/* ***** BEGIN LICENSE BLOCK *****
 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is the PKIX-C library.
 *
 * The Initial Developer of the Original Code is
 * Sun Microsystems, Inc.
 * Portions created by the Initial Developer are
 * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Contributor(s):
 *   Sun Microsystems, Inc.
 *
 * Alternatively, the contents of this file may be used under the terms of
 * either the GNU General Public License Version 2 or later (the "GPL"), or
 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 * in which case the provisions of the GPL or the LGPL are applicable instead
 * of those above. If you wish to allow use of your version of this file only
 * under the terms of either the GPL or the LGPL, and not to allow others to
 * use your version of this file under the terms of the MPL, indicate your
 * decision by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL or the LGPL. If you do not delete
 * the provisions above, a recipient may use your version of this file under
 * the terms of any one of the MPL, the GPL or the LGPL.
 *
 * ***** END LICENSE BLOCK ***** */
/*
 * pkix_policynode.c
 *
 * Policy Node Object Type Definition
 *
 */

#include "pkix_policynode.h"

/* --Private-PolicyNode-Functions---------------------------------- */

/*
 * FUNCTION: pkix_PolicyNode_GetChildrenMutable
 * DESCRIPTION:
 *
 *  Retrieves the List of PolicyNodes representing the child nodes of the
 *  Policy Node pointed to by "node" and stores it at "pChildren". If "node"
 *  has no List of child nodes, this function stores NULL at "pChildren".
 *
 *  Note that the List returned by this function may be mutable. This function
 *  differs from the public function PKIX_PolicyNode_GetChildren in that
 *  respect. (It also differs in that the public function creates an empty
 *  List, if necessary, rather than storing NULL.)
 *
 *  During certificate processing, children Lists are created and modified.
 *  Once the list is accessed using the public call, the List is set immutable.
 *
 * PARAMETERS:
 *  "node"
 *      Address of PolicyNode whose child nodes are to be stored.
 *      Must be non-NULL.
 *  "pChildren"
 *      Address where object pointer will be stored. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Conditionally Thread Safe
 *  (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns a PolicyNode Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
PKIX_Error *
pkix_PolicyNode_GetChildrenMutable(
        PKIX_PolicyNode *node,
        PKIX_List **pChildren,  /* list of PKIX_PolicyNode */
        void *plContext)
{

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_GetChildrenMutable");

        PKIX_NULLCHECK_TWO(node, pChildren);

        PKIX_INCREF(node->children);

        *pChildren = node->children;

cleanup:
        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_Create
 * DESCRIPTION:
 *
 *  Creates a new PolicyNode using the OID pointed to by "validPolicy", the List
 *  of CertPolicyQualifiers pointed to by "qualifierSet", the criticality
 *  indicated by the Boolean value of "criticality", and the List of OIDs
 *  pointed to by "expectedPolicySet", and stores the result at "pObject". The
 *  criticality should be derived from whether the certificate policy extension
 *  was marked as critical in the certificate that led to creation of this
 *  PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made
 *  immutable. The PolicyNode pointers to parent and to children are initialized
 *  to NULL, and the depth is set to zero; those values should be set by using
 *  the pkix_PolicyNode_AddToParent function.
 *
 * PARAMETERS
 *  "validPolicy"
 *      Address of OID of the valid policy for the path. Must be non-NULL
 *  "qualifierSet"
 *      Address of List of CertPolicyQualifiers associated with the validpolicy.
 *      May be NULL
 *  "criticality"
 *      Boolean indicator of whether the criticality should be set in this
 *      PolicyNode
 *  "expectedPolicySet"
 *      Address of List of OIDs that would satisfy this policy in the next
 *      certificate. Must be non-NULL
 *  "pObject"
 *      Address where the PolicyNode pointer will be stored. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns a PolicyNode Error if the function fails  in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
PKIX_Error *
pkix_PolicyNode_Create(
        PKIX_PL_OID *validPolicy,
        PKIX_List *qualifierSet,
        PKIX_Boolean criticality,
        PKIX_List *expectedPolicySet,
        PKIX_PolicyNode **pObject,
        void *plContext)
{
        PKIX_PolicyNode *node = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Create");

        PKIX_NULLCHECK_THREE(validPolicy, expectedPolicySet, pObject);

        PKIX_CHECK(PKIX_PL_Object_Alloc
                (PKIX_CERTPOLICYNODE_TYPE,
                sizeof (PKIX_PolicyNode),
                (PKIX_PL_Object **)&node,
                plContext),
                PKIX_COULDNOTCREATEPOLICYNODEOBJECT);

        PKIX_INCREF(validPolicy);
        node->validPolicy = validPolicy;

        PKIX_INCREF(qualifierSet);
        node->qualifierSet = qualifierSet;
        if (qualifierSet) {
                PKIX_CHECK(PKIX_List_SetImmutable(qualifierSet, plContext),
                        PKIX_LISTSETIMMUTABLEFAILED);
        }

        node->criticality = criticality;

