| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Certificate handling code | 6 * Certificate handling code |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "nssilock.h" | 9 #include "nssilock.h" |
| 10 #include "prmon.h" | 10 #include "prmon.h" |
| (...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 202 { SEC_ASN1_SKIP_REST }, | 202 { SEC_ASN1_SKIP_REST }, |
| 203 { 0 } | 203 { 0 } |
| 204 }; | 204 }; |
| 205 | 205 |
| 206 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_TimeChoiceTemplate) | 206 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_TimeChoiceTemplate) |
| 207 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateTemplate) | 207 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateTemplate) |
| 208 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SignedCertificateTemplate) | 208 SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SignedCertificateTemplate) |
| 209 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SequenceOfCertExtensionTemplate) | 209 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SequenceOfCertExtensionTemplate) |
| 210 | 210 |
| 211 SECStatus | 211 SECStatus |
| 212 CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn, | 212 CERT_KeyFromIssuerAndSN(PLArenaPool *arena, SECItem *issuer, SECItem *sn, |
| 213 SECItem *key) | 213 SECItem *key) |
| 214 { | 214 { |
| 215 key->len = sn->len + issuer->len; | 215 key->len = sn->len + issuer->len; |
| 216 | 216 |
| 217 if ((sn->data == NULL) || (issuer->data == NULL)) { | 217 if ((sn->data == NULL) || (issuer->data == NULL)) { |
| 218 goto loser; | 218 goto loser; |
| 219 } | 219 } |
| 220 | 220 |
| 221 key->data = (unsigned char*)PORT_ArenaAlloc(arena, key->len); | 221 key->data = (unsigned char*)PORT_ArenaAlloc(arena, key->len); |
| 222 if ( !key->data ) { | 222 if ( !key->data ) { |
| (...skipping 13 matching lines...) Expand all Loading... |
| 236 } | 236 } |
| 237 | 237 |
| 238 | 238 |
| 239 /* | 239 /* |
| 240 * Extract the subject name from a DER certificate | 240 * Extract the subject name from a DER certificate |
| 241 */ | 241 */ |
| 242 SECStatus | 242 SECStatus |
| 243 CERT_NameFromDERCert(SECItem *derCert, SECItem *derName) | 243 CERT_NameFromDERCert(SECItem *derCert, SECItem *derName) |
| 244 { | 244 { |
| 245 int rv; | 245 int rv; |
| 246 PRArenaPool *arena; | 246 PLArenaPool *arena; |
| 247 CERTSignedData sd; | 247 CERTSignedData sd; |
| 248 void *tmpptr; | 248 void *tmpptr; |
| 249 | 249 |
| 250 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 250 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 251 | 251 |
| 252 if ( ! arena ) { | 252 if ( ! arena ) { |
| 253 return(SECFailure); | 253 return(SECFailure); |
| 254 } | 254 } |
| 255 | 255 |
| 256 PORT_Memset(&sd, 0, sizeof(CERTSignedData)); | 256 PORT_Memset(&sd, 0, sizeof(CERTSignedData)); |
| (...skipping 23 matching lines...) Expand all Loading... |
| 280 | 280 |
| 281 loser: | 281 loser: |
| 282 PORT_FreeArena(arena, PR_FALSE); | 282 PORT_FreeArena(arena, PR_FALSE); |
| 283 return(SECFailure); | 283 return(SECFailure); |
| 284 } | 284 } |
| 285 | 285 |
| 286 SECStatus | 286 SECStatus |
| 287 CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName) | 287 CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName) |
| 288 { | 288 { |
| 289 int rv; | 289 int rv; |
| 290 PRArenaPool *arena; | 290 PLArenaPool *arena; |
| 291 CERTSignedData sd; | 291 CERTSignedData sd; |
| 292 void *tmpptr; | 292 void *tmpptr; |
| 293 | 293 |
