| Index: nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
|
| diff --git a/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c b/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
|
| deleted file mode 100755
|
| index 0e7a87997d49527a984921df0f900fe28cbebbcf..0000000000000000000000000000000000000000
|
| --- a/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
|
| +++ /dev/null
|
| @@ -1,306 +0,0 @@
|
| -/* This Source Code Form is subject to the terms of the Mozilla Public
|
| - * License, v. 2.0. If a copy of the MPL was not distributed with this
|
| - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
| -/*
|
| - * pkix_basicconstraintschecker.c
|
| - *
|
| - * Functions for basic constraints validation
|
| - *
|
| - */
|
| -
|
| -#include "pkix_basicconstraintschecker.h"
|
| -
|
| -/* --Private-BasicConstraintsCheckerState-Functions------------------------- */
|
| -
|
| -/*
|
| - * FUNCTION: pkix_BasicConstraintsCheckerState_Destroy
|
| - * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
|
| - */
|
| -static PKIX_Error *
|
| -pkix_BasicConstraintsCheckerState_Destroy(
|
| - PKIX_PL_Object *object,
|
| - void *plContext)
|
| -{
|
| - pkix_BasicConstraintsCheckerState *state = NULL;
|
| -
|
| - PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
|
| - "pkix_BasicConstraintsCheckerState_Destroy");
|
| -
|
| - PKIX_NULLCHECK_ONE(object);
|
| -
|
| - /* Check that this object is a basic constraints checker state */
|
| - PKIX_CHECK(pkix_CheckType
|
| - (object, PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE, plContext),
|
| - PKIX_OBJECTNOTBASICCONSTRAINTSCHECKERSTATE);
|
| -
|
| - state = (pkix_BasicConstraintsCheckerState *)object;
|
| -
|
| - PKIX_DECREF(state->basicConstraintsOID);
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_BasicConstraintsCheckerState_RegisterSelf
|
| - * DESCRIPTION:
|
| - * Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
|
| - * THREAD SAFETY:
|
| - * Not Thread Safe - for performance and complexity reasons
|
| - *
|
| - * Since this function is only called by PKIX_PL_Initialize, which should
|
| - * only be called once, it is acceptable that this function is not
|
| - * thread-safe.
|
| - */
|
| -PKIX_Error *
|
| -pkix_BasicConstraintsCheckerState_RegisterSelf(void *plContext)
|
| -{
|
| - extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
|
| - pkix_ClassTable_Entry entry;
|
| -
|
| - PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
|
| - "pkix_BasicConstraintsCheckerState_RegisterSelf");
|
| -
|
| - entry.description = "BasicConstraintsCheckerState";
|
| - entry.objCounter = 0;
|
| - entry.typeObjectSize = sizeof(pkix_BasicConstraintsCheckerState);
|
| - entry.destructor = pkix_BasicConstraintsCheckerState_Destroy;
|
| - entry.equalsFunction = NULL;
|
| - entry.hashcodeFunction = NULL;
|
| - entry.toStringFunction = NULL;
|
| - entry.comparator = NULL;
|
| - entry.duplicateFunction = NULL;
|
| -
|
| - systemClasses[PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE] = entry;
|
| -
|
| - PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_BasicConstraintsCheckerState_Create
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates a new BasicConstraintsCheckerState using the number of certs in
|
| - * the chain represented by "certsRemaining" and stores it at "pState".
|
| - *
|
| - * PARAMETERS:
|
| - * "certsRemaining"
|
| - * Number of certificates in the chain.
|
| - * "pState"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a BasicConstraintsCheckerState Error if the function fails in a
|
| - * non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -static PKIX_Error *
|
| -pkix_BasicConstraintsCheckerState_Create(
|
| - PKIX_UInt32 certsRemaining,
|
| - pkix_BasicConstraintsCheckerState **pState,
|
| - void *plContext)
|
| -{
|
| - pkix_BasicConstraintsCheckerState *state = NULL;
|
| -
|
| - PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
|
| - "pkix_BasicConstraintsCheckerState_Create");
|
| -
|
| - PKIX_NULLCHECK_ONE(pState);
|
| -
|
| - PKIX_CHECK(PKIX_PL_Object_Alloc
|
| - (PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE,
|
| - sizeof (pkix_BasicConstraintsCheckerState),
|
| - (PKIX_PL_Object **)&state,
|
| - plContext),
|
| - PKIX_COULDNOTCREATEBASICCONSTRAINTSSTATEOBJECT);
|
| -
|
| - /* initialize fields */
|
| - state->certsRemaining = certsRemaining;
|
| - state->maxPathLength = PKIX_UNLIMITED_PATH_CONSTRAINT;
|
| -
|
| - PKIX_CHECK(PKIX_PL_OID_Create
|
| - (PKIX_BASICCONSTRAINTS_OID,
|
| - &state->basicConstraintsOID,
|
| - plContext),
|
| - PKIX_OIDCREATEFAILED);
|
| -
|
| - *pState = state;
|
| - state = NULL;
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_DECREF(state);
|
| -
|
| - PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
|
| -}
|
| -
|
| -/* --Private-BasicConstraintsChecker-Functions------------------------------ */
|
| -
|
| -/*
|
| - * FUNCTION: pkix_BasicConstraintsChecker_Check
|
| - * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
|
| - */
|
| -PKIX_Error *
|
| -pkix_BasicConstraintsChecker_Check(
|
| - PKIX_CertChainChecker *checker,
|
| - PKIX_PL_Cert *cert,
|
| - PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
|
| - void **pNBIOContext,
|
| - void *plContext)
|
| -{
|
| - PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
|
| - pkix_BasicConstraintsCheckerState *state = NULL;
|
| - PKIX_Boolean caFlag = PKIX_FALSE;
|
| - PKIX_Int32 pathLength = 0;
|
| - PKIX_Int32 maxPathLength_now;
|
| - PKIX_Boolean isSelfIssued = PKIX_FALSE;
|
| -
|
| - PKIX_ENTER(CERTCHAINCHECKER, "pkix_BasicConstraintsChecker_Check");
|
| - PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
|
| -
|
| - *pNBIOContext = NULL; /* we never block on pending I/O */
|
| -
|
| - PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
|
| - (checker, (PKIX_PL_Object **)&state, plContext),
|
| - PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
|
| -
|
| - state->certsRemaining--;
|
| -
|
| - if (state->certsRemaining != 0) {
|
| -
|
| - PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
|
| - (cert, &basicConstraints, plContext),
|
| - PKIX_CERTGETBASICCONSTRAINTSFAILED);
|
| -
|
| - /* get CA Flag and path length */
|
| - if (basicConstraints != NULL) {
|
| - PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag
|
| - (basicConstraints,
|
| - &caFlag,
|
| - plContext),
|
| - PKIX_BASICCONSTRAINTSGETCAFLAGFAILED);
|
| -
|
| - if (caFlag == PKIX_TRUE) {
|
| - PKIX_CHECK
|
| - (PKIX_PL_BasicConstraints_GetPathLenConstraint
|
| - (basicConstraints,
|
| - &pathLength,
|
| - plContext),
|
| - PKIX_BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED);
|
| - }
|
| -
|
| - }else{
|
| - caFlag = PKIX_FALSE;
|
| - pathLength = PKIX_UNLIMITED_PATH_CONSTRAINT;
|
| - }
|
| -
|
| - PKIX_CHECK(pkix_IsCertSelfIssued
|
| - (cert,
|
| - &isSelfIssued,
|
| - plContext),
|
| - PKIX_ISCERTSELFISSUEDFAILED);
|
| -
|
| - maxPathLength_now = state->maxPathLength;
|
| -
|
| - if (isSelfIssued != PKIX_TRUE) {
|
| -
|
| - /* Not last CA Cert, but maxPathLength is down to zero */
|
| - if (maxPathLength_now == 0) {
|
| - PKIX_ERROR(PKIX_BASICCONSTRAINTSVALIDATIONFAILEDLN);
|
| - }
|
| -
|
| - if (caFlag == PKIX_FALSE) {
|
| - PKIX_ERROR(PKIX_BASICCONSTRAINTSVALIDATIONFAILEDCA);
|
| - }
|
| -
|
| - if (maxPathLength_now > 0) { /* can be unlimited (-1) */
|
| - maxPathLength_now--;
|
| - }
|
| -
|
| - }
|
| -
|
| - if (caFlag == PKIX_TRUE) {
|
| - if (maxPathLength_now == PKIX_UNLIMITED_PATH_CONSTRAINT){
|
| - maxPathLength_now = pathLength;
|
| - } else {
|
| - /* If pathLength is not specified, don't set */
|
| - if (pathLength != PKIX_UNLIMITED_PATH_CONSTRAINT) {
|
| - maxPathLength_now =
|
| - (maxPathLength_now > pathLength)?
|
| - pathLength:maxPathLength_now;
|
| - }
|
| - }
|
| - }
|
| -
|
| - state->maxPathLength = maxPathLength_now;
|
| - }
|
| -
|
| - /* Remove Basic Constraints Extension OID from list */
|
| - if (unresolvedCriticalExtensions != NULL) {
|
| -
|
| - PKIX_CHECK(pkix_List_Remove
|
| - (unresolvedCriticalExtensions,
|
| - (PKIX_PL_Object *) state->basicConstraintsOID,
|
| - plContext),
|
| - PKIX_LISTREMOVEFAILED);
|
| - }
|
| -
|
| -
|
| - PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
|
| - (checker, (PKIX_PL_Object *)state, plContext),
|
| - PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
|
| -
|
| -
|
| -cleanup:
|
| - PKIX_DECREF(state);
|
| - PKIX_DECREF(basicConstraints);
|
| - PKIX_RETURN(CERTCHAINCHECKER);
|
| -
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_BasicConstraintsChecker_Initialize
|
| - * DESCRIPTION:
|
| - * Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
|
| - * THREAD SAFETY:
|
| - * Not Thread Safe - for performance and complexity reasons
|
| - *
|
| - * Since this function is only called by PKIX_PL_Initialize, which should
|
| - * only be called once, it is acceptable that this function is not
|
| - * thread-safe.
|
| - */
|
| -PKIX_Error *
|
| -pkix_BasicConstraintsChecker_Initialize(
|
| - PKIX_UInt32 certsRemaining,
|
| - PKIX_CertChainChecker **pChecker,
|
| - void *plContext)
|
| -{
|
| - pkix_BasicConstraintsCheckerState *state = NULL;
|
| -
|
| - PKIX_ENTER(CERTCHAINCHECKER, "pkix_BasicConstraintsChecker_Initialize");
|
| - PKIX_NULLCHECK_ONE(pChecker);
|
| -
|
| - PKIX_CHECK(pkix_BasicConstraintsCheckerState_Create
|
| - (certsRemaining, &state, plContext),
|
| - PKIX_BASICCONSTRAINTSCHECKERSTATECREATEFAILED);
|
| -
|
| - PKIX_CHECK(PKIX_CertChainChecker_Create
|
| - (pkix_BasicConstraintsChecker_Check,
|
| - PKIX_FALSE,
|
| - PKIX_FALSE,
|
| - NULL,
|
| - (PKIX_PL_Object *)state,
|
| - pChecker,
|
| - plContext),
|
| - PKIX_CERTCHAINCHECKERCHECKFAILED);
|
| -
|
| -cleanup:
|
| - PKIX_DECREF(state);
|
| -
|
| - PKIX_RETURN(CERTCHAINCHECKER);
|
| -}
|
|
|
Chromium Code Reviews
Issue 2078763002:
Delete bundled copy of NSS and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss@master