        PKIX_INCREF(expectedPolicySet);
        node->expectedPolicySet = expectedPolicySet;
        PKIX_CHECK(PKIX_List_SetImmutable(expectedPolicySet, plContext),
                PKIX_LISTSETIMMUTABLEFAILED);

        node->parent = NULL;
        node->children = NULL;
        node->depth = 0;

        *pObject = node;
        node = NULL;

cleanup:

        PKIX_DECREF(node);

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_AddToParent
 * DESCRIPTION:
 *
 *  Adds the PolicyNode pointed to by "child" to the List of children of
 *  the PolicyNode pointed to by "parentNode". If "parentNode" had a
 *  NULL pointer for the List of children, a new List is created containing
 *  "child". Otherwise "child" is appended to the existing List. The
 *  parent field in "child" is set to "parent", and the depth field is
 *  set to one more than the corresponding value in "parent".
 *
 *  Depth, in this context, means distance from the root node, which
 *  is at depth zero.
 *
 * PARAMETERS:
 *  "parentNode"
 *      Address of PolicyNode whose List of child PolicyNodes is to be
 *      created or appended to. Must be non-NULL.
 *  "child"
 *      Address of PolicyNode to be added to parentNode's List. Must be
 *      non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns a PolicyNode Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
PKIX_Error *
pkix_PolicyNode_AddToParent(
        PKIX_PolicyNode *parentNode,
        PKIX_PolicyNode *child,
        void *plContext)
{
        PKIX_List *listOfChildren = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_AddToParent");

        PKIX_NULLCHECK_TWO(parentNode, child);

        listOfChildren = parentNode->children;
        if (listOfChildren == NULL) {
                PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
                        PKIX_LISTCREATEFAILED);
                parentNode->children = listOfChildren;
        }

        /*
         * Note: this link is not reference-counted. The link from parent
         * to child is counted (actually, the parent "owns" a List which
         * "owns" children), but the children do not "own" the parent.
         * Otherwise, there would be loops.
         */
        child->parent = parentNode;

        child->depth = 1 + (parentNode->depth);

        PKIX_CHECK(PKIX_List_AppendItem
                (listOfChildren, (PKIX_PL_Object *)child, plContext),
                PKIX_COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST);

        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
                ((PKIX_PL_Object *)parentNode, plContext),
                PKIX_OBJECTINVALIDATECACHEFAILED);

        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
                ((PKIX_PL_Object *)child, plContext),
                PKIX_OBJECTINVALIDATECACHEFAILED);

cleanup:

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_Prune
 * DESCRIPTION:
 *
 *  Prunes a tree below the PolicyNode whose address is pointed to by "node",
 *  using the UInt32 value of "height" as the distance from the leaf level,
 *  and storing at "pDelete" the Boolean value of whether this PolicyNode is,
 *  after pruning, childless and should be pruned.
 *
 *  Any PolicyNode at height 0 is allowed to survive. If the height is greater
 *  than zero, pkix_PolicyNode_Prune is called recursively for each child of
 *  the current PolicyNode. After this process, a node with no children
 *  stores PKIX_TRUE in "pDelete" to indicate that it should be deleted.
 *
 * PARAMETERS:
 *  "node"
 *      Address of the PolicyNode to be pruned. Must be non-NULL.
 *  "height"
 *      UInt32 value for the distance from the leaf level
 *  "pDelete"
 *      Address to store the Boolean return value of PKIX_TRUE if this node
 *      should be pruned, or PKIX_FALSE if there remains at least one
 *      branch of the required height. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns a PolicyNode Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
PKIX_Error *
pkix_PolicyNode_Prune(
        PKIX_PolicyNode *node,
        PKIX_UInt32 height,
        PKIX_Boolean *pDelete,
        void *plContext)
{
        PKIX_Boolean childless = PKIX_FALSE;
        PKIX_Boolean shouldBePruned = PKIX_FALSE;
        PKIX_UInt32 listSize = 0;
        PKIX_UInt32 listIndex = 0;
        PKIX_PolicyNode *candidate = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Prune");

        PKIX_NULLCHECK_TWO(node, pDelete);

        /* Don't prune at the leaf */
        if (height == 0) {
                goto cleanup;
        }

        /* Above the bottom level, childless nodes get pruned */
        if (!(node->children)) {
                childless = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * This node has children. If they are leaf nodes,
         * we know they will live. Otherwise, check them out.
         */
        if (height > 1) {
                PKIX_CHECK(PKIX_List_GetLength
                        (node->children, &listSize, plContext),
                        PKIX_LISTGETLENGTHFAILED);
                /*
                 * By working backwards from the end of the list,
                 * we avoid having to worry about possible
                 * decreases in the size of the list, as we
                 * delete items. The only nuisance is that since the
                 * index is UInt32, we can't check for it to reach -1;
                 * we have to use the 1-based index, rather than the
                 * 0-based index that PKIX_List functions require.
                 */
                for (listIndex = listSize; listIndex > 0; listIndex--) {
                        PKIX_CHECK(PKIX_List_GetItem
                                (node->children,
                                (listIndex - 1),
                                (PKIX_PL_Object **)&candidate,
                                plContext),
                                PKIX_LISTGETITEMFAILED);

                        PKIX_CHECK(pkix_PolicyNode_Prune
                                (candidate,
                                height - 1,
                                &shouldBePruned,
                                plContext),
                                PKIX_POLICYNODEPRUNEFAILED);

                        if (shouldBePruned == PKIX_TRUE) {
                                PKIX_CHECK(PKIX_List_DeleteItem
                                        (node->children,
                                        (listIndex - 1),
                                        plContext),
                                        PKIX_LISTDELETEITEMFAILED);
                        }

                        PKIX_DECREF(candidate);
                }
        }

        /* Prune if this node has *become* childless */
        PKIX_CHECK(PKIX_List_GetLength
                (node->children, &listSize, plContext),
                PKIX_LISTGETLENGTHFAILED);
        if (listSize == 0) {
                childless = PKIX_TRUE;
        }

        /*
         * Even if we did not change this node, or any of its children,
         * maybe a [great-]*grandchild was pruned.
         */
        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
                ((PKIX_PL_Object *)node, plContext),
                PKIX_OBJECTINVALIDATECACHEFAILED);

cleanup:
        *pDelete = childless;

        PKIX_DECREF(candidate);

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_SinglePolicyNode_ToString
 * DESCRIPTION:
 *
 *  Creates a String representation of the attributes of the PolicyNode
 *  pointed to by "node", other than its parents or children, and
 *  stores the result at "pString".
 *
 * PARAMETERS:
 *  "node"
 *      Address of PolicyNode to be described by the string. Must be non-NULL.
 *  "pString"
 *      Address where object pointer will be stored. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Conditionally Thread Safe
 *  (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if function succeeds
 *  Returns a PolicyNode Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in a fatal way
 */
PKIX_Error *
pkix_SinglePolicyNode_ToString(
        PKIX_PolicyNode *node,
        PKIX_PL_String **pString,
        void *plContext)
{
        PKIX_PL_String *fmtString = NULL;
        PKIX_PL_String *validString = NULL;
        PKIX_PL_String *qualifierString = NULL;
        PKIX_PL_String *criticalityString = NULL;
        PKIX_PL_String *expectedString = NULL;
        PKIX_PL_String *outString = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_ToString");
        PKIX_NULLCHECK_TWO(node, pString);
        PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);

        PKIX_CHECK(PKIX_PL_String_Create
                (PKIX_ESCASCII,
                "{%s,%s,%s,%s,%d}",
                0,
                &fmtString,
                plContext),
                PKIX_CANTCREATESTRING);

        PKIX_CHECK(PKIX_PL_Object_ToString
                ((PKIX_PL_Object *)(node->validPolicy),
                &validString,
                plContext),
                PKIX_OIDTOSTRINGFAILED);

        PKIX_CHECK(PKIX_PL_Object_ToString
                ((PKIX_PL_Object *)(node->expectedPolicySet),
                &expectedString,
                plContext),
                PKIX_LISTTOSTRINGFAILED);

        if (node->qualifierSet) {
                PKIX_CHECK(PKIX_PL_Object_ToString
                        ((PKIX_PL_Object *)(node->qualifierSet),
                        &qualifierString,
                        plContext),
                        PKIX_LISTTOSTRINGFAILED);
        } else {
                PKIX_CHECK(PKIX_PL_String_Create
                        (PKIX_ESCASCII,
                        "{}",
                        0,
                        &qualifierString,
                        plContext),
                        PKIX_CANTCREATESTRING);
        }

        PKIX_CHECK(PKIX_PL_String_Create
                (PKIX_ESCASCII,
                (node->criticality)?"Critical":"Not Critical",
                0,
                &criticalityString,
                plContext),
                PKIX_CANTCREATESTRING);

        PKIX_CHECK(PKIX_PL_Sprintf
                (&outString,
                plContext,
                fmtString,
                validString,
                qualifierString,
                criticalityString,
                expectedString,
                node->depth),
                PKIX_SPRINTFFAILED);

        *pString = outString;

cleanup:

