Mercurial > trustbridge > nss-cmake-static
comparison nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 28 Jul 2014 10:47:06 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e5118fa0cb1 |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 /* | |
| 5 * pkix_namechainingchecker.c | |
| 6 * | |
| 7 * Functions for name chaining validation | |
| 8 * | |
| 9 */ | |
| 10 | |
| 11 | |
| 12 #include "pkix_namechainingchecker.h" | |
| 13 | |
| 14 /* --Private-Functions-------------------------------------------- */ | |
| 15 | |
| 16 /* | |
| 17 * FUNCTION: pkix_NameChainingChecker_Check | |
| 18 * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) | |
| 19 */ | |
| 20 PKIX_Error * | |
| 21 pkix_NameChainingChecker_Check( | |
| 22 PKIX_CertChainChecker *checker, | |
| 23 PKIX_PL_Cert *cert, | |
| 24 PKIX_List *unresolvedCriticalExtensions, | |
| 25 void **pNBIOContext, | |
| 26 void *plContext) | |
| 27 { | |
| 28 PKIX_PL_X500Name *prevSubject = NULL; | |
| 29 PKIX_PL_X500Name *currIssuer = NULL; | |
| 30 PKIX_PL_X500Name *currSubject = NULL; | |
| 31 PKIX_Boolean result; | |
| 32 | |
| 33 PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameChainingChecker_Check"); | |
| 34 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); | |
| 35 | |
| 36 *pNBIOContext = NULL; /* we never block on pending I/O */ | |
| 37 | |
| 38 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState | |
| 39 (checker, (PKIX_PL_Object **)&prevSubject, plContext), | |
| 40 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); | |
| 41 | |
| 42 PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &currIssuer, plContext), | |
| 43 PKIX_CERTGETISSUERFAILED); | |
| 44 | |
| 45 if (prevSubject){ | |
| 46 PKIX_CHECK(PKIX_PL_X500Name_Match | |
| 47 (prevSubject, currIssuer, &result, plContext), | |
| 48 PKIX_X500NAMEMATCHFAILED); | |
| 49 if (!result){ | |
| 50 PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED); | |
| 51 } | |
| 52 } else { | |
| 53 PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED); | |
| 54 } | |
| 55 | |
| 56 PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &currSubject, plContext), | |
| 57 PKIX_CERTGETSUBJECTFAILED); | |
| 58 | |
| 59 PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState | |
| 60 (checker, (PKIX_PL_Object *)currSubject, plContext), | |
| 61 PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED); | |
| 62 | |
| 63 cleanup: | |
| 64 | |
| 65 PKIX_DECREF(prevSubject); | |
| 66 PKIX_DECREF(currIssuer); | |
| 67 PKIX_DECREF(currSubject); | |
| 68 | |
| 69 PKIX_RETURN(CERTCHAINCHECKER); | |
| 70 | |
| 71 } | |
| 72 | |
| 73 /* | |
| 74 * FUNCTION: pkix_NameChainingChecker_Initialize | |
| 75 * DESCRIPTION: | |
| 76 * | |
| 77 * Creates a new CertChainChecker and stores it at "pChecker", where it will | |
| 78 * be used by pkix_NameChainingChecker_Check to check that the issuer name | |
| 79 * of the certificate matches the subject name in the checker's state. The | |
| 80 * X500Name pointed to by "trustedCAName" is used to initialize the checker's | |
| 81 * state. | |
| 82 * | |
| 83 * PARAMETERS: | |
| 84 * "trustedCAName" | |
| 85 * Address of X500Name representing the trusted CA Name used to | |
| 86 * initialize the state of this checker. Must be non-NULL. | |
| 87 * "pChecker" | |
| 88 * Address where object pointer will be stored. Must be non-NULL. | |
| 89 * "plContext" | |
| 90 * Platform-specific context pointer. | |
| 91 * THREAD SAFETY: | |
| 92 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |
| 93 * RETURNS: | |
| 94 * Returns NULL if the function succeeds. | |
| 95 * Returns a CertChainChecker Error if the function fails in a non-fatal way. | |
| 96 * Returns a Fatal Error if the function fails in an unrecoverable way. | |
| 97 */ | |
| 98 PKIX_Error * | |
| 99 pkix_NameChainingChecker_Initialize( | |
| 100 PKIX_PL_X500Name *trustedCAName, | |
| 101 PKIX_CertChainChecker **pChecker, | |
| 102 void *plContext) | |
| 103 { | |
| 104 PKIX_ENTER(CERTCHAINCHECKER, "PKIX_NameChainingChecker_Initialize"); | |
| 105 PKIX_NULLCHECK_TWO(pChecker, trustedCAName); | |
| 106 | |
| 107 PKIX_CHECK(PKIX_CertChainChecker_Create | |
| 108 (pkix_NameChainingChecker_Check, | |
| 109 PKIX_FALSE, | |
| 110 PKIX_FALSE, | |
| 111 NULL, | |
| 112 (PKIX_PL_Object *)trustedCAName, | |
| 113 pChecker, | |
| 114 plContext), | |
| 115 PKIX_CERTCHAINCHECKERCREATEFAILED); | |
| 116 | |
| 117 cleanup: | |
| 118 | |
| 119 PKIX_RETURN(CERTCHAINCHECKER); | |
| 120 | |
| 121 } |