зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1048642, Part 2: Change GenerateKeyPair return type from SECStatus to Result, r=cviecco
--HG-- extra : rebase_source : 652277e952d224175ea57d4509124ff8180440cb
This commit is contained in:
Родитель
4a58c8b13e
Коммит
065cf239b1
|
@ -114,39 +114,29 @@ protected:
|
|||
}
|
||||
|
||||
// The resultant issuerDER and issuerSPKI are owned by the arena.
|
||||
SECStatus MakeIssuerCertIDComponents(const char* issuerASCII,
|
||||
/*out*/ Input& issuerDER,
|
||||
/*out*/ Input& issuerSPKI)
|
||||
void MakeIssuerCertIDComponents(const char* issuerASCII,
|
||||
/*out*/ Input& issuerDER,
|
||||
/*out*/ Input& issuerSPKI)
|
||||
{
|
||||
const SECItem* issuerDERSECItem = ASCIIToDERName(arena.get(), issuerASCII);
|
||||
if (!issuerDERSECItem) {
|
||||
return SECFailure;
|
||||
}
|
||||
if (issuerDER.Init(issuerDERSECItem->data, issuerDERSECItem->len)
|
||||
!= Success) {
|
||||
return SECFailure;
|
||||
}
|
||||
ASSERT_TRUE(issuerDERSECItem);
|
||||
ASSERT_EQ(Success,
|
||||
issuerDER.Init(issuerDERSECItem->data, issuerDERSECItem->len));
|
||||
|
||||
ScopedSECKEYPublicKey issuerPublicKey;
|
||||
ScopedSECKEYPrivateKey issuerPrivateKey;
|
||||
if (GenerateKeyPair(issuerPublicKey, issuerPrivateKey) != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
ASSERT_EQ(Success, GenerateKeyPair(issuerPublicKey, issuerPrivateKey));
|
||||
|
||||
ScopedSECItem issuerSPKIOriginal(
|
||||
SECKEY_EncodeDERSubjectPublicKeyInfo(issuerPublicKey.get()));
|
||||
if (!issuerSPKIOriginal) {
|
||||
return SECFailure;
|
||||
}
|
||||
SECItem issuerSPKICopy;
|
||||
if (SECITEM_CopyItem(arena.get(), &issuerSPKICopy,
|
||||
issuerSPKIOriginal.get()) != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
if (issuerSPKI.Init(issuerSPKICopy.data, issuerSPKICopy.len) != Success) {
|
||||
return SECFailure;
|
||||
}
|
||||
ASSERT_TRUE(issuerSPKIOriginal);
|
||||
|
||||
return SECSuccess;
|
||||
SECItem issuerSPKICopy;
|
||||
ASSERT_EQ(SECSuccess,
|
||||
SECITEM_CopyItem(arena.get(), &issuerSPKICopy,
|
||||
issuerSPKIOriginal.get()));
|
||||
ASSERT_EQ(Success,
|
||||
issuerSPKI.Init(issuerSPKICopy.data, issuerSPKICopy.len));
|
||||
}
|
||||
|
||||
CreateEncodedOCSPRequestTrustDomain trustDomain;
|
||||
|
@ -158,8 +148,7 @@ TEST_F(pkixocsp_CreateEncodedOCSPRequest, ChildCertLongSerialNumberTest)
|
|||
{
|
||||
Input issuerDER;
|
||||
Input issuerSPKI;
|
||||
ASSERT_EQ(SECSuccess,
|
||||
MakeIssuerCertIDComponents("CN=CA", issuerDER, issuerSPKI));
|
||||
MakeIssuerCertIDComponents("CN=CA", issuerDER, issuerSPKI);
|
||||
Input serialNumber;
|
||||
ASSERT_EQ(Success, serialNumber.Init(unsupportedLongSerialNumber->data,
|
||||
unsupportedLongSerialNumber->len));
|
||||
|
@ -178,8 +167,7 @@ TEST_F(pkixocsp_CreateEncodedOCSPRequest, LongestSupportedSerialNumberTest)
|
|||
{
|
||||
Input issuerDER;
|
||||
Input issuerSPKI;
|
||||
ASSERT_EQ(SECSuccess,
|
||||
MakeIssuerCertIDComponents("CN=CA", issuerDER, issuerSPKI));
|
||||
MakeIssuerCertIDComponents("CN=CA", issuerDER, issuerSPKI);
|
||||
Input serialNumber;
|
||||
ASSERT_EQ(Success, serialNumber.Init(longestRequiredSerialNumber->data,
|
||||
longestRequiredSerialNumber->len));
|
||||
|
|
|
@ -108,7 +108,7 @@ public:
|
|||
static bool SetUpTestCaseInner()
|
||||
{
|
||||
ScopedSECKEYPublicKey rootPublicKey;
|
||||
if (GenerateKeyPair(rootPublicKey, rootPrivateKey) != SECSuccess) {
|
||||
if (GenerateKeyPair(rootPublicKey, rootPrivateKey) != Success) {
|
||||
return false;
|
||||
}
|
||||
rootSPKI = SECKEY_EncodeDERSubjectPublicKeyInfo(rootPublicKey.get());
|
||||
|
@ -490,8 +490,8 @@ TEST_F(pkixocsp_VerifyEncodedResponse_DelegatedResponder,
|
|||
{
|
||||
ScopedSECKEYPublicKey missingSignerPublicKey;
|
||||
ScopedSECKEYPrivateKey missingSignerPrivateKey;
|
||||
ASSERT_SECSuccess(GenerateKeyPair(missingSignerPublicKey,
|
||||
missingSignerPrivateKey));
|
||||
ASSERT_EQ(Success, GenerateKeyPair(missingSignerPublicKey,
|
||||
missingSignerPrivateKey));
|
||||
Input response(CreateEncodedOCSPSuccessfulResponse(
|
||||
OCSPResponseContext::good, *endEntityCertID, byKey,
|
||||
missingSignerPrivateKey, pr_oneDayBeforeNow,
|
||||
|
@ -509,8 +509,8 @@ TEST_F(pkixocsp_VerifyEncodedResponse_DelegatedResponder,
|
|||
{
|
||||
ScopedSECKEYPublicKey missingSignerPublicKey;
|
||||
ScopedSECKEYPrivateKey missingSignerPrivateKey;
|
||||
ASSERT_SECSuccess(GenerateKeyPair(missingSignerPublicKey,
|
||||
missingSignerPrivateKey));
|
||||
ASSERT_EQ(Success, GenerateKeyPair(missingSignerPublicKey,
|
||||
missingSignerPrivateKey));
|
||||
Input response(CreateEncodedOCSPSuccessfulResponse(
|
||||
OCSPResponseContext::good, *endEntityCertID,
|
||||
"CN=missing", missingSignerPrivateKey,
|
||||
|
@ -653,7 +653,7 @@ TEST_F(pkixocsp_VerifyEncodedResponse_DelegatedResponder, good_unknown_issuer)
|
|||
// unknown issuer
|
||||
ScopedSECKEYPublicKey unknownPublicKey;
|
||||
ScopedSECKEYPrivateKey unknownPrivateKey;
|
||||
ASSERT_SECSuccess(GenerateKeyPair(unknownPublicKey, unknownPrivateKey));
|
||||
ASSERT_EQ(Success, GenerateKeyPair(unknownPublicKey, unknownPrivateKey));
|
||||
|
||||
// Delegated responder cert signed by unknown issuer
|
||||
static const SECOidTag signerEKU = SEC_OID_OCSP_RESPONDER;
|
||||
|
|
|
@ -664,13 +664,13 @@ MaybeLogOutput(SECItem* result, const char* suffix)
|
|||
///////////////////////////////////////////////////////////////////////////////
|
||||
// Key Pairs
|
||||
|
||||
SECStatus
|
||||
Result
|
||||
GenerateKeyPair(/*out*/ ScopedSECKEYPublicKey& publicKey,
|
||||
/*out*/ ScopedSECKEYPrivateKey& privateKey)
|
||||
{
|
||||
ScopedPtr<PK11SlotInfo, PK11_FreeSlot> slot(PK11_GetInternalSlot());
|
||||
if (!slot) {
|
||||
return SECFailure;
|
||||
return MapPRErrorCodeToResult(PR_GetError());
|
||||
}
|
||||
|
||||
// Bug 1012786: PK11_GenerateKeyPair can fail if there is insufficient
|
||||
|
@ -687,21 +687,22 @@ GenerateKeyPair(/*out*/ ScopedSECKEYPublicKey& publicKey,
|
|||
if (privateKey) {
|
||||
publicKey = publicKeyTemp;
|
||||
assert(publicKey);
|
||||
return SECSuccess;
|
||||
return Success;
|
||||
}
|
||||
|
||||
assert(!publicKeyTemp);
|
||||
|
||||
if (PR_GetError() != SEC_ERROR_PKCS11_FUNCTION_FAILED) {
|
||||
return SECFailure;
|
||||
break;
|
||||
}
|
||||
|
||||
PRTime now = PR_Now();
|
||||
if (PK11_RandomUpdate(&now, sizeof(PRTime)) != SECSuccess) {
|
||||
return SECFailure;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return SECFailure;
|
||||
|
||||
return MapPRErrorCodeToResult(PR_GetError());
|
||||
}
|
||||
|
||||
|
||||
|
@ -742,7 +743,7 @@ CreateEncodedCertificate(PLArenaPool* arena, long version,
|
|||
// privateKeyResult until after we're done with issuerPrivateKey.
|
||||
ScopedSECKEYPublicKey publicKey;
|
||||
ScopedSECKEYPrivateKey privateKeyTemp;
|
||||
if (GenerateKeyPair(publicKey, privateKeyTemp) != SECSuccess) {
|
||||
if (GenerateKeyPair(publicKey, privateKeyTemp) != Success) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
|
|
|
@ -79,8 +79,8 @@ extern const PRTime ONE_DAY;
|
|||
mozilla::pkix::Time YMDHMS(int16_t year, int16_t month, int16_t day,
|
||||
int16_t hour, int16_t minutes, int16_t seconds);
|
||||
|
||||
SECStatus GenerateKeyPair(/*out*/ ScopedSECKEYPublicKey& publicKey,
|
||||
/*out*/ ScopedSECKEYPrivateKey& privateKey);
|
||||
Result GenerateKeyPair(/*out*/ ScopedSECKEYPublicKey& publicKey,
|
||||
/*out*/ ScopedSECKEYPrivateKey& privateKey);
|
||||
|
||||
// The result will be owned by the arena
|
||||
const SECItem* ASCIIToDERName(PLArenaPool* arena, const char* cn);
|
||||
|
|
Загрузка…
Ссылка в новой задаче