        PKIX_DECREF(fmtString);
        PKIX_DECREF(validString);
        PKIX_DECREF(qualifierString);
        PKIX_DECREF(criticalityString);
        PKIX_DECREF(expectedString);
        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_ToString_Helper
 * DESCRIPTION:
 *
 *  Produces a String representation of a PolicyNode tree below the PolicyNode
 *  pointed to by "rootNode", with each line of output prefixed by the String
 *  pointed to by "indent", and stores the result at "pTreeString". It is
 *  called recursively, with ever-increasing indentation, for successively
 *  lower nodes on the tree.
 *
 * PARAMETERS:
 *  "rootNode"
 *      Address of PolicyNode subtree. Must be non-NULL.
 *  "indent"
 *      Address of String to be prefixed to each line of output. May be NULL
 *      if no indentation is desired
 *  "pTreeString"
 *      Address where the resulting String will be stored; must be non-NULL
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Conditionally Thread Safe
 *  (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns a PolicyNode Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
static PKIX_Error *
pkix_PolicyNode_ToString_Helper(
        PKIX_PolicyNode *rootNode,
        PKIX_PL_String *indent,
        PKIX_PL_String **pTreeString,
        void *plContext)
{
        PKIX_PL_String *nextIndentFormat = NULL;
        PKIX_PL_String *thisNodeFormat = NULL;
        PKIX_PL_String *childrenFormat = NULL;
        PKIX_PL_String *nextIndentString = NULL;
        PKIX_PL_String *resultString = NULL;
        PKIX_PL_String *thisItemString = NULL;
        PKIX_PL_String *childString = NULL;
        PKIX_PolicyNode *childNode = NULL;
        PKIX_UInt32 numberOfChildren = 0;
        PKIX_UInt32 childIndex = 0;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_ToString_Helper");

        PKIX_NULLCHECK_TWO(rootNode, pTreeString);

        /* Create a string for this node */
        PKIX_CHECK(pkix_SinglePolicyNode_ToString
                (rootNode, &thisItemString, plContext),
                PKIX_ERRORINSINGLEPOLICYNODETOSTRING);

        if (indent) {
                PKIX_CHECK(PKIX_PL_String_Create
                        (PKIX_ESCASCII,
                        "%s%s",
                        0,
                        &thisNodeFormat,
                        plContext),
                        PKIX_ERRORCREATINGFORMATSTRING);

                PKIX_CHECK(PKIX_PL_Sprintf
                        (&resultString,
                        plContext,
                        thisNodeFormat,
                        indent,
                        thisItemString),
                        PKIX_ERRORINSPRINTF);
        } else {
                PKIX_CHECK(PKIX_PL_String_Create
                        (PKIX_ESCASCII,
                        "%s",
                        0,
                        &thisNodeFormat,
                        plContext),
                        PKIX_ERRORCREATINGFORMATSTRING);

                PKIX_CHECK(PKIX_PL_Sprintf
                        (&resultString,
                        plContext,
                        thisNodeFormat,
                        thisItemString),
                        PKIX_ERRORINSPRINTF);
        }

        PKIX_DECREF(thisItemString);
        thisItemString = resultString;

        /* if no children, we are done */
        if (rootNode->children) {
                PKIX_CHECK(PKIX_List_GetLength
                        (rootNode->children, &numberOfChildren, plContext),
                        PKIX_LISTGETLENGTHFAILED);
        }

        if (numberOfChildren != 0) {
                /*
                 * We create a string for each child in turn,
                 * concatenating them to thisItemString.
                 */

                /* Prepare an indent string for each child */
                if (indent) {
                        PKIX_CHECK(PKIX_PL_String_Create
                                (PKIX_ESCASCII,
                                "%s. ",
                                0,
                                &nextIndentFormat,
                                plContext),
                                PKIX_ERRORCREATINGFORMATSTRING);

                        PKIX_CHECK(PKIX_PL_Sprintf
                                (&nextIndentString,
                                plContext,
                                nextIndentFormat,
                                indent),
                                PKIX_ERRORINSPRINTF);
                } else {
                        PKIX_CHECK(PKIX_PL_String_Create
                                (PKIX_ESCASCII,
                                ". ",
                                0,
                                &nextIndentString,
                                plContext),
                                PKIX_ERRORCREATINGINDENTSTRING);
                }

                /* Prepare the format for concatenation. */
                PKIX_CHECK(PKIX_PL_String_Create
                        (PKIX_ESCASCII,
                        "%s\n%s",
                        0,
                        &childrenFormat,
                        plContext),
                        PKIX_ERRORCREATINGFORMATSTRING);

                for (childIndex = 0;
                        childIndex < numberOfChildren;
                        childIndex++) {
                        PKIX_CHECK(PKIX_List_GetItem
                                (rootNode->children,
                                childIndex,
                                (PKIX_PL_Object **)&childNode,
                                plContext),
                                PKIX_LISTGETITEMFAILED);

                        PKIX_CHECK(pkix_PolicyNode_ToString_Helper
                                (childNode,
                                nextIndentString,
                                &childString,
                                plContext),
                                PKIX_ERRORCREATINGCHILDSTRING);


                        PKIX_CHECK(PKIX_PL_Sprintf
                                (&resultString,
                                plContext,
                                childrenFormat,
                                thisItemString,
                                childString),
                        PKIX_ERRORINSPRINTF);

                        PKIX_DECREF(childNode);
                        PKIX_DECREF(childString);
                        PKIX_DECREF(thisItemString);

                        thisItemString = resultString;
                }
        }

        *pTreeString = thisItemString;

cleanup:
        if (PKIX_ERROR_RECEIVED) {
                PKIX_DECREF(thisItemString);
        }

        PKIX_DECREF(nextIndentFormat);
        PKIX_DECREF(thisNodeFormat);
        PKIX_DECREF(childrenFormat);
        PKIX_DECREF(nextIndentString);
        PKIX_DECREF(childString);
        PKIX_DECREF(childNode);

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_ToString
 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_PolicyNode_ToString(
        PKIX_PL_Object *object,
        PKIX_PL_String **pTreeString,
        void *plContext)
{
        PKIX_PolicyNode *rootNode = NULL;
        PKIX_PL_String *resultString = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_ToString");

        PKIX_NULLCHECK_TWO(object, pTreeString);

        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
                PKIX_OBJECTNOTPOLICYNODE);

        rootNode = (PKIX_PolicyNode *)object;

        PKIX_CHECK(pkix_PolicyNode_ToString_Helper
                (rootNode, NULL, &resultString, plContext),
                PKIX_ERRORCREATINGSUBTREESTRING);

        *pTreeString = resultString;

cleanup:

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_Destroy
 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_PolicyNode_Destroy(
        PKIX_PL_Object *object,
        void *plContext)
{
        PKIX_PolicyNode *node = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Destroy");

        PKIX_NULLCHECK_ONE(object);

        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
                PKIX_OBJECTNOTPOLICYNODE);

        node = (PKIX_PolicyNode*)object;

        node->criticality = PKIX_FALSE;
        PKIX_DECREF(node->validPolicy);
        PKIX_DECREF(node->qualifierSet);
        PKIX_DECREF(node->expectedPolicySet);
        PKIX_DECREF(node->children);

        /*
         * Note: the link to parent is not reference-counted. See comment
         * in pkix_PolicyNode_AddToParent for more details.
         */
        node->parent = NULL;
        node->depth = 0;

cleanup:

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_SinglePolicyNode_Hashcode
 * DESCRIPTION:
 *
 *  Computes the hashcode of the attributes of the PolicyNode pointed to by
 *  "node", other than its parents and children, and stores the result at
 *  "pHashcode".
 *
 * PARAMETERS:
 *  "node"
 *      Address of PolicyNode to be hashcoded; must be non-NULL
 *  "pHashcode"
 *      Address where UInt32 result will be stored; must be non-NULL
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Conditionally Thread Safe
 *  (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if function succeeds
 *  Returns a PolicyNode Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in a fatal way
 */
static PKIX_Error *
pkix_SinglePolicyNode_Hashcode(
        PKIX_PolicyNode *node,
        PKIX_UInt32 *pHashcode,
        void *plContext)
{
        PKIX_UInt32 componentHash = 0;
        PKIX_UInt32 nodeHash = 0;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_Hashcode");
        PKIX_NULLCHECK_TWO(node, pHashcode);
        PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);

        PKIX_HASHCODE
                (node->qualifierSet,
                &nodeHash,
                plContext,
                PKIX_FAILUREHASHINGLISTQUALIFIERSET);

        if (PKIX_TRUE == (node->criticality)) {
                nodeHash = 31*nodeHash + 0xff;
        } else {
                nodeHash = 31*nodeHash + 0x00;
        }

        PKIX_CHECK(PKIX_PL_Object_Hashcode
                ((PKIX_PL_Object *)node->validPolicy,
                &componentHash,
                plContext),
                PKIX_FAILUREHASHINGOIDVALIDPOLICY);

        nodeHash = 31*nodeHash + componentHash;

        PKIX_CHECK(PKIX_PL_Object_Hashcode
                ((PKIX_PL_Object *)node->expectedPolicySet,
                &componentHash,
                plContext),
                PKIX_FAILUREHASHINGLISTEXPECTEDPOLICYSET);

        nodeHash = 31*nodeHash + componentHash;

        *pHashcode = nodeHash;

cleanup:

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_Hashcode
 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_PolicyNode_Hashcode(
        PKIX_PL_Object *object,
        PKIX_UInt32 *pHashcode,
        void *plContext)
{
        PKIX_PolicyNode *node = NULL;
        PKIX_UInt32 childrenHash = 0;
        PKIX_UInt32 nodeHash = 0;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Hashcode");
        PKIX_NULLCHECK_TWO(object, pHashcode);

