Back to index

lightning-sunbird  0.9+nobinonly
Public Types | Public Member Functions | Private Member Functions | Private Attributes
nsUsageArrayHelper Class Reference

#include <nsUsageArrayHelper.h>

Collaboration diagram for nsUsageArrayHelper:
Collaboration graph
[legend]

List of all members.

Public Types

enum  { max_returned_out_array_size = 12 }

Public Member Functions

 nsUsageArrayHelper (CERTCertificate *aCert)
nsresult GetUsagesArray (const char *suffix, PRBool ignoreOcsp, PRUint32 outArraySize, PRUint32 *_verified, PRUint32 *_count, PRUnichar **tmpUsages)

Private Member Functions

void check (const char *suffix, SECCertificateUsage aCertUsage, PRUint32 &aCounter, PRUnichar **outUsages)
void verifyFailed (PRUint32 *_verified, int err)

Private Attributes

CERTCertificate * mCert
nsresult m_rv
CERTCertDBHandle * defaultcertdb
nsCOMPtr< nsINSSComponent > nssComponent

Detailed Description

Definition at line 45 of file nsUsageArrayHelper.h.


Member Enumeration Documentation

anonymous enum
Enumerator:
max_returned_out_array_size 

Definition at line 57 of file nsUsageArrayHelper.h.


Constructor & Destructor Documentation

nsUsageArrayHelper::nsUsageArrayHelper ( CERTCertificate *  aCert)

Definition at line 56 of file nsUsageArrayHelper.cpp.

Here is the call graph for this function:


Member Function Documentation

void nsUsageArrayHelper::check ( const char *  suffix,
SECCertificateUsage  aCertUsage,
PRUint32 aCounter,
PRUnichar **  outUsages 
) [private]

Definition at line 65 of file nsUsageArrayHelper.cpp.

{
  if (!aCertUsage) return;
  nsCAutoString typestr;
  switch (aCertUsage) {
  case certificateUsageSSLClient:
    typestr = "VerifySSLClient";
    break;
  case certificateUsageSSLServer:
    typestr = "VerifySSLServer";
    break;
  case certificateUsageSSLServerWithStepUp:
    typestr = "VerifySSLStepUp";
    break;
  case certificateUsageEmailSigner:
    typestr = "VerifyEmailSigner";
    break;
  case certificateUsageEmailRecipient:
    typestr = "VerifyEmailRecip";
    break;
  case certificateUsageObjectSigner:
    typestr = "VerifyObjSign";
    break;
  case certificateUsageProtectedObjectSigner:
    typestr = "VerifyProtectObjSign";
    break;
  case certificateUsageUserCertImport:
    typestr = "VerifyUserImport";
    break;
  case certificateUsageSSLCA:
    typestr = "VerifySSLCA";
    break;
  case certificateUsageVerifyCA:
    typestr = "VerifyCAVerifier";
    break;
  case certificateUsageStatusResponder:
    typestr = "VerifyStatusResponder";
    break;
  case certificateUsageAnyCA:
    typestr = "VerifyAnyCA";
    break;
  default:
    break;
  }
  if (!typestr.IsEmpty()) {
    typestr.Append(suffix);
    nsAutoString verifyDesc;
    m_rv = nssComponent->GetPIPNSSBundleString(typestr.get(), verifyDesc);
    if (NS_SUCCEEDED(m_rv)) {
      outUsages[aCounter++] = ToNewUnicode(verifyDesc);
    }
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

nsresult nsUsageArrayHelper::GetUsagesArray ( const char *  suffix,
PRBool  ignoreOcsp,
PRUint32  outArraySize,
PRUint32 _verified,
PRUint32 _count,
PRUnichar **  tmpUsages 
)

Definition at line 154 of file nsUsageArrayHelper.cpp.

{
  nsNSSShutDownPreventionLock locker;
  if (NS_FAILED(m_rv))
    return m_rv;

  if (outArraySize < max_returned_out_array_size)
    return NS_ERROR_FAILURE;

  nsCOMPtr<nsINSSComponent> nssComponent;

  if (ignoreOcsp) {
    nsresult rv;
    nssComponent = do_GetService(kNSSComponentCID, &rv);
    if (NS_FAILED(rv))
      return rv;
    
    if (nssComponent) {
      nssComponent->SkipOcsp();
    }
  }

  PRUint32 &count = *_count;
  count = 0;
  SECCertificateUsage usages;
  
  CERT_VerifyCertificateNow(defaultcertdb, mCert, PR_TRUE, 
                         certificateUsageSSLClient |
                         certificateUsageSSLServer |
                         certificateUsageSSLServerWithStepUp |
                         certificateUsageEmailSigner |
                         certificateUsageEmailRecipient |
                         certificateUsageObjectSigner |
                         certificateUsageSSLCA |
                         certificateUsageStatusResponder,
                         NULL, &usages);
  int err = PR_GetError();

  // The following list of checks must be < max_returned_out_array_size
  
  check(suffix, usages & certificateUsageSSLClient, count, outUsages);
  check(suffix, usages & certificateUsageSSLServer, count, outUsages);
  check(suffix, usages & certificateUsageSSLServerWithStepUp, count, outUsages);
  check(suffix, usages & certificateUsageEmailSigner, count, outUsages);
  check(suffix, usages & certificateUsageEmailRecipient, count, outUsages);
  check(suffix, usages & certificateUsageObjectSigner, count, outUsages);
#if 0
  check(suffix, usages & certificateUsageProtectedObjectSigner, count, outUsages);
  check(suffix, usages & certificateUsageUserCertImport, count, outUsages);
#endif
  check(suffix, usages & certificateUsageSSLCA, count, outUsages);
#if 0
  check(suffix, usages & certificateUsageVerifyCA, count, outUsages);
#endif
  check(suffix, usages & certificateUsageStatusResponder, count, outUsages);
#if 0
  check(suffix, usages & certificateUsageAnyCA, count, outUsages);
#endif

  if (ignoreOcsp && nssComponent) {
    nssComponent->SkipOcspOff();
  }

  if (count == 0) {
    verifyFailed(_verified, err);
  } else {
    *_verified = nsNSSCertificate::VERIFIED_OK;
  }
  return NS_OK;
}

Here is the call graph for this function:

void nsUsageArrayHelper::verifyFailed ( PRUint32 _verified,
int  err 
) [private]

Definition at line 123 of file nsUsageArrayHelper.cpp.

{
  switch (err) {
  /* For these cases, verify only failed for the particular usage */
  case SEC_ERROR_INADEQUATE_KEY_USAGE:
  case SEC_ERROR_INADEQUATE_CERT_TYPE:
    *_verified = nsNSSCertificate::USAGE_NOT_ALLOWED; break;
  /* These are the cases that have individual error messages */
  case SEC_ERROR_REVOKED_CERTIFICATE:
    *_verified = nsNSSCertificate::CERT_REVOKED; break;
  case SEC_ERROR_EXPIRED_CERTIFICATE:
    *_verified = nsNSSCertificate::CERT_EXPIRED; break;
  case SEC_ERROR_UNTRUSTED_CERT:
    *_verified = nsNSSCertificate::CERT_NOT_TRUSTED; break;
  case SEC_ERROR_UNTRUSTED_ISSUER:
    *_verified = nsNSSCertificate::ISSUER_NOT_TRUSTED; break;
  case SEC_ERROR_UNKNOWN_ISSUER:
    *_verified = nsNSSCertificate::ISSUER_UNKNOWN; break;
  case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
    // XXX are there other error for this?
    *_verified = nsNSSCertificate::INVALID_CA; break;
  case SEC_ERROR_CERT_USAGES_INVALID: // XXX what is this?
  // there are some OCSP errors from PSM 1.x to add here
  case SECSuccess:
    // this means, no verification result has ever been received
  default:
    *_verified = nsNSSCertificate::NOT_VERIFIED_UNKNOWN; break;
  }
}

Here is the caller graph for this function:


Member Data Documentation

CERTCertDBHandle* nsUsageArrayHelper::defaultcertdb [private]

Definition at line 62 of file nsUsageArrayHelper.h.

Definition at line 61 of file nsUsageArrayHelper.h.

CERTCertificate* nsUsageArrayHelper::mCert [private]

Definition at line 60 of file nsUsageArrayHelper.h.

nsCOMPtr<nsINSSComponent> nsUsageArrayHelper::nssComponent [private]

Definition at line 63 of file nsUsageArrayHelper.h.


The documentation for this class was generated from the following files: