| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Certificate handling code | 6 * Certificate handling code |
| 7 * | 7 * |
| 8 * $Id$ | 8 * $Id$ |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 937 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 948 SECStatus | 948 SECStatus |
| 949 CERT_SetSlopTime(PRInt32 slop) /* seconds */ | 949 CERT_SetSlopTime(PRInt32 slop) /* seconds */ |
| 950 { | 950 { |
| 951 if (slop < 0) | 951 if (slop < 0) |
| 952 return SECFailure; | 952 return SECFailure; |
| 953 pendingSlop = slop; | 953 pendingSlop = slop; |
| 954 return SECSuccess; | 954 return SECSuccess; |
| 955 } | 955 } |
| 956 | 956 |
| 957 SECStatus | 957 SECStatus |
| 958 CERT_GetCertTimes(CERTCertificate *c, PRTime *notBefore, PRTime *notAfter) | 958 CERT_GetCertTimes(const CERTCertificate *c, PRTime *notBefore, PRTime *notAfter) |
| 959 { | 959 { |
| 960 SECStatus rv; | 960 SECStatus rv; |
| 961 | 961 |
| 962 if (!c || !notBefore || !notAfter) { | 962 if (!c || !notBefore || !notAfter) { |
| 963 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 963 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 964 return SECFailure; | 964 return SECFailure; |
| 965 } | 965 } |
| 966 | 966 |
| 967 /* convert DER not-before time */ | 967 /* convert DER not-before time */ |
| 968 rv = DER_DecodeTimeChoice(notBefore, &c->validity.notBefore); | 968 rv = DER_DecodeTimeChoice(notBefore, &c->validity.notBefore); |
| 969 if (rv) { | 969 if (rv) { |
| 970 return(SECFailure); | 970 return(SECFailure); |
| 971 } | 971 } |
| 972 | 972 |
| 973 /* convert DER not-after time */ | 973 /* convert DER not-after time */ |
| 974 rv = DER_DecodeTimeChoice(notAfter, &c->validity.notAfter); | 974 rv = DER_DecodeTimeChoice(notAfter, &c->validity.notAfter); |
| 975 if (rv) { | 975 if (rv) { |
| 976 return(SECFailure); | 976 return(SECFailure); |
| 977 } | 977 } |
| 978 | 978 |
| 979 return(SECSuccess); | 979 return(SECSuccess); |
| 980 } | 980 } |
| 981 | 981 |
| 982 /* | 982 /* |
| 983 * Check the validity times of a certificate | 983 * Check the validity times of a certificate |
| 984 */ | 984 */ |
| 985 SECCertTimeValidity | 985 SECCertTimeValidity |
| 986 CERT_CheckCertValidTimes(CERTCertificate *c, PRTime t, PRBool allowOverride) | 986 CERT_CheckCertValidTimes(const CERTCertificate *c, PRTime t, |
| 987 PRBool allowOverride) |
| 987 { | 988 { |
| 988 PRTime notBefore, notAfter, llPendingSlop, tmp1; | 989 PRTime notBefore, notAfter, llPendingSlop, tmp1; |
| 989 SECStatus rv; | 990 SECStatus rv; |
| 990 | 991 |
| 991 if (!c) { | 992 if (!c) { |
| 992 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 993 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 993 return(secCertTimeUndetermined); | 994 return(secCertTimeUndetermined); |
| 994 } | 995 } |
| 995 /* if cert is already marked OK, then don't bother to check */ | 996 /* if cert is already marked OK, then don't bother to check */ |
| 996 if ( allowOverride && c->timeOK ) { | 997 if ( allowOverride && c->timeOK ) { |
| (...skipping 412 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1409 if (PORT_Strcasecmp(hn, cn) == 0) { | 1410 if (PORT_Strcasecmp(hn, cn) == 0) { |
| 1410 return SECSuccess; | 1411 return SECSuccess; |
| 1411 } | 1412 } |
| 1412 | 1413 |
| 1413 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); | 1414 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); |
| 1414 return SECFailure; | 1415 return SECFailure; |
| 1415 } | 1416 } |
| 1416 | 1417 |
| 1417 | 1418 |
| 1418 SECStatus | 1419 SECStatus |
| 1419 cert_VerifySubjectAltName(CERTCertificate *cert, const char *hn) | 1420 cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) |
