OLD | NEW |
| (Empty) |
1 /* | |
2 * NSS utility functions | |
3 * | |
4 * This Source Code Form is subject to the terms of the Mozilla Public | |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
7 | |
8 #include <stdio.h> | |
9 #include <string.h> | |
10 #include "prerror.h" | |
11 #include "secitem.h" | |
12 #include "prnetdb.h" | |
13 #include "cert.h" | |
14 #include "nspr.h" | |
15 #include "secder.h" | |
16 #include "key.h" | |
17 #include "nss.h" | |
18 | |
19 /* | |
20 * Look to see if any of the signers in the cert chain for "cert" are found | |
21 * in the list of caNames. | |
22 * Returns SECSuccess if so, SECFailure if not. | |
23 */ | |
24 SECStatus | |
25 NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) | |
26 { | |
27 SECItem *caname; | |
28 CERTCertificate *curcert; | |
29 CERTCertificate *oldcert; | |
30 PRInt32 contentlen; | |
31 int j; | |
32 int headerlen; | |
33 int depth; | |
34 SECStatus rv; | |
35 SECItem issuerName; | |
36 SECItem compatIssuerName; | |
37 | |
38 if (!cert || !caNames || !caNames->nnames || !caNames->names || | |
39 !caNames->names->data) | |
40 return SECFailure; | |
41 depth = 0; | |
42 curcert = CERT_DupCertificate(cert); | |
43 | |
44 while (curcert) { | |
45 issuerName = curcert->derIssuer; | |
46 | |
47 /* compute an alternate issuer name for compatibility with 2.0 | |
48 * enterprise server, which send the CA names without | |
49 * the outer layer of DER header | |
50 */ | |
51 rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen); | |
52 if (rv == SECSuccess) { | |
53 compatIssuerName.data = &issuerName.data[headerlen]; | |
54 compatIssuerName.len = issuerName.len - headerlen; | |
55 } else { | |
56 compatIssuerName.data = NULL; | |
57 compatIssuerName.len = 0; | |
58 } | |
59 | |
60 for (j = 0; j < caNames->nnames; j++) { | |
61 caname = &caNames->names[j]; | |
62 if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) { | |
63 rv = SECSuccess; | |
64 CERT_DestroyCertificate(curcert); | |
65 goto done; | |
66 } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqua
l) { | |
67 rv = SECSuccess; | |
68 CERT_DestroyCertificate(curcert); | |
69 goto done; | |
70 } | |
71 } | |
72 if ((depth <= 20) && | |
73 (SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) != | |
74 SECEqual)) { | |
75 oldcert = curcert; | |
76 curcert = CERT_FindCertByName(curcert->dbhandle, | |
77 &curcert->derIssuer); | |
78 CERT_DestroyCertificate(oldcert); | |
79 depth++; | |
80 } else { | |
81 CERT_DestroyCertificate(curcert); | |
82 curcert = NULL; | |
83 } | |
84 } | |
85 rv = SECFailure; | |
86 | |
87 done: | |
88 return rv; | |
89 } | |
OLD | NEW |