1/* 2 * NSS utility functions 3 * 4 * ***** BEGIN LICENSE BLOCK ***** 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 6 * 7 * The contents of this file are subject to the Mozilla Public License Version 8 * 1.1 (the "License"); you may not use this file except in compliance with 9 * the License. You may obtain a copy of the License at 10 * http://www.mozilla.org/MPL/ 11 * 12 * Software distributed under the License is distributed on an "AS IS" basis, 13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 14 * for the specific language governing rights and limitations under the 15 * License. 16 * 17 * The Original Code is the Netscape security libraries. 18 * 19 * The Initial Developer of the Original Code is 20 * Netscape Communications Corporation. 21 * Portions created by the Initial Developer are Copyright (C) 1994-2000 22 * the Initial Developer. All Rights Reserved. 23 * 24 * Contributor(s): 25 * 26 * Alternatively, the contents of this file may be used under the terms of 27 * either the GNU General Public License Version 2 or later (the "GPL"), or 28 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 29 * in which case the provisions of the GPL or the LGPL are applicable instead 30 * of those above. If you wish to allow use of your version of this file only 31 * under the terms of either the GPL or the LGPL, and not to allow others to 32 * use your version of this file under the terms of the MPL, indicate your 33 * decision by deleting the provisions above and replace them with the notice 34 * and other provisions required by the GPL or the LGPL. If you do not delete 35 * the provisions above, a recipient may use your version of this file under 36 * the terms of any one of the MPL, the GPL or the LGPL. 37 * 38 * ***** END LICENSE BLOCK ***** */ 39/* $Id: cmpcert.c,v 1.6 2008/02/01 22:09:09 julien.pierre.boogz%sun.com Exp $ */ 40 41#include <stdio.h> 42#include <string.h> 43#include "prerror.h" 44#include "secitem.h" 45#include "prnetdb.h" 46#include "cert.h" 47#include "nspr.h" 48#include "secder.h" 49#include "key.h" 50#include "nss.h" 51 52/* 53 * Look to see if any of the signers in the cert chain for "cert" are found 54 * in the list of caNames. 55 * Returns SECSuccess if so, SECFailure if not. 56 */ 57SECStatus 58NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) 59{ 60 SECItem * caname; 61 CERTCertificate * curcert; 62 CERTCertificate * oldcert; 63 PRInt32 contentlen; 64 int j; 65 int headerlen; 66 int depth; 67 SECStatus rv; 68 SECItem issuerName; 69 SECItem compatIssuerName; 70 71 if (!cert || !caNames || !caNames->nnames || !caNames->names || 72 !caNames->names->data) 73 return SECFailure; 74 depth=0; 75 curcert = CERT_DupCertificate(cert); 76 77 while( curcert ) { 78 issuerName = curcert->derIssuer; 79 80 /* compute an alternate issuer name for compatibility with 2.0 81 * enterprise server, which send the CA names without 82 * the outer layer of DER header 83 */ 84 rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen); 85 if ( rv == SECSuccess ) { 86 compatIssuerName.data = &issuerName.data[headerlen]; 87 compatIssuerName.len = issuerName.len - headerlen; 88 } else { 89 compatIssuerName.data = NULL; 90 compatIssuerName.len = 0; 91 } 92 93 for (j = 0; j < caNames->nnames; j++) { 94 caname = &caNames->names[j]; 95 if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) { 96 rv = SECSuccess; 97 CERT_DestroyCertificate(curcert); 98 goto done; 99 } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) { 100 rv = SECSuccess; 101 CERT_DestroyCertificate(curcert); 102 goto done; 103 } 104 } 105 if ( ( depth <= 20 ) && 106 ( SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) 107 != SECEqual ) ) { 108 oldcert = curcert; 109 curcert = CERT_FindCertByName(curcert->dbhandle, 110 &curcert->derIssuer); 111 CERT_DestroyCertificate(oldcert); 112 depth++; 113 } else { 114 CERT_DestroyCertificate(curcert); 115 curcert = NULL; 116 } 117 } 118 rv = SECFailure; 119 120done: 121 return rv; 122} 123 124