| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 #ifdef DEBUG | 5 #ifdef DEBUG |
| 6 static const char CVS_ID[] = "@(#) $RCSfile: pkibase.c,v $ $Revision: 1.36 $ $Da
te: 2012/07/27 21:41:52 $"; | 6 static const char CVS_ID[] = "@(#) $RCSfile: pkibase.c,v $ $Revision: 1.36 $ $Da
te: 2012/07/27 21:41:52 $"; |
| 7 #endif /* DEBUG */ | 7 #endif /* DEBUG */ |
| 8 | 8 |
| 9 #ifndef DEV_H | 9 #ifndef DEV_H |
| 10 #include "dev.h" | 10 #include "dev.h" |
| (...skipping 416 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 427 | 427 |
| 428 NSS_IMPLEMENT NSSCertificate * | 428 NSS_IMPLEMENT NSSCertificate * |
| 429 nssCertificateArray_FindBestCertificate ( | 429 nssCertificateArray_FindBestCertificate ( |
| 430 NSSCertificate **certs, | 430 NSSCertificate **certs, |
| 431 NSSTime *timeOpt, | 431 NSSTime *timeOpt, |
| 432 const NSSUsage *usage, | 432 const NSSUsage *usage, |
| 433 NSSPolicies *policiesOpt | 433 NSSPolicies *policiesOpt |
| 434 ) | 434 ) |
| 435 { | 435 { |
| 436 NSSCertificate *bestCert = NULL; | 436 NSSCertificate *bestCert = NULL; |
| 437 nssDecodedCert *bestdc = NULL; |
| 437 NSSTime *time, sTime; | 438 NSSTime *time, sTime; |
| 438 PRBool haveUsageMatch = PR_FALSE; | 439 PRBool bestCertMatches = PR_FALSE; |
| 439 PRBool thisCertMatches; | 440 PRBool thisCertMatches; |
| 441 PRBool bestCertIsValidAtTime = PR_FALSE; |
| 442 PRBool bestCertIsTrusted = PR_FALSE; |
| 440 | 443 |
| 441 if (timeOpt) { | 444 if (timeOpt) { |
| 442 time = timeOpt; | 445 time = timeOpt; |
| 443 } else { | 446 } else { |
| 444 NSSTime_Now(&sTime); | 447 NSSTime_Now(&sTime); |
| 445 time = &sTime; | 448 time = &sTime; |
| 446 } | 449 } |
| 447 if (!certs) { | 450 if (!certs) { |
| 448 return (NSSCertificate *)NULL; | 451 return (NSSCertificate *)NULL; |
| 449 } | 452 } |
| 450 for (; *certs; certs++) { | 453 for (; *certs; certs++) { |
| 451 » nssDecodedCert *dc, *bestdc; | 454 » nssDecodedCert *dc; |
| 452 NSSCertificate *c = *certs; | 455 NSSCertificate *c = *certs; |
| 453 dc = nssCertificate_GetDecoding(c); | 456 dc = nssCertificate_GetDecoding(c); |
| 454 if (!dc) continue; | 457 if (!dc) continue; |
| 455 thisCertMatches = dc->matchUsage(dc, usage); | 458 thisCertMatches = dc->matchUsage(dc, usage); |
| 456 if (!bestCert) { | 459 if (!bestCert) { |
| 457 /* always take the first cert, but remember whether or not | 460 /* always take the first cert, but remember whether or not |
| 458 * the usage matched | 461 * the usage matched |
| 459 */ | 462 */ |
| 460 bestCert = nssCertificate_AddRef(c); | 463 bestCert = nssCertificate_AddRef(c); |
| 461 » haveUsageMatch = thisCertMatches; | 464 » bestCertMatches = thisCertMatches; |
| 465 » bestdc = dc; |
| 462 continue; | 466 continue; |
| 463 } else { | 467 } else { |
| 464 » if (haveUsageMatch && !thisCertMatches) { | 468 » if (bestCertMatches && !thisCertMatches) { |
| 465 /* if already have a cert for this usage, and if this cert | 469 /* if already have a cert for this usage, and if this cert |
| 466 * doesn't have the correct usage, continue | 470 * doesn't have the correct usage, continue |
| 467 */ | 471 */ |
| 468 continue; | 472 continue; |
| 469 » } else if (!haveUsageMatch && thisCertMatches) { | 473 » } else if (!bestCertMatches && thisCertMatches) { |
| 470 /* this one does match usage, replace the other */ | 474 /* this one does match usage, replace the other */ |
| 471 nssCertificate_Destroy(bestCert); | 475 nssCertificate_Destroy(bestCert); |
| 472 bestCert = nssCertificate_AddRef(c); | 476 bestCert = nssCertificate_AddRef(c); |
| 473 » » haveUsageMatch = PR_TRUE; | 477 » » bestCertMatches = thisCertMatches; |
| 478 » » bestdc = dc; |
| 474 continue; | 479 continue; |
| 475 } | 480 } |
| 476 /* this cert match as well as any cert we've found so far, | 481 /* this cert match as well as any cert we've found so far, |
| 477 * defer to time/policies | 482 * defer to time/policies |
| 478 * */ | 483 * */ |
| 479 } | 484 } |
| 480 bestdc = nssCertificate_GetDecoding(bestCert); | |
| 481 if (!bestdc) { | |
| 482 nssCertificate_Destroy(bestCert); | |
| 483 bestCert = nssCertificate_AddRef(c); | |
| 484 continue; | |
| 485 } | |
| 486 /* time */ | 485 /* time */ |
| 487 » if (bestdc->isValidAtTime(bestdc, time)) { | 486 » if (bestCertIsValidAtTime || bestdc->isValidAtTime(bestdc, time)) { |
| 488 /* The current best cert is valid at time */ | 487 /* The current best cert is valid at time */ |
| 488 bestCertIsValidAtTime = PR_TRUE; |
| 489 if (!dc->isValidAtTime(dc, time)) { | 489 if (!dc->isValidAtTime(dc, time)) { |
| 490 /* If the new cert isn't valid at time, it's not better */ | 490 /* If the new cert isn't valid at time, it's not better */ |
| 491 continue; | 491 continue; |
| 492 } | 492 } |
| 493 } else { | 493 } else { |
| 494 /* The current best cert is not valid at time */ | 494 /* The current best cert is not valid at time */ |
| 495 if (dc->isValidAtTime(dc, time)) { | 495 if (dc->isValidAtTime(dc, time)) { |
| 496 /* If the new cert is valid at time, it's better */ | 496 /* If the new cert is valid at time, it's better */ |
| 497 nssCertificate_Destroy(bestCert); | 497 nssCertificate_Destroy(bestCert); |
| 498 bestCert = nssCertificate_AddRef(c); | 498 bestCert = nssCertificate_AddRef(c); |
| 499 bestdc = dc; |
| 500 bestCertIsValidAtTime = PR_TRUE; |
| 501 continue; |
| 499 } | 502 } |
| 500 } | 503 } |
| 501 » /* either they are both valid at time, or neither valid; | 504 » /* Either they are both valid at time, or neither valid. |
| 502 » * take the newer one | 505 » * If only one is trusted for this usage, take it. |
| 503 */ | 506 */ |
| 507 if (bestCertIsTrusted || bestdc->isTrustedForUsage(bestdc, usage)) { |
| 508 bestCertIsTrusted = PR_TRUE; |
| 509 if (!dc->isTrustedForUsage(dc, usage)) { |
| 510 continue; |
| 511 } |
| 512 } else { |
| 513 /* The current best cert is not trusted */ |
| 514 if (dc->isTrustedForUsage(dc, usage)) { |
| 515 /* If the new cert is trusted, it's better */ |
| 516 nssCertificate_Destroy(bestCert); |
| 517 bestCert = nssCertificate_AddRef(c); |
| 518 bestdc = dc; |
| 519 bestCertIsTrusted = PR_TRUE; |
| 520 continue; |
| 521 } |
| 522 } |
| 523 /* Otherwise, take the newer one. */ |
| 504 if (!bestdc->isNewerThan(bestdc, dc)) { | 524 if (!bestdc->isNewerThan(bestdc, dc)) { |
| 505 nssCertificate_Destroy(bestCert); | 525 nssCertificate_Destroy(bestCert); |
| 506 bestCert = nssCertificate_AddRef(c); | 526 bestCert = nssCertificate_AddRef(c); |
| 527 bestdc = dc; |
| 528 continue; |
| 507 } | 529 } |
| 508 /* policies */ | 530 /* policies */ |
| 509 /* XXX later -- defer to policies */ | 531 /* XXX later -- defer to policies */ |
| 510 } | 532 } |
| 511 return bestCert; | 533 return bestCert; |
| 512 } | 534 } |
| 513 | 535 |
| 514 NSS_IMPLEMENT PRStatus | 536 NSS_IMPLEMENT PRStatus |
| 515 nssCertificateArray_Traverse ( | 537 nssCertificateArray_Traverse ( |
| 516 NSSCertificate **certs, | 538 NSSCertificate **certs, |
| (...skipping 710 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1227 } | 1249 } |
| 1228 | 1250 |
| 1229 NSS_IMPLEMENT PRTime | 1251 NSS_IMPLEMENT PRTime |
| 1230 NSSTime_GetPRTime ( | 1252 NSSTime_GetPRTime ( |
| 1231 NSSTime *time | 1253 NSSTime *time |
| 1232 ) | 1254 ) |
| 1233 { | 1255 { |
| 1234 return time->prTime; | 1256 return time->prTime; |
| 1235 } | 1257 } |
| 1236 | 1258 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10961060:
Update NSS to NSS 3.14 Beta 1. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/