File: | libxmlsec/unxlngi6.pro/misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c |
Location: | line 170, column 6 |
Description: | Value stored to 'timeboundary' is never read |
1 | /** |
2 | * XMLSec library |
3 | * |
4 | * X509 support |
5 | * |
6 | * |
7 | * This is free software; see Copyright file in the source |
8 | * distribution for preciese wording. |
9 | * |
10 | * Copyright (c) 2003 America Online, Inc. All rights reserved. |
11 | */ |
12 | #include "globals.h" |
13 | |
14 | #ifndef XMLSEC_NO_X509 |
15 | |
16 | #include <stdlib.h> |
17 | #include <stdio.h> |
18 | #include <string.h> |
19 | #include <ctype.h> |
20 | #include <errno(*__errno_location ()).h> |
21 | |
22 | #include <cert.h> |
23 | #include <secerr.h> |
24 | |
25 | #include <libxml/tree.h> |
26 | |
27 | #include <xmlsec/xmlsec.h> |
28 | #include <xmlsec/xmltree.h> |
29 | #include <xmlsec/keys.h> |
30 | #include <xmlsec/keyinfo.h> |
31 | #include <xmlsec/keysmngr.h> |
32 | #include <xmlsec/base64.h> |
33 | #include <xmlsec/bn.h> |
34 | #include <xmlsec/errors.h> |
35 | |
36 | #include <xmlsec/nss/crypto.h> |
37 | #include <xmlsec/nss/x509.h> |
38 | |
39 | /************************************************************************** |
40 | * |
41 | * Internal NSS X509 store CTX |
42 | * |
43 | *************************************************************************/ |
44 | typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, |
45 | *xmlSecNssX509StoreCtxPtr; |
46 | struct _xmlSecNssX509StoreCtx { |
47 | CERTCertList* certsList; /* just keeping a reference to destroy later */ |
48 | }; |
49 | |
50 | /**************************************************************************** |
51 | * |
52 | * xmlSecNssKeyDataStoreX509Id: |
53 | * |
54 | * xmlSecNssX509StoreCtx is located after xmlSecTransform |
55 | * |
56 | ***************************************************************************/ |
57 | #define xmlSecNssX509StoreGetCtx(store)((xmlSecNssX509StoreCtxPtr)(((unsigned char*)(store)) + sizeof (xmlSecKeyDataStoreKlass))) \ |
58 | ((xmlSecNssX509StoreCtxPtr)(((xmlSecByteunsigned char*)(store)) + \ |
59 | sizeof(xmlSecKeyDataStoreKlass))) |
60 | #define xmlSecNssX509StoreSize(sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx )) \ |
61 | (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) |
62 | |
63 | static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); |
64 | static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); |
65 | static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; |
66 | |
67 | static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { |
68 | sizeof(xmlSecKeyDataStoreKlass), |
69 | xmlSecNssX509StoreSize(sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx )), |
70 | |
71 | /* data */ |
72 | xmlSecNameX509Store, /* const xmlChar* name; */ |
73 | |
74 | /* constructors/destructor */ |
75 | xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ |
76 | xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ |
77 | |
78 | /* reserved for the future */ |
79 | NULL((void*)0), /* void* reserved0; */ |
80 | NULL((void*)0), /* void* reserved1; */ |
81 | }; |
82 | |
83 | static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, |
84 | xmlChar *issuerName, |
85 | xmlChar *issuerSerial, |
86 | xmlChar *ski); |
87 | |
88 | |
89 | /** |
90 | * xmlSecNssX509StoreGetKlass: |
91 | * |
92 | * The NSS X509 certificates key data store klass. |
93 | * |
94 | * Returns: pointer to NSS X509 certificates key data store klass. |
95 | */ |
96 | xmlSecKeyDataStoreId |
97 | xmlSecNssX509StoreGetKlass(void) { |
98 | return(&xmlSecNssX509StoreKlass); |
99 | } |
100 | |
101 | /** |
102 | * xmlSecNssX509StoreFindCert: |
103 | * @store: the pointer to X509 key data store klass. |
104 | * @subjectName: the desired certificate name. |
105 | * @issuerName: the desired certificate issuer name. |
106 | * @issuerSerial: the desired certificate issuer serial number. |
107 | * @ski: the desired certificate SKI. |
108 | * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. |
109 | * |
110 | * Searches @store for a certificate that matches given criteria. |
111 | * |
112 | * Returns: pointer to found certificate or NULL if certificate is not found |
113 | * or an error occurs. |
114 | */ |
115 | CERTCertificate * |
116 | xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, |
117 | xmlChar *issuerName, xmlChar *issuerSerial, |
118 | xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { |
119 | xmlSecNssX509StoreCtxPtr ctx; |
120 | |
121 | xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL)if(!( (((( ( store ) ) != ((void*)0)) && ((( ( store ) )->id) != ((void*)0))) && ((( store )->id) == ( xmlSecNssX509StoreGetKlass() ))) ) ) { xmlSecError("x509vfy.c" ,121,__FUNCTION__, ((void*)0), "xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)" , 100, " "); return(((void*)0)); }; |
122 | xmlSecAssert2(keyInfoCtx != NULL, NULL)if(!( keyInfoCtx != ((void*)0) ) ) { xmlSecError("x509vfy.c", 122,__FUNCTION__, ((void*)0), "keyInfoCtx != NULL", 100, " ") ; return(((void*)0)); }; |
123 | |
124 | ctx = xmlSecNssX509StoreGetCtx(store)((xmlSecNssX509StoreCtxPtr)(((unsigned char*)(store)) + sizeof (xmlSecKeyDataStoreKlass))); |
125 | xmlSecAssert2(ctx != NULL, NULL)if(!( ctx != ((void*)0) ) ) { xmlSecError("x509vfy.c",125,__FUNCTION__ , ((void*)0), "ctx != NULL", 100, " "); return(((void*)0)); }; |
126 | |
127 | return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); |
128 | } |
129 | |
130 | /** |
131 | * xmlSecNssX509StoreVerify: |
132 | * @store: the pointer to X509 key data store klass. |
133 | * @certs: the untrusted certificates stack. |
134 | * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. |
135 | * |
136 | * Verifies @certs list. |
137 | * |
138 | * Returns: pointer to the first verified certificate from @certs. |
139 | */ |
140 | CERTCertificate * |
141 | xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, |
142 | xmlSecKeyInfoCtx* keyInfoCtx) { |
143 | xmlSecNssX509StoreCtxPtr ctx; |
144 | CERTCertListNode* head; |
145 | CERTCertificate* cert = NULL((void*)0); |
146 | CERTCertListNode* head1; |
147 | CERTCertificate* cert1 = NULL((void*)0); |
148 | SECStatus status = SECFailure; |
149 | int64 timeboundary; |
150 | int64 tmp1, tmp2; |
151 | |
152 | xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL)if(!( (((( ( store ) ) != ((void*)0)) && ((( ( store ) )->id) != ((void*)0))) && ((( store )->id) == ( xmlSecNssX509StoreGetKlass() ))) ) ) { xmlSecError("x509vfy.c" ,152,__FUNCTION__, ((void*)0), "xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)" , 100, " "); return(((void*)0)); }; |
153 | xmlSecAssert2(certs != NULL, NULL)if(!( certs != ((void*)0) ) ) { xmlSecError("x509vfy.c",153,__FUNCTION__ , ((void*)0), "certs != NULL", 100, " "); return(((void*)0)); }; |
154 | xmlSecAssert2(keyInfoCtx != NULL, NULL)if(!( keyInfoCtx != ((void*)0) ) ) { xmlSecError("x509vfy.c", 154,__FUNCTION__, ((void*)0), "keyInfoCtx != NULL", 100, " ") ; return(((void*)0)); }; |
155 | |
156 | ctx = xmlSecNssX509StoreGetCtx(store)((xmlSecNssX509StoreCtxPtr)(((unsigned char*)(store)) + sizeof (xmlSecKeyDataStoreKlass))); |
