| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * pkix_build.c | 5 * pkix_build.c |
| 6 * | 6 * |
| 7 * Top level buildChain function | 7 * Top level buildChain function |
| 8 * | 8 * |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 642 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 653 PKIX_RETURN(FORWARDBUILDERSTATE); | 653 PKIX_RETURN(FORWARDBUILDERSTATE); |
| 654 } | 654 } |
| 655 | 655 |
| 656 /* --Private-BuildChain-Functions------------------------------------------- */ | 656 /* --Private-BuildChain-Functions------------------------------------------- */ |
| 657 | 657 |
| 658 /* | 658 /* |
| 659 * FUNCTION: pkix_Build_SortCertComparator | 659 * FUNCTION: pkix_Build_SortCertComparator |
| 660 * DESCRIPTION: | 660 * DESCRIPTION: |
| 661 * | 661 * |
| 662 * This Function takes two Certificates cast in "obj1" and "obj2", | 662 * This Function takes two Certificates cast in "obj1" and "obj2", |
| 663 * compares their validity NotAfter dates and returns the result at | 663 * compares them to determine which is a more preferable certificate |
| 664 * "pResult". The comparison key(s) can be expanded by using other | 664 * for chain building. This Function is suitable for use as a |
| 665 * data in the Certificate in the future. | 665 * comparator callback for pkix_List_BubbleSort, setting "*pResult" to |
| 666 * > 0 if "obj1" is less desirable than "obj2" and < 0 if "obj1" |
| 667 * is more desirable than "obj2". |
| 666 * | 668 * |
| 667 * PARAMETERS: | 669 * PARAMETERS: |
| 668 * "obj1" | 670 * "obj1" |
| 669 * Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert. | 671 * Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert. |
| 670 * Must be non-NULL. | 672 * Must be non-NULL. |
| 671 * "obj2" | 673 * "obj2" |
| 672 * Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert. | 674 * Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert. |
| 673 * Must be non-NULL. | 675 * Must be non-NULL. |
| 674 * "pResult" | 676 * "pResult" |
| 675 * Address where the comparison result is returned. Must be non-NULL. | 677 * Address where the comparison result is returned. Must be non-NULL. |
| 676 * "plContext" | 678 * "plContext" |
| 677 * Platform-specific context pointer. | 679 * Platform-specific context pointer. |
| 678 * THREAD SAFETY: | 680 * THREAD SAFETY: |
| 679 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 681 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
| 680 * RETURNS: | 682 * RETURNS: |
| 681 * Returns NULL if the function succeeds. | 683 * Returns NULL if the function succeeds. |
| 682 * Returns a Build Error if the function fails in a non-fatal way | 684 * Returns a Build Error if the function fails in a non-fatal way |
| 683 * Returns a Fatal Error if the function fails in an unrecoverable way. | 685 * Returns a Fatal Error if the function fails in an unrecoverable way. |
| 684 */ | 686 */ |
| 685 static PKIX_Error * | 687 static PKIX_Error * |
| 686 pkix_Build_SortCertComparator( | 688 pkix_Build_SortCertComparator( |
| 687 PKIX_PL_Object *obj1, | 689 PKIX_PL_Object *obj1, |
| 688 PKIX_PL_Object *obj2, | 690 PKIX_PL_Object *obj2, |
| 689 PKIX_Int32 *pResult, | 691 PKIX_Int32 *pResult, |
| 690 void *plContext) | 692 void *plContext) |
| 691 { | 693 { |
| 692 PKIX_PL_Date *date1 = NULL; | 694 PKIX_PL_Date *date1 = NULL; |
| 693 PKIX_PL_Date *date2 = NULL; | 695 PKIX_PL_Date *date2 = NULL; |
| 694 PKIX_Boolean result = PKIX_FALSE; | 696 PKIX_Int32 result = 0; |
| 695 | 697 |
| 696 PKIX_ENTER(BUILD, "pkix_Build_SortCertComparator"); | 698 PKIX_ENTER(BUILD, "pkix_Build_SortCertComparator"); |
| 697 PKIX_NULLCHECK_THREE(obj1, obj2, pResult); | 699 PKIX_NULLCHECK_THREE(obj1, obj2, pResult); |