        PKIX_CHECK(pkix_CheckType
                (object, PKIX_CERTPOLICYNODE_TYPE, plContext),
                PKIX_OBJECTNOTPOLICYNODE);

        node = (PKIX_PolicyNode *)object;

        PKIX_CHECK(pkix_SinglePolicyNode_Hashcode
                (node, &nodeHash, plContext),
                PKIX_SINGLEPOLICYNODEHASHCODEFAILED);

        nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent);

        PKIX_HASHCODE
                (node->children,
                &childrenHash,
                plContext,
                PKIX_OBJECTHASHCODEFAILED);

        nodeHash = 31*nodeHash + childrenHash;

        *pHashcode = nodeHash;

cleanup:

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_SinglePolicyNode_Equals
 * DESCRIPTION:
 *
 *  Compares for equality the components of the PolicyNode pointed to by
 *  "firstPN", other than its parents and children, with those of the
 *  PolicyNode pointed to by "secondPN" and stores the result at "pResult"
 *  (PKIX_TRUE if equal; PKIX_FALSE if not).
 *
 * PARAMETERS:
 *  "firstPN"
 *      Address of first of the PolicyNodes to be compared; must be non-NULL
 *  "secondPN"
 *      Address of second of the PolicyNodes to be compared; must be non-NULL
 *  "pResult"
 *      Address where Boolean will be stored; must be non-NULL
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Conditionally Thread Safe
 *  (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if function succeeds
 *  Returns a PolicyNode Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in a fatal way
 */
static PKIX_Error *
pkix_SinglePolicyNode_Equals(
        PKIX_PolicyNode *firstPN,
        PKIX_PolicyNode *secondPN,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_Boolean compResult = PKIX_FALSE;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_Equals");
        PKIX_NULLCHECK_THREE(firstPN, secondPN, pResult);

        /* If both references are identical, they must be equal */
        if (firstPN == secondPN) {
                compResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * It seems we have to do the comparisons. Do
         * the easiest ones first.
         */
        if ((firstPN->criticality) != (secondPN->criticality)) {
                goto cleanup;
        }
        if ((firstPN->depth) != (secondPN->depth)) {
                goto cleanup;
        }

        PKIX_EQUALS
                (firstPN->qualifierSet,
                secondPN->qualifierSet,
                &compResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (compResult == PKIX_FALSE) {
                goto cleanup;
        }

        /* These fields must be non-NULL */
        PKIX_NULLCHECK_TWO(firstPN->validPolicy, secondPN->validPolicy);

        PKIX_EQUALS
                (firstPN->validPolicy,
                secondPN->validPolicy,
                &compResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (compResult == PKIX_FALSE) {
                goto cleanup;
        }

        /* These fields must be non-NULL */
        PKIX_NULLCHECK_TWO
                (firstPN->expectedPolicySet, secondPN->expectedPolicySet);

        PKIX_EQUALS
                (firstPN->expectedPolicySet,
                secondPN->expectedPolicySet,
                &compResult,
                plContext,
                PKIX_OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS);

cleanup:

        *pResult = compResult;

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_PolicyNode_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_PolicyNode *firstPN = NULL;
        PKIX_PolicyNode *secondPN = NULL;
        PKIX_UInt32 secondType;
        PKIX_Boolean compResult = PKIX_FALSE;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        /* test that firstObject is a PolicyNode */
        PKIX_CHECK(pkix_CheckType
                (firstObject, PKIX_CERTPOLICYNODE_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTPOLICYNODE);

        /*
         * Since we know firstObject is a PolicyNode,
         * if both references are identical, they must be equal
         */
        if (firstObject == secondObject){
                compResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondObject isn't a PolicyNode, we
         * don't throw an error. We simply return FALSE.
         */
        PKIX_CHECK(PKIX_PL_Object_GetType
                    (secondObject, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        if (secondType != PKIX_CERTPOLICYNODE_TYPE) {
                goto cleanup;
        }

        /*
         * Oh, well, we have to do the comparisons. Do
         * the easiest ones first.
         */
        firstPN = (PKIX_PolicyNode *)firstObject;
        secondPN = (PKIX_PolicyNode *)secondObject;

        /*
         * We don't require the parents to be identical. In the
         * course of traversing the tree, we will have checked the
         * attributes of the parent nodes, and checking the lists
         * of children will determine whether they match.
         */

        PKIX_EQUALS
                (firstPN->children,
                secondPN->children,
                &compResult,
                plContext,
                PKIX_OBJECTEQUALSFAILEDONCHILDREN);

        if (compResult == PKIX_FALSE) {
                goto cleanup;
        }

        PKIX_CHECK(pkix_SinglePolicyNode_Equals
                (firstPN, secondPN, &compResult, plContext),
                PKIX_SINGLEPOLICYNODEEQUALSFAILED);

cleanup:

        *pResult = compResult;

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_DuplicateHelper
 * DESCRIPTION:
 *
 *  Duplicates the PolicyNode whose address is pointed to by "original",
 *  and stores the result at "pNewNode", if a non-NULL pointer is provided
 *  for "pNewNode". In addition, the created PolicyNode is added as a child
 *  to "parent", if a non-NULL pointer is provided for "parent". Then this
 *  function is called recursively to duplicate each of the children of
 *  "original". At the top level this function is called with a null
 *  "parent" and a non-NULL "pNewNode". Below the top level "parent" will
 *  be non-NULL and "pNewNode" will be NULL.
 *
 * PARAMETERS:
 *  "original"
 *      Address of PolicyNode to be copied; must be non-NULL
 *  "parent"
 *      Address of PolicyNode to which the created node is to be added as a
 *      child; NULL for the top-level call and non-NULL below the top level
 *  "pNewNode"
 *      Address to store the node created; should be NULL if "parent" is
 *      non-NULL and vice versa
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Conditionally Thread Safe
 *  (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if function succeeds
 *  Returns a PolicyNode Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in a fatal way
 */
static PKIX_Error *
pkix_PolicyNode_DuplicateHelper(
        PKIX_PolicyNode *original,
        PKIX_PolicyNode *parent,
        PKIX_PolicyNode **pNewNode,
        void *plContext)
{
        PKIX_UInt32 numChildren = 0;
        PKIX_UInt32 childIndex = 0;
        PKIX_List *children = NULL; /* List of PKIX_PolicyNode */
        PKIX_PolicyNode *copy = NULL;
        PKIX_PolicyNode *child = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_DuplicateHelper");

        PKIX_NULLCHECK_THREE
                (original, original->validPolicy, original->expectedPolicySet);

        /*
         * These components are immutable, so copying the pointers
         * is sufficient. The create function increments the reference
         * counts as it stores the pointers into the new object.
         */
        PKIX_CHECK(pkix_PolicyNode_Create
                (original->validPolicy,
                original->qualifierSet,
                original->criticality,
                original->expectedPolicySet,
                &copy,
                plContext),
                PKIX_POLICYNODECREATEFAILED);

        if (parent) {
                PKIX_CHECK(pkix_PolicyNode_AddToParent(parent, copy, plContext),
                        PKIX_POLICYNODEADDTOPARENTFAILED);
        }

        /* Are there any children to duplicate? */
        children = original->children;

        if (children) {
            PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
                PKIX_LISTGETLENGTHFAILED);
        }

        for (childIndex = 0; childIndex < numChildren; childIndex++) {
                PKIX_CHECK(PKIX_List_GetItem
                        (children,
                        childIndex,
                        (PKIX_PL_Object **)&child,
                        plContext),
                        PKIX_LISTGETITEMFAILED);

                PKIX_CHECK(pkix_PolicyNode_DuplicateHelper
                        (child, copy, NULL, plContext),
                        PKIX_POLICYNODEDUPLICATEHELPERFAILED);

                PKIX_DECREF(child);
        }

        if (pNewNode) {
                *pNewNode = copy;
                copy = NULL; /* no DecRef if we give our handle away */
        }

cleanup:
        PKIX_DECREF(copy);
        PKIX_DECREF(child);

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_Duplicate
 * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_PolicyNode_Duplicate(
        PKIX_PL_Object *object,
        PKIX_PL_Object **pNewObject,
        void *plContext)
{
        PKIX_PolicyNode *original = NULL;
        PKIX_PolicyNode *copy = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Duplicate");

        PKIX_NULLCHECK_TWO(object, pNewObject);

        PKIX_CHECK(pkix_CheckType
                (object, PKIX_CERTPOLICYNODE_TYPE, plContext),
                PKIX_OBJECTNOTPOLICYNODE);

        original = (PKIX_PolicyNode *)object;

        PKIX_CHECK(pkix_PolicyNode_DuplicateHelper
                (original, NULL, &copy, plContext),
                PKIX_POLICYNODEDUPLICATEHELPERFAILED);

        *pNewObject = (PKIX_PL_Object *)copy;

cleanup:

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: pkix_PolicyNode_RegisterSelf
 * DESCRIPTION:
 *
 *  Registers PKIX_CERTPOLICYNODE_TYPE and its related
 *  functions with systemClasses[]
 *
 * THREAD SAFETY:
 *  Not Thread Safe - for performance and complexity reasons
 *
 *  Since this function is only called by PKIX_PL_Initialize,
 *  which should only be called once, it is acceptable that
 *  this function is not thread-safe.
 */
PKIX_Error *
pkix_PolicyNode_RegisterSelf(void *plContext)
{

        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
        pkix_ClassTable_Entry entry;

