diff options
Diffstat (limited to 'lib/certdb/certdb.c')
-rw-r--r-- | lib/certdb/certdb.c | 135 |
1 files changed, 47 insertions, 88 deletions
diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c index 086728963..80b83ed43 100644 --- a/lib/certdb/certdb.c +++ b/lib/certdb/certdb.c @@ -400,8 +400,7 @@ GetKeyUsage(CERTCertificate *cert) PORT_Free(tmpitem.data); tmpitem.data = NULL; - } - else { + } else { /* if the extension is not present, then we allow all uses */ cert->keyUsage = KU_ALL; cert->rawKeyUsage = KU_ALL; @@ -483,8 +482,7 @@ cert_ComputeCertType(CERTCertificate *cert) if (tmpitem.data != NULL || extKeyUsage != NULL) { if (tmpitem.data == NULL) { nsCertType = 0; - } - else { + } else { nsCertType = tmpitem.data[0]; } @@ -517,8 +515,7 @@ cert_ComputeCertType(CERTCertificate *cert) SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_EMAIL_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_EMAIL; } } @@ -526,8 +523,7 @@ cert_ComputeCertType(CERTCertificate *cert) extKeyUsage, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) == SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_SSL_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_SSL_SERVER; } } @@ -540,8 +536,7 @@ cert_ComputeCertType(CERTCertificate *cert) SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_SSL_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_SSL_SERVER; } } @@ -549,8 +544,7 @@ cert_ComputeCertType(CERTCertificate *cert) extKeyUsage, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) == SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_SSL_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_SSL_CLIENT; } } @@ -558,8 +552,7 @@ cert_ComputeCertType(CERTCertificate *cert) extKeyUsage, SEC_OID_EXT_KEY_USAGE_CODE_SIGN) == SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING; } } @@ -571,8 +564,7 @@ cert_ComputeCertType(CERTCertificate *cert) SECSuccess) { nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER; } - } - else { + } else { /* If no NS Cert Type extension and no EKU extension, then */ nsCertType = 0; if (CERT_IsCACert(cert, &nsCertType)) @@ -674,8 +666,7 @@ cert_IsRootCert(CERTCertificate *cert) PORT_Free(tmpitem.data); if (!match) return PR_FALSE; /* else fall through */ - } - else { + } else { /* the subject key ID is required when AKI is present */ return PR_FALSE; } @@ -743,8 +734,7 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, cert->derCert.data = (unsigned char *)data; cert->derCert.len = derSignedCert->len; PORT_Memcpy(data, derSignedCert->data, derSignedCert->len); - } - else { + } else { /* point to passed in DER data */ cert->derCert = *derSignedCert; } @@ -771,8 +761,7 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, /* set the nickname */ if (nickname == NULL) { cert->nickname = NULL; - } - else { + } else { /* copy and install the nickname */ len = PORT_Strlen(nickname) + 1; cert->nickname = (char *)PORT_ArenaAlloc(arena, len); @@ -1007,8 +996,7 @@ SEC_GetCrlTimes(CERTCrl *date, PRTime *notBefore, PRTime *notAfter) if (rv) { return (SECFailure); } - } - else { + } else { LL_I2L(*notAfter, 0L); } return (SECSuccess); @@ -1132,8 +1120,7 @@ CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca, PORT_Assert(0); goto loser; } - } - else { + } else { switch (usage) { case certUsageSSLClient: /* @@ -1356,15 +1343,13 @@ cert_TestHostName(char *cn, const char *hn) if (match == 0) { rv = SECSuccess; - } - else { + } else { PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); rv = SECFailure; } return rv; } - } - else { + } else { /* New approach conforms to RFC 6125. */ char *wildcard = PORT_Strchr(cn, '*'); char *firstcndot = PORT_Strchr(cn, '.'); @@ -1379,9 +1364,8 @@ cert_TestHostName(char *cn, const char *hn) * - must not be preceded by an IDNA ACE prefix (xn--) */ if (wildcard && secondcndot && secondcndot[1] && firsthndot && - firstcndot - wildcard == - 1 /* wildcard is last char in first component */ - && secondcndot - firstcndot > 1 /* second component is non-empty */ + firstcndot - wildcard == 1 /* wildcard is last char in first component */ + && secondcndot - firstcndot > 1 /* second component is non-empty */ && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */ && !PORT_Strncasecmp(cn, hn, wildcard - cn) && !PORT_Strcasecmp(firstcndot, firsthndot) @@ -1473,23 +1457,20 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) netAddr.inet.family == PR_AF_INET) { match = !memcmp(&netAddr.inet.ip, current->name.other.data, 4); - } - else if (current->name.other.len == - 16 && /* IP v6 address */ - netAddr.ipv6.family == PR_AF_INET6) { + } else if (current->name.other.len == + 16 && /* IP v6 address */ + netAddr.ipv6.family == PR_AF_INET6) { match = !memcmp(&netAddr.ipv6.ip, current->name.other.data, 16); - } - else if (current->name.other.len == - 16 && /* IP v6 address */ - netAddr.inet.family == PR_AF_INET) { + } else if (current->name.other.len == + 16 && /* IP v6 address */ + netAddr.inet.family == PR_AF_INET) { /* convert netAddr to ipv6, then compare. */ /* ipv4 must be in Network Byte Order on input. */ PR_ConvertIPv4AddrToIPv6(netAddr.inet.ip, &v6Addr); match = !memcmp(&v6Addr, current->name.other.data, 16); - } - else if (current->name.other.len == 4 && /* IP v4 address */ - netAddr.inet.family == PR_AF_INET6) { + } else if (current->name.other.len == 4 && /* IP v4 address */ + netAddr.inet.family == PR_AF_INET6) { /* convert netAddr to ipv6, then compare. */ PRUint32 ipv4 = (current->name.other.data[0] << 24) | (current->name.other.data[1] << 16) | @@ -1517,8 +1498,7 @@ fail: if (!(isIPaddr ? IPextCount : DNSextCount)) { /* no relevant value in the extension was found. */ PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); - } - else { + } else { PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); } rv = SECFailure; @@ -1648,8 +1628,7 @@ cert_GetDNSPatternsFromGeneralNames(CERTGeneralName *firstName, addr.inet.family = PR_AF_INET; memcpy(&addr.inet.ip, currentInput->name.other.data, currentInput->name.other.len); - } - else if (currentInput->name.other.len == 16) { + } else if (currentInput->name.other.len == 16) { addr.ipv6.family = PR_AF_INET6; memcpy(&addr.ipv6.ip, currentInput->name.other.data, currentInput->name.other.len); @@ -1787,18 +1766,15 @@ CERT_VerifyCertName(const CERTCertificate *cert, const char *hn) if (isIPaddr) { if (PORT_Strcasecmp(hn, cn) == 0) { rv = SECSuccess; - } - else { + } else { PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); rv = SECFailure; } - } - else { + } else { rv = cert_TestHostName(cn, hn); } PORT_Free(cn); - } - else + } else PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); return rv; } @@ -1811,8 +1787,7 @@ CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2) comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert); if (comp == SECEqual) { /* certs are the same */ return (PR_TRUE); - } - else { + } else { return (PR_FALSE); } } @@ -1966,8 +1941,7 @@ CERT_MakeCANickname(CERTCertificate *cert) if (firstname) { org = firstname; firstname = NULL; - } - else { + } else { org = PORT_Strdup("Unknown CA"); } } @@ -1985,16 +1959,13 @@ CERT_MakeCANickname(CERTCertificate *cert) if (firstname) { if (count == 1) { nickname = PR_smprintf("%s - %s", firstname, org); - } - else { + } else { nickname = PR_smprintf("%s - %s #%d", firstname, org, count); } - } - else { + } else { if (count == 1) { nickname = PR_smprintf("%s", org); - } - else { + } else { nickname = PR_smprintf("%s #%d", org, count); } } @@ -2104,8 +2075,7 @@ CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype) if (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA | NS_CERT_TYPE_OBJECT_SIGNING_CA)) { ret = PR_TRUE; - } - else { + } else { SECStatus rv; CERTBasicConstraints constraints; @@ -2254,8 +2224,7 @@ CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb) return (PR_FALSE); } return (PR_TRUE); - } - else { + } else { /* cert B was issued after cert A, but expires sooner */ /* if B is expired, then pick A */ if (LL_CMP(notAfterB, <, now)) { @@ -2371,8 +2340,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) case ',': if (pflags == &trust->sslFlags) { pflags = &trust->emailFlags; - } - else { + } else { pflags = &trust->objectSigningFlags; } break; @@ -2489,8 +2457,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, */ /* Bug 1192442 - propagate errors from these calls. */ (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); - } - else { + } else { (void)CERT_AddTempCertToPerm( certs[i], nickname ? nickname : canickname, NULL); } @@ -2503,8 +2470,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, if (retCerts) { *retCerts = certs; - } - else { + } else { if (certs) { CERT_DestroyCertArray(certs, fcerts); } @@ -2700,8 +2666,7 @@ CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb, void *arg) if (newerbefore) { /* cert A was issued after cert B, but expires sooner */ return (PR_TRUE); - } - else { + } else { /* cert B was issued after cert A, but expires sooner */ return (PR_FALSE); } @@ -2800,8 +2765,7 @@ CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage, * fix the cert decoding code to do this. */ (void)CERT_IsCACert(node->cert, &certType); - } - else { + } else { certType = node->cert->nsCertType; } if (!(certType & requiredCertType)) { @@ -2814,8 +2778,7 @@ CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage, savenode = CERT_LIST_NEXT(node); CERT_RemoveCertListNode(node); node = savenode; - } - else { + } else { node = CERT_LIST_NEXT(node); } } @@ -2836,8 +2799,7 @@ CERT_IsUserCert(CERTCertificate *cert) ((trust.sslFlags & CERTDB_USER) || (trust.emailFlags & CERTDB_USER) || (trust.objectSigningFlags & CERTDB_USER))) { return PR_TRUE; - } - else { + } else { return PR_FALSE; } } @@ -2861,8 +2823,7 @@ CERT_FilterCertListForUserCerts(CERTCertList *certList) freenode = node; node = CERT_LIST_NEXT(node); CERT_RemoveCertListNode(freenode); - } - else { + } else { /* Is a User cert, so leave it in the list */ node = CERT_LIST_NEXT(node); } @@ -2954,8 +2915,7 @@ cert_DestroyLocks(void) if (certRefCountLock) { PZ_DestroyLock(certRefCountLock); certRefCountLock = NULL; - } - else { + } else { rv = SECFailure; } @@ -2963,8 +2923,7 @@ cert_DestroyLocks(void) if (certTrustLock) { PZ_DestroyLock(certTrustLock); certTrustLock = NULL; - } - else { + } else { rv = SECFailure; } return rv; |