OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * pkix_namechainingchecker.c | 5 * pkix_namechainingchecker.c |
6 * | 6 * |
7 * Functions for name chaining validation | 7 * Functions for name chaining validation |
8 * | 8 * |
9 */ | 9 */ |
10 | 10 |
11 | |
12 #include "pkix_namechainingchecker.h" | 11 #include "pkix_namechainingchecker.h" |
13 | 12 |
14 /* --Private-Functions-------------------------------------------- */ | 13 /* --Private-Functions-------------------------------------------- */ |
15 | 14 |
16 /* | 15 /* |
17 * FUNCTION: pkix_NameChainingChecker_Check | 16 * FUNCTION: pkix_NameChainingChecker_Check |
18 * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) | 17 * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h) |
19 */ | 18 */ |
20 PKIX_Error * | 19 PKIX_Error *pkix_NameChainingChecker_Check( |
21 pkix_NameChainingChecker_Check( | 20 PKIX_CertChainChecker *checker, PKIX_PL_Cert *cert, |
22 PKIX_CertChainChecker *checker, | 21 PKIX_List *unresolvedCriticalExtensions, void **pNBIOContext, |
23 PKIX_PL_Cert *cert, | 22 void *plContext) { |
24 PKIX_List *unresolvedCriticalExtensions, | 23 PKIX_PL_X500Name *prevSubject = NULL; |
25 void **pNBIOContext, | 24 PKIX_PL_X500Name *currIssuer = NULL; |
26 void *plContext) | 25 PKIX_PL_X500Name *currSubject = NULL; |
27 { | 26 PKIX_Boolean result; |
28 PKIX_PL_X500Name *prevSubject = NULL; | |
29 PKIX_PL_X500Name *currIssuer = NULL; | |
30 PKIX_PL_X500Name *currSubject = NULL; | |
31 PKIX_Boolean result; | |
32 | 27 |
33 PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameChainingChecker_Check"); | 28 PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameChainingChecker_Check"); |
34 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); | 29 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); |
35 | 30 |
36 *pNBIOContext = NULL; /* we never block on pending I/O */ | 31 *pNBIOContext = NULL; /* we never block on pending I/O */ |
37 | 32 |
38 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState | 33 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState( |
39 (checker, (PKIX_PL_Object **)&prevSubject, plContext), | 34 checker, (PKIX_PL_Object **)&prevSubject, plContext), |
40 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); | 35 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); |
41 | 36 |
42 PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &currIssuer, plContext), | 37 PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &currIssuer, plContext), |
43 PKIX_CERTGETISSUERFAILED); | 38 PKIX_CERTGETISSUERFAILED); |
44 | 39 |
45 if (prevSubject){ | 40 if (prevSubject) { |
46 PKIX_CHECK(PKIX_PL_X500Name_Match | 41 PKIX_CHECK( |
47 (prevSubject, currIssuer, &result, plContext), | 42 PKIX_PL_X500Name_Match(prevSubject, currIssuer, &result, plContext), |
48 PKIX_X500NAMEMATCHFAILED); | 43 PKIX_X500NAMEMATCHFAILED); |
49 if (!result){ | 44 if (!result) { |
50 PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED); | 45 PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED); |
51 } | 46 } |
52 } else { | 47 } else { |
53 PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED); | 48 PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED); |
54 } | 49 } |
55 | 50 |
56 PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &currSubject, plContext), | 51 PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &currSubject, plContext), |
57 PKIX_CERTGETSUBJECTFAILED); | 52 PKIX_CERTGETSUBJECTFAILED); |
58 | 53 |
59 PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState | 54 PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState( |
60 (checker, (PKIX_PL_Object *)currSubject, plContext), | 55 checker, (PKIX_PL_Object *)currSubject, plContext), |
61 PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED); | 56 PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED); |
62 | 57 |
63 cleanup: | 58 cleanup: |
64 | 59 |
65 PKIX_DECREF(prevSubject); | 60 PKIX_DECREF(prevSubject); |
66 PKIX_DECREF(currIssuer); | 61 PKIX_DECREF(currIssuer); |
67 PKIX_DECREF(currSubject); | 62 PKIX_DECREF(currSubject); |
68 | 63 |
69 PKIX_RETURN(CERTCHAINCHECKER); | 64 PKIX_RETURN(CERTCHAINCHECKER); |
70 | |
71 } | 65 } |
72 | 66 |
73 /* | 67 /* |
74 * FUNCTION: pkix_NameChainingChecker_Initialize | 68 * FUNCTION: pkix_NameChainingChecker_Initialize |
75 * DESCRIPTION: | 69 * DESCRIPTION: |
76 * | 70 * |
77 * Creates a new CertChainChecker and stores it at "pChecker", where it will | 71 * Creates a new CertChainChecker and stores it at "pChecker", where it will |
78 * be used by pkix_NameChainingChecker_Check to check that the issuer name | 72 * be used by pkix_NameChainingChecker_Check to check that the issuer name |
79 * of the certificate matches the subject name in the checker's state. The | 73 * of the certificate matches the subject name in the checker's state. The |
80 * X500Name pointed to by "trustedCAName" is used to initialize the checker's | 74 * X500Name pointed to by "trustedCAName" is used to initialize the checker's |
81 * state. | 75 * state. |
82 * | 76 * |
83 * PARAMETERS: | 77 * PARAMETERS: |
84 * "trustedCAName" | 78 * "trustedCAName" |
85 * Address of X500Name representing the trusted CA Name used to | 79 * Address of X500Name representing the trusted CA Name used to |
86 * initialize the state of this checker. Must be non-NULL. | 80 * initialize the state of this checker. Must be non-NULL. |
87 * "pChecker" | 81 * "pChecker" |
88 * Address where object pointer will be stored. Must be non-NULL. | 82 * Address where object pointer will be stored. Must be non-NULL. |
89 * "plContext" | 83 * "plContext" |
90 * Platform-specific context pointer. | 84 * Platform-specific context pointer. |
91 * THREAD SAFETY: | 85 * THREAD SAFETY: |
92 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 86 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
93 * RETURNS: | 87 * RETURNS: |
94 * Returns NULL if the function succeeds. | 88 * Returns NULL if the function succeeds. |
95 * Returns a CertChainChecker Error if the function fails in a non-fatal way. | 89 * Returns a CertChainChecker Error if the function fails in a non-fatal way. |
96 * Returns a Fatal Error if the function fails in an unrecoverable way. | 90 * Returns a Fatal Error if the function fails in an unrecoverable way. |
97 */ | 91 */ |
98 PKIX_Error * | 92 PKIX_Error *pkix_NameChainingChecker_Initialize( |
99 pkix_NameChainingChecker_Initialize( | 93 PKIX_PL_X500Name *trustedCAName, PKIX_CertChainChecker **pChecker, |
100 PKIX_PL_X500Name *trustedCAName, | 94 void *plContext) { |
101 PKIX_CertChainChecker **pChecker, | 95 PKIX_ENTER(CERTCHAINCHECKER, "PKIX_NameChainingChecker_Initialize"); |
102 void *plContext) | 96 PKIX_NULLCHECK_TWO(pChecker, trustedCAName); |
103 { | |
104 PKIX_ENTER(CERTCHAINCHECKER, "PKIX_NameChainingChecker_Initialize"); | |
105 PKIX_NULLCHECK_TWO(pChecker, trustedCAName); | |
106 | 97 |
107 PKIX_CHECK(PKIX_CertChainChecker_Create | 98 PKIX_CHECK(PKIX_CertChainChecker_Create( |
108 (pkix_NameChainingChecker_Check, | 99 pkix_NameChainingChecker_Check, PKIX_FALSE, PKIX_FALSE, NULL, |
109 PKIX_FALSE, | 100 (PKIX_PL_Object *)trustedCAName, pChecker, plContext), |
110 PKIX_FALSE, | 101 PKIX_CERTCHAINCHECKERCREATEFAILED); |
111 NULL, | |
112 (PKIX_PL_Object *)trustedCAName, | |
113 pChecker, | |
114 plContext), | |
115 PKIX_CERTCHAINCHECKERCREATEFAILED); | |
116 | 102 |
117 cleanup: | 103 cleanup: |
118 | 104 |
119 PKIX_RETURN(CERTCHAINCHECKER); | 105 PKIX_RETURN(CERTCHAINCHECKER); |
120 | |
121 } | 106 } |
OLD | NEW |