Back to index

lightning-sunbird  0.9+nobinonly
Defines | Typedefs | Functions
cert.h File Reference
#include "plarena.h"
#include "plhash.h"
#include "prlong.h"
#include "prlog.h"
#include "seccomon.h"
#include "secdert.h"
#include "secoidt.h"
#include "keyt.h"
#include "certt.h"

Go to the source code of this file.

Defines

#define SEC_CRL_TYPE   1
#define SEC_KRL_TYPE   0
#define CRL_DECODE_DEFAULT_OPTIONS   0x00000000
#define CRL_DECODE_DONT_COPY_DER   0x00000001
#define CRL_DECODE_SKIP_ENTRIES   0x00000002
#define CRL_DECODE_KEEP_BAD_CRL   0x00000004
#define CRL_DECODE_ADOPT_HEAP_DER   0x00000008

Typedefs

typedef SECItem ** certs
typedef SECItem int numcerts
typedef char *(* CERTPolicyStringCallback )(char *org, unsigned long noticeNumber, void *arg)
typedef PRBool(* CERTSortCallback )(CERTCertificate *certa, CERTCertificate *certb, void *arg)

Functions

SEC_BEGIN_PROTOS CERTName * CERT_AsciiToName (char *string)
char * CERT_NameToAscii (CERTName *name)
CERTAVA * CERT_CopyAVA (PRArenaPool *arena, CERTAVA *src)
char * CERT_GetOidString (const SECItem *oid)
SECOidTag CERT_GetAVATag (CERTAVA *ava)
SECComparison CERT_CompareAVA (const CERTAVA *a, const CERTAVA *b)
CERTRDN * CERT_CreateRDN (PRArenaPool *arena, CERTAVA *avas,...)
SECStatus CERT_CopyRDN (PRArenaPool *arena, CERTRDN *dest, CERTRDN *src)
void CERT_DestroyRDN (CERTRDN *rdn, PRBool freeit)
SECStatus CERT_AddAVA (PRArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
SECComparison CERT_CompareRDN (CERTRDN *a, CERTRDN *b)
CERTName * CERT_CreateName (CERTRDN *rdn,...)
SECStatus CERT_CopyName (PRArenaPool *arena, CERTName *dest, CERTName *src)
void CERT_DestroyName (CERTName *name)
SECStatus CERT_AddRDN (CERTName *name, CERTRDN *rdn)
SECComparison CERT_CompareName (CERTName *a, CERTName *b)
char * CERT_FormatName (CERTName *name)
char * CERT_Hexify (SECItem *i, int do_colon)
CERTValidity * CERT_CreateValidity (int64 notBefore, int64 notAfter)
void CERT_DestroyValidity (CERTValidity *v)
SECStatus CERT_CopyValidity (PRArenaPool *arena, CERTValidity *dest, CERTValidity *src)
PRInt32 CERT_GetSlopTime (void)
SECStatus CERT_SetSlopTime (PRInt32 slop)
CERTCertificate * CERT_CreateCertificate (unsigned long serialNumber, CERTName *issuer, CERTValidity *validity, CERTCertificateRequest *req)
void CERT_DestroyCertificate (CERTCertificate *cert)
CERTCertificate * CERT_DupCertificate (CERTCertificate *c)
CERTCertificateRequest * CERT_CreateCertificateRequest (CERTName *name, CERTSubjectPublicKeyInfo *spki, SECItem **attributes)
void CERT_DestroyCertificateRequest (CERTCertificateRequest *r)
voidCERT_StartCertificateRequestAttributes (CERTCertificateRequest *req)
SECStatus CERT_FinishCertificateRequestAttributes (CERTCertificateRequest *req)
SECStatus CERT_GetCertificateRequestExtensions (CERTCertificateRequest *req, CERTCertExtension ***exts)
SECKEYPublicKey * CERT_ExtractPublicKey (CERTCertificate *cert)
SECKEYPublicKey * CERT_KMIDPublicKey (CERTCertificate *cert)
KeyType CERT_GetCertKeyType (CERTSubjectPublicKeyInfo *spki)
SECStatus CERT_InitCertDB (CERTCertDBHandle *handle)
int CERT_GetDBContentVersion (CERTCertDBHandle *handle)
void CERT_SetDefaultCertDB (CERTCertDBHandle *handle)
CERTCertDBHandle * CERT_GetDefaultCertDB (void)
CERTCertList * CERT_GetCertChainFromCert (CERTCertificate *cert, int64 time, SECCertUsage usage)
CERTCertificate * CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert, char *nickname, PRBool isperm, PRBool copyDER)
CERTAVA * CERT_CreateAVA (PRArenaPool *arena, SECOidTag kind, int valueType, char *value)
SECStatus CERT_NameFromDERCert (SECItem *derCert, SECItem *derName)
SECStatus CERT_IssuerNameFromDERCert (SECItem *derCert, SECItem *derName)
SECItem * CERT_EncodeGeneralName (CERTGeneralName *genName, SECItem *dest, PRArenaPool *arena)
CERTGeneralName * CERT_DecodeGeneralName (PRArenaPool *arena, SECItem *encodedName, CERTGeneralName *genName)
SECStatus CERT_KeyFromDERCert (PRArenaPool *arena, SECItem *derCert, SECItem *key)
SECStatus CERT_KeyFromIssuerAndSN (PRArenaPool *arena, SECItem *issuer, SECItem *sn, SECItem *key)
SECStatus CERT_SerialNumberFromDERCert (SECItem *derCert, SECItem *derName)
SECStatus CERT_KeyFromDERCrl (PRArenaPool *arena, SECItem *derCrl, SECItem *key)
SECStatus CERT_OpenCertDB (CERTCertDBHandle *handle, PRBool readOnly, CERTDBNameFunc namecb, void *cbarg)
SECStatus CERT_OpenCertDBFilename (CERTCertDBHandle *handle, char *certdbname, PRBool readOnly)
SECStatus CERT_OpenVolatileCertDB (CERTCertDBHandle *handle)
SECStatus CERT_VerifyCertName (CERTCertificate *cert, const char *hostname)
SECStatus CERT_AddOKDomainName (CERTCertificate *cert, const char *hostname)
CERTCertificate * CERT_DecodeDERCertificate (SECItem *derSignedCert, PRBool copyDER, char *nickname)
CERTSignedCrl * CERT_DecodeDERCrl (PRArenaPool *arena, SECItem *derSignedCrl, int type)
CERTSignedCrl * CERT_DecodeDERCrlWithFlags (PRArenaPool *narena, SECItem *derSignedCrl, int type, PRInt32 options)
SECStatus CERT_CompleteCRLDecodeEntries (CERTSignedCrl *crl)
CERTSignedCrl * CERT_ImportCRL (CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx)
void CERT_DestroyCrl (CERTSignedCrl *crl)
void CERT_CRLCacheRefreshIssuer (CERTCertDBHandle *dbhandle, SECItem *crlKey)
SECStatus CERT_CacheCRL (CERTCertDBHandle *dbhandle, SECItem *newcrl)
SECStatus CERT_UncacheCRL (CERTCertDBHandle *dbhandle, SECItem *oldcrl)
CERTCertificate * CERT_DecodeCertificate (SECItem *derCert, char *nickname, PRBool copyDER)
CERTCertificate * CERT_FindCertByKey (CERTCertDBHandle *handle, SECItem *key)
CERTCertificate * CERT_FindCertByName (CERTCertDBHandle *handle, SECItem *name)
CERTCertificate * CERT_FindCertByNameString (CERTCertDBHandle *handle, char *name)
CERTCertificate * CERT_FindCertByKeyID (CERTCertDBHandle *handle, SECItem *name, SECItem *keyID)
CERTCertificate * CERT_FindCertByIssuerAndSN (CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN)
CERTCertificate * CERT_FindCertBySubjectKeyID (CERTCertDBHandle *handle, SECItem *subjKeyID)
CERTCertificate * CERT_FindCertByNickname (CERTCertDBHandle *handle, char *nickname)
CERTCertificate * CERT_FindCertByDERCert (CERTCertDBHandle *handle, SECItem *derCert)
CERTCertificate * CERT_FindCertByEmailAddr (CERTCertDBHandle *handle, char *emailAddr)
CERTCertificate * CERT_FindCertByNicknameOrEmailAddr (CERTCertDBHandle *handle, char *name)
CERTCertificate * CERT_FindCertBySPKDigest (CERTCertDBHandle *handle, SECItem *spkDigest)
CERTCertificate * CERT_FindCertIssuer (CERTCertificate *cert, int64 validTime, SECCertUsage usage)
SECCertTimeValidity CERT_CheckCertValidTimes (CERTCertificate *cert, PRTime t, PRBool allowOverride)
SECStatus CERT_CertTimesValid (CERTCertificate *cert)
SECStatus CERT_GetCertTimes (CERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
CERTIssuerAndSN * CERT_GetCertIssuerAndSN (PRArenaPool *, CERTCertificate *)
SECStatus CERT_VerifySignedData (CERTSignedData *sd, CERTCertificate *cert, int64 t, void *wincx)
SECStatus CERT_VerifySignedDataWithPublicKeyInfo (CERTSignedData *sd, CERTSubjectPublicKeyInfo *pubKeyInfo, void *wincx)
SECStatus CERT_VerifySignedDataWithPublicKey (CERTSignedData *sd, SECKEYPublicKey *pubKey, void *wincx)
SECStatus CERT_VerifyCertificate (CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checkSig, SECCertificateUsage requiredUsages, int64 t, void *wincx, CERTVerifyLog *log, SECCertificateUsage *returnedUsages)
SECStatus CERT_VerifyCertificateNow (CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checkSig, SECCertificateUsage requiredUsages, void *wincx, SECCertificateUsage *returnedUsages)
SECStatus CERT_VerifyCACertForUsage (CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checkSig, SECCertUsage certUsage, int64 t, void *wincx, CERTVerifyLog *log)
SECStatus CERT_VerifyCert (CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checkSig, SECCertUsage certUsage, int64 t, void *wincx, CERTVerifyLog *log)
SECStatus CERT_VerifyCertNow (CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checkSig, SECCertUsage certUsage, void *wincx)
SECStatus CERT_VerifyCertChain (CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checkSig, SECCertUsage certUsage, int64 t, void *wincx, CERTVerifyLog *log)
CERTCertificate * CERT_ConvertAndDecodeCertificate (char *certstr)
CERTCertificate * CERT_DecodeCertFromPackage (char *certbuf, int certlen)
SECStatus CERT_ImportCAChain (SECItem *certs, int numcerts, SECCertUsage certUsage)
SECStatus CERT_ImportCAChainTrusted (SECItem *certs, int numcerts, SECCertUsage certUsage)
typedef SECStatus (PR_CALLBACK *CERTImportCertificateFunc)(void *arg
SECStatus CERT_DecodeCertPackage (char *certbuf, int certlen, CERTImportCertificateFunc f, void *arg)
char * CERT_HTMLCertInfo (CERTCertificate *cert, PRBool showImages, PRBool showIssuer)
SECItem * CERT_DecodeAVAValue (const SECItem *derAVAValue)
char * CERT_GetCertificateEmailAddress (CERTCertificate *cert)
char * CERT_GetCertEmailAddress (CERTName *name)
const char * CERT_GetFirstEmailAddress (CERTCertificate *cert)
const char * CERT_GetNextEmailAddress (CERTCertificate *cert, const char *prev)
char * CERT_GetCommonName (CERTName *name)
char * CERT_GetCountryName (CERTName *name)
char * CERT_GetLocalityName (CERTName *name)
char * CERT_GetStateName (CERTName *name)
char * CERT_GetOrgName (CERTName *name)
char * CERT_GetOrgUnitName (CERTName *name)
char * CERT_GetDomainComponentName (CERTName *name)
char * CERT_GetCertUid (CERTName *name)
SECStatus CERT_GetCertTrust (CERTCertificate *cert, CERTCertTrust *trust)
SECStatus CERT_ChangeCertTrust (CERTCertDBHandle *handle, CERTCertificate *cert, CERTCertTrust *trust)
SECStatus CERT_ChangeCertTrustByUsage (CERTCertDBHandle *certdb, CERTCertificate *cert, SECCertUsage usage)
voidCERT_StartCertExtensions (CERTCertificate *cert)
SECStatus CERT_AddExtension (void *exthandle, int idtag, SECItem *value, PRBool critical, PRBool copyData)
SECStatus CERT_AddExtensionByOID (void *exthandle, SECItem *oid, SECItem *value, PRBool critical, PRBool copyData)
