Commit 01ccc50e authored by Albert Astals Cid's avatar Albert Astals Cid

Merge NSS_CertTranslate into validateCertificate

parent fbb6509c
......@@ -1716,7 +1716,6 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for
}
NSSCMSVerificationStatus sig_val_state;
SECErrorCodes cert_val_state;
const int signature_len = signature->getLength();
unsigned char *signatureuchar = (unsigned char *)gmalloc(signature_len);
memcpy(signatureuchar, signature->c_str(), signature_len);
......@@ -1759,8 +1758,8 @@ SignatureInfo *FormFieldSignature::validateSignature(bool doVerifyCert, bool for
return signature_info;
}
cert_val_state = signature_handler.validateCertificate(validationTime);
signature_info->setCertificateValStatus(SignatureHandler::NSS_CertTranslate(cert_val_state));
const CertificateValidationStatus cert_val_state = signature_handler.validateCertificate(validationTime);
signature_info->setCertificateValStatus(cert_val_state);
signature_info->setCertificateInfo(signature_handler.getCertificateInfo());
#endif
......
......@@ -401,13 +401,12 @@ NSSCMSVerificationStatus SignatureHandler::validateSignature()
}
}
SECErrorCodes SignatureHandler::validateCertificate(time_t validation_time)
CertificateValidationStatus SignatureHandler::validateCertificate(time_t validation_time)
{
SECErrorCodes retVal;
CERTCertificate *cert;
if (!CMSSignerInfo)
return (SECErrorCodes) -1; //error code to avoid matching error codes defined in SECErrorCodes
return CERTIFICATE_GENERIC_ERROR;
if ((cert = NSS_CMSSignerInfo_GetSigningCertificate(CMSSignerInfo, CERT_GetDefaultCertDB())) == nullptr)
CMSSignerInfo->verificationStatus = NSSCMSVS_SigningCertNotFound;
......@@ -425,9 +424,26 @@ SECErrorCodes SignatureHandler::validateCertificate(time_t validation_time)
CERT_PKIXVerifyCert(cert, certificateUsageEmailSigner, inParams, nullptr,
CMSSignerInfo->cmsg->pwfn_arg);
retVal = (SECErrorCodes) PORT_GetError();
switch(PORT_GetError())
{
// 0 not defined in SECErrorCodes, it means success for this purpose.
case 0:
return CERTIFICATE_TRUSTED;
return retVal;
case SEC_ERROR_UNKNOWN_ISSUER:
return CERTIFICATE_UNKNOWN_ISSUER;
case SEC_ERROR_UNTRUSTED_ISSUER:
return CERTIFICATE_UNTRUSTED_ISSUER;
case SEC_ERROR_REVOKED_CERTIFICATE:
return CERTIFICATE_REVOKED;
case SEC_ERROR_EXPIRED_CERTIFICATE:
return CERTIFICATE_EXPIRED;
}
return CERTIFICATE_GENERIC_ERROR;
}
......@@ -451,28 +467,3 @@ SignatureValidationStatus SignatureHandler::NSS_SigTranslate(NSSCMSVerificationS
return SIGNATURE_GENERIC_ERROR;
}
}
CertificateValidationStatus SignatureHandler::NSS_CertTranslate(SECErrorCodes nss_code)
{
// 0 not defined in SECErrorCodes, it means success for this purpose.
if (nss_code == (SECErrorCodes) 0)
return CERTIFICATE_TRUSTED;
switch(nss_code)
{
case SEC_ERROR_UNKNOWN_ISSUER:
return CERTIFICATE_UNKNOWN_ISSUER;
case SEC_ERROR_UNTRUSTED_ISSUER:
return CERTIFICATE_UNTRUSTED_ISSUER;
case SEC_ERROR_REVOKED_CERTIFICATE:
return CERTIFICATE_REVOKED;
case SEC_ERROR_EXPIRED_CERTIFICATE:
return CERTIFICATE_EXPIRED;
default:
return CERTIFICATE_GENERIC_ERROR;
}
}
......@@ -46,12 +46,11 @@ public:
void updateHash(unsigned char * data_block, int data_len);
NSSCMSVerificationStatus validateSignature();
// Use -1 as validation_time for now
SECErrorCodes validateCertificate(time_t validation_time);
CertificateValidationStatus validateCertificate(time_t validation_time);
std::unique_ptr<X509CertificateInfo> getCertificateInfo() const;
//Translate NSS error codes
static SignatureValidationStatus NSS_SigTranslate(NSSCMSVerificationStatus nss_code);
static CertificateValidationStatus NSS_CertTranslate(SECErrorCodes nss_code);
private:
SignatureHandler(const SignatureHandler &);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment