The Tor Browser / file diff

diff: security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c

security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,121 @@
     1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
     1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
     1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
     1.7 +/*
     1.8 + * pkix_namechainingchecker.c
     1.9 + *
    1.10 + * Functions for name chaining validation
    1.11 + *
    1.12 + */
    1.13 +
    1.14 +
    1.15 +#include "pkix_namechainingchecker.h"
    1.16 +
    1.17 +/* --Private-Functions-------------------------------------------- */
    1.18 +
    1.19 +/*
    1.20 + * FUNCTION: pkix_NameChainingChecker_Check
    1.21 + * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
    1.22 + */
    1.23 +PKIX_Error *
    1.24 +pkix_NameChainingChecker_Check(
    1.25 +        PKIX_CertChainChecker *checker,
    1.26 +        PKIX_PL_Cert *cert,
    1.27 +        PKIX_List *unresolvedCriticalExtensions,
    1.28 +        void **pNBIOContext,
    1.29 +        void *plContext)
    1.30 +{
    1.31 +        PKIX_PL_X500Name *prevSubject = NULL;
    1.32 +        PKIX_PL_X500Name *currIssuer = NULL;
    1.33 +        PKIX_PL_X500Name *currSubject = NULL;
    1.34 +        PKIX_Boolean result;
    1.35 +
    1.36 +        PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameChainingChecker_Check");
    1.37 +        PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
    1.38 +
    1.39 +        *pNBIOContext = NULL; /* we never block on pending I/O */
    1.40 +
    1.41 +        PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
    1.42 +                    (checker, (PKIX_PL_Object **)&prevSubject, plContext),
    1.43 +                    PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
    1.44 +
    1.45 +        PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &currIssuer, plContext),
    1.46 +                    PKIX_CERTGETISSUERFAILED);
    1.47 +
    1.48 +        if (prevSubject){
    1.49 +                PKIX_CHECK(PKIX_PL_X500Name_Match
    1.50 +                            (prevSubject, currIssuer, &result, plContext),
    1.51 +                            PKIX_X500NAMEMATCHFAILED);
    1.52 +                if (!result){
    1.53 +                        PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
    1.54 +                }
    1.55 +        } else {
    1.56 +                PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
    1.57 +        }
    1.58 +
    1.59 +        PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &currSubject, plContext),
    1.60 +                    PKIX_CERTGETSUBJECTFAILED);
    1.61 +
    1.62 +        PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
    1.63 +                    (checker, (PKIX_PL_Object *)currSubject, plContext),
    1.64 +                    PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
    1.65 +
    1.66 +cleanup:
    1.67 +
    1.68 +        PKIX_DECREF(prevSubject);
    1.69 +        PKIX_DECREF(currIssuer);
    1.70 +        PKIX_DECREF(currSubject);
    1.71 +
    1.72 +        PKIX_RETURN(CERTCHAINCHECKER);
    1.73 +
    1.74 +}
    1.75 +
    1.76 +/*
    1.77 + * FUNCTION: pkix_NameChainingChecker_Initialize
    1.78 + * DESCRIPTION:
    1.79 + *
    1.80 + *  Creates a new CertChainChecker and stores it at "pChecker", where it will
    1.81 + *  be used by pkix_NameChainingChecker_Check to check that the issuer name
    1.82 + *  of the certificate matches the subject name in the checker's state. The
    1.83 + *  X500Name pointed to by "trustedCAName" is used to initialize the checker's
    1.84 + *  state.
    1.85 + *
    1.86 + * PARAMETERS:
    1.87 + *  "trustedCAName"
    1.88 + *      Address of X500Name representing the trusted CA Name used to
    1.89 + *      initialize the state of this checker. Must be non-NULL.
    1.90 + *  "pChecker"
    1.91 + *      Address where object pointer will be stored. Must be non-NULL.
    1.92 + *  "plContext"
    1.93 + *      Platform-specific context pointer.
    1.94 + * THREAD SAFETY:
    1.95 + *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
    1.96 + * RETURNS:
    1.97 + *  Returns NULL if the function succeeds.
    1.98 + *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
    1.99 + *  Returns a Fatal Error if the function fails in an unrecoverable way.
   1.100 + */
   1.101 +PKIX_Error *
   1.102 +pkix_NameChainingChecker_Initialize(
   1.103 +        PKIX_PL_X500Name *trustedCAName,
   1.104 +        PKIX_CertChainChecker **pChecker,
   1.105 +        void *plContext)
   1.106 +{
   1.107 +        PKIX_ENTER(CERTCHAINCHECKER, "PKIX_NameChainingChecker_Initialize");
   1.108 +        PKIX_NULLCHECK_TWO(pChecker, trustedCAName);
   1.109 +
   1.110 +        PKIX_CHECK(PKIX_CertChainChecker_Create
   1.111 +                    (pkix_NameChainingChecker_Check,
   1.112 +                    PKIX_FALSE,
   1.113 +                    PKIX_FALSE,
   1.114 +                    NULL,
   1.115 +                    (PKIX_PL_Object *)trustedCAName,
   1.116 +                    pChecker,
   1.117 +                    plContext),
   1.118 +                    PKIX_CERTCHAINCHECKERCREATEFAILED);
   1.119 +
   1.120 +cleanup:
   1.121 +
   1.122 +        PKIX_RETURN(CERTCHAINCHECKER);
   1.123 +
   1.124 +}

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial