OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 #include "nspr.h" | 4 #include "nspr.h" |
5 #include "secerr.h" | 5 #include "secerr.h" |
6 #include "secasn1.h" | 6 #include "secasn1.h" |
7 #include "seccomon.h" | 7 #include "seccomon.h" |
8 #include "pk11func.h" | 8 #include "pk11func.h" |
9 #include "certdb.h" | 9 #include "certdb.h" |
10 #include "certt.h" | 10 #include "certt.h" |
11 #include "cert.h" | 11 #include "cert.h" |
12 #include "certxutl.h" | 12 #include "certxutl.h" |
13 | 13 |
14 #include "nsspki.h" | 14 #include "nsspki.h" |
15 #include "pki.h" | 15 #include "pki.h" |
16 #include "pkit.h" | 16 #include "pkit.h" |
17 #include "pkitm.h" | 17 #include "pkitm.h" |
18 #include "pki3hack.h" | 18 #include "pki3hack.h" |
19 | 19 |
20 | |
21 PRBool | 20 PRBool |
22 CERT_MatchNickname(char *name1, char *name2) { | 21 CERT_MatchNickname(char *name1, char *name2) |
23 char *nickname1= NULL; | 22 { |
| 23 char *nickname1 = NULL; |
24 char *nickname2 = NULL; | 24 char *nickname2 = NULL; |
25 char *token1; | 25 char *token1; |
26 char *token2; | 26 char *token2; |
27 char *token = NULL; | 27 char *token = NULL; |
28 int len; | 28 int len; |
29 | 29 |
30 /* first deal with the straight comparison */ | 30 /* first deal with the straight comparison */ |
31 if (PORT_Strcmp(name1, name2) == 0) { | 31 if (PORT_Strcmp(name1, name2) == 0) { |
32 » return PR_TRUE; | 32 return PR_TRUE; |
33 } | 33 } |
34 /* we need to handle the case where one name has an explicit token and the o
ther | 34 /* we need to handle the case where one name has an explicit token and the o
ther |
35 * doesn't */ | 35 * doesn't */ |
36 token1 = PORT_Strchr(name1,':'); | 36 token1 = PORT_Strchr(name1, ':'); |
37 token2 = PORT_Strchr(name2,':'); | 37 token2 = PORT_Strchr(name2, ':'); |
38 if ((token1 && token2) || (!token1 && !token2)) { | 38 if ((token1 && token2) || (!token1 && !token2)) { |
39 » /* either both token names are specified or neither are, not match */ | 39 /* either both token names are specified or neither are, not match */ |
40 » return PR_FALSE; | 40 return PR_FALSE; |
41 } | 41 } |
42 if (token1) { | 42 if (token1) { |
43 » token=name1; | 43 token = name1; |
44 » nickname1=token1; | 44 nickname1 = token1; |
45 » nickname2=name2; | 45 nickname2 = name2; |
46 } else { | 46 } else { |
47 » token=name2; | 47 token = name2; |
48 » nickname1=token2; | 48 nickname1 = token2; |
49 » nickname2=name1; | 49 nickname2 = name1; |
50 } | 50 } |
51 len = nickname1-token; | 51 len = nickname1 - token; |
52 nickname1++; | 52 nickname1++; |
53 if (PORT_Strcmp(nickname1,nickname2) != 0) { | 53 if (PORT_Strcmp(nickname1, nickname2) != 0) { |
54 » return PR_FALSE; | 54 return PR_FALSE; |
55 } | 55 } |
56 /* compare the other token with the internal slot here */ | 56 /* compare the other token with the internal slot here */ |
57 return PR_TRUE; | 57 return PR_TRUE; |
58 } | 58 } |
59 | 59 |
60 /* | 60 /* |
61 * Find all user certificates that match the given criteria. | 61 * Find all user certificates that match the given criteria. |
62 *· | 62 *· |
63 * "handle" - database to search | 63 * "handle" - database to search |
64 * "usage" - certificate usage to match | 64 * "usage" - certificate usage to match |
65 * "oneCertPerName" - if set then only return the "best" cert per | 65 * "oneCertPerName" - if set then only return the "best" cert per |
66 * name | 66 * name |
67 * "validOnly" - only return certs that are curently valid | 67 * "validOnly" - only return certs that are curently valid |
68 * "proto_win" - window handle passed to pkcs11 | 68 * "proto_win" - window handle passed to pkcs11 |
69 */ | 69 */ |
70 CERTCertList * | 70 CERTCertList * |
71 CERT_FindUserCertsByUsage(CERTCertDBHandle *handle, | 71 CERT_FindUserCertsByUsage(CERTCertDBHandle *handle, |
72 » » » SECCertUsage usage, | 72 SECCertUsage usage, |
73 » » » PRBool oneCertPerName, | 73 PRBool oneCertPerName, |
74 » » » PRBool validOnly, | 74 PRBool validOnly, |
75 » » » void *proto_win) | 75 void *proto_win) |
76 { | 76 { |
77 CERTCertNicknames *nicknames = NULL; | 77 CERTCertNicknames *nicknames = NULL; |
78 char **nnptr; | 78 char **nnptr; |
79 int nn; | 79 int nn; |
80 CERTCertificate *cert = NULL; | 80 CERTCertificate *cert = NULL; |
81 CERTCertList *certList = NULL; | 81 CERTCertList *certList = NULL; |
82 SECStatus rv; | 82 SECStatus rv; |
83 PRTime time; | 83 PRTime time; |
84 CERTCertListNode *node = NULL; | 84 CERTCertListNode *node = NULL; |
85 CERTCertListNode *freenode = NULL; | 85 CERTCertListNode *freenode = NULL; |
86 int n; | 86 int n; |
87 | 87 |
88 time = PR_Now(); | 88 time = PR_Now(); |
89 | 89 |
90 nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER, | 90 nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER, |
91 » » » » proto_win); | 91 proto_win); |
92 | 92 |
93 if ( ( nicknames == NULL ) || ( nicknames->numnicknames == 0 ) ) { | 93 if ((nicknames == NULL) || (nicknames->numnicknames == 0)) { |
94 » goto loser; | 94 goto loser; |
95 } | 95 } |
96 | 96 |
97 nnptr = nicknames->nicknames; | 97 nnptr = nicknames->nicknames; |
98 nn = nicknames->numnicknames; | 98 nn = nicknames->numnicknames; |
99 | 99 |
100 while ( nn > 0 ) { | 100 while (nn > 0) { |
101 » cert = NULL; | 101 cert = NULL; |
102 » /* use the pk11 call so that we pick up any certs on tokens, | 102 /* use the pk11 call so that we pick up any certs on tokens, |
103 * which may require login | 103 * which may require login |
104 */ | 104 */ |
105 » if ( proto_win != NULL ) { | 105 if (proto_win != NULL) { |
106 » cert = PK11_FindCertFromNickname(*nnptr,proto_win); | 106 cert = PK11_FindCertFromNickname(*nnptr, proto_win); |
107 » } | 107 } |
108 | 108 |
109 » /* Sigh, It turns out if the cert is already in the temp db, because | 109 /* Sigh, It turns out if the cert is already in the temp db, because |
110 * it's in the perm db, then the nickname lookup doesn't work. | 110 * it's in the perm db, then the nickname lookup doesn't work. |
111 * since we already have the cert here, though, than we can just call | 111 * since we already have the cert here, though, than we can just call |
112 * CERT_CreateSubjectCertList directly. For those cases where we didn't | 112 * CERT_CreateSubjectCertList directly. For those cases where we didn't |
113 * find the cert in pkcs #11 (because we didn't have a password arg, | 113 * find the cert in pkcs #11 (because we didn't have a password arg, |
114 * or because the nickname is for a peer, server, or CA cert, then we | 114 * or because the nickname is for a peer, server, or CA cert, then we |
115 * go look the cert up. | 115 * go look the cert up. |
116 */ | 116 */ |
117 » if (cert == NULL) {· | 117 if (cert == NULL) { |
118 » cert = CERT_FindCertByNickname(handle,*nnptr); | 118 cert = CERT_FindCertByNickname(handle, *nnptr); |
119 » } | 119 } |
120 | 120 |
121 » if ( cert != NULL ) { | 121 if (cert != NULL) { |
122 » /* collect certs for this nickname, sorting them into the list */ | 122 /* collect certs for this nickname, sorting them into the list */ |
123 » certList = CERT_CreateSubjectCertList(certList, handle,· | 123 certList = CERT_CreateSubjectCertList(certList, handle, |
124 » » » » &cert->derSubject, time, validOnly); | 124 &cert->derSubject, time, valid
Only); |
125 | 125 |
126 » CERT_FilterCertListForUserCerts(certList); | 126 CERT_FilterCertListForUserCerts(certList); |
127 »······· | 127 |
128 » /* drop the extra reference */ | 128 /* drop the extra reference */ |
129 » CERT_DestroyCertificate(cert); | 129 CERT_DestroyCertificate(cert); |
130 » } | 130 } |
131 »······· | 131 |
132 » nnptr++; | 132 nnptr++; |
133 » nn--; | 133 nn--; |
134 } | 134 } |
135 | 135 |
136 /* remove certs with incorrect usage */ | 136 /* remove certs with incorrect usage */ |
137 rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE); | 137 rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE); |
138 | 138 |
139 if ( rv != SECSuccess ) { | 139 if (rv != SECSuccess) { |
140 » goto loser; | 140 goto loser; |
141 } | 141 } |
142 | 142 |
143 /* remove any extra certs for each name */ | 143 /* remove any extra certs for each name */ |
144 if ( oneCertPerName ) { | 144 if (oneCertPerName) { |
145 » PRBool *flags; | 145 PRBool *flags; |
146 | 146 |
147 » nn = nicknames->numnicknames; | 147 nn = nicknames->numnicknames; |
148 » nnptr = nicknames->nicknames; | 148 nnptr = nicknames->nicknames; |
149 »······· | 149 |
150 » flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn); | 150 flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn); |
151 » if ( flags == NULL ) { | 151 if (flags == NULL) { |
152 » goto loser; | 152 goto loser; |
153 » } | 153 } |
154 »······· | 154 |
155 » node = CERT_LIST_HEAD(certList); | 155 node = CERT_LIST_HEAD(certList); |
156 »······· | 156 |
157 » /* treverse all certs in the list */ | 157 /* treverse all certs in the list */ |
158 » while ( !CERT_LIST_END(node, certList) ) { | 158 while (!CERT_LIST_END(node, certList)) { |
159 | 159 |
160 » /* find matching nickname index */ | 160 /* find matching nickname index */ |
161 » for ( n = 0; n < nn; n++ ) { | 161 for (n = 0; n < nn; n++) { |
162 » » if ( CERT_MatchNickname(nnptr[n], node->cert->nickname) ) { | 162 if (CERT_MatchNickname(nnptr[n], node->cert->nickname)) { |
163 » » /* We found a match. If this is the first one, then | 163 /* We found a match. If this is the first one, then |
164 * set the flag and move on to the next cert. If this | 164 * set the flag and move on to the next cert. If this |
165 * is not the first one then delete it from the list. | 165 * is not the first one then delete it from the list. |
166 */ | 166 */ |
167 » » if ( flags[n] ) { | 167 if (flags[n]) { |
168 » » » /* We have already seen a cert with this nickname, | 168 /* We have already seen a cert with this nickname, |
169 * so delete this one. | 169 * so delete this one. |
170 */ | 170 */ |
171 » » » freenode = node; | 171 freenode = node; |
172 » » » node = CERT_LIST_NEXT(node); | 172 node = CERT_LIST_NEXT(node); |
173 » » » CERT_RemoveCertListNode(freenode); | 173 CERT_RemoveCertListNode(freenode); |
174 » » } else { | 174 } else { |
175 » » » /* keep the first cert for each nickname, but set the | 175 /* keep the first cert for each nickname, but set the |
176 * flag so we know to delete any others with the same | 176 * flag so we know to delete any others with the same |
177 * nickname. | 177 * nickname. |
178 */ | 178 */ |
179 » » » flags[n] = PR_TRUE; | 179 flags[n] = PR_TRUE; |
180 » » » node = CERT_LIST_NEXT(node); | 180 node = CERT_LIST_NEXT(node); |
181 » » } | 181 } |
182 » » break; | 182 break; |
183 » » } | 183 } |
184 » } | 184 } |
185 » if ( n == nn ) { | 185 if (n == nn) { |
186 » » /* if we get here it means that we didn't find a matching | 186 /* if we get here it means that we didn't find a matching |
187 * nickname, which should not happen. | 187 * nickname, which should not happen. |
188 */ | 188 */ |
189 » » PORT_Assert(0); | 189 PORT_Assert(0); |
190 » » node = CERT_LIST_NEXT(node); | 190 node = CERT_LIST_NEXT(node); |
191 » } | 191 } |
192 » } | 192 } |
193 » PORT_Free(flags); | 193 PORT_Free(flags); |
194 } | 194 } |
195 | 195 |
196 goto done; | 196 goto done; |
197 | 197 |
198 loser: | 198 loser: |
199 if ( certList != NULL ) { | 199 if (certList != NULL) { |
200 » CERT_DestroyCertList(certList); | 200 CERT_DestroyCertList(certList); |
201 » certList = NULL; | 201 certList = NULL; |
202 } | 202 } |
203 | 203 |
204 done: | 204 done: |
205 if ( nicknames != NULL ) { | 205 if (nicknames != NULL) { |
206 » CERT_FreeNicknames(nicknames); | 206 CERT_FreeNicknames(nicknames); |
207 } | 207 } |
208 | 208 |
209 return(certList); | 209 return (certList); |
210 } | 210 } |
211 | 211 |
212 /* | 212 /* |
213 * Find a user certificate that matchs the given criteria. | 213 * Find a user certificate that matchs the given criteria. |
214 *· | 214 *· |
215 * "handle" - database to search | 215 * "handle" - database to search |
216 * "nickname" - nickname to match | 216 * "nickname" - nickname to match |
217 * "usage" - certificate usage to match | 217 * "usage" - certificate usage to match |
218 * "validOnly" - only return certs that are curently valid | 218 * "validOnly" - only return certs that are curently valid |
219 * "proto_win" - window handle passed to pkcs11 | 219 * "proto_win" - window handle passed to pkcs11 |
220 */ | 220 */ |
221 CERTCertificate * | 221 CERTCertificate * |
222 CERT_FindUserCertByUsage(CERTCertDBHandle *handle, | 222 CERT_FindUserCertByUsage(CERTCertDBHandle *handle, |
223 » » » const char *nickname, | 223 const char *nickname, |
224 » » » SECCertUsage usage, | 224 SECCertUsage usage, |
225 » » » PRBool validOnly, | 225 PRBool validOnly, |
226 » » » void *proto_win) | 226 void *proto_win) |
227 { | 227 { |
228 CERTCertificate *cert = NULL; | 228 CERTCertificate *cert = NULL; |
229 CERTCertList *certList = NULL; | 229 CERTCertList *certList = NULL; |
230 SECStatus rv; | 230 SECStatus rv; |
231 PRTime time; | 231 PRTime time; |
232 | 232 |
233 time = PR_Now(); | 233 time = PR_Now(); |
234 | 234 |
235 /* use the pk11 call so that we pick up any certs on tokens, | 235 /* use the pk11 call so that we pick up any certs on tokens, |
236 * which may require login | 236 * which may require login |
237 */ | 237 */ |
238 /* XXX - why is this restricted? */ | 238 /* XXX - why is this restricted? */ |
239 if ( proto_win != NULL ) { | 239 if (proto_win != NULL) { |
240 » cert = PK11_FindCertFromNickname(nickname,proto_win); | 240 cert = PK11_FindCertFromNickname(nickname, proto_win); |
241 } | 241 } |
242 | |
243 | 242 |
244 /* sigh, There are still problems find smart cards from the temp | 243 /* sigh, There are still problems find smart cards from the temp |
245 * db. This will get smart cards working again. The real fix | 244 * db. This will get smart cards working again. The real fix |
246 * is to make sure we can search the temp db by their token nickname. | 245 * is to make sure we can search the temp db by their token nickname. |
247 */ | 246 */ |
248 if (cert == NULL) { | 247 if (cert == NULL) { |
249 » cert = CERT_FindCertByNickname(handle,nickname); | 248 cert = CERT_FindCertByNickname(handle, nickname); |
250 } | 249 } |
251 | 250 |
252 if ( cert != NULL ) { | 251 if (cert != NULL) { |
253 » unsigned int requiredKeyUsage; | 252 unsigned int requiredKeyUsage; |
254 » unsigned int requiredCertType; | 253 unsigned int requiredCertType; |
255 | 254 |
256 » rv = CERT_KeyUsageAndTypeForCertUsage(usage, PR_FALSE, | 255 rv = CERT_KeyUsageAndTypeForCertUsage(usage, PR_FALSE, |
257 » » » » » &requiredKeyUsage, &requiredCertType); | 256 &requiredKeyUsage, &requiredCertTy
pe); |
258 » if ( rv != SECSuccess ) { | 257 if (rv != SECSuccess) { |
259 » /* drop the extra reference */ | 258 /* drop the extra reference */ |
260 » CERT_DestroyCertificate(cert); | 259 CERT_DestroyCertificate(cert); |
261 » cert = NULL; | 260 cert = NULL; |
262 » goto loser; | 261 goto loser; |
263 » } | 262 } |
264 » /* If we already found the right cert, just return it */ | 263 /* If we already found the right cert, just return it */ |
265 » if ( (!validOnly || CERT_CheckCertValidTimes(cert, time, PR_FALSE) | 264 if ((!validOnly || CERT_CheckCertValidTimes(cert, time, PR_FALSE) == |
266 » == secCertTimeValid) && | 265 secCertTimeValid) && |
267 » (CERT_CheckKeyUsage(cert, requiredKeyUsage) == SECSuccess) && | 266 (CERT_CheckKeyUsage(cert, requiredKeyUsage) == SECSuccess) && |
268 » (cert->nsCertType & requiredCertType) && | 267 (cert->nsCertType & requiredCertType) && |
269 » CERT_IsUserCert(cert) ) { | 268 CERT_IsUserCert(cert)) { |
270 » return(cert); | 269 return (cert); |
271 » } | 270 } |
272 | 271 |
273 » /* collect certs for this nickname, sorting them into the list */ | 272 /* collect certs for this nickname, sorting them into the list */ |
274 » certList = CERT_CreateSubjectCertList(certList, handle,· | 273 certList = CERT_CreateSubjectCertList(certList, handle, |
275 » » » » » &cert->derSubject, time, validOnly); | 274 &cert->derSubject, time, validOnly
); |
276 | 275 |
277 » CERT_FilterCertListForUserCerts(certList); | 276 CERT_FilterCertListForUserCerts(certList); |
278 | 277 |
279 » /* drop the extra reference */ | 278 /* drop the extra reference */ |
280 » CERT_DestroyCertificate(cert); | 279 CERT_DestroyCertificate(cert); |
281 » cert = NULL; | 280 cert = NULL; |
282 } | 281 } |
283 » | 282 |
284 if ( certList == NULL ) { | 283 if (certList == NULL) { |
285 » goto loser; | 284 goto loser; |
286 } | 285 } |
287 ···· | 286 |
288 /* remove certs with incorrect usage */ | 287 /* remove certs with incorrect usage */ |
289 rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE); | 288 rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE); |
290 | 289 |
291 if ( rv != SECSuccess ) { | 290 if (rv != SECSuccess) { |
292 » goto loser; | 291 goto loser; |
293 } | 292 } |
294 | 293 |
295 if ( ! CERT_LIST_END(CERT_LIST_HEAD(certList), certList) ) { | 294 if (!CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) { |
296 » cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert); | 295 cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert); |
297 } | 296 } |
298 | 297 |
299 loser: | 298 loser: |
300 if ( certList != NULL ) { | 299 if (certList != NULL) { |
301 » CERT_DestroyCertList(certList); | 300 CERT_DestroyCertList(certList); |
302 } | 301 } |
303 | 302 |
304 return(cert); | 303 return (cert); |
305 } | 304 } |
306 | 305 |
307 CERTCertList * | 306 CERTCertList * |
308 CERT_MatchUserCert(CERTCertDBHandle *handle, | 307 CERT_MatchUserCert(CERTCertDBHandle *handle, |
309 » » SECCertUsage usage, | 308 SECCertUsage usage, |
310 » » int nCANames, char **caNames, | 309 int nCANames, char **caNames, |
311 » » void *proto_win) | 310 void *proto_win) |
312 { | 311 { |
313 CERTCertList *certList = NULL; | 312 CERTCertList *certList = NULL; |
314 SECStatus rv; | 313 SECStatus rv; |
315 | 314 |
316 certList = CERT_FindUserCertsByUsage(handle, usage, PR_TRUE, PR_TRUE, | 315 certList = CERT_FindUserCertsByUsage(handle, usage, PR_TRUE, PR_TRUE, |
317 » » » » » proto_win); | 316 proto_win); |
318 if ( certList == NULL ) { | 317 if (certList == NULL) { |
319 » goto loser; | 318 goto loser; |
320 } | 319 } |
321 ···· | 320 |
322 rv = CERT_FilterCertListByCANames(certList, nCANames, caNames, usage); | 321 rv = CERT_FilterCertListByCANames(certList, nCANames, caNames, usage); |
323 if ( rv != SECSuccess ) { | 322 if (rv != SECSuccess) { |
324 » goto loser; | 323 goto loser; |
325 } | 324 } |
326 | 325 |
327 goto done; | 326 goto done; |
328 | 327 |
329 loser: | 328 loser: |
330 if ( certList != NULL ) { | 329 if (certList != NULL) { |
331 » CERT_DestroyCertList(certList); | 330 CERT_DestroyCertList(certList); |
332 » certList = NULL; | 331 certList = NULL; |
333 } | 332 } |
334 | 333 |
335 done: | 334 done: |
336 | 335 |
337 return(certList); | 336 return (certList); |
338 } | 337 } |
339 | |
340 | 338 |
341 typedef struct stringNode { | 339 typedef struct stringNode { |
342 struct stringNode *next; | 340 struct stringNode *next; |
343 char *string; | 341 char *string; |
344 } stringNode; | 342 } stringNode; |
345 | 343 |
346 static PRStatus | 344 static PRStatus |
347 CollectNicknames( NSSCertificate *c, void *data) | 345 CollectNicknames(NSSCertificate *c, void *data) |
348 { | 346 { |
349 CERTCertNicknames *names; | 347 CERTCertNicknames *names; |
350 PRBool saveit = PR_FALSE; | 348 PRBool saveit = PR_FALSE; |
351 stringNode *node; | 349 stringNode *node; |
352 int len; | 350 int len; |
353 #ifdef notdef | 351 #ifdef notdef |
354 NSSTrustDomain *td; | 352 NSSTrustDomain *td; |
355 NSSTrust *trust; | 353 NSSTrust *trust; |
356 #endif | 354 #endif |
357 char *stanNickname; | 355 char *stanNickname; |
358 char *nickname = NULL; | 356 char *nickname = NULL; |
359 | 357 |
360 names = (CERTCertNicknames *)data; | 358 names = (CERTCertNicknames *)data; |
361 | 359 |
362 stanNickname = nssCertificate_GetNickname(c,NULL); | 360 stanNickname = nssCertificate_GetNickname(c, NULL); |
363 | 361 |
364 if ( stanNickname ) { | 362 if (stanNickname) { |
365 nss_ZFreeIf(stanNickname); | 363 nss_ZFreeIf(stanNickname); |
366 stanNickname = NULL; | 364 stanNickname = NULL; |
367 » if (names->what == SEC_CERT_NICKNAMES_USER) { | 365 if (names->what == SEC_CERT_NICKNAMES_USER) { |
368 » saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL); | 366 saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL); |
369 » } | 367 } |
370 #ifdef notdef | 368 #ifdef notdef |
371 » else { | 369 else { |
372 » td = NSSCertificate_GetTrustDomain(c); | 370 td = NSSCertificate_GetTrustDomain(c); |
373 » if (!td) { | 371 if (!td) { |
374 » » return PR_SUCCESS; | 372 return PR_SUCCESS; |
375 » } | 373 } |
376 » trust = nssTrustDomain_FindTrustForCertificate(td,c); | 374 trust = nssTrustDomain_FindTrustForCertificate(td, c); |
377 »······· | 375 |
378 » switch(names->what) { | 376 switch (names->what) { |
379 » case SEC_CERT_NICKNAMES_ALL: | 377 case SEC_CERT_NICKNAMES_ALL: |
380 » » if ((trust->sslFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) || | 378 if ((trust->sslFlags & (CERTDB_VALID_CA | CERTDB_VALID_PEER)
) || |
381 » » (trust->emailFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) || | 379 (trust->emailFlags & (CERTDB_VALID_CA | CERTDB_VALID_PEE
R)) || |
382 » » (trust->objectSigningFlags &· | 380 (trust->objectSigningFlags & |
383 » » » » » (CERTDB_VALID_CA|CERTDB_VALID_PEER))) { | 381 (CERTDB_VALID_CA | CERTDB_VALID_PEER))) { |
384 » » saveit = PR_TRUE; | 382 saveit = PR_TRUE; |
385 » » } | 383 } |
386 »··········· | 384 |
387 » » break; | 385 break; |
388 » case SEC_CERT_NICKNAMES_SERVER: | 386 case SEC_CERT_NICKNAMES_SERVER: |
389 » » if ( trust->sslFlags & CERTDB_VALID_PEER ) { | 387 if (trust->sslFlags & CERTDB_VALID_PEER) { |
390 » » saveit = PR_TRUE; | 388 saveit = PR_TRUE; |
391 » » } | 389 } |
392 »··········· | 390 |
393 » » break; | 391 break; |
394 » case SEC_CERT_NICKNAMES_CA: | 392 case SEC_CERT_NICKNAMES_CA: |
395 » » if (((trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA)|| | 393 if (((trust->sslFlags & CERTDB_VALID_CA) == CERTDB_VALID_CA)
|| |
396 » » ((trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA) || | 394 ((trust->emailFlags & CERTDB_VALID_CA) == CERTDB_VALID_C
A) || |
397 » » ((trust->objectSigningFlags & CERTDB_VALID_CA )· | 395 ((trust->objectSigningFlags & CERTDB_VALID_CA) == |
398 » » » » » » » == CERTDB_VALID_CA)) { | 396 CERTDB_VALID_CA)) { |
399 » » saveit = PR_TRUE; | 397 saveit = PR_TRUE; |
400 » » } | 398 } |
401 » » break; | 399 break; |
402 » } | 400 } |
403 » } | 401 } |
404 #endif | 402 #endif |
405 } | 403 } |
406 | 404 |
407 /* traverse the list of collected nicknames and make sure we don't make | 405 /* traverse the list of collected nicknames and make sure we don't make |
408 * a duplicate | 406 * a duplicate |
409 */ | 407 */ |
410 if ( saveit ) { | 408 if (saveit) { |
411 » nickname = STAN_GetCERTCertificateName(NULL, c); | 409 nickname = STAN_GetCERTCertificateName(NULL, c); |
412 » /* nickname can only be NULL here if we are having memory· | 410 /* nickname can only be NULL here if we are having memory· |
413 * alloc problems */ | 411 * alloc problems */ |
414 » if (nickname == NULL) { | 412 if (nickname == NULL) { |
415 » return PR_FAILURE; | 413 return PR_FAILURE; |
416 » } | 414 } |
417 » node = (stringNode *)names->head; | 415 node = (stringNode *)names->head; |
418 » while ( node != NULL ) { | 416 while (node != NULL) { |
419 » if ( PORT_Strcmp(nickname, node->string) == 0 ) {· | 417 if (PORT_Strcmp(nickname, node->string) == 0) { |
420 » » /* if the string matches, then don't save this one */ | 418 /* if the string matches, then don't save this one */ |
421 » » saveit = PR_FALSE; | 419 saveit = PR_FALSE; |
422 » » break; | 420 break; |
423 » } | 421 } |
424 » node = node->next; | 422 node = node->next; |
425 » } | 423 } |
426 } | 424 } |
427 | 425 |
428 if ( saveit ) { | 426 if (saveit) { |
429 »······· | 427 |
430 » /* allocate the node */ | 428 /* allocate the node */ |
431 » node = (stringNode*)PORT_ArenaAlloc(names->arena, sizeof(stringNode)); | 429 node = (stringNode *)PORT_ArenaAlloc(names->arena, sizeof(stringNode)); |
432 » if ( node == NULL ) { | 430 if (node == NULL) { |
433 » PORT_Free(nickname); | 431 PORT_Free(nickname); |
434 » return PR_FAILURE; | 432 return PR_FAILURE; |
435 » } | 433 } |
436 | 434 |
437 » /* copy the string */ | 435 /* copy the string */ |
438 » len = PORT_Strlen(nickname) + 1; | 436 len = PORT_Strlen(nickname) + 1; |
439 » node->string = (char*)PORT_ArenaAlloc(names->arena, len); | 437 node->string = (char *)PORT_ArenaAlloc(names->arena, len); |
440 » if ( node->string == NULL ) { | 438 if (node->string == NULL) { |
441 » PORT_Free(nickname); | 439 PORT_Free(nickname); |
442 » return PR_FAILURE; | 440 return PR_FAILURE; |
443 » } | 441 } |
