for (j=i-1;j == 0;j--)
            {
                 CSSM_FREE_WRAPPER(MemoryFuncs->free_func, (void*)RootKeys[j].Data, MemoryFuncs->AllocRef);
                 CSSM_FREE_WRAPPER(MemoryFuncs->free_func, (void*)RootNames[j].Data, MemoryFuncs->AllocRef);
            }
            return NULL;
        }
    }
    if(KeyType == EXPORT_KEY)
    {
        cssm_GetExportRootKeys((ISL_CALLOUT_DATA*)RootKeys);
        cssm_GetExportRootNames((ISL_CALLOUT_DATA*)RootNames);
    }
    else if(KeyType == INTEGRITY_KEY)
    {
        cssm_GetIntegrityRootKeys((ISL_CALLOUT_DATA*)RootKeys);
        cssm_GetIntegrityRootNames((ISL_CALLOUT_DATA*)RootNames);
    }
    for(i=0; i<NumKeys;i++)
    {
        CertChain = EISL_CreateCertificateChainWithCredentialData (RootNames[i], RootKeys[i],
                                                ModuleCredential, ModuleSearchPath);
        if (CertChain != NULL)
        {
            break;
        }
    }
    if (CertChain == NULL)
        return NULL;

    NumCerts = EISL_CopyCertificateChain(CertChain, Certs, MAX_CERTS);
    if (NumCerts == 0)
        return NULL;

    SigCert = Certs[NumCerts-1];
    SigRoot = EISL_CreateVerifiedSignatureRootWithCredentialDataAndCertificate(ModuleCredential, 
                                            ModuleSearchPath, SigCert);
    if (SigRoot == NULL)
        return NULL;

    ManifestIterator = EISL_CreateManifestSectionEnumerator(SigRoot);
    if(ManifestIterator == NULL)
        return NULL;
    ManifestSectionPtrArr = (ISL_MANIFEST_SECTION_PTR*)CSSM_CALLOC_WRAPPER(MemoryFuncs->calloc_func, sizeof(ISL_MANIFEST_SECTION_PTR)*NumManifestSections,1, 
                                                                                MemoryFuncs->AllocRef);
    do
    {
        ManifestSectionPtrArr[NumManifestSections-1] = EISL_GetNextManifestSection( ManifestIterator );
        if(ManifestSectionPtrArr[NumManifestSections-1] == NULL)
        {
            NumManifestSections--;
            if(NumManifestSections == 0)
                CSSM_FREE_WRAPPER(MemoryFuncs->free_func,ManifestSectionPtrArr,MemoryFuncs->AllocRef);
            else
                ManifestSectionPtrArr = (ISL_MANIFEST_SECTION_PTR*)CSSM_REALLOC_WRAPPER(MemoryFuncs->realloc_func,ManifestSectionPtrArr,sizeof(ISL_VERIFIED_MODULE_PTR)*NumManifestSections,0);
            break;
        }
        NumManifestSections++;
        ManifestSectionPtrArr = (ISL_MANIFEST_SECTION_PTR*)CSSM_REALLOC_WRAPPER(MemoryFuncs->realloc_func,ManifestSectionPtrArr,sizeof(ISL_VERIFIED_MODULE_PTR)*NumManifestSections,0);
        ManifestSectionPtrArr[NumManifestSections-1] = NULL;
    }while(ManifestSectionPtrArr[NumManifestSections-2] != NULL);
    if(ManifestIterator != NULL)
        EISL_RecycleManifestSectionEnumerator(ManifestIterator);

    *NumSections = NumManifestSections;
    return ManifestSectionPtrArr;
}

/*---------------------------------------------------------------
 *
 *Name: cssm_VerifyLoadedOrLoadAllModules
 *
 *Description:
 *   This function will verify and load module or verify loaded module based on the 
 *   bLoadModule parameter and array of the verified manifest section ptrs. 
 *   An array of verified module ptrs returned.
 *   Memory functions need to be supplied for allocation of the memory.
 *Parameters: 
 *  ISL_CONST_DATA Credentials,
 *  uint32 KeyType,
 *  CSSM_BOOL bLoadModule,
 *  uint32 *NumSections, 
 *  CSSM_API_MEMORY_FUNCS MemoryFuncs
 *
 *Returns:
 * Array of verified moduleptrs ISL_VERIFIED_MODULE_PTR
 *
 *----------------------------------------------------------------*/
ISL_VERIFIED_MODULE_PTR*
cssm_VerifyLoadedOrLoadAllModules( ISL_MANIFEST_SECTION_PTR* ManifestSection,uint32* NumSections,
                                   CSSM_BOOL bLoadModule, CSSM_API_MEMORY_FUNCS_PTR MemoryFuncs)
{
    uint32 j =0, i = 0;
    ISL_VERIFIED_MODULE_PTR* VerifiedModulePtrArr = NULL;
    CSSM_BOOL bSuccess = CSSM_TRUE;
    VerifiedModulePtrArr = (ISL_VERIFIED_MODULE_PTR*)CSSM_CALLOC_WRAPPER(MemoryFuncs->calloc_func, sizeof(ISL_VERIFIED_MODULE_PTR) * (*NumSections),1, 
                                                                                MemoryFuncs->AllocRef);
    if(VerifiedModulePtrArr == NULL)
    {
        return NULL;
    }
    for( j = 0; j< *NumSections; j++)
    {
        /* if we fail to verify one section we fail load*/
        if(bLoadModule)
            VerifiedModulePtrArr[j] = EISL_VerifyAndLoadModule (ManifestSection[j]);
        else
            VerifiedModulePtrArr[j] = EISL_VerifyLoadedModule (ManifestSection[j]);
        if(VerifiedModulePtrArr[j] == NULL)
        {
            bSuccess = CSSM_FALSE;
            break;
        }
    }
    if(!bSuccess)
    {
        for ( i= 0; i< j;i++)
        {
            if(VerifiedModulePtrArr[i] != NULL)
                EISL_RecycleVerifiedModuleCredentials(VerifiedModulePtrArr[i]);
        }
        CSSM_FREE_WRAPPER(MemoryFuncs->free_func,VerifiedModulePtrArr, MemoryFuncs->AllocRef);
        VerifiedModulePtrArr = NULL;
    }
    
    return VerifiedModulePtrArr;


}


                                                                                        

#endif