Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(252)

Unified Diff: lib/pki/pkistore.c

Issue 201830043: Bug 1118245 - Apply uniform style across NSS
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « lib/pki/pkistore.h ('k') | lib/pki/pkit.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/pki/pkistore.c
===================================================================
--- a/lib/pki/pkistore.c
+++ b/lib/pki/pkistore.c
@@ -22,692 +22,563 @@
#include "pkistore.h"
#endif /* PKISTORE_H */
#include "cert.h"
#include "pki3hack.h"
#include "prbit.h"
-/*
+/*
* Certificate Store
*
* This differs from the cache in that it is a true storage facility. Items
* stay in until they are explicitly removed. It is only used by crypto
* contexts at this time, but may be more generally useful...
*
*/
-struct nssCertificateStoreStr
-{
- PRBool i_alloced_arena;
- NSSArena *arena;
- PZLock *lock;
- nssHash *subject;
- nssHash *issuer_and_serial;
+struct nssCertificateStoreStr {
+ PRBool i_alloced_arena;
+ NSSArena *arena;
+ PZLock *lock;
+ nssHash *subject;
+ nssHash *issuer_and_serial;
};
typedef struct certificate_hash_entry_str certificate_hash_entry;
-struct certificate_hash_entry_str
-{
- NSSCertificate *cert;
- NSSTrust *trust;
- nssSMIMEProfile *profile;
+struct certificate_hash_entry_str {
+ NSSCertificate *cert;
+ NSSTrust *trust;
+ nssSMIMEProfile *profile;
};
/* forward static declarations */
-static NSSCertificate *
-nssCertStore_FindCertByIssuerAndSerialNumberLocked (
- nssCertificateStore *store,
- NSSDER *issuer,
- NSSDER *serial
-);
+static NSSCertificate *nssCertStore_FindCertByIssuerAndSerialNumberLocked(
+ nssCertificateStore *store, NSSDER *issuer, NSSDER *serial);
-NSS_IMPLEMENT nssCertificateStore *
-nssCertificateStore_Create (
- NSSArena *arenaOpt
-)
-{
- NSSArena *arena;
- nssCertificateStore *store;
- PRBool i_alloced_arena;
- if (arenaOpt) {
- arena = arenaOpt;
- i_alloced_arena = PR_FALSE;
- } else {
- arena = nssArena_Create();
- if (!arena) {
- return NULL;
- }
- i_alloced_arena = PR_TRUE;
+NSS_IMPLEMENT nssCertificateStore *nssCertificateStore_Create(
+ NSSArena *arenaOpt) {
+ NSSArena *arena;
+ nssCertificateStore *store;
+ PRBool i_alloced_arena;
+ if (arenaOpt) {
+ arena = arenaOpt;
+ i_alloced_arena = PR_FALSE;
+ } else {
+ arena = nssArena_Create();
+ if (!arena) {
+ return NULL;
}
- store = nss_ZNEW(arena, nssCertificateStore);
- if (!store) {
- goto loser;
+ i_alloced_arena = PR_TRUE;
+ }
+ store = nss_ZNEW(arena, nssCertificateStore);
+ if (!store) {
+ goto loser;
+ }
+ store->lock = PZ_NewLock(nssILockOther);
+ if (!store->lock) {
+ goto loser;
+ }
+ /* Create the issuer/serial --> {cert, trust, S/MIME profile } hash */
+ store->issuer_and_serial = nssHash_CreateCertificate(arena, 0);
+ if (!store->issuer_and_serial) {
+ goto loser;
+ }
+ /* Create the subject DER --> subject list hash */
+ store->subject = nssHash_CreateItem(arena, 0);
+ if (!store->subject) {
+ goto loser;
+ }
+ store->arena = arena;
+ store->i_alloced_arena = i_alloced_arena;
+ return store;
+loser:
+ if (store) {
+ if (store->lock) {
+ PZ_DestroyLock(store->lock);
}
- store->lock = PZ_NewLock(nssILockOther);
- if (!store->lock) {
- goto loser;
+ if (store->issuer_and_serial) {
+ nssHash_Destroy(store->issuer_and_serial);
}
- /* Create the issuer/serial --> {cert, trust, S/MIME profile } hash */
- store->issuer_and_serial = nssHash_CreateCertificate(arena, 0);
- if (!store->issuer_and_serial) {
- goto loser;
+ if (store->subject) {
+ nssHash_Destroy(store->subject);
}
- /* Create the subject DER --> subject list hash */
- store->subject = nssHash_CreateItem(arena, 0);
- if (!store->subject) {
- goto loser;
- }
- store->arena = arena;
- store->i_alloced_arena = i_alloced_arena;
- return store;
-loser:
- if (store) {
- if (store->lock) {
- PZ_DestroyLock(store->lock);
- }
- if (store->issuer_and_serial) {
- nssHash_Destroy(store->issuer_and_serial);
- }
- if (store->subject) {
- nssHash_Destroy(store->subject);
- }
- }
- if (i_alloced_arena) {
- nssArena_Destroy(arena);
- }
- return NULL;
+ }
+ if (i_alloced_arena) {
+ nssArena_Destroy(arena);
+ }
+ return NULL;
}
extern const NSSError NSS_ERROR_BUSY;
-NSS_IMPLEMENT PRStatus
-nssCertificateStore_Destroy (
- nssCertificateStore *store
-)
-{
- if (nssHash_Count(store->issuer_and_serial) > 0) {
- nss_SetError(NSS_ERROR_BUSY);
- return PR_FAILURE;
- }
- PZ_DestroyLock(store->lock);
- nssHash_Destroy(store->issuer_and_serial);
- nssHash_Destroy(store->subject);
- if (store->i_alloced_arena) {
- nssArena_Destroy(store->arena);
- } else {
- nss_ZFreeIf(store);
- }
- return PR_SUCCESS;
+NSS_IMPLEMENT PRStatus nssCertificateStore_Destroy(nssCertificateStore *store) {
+ if (nssHash_Count(store->issuer_and_serial) > 0) {
+ nss_SetError(NSS_ERROR_BUSY);
+ return PR_FAILURE;
+ }
+ PZ_DestroyLock(store->lock);
+ nssHash_Destroy(store->issuer_and_serial);
+ nssHash_Destroy(store->subject);
+ if (store->i_alloced_arena) {
+ nssArena_Destroy(store->arena);
+ } else {
+ nss_ZFreeIf(store);
+ }
+ return PR_SUCCESS;
}
-static PRStatus
-add_certificate_entry (
- nssCertificateStore *store,
- NSSCertificate *cert
-)
-{
- PRStatus nssrv;
- certificate_hash_entry *entry;
- entry = nss_ZNEW(cert->object.arena, certificate_hash_entry);
- if (!entry) {
- return PR_FAILURE;
- }
- entry->cert = cert;
- nssrv = nssHash_Add(store->issuer_and_serial, cert, entry);
- if (nssrv != PR_SUCCESS) {
- nss_ZFreeIf(entry);
- }
- return nssrv;
+static PRStatus add_certificate_entry(nssCertificateStore *store,
+ NSSCertificate *cert) {
+ PRStatus nssrv;
+ certificate_hash_entry *entry;
+ entry = nss_ZNEW(cert->object.arena, certificate_hash_entry);
+ if (!entry) {
+ return PR_FAILURE;
+ }
+ entry->cert = cert;
+ nssrv = nssHash_Add(store->issuer_and_serial, cert, entry);
+ if (nssrv != PR_SUCCESS) {
+ nss_ZFreeIf(entry);
+ }
+ return nssrv;
}
-static PRStatus
-add_subject_entry (
- nssCertificateStore *store,
- NSSCertificate *cert
-)
-{
- PRStatus nssrv;
- nssList *subjectList;
- subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
- if (subjectList) {
- /* The subject is already in, add this cert to the list */
- nssrv = nssList_AddUnique(subjectList, cert);
- } else {
- /* Create a new subject list for the subject */
- subjectList = nssList_Create(NULL, PR_FALSE);
- if (!subjectList) {
- return PR_FAILURE;
- }
- nssList_SetSortFunction(subjectList, nssCertificate_SubjectListSort);
- /* Add the cert entry to this list of subjects */
- nssrv = nssList_Add(subjectList, cert);
- if (nssrv != PR_SUCCESS) {
- return nssrv;
- }
- /* Add the subject list to the cache */
- nssrv = nssHash_Add(store->subject, &cert->subject, subjectList);
+static PRStatus add_subject_entry(nssCertificateStore *store,
+ NSSCertificate *cert) {
+ PRStatus nssrv;
+ nssList *subjectList;
+ subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
+ if (subjectList) {
+ /* The subject is already in, add this cert to the list */
+ nssrv = nssList_AddUnique(subjectList, cert);
+ } else {
+ /* Create a new subject list for the subject */
+ subjectList = nssList_Create(NULL, PR_FALSE);
+ if (!subjectList) {
+ return PR_FAILURE;
}
- return nssrv;
+ nssList_SetSortFunction(subjectList, nssCertificate_SubjectListSort);
+ /* Add the cert entry to this list of subjects */
+ nssrv = nssList_Add(subjectList, cert);
+ if (nssrv != PR_SUCCESS) {
+ return nssrv;
+ }
+ /* Add the subject list to the cache */
+ nssrv = nssHash_Add(store->subject, &cert->subject, subjectList);
+ }
+ return nssrv;
}
/* declared below */
-static void
-remove_certificate_entry (
- nssCertificateStore *store,
- NSSCertificate *cert
-);
+static void remove_certificate_entry(nssCertificateStore *store,
+ NSSCertificate *cert);
/* Caller must hold store->lock */
-static PRStatus
-nssCertificateStore_AddLocked (
- nssCertificateStore *store,
- NSSCertificate *cert
-)
-{
- PRStatus nssrv = add_certificate_entry(store, cert);
- if (nssrv == PR_SUCCESS) {
- nssrv = add_subject_entry(store, cert);
- if (nssrv == PR_FAILURE) {
- remove_certificate_entry(store, cert);
- }
+static PRStatus nssCertificateStore_AddLocked(nssCertificateStore *store,
+ NSSCertificate *cert) {
+ PRStatus nssrv = add_certificate_entry(store, cert);
+ if (nssrv == PR_SUCCESS) {
+ nssrv = add_subject_entry(store, cert);
+ if (nssrv == PR_FAILURE) {
+ remove_certificate_entry(store, cert);
}
- return nssrv;
+ }
+ return nssrv;
}
+NSS_IMPLEMENT NSSCertificate *nssCertificateStore_FindOrAdd(
+ nssCertificateStore *store, NSSCertificate *c) {
+ PRStatus nssrv;
+ NSSCertificate *rvCert = NULL;
-NSS_IMPLEMENT NSSCertificate *
-nssCertificateStore_FindOrAdd (
- nssCertificateStore *store,
- NSSCertificate *c
-)
-{
- PRStatus nssrv;
- NSSCertificate *rvCert = NULL;
-
- PZ_Lock(store->lock);
- rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked(
- store, &c->issuer, &c->serial);
- if (!rvCert) {
- nssrv = nssCertificateStore_AddLocked(store, c);
- if (PR_SUCCESS == nssrv) {
- rvCert = nssCertificate_AddRef(c);
- }
+ PZ_Lock(store->lock);
+ rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked(store, &c->issuer,
+ &c->serial);
+ if (!rvCert) {
+ nssrv = nssCertificateStore_AddLocked(store, c);
+ if (PR_SUCCESS == nssrv) {
+ rvCert = nssCertificate_AddRef(c);
}
- PZ_Unlock(store->lock);
- return rvCert;
+ }
+ PZ_Unlock(store->lock);
+ return rvCert;
}
-static void
-remove_certificate_entry (
- nssCertificateStore *store,
- NSSCertificate *cert
-)
-{
- certificate_hash_entry *entry;
- entry = (certificate_hash_entry *)
- nssHash_Lookup(store->issuer_and_serial, cert);
- if (entry) {
- nssHash_Remove(store->issuer_and_serial, cert);
- if (entry->trust) {
- nssTrust_Destroy(entry->trust);
- }
- if (entry->profile) {
- nssSMIMEProfile_Destroy(entry->profile);
- }
- nss_ZFreeIf(entry);
+static void remove_certificate_entry(nssCertificateStore *store,
+ NSSCertificate *cert) {
+ certificate_hash_entry *entry;
+ entry =
+ (certificate_hash_entry *)nssHash_Lookup(store->issuer_and_serial, cert);
+ if (entry) {
+ nssHash_Remove(store->issuer_and_serial, cert);
+ if (entry->trust) {
+ nssTrust_Destroy(entry->trust);
}
+ if (entry->profile) {
+ nssSMIMEProfile_Destroy(entry->profile);
+ }
+ nss_ZFreeIf(entry);
+ }
}
-static void
-remove_subject_entry (
- nssCertificateStore *store,
- NSSCertificate *cert
-)
-{
- nssList *subjectList;
- /* Get the subject list for the cert's subject */
- subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
- if (subjectList) {
- /* Remove the cert from the subject hash */
- nssList_Remove(subjectList, cert);
- nssHash_Remove(store->subject, &cert->subject);
- if (nssList_Count(subjectList) == 0) {
- nssList_Destroy(subjectList);
- } else {
- /* The cert being released may have keyed the subject entry.
- * Since there are still subject certs around, get another and
- * rekey the entry just in case.
- */
- NSSCertificate *subjectCert;
- (void)nssList_GetArray(subjectList, (void **)&subjectCert, 1);
- nssHash_Add(store->subject, &subjectCert->subject, subjectList);
- }
+static void remove_subject_entry(nssCertificateStore *store,
+ NSSCertificate *cert) {
+ nssList *subjectList;
+ /* Get the subject list for the cert's subject */
+ subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
+ if (subjectList) {
+ /* Remove the cert from the subject hash */
+ nssList_Remove(subjectList, cert);
+ nssHash_Remove(store->subject, &cert->subject);
+ if (nssList_Count(subjectList) == 0) {
+ nssList_Destroy(subjectList);
+ } else {
+ /* The cert being released may have keyed the subject entry.
+ * Since there are still subject certs around, get another and
+ * rekey the entry just in case.