| 698 | 700 |
| 699 /* | 701 /* |
| 700 * For sorting candidate certificates, we use NotAfter date as the | 702 * For sorting candidate certificates, we use NotAfter date as the |
| 701 * sorted key for now (can be expanded if desired in the future). | 703 * comparison key for now (can be expanded if desired in the future). |
| 702 * | 704 * |
| 703 * In PKIX_BuildChain, the List of CertStores was reordered so that | 705 * In PKIX_BuildChain, the List of CertStores was reordered so that |
| 704 * trusted CertStores are ahead of untrusted CertStores. That sort, or | 706 * trusted CertStores are ahead of untrusted CertStores. That sort, or |
| 705 * this one, could be taken out if it is determined that it doesn't help | 707 * this one, could be taken out if it is determined that it doesn't help |
| 706 * performance, or in some way hinders the solution of choosing desired | 708 * performance, or in some way hinders the solution of choosing desired |
| 707 * candidates. | 709 * candidates. |
| 708 */ | 710 */ |
| 709 | 711 |
| 710 PKIX_CHECK(pkix_CheckType(obj1, PKIX_CERT_TYPE, plContext), | 712 PKIX_CHECK(pkix_CheckType(obj1, PKIX_CERT_TYPE, plContext), |
| 711 PKIX_OBJECTNOTCERT); | 713 PKIX_OBJECTNOTCERT); |
| 712 PKIX_CHECK(pkix_CheckType(obj2, PKIX_CERT_TYPE, plContext), | 714 PKIX_CHECK(pkix_CheckType(obj2, PKIX_CERT_TYPE, plContext), |
| 713 PKIX_OBJECTNOTCERT); | 715 PKIX_OBJECTNOTCERT); |
| 714 | 716 |
| 715 PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter | 717 PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter |
| 716 ((PKIX_PL_Cert *)obj1, &date1, plContext), | 718 ((PKIX_PL_Cert *)obj1, &date1, plContext), |
| 717 PKIX_CERTGETVALIDITYNOTAFTERFAILED); | 719 PKIX_CERTGETVALIDITYNOTAFTERFAILED); |
| 718 | 720 |
| 719 PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter | 721 PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter |
| 720 ((PKIX_PL_Cert *)obj2, &date2, plContext), | 722 ((PKIX_PL_Cert *)obj2, &date2, plContext), |
| 721 PKIX_CERTGETVALIDITYNOTAFTERFAILED); | 723 PKIX_CERTGETVALIDITYNOTAFTERFAILED); |
| 722 | 724 |
| 723 PKIX_CHECK(PKIX_PL_Object_Compare | 725 PKIX_CHECK(PKIX_PL_Object_Compare |
| 724 ((PKIX_PL_Object *)date1, | 726 ((PKIX_PL_Object *)date1, |
| 725 (PKIX_PL_Object *)date2, | 727 (PKIX_PL_Object *)date2, |
| 726 &result, | 728 &result, |
| 727 plContext), | 729 plContext), |
| 728 PKIX_OBJECTCOMPARATORFAILED); | 730 PKIX_OBJECTCOMPARATORFAILED); |
| 729 | 731 |
| 730 *pResult = !result; | 732 /* |
| 733 * Invert the result, so that if date1 is greater than date2, |
| 734 * obj1 is sorted before obj2. This is because pkix_List_BubbleSort |
| 735 * sorts in ascending order. |
| 736 */ |
| 737 *pResult = -result; |
| 731 | 738 |
| 732 cleanup: | 739 cleanup: |
| 733 | 740 |
| 734 PKIX_DECREF(date1); | 741 PKIX_DECREF(date1); |
| 735 PKIX_DECREF(date2); | 742 PKIX_DECREF(date2); |
| 736 | 743 |
| 737 PKIX_RETURN(BUILD); | 744 PKIX_RETURN(BUILD); |
| 738 } | 745 } |
| 739 | 746 |
| 740 /* This local error check macro */ | 747 /* This local error check macro */ |
| (...skipping 2994 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3735 *pBuildResult = buildResult; | 3742 *pBuildResult = buildResult; |
| 3736 buildResult = NULL; | 3743 buildResult = NULL; |
| 3737 } | 3744 } |
| 3738 | 3745 |
| 3739 cleanup: | 3746 cleanup: |
| 3740 PKIX_DECREF(buildResult); | 3747 PKIX_DECREF(buildResult); |
| 3741 PKIX_DECREF(state); | 3748 PKIX_DECREF(state); |
| 3742 | 3749 |
| 3743 PKIX_RETURN(BUILD); | 3750 PKIX_RETURN(BUILD); |
| 3744 } | 3751 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1017413002:
Uprev NSS to 3.18 RTM (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@nspr_uprev