wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco

Browse Source 
--HG--
extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4
This commit is contained in:
Brian Smith 2014-07-20 11:06:26 -07:00
parent 0da7cb4337
commit 7417889c50
13 changed files with 32 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
security/apps/AppTrustDomain.cpp
View File

@ -137,12 +137,11 @@ Result
AppTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
const CertPolicyId& policy,
const SECItem& candidateCertDER,
/*out*/ TrustLevel* trustLevel)
/*out*/ TrustLevel& trustLevel)
{
MOZ_ASSERT(policy.IsAnyPolicy());
MOZ_ASSERT(trustLevel);
MOZ_ASSERT(mTrustedRoot);
if (!trustLevel || !policy.IsAnyPolicy()) {
if (!policy.IsAnyPolicy()) {
return Result::FATAL_ERROR_INVALID_ARGS;
}
if (!mTrustedRoot) {
@ -176,18 +175,18 @@ AppTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
: CERTDB_TRUSTED;
if (((flags & (relevantTrustBit | CERTDB_TERMINAL_RECORD)))
== CERTDB_TERMINAL_RECORD) {
*trustLevel = TrustLevel::ActivelyDistrusted;
trustLevel = TrustLevel::ActivelyDistrusted;
return Success;
}
}
// mTrustedRoot is the only trust anchor for this validation.
if (CERT_CompareCerts(mTrustedRoot.get(), candidateCert.get())) {
*trustLevel = TrustLevel::TrustAnchor;
trustLevel = TrustLevel::TrustAnchor;
return Success;
}
*trustLevel = TrustLevel::InheritsTrust;
trustLevel = TrustLevel::InheritsTrust;
return Success;
}

2
security/apps/AppTrustDomain.h
View File

@ -26,7 +26,7 @@ public:
virtual Result GetCertTrust(mozilla::pkix::EndEntityOrCA endEntityOrCA,
const mozilla::pkix::CertPolicyId& policy,
const SECItem& candidateCertDER,
/*out*/ mozilla::pkix::TrustLevel* trustLevel)
/*out*/ mozilla::pkix::TrustLevel& trustLevel)
MOZ_OVERRIDE;
virtual Result FindIssuer(const SECItem& encodedIssuerName,
IssuerChecker& checker,

15
security/certverifier/NSSCertDBTrustDomain.cpp
View File

@ -143,13 +143,8 @@ Result
NSSCertDBTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
const CertPolicyId& policy,
const SECItem& candidateCertDER,
/*out*/ TrustLevel* trustLevel)
/*out*/ TrustLevel& trustLevel)
{
PR_ASSERT(trustLevel);
if (!trustLevel) {
return Result::FATAL_ERROR_INVALID_ARGS;
}
#ifdef MOZ_NO_EV_CERTS
if (!policy.IsAnyPolicy()) {
return Result::ERROR_POLICY_VALIDATION_FAILED;
@ -189,7 +184,7 @@ NSSCertDBTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
: CERTDB_TRUSTED;
if (((flags & (relevantTrustBit|CERTDB_TERMINAL_RECORD)))
== CERTDB_TERMINAL_RECORD) {
*trustLevel = TrustLevel::ActivelyDistrusted;
trustLevel = TrustLevel::ActivelyDistrusted;
return Success;
}
@ -198,19 +193,19 @@ NSSCertDBTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
// Gecko implemented nsICertOverrideService.
if (flags & CERTDB_TRUSTED_CA) {
if (policy.IsAnyPolicy()) {
*trustLevel = TrustLevel::TrustAnchor;
trustLevel = TrustLevel::TrustAnchor;
return Success;
}
#ifndef MOZ_NO_EV_CERTS
if (CertIsAuthoritativeForEVPolicy(candidateCert.get(), policy)) {
*trustLevel = TrustLevel::TrustAnchor;
trustLevel = TrustLevel::TrustAnchor;
return Success;
}
#endif
}
}
*trustLevel = TrustLevel::InheritsTrust;
trustLevel = TrustLevel::InheritsTrust;
return Success;
}

2
security/certverifier/NSSCertDBTrustDomain.h
View File

@ -63,7 +63,7 @@ public:
virtual Result GetCertTrust(mozilla::pkix::EndEntityOrCA endEntityOrCA,
const mozilla::pkix::CertPolicyId& policy,
const SECItem& candidateCertDER,
/*out*/ mozilla::pkix::TrustLevel* trustLevel)
/*out*/ mozilla::pkix::TrustLevel& trustLevel)
MOZ_OVERRIDE;
virtual Result CheckPublicKey(const SECItem& subjectPublicKeyInfo)

6
security/pkix/include/pkix/pkixtypes.h
View File

@ -192,16 +192,16 @@ public:
//
// When policy.IsAnyPolicy(), then no policy-related checking should be done.
// When !policy.IsAnyPolicy(), then GetCertTrust MUST NOT return with
// *trustLevel == TrustAnchor unless the given cert is considered a trust
// trustLevel == TrustAnchor unless the given cert is considered a trust
// anchor *for that policy*. In particular, if the user has marked an
// intermediate certificate as trusted, but that intermediate isn't in the
// list of EV roots, then GetCertTrust must result in
// *trustLevel == InheritsTrust instead of *trustLevel == TrustAnchor
// trustLevel == InheritsTrust instead of trustLevel == TrustAnchor
// (assuming the candidate cert is not actively distrusted).
virtual Result GetCertTrust(EndEntityOrCA endEntityOrCA,
const CertPolicyId& policy,
const SECItem& candidateCertDER,
/*out*/ TrustLevel* trustLevel) = 0;
/*out*/ TrustLevel& trustLevel) = 0;
class IssuerChecker
{

2
security/pkix/lib/pkixbuild.cpp
View File

@ -222,7 +222,7 @@ BuildForward(TrustDomain& trustDomain,
rv = CheckIssuerIndependentProperties(trustDomain, subject, time,
requiredKeyUsageIfPresent,
requiredEKUIfPresent, requiredPolicy,
subCACount, &trustLevel);
subCACount, trustLevel);
Result deferredEndEntityError = Success;
if (rv != Success) {
if (subject.endEntityOrCA == EndEntityOrCA::MustBeEndEntity &&

8
security/pkix/lib/pkixcheck.cpp
View File

@ -626,15 +626,14 @@ CheckIssuerIndependentProperties(TrustDomain& trustDomain,
KeyPurposeId requiredEKUIfPresent,
const CertPolicyId& requiredPolicy,
unsigned int subCACount,
/*optional out*/ TrustLevel* trustLevelOut)
/*out*/ TrustLevel& trustLevel)
{
Result rv;
const EndEntityOrCA endEntityOrCA = cert.endEntityOrCA;
TrustLevel trustLevel;
rv = trustDomain.GetCertTrust(endEntityOrCA, requiredPolicy, cert.GetDER(),
&trustLevel);
trustLevel);
if (rv != Success) {
return rv;
}
@ -646,9 +645,6 @@ CheckIssuerIndependentProperties(TrustDomain& trustDomain,
// The TrustDomain returned a trust level that we weren't expecting.
return Result::FATAL_ERROR_INVALID_STATE;
}
if (trustLevelOut) {
*trustLevelOut = trustLevel;
}
// 4.2.1.1. Authority Key Identifier is ignored (see bug 965136).

2
security/pkix/lib/pkixcheck.h
View File

@ -39,7 +39,7 @@ Result CheckIssuerIndependentProperties(
KeyPurposeId requiredEKUIfPresent,
const CertPolicyId& requiredPolicy,
unsigned int subCACount,
/*optional out*/ TrustLevel* trustLevel = nullptr);
/*out*/ TrustLevel& trustLevel);
Result CheckNameConstraints(const SECItem& encodedNameConstraints,
const BackCert& firstChild,

4
security/pkix/lib/pkixocsp.cpp
View File

@ -113,10 +113,12 @@ CheckOCSPResponseSignerCert(TrustDomain& trustDomain,
//
// TODO(bug 926261): If we're validating for a policy then the policy OID we
// are validating for should be passed to CheckIssuerIndependentProperties.
TrustLevel unusedTrustLevel;
rv = CheckIssuerIndependentProperties(trustDomain, potentialSigner, time,
KeyUsage::noParticularKeyUsageRequired,
KeyPurposeId::id_kp_OCSPSigning,
CertPolicyId::anyPolicy, 0);
CertPolicyId::anyPolicy, 0,
unusedTrustLevel);
if (rv != Success) {
return rv;
}

6
security/pkix/test/gtest/pkixbuild_tests.cpp
View File

@ -117,12 +117,12 @@ public:
private:
virtual Result GetCertTrust(EndEntityOrCA, const CertPolicyId&,
const SECItem& candidateCert,
/*out*/ TrustLevel* trustLevel)
/*out*/ TrustLevel& trustLevel)
{
if (SECITEM_ItemsAreEqual(&candidateCert, &certChainTail[0]->derCert)) {
*trustLevel = TrustLevel::TrustAnchor;
trustLevel = TrustLevel::TrustAnchor;
} else {
*trustLevel = TrustLevel::InheritsTrust;
trustLevel = TrustLevel::InheritsTrust;
}
return Success;
}

4
security/pkix/test/gtest/pkixcert_extension_tests.cpp
View File

@ -77,9 +77,9 @@ class TrustEverythingTrustDomain : public TrustDomain
private:
virtual Result GetCertTrust(EndEntityOrCA, const CertPolicyId&,
const SECItem& candidateCert,
/*out*/ TrustLevel* trustLevel)
/*out*/ TrustLevel& trustLevel)
{
*trustLevel = TrustLevel::TrustAnchor;
trustLevel = TrustLevel::TrustAnchor;
return Success;
}

2
security/pkix/test/gtest/pkixocsp_CreateEncodedOCSPRequest_tests.cpp
View File

@ -36,7 +36,7 @@ class CreateEncodedOCSPRequestTrustDomain : public TrustDomain
{
private:
virtual Result GetCertTrust(EndEntityOrCA, const CertPolicyId&,
const SECItem&, /*out*/ TrustLevel*)
const SECItem&, /*out*/ TrustLevel&)
{
ADD_FAILURE();
return Result::FATAL_ERROR_LIBRARY_FAILURE;

10
security/pkix/test/gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp
View File

@ -45,11 +45,10 @@ public:
virtual Result GetCertTrust(EndEntityOrCA endEntityOrCA, const CertPolicyId&,
const SECItem& candidateCert,
/*out*/ TrustLevel* trustLevel)
/*out*/ TrustLevel& trustLevel)
{
EXPECT_EQ(endEntityOrCA, EndEntityOrCA::MustBeEndEntity);
EXPECT_TRUE(trustLevel);
*trustLevel = TrustLevel::InheritsTrust;
trustLevel = TrustLevel::InheritsTrust;
return Success;
}
@ -838,13 +837,12 @@ public:
virtual Result GetCertTrust(EndEntityOrCA endEntityOrCA,
const CertPolicyId&,
const SECItem& candidateCert,
/*out*/ TrustLevel* trustLevel)
/*out*/ TrustLevel& trustLevel)
{
EXPECT_EQ(endEntityOrCA, EndEntityOrCA::MustBeEndEntity);
EXPECT_TRUE(trustLevel);
EXPECT_TRUE(certDER);
EXPECT_TRUE(SECITEM_ItemsAreEqual(certDER, &candidateCert));
*trustLevel = certTrustLevel;
trustLevel = certTrustLevel;
return Success;
}