+ */
+ NSSCertificate *subjectCert;
+ (void)nssList_GetArray(subjectList, (void **)&subjectCert, 1);
+ nssHash_Add(store->subject, &subjectCert->subject, subjectList);
}
+ }
}
-NSS_IMPLEMENT void
-nssCertificateStore_RemoveCertLOCKED (
- nssCertificateStore *store,
- NSSCertificate *cert
-)
-{
- certificate_hash_entry *entry;
- entry = (certificate_hash_entry *)
- nssHash_Lookup(store->issuer_and_serial, cert);
- if (entry && entry->cert == cert) {
- remove_certificate_entry(store, cert);
- remove_subject_entry(store, cert);
- }
+NSS_IMPLEMENT void nssCertificateStore_RemoveCertLOCKED(
+ nssCertificateStore *store, NSSCertificate *cert) {
+ certificate_hash_entry *entry;
+ entry =
+ (certificate_hash_entry *)nssHash_Lookup(store->issuer_and_serial, cert);
+ if (entry && entry->cert == cert) {
+ remove_certificate_entry(store, cert);
+ remove_subject_entry(store, cert);
+ }
}
-NSS_IMPLEMENT void
-nssCertificateStore_Lock (
- nssCertificateStore *store, nssCertificateStoreTrace* out
-)
-{
+NSS_IMPLEMENT void nssCertificateStore_Lock(nssCertificateStore *store,
+ nssCertificateStoreTrace *out) {
#ifdef DEBUG
- PORT_Assert(out);
- out->store = store;
- out->lock = store->lock;
- out->locked = PR_TRUE;
- PZ_Lock(out->lock);
+ PORT_Assert(out);
+ out->store = store;
+ out->lock = store->lock;
+ out->locked = PR_TRUE;
+ PZ_Lock(out->lock);
#else
- PZ_Lock(store->lock);
+ PZ_Lock(store->lock);
#endif
}
-NSS_IMPLEMENT void
-nssCertificateStore_Unlock (
- nssCertificateStore *store, const nssCertificateStoreTrace* in,
- nssCertificateStoreTrace* out
-)
-{
+NSS_IMPLEMENT void nssCertificateStore_Unlock(
+ nssCertificateStore *store, const nssCertificateStoreTrace *in,
+ nssCertificateStoreTrace *out) {
#ifdef DEBUG
- PORT_Assert(in);
- PORT_Assert(out);
- out->store = store;
- out->lock = store->lock;
- PORT_Assert(!out->locked);
- out->unlocked = PR_TRUE;
+ PORT_Assert(in);
+ PORT_Assert(out);
+ out->store = store;
+ out->lock = store->lock;
+ PORT_Assert(!out->locked);
+ out->unlocked = PR_TRUE;
- PORT_Assert(in->store == out->store);
- PORT_Assert(in->lock == out->lock);
- PORT_Assert(in->locked);
- PORT_Assert(!in->unlocked);
+ PORT_Assert(in->store == out->store);
+ PORT_Assert(in->lock == out->lock);
+ PORT_Assert(in->locked);
+ PORT_Assert(!in->unlocked);
- PZ_Unlock(out->lock);
+ PZ_Unlock(out->lock);
#else
- PZ_Unlock(store->lock);
+ PZ_Unlock(store->lock);
#endif
}
-static NSSCertificate **
-get_array_from_list (
- nssList *certList,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt,
- NSSArena *arenaOpt
-)
-{
- PRUint32 count;
- NSSCertificate **rvArray = NULL;
- count = nssList_Count(certList);
- if (count == 0) {
- return NULL;
+static NSSCertificate **get_array_from_list(nssList *certList,
+ NSSCertificate *rvOpt[],
+ PRUint32 maximumOpt,
+ NSSArena *arenaOpt) {
+ PRUint32 count;
+ NSSCertificate **rvArray = NULL;
+ count = nssList_Count(certList);
+ if (count == 0) {
+ return NULL;
+ }
+ if (maximumOpt > 0) {
+ count = PR_MIN(maximumOpt, count);
+ }
+ if (rvOpt) {
+ nssList_GetArray(certList, (void **)rvOpt, count);
+ } else {
+ rvArray = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, count + 1);
+ if (rvArray) {
+ nssList_GetArray(certList, (void **)rvArray, count);
}
- if (maximumOpt > 0) {
- count = PR_MIN(maximumOpt, count);
- }
- if (rvOpt) {
- nssList_GetArray(certList, (void **)rvOpt, count);
- } else {
- rvArray = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, count + 1);
- if (rvArray) {
- nssList_GetArray(certList, (void **)rvArray, count);
- }
- }
- return rvArray;
+ }
+ return rvArray;
}
-NSS_IMPLEMENT NSSCertificate **
-nssCertificateStore_FindCertificatesBySubject (
- nssCertificateStore *store,
- NSSDER *subject,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt,
- NSSArena *arenaOpt
-)
-{
- NSSCertificate **rvArray = NULL;
- nssList *subjectList;
- PZ_Lock(store->lock);
- subjectList = (nssList *)nssHash_Lookup(store->subject, subject);
- if (subjectList) {
- nssCertificateList_AddReferences(subjectList);
- rvArray = get_array_from_list(subjectList,
- rvOpt, maximumOpt, arenaOpt);
- }
- PZ_Unlock(store->lock);
- return rvArray;
+NSS_IMPLEMENT NSSCertificate **nssCertificateStore_FindCertificatesBySubject(
+ nssCertificateStore *store, NSSDER *subject, NSSCertificate *rvOpt[],
+ PRUint32 maximumOpt, NSSArena *arenaOpt) {
+ NSSCertificate **rvArray = NULL;
+ nssList *subjectList;
+ PZ_Lock(store->lock);
+ subjectList = (nssList *)nssHash_Lookup(store->subject, subject);
+ if (subjectList) {
+ nssCertificateList_AddReferences(subjectList);
+ rvArray = get_array_from_list(subjectList, rvOpt, maximumOpt, arenaOpt);
+ }
+ PZ_Unlock(store->lock);
+ return rvArray;
}
/* Because only subject indexing is implemented, all other lookups require
* full traversal (unfortunately, PLHashTable doesn't allow you to exit
- * early from the enumeration). The assumptions are that 1) lookups by
+ * early from the enumeration). The assumptions are that 1) lookups by
* fields other than subject will be rare, and 2) the hash will not have
* a large number of entries. These assumptions will be tested.
*
* XXX
* For NSS 3.4, it is worth consideration to do all forms of indexing,
* because the only crypto context is global and persistent.
*/
-struct nickname_template_str
-{
- NSSUTF8 *nickname;
- nssList *subjectList;
+struct nickname_template_str {
+ NSSUTF8 *nickname;
+ nssList *subjectList;
};
-static void match_nickname(const void *k, void *v, void *a)
-{
- PRStatus nssrv;
- NSSCertificate *c;
- NSSUTF8 *nickname;
- nssList *subjectList = (nssList *)v;
- struct nickname_template_str *nt = (struct nickname_template_str *)a;
- nssrv = nssList_GetArray(subjectList, (void **)&c, 1);
- nickname = nssCertificate_GetNickname(c, NULL);
- if (nssrv == PR_SUCCESS && nickname &&
- nssUTF8_Equal(nickname, nt->nickname, &nssrv))
- {
- nt->subjectList = subjectList;
- }
- nss_ZFreeIf(nickname);
+static void match_nickname(const void *k, void *v, void *a) {
+ PRStatus nssrv;
+ NSSCertificate *c;
+ NSSUTF8 *nickname;
+ nssList *subjectList = (nssList *)v;
+ struct nickname_template_str *nt = (struct nickname_template_str *)a;
+ nssrv = nssList_GetArray(subjectList, (void **)&c, 1);
+ nickname = nssCertificate_GetNickname(c, NULL);
+ if (nssrv == PR_SUCCESS && nickname &&
+ nssUTF8_Equal(nickname, nt->nickname, &nssrv)) {
+ nt->subjectList = subjectList;
+ }
+ nss_ZFreeIf(nickname);
}
/*
* Find all cached certs with this label.
*/
-NSS_IMPLEMENT NSSCertificate **
-nssCertificateStore_FindCertificatesByNickname (
- nssCertificateStore *store,
- const NSSUTF8 *nickname,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt,
- NSSArena *arenaOpt
-)
-{
- NSSCertificate **rvArray = NULL;
- struct nickname_template_str nt;
- nt.nickname = (char*) nickname;
- nt.subjectList = NULL;
- PZ_Lock(store->lock);
- nssHash_Iterate(store->subject, match_nickname, &nt);
- if (nt.subjectList) {
- nssCertificateList_AddReferences(nt.subjectList);
- rvArray = get_array_from_list(nt.subjectList,
- rvOpt, maximumOpt, arenaOpt);
- }
- PZ_Unlock(store->lock);
- return rvArray;
+NSS_IMPLEMENT NSSCertificate **nssCertificateStore_FindCertificatesByNickname(
+ nssCertificateStore *store, const NSSUTF8 *nickname,
+ NSSCertificate *rvOpt[], PRUint32 maximumOpt, NSSArena *arenaOpt) {
+ NSSCertificate **rvArray = NULL;
+ struct nickname_template_str nt;
+ nt.nickname = (char *)nickname;
+ nt.subjectList = NULL;
+ PZ_Lock(store->lock);
+ nssHash_Iterate(store->subject, match_nickname, &nt);
+ if (nt.subjectList) {
+ nssCertificateList_AddReferences(nt.subjectList);
+ rvArray = get_array_from_list(nt.subjectList, rvOpt, maximumOpt, arenaOpt);
+ }
+ PZ_Unlock(store->lock);
+ return rvArray;
}
-struct email_template_str
-{
- NSSASCII7 *email;
- nssList *emailList;
+struct email_template_str {
+ NSSASCII7 *email;
+ nssList *emailList;
};
-static void match_email(const void *k, void *v, void *a)
-{
- PRStatus nssrv;
- NSSCertificate *c;
- nssList *subjectList = (nssList *)v;
- struct email_template_str *et = (struct email_template_str *)a;
- nssrv = nssList_GetArray(subjectList, (void **)&c, 1);
- if (nssrv == PR_SUCCESS &&
- nssUTF8_Equal(c->email, et->email, &nssrv))
- {
- nssListIterator *iter = nssList_CreateIterator(subjectList);
- if (iter) {
- for (c = (NSSCertificate *)nssListIterator_Start(iter);
- c != (NSSCertificate *)NULL;
- c = (NSSCertificate *)nssListIterator_Next(iter))
- {
- nssList_Add(et->emailList, c);
- }
- nssListIterator_Finish(iter);
- nssListIterator_Destroy(iter);
- }
+static void match_email(const void *k, void *v, void *a) {
+ PRStatus nssrv;
+ NSSCertificate *c;
+ nssList *subjectList = (nssList *)v;
+ struct email_template_str *et = (struct email_template_str *)a;
+ nssrv = nssList_GetArray(subjectList, (void **)&c, 1);
+ if (nssrv == PR_SUCCESS && nssUTF8_Equal(c->email, et->email, &nssrv)) {
+ nssListIterator *iter = nssList_CreateIterator(subjectList);
+ if (iter) {
+ for (c = (NSSCertificate *)nssListIterator_Start(iter);
+ c != (NSSCertificate *)NULL;
+ c = (NSSCertificate *)nssListIterator_Next(iter)) {
+ nssList_Add(et->emailList, c);
+ }
+ nssListIterator_Finish(iter);
+ nssListIterator_Destroy(iter);
}
+ }
}
/*
* Find all cached certs with this email address.
*/
-NSS_IMPLEMENT NSSCertificate **
-nssCertificateStore_FindCertificatesByEmail (
- nssCertificateStore *store,
- NSSASCII7 *email,
- NSSCertificate *rvOpt[],
- PRUint32 maximumOpt,
- NSSArena *arenaOpt
-)
-{
- NSSCertificate **rvArray = NULL;
- struct email_template_str et;
- et.email = email;
- et.emailList = nssList_Create(NULL, PR_FALSE);
- if (!et.emailList) {
- return NULL;
- }
- PZ_Lock(store->lock);
- nssHash_Iterate(store->subject, match_email, &et);
- if (et.emailList) {
- /* get references before leaving the store's lock protection */
- nssCertificateList_AddReferences(et.emailList);
- }
- PZ_Unlock(store->lock);
- if (et.emailList) {
- rvArray = get_array_from_list(et.emailList,
- rvOpt, maximumOpt, arenaOpt);
- nssList_Destroy(et.emailList);
- }
- return rvArray;
+NSS_IMPLEMENT NSSCertificate **nssCertificateStore_FindCertificatesByEmail(
+ nssCertificateStore *store, NSSASCII7 *email, NSSCertificate *rvOpt[],
+ PRUint32 maximumOpt, NSSArena *arenaOpt) {
+ NSSCertificate **rvArray = NULL;
+ struct email_template_str et;
+ et.email = email;
+ et.emailList = nssList_Create(NULL, PR_FALSE);
+ if (!et.emailList) {
+ return NULL;
+ }
+ PZ_Lock(store->lock);
+ nssHash_Iterate(store->subject, match_email, &et);
+ if (et.emailList) {
+ /* get references before leaving the store's lock protection */
+ nssCertificateList_AddReferences(et.emailList);
+ }
+ PZ_Unlock(store->lock);
+ if (et.emailList) {
+ rvArray = get_array_from_list(et.emailList, rvOpt, maximumOpt, arenaOpt);
+ nssList_Destroy(et.emailList);
+ }
+ return rvArray;
}
/* Caller holds store->lock */
-static NSSCertificate *
-nssCertStore_FindCertByIssuerAndSerialNumberLocked (
- nssCertificateStore *store,
- NSSDER *issuer,
- NSSDER *serial
-)
-{
- certificate_hash_entry *entry;
- NSSCertificate *rvCert = NULL;
- NSSCertificate index;
+static NSSCertificate *nssCertStore_FindCertByIssuerAndSerialNumberLocked(
+ nssCertificateStore *store, NSSDER *issuer, NSSDER *serial) {
+ certificate_hash_entry *entry;
+ NSSCertificate *rvCert = NULL;
+ NSSCertificate index;
- index.issuer = *issuer;
- index.serial = *serial;
- entry = (certificate_hash_entry *)
- nssHash_Lookup(store->issuer_and_serial, &index);
- if (entry) {
- rvCert = nssCertificate_AddRef(entry->cert);
- }
- return rvCert;
+ index.issuer = *issuer;
+ index.serial = *serial;
+ entry = (certificate_hash_entry *)nssHash_Lookup(store->issuer_and_serial,
+ &index);
+ if (entry) {
+ rvCert = nssCertificate_AddRef(entry->cert);
+ }
+ return rvCert;
}
NSS_IMPLEMENT NSSCertificate *
-nssCertificateStore_FindCertificateByIssuerAndSerialNumber (
- nssCertificateStore *store,
- NSSDER *issuer,
- NSSDER *serial
-)
-{
- NSSCertificate *rvCert = NULL;
+nssCertificateStore_FindCertificateByIssuerAndSerialNumber(
+ nssCertificateStore *store, NSSDER *issuer, NSSDER *serial) {
+ NSSCertificate *rvCert = NULL;
- PZ_Lock(store->lock);
- rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked (
- store, issuer, serial);
- PZ_Unlock(store->lock);
- return rvCert;
+ PZ_Lock(store->lock);
+ rvCert =
+ nssCertStore_FindCertByIssuerAndSerialNumberLocked(store, issuer, serial);
+ PZ_Unlock(store->lock);
+ return rvCert;
}
NSS_IMPLEMENT NSSCertificate *
-nssCertificateStore_FindCertificateByEncodedCertificate (
- nssCertificateStore *store,
- NSSDER *encoding
-)
-{
- PRStatus nssrv = PR_FAILURE;
- NSSDER issuer, serial;
- NSSCertificate *rvCert = NULL;
- nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial);
- if (nssrv != PR_SUCCESS) {
- return NULL;
- }
- rvCert = nssCertificateStore_FindCertificateByIssuerAndSerialNumber(store,
- &issuer,
- &serial);
- PORT_Free(issuer.data);
- PORT_Free(serial.data);
- return rvCert;
+nssCertificateStore_FindCertificateByEncodedCertificate(
+ nssCertificateStore *store, NSSDER *encoding) {
+ PRStatus nssrv = PR_FAILURE;
+ NSSDER issuer, serial;
+ NSSCertificate *rvCert = NULL;
+ nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial);
+ if (nssrv != PR_SUCCESS) {
+ return NULL;
+ }
+ rvCert = nssCertificateStore_FindCertificateByIssuerAndSerialNumber(
+ store, &issuer, &serial);
+ PORT_Free(issuer.data);
+ PORT_Free(serial.data);
+ return rvCert;
}
NSS_EXTERN PRStatus
-nssCertificateStore_AddTrust (
- nssCertificateStore *store,
- NSSTrust *trust
-)
-{
- NSSCertificate *cert;
- certificate_hash_entry *entry;
- cert = trust->certificate;
- PZ_Lock(store->lock);
- entry = (certificate_hash_entry *)
- nssHash_Lookup(store->issuer_and_serial, cert);
- if (entry) {
- NSSTrust* newTrust = nssTrust_AddRef(trust);
- if (entry->trust) {
- nssTrust_Destroy(entry->trust);
- }
- entry->trust = newTrust;
+nssCertificateStore_AddTrust(nssCertificateStore *store, NSSTrust *trust) {
+ NSSCertificate *cert;
+ certificate_hash_entry *entry;
+ cert = trust->certificate;
+ PZ_Lock(store->lock);
+ entry =
+ (certificate_hash_entry *)nssHash_Lookup(store->issuer_and_serial, cert);
+ if (entry) {
+ NSSTrust *newTrust = nssTrust_AddRef(trust);
+ if (entry->trust) {
+ nssTrust_Destroy(entry->trust);
}
- PZ_Unlock(store->lock);
- return (entry) ? PR_SUCCESS : PR_FAILURE;
+ entry->trust = newTrust;
+ }
+ PZ_Unlock(store->lock);
+ return (entry) ? PR_SUCCESS : PR_FAILURE;
}
-NSS_IMPLEMENT NSSTrust *
-nssCertificateStore_FindTrustForCertificate (
- nssCertificateStore *store,
- NSSCertificate *cert
-)
-{
- certificate_hash_entry *entry;
- NSSTrust *rvTrust = NULL;
- PZ_Lock(store->lock);
- entry = (certificate_hash_entry *)
- nssHash_Lookup(store->issuer_and_serial, cert);
- if (entry && entry->trust) {
- rvTrust = nssTrust_AddRef(entry->trust);
- }
- PZ_Unlock(store->lock);
- return rvTrust;
+NSS_IMPLEMENT NSSTrust *nssCertificateStore_FindTrustForCertificate(
+ nssCertificateStore *store, NSSCertificate *cert) {
+ certificate_hash_entry *entry;
+ NSSTrust *rvTrust = NULL;
+ PZ_Lock(store->lock);
+ entry =
+ (certificate_hash_entry *)nssHash_Lookup(store->issuer_and_serial, cert);
+ if (entry && entry->trust) {
+ rvTrust = nssTrust_AddRef(entry->trust);
+ }
+ PZ_Unlock(store->lock);
+ return rvTrust;
}
NSS_EXTERN PRStatus
-nssCertificateStore_AddSMIMEProfile (
- nssCertificateStore *store,
- nssSMIMEProfile *profile
-)
-{
- NSSCertificate *cert;
- certificate_hash_entry *entry;
- cert = profile->certificate;
- PZ_Lock(store->lock);
- entry = (certificate_hash_entry *)
- nssHash_Lookup(store->issuer_and_serial, cert);
- if (entry) {
- nssSMIMEProfile* newProfile = nssSMIMEProfile_AddRef(profile);
- if (entry->profile) {
- nssSMIMEProfile_Destroy(entry->profile);
- }
- entry->profile = newProfile;
+nssCertificateStore_AddSMIMEProfile(nssCertificateStore *store,
+ nssSMIMEProfile *profile) {
+ NSSCertificate *cert;
+ certificate_hash_entry *entry;
+ cert = profile->certificate;
+ PZ_Lock(store->lock);
+ entry =
+ (certificate_hash_entry *)nssHash_Lookup(store->issuer_and_serial, cert);
+ if (entry) {
+ nssSMIMEProfile *newProfile = nssSMIMEProfile_AddRef(profile);
+ if (entry->profile) {
+ nssSMIMEProfile_Destroy(entry->profile);
}
- PZ_Unlock(store->lock);
- return (entry) ? PR_SUCCESS : PR_FAILURE;
+ entry->profile = newProfile;