| 294 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 294 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 295 | 295 |
| 296 if ( ! arena ) { | 296 if ( ! arena ) { |
| 297 return(SECFailure); | 297 return(SECFailure); |
| 298 } | 298 } |
| 299 | 299 |
| 300 PORT_Memset(&sd, 0, sizeof(CERTSignedData)); | 300 PORT_Memset(&sd, 0, sizeof(CERTSignedData)); |
| (...skipping 23 matching lines...) Expand all Loading... |
| 324 | 324 |
| 325 loser: | 325 loser: |
| 326 PORT_FreeArena(arena, PR_FALSE); | 326 PORT_FreeArena(arena, PR_FALSE); |
| 327 return(SECFailure); | 327 return(SECFailure); |
| 328 } | 328 } |
| 329 | 329 |
| 330 SECStatus | 330 SECStatus |
| 331 CERT_SerialNumberFromDERCert(SECItem *derCert, SECItem *derName) | 331 CERT_SerialNumberFromDERCert(SECItem *derCert, SECItem *derName) |
| 332 { | 332 { |
| 333 int rv; | 333 int rv; |
| 334 PRArenaPool *arena; | 334 PLArenaPool *arena; |
| 335 CERTSignedData sd; | 335 CERTSignedData sd; |
| 336 void *tmpptr; | 336 void *tmpptr; |
| 337 | 337 |
| 338 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 338 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 339 | 339 |
| 340 if ( ! arena ) { | 340 if ( ! arena ) { |
| 341 return(SECFailure); | 341 return(SECFailure); |
| 342 } | 342 } |
| 343 | 343 |
| 344 PORT_Memset(&sd, 0, sizeof(CERTSignedData)); | 344 PORT_Memset(&sd, 0, sizeof(CERTSignedData)); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 369 loser: | 369 loser: |
| 370 PORT_FreeArena(arena, PR_FALSE); | 370 PORT_FreeArena(arena, PR_FALSE); |
| 371 return(SECFailure); | 371 return(SECFailure); |
| 372 } | 372 } |
| 373 | 373 |
| 374 /* | 374 /* |
| 375 * Generate a database key, based on serial number and issuer, from a | 375 * Generate a database key, based on serial number and issuer, from a |
| 376 * DER certificate. | 376 * DER certificate. |
| 377 */ | 377 */ |
| 378 SECStatus | 378 SECStatus |
| 379 CERT_KeyFromDERCert(PRArenaPool *reqArena, SECItem *derCert, SECItem *key) | 379 CERT_KeyFromDERCert(PLArenaPool *reqArena, SECItem *derCert, SECItem *key) |
| 380 { | 380 { |
| 381 int rv; | 381 int rv; |
| 382 CERTSignedData sd; | 382 CERTSignedData sd; |
| 383 CERTCertKey certkey; | 383 CERTCertKey certkey; |
| 384 | 384 |
| 385 if (!reqArena) { | 385 if (!reqArena) { |
| 386 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 386 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 387 return SECFailure; | 387 return SECFailure; |
| 388 } | 388 } |
| 389 | 389 |
| (...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 737 } | 737 } |
| 738 | 738 |
| 739 /* | 739 /* |
| 740 * take a DER certificate and decode it into a certificate structure | 740 * take a DER certificate and decode it into a certificate structure |
| 741 */ | 741 */ |
| 742 CERTCertificate * | 742 CERTCertificate * |
| 743 CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, | 743 CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, |
| 744 char *nickname) | 744 char *nickname) |
| 745 { | 745 { |
| 746 CERTCertificate *cert; | 746 CERTCertificate *cert; |
| 747 PRArenaPool *arena; | 747 PLArenaPool *arena; |
| 748 void *data; | 748 void *data; |
| 749 int rv; | 749 int rv; |
| 750 int len; | 750 int len; |
| 751 char *tmpname; | 751 char *tmpname; |
| 752 | 752 |
| 753 /* make a new arena */ | 753 /* make a new arena */ |
| 754 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 754 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 755 | 755 |
| 756 if ( !arena ) { | 756 if ( !arena ) { |
| 757 return 0; | 757 return 0; |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 867 | 867 |
| 868 CERTCertificate * | 868 CERTCertificate * |
| 869 __CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, | 869 __CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, |
| 870 char *nickname) | 870 char *nickname) |
| 871 { | 871 { |
| 872 return CERT_DecodeDERCertificate(derSignedCert, copyDER, nickname); | 872 return CERT_DecodeDERCertificate(derSignedCert, copyDER, nickname); |
| 873 } | 873 } |
| 874 | 874 |
| 875 | 875 |
| 876 CERTValidity * | 876 CERTValidity * |
| 877 CERT_CreateValidity(int64 notBefore, int64 notAfter) | 877 CERT_CreateValidity(PRTime notBefore, PRTime notAfter) |
| 878 { | 878 { |
| 879 CERTValidity *v; | 879 CERTValidity *v; |
| 880 int rv; | 880 int rv; |
| 881 PRArenaPool *arena; | 881 PLArenaPool *arena; |
| 882 | 882 |
| 883 if (notBefore > notAfter) { | 883 if (notBefore > notAfter) { |
| 884 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 884 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 885 return NULL; | 885 return NULL; |
| 886 } | 886 } |
| 887 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 887 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 888 | 888 |
| 889 if ( !arena ) { | 889 if ( !arena ) { |
| 890 return(0); | 890 return(0); |
| 891 } | 891 } |
| 892 | 892 |
| 893 v = (CERTValidity*) PORT_ArenaZAlloc(arena, sizeof(CERTValidity)); | 893 v = (CERTValidity*) PORT_ArenaZAlloc(arena, sizeof(CERTValidity)); |
| 894 if (v) { | 894 if (v) { |
| 895 v->arena = arena; | 895 v->arena = arena; |
| 896 rv = DER_EncodeTimeChoice(arena, &v->notBefore, notBefore); | 896 rv = DER_EncodeTimeChoice(arena, &v->notBefore, notBefore); |
| 897 if (rv) goto loser; | 897 if (rv) goto loser; |
| 898 rv = DER_EncodeTimeChoice(arena, &v->notAfter, notAfter); | 898 rv = DER_EncodeTimeChoice(arena, &v->notAfter, notAfter); |
| 899 if (rv) goto loser; | 899 if (rv) goto loser; |
| 900 } | 900 } |
| 901 return v; | 901 return v; |
| 902 | 902 |
| 903 loser: | 903 loser: |
| 904 CERT_DestroyValidity(v); | 904 CERT_DestroyValidity(v); |
| 905 return 0; | 905 return 0; |
| 906 } | 906 } |
| 907 | 907 |
| 908 SECStatus | 908 SECStatus |
| 909 CERT_CopyValidity(PRArenaPool *arena, CERTValidity *to, CERTValidity *from) | 909 CERT_CopyValidity(PLArenaPool *arena, CERTValidity *to, CERTValidity *from) |
| 910 { | 910 { |
| 911 SECStatus rv; | 911 SECStatus rv; |
| 912 | 912 |
| 913 CERT_DestroyValidity(to); | 913 CERT_DestroyValidity(to); |
| 914 to->arena = arena; | 914 to->arena = arena; |
| 915 | 915 |
| 916 rv = SECITEM_CopyItem(arena, &to->notBefore, &from->notBefore); | 916 rv = SECITEM_CopyItem(arena, &to->notBefore, &from->notBefore); |
| 917 if (rv) return rv; | 917 if (rv) return rv; |
| 918 rv = SECITEM_CopyItem(arena, &to->notAfter, &from->notAfter); | 918 rv = SECITEM_CopyItem(arena, &to->notAfter, &from->notAfter); |
| 919 return rv; | 919 return rv; |
| (...skipping 490 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1410 } | 1410 } |
| 1411 | 1411 |
| 1412 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); | 1412 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); |
| 1413 return SECFailure; | 1413 return SECFailure; |
| 1414 } | 1414 } |
| 1415 | 1415 |
| 1416 | 1416 |
| 1417 SECStatus | 1417 SECStatus |
| 1418 cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) | 1418 cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) |