SECStatus CERT_EncodeAndAddExtension (void *exthandle, int idtag, void *value, PRBool critical, const SEC_ASN1Template *atemplate)
SECStatus CERT_EncodeAndAddBitStrExtension (void *exthandle, int idtag, SECItem *value, PRBool critical)
SECStatus CERT_EncodeAltNameExtension (PRArenaPool *arena, CERTGeneralName *value, SECItem *encodedValue)
SECStatus CERT_FinishExtensions (void *exthandle)
SECStatus CERT_MergeExtensions (void *exthandle, CERTCertExtension **exts)
SECStatus CERT_GetExtenCriticality (CERTCertExtension **extensions, int tag, PRBool *isCritical)
void CERT_DestroyOidSequence (CERTOidSequence *oidSeq)
SECStatus CERT_EncodeBasicConstraintValue (PRArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue)
SECStatus CERT_EncodeAuthKeyID (PRArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
SECStatus CERT_EncodeCRLDistributionPoints (PRArenaPool *arena, CERTCrlDistributionPoints *value, SECItem *derValue)
SECStatus CERT_DecodeBasicConstraintValue (CERTBasicConstraints *value, SECItem *encodedValue)
CERTAuthKeyID * CERT_DecodeAuthKeyID (PRArenaPool *arena, SECItem *encodedValue)
CERTCrlDistributionPoints * CERT_DecodeCRLDistributionPoints (PRArenaPool *arena, SECItem *der)
voidCERT_GetGeneralNameByType (CERTGeneralName *genNames, CERTGeneralNameType type, PRBool derFormat)
CERTOidSequenceCERT_DecodeOidSequence (SECItem *seqItem)
SECStatus CERT_FindCertExtension (CERTCertificate *cert, int tag, SECItem *value)
SECStatus CERT_FindNSCertTypeExtension (CERTCertificate *cert, SECItem *value)
char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag)
SECStatus CERT_FindIssuerCertExtension (CERTCertificate *cert, int tag, SECItem *value)
SECStatus CERT_FindCertExtensionByOID (CERTCertificate *cert, SECItem *oid, SECItem *value)
char * CERT_FindCertURLExtension (CERTCertificate *cert, int tag, int catag)
CERTAuthKeyID * CERT_FindAuthKeyIDExten (PRArenaPool *arena, CERTCertificate *cert)
SECStatus CERT_FindBasicConstraintExten (CERTCertificate *cert, CERTBasicConstraints *value)
CERTCrlDistributionPoints * CERT_FindCRLDistributionPoints (CERTCertificate *cert)
SECStatus CERT_FindKeyUsageExtension (CERTCertificate *cert, SECItem *value)
SECStatus CERT_FindSubjectKeyIDExtension (CERTCertificate *cert, SECItem *retItem)
SECStatus CERT_CheckCertUsage (CERTCertificate *cert, unsigned char usage)
SECStatus CERT_FindCRLExtensionByOID (CERTCrl *crl, SECItem *oid, SECItem *value)
SECStatus CERT_FindCRLExtension (CERTCrl *crl, int tag, SECItem *value)
SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, int64 *value)
voidCERT_StartCRLExtensions (CERTCrl *crl)
voidCERT_StartCRLEntryExtensions (CERTCrl *crl, CERTCrlEntry *entry)
CERTCertNicknames * CERT_GetCertNicknames (CERTCertDBHandle *handle, int what, void *wincx)
SECStatus CERT_FindCRLNumberExten (CERTCrl *crl, CERTCrlNumber *value)
void CERT_FreeNicknames (CERTCertNicknames *nicknames)
PRBool CERT_CompareCerts (CERTCertificate *c1, CERTCertificate *c2)
PRBool CERT_CompareCertsForRedirection (CERTCertificate *c1, CERTCertificate *c2)
CERTDistNames * CERT_GetSSLCACerts (CERTCertDBHandle *handle)
void CERT_FreeDistNames (CERTDistNames *names)
CERTDistNames * CERT_DistNamesFromNicknames (CERTCertDBHandle *handle, char **nicknames, int nnames)
CERTCertificateList * CERT_CertChainFromCert (CERTCertificate *cert, SECCertUsage usage, PRBool includeRoot)
CERTCertificateList * CERT_CertListFromCert (CERTCertificate *cert)
CERTCertificateList * CERT_DupCertList (CERTCertificateList *oldList)
void CERT_DestroyCertificateList (CERTCertificateList *list)
PRBool CERT_IsUserCert (CERTCertificate *cert)
PRBool CERT_IsNewer (CERTCertificate *certa, CERTCertificate *certb)
PRBool CERT_IsCertRevoked (CERTCertificate *cert)
void CERT_DestroyCertArray (CERTCertificate **certs, unsigned int ncerts)
char * CERT_FixupEmailAddr (char *emailAddr)
SECStatus CERT_DecodeTrustString (CERTCertTrust *trust, char *trusts)
char * CERT_EncodeTrustString (CERTCertTrust *trust)
CERTCertificate * CERT_PrevSubjectCert (CERTCertificate *cert)
CERTCertificate * CERT_NextSubjectCert (CERTCertificate *cert)
SECStatus CERT_ImportCerts (CERTCertDBHandle *certdb, SECCertUsage usage, unsigned int ncerts, SECItem **derCerts, CERTCertificate ***retCerts, PRBool keepCerts, PRBool caOnly, char *nickname)
SECStatus CERT_SaveImportedCert (CERTCertificate *cert, SECCertUsage usage, PRBool caOnly, char *nickname)
char * CERT_MakeCANickname (CERTCertificate *cert)
PRBool CERT_IsCACert (CERTCertificate *cert, unsigned int *rettype)
PRBool CERT_IsCADERCert (SECItem *derCert, unsigned int *rettype)
PRBool CERT_IsRootDERCert (SECItem *derCert)
SECStatus CERT_SaveSMimeProfile (CERTCertificate *cert, SECItem *emailProfile, SECItem *profileTime)
SECItem * CERT_FindSMimeProfile (CERTCertificate *cert)
SECStatus CERT_AddNewCerts (CERTCertDBHandle *handle)
CERTPackageType CERT_CertPackageType (SECItem *package, SECItem *certitem)
CERTCertificatePoliciesCERT_DecodeCertificatePoliciesExtension (SECItem *extnValue)
void CERT_DestroyCertificatePoliciesExtension (CERTCertificatePolicies *policies)
CERTUserNoticeCERT_DecodeUserNotice (SECItem *noticeItem)
CERTGeneralName * CERT_DecodeAltNameExtension (PRArenaPool *arena, SECItem *EncodedAltName)
CERTNameConstraints * CERT_DecodeNameConstraintsExtension (PRArenaPool *arena, SECItem *encodedConstraints)
CERTAuthInfoAccess ** CERT_DecodeAuthInfoAccessExtension (PRArenaPool *arena, SECItem *encodedExtension)
CERTPrivKeyUsagePeriod * CERT_DecodePrivKeyUsagePeriodExtension (PLArenaPool *arena, SECItem *extnValue)
CERTGeneralName * CERT_GetNextGeneralName (CERTGeneralName *current)
CERTGeneralName * CERT_GetPrevGeneralName (CERTGeneralName *current)
CERTNameConstraint * CERT_GetNextNameConstraint (CERTNameConstraint *current)
CERTNameConstraint * CERT_GetPrevNameConstraint (CERTNameConstraint *current)
void CERT_DestroyUserNotice (CERTUserNotice *userNotice)
void CERT_SetCAPolicyStringCallback (CERTPolicyStringCallback cb, void *cbarg)
char * CERT_GetCertCommentString (CERTCertificate *cert)
PRBool CERT_GovtApprovedBitSet (CERTCertificate *cert)
SECStatus CERT_AddPermNickname (CERTCertificate *cert, char *nickname)
CERTCertificate * CERT_FindCertByUsage (CERTCertificate *basecert, unsigned int requiredKeyUsage)
CERTCertList * CERT_MatchUserCert (CERTCertDBHandle *handle, SECCertUsage usage, int nCANames, char **caNames, void *proto_win)
CERTCertList * CERT_NewCertList (void)
void CERT_DestroyCertList (CERTCertList *certs)
void CERT_RemoveCertListNode (CERTCertListNode *node)
SECStatus CERT_AddCertToListTail (CERTCertList *certs, CERTCertificate *cert)
SECStatus CERT_AddCertToListHead (CERTCertList *certs, CERTCertificate *cert)
SECStatus CERT_AddCertToListTailWithData (CERTCertList *certs, CERTCertificate *cert, void *appData)
SECStatus CERT_AddCertToListHeadWithData (CERTCertList *certs, CERTCertificate *cert, void *appData)
SECStatus CERT_AddCertToListSorted (CERTCertList *certs, CERTCertificate *cert, CERTSortCallback f, void *arg)
PRBool CERT_SortCBValidity (CERTCertificate *certa, CERTCertificate *certb, void *arg)
SECStatus CERT_CheckForEvilCert (CERTCertificate *cert)
CERTGeneralName * CERT_GetCertificateNames (CERTCertificate *cert, PRArenaPool *arena)
SECStatus CERT_EncodeSubjectKeyID (PRArenaPool *arena, char *value, int len, SECItem *encodedValue)
char * CERT_GetNickName (CERTCertificate *cert, CERTCertDBHandle *handle, PRArenaPool *nicknameArena)
CERTCertList * CERT_CreateSubjectCertList (CERTCertList *certList, CERTCertDBHandle *handle, SECItem *name, int64 sorttime, PRBool validOnly)
CERTCertList * CERT_CreateNicknameCertList (CERTCertList *certList, CERTCertDBHandle *handle, char *nickname, int64 sorttime, PRBool validOnly)
CERTCertList * CERT_CreateEmailAddrCertList (CERTCertList *certList, CERTCertDBHandle *handle, char *emailAddr, int64 sorttime, PRBool validOnly)
SECStatus CERT_FilterCertListByUsage (CERTCertList *certList, SECCertUsage usage, PRBool ca)
SECStatus CERT_CheckKeyUsage (CERTCertificate *cert, unsigned int requiredUsage)
SECStatus CERT_KeyUsageAndTypeForCertUsage (SECCertUsage usage, PRBool ca, unsigned int *retKeyUsage, unsigned int *retCertType)
SECStatus CERT_TrustFlagsForCACertUsage (SECCertUsage usage, unsigned int *retFlags, SECTrustType *retTrustType)
CERTCertList * CERT_FindUserCertsByUsage (CERTCertDBHandle *handle, SECCertUsage usage, PRBool oneCertPerName, PRBool validOnly, void *proto_win)
CERTCertificate * CERT_FindUserCertByUsage (CERTCertDBHandle *handle, char *nickname, SECCertUsage usage, PRBool validOnly, void *proto_win)
SECStatus CERT_FilterCertListByCANames (CERTCertList *certList, int nCANames, char **caNames, SECCertUsage usage)
SECStatus CERT_FilterCertListForUserCerts (CERTCertList *certList)
CERTCertNicknames * CERT_NicknameStringsFromCertList (CERTCertList *certList, char *expiredString, char *notYetGoodString)
char * CERT_ExtractNicknameString (char *namestring, char *expiredString, char *notYetGoodString)
char * CERT_GetCertNicknameWithValidity (PRArenaPool *arena, CERTCertificate *cert, char *expiredString, char *notYetGoodString)
char * CERT_DerNameToAscii (SECItem *dername)
CERTCertificate * CERT_FindMatchingCert (CERTCertDBHandle *handle, SECItem *derName, CERTCertOwner owner, SECCertUsage usage, PRBool preferTrusted, int64 validTime, PRBool validOnly)
void CERT_LockDB (CERTCertDBHandle *handle)
void CERT_UnlockDB (CERTCertDBHandle *handle)
CERTStatusConfig * CERT_GetStatusConfig (CERTCertDBHandle *handle)
void CERT_SetStatusConfig (CERTCertDBHandle *handle, CERTStatusConfig *config)
void CERT_LockCertRefCount (CERTCertificate *cert)
void CERT_UnlockCertRefCount (CERTCertificate *cert)
void CERT_LockCertTrust (CERTCertificate *cert)
void CERT_UnlockCertTrust (CERTCertificate *cert)
SECItem * CERT_SPKDigestValueForCert (PRArenaPool *arena, CERTCertificate *cert, SECOidTag digestAlg, SECItem *fill)
SECStatus cert_GetCertType (CERTCertificate *cert)
SECStatus CERT_CheckCRL (CERTCertificate *cert, CERTCertificate *issuer, SECItem *dp, int64 t, void *wincx)

Define Documentation

Definition at line 451 of file cert.h.

Definition at line 440 of file cert.h.

#define CRL_DECODE_DONT_COPY_DER   0x00000001

Definition at line 448 of file cert.h.

#define CRL_DECODE_KEEP_BAD_CRL   0x00000004

Definition at line 450 of file cert.h.

#define CRL_DECODE_SKIP_ENTRIES   0x00000002

Definition at line 449 of file cert.h.

Definition at line 424 of file cert.h.

Definition at line 425 of file cert.h.


Typedef Documentation

typedef char*(* CERTPolicyStringCallback)(char *org, unsigned long noticeNumber, void *arg)

Definition at line 1180 of file cert.h.

typedef SECItem** certs

Definition at line 727 of file cert.h.

typedef PRBool(* CERTSortCallback)(CERTCertificate *certa, CERTCertificate *certb, void *arg)

Definition at line 1234 of file cert.h.

typedef SECItem int numcerts

Definition at line 727 of file cert.h.


Function Documentation

SECStatus CERT_AddAVA ( PRArenaPool arena,
CERTRDN *  rdn,
CERTAVA *  ava 
)

Definition at line 294 of file secname.c.

{
    rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
    return rdn->avas ? SECSuccess : SECFailure;
}

Here is the call graph for this function:

SECStatus CERT_AddCertToListHead ( CERTCertList *  certs,
CERTCertificate *  cert 
)

Definition at line 2485 of file certdb.c.

Here is the call graph for this function:

SECStatus CERT_AddCertToListHeadWithData ( CERTCertList *  certs,
CERTCertificate *  cert,
void appData 
)

Definition at line 2458 of file certdb.c.

{
    CERTCertListNode *node;
    CERTCertListNode *head;
    
    head = CERT_LIST_HEAD(certs);

    if (head == NULL) return CERT_AddCertToListTail(certs,cert);

    node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
                                          sizeof(CERTCertListNode));
    if ( node == NULL ) {
       goto loser;
    }
    
    PR_INSERT_BEFORE(&node->links, &head->links);
    /* certs->count++; */
    node->cert = cert;
    node->appData = appData;
    return(SECSuccess);
    
loser:
    return(SECFailure);
}

Here is the call graph for this function:

SECStatus CERT_AddCertToListSorted ( CERTCertList *  certs,
CERTCertificate *  cert,
CERTSortCallback  f,
void arg 
)

Definition at line 2567 of file certdb.c.

{
    CERTCertListNode *node;
    CERTCertListNode *head;
    PRBool ret;
    
    node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
                                          sizeof(CERTCertListNode));
    if ( node == NULL ) {
       goto loser;
    }
    
    head = CERT_LIST_HEAD(certs);
    
    while ( !CERT_LIST_END(head, certs) ) {

       /* if cert is already in the list, then don't add it again */
       if ( cert == head->cert ) {
           /*XXX*/
           /* don't keep a reference */
           CERT_DestroyCertificate(cert);
           goto done;
       }
       
       ret = (* f)(cert, head->cert, arg);
       /* if sort function succeeds, then insert before current node */
       if ( ret ) {
           PR_INSERT_BEFORE(&node->links, &head->links);
           goto done;
       }

       head = CERT_LIST_NEXT(head);
    }
    /* if we get to the end, then just insert it at the tail */
    PR_INSERT_BEFORE(&node->links, &certs->list);

done:    
    /* certs->count++; */
    node->cert = cert;
    return(SECSuccess);
    
loser:
    return(SECFailure);
}

Here is the call graph for this function:

SECStatus CERT_AddCertToListTail ( CERTCertList *  certs,
CERTCertificate *  cert 
)

Definition at line 2452 of file certdb.c.

Here is the call graph for this function:

SECStatus CERT_AddCertToListTailWithData ( CERTCertList *  certs,
CERTCertificate *  cert,
void appData 
)

Definition at line 2430 of file certdb.c.

{
    CERTCertListNode *node;
    
    node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
                                          sizeof(CERTCertListNode));
    if ( node == NULL ) {
       goto loser;
    }
    
    PR_INSERT_BEFORE(&node->links, &certs->list);
    /* certs->count++; */
    node->cert = cert;
    node->appData = appData;
    return(SECSuccess);
    
loser:
    return(SECFailure);
}

Here is the call graph for this function:

SECStatus CERT_AddExtension ( void exthandle,
int  idtag,
SECItem *  value,
PRBool  critical,
PRBool  copyData 
)

Definition at line 248 of file certxutl.c.

{
    SECOidData *oid;
    
    oid = SECOID_FindOIDByTag((SECOidTag)idtag);
    if ( !oid ) {
       return(SECFailure);
    }

    return(CERT_AddExtensionByOID(exthandle, &oid->oid, value, critical, copyData));
}

Here is the call graph for this function:

SECStatus CERT_AddExtensionByOID ( void exthandle,
SECItem *  oid,
SECItem *  value,
PRBool  critical,
PRBool  copyData 
)

Definition at line 193 of file certxutl.c.

{
    CERTCertExtension *ext;
    SECStatus rv;
    extNode *node;
    extRec *handle;
    
    handle = (extRec *)exthandle;

    /* allocate space for extension and list node */
    ext = (CERTCertExtension*)PORT_ArenaZAlloc(handle->ownerArena,
                                               sizeof(CERTCertExtension));
    if ( !ext ) {
       return(SECFailure);
    }

    node = (extNode*)PORT_ArenaAlloc(handle->arena, sizeof(extNode));
    if ( !node ) {
       return(SECFailure);
    }

    /* add to list */
    node->next = handle->head;
    handle->head = node;
   
    /* point to ext struct */
    node->ext = ext;
    
    /* the object ID of the extension */
    ext->id = *oid;
    
    /* set critical field */
    if ( critical ) {
       ext->critical.data = (unsigned char*)&hextrue;
       ext->critical.len = 1;
    }

    /* set the value */
    if ( copyData ) {
       rv = SECITEM_CopyItem(handle->ownerArena, &ext->value, value);
       if ( rv ) {
           return(SECFailure);
       }
    } else {
       ext->value = *value;
    }
    
    handle->count++;
    
    return(SECSuccess);

}

Here is the call graph for this function:

SECStatus CERT_AddNewCerts ( CERTCertDBHandle *  handle)
SECStatus CERT_AddOKDomainName ( CERTCertificate *  cert,
const char *  hostname 
)

Definition at line 1329 of file certdb.c.

{
    CERTOKDomainName *domainOK;
    int              newNameLen;

    if (!hn || !(newNameLen = strlen(hn))) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(cert->arena, 
                              (sizeof *domainOK) + newNameLen);
    if (!domainOK) 
       return SECFailure;   /* error code is already set. */

    PORT_Strcpy(domainOK->name, hn);
    sec_lower_string(domainOK->name);

    /* put at head of list. */
    domainOK->next = cert->domainOK;
    cert->domainOK = domainOK;
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus CERT_AddPermNickname ( CERTCertificate *  cert,
char *  nickname 
)
SECStatus CERT_AddRDN ( CERTName *  name,
CERTRDN *  rdn 
)

Definition at line 407 of file secname.c.

{
    name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
    return name->rdns ? SECSuccess : SECFailure;
}

Here is the call graph for this function:

SEC_BEGIN_PROTOS CERTName* CERT_AsciiToName ( char *  string)

Definition at line 440 of file alg1485.c.

{
    CERTName *name;
    name = ParseRFC1485Name(string, PORT_Strlen(string));
    return name;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_CacheCRL ( CERTCertDBHandle *  dbhandle,
SECItem *  newcrl 
)

Definition at line 2667 of file crl.c.

{
    CRLDPCache* cache = NULL;
    SECStatus rv = SECSuccess;
    PRBool writeLocked = PR_FALSE;
    PRBool readlocked;
    CachedCrl* returned = NULL;
    PRBool added = PR_FALSE;
    CERTSignedCrl* newcrl = NULL;
    int realerror = 0;
    
    if (!dbhandle || !newdercrl)
    {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    /* first decode the DER CRL to make sure it's OK */
    newcrl = CERT_DecodeDERCrlWithFlags(NULL, newdercrl, SEC_CRL_TYPE,
                                        CRL_DECODE_DONT_COPY_DER |
                                        CRL_DECODE_SKIP_ENTRIES);

    if (!newcrl)
    {
        return SECFailure;
    }

    rv = AcquireDPCache(NULL,
                        &newcrl->crl.derName,
                        NULL, 0, NULL, &cache, &writeLocked);
    if (SECSuccess == rv)
    {
        readlocked = (writeLocked == PR_TRUE? PR_FALSE : PR_TRUE);
    
        rv = CachedCrl_Create(&returned, newcrl, CRL_OriginExplicit);
        if (SECSuccess == rv && returned)
        {
            DPCache_LockWrite();
            rv = DPCache_AddCRL(cache, returned, &added);
            if (PR_TRUE != added)
            {
                realerror = PORT_GetError();
                CachedCrl_Destroy(returned);
                returned = NULL;
            }
            DPCache_UnlockWrite();
        }
    
        ReleaseDPCache(cache, writeLocked);
    
        if (!added)
        {
            rv = SECFailure;
        }
    }
    SEC_DestroyCrl(newcrl); /* free the CRL. Either it got added to the cache
        and the refcount got bumped, or not, and thus we need to free its
        RAM */
    if (realerror)
    {
        PORT_SetError(realerror);
    }
    return rv;
}

Here is the call graph for this function:

CERTCertificateList* CERT_CertChainFromCert ( CERTCertificate *  cert,
SECCertUsage  usage,
PRBool  includeRoot 
)

Definition at line 938 of file certhigh.c.

{
    CERTCertificateList *chain = NULL;
    NSSCertificate **stanChain;
    NSSCertificate *stanCert;
    PRArenaPool *arena;
    NSSUsage nssUsage;
    int i, len;
    NSSTrustDomain *td   = STAN_GetDefaultTrustDomain();
    NSSCryptoContext *cc = STAN_GetDefaultCryptoContext();

    stanCert = STAN_GetNSSCertificate(cert);
    nssUsage.anyUsage = PR_FALSE;
    nssUsage.nss3usage = usage;
    nssUsage.nss3lookingForCA = PR_FALSE;
    stanChain = NSSCertificate_BuildChain(stanCert, NULL, &nssUsage, NULL, NULL,
                                     CERT_MAX_CERT_CHAIN, NULL, NULL, td, cc);
    if (!stanChain) {
       PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
       return NULL;
    }

    len = 0;
    stanCert = stanChain[0];
    while (stanCert) {
       stanCert = stanChain[++len];
    }

    arena = PORT_NewArena(4096);
    if (arena == NULL) {
       goto loser;
    }

    chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, 
                                                 sizeof(CERTCertificateList));
    if (!chain) goto loser;
    chain->certs = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
    if (!chain->certs) goto loser;
    i = 0;
    stanCert = stanChain[i];
    while (stanCert) {
       SECItem derCert;
       CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
       if (!cCert) {
           goto loser;
       }
       derCert.len = (unsigned int)stanCert->encoding.size;
       derCert.data = (unsigned char *)stanCert->encoding.data;
       derCert.type = siBuffer;
       SECITEM_CopyItem(arena, &chain->certs[i], &derCert);
       stanCert = stanChain[++i];
       if (!stanCert && !cCert->isRoot) {
           /* reached the end of the chain, but the final cert is
            * not a root.  Don't discard it.
            */
           includeRoot = PR_TRUE;
       }
       CERT_DestroyCertificate(cCert);
    }
    if ( !includeRoot && len > 1) {
       chain->len = len - 1;
    } else {
       chain->len = len;
    }
    
    chain->arena = arena;
    nss_ZFreeIf(stanChain);
    return chain;
loser:
    i = 0;
    stanCert = stanChain[i];
    while (stanCert) {
       CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
       if (cCert) {
           CERT_DestroyCertificate(cCert);
       }
       stanCert = stanChain[++i];
    }
    nss_ZFreeIf(stanChain);
    if (arena) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}

Here is the call graph for this function:

CERTCertificateList* CERT_CertListFromCert ( CERTCertificate *  cert)

Definition at line 1028 of file certhigh.c.

{
    CERTCertificateList *chain = NULL;
    int rv;
    PRArenaPool *arena;

    /* arena for SecCertificateList */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) goto no_memory;

    /* build the CERTCertificateList */
    chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
    if (chain == NULL) goto no_memory;
    chain->certs = (SECItem*)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem));
    if (chain->certs == NULL) goto no_memory;
    rv = SECITEM_CopyItem(arena, chain->certs, &(cert->derCert));
    if (rv < 0) goto loser;
    chain->len = 1;
    chain->arena = arena;

    return chain;

no_memory:
    PORT_SetError(SEC_ERROR_NO_MEMORY);
loser:
    if (arena != NULL) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}

Here is the call graph for this function:

CERTPackageType CERT_CertPackageType ( SECItem *  package,
SECItem *  certitem 
)

Definition at line 183 of file certread.c.

{
    unsigned char *cp;
    unsigned int seqLen, seqLenLen;
    SECItem oiditem;
    SECOidData *oiddata;
    CERTPackageType type = certPackageNone;
    
    cp = package->data;

    /* is a DER encoded certificate of some type? */
    if ( ( *cp  & 0x1f ) == SEC_ASN1_SEQUENCE ) {
       cp++;
       
       if ( *cp & 0x80) {
           /* Multibyte length */
           seqLenLen = cp[0] & 0x7f;
           
           switch (seqLenLen) {
             case 4:
              seqLen = ((unsigned long)cp[1]<<24) |
                  ((unsigned long)cp[2]<<16) | (cp[3]<<8) | cp[4];
              break;
             case 3:
              seqLen = ((unsigned long)cp[1]<<16) | (cp[2]<<8) | cp[3];
              break;
             case 2:
              seqLen = (cp[1]<<8) | cp[2];
              break;
             case 1:
              seqLen = cp[1];
              break;
             default:
              /* indefinite length */
              seqLen = 0;
           }
           cp += ( seqLenLen + 1 );

       } else {
           seqLenLen = 0;
           seqLen = *cp;
           cp++;
       }

       /* check entire length if definite length */
       if ( seqLen || seqLenLen ) {
           if ( package->len != ( seqLen + seqLenLen + 2 ) ) {
              /* not a DER package */
              return(type);
           }
       }
       
       /* check the type string */
       /* netscape wrapped DER cert */
       if ( ( cp[0] == SEC_ASN1_OCTET_STRING ) &&
           ( cp[1] == CERTIFICATE_TYPE_LEN ) &&
           ( PORT_Strcmp((char *)&cp[2], CERTIFICATE_TYPE_STRING) ) ) {
           
           cp += ( CERTIFICATE_TYPE_LEN + 2 );

           /* it had better be a certificate by now!! */
           if ( certitem ) {
              certitem->data = cp;
              certitem->len = package->len -
                  ( cp - (unsigned char *)package->data );
           }
           type = certPackageNSCertWrap;
           
       } else if ( cp[0] == SEC_ASN1_OBJECT_ID ) {
           /* XXX - assume DER encoding of OID len!! */
           oiditem.len = cp[1];
           oiditem.data = (unsigned char *)&cp[2];
           oiddata = SECOID_FindOID(&oiditem);
           if ( oiddata == NULL ) {
              /* failure */
              return(type);
           }

           if ( certitem ) {
              certitem->data = package->data;
              certitem->len = package->len;
           }
           
           switch ( oiddata->offset ) {
             case SEC_OID_PKCS7_SIGNED_DATA:
              type = certPackagePKCS7;
              break;
             case SEC_OID_NS_TYPE_CERT_SEQUENCE:
              type = certPackageNSCertSeq;
              break;
             default:
              break;
           }
           
       } else {
           /* it had better be a certificate by now!! */
           if ( certitem ) {
              certitem->data = package->data;
              certitem->len = package->len;
           }
           
           type = certPackageCert;
       }
    }

    return(type);
}

Here is the call graph for this function:

SECStatus CERT_CertTimesValid ( CERTCertificate *  cert)

Definition at line 59 of file certvfy.c.

Here is the call graph for this function:

SECStatus CERT_ChangeCertTrust ( CERTCertDBHandle *  handle,
CERTCertificate *  cert,
CERTCertTrust *  trust 
)

Definition at line 130 of file stanpcertdb.c.

Here is the call graph for this function:

SECStatus CERT_ChangeCertTrustByUsage ( CERTCertDBHandle *  certdb,
CERTCertificate *  cert,
SECCertUsage  usage 
)
SECStatus CERT_CheckCertUsage ( CERTCertificate *  cert,
unsigned char  usage 
)

Definition at line 374 of file certv3.c.

{
    SECItem keyUsage;
    SECStatus rv;

    /* There is no extension, v1 or v2 certificate */
    if (cert->extensions == NULL) {
       return (SECSuccess);
    }
    
    keyUsage.data = NULL;

    /* This code formerly ignored the Key Usage extension if it was
    ** marked non-critical.  That was wrong.  Since we do understand it,
    ** we are obligated to honor it, whether or not it is critical.
    */
    rv = CERT_FindKeyUsageExtension(cert, &keyUsage);
    if (rv == SECFailure) {
        rv = (PORT_GetError () == SEC_ERROR_EXTENSION_NOT_FOUND) ?
           SECSuccess : SECFailure;
    } else if (!(keyUsage.data[0] & usage)) {
       PORT_SetError (SEC_ERROR_CERT_USAGES_INVALID);
       rv = SECFailure;
    }
    PORT_Free (keyUsage.data);
    return (rv);
}

Here is the call graph for this function:

SECCertTimeValidity CERT_CheckCertValidTimes ( CERTCertificate *  cert,
PRTime  t,
PRBool  allowOverride 
)

Definition at line 1001 of file certdb.c.

{
    PRTime notBefore, notAfter, llPendingSlop, tmp1;
    SECStatus rv;

    if (!c) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return(secCertTimeUndetermined);
    }
    /* if cert is already marked OK, then don't bother to check */
    if ( allowOverride && c->timeOK ) {
       return(secCertTimeValid);
    }

    rv = CERT_GetCertTimes(c, &notBefore, &notAfter);
    
    if (rv) {
       return(secCertTimeExpired); /*XXX is this the right thing to do here?*/
    }
    
    LL_I2L(llPendingSlop, pendingSlop);
    /* convert to micro seconds */
    LL_UI2L(tmp1, PR_USEC_PER_SEC);
    LL_MUL(llPendingSlop, llPendingSlop, tmp1);
    LL_SUB(notBefore, notBefore, llPendingSlop);
    if ( LL_CMP( t, <, notBefore ) ) {
       PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
       return(secCertTimeNotValidYet);
    }
    if ( LL_CMP( t, >, notAfter) ) {
       PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
       return(secCertTimeExpired);
    }

    return(secCertTimeValid);
}

Here is the call graph for this function:

SECStatus CERT_CheckCRL ( CERTCertificate *  cert,
CERTCertificate *  issuer,
SECItem *  dp,
int64  t,
void wincx 
)

Definition at line 2549 of file crl.c.

{
    PRBool lockedwrite = PR_FALSE;
    SECStatus rv = SECSuccess;
    CRLDPCache* dpcache = NULL;
    if (!cert || !issuer)
    {
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
        return SECFailure;
    }

    if (SECSuccess != CERT_CheckCertValidTimes(issuer, t, PR_FALSE))
    {
        /* we won't be able to check the CRL's signature if the issuer cert
           is expired as of the time we are verifying. This may cause a valid
           CRL to be cached as bad. short-circuit to avoid this case. */
        PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
        return SECFailure;
    }

    rv = AcquireDPCache(issuer, &issuer->derSubject, dp, t, wincx, &dpcache,
                        &lockedwrite);
    
    if (SECSuccess == rv)
    {
        /* now look up the certificate SN in the DP cache's CRL */
        CERTCrlEntry* entry = NULL;
        rv = DPCache_Lookup(dpcache, &cert->serialNumber, &entry);
        if (SECSuccess == rv && entry)
        {
            /* check the time if we have one */
            if (entry->revocationDate.data && entry->revocationDate.len)
            {
                int64 revocationDate = 0;
                if (SECSuccess == DER_DecodeTimeChoice(&revocationDate,
                                               &entry->revocationDate))
                {
                    /* we got a good revocation date, only consider the
                       certificate revoked if the time we are inquiring about
                       is past the revocation date */
                    if (t>=revocationDate)
                    {
                        rv = SECFailure;
                    }
                } else {
                    /* invalid revocation date, consider the certificate
                       permanently revoked */
                    rv = SECFailure;
                }
            } else {
                /* no revocation date, certificate is permanently revoked */
                rv = SECFailure;
            }
            if (SECFailure == rv)
            {
                PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
            }
        }
    }

    ReleaseDPCache(dpcache, lockedwrite);
    return rv;
}

Here is the call graph for this function:

SECStatus CERT_CheckForEvilCert ( CERTCertificate *  cert)
SECStatus CERT_CheckKeyUsage ( CERTCertificate *  cert,
unsigned int  requiredUsage 
)

Definition at line 1228 of file certdb.c.

{
    unsigned int certKeyUsage;

    if (!cert) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    /* choose between key agreement or key encipherment based on key
     * type in cert
     */
    if ( requiredUsage & KU_KEY_AGREEMENT_OR_ENCIPHERMENT ) {
       KeyType keyType = CERT_GetCertKeyType(&cert->subjectPublicKeyInfo);
       /* turn off the special bit */
       requiredUsage &= (~KU_KEY_AGREEMENT_OR_ENCIPHERMENT);

       switch (keyType) {
       case rsaKey:
           requiredUsage |= KU_KEY_ENCIPHERMENT;
           break;
       case dsaKey:
           requiredUsage |= KU_DIGITAL_SIGNATURE;
           break;
       case fortezzaKey:
       case keaKey:
       case dhKey:
           requiredUsage |= KU_KEY_AGREEMENT;
           break;
       case ecKey:
           /* Accept either signature or agreement. */
           if (!(cert->keyUsage & (KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)))
               goto loser;
           break;
       default:
           goto loser;
       }
    }

    certKeyUsage = cert->keyUsage;
    if (certKeyUsage & KU_NON_REPUDIATION)
        certKeyUsage |= KU_DIGITAL_SIGNATURE;
    if ( (certKeyUsage & requiredUsage) == requiredUsage ) 
       return SECSuccess;

loser:
    PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
    return SECFailure;
}

Here is the call graph for this function:

SECComparison CERT_CompareAVA ( const CERTAVA *  a,
const CERTAVA *  b 
)

Definition at line 506 of file secname.c.

{
    SECComparison rv;

    rv = SECITEM_CompareItem(&a->type, &b->type);
    if (SECEqual != rv)
       return rv;  /* Attribute types don't match. */
    /* Let's be optimistic.  Maybe the values will just compare equal. */
    rv = SECITEM_CompareItem(&a->value, &b->value);
    if (SECEqual == rv)
        return rv;  /* values compared exactly. */
    if (a->value.len && a->value.data && b->value.len && b->value.data) {
       /* Here, the values did not match.  
       ** If the values had different encodings, convert them to the same
       ** encoding and compare that way.
       */
       if (a->value.data[0] != b->value.data[0]) {
           /* encodings differ.  Convert both to UTF-8 and compare. */
           SECItem * aVal = CERT_DecodeAVAValue(&a->value);
           SECItem * bVal = CERT_DecodeAVAValue(&b->value);
           if (aVal && aVal->len && aVal->data &&
               bVal && bVal->len && bVal->data) {
              rv = SECITEM_CompareItem(aVal, bVal);
           }
           SECITEM_FreeItem(aVal, PR_TRUE);
           SECITEM_FreeItem(bVal, PR_TRUE);
       } else if (a->value.data[0] == 0x13) { /* both are printable strings. */
           /* printable strings */
           rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
       }
    }
    return rv;
}

Here is the call graph for this function:

PRBool CERT_CompareCerts ( CERTCertificate *  c1,
CERTCertificate *  c2 
)

Definition at line 1555 of file certdb.c.

{
    SECComparison comp;
    
    comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
    if ( comp == SECEqual ) { /* certs are the same */
       return(PR_TRUE);
    } else {
       return(PR_FALSE);
    }
}

Here is the call graph for this function:

PRBool CERT_CompareCertsForRedirection ( CERTCertificate *  c1,
CERTCertificate *  c2 
)

Definition at line 1585 of file certdb.c.

{
    SECComparison comp;
    char *c1str, *c2str;
    SECStatus eq;
    
    comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
    if ( comp == SECEqual ) { /* certs are the same */
       return(PR_TRUE);
    }
       
    /* check if they are issued by the same CA */
    comp = SECITEM_CompareItem(&c1->derIssuer, &c2->derIssuer);
    if ( comp != SECEqual ) { /* different issuer */
       return(PR_FALSE);
    }

    /* check country name */
    c1str = CERT_GetCountryName(&c1->subject);
    c2str = CERT_GetCountryName(&c2->subject);
    eq = StringsEqual(c1str, c2str);
    PORT_Free(c1str);
    PORT_Free(c2str);
    if ( eq != SECSuccess ) {
       return(PR_FALSE);
    }

    /* check locality name */
    c1str = CERT_GetLocalityName(&c1->subject);
    c2str = CERT_GetLocalityName(&c2->subject);
    eq = StringsEqual(c1str, c2str);
    PORT_Free(c1str);
    PORT_Free(c2str);
    if ( eq != SECSuccess ) {
       return(PR_FALSE);
    }
       
    /* check state name */
    c1str = CERT_GetStateName(&c1->subject);
    c2str = CERT_GetStateName(&c2->subject);
    eq = StringsEqual(c1str, c2str);
    PORT_Free(c1str);
    PORT_Free(c2str);
    if ( eq != SECSuccess ) {
       return(PR_FALSE);
    }

    /* check org name */
    c1str = CERT_GetOrgName(&c1->subject);
    c2str = CERT_GetOrgName(&c2->subject);
    eq = StringsEqual(c1str, c2str);
    PORT_Free(c1str);
    PORT_Free(c2str);
    if ( eq != SECSuccess ) {
       return(PR_FALSE);
    }

#ifdef NOTDEF 
    /* check orgUnit name */
    /*
     * We need to revisit this and decide which fields should be allowed to be
     * different
     */
    c1str = CERT_GetOrgUnitName(&c1->subject);
    c2str = CERT_GetOrgUnitName(&c2->subject);
    eq = StringsEqual(c1str, c2str);
    PORT_Free(c1str);
    PORT_Free(c2str);
    if ( eq != SECSuccess ) {
       return(PR_FALSE);
    }
#endif

    return(PR_TRUE); /* all fields but common name are the same */
}

Here is the call graph for this function:

SECComparison CERT_CompareName ( CERTName *  a,
CERTName *  b 
)

Definition at line 573 of file secname.c.

{
    CERTRDN **ardns, *ardn;
    CERTRDN **brdns, *brdn;
    int ac, bc;
    SECComparison rv = SECEqual;

    ardns = a->rdns;
    brdns = b->rdns;

    /*
    ** Make sure array of rdn's are the same length. If not, then we are
    ** not equal
    */
    ac = CountArray((void**) ardns);
    bc = CountArray((void**) brdns);
    if (ac < bc) return SECLessThan;
    if (ac > bc) return SECGreaterThan;

    for (;;) {
       ardn = *ardns++;
       brdn = *brdns++;
       if (!ardn) {
           break;
       }
       rv = CERT_CompareRDN(ardn, brdn);
       if (rv) return rv;
    }
    return rv;
}

Here is the call graph for this function:

SECComparison CERT_CompareRDN ( CERTRDN *  a,
CERTRDN *  b 
)

Definition at line 541 of file secname.c.

{
    CERTAVA **aavas, *aava;
    CERTAVA **bavas, *bava;
    int ac, bc;
    SECComparison rv = SECEqual;

    aavas = a->avas;
    bavas = b->avas;

    /*
    ** Make sure array of ava's are the same length. If not, then we are
    ** not equal
    */
    ac = CountArray((void**) aavas);
    bc = CountArray((void**) bavas);
    if (ac < bc) return SECLessThan;
    if (ac > bc) return SECGreaterThan;

    for (;;) {
       aava = *aavas++;
       bava = *bavas++;
       if (!aava) {
           break;
       }
       rv = CERT_CompareAVA(aava, bava);
       if (rv) return rv;
    }
    return rv;
}

Here is the call graph for this function:

SECStatus CERT_CompleteCRLDecodeEntries ( CERTSignedCrl *  crl)

Definition at line 405 of file crl.c.