157 | xmlSecAssert2(ctx != NULL, NULL)if(!( ctx != ((void*)0) ) ) { xmlSecError("x509vfy.c",157,__FUNCTION__ , ((void*)0), "ctx != NULL", 100, " "); return(((void*)0)); }; |
158 | |
159 | for (head = CERT_LIST_HEAD(certs)((CERTCertListNode *)(&certs->list)->next); |
160 | !CERT_LIST_END(head, certs)(((void *)head) == ((void *)&certs->list)); |
161 | head = CERT_LIST_NEXT(head)((CERTCertListNode *)head->links.next)) { |
162 | cert = head->cert; |
163 | if(keyInfoCtx->certsVerificationTime > 0) { |
164 | /* convert the time since epoch in seconds to microseconds */ |
165 | LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime)((timeboundary) = (PRInt64)(keyInfoCtx->certsVerificationTime )); |
166 | tmp1 = (int64)PR_USEC_PER_SEC1000000L; |
167 | tmp2 = timeboundary; |
168 | LL_MUL(timeboundary, tmp1, tmp2)((timeboundary) = (tmp1) * (tmp2)); |
169 | } else { |
170 | timeboundary = PR_Now(); |
Value stored to 'timeboundary' is never read | |
171 | } |
172 | |
173 | /* if cert is the issuer of any other cert in the list, then it is |
174 | * to be skipped */ |
175 | for (head1 = CERT_LIST_HEAD(certs)((CERTCertListNode *)(&certs->list)->next); |
176 | !CERT_LIST_END(head1, certs)(((void *)head1) == ((void *)&certs->list)); |
177 | head1 = CERT_LIST_NEXT(head1)((CERTCertListNode *)head1->links.next)) { |
178 | |
179 | cert1 = head1->cert; |
180 | if (cert1 == cert) { |
181 | continue; |
182 | } |
183 | |
184 | if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) |
185 | == SECEqual) { |
186 | break; |
187 | } |
188 | } |
189 | |
190 | if (!CERT_LIST_END(head1, certs)(((void *)head1) == ((void *)&certs->list))) { |
191 | continue; |
192 | } |
193 | |
194 | |
195 | /* |
196 | JL: OpenOffice.org implements its own certificate verification routine. |
197 | The goal is to seperate validation of the signature |
198 | and the certificate. For example, OOo could show that the document signature is valid, |
199 | but the certificate could not be verified. If we do not prevent the verification of |
200 | the certificate by libxmlsec and the verification fails, then the XML signature may not be |
201 | verified. This would happen, for example, if the root certificate is not installed. |
202 | |
203 | status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), |
204 | cert, PR_FALSE, |
205 | (SECCertificateUsage)0, |
206 | timeboundary , NULL, NULL, NULL); |
207 | if (status == SECSuccess) { |
208 | break; |
209 | } |
210 | |
211 | */ |
212 | status = SECSuccess; |
213 | break; |
214 | |
215 | } |
216 | |
217 | if (status == SECSuccess) { |
218 | return (cert); |
219 | } |
220 | |
221 | switch(PORT_GetError()) { |
222 | case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: |
223 | case SEC_ERROR_CA_CERT_INVALID: |
224 | case SEC_ERROR_UNKNOWN_SIGNER: |
225 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",225,__FUNCTION__, |
226 | xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store))(((((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0))) != ((void*)0)) ? ((char *)(((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0)))) : (char*)"NULL"), |
227 | NULL((void*)0), |
228 | XMLSEC_ERRORS_R_CERT_ISSUER_FAILED74, |
229 | "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", |
230 | cert->subjectName); |
231 | break; |
232 | case SEC_ERROR_EXPIRED_CERTIFICATE: |
233 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",233,__FUNCTION__, |
234 | xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store))(((((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0))) != ((void*)0)) ? ((char *)(((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0)))) : (char*)"NULL"), |
235 | NULL((void*)0), |
236 | XMLSEC_ERRORS_R_CERT_HAS_EXPIRED76, |
237 | "cert with subject name %s has expired", |
238 | cert->subjectName); |
239 | break; |
240 | case SEC_ERROR_REVOKED_CERTIFICATE: |
241 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",241,__FUNCTION__, |
242 | xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store))(((((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0))) != ((void*)0)) ? ((char *)(((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0)))) : (char*)"NULL"), |
243 | NULL((void*)0), |
244 | XMLSEC_ERRORS_R_CERT_REVOKED73, |
245 | "cert with subject name %s has been revoked", |
246 | cert->subjectName); |
247 | break; |
248 | default: |
249 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",249,__FUNCTION__, |
250 | xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store))(((((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0))) != ((void*)0)) ? ((char *)(((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0)))) : (char*)"NULL"), |
251 | NULL((void*)0), |
252 | XMLSEC_ERRORS_R_CERT_VERIFY_FAILED71, |
253 | "cert with subject name %s could not be verified, errcode %d", |
254 | cert->subjectName, |
255 | PORT_GetError()); |
256 | break; |
257 | } |
258 | |
259 | return (NULL((void*)0)); |
260 | } |
261 | |
262 | /** |
263 | * xmlSecNssX509StoreAdoptCert: |
264 | * @store: the pointer to X509 key data store klass. |
265 | * @cert: the pointer to NSS X509 certificate. |
266 | * @type: the certificate type (trusted/untrusted). |
267 | * |
268 | * Adds trusted (root) or untrusted certificate to the store. |
269 | * |
270 | * Returns: 0 on success or a negative value if an error occurs. |
271 | */ |
272 | int |
273 | xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED__attribute__((unused))) { |
274 | xmlSecNssX509StoreCtxPtr ctx; |
275 | int ret; |
276 | |
277 | xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1)if(!( (((( ( store ) ) != ((void*)0)) && ((( ( store ) )->id) != ((void*)0))) && ((( store )->id) == ( xmlSecNssX509StoreGetKlass() ))) ) ) { xmlSecError("x509vfy.c" ,277,__FUNCTION__, ((void*)0), "xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)" , 100, " "); return(-1); }; |
278 | xmlSecAssert2(cert != NULL, -1)if(!( cert != ((void*)0) ) ) { xmlSecError("x509vfy.c",278,__FUNCTION__ , ((void*)0), "cert != NULL", 100, " "); return(-1); }; |
279 | |
280 | ctx = xmlSecNssX509StoreGetCtx(store)((xmlSecNssX509StoreCtxPtr)(((unsigned char*)(store)) + sizeof (xmlSecKeyDataStoreKlass))); |
281 | xmlSecAssert2(ctx != NULL, -1)if(!( ctx != ((void*)0) ) ) { xmlSecError("x509vfy.c",281,__FUNCTION__ , ((void*)0), "ctx != NULL", 100, " "); return(-1); }; |
282 | |
283 | if(ctx->certsList == NULL((void*)0)) { |
284 | ctx->certsList = CERT_NewCertList(); |
285 | if(ctx->certsList == NULL((void*)0)) { |
286 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",286,__FUNCTION__, |
287 | xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store))(((((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0))) != ((void*)0)) ? ((char *)(((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0)))) : (char*)"NULL"), |
288 | "CERT_NewCertList", |
289 | XMLSEC_ERRORS_R_CRYPTO_FAILED4, |
290 | "error code=%d", PORT_GetError()); |
291 | return(-1); |
292 | } |
293 | } |
294 | |
295 | ret = CERT_AddCertToListTail(ctx->certsList, cert); |
296 | if(ret != SECSuccess) { |
297 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",297,__FUNCTION__, |
298 | xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store))(((((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0))) != ((void*)0)) ? ((char *)(((((( (store) ) != ((void*)0)) && ((( (store) )-> id) != ((void*)0)))) ? ((((store)->id)) ? (((store)->id )->name) : ((void*)0)) : ((void*)0)))) : (char*)"NULL"), |
299 | "CERT_AddCertToListTail", |
300 | XMLSEC_ERRORS_R_CRYPTO_FAILED4, |
301 | "error code=%d", PORT_GetError()); |
302 | return(-1); |
303 | } |
304 | |
305 | return(0); |
306 | } |
307 | |
308 | static int |
309 | xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { |
310 | xmlSecNssX509StoreCtxPtr ctx; |
311 | xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1)if(!( (((( ( store ) ) != ((void*)0)) && ((( ( store ) )->id) != ((void*)0))) && ((( store )->id) == ( xmlSecNssX509StoreGetKlass() ))) ) ) { xmlSecError("x509vfy.c" ,311,__FUNCTION__, ((void*)0), "xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)" , 100, " "); return(-1); }; |
312 | |
313 | ctx = xmlSecNssX509StoreGetCtx(store)((xmlSecNssX509StoreCtxPtr)(((unsigned char*)(store)) + sizeof (xmlSecKeyDataStoreKlass))); |
314 | xmlSecAssert2(ctx != NULL, -1)if(!( ctx != ((void*)0) ) ) { xmlSecError("x509vfy.c",314,__FUNCTION__ , ((void*)0), "ctx != NULL", 100, " "); return(-1); }; |
315 | |
316 | memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); |
317 | |
318 | return(0); |
319 | } |
320 | |
321 | static void |
322 | xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { |
323 | xmlSecNssX509StoreCtxPtr ctx; |
324 | xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId))if(!( (((( ( store ) ) != ((void*)0)) && ((( ( store ) )->id) != ((void*)0))) && ((( store )->id) == ( xmlSecNssX509StoreGetKlass() ))) ) ) { xmlSecError("x509vfy.c" ,324,__FUNCTION__, ((void*)0), "xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)" , 100, " "); return; }; |
325 | |
326 | ctx = xmlSecNssX509StoreGetCtx(store)((xmlSecNssX509StoreCtxPtr)(((unsigned char*)(store)) + sizeof (xmlSecKeyDataStoreKlass))); |
327 | xmlSecAssert(ctx != NULL)if(!( ctx != ((void*)0) ) ) { xmlSecError("x509vfy.c",327,__FUNCTION__ , ((void*)0), "ctx != NULL", 100, " "); return; }; |
328 | |
329 | if (ctx->certsList) { |
330 | CERT_DestroyCertList(ctx->certsList); |
331 | ctx->certsList = NULL((void*)0); |
332 | } |
333 | |
334 | memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); |
335 | } |
336 | |
337 | |
338 | /***************************************************************************** |
339 | * |
340 | * Low-level x509 functions |
341 | * |
342 | *****************************************************************************/ |
343 | static CERTCertificate* |
344 | xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, |
345 | xmlChar *issuerSerial, xmlChar *ski) { |
346 | CERTCertificate *cert = NULL((void*)0); |
347 | CERTName *name = NULL((void*)0); |
348 | SECItem *nameitem = NULL((void*)0); |
349 | PRArenaPoolPLArenaPool *arena = NULL((void*)0); |
350 | |
351 | if (subjectName != NULL((void*)0)) { |
352 | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE(2048)); |
353 | if (arena == NULL((void*)0)) { |
354 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",354,__FUNCTION__, |
355 | NULL((void*)0), |
356 | "PORT_NewArena", |
357 | XMLSEC_ERRORS_R_CRYPTO_FAILED4, |
358 | "error code=%d", PORT_GetError()); |
359 | goto done; |
360 | } |
361 | |
362 | name = CERT_AsciiToName((char*)subjectName); |
363 | if (name == NULL((void*)0)) { |
364 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",364,__FUNCTION__, |
365 | NULL((void*)0), |
366 | "CERT_AsciiToName", |
367 | XMLSEC_ERRORS_R_XMLSEC_FAILED1, |
368 | "error code=%d", PORT_GetError()); |
369 | goto done; |