444 » PORT_Memcpy(node->string, nickname, len); | 442 PORT_Memcpy(node->string, nickname, len); |
445 | 443 |
446 » /* link it into the list */ | 444 /* link it into the list */ |
447 » node->next = (stringNode *)names->head; | 445 node->next = (stringNode *)names->head; |
448 » names->head = (void *)node; | 446 names->head = (void *)node; |
449 | 447 |
450 » /* bump the count */ | 448 /* bump the count */ |
451 » names->numnicknames++; | 449 names->numnicknames++; |
452 } | 450 } |
453 | 451 |
454 if (nickname) PORT_Free(nickname); | 452 if (nickname) |
455 return(PR_SUCCESS); | 453 PORT_Free(nickname); |
| 454 return (PR_SUCCESS); |
456 } | 455 } |
457 | 456 |
458 CERTCertNicknames * | 457 CERTCertNicknames * |
459 CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx) | 458 CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx) |
460 { | 459 { |
461 PLArenaPool *arena; | 460 PLArenaPool *arena; |
462 CERTCertNicknames *names; | 461 CERTCertNicknames *names; |
463 int i; | 462 int i; |
464 stringNode *node; | 463 stringNode *node; |
465 | 464 |
466 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 465 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
467 if ( arena == NULL ) { | 466 if (arena == NULL) { |
468 » PORT_SetError(SEC_ERROR_NO_MEMORY); | 467 PORT_SetError(SEC_ERROR_NO_MEMORY); |
469 » return(NULL); | 468 return (NULL); |
470 } | 469 } |
471 | 470 |
472 names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames
)); | 471 names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames
)); |
473 if ( names == NULL ) { | 472 if (names == NULL) { |
474 » goto loser; | 473 goto loser; |
475 } | 474 } |
476 | 475 |
477 names->arena = arena; | 476 names->arena = arena; |
478 names->head = NULL; | 477 names->head = NULL; |
479 names->numnicknames = 0; | 478 names->numnicknames = 0; |
480 names->nicknames = NULL; | 479 names->nicknames = NULL; |
481 names->what = what; | 480 names->what = what; |
482 names->totallen = 0; | 481 names->totallen = 0; |
483 | 482 |
484 /* make sure we are logged in */ | 483 /* make sure we are logged in */ |
485 (void) pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx); | 484 (void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx); |
486 | 485 |
487 NSSTrustDomain_TraverseCertificates(handle, | 486 NSSTrustDomain_TraverseCertificates(handle, |
488 » » » » » CollectNicknames, (void *)names); | 487 CollectNicknames, (void *)names); |
489 if ( names->numnicknames ) { | 488 if (names->numnicknames) { |
490 » names->nicknames = (char**)PORT_ArenaAlloc(arena, | 489 names->nicknames = (char **)PORT_ArenaAlloc(arena, |
491 » » » » » names->numnicknames * sizeof(char *)); | 490 names->numnicknames * |
492 | 491 sizeof(char *)); |
493 » if ( names->nicknames == NULL ) { | 492 |
494 » goto loser; | 493 if (names->nicknames == NULL) { |
495 » } | 494 goto loser; |
496 ···· | 495 } |
497 » node = (stringNode *)names->head; | 496 |
498 »······· | 497 node = (stringNode *)names->head; |
499 » for ( i = 0; i < names->numnicknames; i++ ) { | 498 |
500 » PORT_Assert(node != NULL); | 499 for (i = 0; i < names->numnicknames; i++) { |
501 »··········· | 500 PORT_Assert(node != NULL); |
502 » names->nicknames[i] = node->string; | 501 |
503 » names->totallen += PORT_Strlen(node->string); | 502 names->nicknames[i] = node->string; |
504 » node = node->next; | 503 names->totallen += PORT_Strlen(node->string); |
505 » } | 504 node = node->next; |
506 | 505 } |
507 » PORT_Assert(node == NULL); | 506 |
508 } | 507 PORT_Assert(node == NULL); |
509 | 508 } |
510 return(names); | 509 |
511 ···· | 510 return (names); |
| 511 |
512 loser: | 512 loser: |
513 PORT_FreeArena(arena, PR_FALSE); | 513 PORT_FreeArena(arena, PR_FALSE); |
514 return(NULL); | 514 return (NULL); |
515 } | 515 } |
516 | 516 |
517 void | 517 void |
518 CERT_FreeNicknames(CERTCertNicknames *nicknames) | 518 CERT_FreeNicknames(CERTCertNicknames *nicknames) |
519 { | 519 { |
520 PORT_FreeArena(nicknames->arena, PR_FALSE); | 520 PORT_FreeArena(nicknames->arena, PR_FALSE); |
521 | 521 |
522 return; | 522 return; |
523 } | 523 } |
524 | 524 |
525 /* [ FROM pcertdb.c ] */ | 525 /* [ FROM pcertdb.c ] */ |
526 | 526 |
527 typedef struct dnameNode { | 527 typedef struct dnameNode { |
528 struct dnameNode *next; | 528 struct dnameNode *next; |
529 SECItem name; | 529 SECItem name; |
530 } dnameNode; | 530 } dnameNode; |
531 | 531 |
532 void | 532 void |
533 CERT_FreeDistNames(CERTDistNames *names) | 533 CERT_FreeDistNames(CERTDistNames *names) |
534 { | 534 { |
535 PORT_FreeArena(names->arena, PR_FALSE); | 535 PORT_FreeArena(names->arena, PR_FALSE); |
536 | 536 |
537 return; | 537 return; |
538 } | 538 } |
539 | 539 |
540 static SECStatus | 540 static SECStatus |
541 CollectDistNames( CERTCertificate *cert, SECItem *k, void *data) | 541 CollectDistNames(CERTCertificate *cert, SECItem *k, void *data) |
542 { | 542 { |
543 CERTDistNames *names; | 543 CERTDistNames *names; |
544 PRBool saveit = PR_FALSE; | 544 PRBool saveit = PR_FALSE; |
545 CERTCertTrust trust; | 545 CERTCertTrust trust; |
546 dnameNode *node; | 546 dnameNode *node; |
547 int len; | 547 int len; |
548 | 548 |
549 names = (CERTDistNames *)data; | 549 names = (CERTDistNames *)data; |
550 | 550 |
551 if ( CERT_GetCertTrust(cert, &trust) == SECSuccess ) { | 551 if (CERT_GetCertTrust(cert, &trust) == SECSuccess) { |
552 » /* only collect names of CAs trusted for issuing SSL clients */ | 552 /* only collect names of CAs trusted for issuing SSL clients */ |
553 » if ( trust.sslFlags & CERTDB_TRUSTED_CLIENT_CA ) { | 553 if (trust.sslFlags & CERTDB_TRUSTED_CLIENT_CA) { |
554 » saveit = PR_TRUE; | 554 saveit = PR_TRUE; |
555 » } | 555 } |
556 } | 556 } |
557 | 557 |
558 if ( saveit ) { | 558 if (saveit) { |
559 » /* allocate the node */ | 559 /* allocate the node */ |
560 » node = (dnameNode*)PORT_ArenaAlloc(names->arena, sizeof(dnameNode)); | 560 node = (dnameNode *)PORT_ArenaAlloc(names->arena, sizeof(dnameNode)); |
561 » if ( node == NULL ) { | 561 if (node == NULL) { |
562 » return(SECFailure); | 562 return (SECFailure); |
563 » } | 563 } |
564 | 564 |
565 » /* copy the name */ | 565 /* copy the name */ |
566 » node->name.len = len = cert->derSubject.len; | 566 node->name.len = len = cert->derSubject.len; |
567 » node->name.type = siBuffer; | 567 node->name.type = siBuffer; |
568 » node->name.data = (unsigned char*)PORT_ArenaAlloc(names->arena, len); | 568 node->name.data = (unsigned char *)PORT_ArenaAlloc(names->arena, len); |
569 » if ( node->name.data == NULL ) { | 569 if (node->name.data == NULL) { |
570 » return(SECFailure); | 570 return (SECFailure); |
571 » } | 571 } |
572 » PORT_Memcpy(node->name.data, cert->derSubject.data, len); | 572 PORT_Memcpy(node->name.data, cert->derSubject.data, len); |
573 | 573 |
574 » /* link it into the list */ | 574 /* link it into the list */ |
575 » node->next = (dnameNode *)names->head; | 575 node->next = (dnameNode *)names->head; |
576 » names->head = (void *)node; | 576 names->head = (void *)node; |
577 | 577 |
578 » /* bump the count */ | 578 /* bump the count */ |
579 » names->nnames++; | 579 names->nnames++; |
580 } | 580 } |
581 | 581 |
582 return(SECSuccess); | 582 return (SECSuccess); |
583 } | 583 } |
584 | 584 |
585 /* | 585 /* |
586 * Return all of the CAs that are "trusted" for SSL. | 586 * Return all of the CAs that are "trusted" for SSL. |
587 */ | 587 */ |
588 CERTDistNames * | 588 CERTDistNames * |
589 CERT_DupDistNames(CERTDistNames *orig) | 589 CERT_DupDistNames(CERTDistNames *orig) |
590 { | 590 { |
591 PLArenaPool *arena; | 591 PLArenaPool *arena; |
592 CERTDistNames *names; | 592 CERTDistNames *names; |
593 int i; | 593 int i; |
594 SECStatus rv; | 594 SECStatus rv; |
595 | 595 |
596 /* allocate an arena to use */ | 596 /* allocate an arena to use */ |
597 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 597 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
598 if (arena == NULL) { | 598 if (arena == NULL) { |
599 » PORT_SetError(SEC_ERROR_NO_MEMORY); | 599 PORT_SetError(SEC_ERROR_NO_MEMORY); |
600 » return(NULL); | 600 return (NULL); |
601 } | 601 } |
602 | 602 |
603 /* allocate the header structure */ | 603 /* allocate the header structure */ |
604 names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames)); | 604 names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames)); |
605 if (names == NULL) { | 605 if (names == NULL) { |
606 » goto loser; | 606 goto loser; |
607 } | 607 } |
608 | 608 |
609 /* initialize the header struct */ | 609 /* initialize the header struct */ |
610 names->arena = arena; | 610 names->arena = arena; |
611 names->head = NULL; | 611 names->head = NULL; |
612 names->nnames = orig->nnames; | 612 names->nnames = orig->nnames; |
613 names->names = NULL; | 613 names->names = NULL; |
614 | 614 |
615 /* construct the array from the list */ | 615 /* construct the array from the list */ |
616 if (orig->nnames) { | 616 if (orig->nnames) { |
617 » names->names = (SECItem*)PORT_ArenaNewArray(arena, SECItem, | 617 names->names = (SECItem *)PORT_ArenaNewArray(arena, SECItem, |
618 orig->nnames); | 618 orig->nnames); |
619 » if (names->names == NULL) { | 619 if (names->names == NULL) { |
620 » goto loser; | 620 goto loser; |
621 » } | 621 } |
622 » for (i = 0; i < orig->nnames; i++) { | 622 for (i = 0; i < orig->nnames; i++) { |
623 rv = SECITEM_CopyItem(arena, &names->names[i], &orig->names[i]); | 623 rv = SECITEM_CopyItem(arena, &names->names[i], &orig->names[i]); |
624 if (rv != SECSuccess) { | 624 if (rv != SECSuccess) { |
625 goto loser; | 625 goto loser; |
626 } | 626 } |
627 } | 627 } |
628 } | 628 } |
629 return(names); | 629 return (names); |
630 | 630 |
631 loser: | 631 loser: |
632 PORT_FreeArena(arena, PR_FALSE); | 632 PORT_FreeArena(arena, PR_FALSE); |
633 return(NULL); | 633 return (NULL); |
634 } | 634 } |
635 | 635 |
636 CERTDistNames * | 636 CERTDistNames * |
637 CERT_GetSSLCACerts(CERTCertDBHandle *handle) | 637 CERT_GetSSLCACerts(CERTCertDBHandle *handle) |
638 { | 638 { |
639 PLArenaPool *arena; | 639 PLArenaPool *arena; |
640 CERTDistNames *names; | 640 CERTDistNames *names; |
641 int i; | 641 int i; |
642 SECStatus rv; | 642 SECStatus rv; |
643 dnameNode *node; | 643 dnameNode *node; |
644 | 644 |
645 /* allocate an arena to use */ | 645 /* allocate an arena to use */ |
646 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 646 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
647 if ( arena == NULL ) { | 647 if (arena == NULL) { |
648 » PORT_SetError(SEC_ERROR_NO_MEMORY); | 648 PORT_SetError(SEC_ERROR_NO_MEMORY); |
649 » return(NULL); | 649 return (NULL); |
650 } | 650 } |
651 | 651 |
652 /* allocate the header structure */ | 652 /* allocate the header structure */ |
653 names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames)); | 653 names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames)); |
654 if ( names == NULL ) { | 654 if (names == NULL) { |
655 » goto loser; | 655 goto loser; |
656 } | 656 } |
657 | 657 |
658 /* initialize the header struct */ | 658 /* initialize the header struct */ |
659 names->arena = arena; | 659 names->arena = arena; |
660 names->head = NULL; | 660 names->head = NULL; |
661 names->nnames = 0; | 661 names->nnames = 0; |
662 names->names = NULL; | 662 names->names = NULL; |
663 | 663 |
664 /* collect the names from the database */ | 664 /* collect the names from the database */ |
665 rv = PK11_TraverseSlotCerts(CollectDistNames, (void *)names, NULL); | 665 rv = PK11_TraverseSlotCerts(CollectDistNames, (void *)names, NULL); |
666 if ( rv ) { | 666 if (rv) { |
667 » goto loser; | 667 goto loser; |
668 } | 668 } |
669 | 669 |
670 /* construct the array from the list */ | 670 /* construct the array from the list */ |
671 if ( names->nnames ) { | 671 if (names->nnames) { |
672 » names->names = (SECItem*)PORT_ArenaAlloc(arena, names->nnames * sizeof(S
ECItem)); | 672 names->names = (SECItem *)PORT_ArenaAlloc(arena, names->nnames * sizeof(
SECItem)); |
673 | 673 |
674 » if ( names->names == NULL ) { | 674 if (names->names == NULL) { |
675 » goto loser; | 675 goto loser; |
676 » } | 676 } |
677 ···· | 677 |
678 » node = (dnameNode *)names->head; | 678 node = (dnameNode *)names->head; |
679 »······· | 679 |
680 » for ( i = 0; i < names->nnames; i++ ) { | 680 for (i = 0; i < names->nnames; i++) { |
681 » PORT_Assert(node != NULL); | 681 PORT_Assert(node != NULL); |
682 »··········· | 682 |
683 » names->names[i] = node->name; | 683 names->names[i] = node->name; |
684 » node = node->next; | 684 node = node->next; |
685 » } | 685 } |
686 | 686 |
687 » PORT_Assert(node == NULL); | 687 PORT_Assert(node == NULL); |
688 } | 688 } |
689 | 689 |
690 return(names); | 690 return (names); |
691 ···· | 691 |
692 loser: | 692 loser: |
693 PORT_FreeArena(arena, PR_FALSE); | 693 PORT_FreeArena(arena, PR_FALSE); |
694 return(NULL); | 694 return (NULL); |
695 } | 695 } |
696 | 696 |
697 CERTDistNames * | 697 CERTDistNames * |
698 CERT_DistNamesFromCertList(CERTCertList *certList) | 698 CERT_DistNamesFromCertList(CERTCertList *certList) |
699 { | 699 { |
700 CERTDistNames * dnames = NULL; | 700 CERTDistNames *dnames = NULL; |
701 PLArenaPool * arena; | 701 PLArenaPool *arena; |
702 CERTCertListNode *node = NULL; | 702 CERTCertListNode *node = NULL; |
703 SECItem * names = NULL; | 703 SECItem *names = NULL; |
704 int listLen = 0, i = 0; | 704 int listLen = 0, i = 0; |
705 | 705 |
706 if (certList == NULL) { | 706 if (certList == NULL) { |
707 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 707 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
708 return NULL; | 708 return NULL; |
709 } | 709 } |
710 | 710 |
711 node = CERT_LIST_HEAD(certList); | 711 node = CERT_LIST_HEAD(certList); |
712 while ( ! CERT_LIST_END(node, certList) ) { | 712 while (!CERT_LIST_END(node, certList)) { |
713 listLen += 1; | 713 listLen += 1; |
714 node = CERT_LIST_NEXT(node); | 714 node = CERT_LIST_NEXT(node); |
715 } | 715 } |
716 | 716 |
717 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 717 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
718 if (arena == NULL) goto loser; | 718 if (arena == NULL) |
| 719 goto loser; |
719 dnames = PORT_ArenaZNew(arena, CERTDistNames); | 720 dnames = PORT_ArenaZNew(arena, CERTDistNames); |
720 if (dnames == NULL) goto loser; | 721 if (dnames == NULL) |
| 722 goto loser; |
721 | 723 |
722 dnames->arena = arena; | 724 dnames->arena = arena; |
723 dnames->nnames = listLen; | 725 dnames->nnames = listLen; |
724 dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, listLen); | 726 dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, listLen); |
725 if (names == NULL) goto loser; | 727 if (names == NULL) |
| 728 goto loser; |
726 | 729 |
727 node = CERT_LIST_HEAD(certList); | 730 node = CERT_LIST_HEAD(certList); |
728 while ( ! CERT_LIST_END(node, certList) ) { | 731 while (!CERT_LIST_END(node, certList)) { |
729 CERTCertificate *cert = node->cert; | 732 CERTCertificate *cert = node->cert; |
730 SECStatus rv = SECITEM_CopyItem(arena, &names[i++], &cert->derSubject); | 733 SECStatus rv = SECITEM_CopyItem(arena, &names[i++], &cert->derSubject); |
731 if (rv == SECFailure) { | 734 if (rv == SECFailure) { |
732 goto loser; | 735 goto loser; |
733 } | 736 } |
734 node = CERT_LIST_NEXT(node); | 737 node = CERT_LIST_NEXT(node); |
735 } | 738 } |
736 return dnames; | 739 return dnames; |
737 loser: | 740 loser: |
738 if (arena) { | 741 if (arena) { |
739 PORT_FreeArena(arena, PR_FALSE); | 742 PORT_FreeArena(arena, PR_FALSE); |
740 } | 743 } |
741 return NULL; | 744 return NULL; |
742 } | 745 } |
743 | 746 |
744 CERTDistNames * | 747 CERTDistNames * |
745 CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames, | 748 CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames, |
746 » » » int nnames) | 749 int nnames) |
747 { | 750 { |
748 CERTDistNames *dnames = NULL; | 751 CERTDistNames *dnames = NULL; |
749 PLArenaPool *arena; | 752 PLArenaPool *arena; |
750 int i, rv; | 753 int i, rv; |
751 SECItem *names = NULL; | 754 SECItem *names = NULL; |
752 CERTCertificate *cert = NULL; | 755 CERTCertificate *cert = NULL; |
753 | 756 |
754 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 757 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
755 if (arena == NULL) goto loser; | 758 if (arena == NULL) |
| 759 goto loser; |
756 dnames = PORT_ArenaZNew(arena, CERTDistNames); | 760 dnames = PORT_ArenaZNew(arena, CERTDistNames); |
757 if (dnames == NULL) goto loser; | 761 if (dnames == NULL) |
| 762 goto loser; |
758 | 763 |
759 dnames->arena = arena; | 764 dnames->arena = arena; |
760 dnames->nnames = nnames; | 765 dnames->nnames = nnames; |
761 dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames); | 766 dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames); |
762 if (names == NULL) goto loser; | 767 if (names == NULL) |
763 | 768 goto loser; |
| 769 |
764 for (i = 0; i < nnames; i++) { | 770 for (i = 0; i < nnames; i++) { |
765 » cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]); | 771 cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]); |
766 » if (cert == NULL) goto loser; | 772 if (cert == NULL) |
767 » rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject); | 773 goto loser; |
768 » if (rv == SECFailure) goto loser; | 774 rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject); |
769 » CERT_DestroyCertificate(cert); | 775 if (rv == SECFailure) |
| 776 goto loser; |
| 777 CERT_DestroyCertificate(cert); |
770 } | 778 } |
771 return dnames; | 779 return dnames; |
772 | 780 |
773 loser: | 781 loser: |
774 if (cert != NULL) | 782 if (cert != NULL) |
775 » CERT_DestroyCertificate(cert); | 783 CERT_DestroyCertificate(cert); |
776 if (arena != NULL) | 784 if (arena != NULL) |
777 » PORT_FreeArena(arena, PR_FALSE); | 785 PORT_FreeArena(arena, PR_FALSE); |
778 return NULL; | 786 return NULL; |
779 } | 787 } |
780 | 788 |
781 /* [ from pcertdb.c - calls Ascii to Name ] */ | 789 /* [ from pcertdb.c - calls Ascii to Name ] */ |
782 /* | 790 /* |
783 * Lookup a certificate in the database by name | 791 * Lookup a certificate in the database by name |
784 */ | 792 */ |
785 CERTCertificate * | 793 CERTCertificate * |
786 CERT_FindCertByNameString(CERTCertDBHandle *handle, char *nameStr) | 794 CERT_FindCertByNameString(CERTCertDBHandle *handle, char *nameStr) |
787 { | 795 { |
788 CERTName *name; | 796 CERTName *name; |
789 SECItem *nameItem; | 797 SECItem *nameItem; |
790 CERTCertificate *cert = NULL; | 798 CERTCertificate *cert = NULL; |
791 PLArenaPool *arena = NULL; | 799 PLArenaPool *arena = NULL; |
792 | 800 |
793 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 801 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
794 | 802 |
795 if ( arena == NULL ) { | 803 if (arena == NULL) { |
796 » goto loser; | 804 goto loser; |
797 } | 805 } |
798 | 806 |
799 name = CERT_AsciiToName(nameStr); | 807 name = CERT_AsciiToName(nameStr); |
800 | 808 |
801 if ( name ) { | 809 if (name) { |
802 » nameItem = SEC_ASN1EncodeItem (arena, NULL, (void *)name, | 810 nameItem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, |
803 » » » » CERT_NameTemplate); | 811 CERT_NameTemplate); |
804 » if ( nameItem != NULL ) { | 812 if (nameItem != NULL) { |
805 cert = CERT_FindCertByName(handle, nameItem); | 813 cert = CERT_FindCertByName(handle, nameItem); |
806 » } | 814 } |
807 » CERT_DestroyName(name); | 815 CERT_DestroyName(name); |
808 } | 816 } |
809 | 817 |
810 loser: | 818 loser: |
811 if ( arena ) { | 819 if (arena) { |
812 » PORT_FreeArena(arena, PR_FALSE); | 820 PORT_FreeArena(arena, PR_FALSE); |
813 } | 821 } |
814 | 822 |
815 return(cert); | 823 return (cert); |
816 } | 824 } |
817 | 825 |
818 /* From certv3.c */ | 826 /* From certv3.c */ |
819 | 827 |
820 CERTCrlDistributionPoints * | 828 CERTCrlDistributionPoints * |
821 CERT_FindCRLDistributionPoints (CERTCertificate *cert) | 829 CERT_FindCRLDistributionPoints(CERTCertificate *cert) |
822 { | 830 { |
823 SECItem encodedExtenValue; | 831 SECItem encodedExtenValue; |
824 SECStatus rv; | 832 SECStatus rv; |
825 CERTCrlDistributionPoints *dps; | 833 CERTCrlDistributionPoints *dps; |
826 | 834 |
827 encodedExtenValue.data = NULL; | 835 encodedExtenValue.data = NULL; |
828 encodedExtenValue.len = 0; | 836 encodedExtenValue.len = 0; |
829 | 837 |
830 rv = cert_FindExtension(cert->extensions, SEC_OID_X509_CRL_DIST_POINTS, | 838 rv = cert_FindExtension(cert->extensions, SEC_OID_X509_CRL_DIST_POINTS, |
831 » » » &encodedExtenValue); | 839 &encodedExtenValue); |
832 if ( rv != SECSuccess ) { | 840 if (rv != SECSuccess) { |
833 » return (NULL); | 841 return (NULL); |
834 } | 842 } |
835 | 843 |
836 dps = CERT_DecodeCRLDistributionPoints(cert->arena, &encodedExtenValue); | 844 dps = CERT_DecodeCRLDistributionPoints(cert->arena, &encodedExtenValue); |
837 | 845 |
838 PORT_Free(encodedExtenValue.data); | 846 PORT_Free(encodedExtenValue.data); |
839 | 847 |
840 return dps; | 848 return dps; |
841 } | 849 } |
842 | 850 |
843 /* From crl.c */ | 851 /* From crl.c */ |
844 CERTSignedCrl * CERT_ImportCRL | 852 CERTSignedCrl * |
845 (CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx) | 853 CERT_ImportCRL(CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, v
oid *wincx) |
846 { | 854 { |
847 CERTSignedCrl* retCrl = NULL; | 855 CERTSignedCrl *retCrl = NULL; |
848 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); | 856 PK11SlotInfo *slot = PK11_GetInternalKeySlot(); |
849 retCrl = PK11_ImportCRL(slot, derCRL, url, type, wincx, | 857 retCrl = PK11_ImportCRL(slot, derCRL, url, type, wincx, |
850 CRL_IMPORT_DEFAULT_OPTIONS, NULL, CRL_DECODE_DEFAULT_OPTIONS); | 858 CRL_IMPORT_DEFAULT_OPTIONS, NULL, CRL_DECODE_DEFAULT
_OPTIONS); |
851 PK11_FreeSlot(slot); | 859 PK11_FreeSlot(slot); |
852 | 860 |
853 return retCrl; | 861 return retCrl; |
854 } | 862 } |
855 | 863 |
856 /* From certdb.c */ | 864 /* From certdb.c */ |
857 static SECStatus | 865 static SECStatus |
858 cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
trusted) | 866 cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
trusted) |
859 { | 867 { |
860 SECStatus rv; | 868 SECStatus rv; |
861 SECItem *derCert; | 869 SECItem *derCert; |
862 CERTCertificate *cert = NULL; | 870 CERTCertificate *cert = NULL; |
863 CERTCertificate *newcert = NULL; | 871 CERTCertificate *newcert = NULL; |
864 CERTCertDBHandle *handle; | 872 CERTCertDBHandle *handle; |
865 CERTCertTrust trust; | 873 CERTCertTrust trust; |
866 PRBool isca; | 874 PRBool isca; |
867 char *nickname; | 875 char *nickname; |
868 unsigned int certtype; | 876 unsigned int certtype; |
869 | 877 |
870 handle = CERT_GetDefaultCertDB(); | 878 handle = CERT_GetDefaultCertDB(); |
871 | 879 |
872 while (numcerts--) { | 880 while (numcerts--) { |
873 » derCert = certs; | 881 derCert = certs; |
874 » certs++; | 882 certs++; |
875 | 883 |
876 » /* decode my certificate */ | 884 /* decode my certificate */ |
877 » /* This use is ok -- only looks at decoded parts, calls NewTemp later */ | 885 /* This use is ok -- only looks at decoded parts, calls NewTemp later */ |
878 » newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL); | 886 newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL); |
879 » if ( newcert == NULL ) { | 887 if (newcert == NULL) { |
880 » goto loser; | 888 goto loser; |
881 » } | 889 } |
882 | 890 |
883 » if (!trusted) { | 891 if (!trusted) { |
884 » /* make sure that cert is valid */ | 892 /* make sure that cert is valid */ |
885 » rv = CERT_CertTimesValid(newcert); | 893 rv = CERT_CertTimesValid(newcert); |
886 » if ( rv == SECFailure ) { | 894 if (rv == SECFailure) { |
887 » » goto endloop; | 895 goto endloop; |
888 » } | 896 } |
889 » } | 897 } |
890 | 898 |
891 » /* does it have the CA extension */ | 899 /* does it have the CA extension */ |
892 » | 900 |
893 » /* | 901 /* |
894 * Make sure that if this is an intermediate CA in the chain that | 902 * Make sure that if this is an intermediate CA in the chain that |
895 * it was given permission by its signer to be a CA. | 903 * it was given permission by its signer to be a CA. |
896 */ | 904 */ |
897 » isca = CERT_IsCACert(newcert, &certtype); | 905 isca = CERT_IsCACert(newcert, &certtype); |
898 | 906 |
899 » if ( !isca ) { | 907 if (!isca) { |
900 » if (!trusted) { | 908 if (!trusted) { |
901 » » goto endloop; | 909 goto endloop; |
902 » } | 910 } |
903 » trust.sslFlags = CERTDB_VALID_CA; | 911 trust.sslFlags = CERTDB_VALID_CA; |
904 » trust.emailFlags = CERTDB_VALID_CA; | 912 trust.emailFlags = CERTDB_VALID_CA; |
905 » trust.objectSigningFlags = CERTDB_VALID_CA; | 913 trust.objectSigningFlags = CERTDB_VALID_CA; |
906 » } else { | 914 } else { |
907 » /* SSL ca's must have the ssl bit set */ | 915 /* SSL ca's must have the ssl bit set */ |
908 » if ( ( certUsage == certUsageSSLCA ) && | 916 if ((certUsage == certUsageSSLCA) && |
909 » » (( certtype & NS_CERT_TYPE_SSL_CA ) != NS_CERT_TYPE_SSL_CA )) { | 917 ((certtype & NS_CERT_TYPE_SSL_CA) != NS_CERT_TYPE_SSL_CA)) { |
910 » » goto endloop; | 918 goto endloop; |
911 » } | 919 } |
912 | 920 |
913 » /* it passed all of the tests, so lets add it to the database */ | 921 /* it passed all of the tests, so lets add it to the database */ |
914 » /* mark it as a CA */ | 922 /* mark it as a CA */ |
915 » PORT_Memset((void *)&trust, 0, sizeof(trust)); | 923 PORT_Memset((void *)&trust, 0, sizeof(trust)); |
916 » switch ( certUsage ) { | 924 switch (certUsage) { |
917 » case certUsageSSLCA: | 925 case certUsageSSLCA: |
918 » » trust.sslFlags = CERTDB_VALID_CA; | 926 trust.sslFlags = CERTDB_VALID_CA; |
919 » » break; | 927 break; |
920 » case certUsageUserCertImport: | 928 case certUsageUserCertImport: |
921 » » if ((certtype & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) { | 929 if ((certtype & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA)
{ |
922 » » trust.sslFlags = CERTDB_VALID_CA; | 930 trust.sslFlags = CERTDB_VALID_CA; |
923 » » } | 931 } |
924 » » if ((certtype & NS_CERT_TYPE_EMAIL_CA)· | 932 if ((certtype & NS_CERT_TYPE_EMAIL_CA) == |
925 » » » » » » == NS_CERT_TYPE_EMAIL_CA ) { | 933 NS_CERT_TYPE_EMAIL_CA) { |
926 » » trust.emailFlags = CERTDB_VALID_CA; | 934 trust.emailFlags = CERTDB_VALID_CA; |
927 » » } | 935 } |
928 » » if ( ( certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA ) == | 936 if ((certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA) == |
929 » » » » » NS_CERT_TYPE_OBJECT_SIGNING_CA ) { | 937 NS_CERT_TYPE_OBJECT_SIGNING_CA) { |
930 » » trust.objectSigningFlags = CERTDB_VALID_CA; | 938 trust.objectSigningFlags = CERTDB_VALID_CA; |
931 » » } | 939 } |
932 » » break; | 940 break; |
933 » default: | 941 default: |
934 » » PORT_Assert(0); | 942 PORT_Assert(0); |
935 » » break; | 943 break; |
936 » } | 944 } |
937 » } | 945 } |
938 »······· | |
939 » cert = CERT_NewTempCertificate(handle, derCert, NULL,· | |
940 » » » » » » » PR_FALSE, PR_FALSE); | |
941 » if ( cert == NULL ) { | |
942 » goto loser; | |
943 » } | |
944 »······· | |
945 » /* if the cert is temp, make it perm; otherwise we're done */ | |
946 » if (cert->istemp) { | |
947 » /* get a default nickname for it */ | |
948 » nickname = CERT_MakeCANickname(cert); | |
949 | 946 |
950 » rv = CERT_AddTempCertToPerm(cert, nickname, &trust); | 947 cert = CERT_NewTempCertificate(handle, derCert, NULL, |
| 948 PR_FALSE, PR_FALSE); |
| 949 if (cert == NULL) { |
| 950 goto loser; |
| 951 } |
951 | 952 |
952 » /* free the nickname */ | 953 /* if the cert is temp, make it perm; otherwise we're done */ |
953 » if ( nickname ) { | 954 if (cert->istemp) { |
954 » » PORT_Free(nickname); | 955 /* get a default nickname for it */ |
955 » } | 956 nickname = CERT_MakeCANickname(cert); |
956 » } else { | |
957 » rv = SECSuccess; | |
958 » } | |
959 | 957 |
960 » CERT_DestroyCertificate(cert); | 958 rv = CERT_AddTempCertToPerm(cert, nickname, &trust); |
961 » cert = NULL; | |
962 »······· | |
963 » if ( rv != SECSuccess ) { | |
964 » goto loser; | |
965 » } | |
966 | 959 |
967 endloop: | 960 /* free the nickname */ |
968 » if ( newcert ) { | 961 if (nickname) { |
969 » CERT_DestroyCertificate(newcert); | 962 PORT_Free(nickname); |
970 » newcert = NULL; | 963 } |
971 » } | 964 } else { |
972 »······· | 965 rv = SECSuccess; |
| 966 } |
| 967 |
| 968 CERT_DestroyCertificate(cert); |
| 969 cert = NULL; |
| 970 |
| 971 if (rv != SECSuccess) { |
| 972 goto loser; |
| 973 } |
| 974 |
| 975 endloop: |
| 976 if (newcert) { |
| 977 CERT_DestroyCertificate(newcert); |
| 978 newcert = NULL; |
| 979 } |
973 } | 980 } |
974 | 981 |
975 rv = SECSuccess; | 982 rv = SECSuccess; |
976 goto done; | 983 goto done; |
977 loser: | 984 loser: |
978 rv = SECFailure; | 985 rv = SECFailure; |
979 done: | 986 done: |
980 | 987 |
981 if ( newcert ) { | 988 if (newcert) { |
982 » CERT_DestroyCertificate(newcert); | 989 CERT_DestroyCertificate(newcert); |
983 » newcert = NULL; | 990 newcert = NULL; |
984 } | 991 } |
985 | 992 |
986 if ( cert ) { | 993 if (cert) { |
987 » CERT_DestroyCertificate(cert); | 994 CERT_DestroyCertificate(cert); |
988 » cert = NULL; | 995 cert = NULL; |
989 } | 996 } |
990 | 997 |
991 return(rv); | 998 return (rv); |
992 } | 999 } |
993 | 1000 |
994 SECStatus | 1001 SECStatus |
995 CERT_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage) | 1002 CERT_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage) |
996 { | 1003 { |
997 return cert_ImportCAChain(certs, numcerts, certUsage, PR_FALSE); | 1004 return cert_ImportCAChain(certs, numcerts, certUsage, PR_FALSE); |
998 } | 1005 } |
999 | 1006 |
1000 SECStatus | 1007 SECStatus |
1001 CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage)
{ | 1008 CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage) |
| 1009 { |
1002 return cert_ImportCAChain(certs, numcerts, certUsage, PR_TRUE); | 1010 return cert_ImportCAChain(certs, numcerts, certUsage, PR_TRUE); |
1003 } | 1011 } |
1004 | 1012 |
1005 /* Moved from certdb.c */ | 1013 /* Moved from certdb.c */ |
1006 /* | 1014 /* |
1007 ** CERT_CertChainFromCert | 1015 ** CERT_CertChainFromCert |
1008 ** | 1016 ** |
1009 ** Construct a CERTCertificateList consisting of the given certificate and all | 1017 ** Construct a CERTCertificateList consisting of the given certificate and all |
1010 ** of the issuer certs until we either get to a self-signed cert or can't find | 1018 ** of the issuer certs until we either get to a self-signed cert or can't find |
1011 ** an issuer. Since we don't know how many certs are in the chain we have to | 1019 ** an issuer. Since we don't know how many certs are in the chain we have to |
1012 ** build a linked list first as we count them. | 1020 ** build a linked list first as we count them. |
1013 */ | 1021 */ |
1014 | 1022 |
1015 typedef struct certNode { | 1023 typedef struct certNode { |
1016 struct certNode *next; | 1024 struct certNode *next; |
1017 CERTCertificate *cert; | 1025 CERTCertificate *cert; |
1018 } certNode; | 1026 } certNode; |
1019 | 1027 |
1020 CERTCertificateList * | 1028 CERTCertificateList * |
1021 CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage, | 1029 CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage, |
1022 » » PRBool includeRoot) | 1030 PRBool includeRoot) |
1023 { | 1031 { |
1024 CERTCertificateList *chain = NULL; | 1032 CERTCertificateList *chain = NULL; |
1025 NSSCertificate **stanChain; | 1033 NSSCertificate **stanChain; |
1026 NSSCertificate *stanCert; | 1034 NSSCertificate *stanCert; |
1027 PLArenaPool *arena; | 1035 PLArenaPool *arena; |
1028 NSSUsage nssUsage; | 1036 NSSUsage nssUsage; |
1029 int i, len; | 1037 int i, len; |
1030 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); | 1038 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); |
1031 NSSCryptoContext *cc = STAN_GetDefaultCryptoContext(); | 1039 NSSCryptoContext *cc = STAN_GetDefaultCryptoContext(); |
1032 | 1040 |
1033 stanCert = STAN_GetNSSCertificate(cert); | 1041 stanCert = STAN_GetNSSCertificate(cert); |
1034 if (!stanCert) { | 1042 if (!stanCert) { |
1035 /* error code is set */ | 1043 /* error code is set */ |
1036 return NULL; | 1044 return NULL; |
1037 } | 1045 } |
1038 nssUsage.anyUsage = PR_FALSE; | 1046 nssUsage.anyUsage = PR_FALSE; |
1039 nssUsage.nss3usage = usage; | 1047 nssUsage.nss3usage = usage; |
1040 nssUsage.nss3lookingForCA = PR_FALSE; | 1048 nssUsage.nss3lookingForCA = PR_FALSE; |
1041 stanChain = NSSCertificate_BuildChain(stanCert, NULL, &nssUsage, NULL, NULL, | 1049 stanChain = NSSCertificate_BuildChain(stanCert, NULL, &nssUsage, NULL, NULL, |
1042 » » » » » CERT_MAX_CERT_CHAIN, NULL, NULL, td, c
c); | 1050 CERT_MAX_CERT_CHAIN, NULL, NULL, td, c
c); |
1043 if (!stanChain) { | 1051 if (!stanChain) { |
1044 » PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); | 1052 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); |
1045 » return NULL; | 1053 return NULL; |
1046 } | 1054 } |
1047 | 1055 |
1048 len = 0; | 1056 len = 0; |
1049 stanCert = stanChain[0]; | 1057 stanCert = stanChain[0]; |
1050 while (stanCert) { | 1058 while (stanCert) { |
1051 » stanCert = stanChain[++len]; | 1059 stanCert = stanChain[++len]; |
1052 } | 1060 } |
1053 | 1061 |
1054 arena = PORT_NewArena(4096); | 1062 arena = PORT_NewArena(4096); |
1055 if (arena == NULL) { | 1063 if (arena == NULL) { |
1056 » goto loser; | 1064 goto loser; |
1057 } | 1065 } |
1058 | 1066 |
1059 chain = (CERTCertificateList *)PORT_ArenaAlloc(arena,· | 1067 chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, |
1060 sizeof(CERTCertificateList)); | 1068 sizeof(CERTCertificateList)); |
1061 if (!chain) goto loser; | 1069 if (!chain) |
1062 chain->certs = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem)); | 1070 goto loser; |
1063 if (!chain->certs) goto loser; | 1071 chain->certs = (SECItem *)PORT_ArenaAlloc(arena, len * sizeof(SECItem)); |
| 1072 if (!chain->certs) |
| 1073 goto loser; |
1064 i = 0; | 1074 i = 0; |
1065 stanCert = stanChain[i]; | 1075 stanCert = stanChain[i]; |
1066 while (stanCert) { | 1076 while (stanCert) { |
1067 » SECItem derCert; | 1077 SECItem derCert; |
1068 » CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert); | 1078 CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert); |
1069 » if (!cCert) { | 1079 if (!cCert) { |
1070 » goto loser; | 1080 goto loser; |
1071 » } | 1081 } |
1072 » derCert.len = (unsigned int)stanCert->encoding.size; | 1082 derCert.len = (unsigned int)stanCert->encoding.size; |
1073 » derCert.data = (unsigned char *)stanCert->encoding.data; | 1083 derCert.data = (unsigned char *)stanCert->encoding.data; |
1074 » derCert.type = siBuffer; | 1084 derCert.type = siBuffer; |
1075 » SECITEM_CopyItem(arena, &chain->certs[i], &derCert); | 1085 SECITEM_CopyItem(arena, &chain->certs[i], &derCert); |
1076 » stanCert = stanChain[++i]; | 1086 stanCert = stanChain[++i]; |
1077 » if (!stanCert && !cCert->isRoot) { | 1087 if (!stanCert && !cCert->isRoot) { |
1078 » /* reached the end of the chain, but the final cert is | 1088 /* reached the end of the chain, but the final cert is |
1079 * not a root. Don't discard it. | 1089 * not a root. Don't discard it. |
1080 */ | 1090 */ |
1081 » includeRoot = PR_TRUE; | 1091 includeRoot = PR_TRUE; |
1082 » } | 1092 } |
1083 » CERT_DestroyCertificate(cCert); | 1093 CERT_DestroyCertificate(cCert); |
1084 } | 1094 } |
1085 if ( !includeRoot && len > 1) { | 1095 if (!includeRoot && len > 1) { |
1086 » chain->len = len - 1; | 1096 chain->len = len - 1; |
1087 } else { | 1097 } else { |
1088 » chain->len = len; | 1098 chain->len = len; |
1089 } | 1099 } |
1090 | 1100 |
1091 chain->arena = arena; | 1101 chain->arena = arena; |
1092 nss_ZFreeIf(stanChain); | 1102 nss_ZFreeIf(stanChain); |
1093 return chain; | 1103 return chain; |
1094 loser: | 1104 loser: |
1095 i = 0; | 1105 i = 0; |
1096 stanCert = stanChain[i]; | 1106 stanCert = stanChain[i]; |
1097 while (stanCert) { | 1107 while (stanCert) { |
1098 » CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert); | 1108 CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert); |
1099 » if (cCert) { | 1109 if (cCert) { |
1100 » CERT_DestroyCertificate(cCert); | 1110 CERT_DestroyCertificate(cCert); |
1101 » } | 1111 } |
1102 » stanCert = stanChain[++i]; | 1112 stanCert = stanChain[++i]; |
1103 } | 1113 } |
1104 nss_ZFreeIf(stanChain); | 1114 nss_ZFreeIf(stanChain); |
1105 if (arena) { | 1115 if (arena) { |
1106 » PORT_FreeArena(arena, PR_FALSE); | 1116 PORT_FreeArena(arena, PR_FALSE); |
1107 } | 1117 } |
1108 return NULL; | 1118 return NULL; |
1109 } | 1119 } |
1110 | 1120 |
1111 /* Builds a CERTCertificateList holding just one DER-encoded cert, namely | 1121 /* Builds a CERTCertificateList holding just one DER-encoded cert, namely |
1112 ** the one for the cert passed as an argument. | 1122 ** the one for the cert passed as an argument. |
1113 */ | 1123 */ |
1114 CERTCertificateList * | 1124 CERTCertificateList * |
1115 CERT_CertListFromCert(CERTCertificate *cert) | 1125 CERT_CertListFromCert(CERTCertificate *cert) |
1116 { | 1126 { |
1117 CERTCertificateList *chain = NULL; | 1127 CERTCertificateList *chain = NULL; |
1118 int rv; | 1128 int rv; |
1119 PLArenaPool *arena; | 1129 PLArenaPool *arena; |
1120 | 1130 |
1121 /* arena for SecCertificateList */ | 1131 /* arena for SecCertificateList */ |
1122 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 1132 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
1123 if (arena == NULL) goto no_memory; | 1133 if (arena == NULL) |
| 1134 goto no_memory; |
1124 | 1135 |
1125 /* build the CERTCertificateList */ | 1136 /* build the CERTCertificateList */ |
1126 chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificate
List)); | 1137 chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificate
List)); |
1127 if (chain == NULL) goto no_memory; | 1138 if (chain == NULL) |
1128 chain->certs = (SECItem*)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem)); | 1139 goto no_memory; |
1129 if (chain->certs == NULL) goto no_memory; | 1140 chain->certs = (SECItem *)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem)); |
| 1141 if (chain->certs == NULL) |
| 1142 goto no_memory; |
1130 rv = SECITEM_CopyItem(arena, chain->certs, &(cert->derCert)); | 1143 rv = SECITEM_CopyItem(arena, chain->certs, &(cert->derCert)); |
1131 if (rv < 0) goto loser; | 1144 if (rv < 0) |
| 1145 goto loser; |
1132 chain->len = 1; | 1146 chain->len = 1; |
1133 chain->arena = arena; | 1147 chain->arena = arena; |
1134 | 1148 |
1135 return chain; | 1149 return chain; |
1136 | 1150 |
1137 no_memory: | 1151 no_memory: |
1138 PORT_SetError(SEC_ERROR_NO_MEMORY); | 1152 PORT_SetError(SEC_ERROR_NO_MEMORY); |
1139 loser: | 1153 loser: |
1140 if (arena != NULL) { | 1154 if (arena != NULL) { |
1141 » PORT_FreeArena(arena, PR_FALSE); | 1155 PORT_FreeArena(arena, PR_FALSE); |
1142 } | 1156 } |
1143 return NULL; | 1157 return NULL; |
1144 } | 1158 } |
1145 | 1159 |
1146 CERTCertificateList * | 1160 CERTCertificateList * |
1147 CERT_DupCertList(const CERTCertificateList * oldList) | 1161 CERT_DupCertList(const CERTCertificateList *oldList) |
1148 { | 1162 { |
1149 CERTCertificateList *newList = NULL; | 1163 CERTCertificateList *newList = NULL; |
1150 PLArenaPool *arena = NULL; | 1164 PLArenaPool *arena = NULL; |
1151 SECItem *newItem; | 1165 SECItem *newItem; |
1152 SECItem *oldItem; | 1166 SECItem *oldItem; |
1153 int len = oldList->len; | 1167 int len = oldList->len; |
1154 int rv; | 1168 int rv; |
1155 | 1169 |
1156 /* arena for SecCertificateList */ | 1170 /* arena for SecCertificateList */ |
1157 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 1171 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
1158 if (arena == NULL)· | 1172 if (arena == NULL) |
1159 » goto no_memory; | 1173 goto no_memory; |
1160 | 1174 |
1161 /* now build the CERTCertificateList */ | 1175 /* now build the CERTCertificateList */ |
1162 newList = PORT_ArenaNew(arena, CERTCertificateList); | 1176 newList = PORT_ArenaNew(arena, CERTCertificateList); |
1163 if (newList == NULL)· | 1177 if (newList == NULL) |
1164 » goto no_memory; | 1178 goto no_memory; |
1165 newList->arena = arena; | 1179 newList->arena = arena; |
1166 newItem = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem)); | 1180 newItem = (SECItem *)PORT_ArenaAlloc(arena, len * sizeof(SECItem)); |
1167 if (newItem == NULL)· | 1181 if (newItem == NULL) |
1168 » goto no_memory; | 1182 goto no_memory; |
1169 newList->certs = newItem; | 1183 newList->certs = newItem; |
1170 newList->len = len; | 1184 newList->len = len; |
1171 | 1185 |
1172 for (oldItem = oldList->certs; len > 0; --len, ++newItem, ++oldItem) { | 1186 for (oldItem = oldList->certs; len > 0; --len, ++newItem, ++oldItem) { |
1173 » rv = SECITEM_CopyItem(arena, newItem, oldItem); | 1187 rv = SECITEM_CopyItem(arena, newItem, oldItem); |
1174 » if (rv < 0)· | 1188 if (rv < 0) |
1175 » goto loser; | 1189 goto loser; |
1176 } | 1190 } |
1177 return newList; | 1191 return newList; |
1178 | 1192 |
1179 no_memory: | 1193 no_memory: |
1180 PORT_SetError(SEC_ERROR_NO_MEMORY); | 1194 PORT_SetError(SEC_ERROR_NO_MEMORY); |
1181 loser: | 1195 loser: |
1182 if (arena != NULL) { | 1196 if (arena != NULL) { |
1183 » PORT_FreeArena(arena, PR_FALSE); | 1197 PORT_FreeArena(arena, PR_FALSE); |
1184 } | 1198 } |
1185 return NULL; | 1199 return NULL; |
1186 } | 1200 } |
1187 | 1201 |
1188 void | 1202 void |
1189 CERT_DestroyCertificateList(CERTCertificateList *list) | 1203 CERT_DestroyCertificateList(CERTCertificateList *list) |
1190 { | 1204 { |
1191 PORT_FreeArena(list->arena, PR_FALSE); | 1205 PORT_FreeArena(list->arena, PR_FALSE); |
1192 } | 1206 } |
1193 | |
OLD | NEW |