{
    SECStatus rv = SECSuccess;
    SECItem* crldata = NULL;
    OpaqueCRLFields* extended = NULL;

    if ( (!crl) ||
         (!(extended = (OpaqueCRLFields*) crl->opaque)) ||
         (PR_TRUE == extended->decodingError) ) {
        rv = SECFailure;
    } else {
        if (PR_FALSE == extended->partial) {
            /* the CRL has already been fully decoded */
            return SECSuccess;
        }
        if (PR_TRUE == extended->badEntries) {
            /* the entries decoding already failed */
            return SECFailure;
        }
        crldata = &crl->signatureWrap.data;
        if (!crldata) {
            rv = SECFailure;
        }
    }

    if (SECSuccess == rv) {
        rv = SEC_QuickDERDecodeItem(crl->arena,
            &crl->crl,
            CERT_CrlTemplateEntriesOnly,
            crldata);
        if (SECSuccess == rv) {
            extended->partial = PR_FALSE; /* successful decode, avoid
                decoding again */
        } else {
            extended->decodingError = PR_TRUE;
            extended->badEntries = PR_TRUE;
            /* cache the decoding failure. If it fails the first time,
               it will fail again, which will grow the arena and leak
               memory, so we want to avoid it */
        }
        rv = cert_check_crl_entries(&crl->crl);
        if (rv != SECSuccess) {
            extended->badExtensions = PR_TRUE;
        }
    }
    return rv;
}

Here is the call graph for this function:

CERTCertificate* CERT_ConvertAndDecodeCertificate ( char *  certstr)

Definition at line 159 of file certread.c.

{
    CERTCertificate *cert;
    SECStatus rv;
    SECItem der;

    rv = ATOB_ConvertAsciiToItem(&der, certstr);
    if (rv != SECSuccess)
       return NULL;

    cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), 
                                   &der, NULL, PR_FALSE, PR_TRUE);

    PORT_Free(der.data);
    return cert;
}

Here is the call graph for this function:

CERTAVA* CERT_CopyAVA ( PRArenaPool arena,
CERTAVA *  src 
)

Definition at line 226 of file secname.c.

{
    CERTAVA *ava;
    int rv;

    ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
    if (ava) {
       rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
       if (rv) goto loser;
       rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
       if (rv) goto loser;
    }
    return ava;

  loser:
    return 0;
}

Here is the call graph for this function:

SECStatus CERT_CopyName ( PRArenaPool arena,
CERTName *  dest,
CERTName *  src 
)

Definition at line 414 of file secname.c.

{
    CERTRDN **rdns, *frdn, *trdn;
    SECStatus rv = SECSuccess;

    if (!to || !from) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }

    CERT_DestroyName(to);
    to->arena = arena;

    /* Copy each rdn from from */
    rdns = from->rdns;
    if (rdns) {
       if (rdns[0] == NULL) {
           rv = CERT_AddRDN(to, NULL);
           return rv;
       }
       while ((frdn = *rdns++) != NULL) {
           trdn = CERT_CreateRDN(arena, 0);
           if (!trdn) {
              rv = SECFailure;
              break;
           }
           rv = CERT_CopyRDN(arena, trdn, frdn);
           if (rv != SECSuccess) 
               break;
           rv = CERT_AddRDN(to, trdn);
           if (rv != SECSuccess) 
               break;
       }
    }
    return rv;
}

Here is the call graph for this function:

SECStatus CERT_CopyRDN ( PRArenaPool arena,
CERTRDN *  dest,
CERTRDN *  src 
)

Definition at line 301 of file secname.c.

{
    CERTAVA **avas, *fava, *tava;
    SECStatus rv = SECSuccess;

    /* Copy each ava from from */
    avas = from->avas;
    if (avas) {
       if (avas[0] == NULL) {
           rv = CERT_AddAVA(arena, to, NULL);
           return rv;
       }
       while ((fava = *avas++) != 0) {
           tava = CERT_CopyAVA(arena, fava);
           if (!tava) {
              rv = SECFailure;
              break;
           }
           rv = CERT_AddAVA(arena, to, tava);
           if (rv != SECSuccess) 
              break;
       }
    }
    return rv;
}

Here is the call graph for this function:

SECStatus CERT_CopyValidity ( PRArenaPool arena,
CERTValidity *  dest,
CERTValidity *  src 
)

Definition at line 145 of file sectime.c.

{
    SECStatus rv;

    CERT_DestroyValidity(to);
    to->arena = arena;
    
    rv = SECITEM_CopyItem(arena, &to->notBefore, &from->notBefore);
    if (rv) return rv;
    rv = SECITEM_CopyItem(arena, &to->notAfter, &from->notAfter);
    return rv;
}

Here is the call graph for this function:

CERTAVA* CERT_CreateAVA ( PRArenaPool arena,
SECOidTag  kind,
int  valueType,
char *  value 
)

Definition at line 203 of file secname.c.

{
    CERTAVA *ava;
    int rv;
    unsigned maxLen;

    ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
    if (ava) {
       rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
       if (rv) {
           /* Illegal AVA type */
           return 0;
       }
       rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
       if (rv) {
           /* Illegal value type */
           return 0;
       }
    }
    return ava;
}

Here is the call graph for this function:

CERTCertificate* CERT_CreateCertificate ( unsigned long  serialNumber,
CERTName *  issuer,
CERTValidity *  validity,
CERTCertificateRequest *  req 
)

Definition at line 78 of file certreq.c.

{
    CERTCertificate *c;
    int rv;
    PRArenaPool *arena;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( !arena ) {
       return(0);
    }

    c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
    
    if (c) {
       c->referenceCount = 1;
       c->arena = arena;

       /*
        * Default is a plain version 1.
        * If extensions are added, it will get changed as appropriate.
        */
       rv = DER_SetUInteger(arena, &c->version, SEC_CERTIFICATE_VERSION_1);
       if (rv) goto loser;

       rv = DER_SetUInteger(arena, &c->serialNumber, serialNumber);
       if (rv) goto loser;

       rv = CERT_CopyName(arena, &c->issuer, issuer);
       if (rv) goto loser;

       rv = CERT_CopyValidity(arena, &c->validity, validity);
       if (rv) goto loser;

       rv = CERT_CopyName(arena, &c->subject, &req->subject);
       if (rv) goto loser;
       rv = SECKEY_CopySubjectPublicKeyInfo(arena, &c->subjectPublicKeyInfo,
                                     &req->subjectPublicKeyInfo);
       if (rv) goto loser;
    }
    return c;

  loser:
    CERT_DestroyCertificate(c);
    return 0;
}

Here is the call graph for this function:

CERTCertificateRequest* CERT_CreateCertificateRequest ( CERTName *  name,
CERTSubjectPublicKeyInfo *  spki,
SECItem **  attributes 
)

Definition at line 148 of file certreq.c.

{
    CERTCertificateRequest *certreq;
    PRArenaPool *arena;
    CERTAttribute * attribute;
    SECOidData * oidData;
    SECStatus rv;
    int i = 0;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       return NULL;
    }
    
    certreq = PORT_ArenaZNew(arena, CERTCertificateRequest);
    if (!certreq) {
       PORT_FreeArena(arena, PR_FALSE);
       return NULL;
    }
    /* below here it is safe to goto loser */

    certreq->arena = arena;
    
    rv = DER_SetUInteger(arena, &certreq->version,
                      SEC_CERTIFICATE_REQUEST_VERSION);
    if (rv != SECSuccess)
       goto loser;

    rv = CERT_CopyName(arena, &certreq->subject, subject);
    if (rv != SECSuccess)
       goto loser;

    rv = SECKEY_CopySubjectPublicKeyInfo(arena,
                                  &certreq->subjectPublicKeyInfo,
                                  spki);
    if (rv != SECSuccess)
       goto loser;

    certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute*, 2);
    if(!certreq->attributes) 
       goto loser;

    /* Copy over attribute information */
    if (!attributes || !attributes[0]) {
       /*
        ** Invent empty attribute information. According to the
        ** pkcs#10 spec, attributes has this ASN.1 type:
        **
        ** attributes [0] IMPLICIT Attributes
        ** 
        ** Which means, we should create a NULL terminated list
        ** with the first entry being NULL;
        */
       certreq->attributes[0] = NULL;
       return certreq;
    }  

    /* allocate space for attributes */
    attribute = PORT_ArenaZNew(arena, CERTAttribute);
    if (!attribute) 
       goto loser;

    oidData = SECOID_FindOIDByTag( SEC_OID_PKCS9_EXTENSION_REQUEST );
    PORT_Assert(oidData);
    if (!oidData)
       goto loser;
    rv = SECITEM_CopyItem(arena, &attribute->attrType, &oidData->oid);
    if (rv != SECSuccess)
       goto loser;

    for (i = 0; attributes[i] != NULL ; i++) 
       ;
    attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i+1);
    if (!attribute->attrValue) 
       goto loser;

    /* copy attributes */
    for (i = 0; attributes[i]; i++) {
       /*
       ** Attributes are a SetOf Attribute which implies
       ** lexigraphical ordering.  It is assumes that the
       ** attributes are passed in sorted.  If we need to
       ** add functionality to sort them, there is an
       ** example in the PKCS 7 code.
       */
       attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]);
       if(!attribute->attrValue[i]) 
           goto loser;
    }

    certreq->attributes[0] = attribute;

    return certreq;

loser:
    CERT_DestroyCertificateRequest(certreq);
    return NULL;
}

Here is the call graph for this function:

CERTCertList* CERT_CreateEmailAddrCertList ( CERTCertList *  certList,
CERTCertDBHandle *  handle,
char *  emailAddr,
int64  sorttime,
PRBool  validOnly 
)
CERTName* CERT_CreateName ( CERTRDN *  rdn,
  ... 
)

Definition at line 337 of file secname.c.

{
    CERTRDN *rdn;
    CERTName *name;
    va_list ap;
    unsigned count;
    CERTRDN **rdnp;
    PRArenaPool *arena;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( !arena ) {
       return(0);
    }
    
    name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName));
    if (name) {
       name->arena = arena;
       
       /* Count number of RDNs going into the Name */
       if (!rdn0) {
           count = 0;
       } else {
           count = 1;
           va_start(ap, rdn0);
           while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
              count++;
           }
           va_end(ap);
       }

       /* Allocate space (including space for terminal null ptr) */
       name->rdns = rdnp =
           (CERTRDN**) PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN*));
       if (!name->rdns) {
           goto loser;
       }

       /* Now fill in the pointers */
       if (count > 0) {
           *rdnp++ = rdn0;
           va_start(ap, rdn0);
           while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
              *rdnp++ = rdn;
           }
           va_end(ap);
       }

       /* null terminate the list */
       *rdnp++ = 0;
    }
    return name;

loser:
    PORT_FreeArena(arena, PR_FALSE);
    return(0);
}

Here is the call graph for this function:

CERTCertList* CERT_CreateNicknameCertList ( CERTCertList *  certList,
CERTCertDBHandle *  handle,
char *  nickname,
int64  sorttime,
PRBool  validOnly 
)
CERTRDN* CERT_CreateRDN ( PRArenaPool arena,
CERTAVA *  avas,
  ... 
)

Definition at line 253 of file secname.c.

{
    CERTAVA *ava;
    CERTRDN *rdn;
    va_list ap;
    unsigned count;
    CERTAVA **avap;

    rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN));
    if (rdn) {
       /* Count number of avas going into the rdn */
       count = 0;
       if (ava0) {
           count++;
           va_start(ap, ava0);
           while ((ava = va_arg(ap, CERTAVA*)) != 0) {
              count++;
           }
           va_end(ap);
       }

       /* Now fill in the pointers */
       rdn->avas = avap =
           (CERTAVA**) PORT_ArenaAlloc( arena, (count + 1)*sizeof(CERTAVA*));
       if (!avap) {
           return 0;
       }
       if (ava0) {
           *avap++ = ava0;
           va_start(ap, ava0);
           while ((ava = va_arg(ap, CERTAVA*)) != 0) {
              *avap++ = ava;
           }
           va_end(ap);
       }
       *avap++ = 0;
    }
    return rdn;
}

Here is the call graph for this function:

CERTCertList* CERT_CreateSubjectCertList ( CERTCertList *  certList,
CERTCertDBHandle *  handle,
SECItem *  name,
int64  sorttime,
PRBool  validOnly 
)

Definition at line 527 of file stanpcertdb.c.

{
    NSSCryptoContext *cc;
    NSSCertificate **tSubjectCerts, **pSubjectCerts;
    NSSCertificate **ci;
    CERTCertificate *cert;
    NSSDER subject;
    PRBool myList = PR_FALSE;
    cc = STAN_GetDefaultCryptoContext();
    NSSITEM_FROM_SECITEM(&subject, name);
    /* Collect both temp and perm certs for the subject */
    tSubjectCerts = NSSCryptoContext_FindCertificatesBySubject(cc,
                                                               &subject,
                                                               NULL,
                                                               0,
                                                               NULL);
    pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle,
                                                             &subject,
                                                             NULL,
                                                             0,
                                                             NULL);
    if (!tSubjectCerts && !pSubjectCerts) {
       return NULL;
    }
    if (certList == NULL) {
       certList = CERT_NewCertList();
       myList = PR_TRUE;
       if (!certList) goto loser;
    }
    /* Iterate over the matching temp certs.  Add them to the list */
    ci = tSubjectCerts;
    while (ci && *ci) {
       cert = STAN_GetCERTCertificateOrRelease(*ci);
       /* *ci may be invalid at this point, don't reference it again */
        if (cert) {
           /* NOTE: add_to_subject_list adopts the incoming cert. */
           add_to_subject_list(certList, cert, validOnly, sorttime);
        }
       ci++;
    }
    /* Iterate over the matching perm certs.  Add them to the list */
    ci = pSubjectCerts;
    while (ci && *ci) {
       cert = STAN_GetCERTCertificateOrRelease(*ci);
       /* *ci may be invalid at this point, don't reference it again */
        if (cert) {
           /* NOTE: add_to_subject_list adopts the incoming cert. */
           add_to_subject_list(certList, cert, validOnly, sorttime);
        }
       ci++;
    }
    /* all the references have been adopted or freed at this point, just
     * free the arrays now */
    nss_ZFreeIf(tSubjectCerts);
    nss_ZFreeIf(pSubjectCerts);
    return certList;
loser:
    /* need to free the references in tSubjectCerts and pSubjectCerts! */
    nssCertificateArray_Destroy(tSubjectCerts);
    nssCertificateArray_Destroy(pSubjectCerts);
    if (myList && certList != NULL) {
       CERT_DestroyCertList(certList);
    }
    return NULL;
}

Here is the call graph for this function:

CERTValidity* CERT_CreateValidity ( int64  notBefore,
int64  notAfter 
)

Definition at line 113 of file sectime.c.

{
    CERTValidity *v;
    int rv;
    PRArenaPool *arena;

    if (notBefore > notAfter) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( !arena ) {
       return(0);
    }
    
    v = (CERTValidity*) PORT_ArenaZAlloc(arena, sizeof(CERTValidity));
    if (v) {
       v->arena = arena;
       rv = DER_EncodeTimeChoice(arena, &v->notBefore, notBefore);
       if (rv) goto loser;
       rv = DER_EncodeTimeChoice(arena, &v->notAfter, notAfter);
       if (rv) goto loser;
    }
    return v;

  loser:
    CERT_DestroyValidity(v);
    return 0;
}

Here is the call graph for this function:

void CERT_CRLCacheRefreshIssuer ( CERTCertDBHandle *  dbhandle,
SECItem *  crlKey 
)

Definition at line 2641 of file crl.c.

{
    CRLDPCache* cache = NULL;
    SECStatus rv = SECSuccess;
    PRBool writeLocked = PR_FALSE;
    PRBool readlocked;

    (void) dbhandle; /* silence compiler warnings */

    /* XCRL we will need to refresh all the DPs of the issuer in the future,
            not just the default one */
    rv = AcquireDPCache(NULL, crlKey, NULL, 0, NULL, &cache, &writeLocked);
    if (SECSuccess != rv)
    {
        return;
    }
    /* we need to invalidate the DPCache here */
    readlocked = (writeLocked == PR_TRUE? PR_FALSE : PR_TRUE);
    DPCache_LockWrite();
    cache->refresh = PR_TRUE;
    DPCache_UnlockWrite();
    ReleaseDPCache(cache, writeLocked);
    return;
}

Here is the call graph for this function:

CERTGeneralName* CERT_DecodeAltNameExtension ( PRArenaPool arena,
SECItem *  EncodedAltName 
)

Definition at line 208 of file xconst.c.

{
    SECStatus              rv = SECSuccess;
    CERTAltNameEncodedContext  encodedContext;

    encodedContext.encodedGenName = NULL;
    PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext));
    rv = SEC_ASN1DecodeItem (arena, &encodedContext, CERT_GeneralNamesTemplate,
                          EncodedAltName);
    if (rv == SECFailure) {
       goto loser;
    }
    if (encodedContext.encodedGenName && encodedContext.encodedGenName[0])
       return cert_DecodeGeneralNames(arena, encodedContext.encodedGenName);
    /* Extension contained an empty GeneralNames sequence */
    /* Treat as extension not found */
    PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
loser:
    return NULL;
}

Here is the call graph for this function:

CERTAuthInfoAccess** CERT_DecodeAuthInfoAccessExtension ( PRArenaPool arena,
SECItem *  encodedExtension 
)

Definition at line 251 of file xconst.c.

{
    CERTAuthInfoAccess **info = NULL;
    SECStatus rv;
    int i;

    rv = SEC_ASN1DecodeItem(arena, &info, CERTAuthInfoAccessTemplate, 
                         encodedExtension);
    if (rv != SECSuccess || info == NULL) {
       return NULL;
    }

    for (i = 0; info[i] != NULL; i++) {
       info[i]->location = CERT_DecodeGeneralName(arena,
                                             &(info[i]->derLocation),
                                             NULL);
    }
    return info;
}

Here is the call graph for this function:

CERTAuthKeyID* CERT_DecodeAuthKeyID ( PRArenaPool arena,
SECItem *  encodedValue 
)

Definition at line 111 of file xauthkid.c.

{
    CERTAuthKeyID * value = NULL;
    SECStatus       rv    = SECFailure;
    void *          mark;
    SECItem         newEncodedValue;

    PORT_Assert (arena);
   
    do {
       mark = PORT_ArenaMark (arena);
       value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value));
       if (value == NULL)
           break;
       value->DERAuthCertIssuer = NULL;
        /* copy the DER into the arena, since Quick DER returns data that points
           into the DER input, which may get freed by the caller */
        rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
        if ( rv != SECSuccess ) {
           break;
        }

        rv = SEC_QuickDERDecodeItem
            (arena, value, CERTAuthKeyIDTemplate, &newEncodedValue);
       if (rv != SECSuccess)
           break;

        value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer);
       if (value->authCertIssuer == NULL)
           break;
       
       /* what if the general name contains other format but not URI ?
          hl
        */
       if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
           (!value->authCertSerialNumber.data && value->authCertIssuer)){
           PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
           break;
       }
    } while (0);

    if (rv != SECSuccess) {
       PORT_ArenaRelease (arena, mark);
       return ((CERTAuthKeyID *)NULL);        
    } 
    PORT_ArenaUnmark(arena, mark);
    return (value);
}

Here is the call graph for this function:

SECItem* CERT_DecodeAVAValue ( const SECItem *  derAVAValue)

Definition at line 606 of file secname.c.

{
          SECItem          *retItem; 
    const SEC_ASN1Template *theTemplate       = NULL;
          enum { conv_none, conv_ucs4, conv_ucs2, conv_iso88591 } convert = conv_none;
          SECItem           avaValue          = {siBuffer, 0}; 
          PLArenaPool      *newarena          = NULL;

    if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) {
       return NULL;
    }

    switch(derAVAValue->data[0]) {
       case SEC_ASN1_UNIVERSAL_STRING:
           convert = conv_ucs4;
           theTemplate = SEC_UniversalStringTemplate;
           break;
       case SEC_ASN1_IA5_STRING:
           theTemplate = SEC_IA5StringTemplate;
           break;
       case SEC_ASN1_PRINTABLE_STRING:
           theTemplate = SEC_PrintableStringTemplate;
           break;
       case SEC_ASN1_T61_STRING:
           /*
            * Per common practice, we're not decoding actual T.61, but instead
            * treating T61-labeled strings as containing ISO-8859-1.
            */
           convert = conv_iso88591;
           theTemplate = SEC_T61StringTemplate;
           break;
       case SEC_ASN1_BMP_STRING:
           convert = conv_ucs2;
           theTemplate = SEC_BMPStringTemplate;
           break;
       case SEC_ASN1_UTF8_STRING:
           /* No conversion needed ! */
           theTemplate = SEC_UTF8StringTemplate;
           break;
       default:
           return NULL;
    }

    PORT_Memset(&avaValue, 0, sizeof(SECItem));
    newarena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (!newarena) {
        return NULL;
    }
    if(SEC_QuickDERDecodeItem(newarena, &avaValue, theTemplate, derAVAValue) 
                            != SECSuccess) {
       PORT_FreeArena(newarena, PR_FALSE);
       return NULL;
    }

    if (convert != conv_none) {
       unsigned int   utf8ValLen = avaValue.len * 3;
       unsigned char *utf8Val    = (unsigned char*)
                                PORT_ArenaZAlloc(newarena, utf8ValLen);

        switch (convert) {
        case conv_ucs4:
           if(avaValue.len % 4 != 0 ||
              !PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
                                   utf8Val, utf8ValLen, &utf8ValLen)) {
                PORT_FreeArena(newarena, PR_FALSE);
                PORT_SetError(SEC_ERROR_INVALID_AVA);
              return NULL;
          }
          break;
       case conv_ucs2:
           if(avaValue.len % 2 != 0 ||
              !PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
                                   utf8Val, utf8ValLen, &utf8ValLen)) {
                PORT_FreeArena(newarena, PR_FALSE);
                PORT_SetError(SEC_ERROR_INVALID_AVA);
              return NULL;
          }
          break;
       case conv_iso88591:
           if(!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
                                   utf8Val, utf8ValLen, &utf8ValLen)) {
                PORT_FreeArena(newarena, PR_FALSE);
                PORT_SetError(SEC_ERROR_INVALID_AVA);
              return NULL;
          }
          break;
       case conv_none:
          PORT_Assert(0); /* not reached */
          break;
       }
         
       avaValue.data = utf8Val;
       avaValue.len = utf8ValLen;
    }

    retItem = SECITEM_DupItem(&avaValue);
    PORT_FreeArena(newarena, PR_FALSE);
    return retItem;
}

Here is the call graph for this function:

SECStatus CERT_DecodeBasicConstraintValue ( CERTBasicConstraints *  value,
SECItem *  encodedValue 
)

Definition at line 123 of file xbsconst.c.

