search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 452390 Tracemonkey will crash if the compiler doesn't have FASTCALL r=danderson
[wine-gecko.git] / security / manager / ssl / src / nsUsageArrayHelper.cpp
blob968cab5bedd919a42f953e55dff148c6f2bda5ed
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 * John Gardiner Myers <jgmyers@speakeasy.net>
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 *
36 * ***** END LICENSE BLOCK ***** */
37
38 #include "nsUsageArrayHelper.h"
39
40 #include "nsCOMPtr.h"
41 #include "nsIDateTimeFormat.h"
42 #include "nsDateTimeFormatCID.h"
43 #include "nsComponentManagerUtils.h"
44 #include "nsReadableUtils.h"
45 #include "nsNSSCertificate.h"
46
47 #include "nspr.h"
48 #include "nsNSSCertHeader.h"
49
50 extern "C" {
51 #include "secerr.h"
52 }
53
54 static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
55
56 nsUsageArrayHelper::nsUsageArrayHelper(CERTCertificate *aCert)
57 :mCert(aCert)
58 {
59 nsNSSShutDownPreventionLock locker;
60 defaultcertdb = CERT_GetDefaultCertDB();
61 nssComponent = do_GetService(kNSSComponentCID, &m_rv);
62 }
63
64 void
65 nsUsageArrayHelper::check(const char *suffix,
66 SECCertificateUsage aCertUsage,
67 PRUint32 &aCounter,
68 PRUnichar **outUsages)
69 {
70 if (!aCertUsage) return;
71 nsCAutoString typestr;
72 switch (aCertUsage) {
73 case certificateUsageSSLClient:
74 typestr = "VerifySSLClient";
75 break;
76 case certificateUsageSSLServer:
77 typestr = "VerifySSLServer";
78 break;
79 case certificateUsageSSLServerWithStepUp:
80 typestr = "VerifySSLStepUp";
81 break;
82 case certificateUsageEmailSigner:
83 typestr = "VerifyEmailSigner";
84 break;
85 case certificateUsageEmailRecipient:
86 typestr = "VerifyEmailRecip";
87 break;
88 case certificateUsageObjectSigner:
89 typestr = "VerifyObjSign";
90 break;
91 case certificateUsageProtectedObjectSigner:
92 typestr = "VerifyProtectObjSign";
93 break;
94 case certificateUsageUserCertImport:
95 typestr = "VerifyUserImport";
96 break;
97 case certificateUsageSSLCA:
98 typestr = "VerifySSLCA";
99 break;
100 case certificateUsageVerifyCA:
101 typestr = "VerifyCAVerifier";
102 break;
103 case certificateUsageStatusResponder:
104 typestr = "VerifyStatusResponder";
105 break;
106 case certificateUsageAnyCA:
107 typestr = "VerifyAnyCA";
108 break;
109 default:
110 break;
111 }
112 if (!typestr.IsEmpty()) {
113 typestr.Append(suffix);
114 nsAutoString verifyDesc;
115 m_rv = nssComponent->GetPIPNSSBundleString(typestr.get(), verifyDesc);
116 if (NS_SUCCEEDED(m_rv)) {
117 outUsages[aCounter++] = ToNewUnicode(verifyDesc);
118 }
119 }
120 }
121
122 void
123 nsUsageArrayHelper::verifyFailed(PRUint32 *_verified, int err)
124 {
125 switch (err) {
126 /* For these cases, verify only failed for the particular usage */
127 case SEC_ERROR_INADEQUATE_KEY_USAGE:
128 case SEC_ERROR_INADEQUATE_CERT_TYPE:
129 *_verified = nsNSSCertificate::USAGE_NOT_ALLOWED; break;
130 /* These are the cases that have individual error messages */
131 case SEC_ERROR_REVOKED_CERTIFICATE:
132 *_verified = nsNSSCertificate::CERT_REVOKED; break;
133 case SEC_ERROR_EXPIRED_CERTIFICATE:
134 *_verified = nsNSSCertificate::CERT_EXPIRED; break;
135 case SEC_ERROR_UNTRUSTED_CERT:
136 *_verified = nsNSSCertificate::CERT_NOT_TRUSTED; break;
137 case SEC_ERROR_UNTRUSTED_ISSUER:
138 *_verified = nsNSSCertificate::ISSUER_NOT_TRUSTED; break;
139 case SEC_ERROR_UNKNOWN_ISSUER:
140 *_verified = nsNSSCertificate::ISSUER_UNKNOWN; break;
141 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
142 // XXX are there other error for this?
143 *_verified = nsNSSCertificate::INVALID_CA; break;
144 case SEC_ERROR_CERT_USAGES_INVALID: // XXX what is this?
145 // there are some OCSP errors from PSM 1.x to add here
146 case SECSuccess:
147 // this means, no verification result has ever been received
148 default:
149 *_verified = nsNSSCertificate::NOT_VERIFIED_UNKNOWN; break;
150 }
151 }
152
153 nsresult
154 nsUsageArrayHelper::GetUsagesArray(const char *suffix,
155 PRBool ignoreOcsp,
156 PRUint32 outArraySize,
157 PRUint32 *_verified,
158 PRUint32 *_count,
159 PRUnichar **outUsages)
160 {
161 nsNSSShutDownPreventionLock locker;
162 if (NS_FAILED(m_rv))
163 return m_rv;
164
165 if (outArraySize < max_returned_out_array_size)
166 return NS_ERROR_FAILURE;
167
168 nsCOMPtr<nsINSSComponent> nssComponent;
169
170 if (ignoreOcsp) {
171 nsresult rv;
172 nssComponent = do_GetService(kNSSComponentCID, &rv);
173 if (NS_FAILED(rv))
174 return rv;
175
176 if (nssComponent) {
177 nssComponent->SkipOcsp();
178 }
179 }
180
181 PRUint32 &count = *_count;
182 count = 0;
183 SECCertificateUsage usages;
184
185 CERT_VerifyCertificateNow(defaultcertdb, mCert, PR_TRUE,
186 certificateUsageSSLClient |
187 certificateUsageSSLServer |
188 certificateUsageSSLServerWithStepUp |
189 certificateUsageEmailSigner |
190 certificateUsageEmailRecipient |
191 certificateUsageObjectSigner |
192 certificateUsageSSLCA |
193 certificateUsageStatusResponder,
194 NULL, &usages);
195 int err = PR_GetError();
196
197 // The following list of checks must be < max_returned_out_array_size
198
199 check(suffix, usages & certificateUsageSSLClient, count, outUsages);
200 check(suffix, usages & certificateUsageSSLServer, count, outUsages);
201 check(suffix, usages & certificateUsageSSLServerWithStepUp, count, outUsages);
202 check(suffix, usages & certificateUsageEmailSigner, count, outUsages);
203 check(suffix, usages & certificateUsageEmailRecipient, count, outUsages);
204 check(suffix, usages & certificateUsageObjectSigner, count, outUsages);
205 #if 0
206 check(suffix, usages & certificateUsageProtectedObjectSigner, count, outUsages);
207 check(suffix, usages & certificateUsageUserCertImport, count, outUsages);
208 #endif
209 check(suffix, usages & certificateUsageSSLCA, count, outUsages);
210 #if 0
211 check(suffix, usages & certificateUsageVerifyCA, count, outUsages);
212 #endif
213 check(suffix, usages & certificateUsageStatusResponder, count, outUsages);
214 #if 0
215 check(suffix, usages & certificateUsageAnyCA, count, outUsages);
216 #endif
217
218 if (ignoreOcsp && nssComponent) {
219 nssComponent->SkipOcspOff();
220 }
221
222 if (count == 0) {
223 verifyFailed(_verified, err);
224 } else {
225 *_verified = nsNSSCertificate::VERIFIED_OK;
226 }
227 return NS_OK;
228 }
Wine Gecko package