+ }
+ PZ_Unlock(store->lock);
+ return (entry) ? PR_SUCCESS : PR_FAILURE;
}
NSS_IMPLEMENT nssSMIMEProfile *
-nssCertificateStore_FindSMIMEProfileForCertificate (
- nssCertificateStore *store,
- NSSCertificate *cert
-)
-{
- certificate_hash_entry *entry;
- nssSMIMEProfile *rvProfile = NULL;
- PZ_Lock(store->lock);
- entry = (certificate_hash_entry *)
- nssHash_Lookup(store->issuer_and_serial, cert);
- if (entry && entry->profile) {
- rvProfile = nssSMIMEProfile_AddRef(entry->profile);
- }
- PZ_Unlock(store->lock);
- return rvProfile;
+nssCertificateStore_FindSMIMEProfileForCertificate(nssCertificateStore *store,
+ NSSCertificate *cert) {
+ certificate_hash_entry *entry;
+ nssSMIMEProfile *rvProfile = NULL;
+ PZ_Lock(store->lock);
+ entry =
+ (certificate_hash_entry *)nssHash_Lookup(store->issuer_and_serial, cert);
+ if (entry && entry->profile) {
+ rvProfile = nssSMIMEProfile_AddRef(entry->profile);
+ }
+ PZ_Unlock(store->lock);
+ return rvProfile;
}
/* XXX this is also used by cache and should be somewhere else */
-static PLHashNumber
-nss_certificate_hash (
- const void *key
-)
-{
- unsigned int i;
- PLHashNumber h;
- NSSCertificate *c = (NSSCertificate *)key;
- h = 0;
- for (i=0; i<c->issuer.size; i++)
- h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->issuer.data)[i];
- for (i=0; i<c->serial.size; i++)
- h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->serial.data)[i];
- return h;
+static PLHashNumber nss_certificate_hash(const void *key) {
+ unsigned int i;
+ PLHashNumber h;
+ NSSCertificate *c = (NSSCertificate *)key;
+ h = 0;
+ for (i = 0; i < c->issuer.size; i++)
+ h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->issuer.data)[i];
+ for (i = 0; i < c->serial.size; i++)
+ h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->serial.data)[i];
+ return h;
}
-static int
-nss_compare_certs(const void *v1, const void *v2)
-{
- PRStatus ignore;
- NSSCertificate *c1 = (NSSCertificate *)v1;
- NSSCertificate *c2 = (NSSCertificate *)v2;
- return (int)(nssItem_Equal(&c1->issuer, &c2->issuer, &ignore) &&
- nssItem_Equal(&c1->serial, &c2->serial, &ignore));
+static int nss_compare_certs(const void *v1, const void *v2) {
+ PRStatus ignore;
+ NSSCertificate *c1 = (NSSCertificate *)v1;
+ NSSCertificate *c2 = (NSSCertificate *)v2;
+ return (int)(nssItem_Equal(&c1->issuer, &c2->issuer, &ignore) &&
+ nssItem_Equal(&c1->serial, &c2->serial, &ignore));
}
-NSS_IMPLEMENT nssHash *
-nssHash_CreateCertificate (
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-)
-{
- return nssHash_Create(arenaOpt,
- numBuckets,
- nss_certificate_hash,
- nss_compare_certs,
- PL_CompareValues);
+NSS_IMPLEMENT nssHash *nssHash_CreateCertificate(NSSArena *arenaOpt,
+ PRUint32 numBuckets) {
+ return nssHash_Create(arenaOpt, numBuckets, nss_certificate_hash,
+ nss_compare_certs, PL_CompareValues);
}
-NSS_IMPLEMENT void
-nssCertificateStore_DumpStoreInfo (
- nssCertificateStore *store,
- void (* cert_dump_iter)(const void *, void *, void *),
- void *arg
-)
-{
- PZ_Lock(store->lock);
- nssHash_Iterate(store->issuer_and_serial, cert_dump_iter, arg);
- PZ_Unlock(store->lock);
+NSS_IMPLEMENT void nssCertificateStore_DumpStoreInfo(
+ nssCertificateStore *store,
+ void (*cert_dump_iter)(const void *, void *, void *), void *arg) {
+ PZ_Lock(store->lock);
+ nssHash_Iterate(store->issuer_and_serial, cert_dump_iter, arg);
+ PZ_Unlock(store->lock);
}
-
« no previous file with comments | « lib/pki/pkistore.h ('k') | lib/pki/pkit.h » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b