Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h ('k') | nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * pkix_namechainingchecker.c
6 *
7 * Functions for name chaining validation
8 *
9 */
10
11
12 #include "pkix_namechainingchecker.h"
13
14 /* --Private-Functions-------------------------------------------- */
15
16 /*
17 * FUNCTION: pkix_NameChainingChecker_Check
18 * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
19 */
20 PKIX_Error *
21 pkix_NameChainingChecker_Check(
22 PKIX_CertChainChecker *checker,
23 PKIX_PL_Cert *cert,
24 PKIX_List *unresolvedCriticalExtensions,
25 void **pNBIOContext,
26 void *plContext)
27 {
28 PKIX_PL_X500Name *prevSubject = NULL;
29 PKIX_PL_X500Name *currIssuer = NULL;
30 PKIX_PL_X500Name *currSubject = NULL;
31 PKIX_Boolean result;
32
33 PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameChainingChecker_Check");
34 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
35
36 *pNBIOContext = NULL; /* we never block on pending I/O */
37
38 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
39 (checker, (PKIX_PL_Object **)&prevSubject, plContext),
40 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
41
42 PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &currIssuer, plContext),
43 PKIX_CERTGETISSUERFAILED);
44
45 if (prevSubject){
46 PKIX_CHECK(PKIX_PL_X500Name_Match
47 (prevSubject, currIssuer, &result, plContext),
48 PKIX_X500NAMEMATCHFAILED);
49 if (!result){
50 PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
51 }
52 } else {
53 PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
54 }
55
56 PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &currSubject, plContext),
57 PKIX_CERTGETSUBJECTFAILED);
58
59 PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
60 (checker, (PKIX_PL_Object *)currSubject, plContext),
61 PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
62
63 cleanup:
64
65 PKIX_DECREF(prevSubject);
66 PKIX_DECREF(currIssuer);
67 PKIX_DECREF(currSubject);
68
69 PKIX_RETURN(CERTCHAINCHECKER);
70
71 }
72
73 /*
74 * FUNCTION: pkix_NameChainingChecker_Initialize
75 * DESCRIPTION:
76 *
77 * Creates a new CertChainChecker and stores it at "pChecker", where it will
78 * be used by pkix_NameChainingChecker_Check to check that the issuer name
79 * of the certificate matches the subject name in the checker's state. The
80 * X500Name pointed to by "trustedCAName" is used to initialize the checker's
81 * state.
82 *
83 * PARAMETERS:
84 * "trustedCAName"
85 * Address of X500Name representing the trusted CA Name used to
86 * initialize the state of this checker. Must be non-NULL.
87 * "pChecker"
88 * Address where object pointer will be stored. Must be non-NULL.
89 * "plContext"
90 * Platform-specific context pointer.
91 * THREAD SAFETY:
92 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
93 * RETURNS:
94 * Returns NULL if the function succeeds.
95 * Returns a CertChainChecker Error if the function fails in a non-fatal way.
96 * Returns a Fatal Error if the function fails in an unrecoverable way.
97 */
98 PKIX_Error *
99 pkix_NameChainingChecker_Initialize(
100 PKIX_PL_X500Name *trustedCAName,
101 PKIX_CertChainChecker **pChecker,
102 void *plContext)
103 {
104 PKIX_ENTER(CERTCHAINCHECKER, "PKIX_NameChainingChecker_Initialize");
105 PKIX_NULLCHECK_TWO(pChecker, trustedCAName);
106
107 PKIX_CHECK(PKIX_CertChainChecker_Create
108 (pkix_NameChainingChecker_Check,
109 PKIX_FALSE,
110 PKIX_FALSE,
111 NULL,
112 (PKIX_PL_Object *)trustedCAName,
113 pChecker,
114 plContext),
115 PKIX_CERTCHAINCHECKERCREATEFAILED);
116
117 cleanup:
118
119 PKIX_RETURN(CERTCHAINCHECKER);
120
121 }
OLDNEW
« no previous file with comments | « nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h ('k') | nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698