cmpcert.c (1812B)
1 /* 2 * NSS utility functions 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 8 #include <stdio.h> 9 #include <string.h> 10 #include "prerror.h" 11 #include "secitem.h" 12 #include "prnetdb.h" 13 #include "cert.h" 14 #include "nspr.h" 15 #include "secder.h" 16 #include "keyhi.h" 17 #include "nss.h" 18 19 /* 20 * Look to see if any of the signers in the cert chain for "cert" are found 21 * in the list of caNames. 22 * Returns SECSuccess if so, SECFailure if not. 23 */ 24 SECStatus 25 NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) 26 { 27 SECItem *caname; 28 CERTCertificate *curcert; 29 CERTCertificate *oldcert; 30 int j; 31 int depth; 32 SECItem issuerName; 33 34 if (!cert || !caNames || !caNames->nnames || !caNames->names || 35 !caNames->names->data) 36 return SECFailure; 37 depth = 0; 38 curcert = CERT_DupCertificate(cert); 39 40 while (curcert) { 41 issuerName = curcert->derIssuer; 42 43 for (j = 0; j < caNames->nnames; j++) { 44 caname = &caNames->names[j]; 45 if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) { 46 CERT_DestroyCertificate(curcert); 47 return SECSuccess; 48 } 49 } 50 if ((depth <= 20) && 51 (SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) != 52 SECEqual)) { 53 oldcert = curcert; 54 curcert = CERT_FindCertByName(curcert->dbhandle, 55 &curcert->derIssuer); 56 CERT_DestroyCertificate(oldcert); 57 depth++; 58 } else { 59 CERT_DestroyCertificate(curcert); 60 curcert = NULL; 61 } 62 } 63 return SECFailure; 64 }