370 | } |
371 | |
372 | nameitem = SEC_ASN1EncodeItem(arena, NULL((void*)0), (void *)name, |
373 | SEC_ASN1_GET(CERT_NameTemplate)CERT_NameTemplate); |
374 | if (nameitem == NULL((void*)0)) { |
375 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",375,__FUNCTION__, |
376 | NULL((void*)0), |
377 | "SEC_ASN1EncodeItem", |
378 | XMLSEC_ERRORS_R_XMLSEC_FAILED1, |
379 | "error code=%d", PORT_GetError()); |
380 | goto done; |
381 | } |
382 | |
383 | cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); |
384 | goto done; |
385 | } |
386 | |
387 | if((issuerName != NULL((void*)0)) && (issuerSerial != NULL((void*)0))) { |
388 | CERTIssuerAndSN issuerAndSN; |
389 | |
390 | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE(2048)); |
391 | if (arena == NULL((void*)0)) { |
392 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",392,__FUNCTION__, |
393 | NULL((void*)0), |
394 | "PORT_NewArena", |
395 | XMLSEC_ERRORS_R_CRYPTO_FAILED4, |
396 | "error code=%d", PORT_GetError()); |
397 | goto done; |
398 | } |
399 | |
400 | name = CERT_AsciiToName((char*)issuerName); |
401 | if (name == NULL((void*)0)) { |
402 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",402,__FUNCTION__, |
403 | NULL((void*)0), |
404 | "CERT_AsciiToName", |
405 | XMLSEC_ERRORS_R_XMLSEC_FAILED1, |
406 | "error code=%d", PORT_GetError()); |
407 | goto done; |
408 | } |
409 | |
410 | nameitem = SEC_ASN1EncodeItem(arena, NULL((void*)0), (void *)name, |
411 | SEC_ASN1_GET(CERT_NameTemplate)CERT_NameTemplate); |
412 | if (nameitem == NULL((void*)0)) { |
413 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",413,__FUNCTION__, |
414 | NULL((void*)0), |
415 | "SEC_ASN1EncodeItem", |
416 | XMLSEC_ERRORS_R_XMLSEC_FAILED1, |
417 | "error code=%d", PORT_GetError()); |
418 | goto done; |
419 | } |
420 | |
421 | memset(&issuerAndSN, 0, sizeof(issuerAndSN)); |
422 | |
423 | issuerAndSN.derIssuer.data = nameitem->data; |
424 | issuerAndSN.derIssuer.len = nameitem->len; |
425 | |
426 | if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { |
427 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",427,__FUNCTION__, |
428 | NULL((void*)0), |
429 | "xmlSecNssIntegerToItem", |
430 | XMLSEC_ERRORS_R_XMLSEC_FAILED1, |
431 | "serial number=%s", |
432 | xmlSecErrorsSafeString(issuerSerial)(((issuerSerial) != ((void*)0)) ? ((char*)(issuerSerial)) : ( char*)"NULL")); |
433 | goto done; |
434 | } |
435 | |
436 | cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), |
437 | &issuerAndSN); |
438 | SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE0); |
439 | goto done; |
440 | } |
441 | |
442 | if(ski != NULL((void*)0)) { |
443 | SECItem subjKeyID; |
444 | int len; |
445 | |
446 | len = xmlSecBase64Decode(ski, (xmlSecByteunsigned char*)ski, xmlStrlen(ski)); |
447 | if(len < 0) { |
448 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",448,__FUNCTION__, |
449 | NULL((void*)0), |
450 | "xmlSecBase64Decode", |
451 | XMLSEC_ERRORS_R_XMLSEC_FAILED1, |
452 | "ski=%s", |
453 | xmlSecErrorsSafeString(ski)(((ski) != ((void*)0)) ? ((char*)(ski)) : (char*)"NULL")); |
454 | goto done; |
455 | } |
456 | |
457 | memset(&subjKeyID, 0, sizeof(subjKeyID)); |
458 | subjKeyID.data = ski; |
459 | subjKeyID.len = xmlStrlen(ski); |
460 | cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), |
461 | &subjKeyID); |
462 | } |
463 | |
464 | done: |
465 | if (arena != NULL((void*)0)) { |
466 | PORT_FreeArena(arena, PR_FALSE0); |
467 | } |
468 | if (name != NULL((void*)0)) { |
469 | CERT_DestroyName(name); |
470 | } |
471 | |
472 | return(cert); |
473 | } |
474 | |
475 | /* code lifted from NSS */ |
476 | static void |
477 | xmlSecNssNumToItem(SECItem *it, unsigned long ui) |
478 | { |
479 | unsigned char bb[5]; |
480 | int len; |
481 | |
482 | bb[0] = 0; |
483 | bb[1] = (unsigned char) (ui >> 24); |
484 | bb[2] = (unsigned char) (ui >> 16); |
485 | bb[3] = (unsigned char) (ui >> 8); |
486 | bb[4] = (unsigned char) (ui); |
487 | |
488 | /* |
489 | ** Small integers are encoded in a single byte. Larger integers |
490 | ** require progressively more space. |
491 | */ |
492 | if (ui > 0x7f) { |
493 | if (ui > 0x7fff) { |
494 | if (ui > 0x7fffffL) { |
495 | if (ui >= 0x80000000L) { |
496 | len = 5; |
497 | } else { |
498 | len = 4; |
499 | } |
500 | } else { |
501 | len = 3; |
502 | } |
503 | } else { |
504 | len = 2; |
505 | } |
506 | } else { |
507 | len = 1; |
508 | } |
509 | |
510 | it->data = (unsigned char *)PORT_Alloc(len); |
511 | if (it->data == NULL((void*)0)) { |
512 | return; |
513 | } |
514 | |
515 | it->len = len; |
516 | PORT_Memcpymemcpy(it->data, bb + (sizeof(bb) - len), len); |
517 | } |
518 | |
519 | static int |
520 | xmlSecNssIntegerToItem( |
521 | const xmlChar* integer , |
522 | SECItem *item |
523 | ) { |
524 | xmlSecBn bn ; |
525 | xmlSecSizesize_t i, length ; |
526 | const xmlSecByteunsigned char* bnInteger ; |
527 | |
528 | xmlSecAssert2( integer != NULL, -1 )if(!( integer != ((void*)0) ) ) { xmlSecError("x509vfy.c",528 ,__FUNCTION__, ((void*)0), "integer != NULL", 100, " "); return (-1); } ; |
529 | xmlSecAssert2( item != NULL, -1 )if(!( item != ((void*)0) ) ) { xmlSecError("x509vfy.c",529,__FUNCTION__ , ((void*)0), "item != NULL", 100, " "); return(-1); } ; |
530 | |
531 | if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { |
532 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",532,__FUNCTION__, |
533 | NULL((void*)0), |
534 | "xmlSecBnInitialize", |
535 | XMLSEC_ERRORS_R_INVALID_DATA12, |
536 | XMLSEC_ERRORS_NO_MESSAGE" "); |
537 | return -1 ; |
538 | } |
539 | |
540 | if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { |
541 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",541,__FUNCTION__, |
542 | NULL((void*)0), |
543 | "xmlSecBnFromDecString", |
544 | XMLSEC_ERRORS_R_INVALID_DATA12, |
545 | XMLSEC_ERRORS_NO_MESSAGE" "); |
546 | xmlSecBnFinalize( &bn ) ; |
547 | return -1 ; |
548 | } |
549 | |
550 | length = xmlSecBnGetSize( &bn ) ; |
551 | if( length <= 0 ) { |
552 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",552,__FUNCTION__, |
553 | NULL((void*)0), |
554 | "xmlSecBnGetSize", |
555 | XMLSEC_ERRORS_R_INVALID_DATA12, |
556 | XMLSEC_ERRORS_NO_MESSAGE" "); |
557 | } |
558 | |
559 | bnInteger = xmlSecBnGetData( &bn ) ; |
560 | if( bnInteger == NULL((void*)0) ) { |
561 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",561,__FUNCTION__, |
562 | NULL((void*)0), |
563 | "xmlSecBnGetData", |
564 | XMLSEC_ERRORS_R_INVALID_DATA12, |
565 | XMLSEC_ERRORS_NO_MESSAGE" " ) ; |
566 | xmlSecBnFinalize( &bn ) ; |
567 | return -1 ; |
568 | } |
569 | |
570 | item->data = ( unsigned char * )PORT_Alloc( length ); |
571 | if( item->data == NULL((void*)0) ) { |
572 | xmlSecError(XMLSEC_ERRORS_HERE"x509vfy.c",572,__FUNCTION__, |
573 | NULL((void*)0), |
574 | "PORT_Alloc", |
575 | XMLSEC_ERRORS_R_INVALID_DATA12, |
576 | XMLSEC_ERRORS_NO_MESSAGE" " ) ; |
577 | xmlSecBnFinalize( &bn ) ; |
578 | return -1 ; |
579 | } |
580 | |
581 | item->len = length; |
582 | for( i = 0 ; i < length ; i ++ ) |
583 | item->data[i] = *( bnInteger + i ) ; |
584 | |
585 | xmlSecBnFinalize( &bn ) ; |
586 | |
587 | return 0 ; |
588 | } |
589 | #endif /* XMLSEC_NO_X509 */ |
590 | |
591 |