        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_RegisterSelf");

        entry.description = "PolicyNode";
        entry.objCounter = 0;
        entry.typeObjectSize = sizeof(PKIX_PolicyNode);
        entry.destructor = pkix_PolicyNode_Destroy;
        entry.equalsFunction = pkix_PolicyNode_Equals;
        entry.hashcodeFunction = pkix_PolicyNode_Hashcode;
        entry.toStringFunction = pkix_PolicyNode_ToString;
        entry.comparator = NULL;
        entry.duplicateFunction = pkix_PolicyNode_Duplicate;

        systemClasses[PKIX_CERTPOLICYNODE_TYPE] = entry;

        PKIX_RETURN(CERTPOLICYNODE);
}


/* --Public-PolicyNode-Functions----------------------------------- */

/*
 * FUNCTION: PKIX_PolicyNode_GetChildren
 * (see description of this function in pkix_results.h)
 */
PKIX_Error *
PKIX_PolicyNode_GetChildren(
        PKIX_PolicyNode *node,
        PKIX_List **pChildren,  /* list of PKIX_PolicyNode */
        void *plContext)
{
        PKIX_List *children = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetChildren");

        PKIX_NULLCHECK_TWO(node, pChildren);

        PKIX_INCREF(node->children);
        children = node->children;

        if (!children) {
                PKIX_CHECK(PKIX_List_Create(&children, plContext),
                        PKIX_LISTCREATEFAILED);
        }

        PKIX_CHECK(PKIX_List_SetImmutable(children, plContext),
                PKIX_LISTSETIMMUTABLEFAILED);

        *pChildren = children;

cleanup:
        if (PKIX_ERROR_RECEIVED) {
                PKIX_DECREF(children);
        }

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: PKIX_PolicyNode_GetParent
 * (see description of this function in pkix_results.h)
 */
PKIX_Error *
PKIX_PolicyNode_GetParent(
        PKIX_PolicyNode *node,
        PKIX_PolicyNode **pParent,
        void *plContext)
{

        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetParent");

        PKIX_NULLCHECK_TWO(node, pParent);

        PKIX_INCREF(node->parent);
        *pParent = node->parent;

cleanup:
        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: PKIX_PolicyNode_GetValidPolicy
 * (see description of this function in pkix_results.h)
 */
PKIX_Error *
PKIX_PolicyNode_GetValidPolicy(
        PKIX_PolicyNode *node,
        PKIX_PL_OID **pValidPolicy,
        void *plContext)
{

        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetValidPolicy");

        PKIX_NULLCHECK_TWO(node, pValidPolicy);

        PKIX_INCREF(node->validPolicy);
        *pValidPolicy = node->validPolicy;

cleanup:
        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
 * (see description of this function in pkix_results.h)
 */
PKIX_Error *
PKIX_PolicyNode_GetPolicyQualifiers(
        PKIX_PolicyNode *node,
        PKIX_List **pQualifiers,  /* list of PKIX_PL_CertPolicyQualifier */
        void *plContext)
{
        PKIX_List *qualifiers = NULL;

        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetPolicyQualifiers");

        PKIX_NULLCHECK_TWO(node, pQualifiers);

        PKIX_INCREF(node->qualifierSet);
        qualifiers = node->qualifierSet;

        if (!qualifiers) {
                PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),
                        PKIX_LISTCREATEFAILED);
        }

        PKIX_CHECK(PKIX_List_SetImmutable(qualifiers, plContext),
                PKIX_LISTSETIMMUTABLEFAILED);

        *pQualifiers = qualifiers;

cleanup:

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
 * (see description of this function in pkix_results.h)
 */
PKIX_Error *
PKIX_PolicyNode_GetExpectedPolicies(
        PKIX_PolicyNode *node,
        PKIX_List **pExpPolicies,  /* list of PKIX_PL_OID */
        void *plContext)
{

        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetExpectedPolicies");

        PKIX_NULLCHECK_TWO(node, pExpPolicies);

        PKIX_INCREF(node->expectedPolicySet);
        *pExpPolicies = node->expectedPolicySet;

cleanup:
        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: PKIX_PolicyNode_IsCritical
 * (see description of this function in pkix_results.h)
 */
PKIX_Error *
PKIX_PolicyNode_IsCritical(
        PKIX_PolicyNode *node,
        PKIX_Boolean *pCritical,
        void *plContext)
{

        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_IsCritical");

        PKIX_NULLCHECK_TWO(node, pCritical);

        *pCritical = node->criticality;

        PKIX_RETURN(CERTPOLICYNODE);
}

/*
 * FUNCTION: PKIX_PolicyNode_GetDepth
 * (see description of this function in pkix_results.h)
 */
PKIX_Error *
PKIX_PolicyNode_GetDepth(
        PKIX_PolicyNode *node,
        PKIX_UInt32 *pDepth,
        void *plContext)
{

        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetDepth");

        PKIX_NULLCHECK_TWO(node, pDepth);

        *pDepth = node->depth;

        PKIX_RETURN(CERTPOLICYNODE);
}