| 1419 { | 1419 { |
| 1420 PRArenaPool * arena = NULL; | 1420 PLArenaPool * arena = NULL; |
| 1421 CERTGeneralName * nameList = NULL; | 1421 CERTGeneralName * nameList = NULL; |
| 1422 CERTGeneralName * current; | 1422 CERTGeneralName * current; |
| 1423 char * cn; | 1423 char * cn; |
| 1424 int cnBufLen; | 1424 int cnBufLen; |
| 1425 unsigned int hnLen; | 1425 unsigned int hnLen; |
| 1426 int DNSextCount = 0; | 1426 int DNSextCount = 0; |
| 1427 int IPextCount = 0; | 1427 int IPextCount = 0; |
| 1428 PRBool isIPaddr = PR_FALSE; | 1428 PRBool isIPaddr = PR_FALSE; |
| 1429 SECStatus rv = SECFailure; | 1429 SECStatus rv = SECFailure; |
| 1430 SECItem subAltName; | 1430 SECItem subAltName; |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1545 } | 1545 } |
| 1546 | 1546 |
| 1547 /* | 1547 /* |
| 1548 * If found: | 1548 * If found: |
| 1549 * - subAltName contains the extension (caller must free) | 1549 * - subAltName contains the extension (caller must free) |
| 1550 * - return value is the decoded namelist (allocated off arena) | 1550 * - return value is the decoded namelist (allocated off arena) |
| 1551 * if not found, or if failure to decode: | 1551 * if not found, or if failure to decode: |
| 1552 * - return value is NULL | 1552 * - return value is NULL |
| 1553 */ | 1553 */ |
| 1554 CERTGeneralName * | 1554 CERTGeneralName * |
| 1555 cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena) | 1555 cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena) |
| 1556 { | 1556 { |
| 1557 CERTGeneralName * nameList = NULL; | 1557 CERTGeneralName * nameList = NULL; |
| 1558 SECStatus rv = SECFailure; | 1558 SECStatus rv = SECFailure; |
| 1559 SECItem subAltName; | 1559 SECItem subAltName; |
| 1560 | 1560 |
| 1561 if (!cert || !arena) | 1561 if (!cert || !arena) |
| 1562 return NULL; | 1562 return NULL; |
| 1563 | 1563 |
| 1564 subAltName.data = NULL; | 1564 subAltName.data = NULL; |
| 1565 | 1565 |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1684 * Collect all valid DNS names from the given cert. | 1684 * Collect all valid DNS names from the given cert. |
| 1685 * The output arena will reference some temporaray data, | 1685 * The output arena will reference some temporaray data, |
| 1686 * but this saves us from dealing with two arenas. | 1686 * but this saves us from dealing with two arenas. |
| 1687 * The caller may free all data by freeing CERTCertNicknames->arena. | 1687 * The caller may free all data by freeing CERTCertNicknames->arena. |
| 1688 */ | 1688 */ |
| 1689 CERTCertNicknames * | 1689 CERTCertNicknames * |
| 1690 CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert) | 1690 CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert) |
| 1691 { | 1691 { |
| 1692 CERTGeneralName *generalNames; | 1692 CERTGeneralName *generalNames; |
| 1693 CERTCertNicknames *nickNames; | 1693 CERTCertNicknames *nickNames; |
| 1694 PRArenaPool *arena; | 1694 PLArenaPool *arena; |
| 1695 char *singleName; | 1695 char *singleName; |
| 1696 | 1696 |
| 1697 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 1697 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 1698 if (!arena) { | 1698 if (!arena) { |
| 1699 return NULL; | 1699 return NULL; |
| 1700 } | 1700 } |
| 1701 | 1701 |
| 1702 nickNames = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames)); | 1702 nickNames = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames)); |
| 1703 if (!nickNames) { | 1703 if (!nickNames) { |
| 1704 PORT_FreeArena(arena, PR_FALSE); | 1704 PORT_FreeArena(arena, PR_FALSE); |
| (...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1909 | 1909 |
| 1910 return(PR_TRUE); /* all fields but common name are the same */ | 1910 return(PR_TRUE); /* all fields but common name are the same */ |
| 1911 } | 1911 } |
| 1912 | 1912 |
| 1913 | 1913 |
| 1914 /* CERT_CertChainFromCert and CERT_DestroyCertificateList moved | 1914 /* CERT_CertChainFromCert and CERT_DestroyCertificateList moved |
| 1915 to certhigh.c */ | 1915 to certhigh.c */ |
| 1916 | 1916 |
| 1917 | 1917 |
| 1918 CERTIssuerAndSN * | 1918 CERTIssuerAndSN * |
| 1919 CERT_GetCertIssuerAndSN(PRArenaPool *arena, CERTCertificate *cert) | 1919 CERT_GetCertIssuerAndSN(PLArenaPool *arena, CERTCertificate *cert) |
| 1920 { | 1920 { |
| 1921 CERTIssuerAndSN *result; | 1921 CERTIssuerAndSN *result; |
| 1922 SECStatus rv; | 1922 SECStatus rv; |
| 1923 | 1923 |
| 1924 if ( arena == NULL ) { | 1924 if ( arena == NULL ) { |
| 1925 arena = cert->arena; | 1925 arena = cert->arena; |
| 1926 } | 1926 } |
| 1927 | 1927 |
| 1928 result = (CERTIssuerAndSN*)PORT_ArenaZAlloc(arena, sizeof(*result)); | 1928 result = (CERTIssuerAndSN*)PORT_ArenaZAlloc(arena, sizeof(*result)); |
| 1929 if (result == NULL) { | 1929 if (result == NULL) { |
| (...skipping 575 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2505 return ((fcerts || !ncerts) ? SECSuccess : SECFailure); | 2505 return ((fcerts || !ncerts) ? SECSuccess : SECFailure); |
| 2506 } | 2506 } |
| 2507 | 2507 |
| 2508 /* | 2508 /* |
| 2509 * a real list of certificates - need to convert CERTCertificateList | 2509 * a real list of certificates - need to convert CERTCertificateList |
| 2510 * stuff and ASN 1 encoder/decoder over to using this... | 2510 * stuff and ASN 1 encoder/decoder over to using this... |
| 2511 */ | 2511 */ |
| 2512 CERTCertList * | 2512 CERTCertList * |
| 2513 CERT_NewCertList(void) | 2513 CERT_NewCertList(void) |
| 2514 { | 2514 { |
| 2515 PRArenaPool *arena = NULL; | 2515 PLArenaPool *arena = NULL; |
| 2516 CERTCertList *ret = NULL; | 2516 CERTCertList *ret = NULL; |
| 2517 | 2517 |
| 2518 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 2518 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 2519 if ( arena == NULL ) { | 2519 if ( arena == NULL ) { |
| 2520 goto loser; | 2520 goto loser; |
| 2521 } | 2521 } |
| 2522 | 2522 |
| 2523 ret = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList)); | 2523 ret = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList)); |
| 2524 if ( ret == NULL ) { | 2524 if ( ret == NULL ) { |
| 2525 goto loser; | 2525 goto loser; |
| (...skipping 737 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3263 CERTCertificate *cert = NULL; | 3263 CERTCertificate *cert = NULL; |
| 3264 SECItem *derCert; | 3264 SECItem *derCert; |
| 3265 | 3265 |
| 3266 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); | 3266 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); |
| 3267 if (derCert) { | 3267 if (derCert) { |
| 3268 cert = CERT_FindCertByDERCert(handle, derCert); | 3268 cert = CERT_FindCertByDERCert(handle, derCert); |
| 3269 SECITEM_FreeItem(derCert, PR_TRUE); | 3269 SECITEM_FreeItem(derCert, PR_TRUE); |
| 3270 } | 3270 } |
| 3271 return cert; | 3271 return cert; |
| 3272 } | 3272 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16132005:
Allow NSS to be built with NO_NSPR_10_SUPPORT. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/