Closed Bug 482153 Opened 17 years ago Closed 13 years ago

Need a Stan function to answer: is this cert Trusted for this usage?

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Version:
3.12.3
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.13.6

People

(Reporter: nelson, Assigned: wtc)

References

Details

Attachments

(1 file)

disgusting hack
4.76 KB, patch
nelson
: superreview-
Details | Diff | Splinter Review
NSS lacks a function to ask: Is this NSSCertificate trusted for this usage? NSS has MANY functions that attempt to return the "Best" certificate according to certain criteria. They all ignore trust, and that is the cause of numerous bugs, such as bug 479508. They nearly all rely on a single underlying function, which is nssCertificateArray_FindBestCertificate. If that function could be changed to check certs for being trusted for the usage argument, and to select only one of the trusted certs when any are trusted, that would solve most of these problems. To fix that, nssCertificateArray_FindBestCertificate needs a Stan function to answer: Is this NSSCertificate trusted for this usage? Header file nss/lib/pki/nsspki.h contains a block comment describing a function as: > PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c); Apparently, it was thought that the usage would be part of the function name. I now propose a new function: PRBool NSSCertificate_IsTrustedForUsage(NSSCertificate *c, const NSSUsage *usage); to be called by nssCertificateArray_FindBestCertificate. But I scarcely know where to begin to implement it. All the code I've seen to answer the question of "is this cert trusted" is old pre-stan code that uses the CERTCertificate's trust. That's clearly NOT what we want to use for this function. But I don't know what we should use instead. Bob, I'd appreciate an outline of how to implement this Stan function, e.g. how to answer the trust question, what objects need to be interrogates, etc. Do we need to ask a trust domain? A crypto context? Are there functions to do any of those things? Although this is an enhancement request, it blocks a P2 bug.
Priority: -- → P2
This disgusting hack effectively unblocks bug 479508, but it's too disgusting to contemplate committing. Writing it was useful, to convince me we need a Stan solution.
Attachment #366236 - Flags: superreview-
Attachment #366236 - Flags: review?(rrelyea)
Summary: Need a Stan function to answer: is this cert valid for this usage? → Need a Stan function to answer: is this cert Trusted for this usage?
Attachment #366236 - Flags: review?(rrelyea)
Comment on attachment 366236 [details] [diff] [review] disgusting hack clearing review, but I'll still give you some comments....
The disgusting thing about this hack is missing NSS3 and Stan elements together in a stand file. First things first: the signature... in stan, I think you need the trust domain to really answer the question: is this cert trusted for this operation. Next, pointers to where the right stuff is. pki/pki3_hack.c is where the NSS3/Stan translators live. NSS3 is treated like an encoding in stan, except we also need to map stan structures back into NSS3 structures to applications continue to work. I see a couple of functions there that may be interesting: 1) nss3certicate_getUsage(nssDecodedCert *dc). It currently doesn't return anything useful (NULL). I don't know where it's used, but the guts of your hack would seem to naturally live in this function. (though I could be mistaken). 2) nss3certificate_matchUsage() with a comment CERT_FilterCertListByUsage. This does have an implementation, but does not check trust. (probably shouldn't). 3) cert_trust_from_stan_trust and nssTrust_GetCERTCertTrustForCert shows how we currently map stan trust to cert trust. It also shows how to get stan trust from the trustdomain and the certificate. bob
(In reply to comment #3) > The disgusting thing about this hack is missing NSS3 and Stan elements > together in a stan file. Well, IMO, the disgusting thing is that this stan function is relying on properties of one of the encodings, when the information being requested is completely independent of cert encoding (and is not actually part of the cert). > First things first: the signature... in stan, I think you need the trust > domain to really answer the question: is this cert trusted for this > operation. The TD is needed to answer the question the first time it is asked. After that, it should be cached in the NSSCert somewhere, just as it is in the CERTCertificate. Polling the tokens is the only method implemented by the TD to answer that question. We don't want to go polling all the tokens every time that someone asks if the cert is trusted. The NSSCert has a TD pointer in it, so I think it is unnecessary to also put the TD pointer into the function signature, because it's implicit in the NSSCert argument. > Next, pointers to where the right stuff is. pki/pki3_hack.c is where the > NSS3/Stan translators live. NSS3 is treated like an encoding in stan, > except we also need to map stan structures back into NSS3 structures to > applications continue to work. I think you're saying the code is in the wrong file. Are you also saying that the function is incomplete? Thanks for the other pointers in that comment.
(In reply to Robert Relyea from comment #3) > The disgusting thing about this hack is missing NSS3 and Stan elements > together in a stand file. I don't understand this sentence, could you please elaborate?
Fixed by the patch in bug 764393 comment 29. I added the isTrustedForUsage method to the nssDecodedCert structure.
Assignee: nobody → wtc
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12.6
Target Milestone: 3.12.6 → 3.13.6
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: