← Back to branch summary

~ubuntu-branches/ubuntu/maverick/nss/maverick

« back to all changes in this revision

Viewing changes to mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c

  • Committer: Bazaar Package Importer
  • Author(s): Alexander Sack
  • Date: 2009-06-16 13:23:47 UTC
  • mfrom: (1.1.9 upstream)
  • Revision ID: james.westby@ubuntu.com-20090616132347-311ysb8oep74b98y
Tags: 3.12.3-0ubuntu1
https://launchpad.net/bugs/387751
* new upstream release 3.12.3 RTM (NSS_3_12_3_RTM) (LP: #387751)
* adjust patches to changed upstream code base
  - update debian/patches/38_kbsd.patch
* needs nspr >= 4.7.4
  - update debian/control
* update 85_security_load.patch to latest debian version
  - update debian/patches/85_security_load.patch
* add new symbols for 3.12.3
  - update debian/libnss3-1d.symbols

Show diffs side-by-side

added added

removed removed

Lines of Context:
mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
176
176
 
177
177
                hcv1 = &(httpClient->fcnTable.ftable1);
178
178
 
179
 
                if (ocspRsp->requestSession != NULL) {
180
 
                        hcv1->freeFcn(ocspRsp->requestSession);
181
 
                        ocspRsp->requestSession = NULL;
 
179
                if (ocspRsp->sessionRequest != NULL) {
 
180
                    (*hcv1->freeFcn)(ocspRsp->sessionRequest);
 
181
                    ocspRsp->sessionRequest = NULL;
182
182
                }
183
183
 
184
184
                if (ocspRsp->serverSession != NULL) {
185
 
                        hcv1->freeSessionFcn(ocspRsp->serverSession);
186
 
                        ocspRsp->serverSession = NULL;
 
185
                    (*hcv1->freeSessionFcn)(ocspRsp->serverSession);
 
186
                    ocspRsp->serverSession = NULL;
187
187
                }
188
188
        }
189
189
 
331
331
pkix_pl_OcspResponse_RegisterSelf(void *plContext)
332
332
{
333
333
        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
334
 
        pkix_ClassTable_Entry entry;
 
334
        pkix_ClassTable_Entry *entry = &systemClasses[PKIX_OCSPRESPONSE_TYPE];
335
335
 
336
336
        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_RegisterSelf");
337
337
 
338
 
        entry.description = "OcspResponse";
339
 
        entry.objCounter = 0;
340
 
        entry.typeObjectSize = sizeof(PKIX_PL_OcspResponse);
341
 
        entry.destructor = pkix_pl_OcspResponse_Destroy;
342
 
        entry.equalsFunction = pkix_pl_OcspResponse_Equals;
343
 
        entry.hashcodeFunction = pkix_pl_OcspResponse_Hashcode;
344
 
        entry.toStringFunction = NULL;
345
 
        entry.comparator = NULL;
346
 
        entry.duplicateFunction = pkix_duplicateImmutable;
347
 
 
348
 
        systemClasses[PKIX_OCSPRESPONSE_TYPE] = entry;
 
338
        entry->description = "OcspResponse";
 
339
        entry->typeObjectSize = sizeof(PKIX_PL_OcspResponse);
 
340
        entry->destructor = pkix_pl_OcspResponse_Destroy;
 
341
        entry->equalsFunction = pkix_pl_OcspResponse_Equals;
 
342
        entry->hashcodeFunction = pkix_pl_OcspResponse_Hashcode;
 
343
        entry->duplicateFunction = pkix_duplicateImmutable;
349
344
 
350
345
        PKIX_RETURN(OCSPRESPONSE);
351
346
}
403
398
pkix_pl_OcspResponse_Create(
404
399
        PKIX_PL_OcspRequest *request,
405
400
        void *responder,
406
 
        PKIX_PL_OcspResponse_VerifyCallback verifyFcn,
 
401
        PKIX_PL_VerifyCallback verifyFcn,
407
402
        void **pNBIOContext,
408
403
        PKIX_PL_OcspResponse **pResponse,
409
404
        void *plContext)
416
411
        char *location = NULL;
417
412
        char *hostname = NULL;
418
413
        char *path = NULL;
 
414
        char *responseContentType = NULL;
419
415
        PRUint16 port = 0;
420
416
        SEC_HTTP_SERVER_SESSION serverSession = NULL;
421
 
        SEC_HTTP_REQUEST_SESSION requestSession = NULL;
 
417
        SEC_HTTP_REQUEST_SESSION sessionRequest = NULL;
422
418
        SECItem *encodedRequest = NULL;
423
419
        PRUint16 responseCode = 0;
424
420
        char *responseData = NULL;
425
 
        PRUint32 responseDataLen = 0;
426
 
 
 
421
 
427
422
        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Create");
428
423
        PKIX_NULLCHECK_TWO(pNBIOContext, pResponse);
429
424
 
437
432
 
438
433
                httpClient = ocspResponse->httpClient;
439
434
                serverSession = ocspResponse->serverSession;
440
 
                requestSession = ocspResponse->requestSession;
441
 
                PKIX_NULLCHECK_THREE(httpClient, serverSession, requestSession);
 
435
                sessionRequest = ocspResponse->sessionRequest;
 
436
                PKIX_NULLCHECK_THREE(httpClient, serverSession, sessionRequest);
442
437
 
443
438
        } else {
 
439
                PKIX_UInt32 timeout =
 
440
                    ((PKIX_PL_NssContext*)plContext)->timeoutSeconds;
444
441
 
445
442
                PKIX_NULLCHECK_ONE(request);
446
443
 
451
448
                /* prepare initial message to HTTPClient */
452
449
 
453
450
                /* Is there a default responder and is it enabled? */
454
 
                if (!responder) {
455
 
                        PKIX_PL_NSSCALLRV
456
 
                                (OCSPRESPONSE,
457
 
                                responder,
458
 
                                (void *)SEC_GetRegisteredHttpClient,
459
 
                                ());
 
451
                if (responder) {
 
452
                    httpClient = (const SEC_HttpClientFcn *)responder;
 
453
                } else {
 
454
                    httpClient = SEC_GetRegisteredHttpClient();
460
455
                }
461
456
 
462
 
                httpClient = (const SEC_HttpClientFcn *)responder;
463
 
 
464
457
                if (httpClient && (httpClient->version == 1)) {
465
458
 
466
459
                        hcv1 = &(httpClient->fcnTable.ftable1);
470
463
                                PKIX_OCSPREQUESTGETLOCATIONFAILED);
471
464
 
472
465
                        /* parse location -> hostname, port, path */    
473
 
                        PKIX_PL_NSSCALLRV(OCSPRESPONSE, rv, CERT_ParseURL,
474
 
                                (location, &hostname, &port, &path));
475
 
 
476
 
                        if ((hostname == NULL) || (path == NULL)) {
 
466
                        rv = CERT_ParseURL(location, &hostname, &port, &path);
 
467
                        if (rv == SECFailure || hostname == NULL || path == NULL) {
477
468
                                PKIX_ERROR(PKIX_URLPARSINGFAILED);
478
469
                        }
479
470
 
480
 
                        PKIX_PL_NSSCALLRV
481
 
                                (OCSPRESPONSE,
482
 
                                rv,
483
 
                                hcv1->createSessionFcn,
484
 
                                (hostname, port, &serverSession));
485
 
 
486
 
                        if (rv != SECSuccess) {
487
 
                                PKIX_ERROR(PKIX_OCSPSERVERERROR);
488
 
                        }       
489
 
 
490
 
                        PKIX_PL_NSSCALLRV
491
 
                                (OCSPRESPONSE, rv, hcv1->createFcn,
492
 
                                (serverSession,
493
 
                                "http",
494
 
                                path,
495
 
                                "POST",
496
 
                                PR_TicksPerSecond() * 60,
497
 
                                &requestSession));
498
 
 
499
 
                        if (rv != SECSuccess) {
500
 
                                PKIX_ERROR(PKIX_OCSPSERVERERROR);
501
 
                        }       
502
 
 
503
 
                        PKIX_PL_NSSCALLRV
504
 
                                (OCSPRESPONSE, rv, hcv1->setPostDataFcn,
505
 
                                (requestSession,
506
 
                                (char *)encodedRequest->data,
507
 
                                encodedRequest->len,
508
 
                                "application/ocsp-request"));
509
 
 
 
471
                        rv = (*hcv1->createSessionFcn)(hostname, port,
 
472
                                                       &serverSession);
 
473
                        if (rv != SECSuccess) {
 
474
                                PKIX_ERROR(PKIX_OCSPSERVERERROR);
 
475
                        }       
 
476
 
 
477
                        rv = (*hcv1->createFcn)(serverSession, "http", path,
 
478
                                                "POST",
 
479
                                                PR_SecondsToInterval(timeout),
 
480
                                                &sessionRequest);
 
481
                        if (rv != SECSuccess) {
 
482
                                PKIX_ERROR(PKIX_OCSPSERVERERROR);
 
483
                        }       
 
484
 
 
485
                        rv = (*hcv1->setPostDataFcn)(sessionRequest,
 
486
                                                  (char *)encodedRequest->data,
 
487
                                                  encodedRequest->len,
 
488
                                                  "application/ocsp-request");
510
489
                        if (rv != SECSuccess) {
511
490
                                PKIX_ERROR(PKIX_OCSPSERVERERROR);
512
491
                        }       
523
502
                        ocspResponse->request = request;
524
503
                        ocspResponse->httpClient = httpClient;
525
504
                        ocspResponse->serverSession = serverSession;
526
 
                        ocspResponse->requestSession = requestSession;
 
505
                        ocspResponse->sessionRequest = sessionRequest;
527
506
                        ocspResponse->verifyFcn = verifyFcn;
528
507
                        ocspResponse->handle = CERT_GetDefaultCertDB();
529
508
                        ocspResponse->encodedResponse = NULL;
538
517
 
539
518
        /* begin or resume IO to HTTPClient */
540
519
        if (httpClient && (httpClient->version == 1)) {
 
520
                PRUint32 responseDataLen = 
 
521
                   ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
541
522
 
542
523
                hcv1 = &(httpClient->fcnTable.ftable1);
543
524
 
544
 
                responseDataLen = MAX_OCSP_RESPONSE_LEN;
545
 
 
546
 
                PKIX_PL_NSSCALLRV(OCSPRESPONSE, rv, hcv1->trySendAndReceiveFcn,
547
 
                        (requestSession,
 
525
                rv = (*hcv1->trySendAndReceiveFcn)(sessionRequest,
548
526
                        (PRPollDesc **)&nbioContext,
549
527
                        &responseCode,
550
 
                        NULL,   /* responseContentType */
 
528
                        &responseContentType,
551
529
                        NULL,   /* responseHeaders */
552
530
                        (const char **)&responseData,
553
 
                        &responseDataLen));
 
531
                        &responseDataLen);
554
532
 
555
533
                if (rv != SECSuccess) {
556
534
                        PKIX_ERROR(PKIX_OCSPSERVERERROR);
557
 
                }       
558
 
 
 
535
                }
 
536
                /* responseContentType is a pointer to the null-terminated
 
537
                 * string returned by httpclient. Memory allocated for context
 
538
                 * type will be freed with freeing of the HttpClient struct. */
 
539
                if (PORT_Strcasecmp(responseContentType, 
 
540
                                   "application/ocsp-response")) {
 
541
                       PKIX_ERROR(PKIX_OCSPSERVERERROR);
 
542
                }
559
543
                if (nbioContext != NULL) {
560
544
                        *pNBIOContext = nbioContext;
561
545
                        goto cleanup;
562
546
                }
563
 
 
564
547
                if (responseCode != 200) {
565
548
                        PKIX_ERROR(PKIX_OCSPBADHTTPRESPONSE);
566
549
                }
567
 
 
568
 
 
569
 
                PKIX_PL_NSSCALLRV
570
 
                        (OCSPRESPONSE, ocspResponse->arena, PORT_NewArena,
571
 
                        (DER_DEFAULT_CHUNKSIZE));
572
 
 
 
550
                ocspResponse->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
573
551
                if (ocspResponse->arena == NULL) {
574
552
                        PKIX_ERROR(PKIX_OUTOFMEMORY);
575
553
                }
576
 
 
577
 
                PKIX_PL_NSSCALLRV
578
 
                        (OCSPRESPONSE,
579
 
                        ocspResponse->encodedResponse,
580
 
                        SECITEM_AllocItem,
581
 
                        (ocspResponse->arena, NULL, responseDataLen));
582
 
 
 
554
                ocspResponse->encodedResponse = SECITEM_AllocItem
 
555
                        (ocspResponse->arena, NULL, responseDataLen);
583
556
                if (ocspResponse->encodedResponse == NULL) {
584
557
                        PKIX_ERROR(PKIX_OUTOFMEMORY);
585
558
                }
586
 
 
587
 
                PKIX_PL_NSSCALL(OCSPRESPONSE, PORT_Memcpy,
588
 
                        (ocspResponse->encodedResponse->data,
589
 
                        responseData,
590
 
                        responseDataLen));
591
 
 
 
559
                PORT_Memcpy(ocspResponse->encodedResponse->data,
 
560
                            responseData, responseDataLen);
592
561
        }
593
 
 
594
562
        *pResponse = ocspResponse;
595
563
 
596
564
cleanup:
597
565
 
598
566
        if (path != NULL) {
599
 
                PKIX_PL_NSSCALL(OCSPRESPONSE, PORT_Free, (path));
 
567
            PORT_Free(path);
600
568
        }
601
569
 
602
570
        if (hostname != NULL) {
603
 
                PKIX_PL_NSSCALL(OCSPRESPONSE, PORT_Free, (hostname));
 
571
            PORT_Free(hostname);
604
572
        }
605
573
 
606
574
        if (PKIX_ERROR_RECEIVED){
 
575
            if (ocspResponse) {
607
576
                PKIX_DECREF(ocspResponse);
 
577
            } else {
 
578
                if (serverSession) 
 
579
                    hcv1->freeSessionFcn(serverSession);
 
580
                if (sessionRequest)
 
581
                    hcv1->freeFcn(sessionRequest);
 
582
            }
608
583
        }
609
584
 
610
585
        PKIX_RETURN(OCSPRESPONSE);
711
686
}
712
687
 
713
688
 
714
 
PKIX_Error*
715
 
pkix_pl_OcspResponse_CallCertVerify(
 
689
static PKIX_Error*
 
690
pkix_pl_OcspResponse_VerifyResponse(
716
691
        PKIX_PL_OcspResponse *response,
717
692
        PKIX_ProcessingParams *procParams,
718
693
        SECCertUsage certUsage,
723
698
{
724
699
    SECStatus rv = SECFailure;
725
700
 
726
 
    PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_CallCertVerify");
 
701
    PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_VerifyResponse");
727
702
 
728
703
    if (response->verifyFcn != NULL) {
729
704
        void *lplContext = NULL;
734
709
            PKIX_NSSCONTEXTCREATEFAILED);
735
710
 
736
711
        PKIX_CHECK(
737
 
            (response->verifyFcn)(response->pkixSignerCert,
738
 
                                  response->producedAtDate,
 
712
            (response->verifyFcn)((PKIX_PL_Object*)response->pkixSignerCert,
 
713
                                  NULL, response->producedAtDate,
739
714
                                  procParams, pNBIOContext,
740
715
                                  state, buildResult,
741
716
                                  NULL, lplContext),
913
888
        } else {
914
889
            SECCertUsage certUsage;
915
890
            if (CERT_IsCACert(response->signerCert, NULL)) {
916
 
                certUsage = certUsageVerifyCA;
 
891
                certUsage = certUsageAnyCA;
917
892
            } else {
918
893
                certUsage = certUsageStatusResponder;
919
894
            }
920
895
            PKIX_CHECK_ONLY_FATAL(
921
 
                pkix_pl_OcspResponse_CallCertVerify(response, procParams,
 
896
                pkix_pl_OcspResponse_VerifyResponse(response, procParams,
922
897
                                                    certUsage, &state,
923
898
                                                    &buildResult, &nbio,
924
899
                                                    plContext),