| 1420 { | 1421 { |
| 1421 PRArenaPool * arena = NULL; | 1422 PRArenaPool * arena = NULL; |
| 1422 CERTGeneralName * nameList = NULL; | 1423 CERTGeneralName * nameList = NULL; |
| 1423 CERTGeneralName * current; | 1424 CERTGeneralName * current; |
| 1424 char * cn; | 1425 char * cn; |
| 1425 int cnBufLen; | 1426 int cnBufLen; |
| 1426 unsigned int hnLen; | 1427 unsigned int hnLen; |
| 1427 int DNSextCount = 0; | 1428 int DNSextCount = 0; |
| 1428 int IPextCount = 0; | 1429 int IPextCount = 0; |
| 1429 PRBool isIPaddr = PR_FALSE; | 1430 PRBool isIPaddr = PR_FALSE; |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1546 } | 1547 } |
| 1547 | 1548 |
| 1548 /* | 1549 /* |
| 1549 * If found: | 1550 * If found: |
| 1550 * - subAltName contains the extension (caller must free) | 1551 * - subAltName contains the extension (caller must free) |
| 1551 * - return value is the decoded namelist (allocated off arena) | 1552 * - return value is the decoded namelist (allocated off arena) |
| 1552 * if not found, or if failure to decode: | 1553 * if not found, or if failure to decode: |
| 1553 * - return value is NULL | 1554 * - return value is NULL |
| 1554 */ | 1555 */ |
| 1555 CERTGeneralName * | 1556 CERTGeneralName * |
| 1556 cert_GetSubjectAltNameList(CERTCertificate *cert, PRArenaPool *arena) | 1557 cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena) |
| 1557 { | 1558 { |
| 1558 CERTGeneralName * nameList = NULL; | 1559 CERTGeneralName * nameList = NULL; |
| 1559 SECStatus rv = SECFailure; | 1560 SECStatus rv = SECFailure; |
| 1560 SECItem subAltName; | 1561 SECItem subAltName; |
| 1561 | 1562 |
| 1562 if (!cert || !arena) | 1563 if (!cert || !arena) |
| 1563 return NULL; | 1564 return NULL; |
| 1564 | 1565 |
| 1565 subAltName.data = NULL; | 1566 subAltName.data = NULL; |
| 1566 | 1567 |
| (...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1753 | 1754 |
| 1754 PORT_FreeArena(arena, PR_FALSE); | 1755 PORT_FreeArena(arena, PR_FALSE); |
| 1755 return NULL; | 1756 return NULL; |
| 1756 } | 1757 } |
| 1757 | 1758 |
| 1758 /* Make sure that the name of the host we are connecting to matches the | 1759 /* Make sure that the name of the host we are connecting to matches the |
| 1759 * name that is incoded in the common-name component of the certificate | 1760 * name that is incoded in the common-name component of the certificate |
| 1760 * that they are using. | 1761 * that they are using. |
| 1761 */ | 1762 */ |
| 1762 SECStatus | 1763 SECStatus |
| 1763 CERT_VerifyCertName(CERTCertificate *cert, const char *hn) | 1764 CERT_VerifyCertName(const CERTCertificate *cert, const char *hn) |
| 1764 { | 1765 { |
| 1765 char * cn; | 1766 char * cn; |
| 1766 SECStatus rv; | 1767 SECStatus rv; |
| 1767 CERTOKDomainName *domainOK; | 1768 CERTOKDomainName *domainOK; |
| 1768 | 1769 |
| 1769 if (!hn || !strlen(hn)) { | 1770 if (!hn || !strlen(hn)) { |
| 1770 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1771 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1771 return SECFailure; | 1772 return SECFailure; |
| 1772 } | 1773 } |
| 1773 | 1774 |
| (...skipping 24 matching lines...) Expand all Loading... |
| 1798 } else { | 1799 } else { |
| 1799 rv = cert_TestHostName(cn, hn); | 1800 rv = cert_TestHostName(cn, hn); |
| 1800 } | 1801 } |
| 1801 PORT_Free(cn); | 1802 PORT_Free(cn); |
| 1802 } else | 1803 } else |
| 1803 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); | 1804 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); |
| 1804 return rv; | 1805 return rv; |
| 1805 } | 1806 } |
| 1806 | 1807 |
| 1807 PRBool | 1808 PRBool |
| 1808 CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2) | 1809 CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2) |
| 1809 { | 1810 { |
| 1810 SECComparison comp; | 1811 SECComparison comp; |
| 1811 | 1812 |
| 1812 comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert); | 1813 comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert); |
| 1813 if ( comp == SECEqual ) { /* certs are the same */ | 1814 if ( comp == SECEqual ) { /* certs are the same */ |
| 1814 return(PR_TRUE); | 1815 return(PR_TRUE); |
| 1815 } else { | 1816 } else { |
| 1816 return(PR_FALSE); | 1817 return(PR_FALSE); |
| 1817 } | 1818 } |
| 1818 } | 1819 } |
| (...skipping 1079 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2898 | 2899 |
| 2899 static PZLock *certTrustLock = NULL; | 2900 static PZLock *certTrustLock = NULL; |
| 2900 | 2901 |
| 2901 /* | 2902 /* |
| 2902 * Acquire the cert trust lock | 2903 * Acquire the cert trust lock |
| 2903 * There is currently one global lock for all certs, but I'm putting a cert | 2904 * There is currently one global lock for all certs, but I'm putting a cert |
| 2904 * arg here so that it will be easy to make it per-cert in the future if | 2905 * arg here so that it will be easy to make it per-cert in the future if |
| 2905 * that turns out to be necessary. | 2906 * that turns out to be necessary. |
| 2906 */ | 2907 */ |
| 2907 void | 2908 void |
| 2908 CERT_LockCertTrust(CERTCertificate *cert) | 2909 CERT_LockCertTrust(const CERTCertificate *cert) |
| 2909 { | 2910 { |
| 2910 PORT_Assert(certTrustLock != NULL); | 2911 PORT_Assert(certTrustLock != NULL); |
| 2911 PZ_Lock(certTrustLock); | 2912 PZ_Lock(certTrustLock); |
| 2912 return; | 2913 return; |
| 2913 } | 2914 } |
| 2914 | 2915 |
| 2915 SECStatus | 2916 SECStatus |
| 2916 cert_InitLocks(void) | 2917 cert_InitLocks(void) |
| 2917 { | 2918 { |
| 2918 if ( certRefCountLock == NULL ) { | 2919 if ( certRefCountLock == NULL ) { |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2956 } else { | 2957 } else { |
| 2957 rv = SECFailure; | 2958 rv = SECFailure; |
| 2958 } | 2959 } |
| 2959 return rv; | 2960 return rv; |
| 2960 } | 2961 } |
| 2961 | 2962 |
| 2962 /* | 2963 /* |
| 2963 * Free the cert trust lock | 2964 * Free the cert trust lock |
| 2964 */ | 2965 */ |
| 2965 void | 2966 void |
| 2966 CERT_UnlockCertTrust(CERTCertificate *cert) | 2967 CERT_UnlockCertTrust(const CERTCertificate *cert) |
| 2967 { | 2968 { |
| 2968 PRStatus prstat; | 2969 PRStatus prstat; |
| 2969 | 2970 |
| 2970 PORT_Assert(certTrustLock != NULL); | 2971 PORT_Assert(certTrustLock != NULL); |
| 2971 | 2972 |
| 2972 prstat = PZ_Unlock(certTrustLock); | 2973 prstat = PZ_Unlock(certTrustLock); |
| 2973 | 2974 |
| 2974 PORT_Assert(prstat == PR_SUCCESS); | 2975 PORT_Assert(prstat == PR_SUCCESS); |
| 2975 | 2976 |
| 2976 return; | 2977 return; |
| (...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3264 CERTCertificate *cert = NULL; | 3265 CERTCertificate *cert = NULL; |
| 3265 SECItem *derCert; | 3266 SECItem *derCert; |
| 3266 | 3267 |
| 3267 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); | 3268 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); |
| 3268 if (derCert) { | 3269 if (derCert) { |
| 3269 cert = CERT_FindCertByDERCert(handle, derCert); | 3270 cert = CERT_FindCertByDERCert(handle, derCert); |
| 3270 SECITEM_FreeItem(derCert, PR_TRUE); | 3271 SECITEM_FreeItem(derCert, PR_TRUE); |
| 3271 } | 3272 } |
| 3272 return cert; | 3273 return cert; |
| 3273 } | 3274 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13898013:
Update NSS to NSS_3_15_BETA2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/