{
    EncodedContext decodeContext;
    PRArenaPool *our_pool;
    SECStatus rv = SECSuccess;

    do {
       PORT_Memset (&decodeContext, 0, sizeof (decodeContext));
       /* initialize the value just in case we got "0x30 00", or when the
          pathLenConstraint is omitted.
         */
       decodeContext.isCA.data =&hexFalse;
       decodeContext.isCA.len = 1;
       
       our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
       if (our_pool == NULL) {
           PORT_SetError (SEC_ERROR_NO_MEMORY);
           GEN_BREAK (SECFailure);
       }

        rv = SEC_QuickDERDecodeItem
            (our_pool, &decodeContext, CERTBasicConstraintsTemplate, encodedValue);
       if (rv == SECFailure)
           break;
       
       value->isCA = decodeContext.isCA.data 
                     ? (PRBool)(decodeContext.isCA.data[0] != 0)
                    : PR_FALSE;
       if (decodeContext.pathLenConstraint.data == NULL) {
           /* if the pathLenConstraint is not encoded, and the current setting
             is CA, then the pathLenConstraint should be set to a negative number
             for unlimited certificate path.
            */
           if (value->isCA)
              value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
       } else if (value->isCA) {
           long len = DER_GetInteger (&decodeContext.pathLenConstraint);
           if (len < 0 || len == LONG_MAX) {
              PORT_SetError (SEC_ERROR_BAD_DER);
              GEN_BREAK (SECFailure);
           }
           value->pathLenConstraint = len;
       } else {
           /* here we get an error where the subject is not a CA, but
              the pathLenConstraint is set */
           PORT_SetError (SEC_ERROR_BAD_DER);
           GEN_BREAK (SECFailure);
           break;
       }
        
    } while (0);
    PORT_FreeArena (our_pool, PR_FALSE);
    return (rv);

}

Here is the call graph for this function:

CERTCertificate* CERT_DecodeCertFromPackage ( char *  certbuf,
int  certlen 
)

Definition at line 539 of file certread.c.

{
    collect_args collectArgs;
    SECStatus rv;
    CERTCertificate *cert = NULL;
    
    collectArgs.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    rv = CERT_DecodeCertPackage(certbuf, certlen, collect_certs,
                            (void *)&collectArgs);
    if ( rv == SECSuccess ) {
       cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
                                      &collectArgs.cert, NULL, 
                                      PR_FALSE, PR_TRUE);
    }
    
    PORT_FreeArena(collectArgs.arena, PR_FALSE);
    
    return(cert);
}

Here is the call graph for this function:

CERTCertificate* CERT_DecodeCertificate ( SECItem *  derCert,
char *  nickname,
PRBool  copyDER 
)

Definition at line 137 of file polcyxtn.c.

{
    PRArenaPool *arena = NULL;
    SECStatus rv;
    CERTCertificatePolicies *policies;
    CERTPolicyInfo **policyInfos, *policyInfo;
    CERTPolicyQualifier **policyQualifiers, *policyQualifier;
    SECItem newExtnValue;
    
    /* make a new arena */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( !arena ) {
       goto loser;
    }

    /* allocate the certifiate policies structure */
    policies = (CERTCertificatePolicies *)
       PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicies));
    
    if ( policies == NULL ) {
       goto loser;
    }
    
    policies->arena = arena;

    /* copy the DER into the arena, since Quick DER returns data that points
       into the DER input, which may get freed by the caller */
    rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* decode the policy info */
    rv = SEC_QuickDERDecodeItem(arena, policies, CERT_CertificatePoliciesTemplate,
                         &newExtnValue);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* initialize the oid tags */
    policyInfos = policies->policyInfos;
    while (*policyInfos != NULL ) {
       policyInfo = *policyInfos;
       policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
       policyQualifiers = policyInfo->policyQualifiers;
       while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
           policyQualifier = *policyQualifiers;
           policyQualifier->oid =
              SECOID_FindOIDTag(&policyQualifier->qualifierID);
           policyQualifiers++;
       }
       policyInfos++;
    }

    return(policies);
    
loser:
    if ( arena != NULL ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

SECStatus CERT_DecodeCertPackage ( char *  certbuf,
int  certlen,
CERTImportCertificateFunc  f,
void arg 
)

Definition at line 295 of file certread.c.

{
    unsigned char *cp;
    unsigned char *bincert = NULL;
    char *         ascCert = NULL;
    SECStatus      rv;
    
    if ( certbuf == NULL ) {
       return(SECFailure);
    }
    
    cp = (unsigned char *)certbuf;

    /* is a DER encoded certificate of some type? */
    if ( ( *cp  & 0x1f ) == SEC_ASN1_SEQUENCE ) {
       SECItem certitem;
       SECItem *pcertitem = &certitem;
       int seqLen, seqLenLen;

       cp++;
       
       if ( *cp & 0x80) {
           /* Multibyte length */
           seqLenLen = cp[0] & 0x7f;
           
           switch (seqLenLen) {
             case 4:
              seqLen = ((unsigned long)cp[1]<<24) |
                  ((unsigned long)cp[2]<<16) | (cp[3]<<8) | cp[4];
              break;
             case 3:
              seqLen = ((unsigned long)cp[1]<<16) | (cp[2]<<8) | cp[3];
              break;
             case 2:
              seqLen = (cp[1]<<8) | cp[2];
              break;
             case 1:
              seqLen = cp[1];
              break;
             default:
              /* indefinite length */
              seqLen = 0;
           }
           cp += ( seqLenLen + 1 );

       } else {
           seqLenLen = 0;
           seqLen = *cp;
           cp++;
       }

       /* check entire length if definite length */
       if ( seqLen || seqLenLen ) {
           if ( certlen != ( seqLen + seqLenLen + 2 ) ) {
              if (certlen > ( seqLen + seqLenLen + 2 ))
                  PORT_SetError(SEC_ERROR_EXTRA_INPUT);
              else 
                  PORT_SetError(SEC_ERROR_INPUT_LEN);
              goto notder;
           }
       }
       
       /* check the type string */
       /* netscape wrapped DER cert */
       if ( ( cp[0] == SEC_ASN1_OCTET_STRING ) &&
           ( cp[1] == CERTIFICATE_TYPE_LEN ) &&
           ( PORT_Strcmp((char *)&cp[2], CERTIFICATE_TYPE_STRING) ) ) {
           
           cp += ( CERTIFICATE_TYPE_LEN + 2 );

           /* it had better be a certificate by now!! */
           certitem.data = cp;
           certitem.len = certlen - ( cp - (unsigned char *)certbuf );
           
           rv = (* f)(arg, &pcertitem, 1);
           
           return(rv);
       } else if ( cp[0] == SEC_ASN1_OBJECT_ID ) {
           SECOidData *oiddata;
           SECItem oiditem;
           /* XXX - assume DER encoding of OID len!! */
           oiditem.len = cp[1];
           oiditem.data = (unsigned char *)&cp[2];
           oiddata = SECOID_FindOID(&oiditem);
           if ( oiddata == NULL ) {
              return(SECFailure);
           }

           certitem.data = (unsigned char*)certbuf;
           certitem.len = certlen;
           
           switch ( oiddata->offset ) {
             case SEC_OID_PKCS7_SIGNED_DATA:
              return(SEC_ReadPKCS7Certs(&certitem, f, arg));
              break;
             case SEC_OID_NS_TYPE_CERT_SEQUENCE:
              return(SEC_ReadCertSequence(&certitem, f, arg));
              break;
             default:
              break;
           }
           
       } else {
           /* it had better be a certificate by now!! */
           certitem.data = (unsigned char*)certbuf;
           certitem.len = certlen;
           
           rv = (* f)(arg, &pcertitem, 1);
           return(rv);
       }
    }

    /* now look for a netscape base64 ascii encoded cert */
notder:
  {
    unsigned char *certbegin = NULL; 
    unsigned char *certend   = NULL;
    char          *pc;
    int cl;

    /* Convert the ASCII data into a nul-terminated string */
    ascCert = (char *)PORT_Alloc(certlen + 1);
    if (!ascCert) {
        rv = SECFailure;
       goto loser;
    }

    PORT_Memcpy(ascCert, certbuf, certlen);
    ascCert[certlen] = '\0';

    pc = PORT_Strchr(ascCert, '\n');  /* find an EOL */
    if (!pc) { /* maybe this is a MAC file */
       pc = ascCert;
       while (*pc && NULL != (pc = PORT_Strchr(pc, '\r'))) {
           *pc++ = '\n';
       }
    }

    cp = (unsigned char *)ascCert;
    cl = certlen;

    /* find the beginning marker */
    while ( cl > sizeof(NS_CERT_HEADER) ) {
       if ( !PORT_Strncasecmp((char *)cp, NS_CERT_HEADER,
                          sizeof(NS_CERT_HEADER)-1) ) {
           cp = cp + sizeof(NS_CERT_HEADER);
           certbegin = cp;
           break;
       }
       
       /* skip to next eol */
       do {
           cp++;
           cl--;
       } while ( ( *cp != '\n') && cl );

       /* skip all blank lines */
       while ( ( *cp == '\n') && cl ) {
           cp++;
           cl--;
       }
    }

    if ( certbegin ) {
       /* find the ending marker */
       while ( cl > sizeof(NS_CERT_TRAILER) ) {
           if ( !PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER,
                             sizeof(NS_CERT_TRAILER)-1) ) {
              certend = (unsigned char *)cp;
              break;
           }

           /* skip to next eol */
           do {
              cp++;
              cl--;
           } while ( ( *cp != '\n') && cl );

           /* skip all blank lines */
           while ( ( *cp == '\n') && cl ) {
              cp++;
              cl--;
           }
       }
    }

    if ( certbegin && certend ) {
       unsigned int binLen;

       *certend = 0;
       /* convert to binary */
       bincert = ATOB_AsciiToData(certbegin, &binLen);
       if (!bincert) {
           rv = SECFailure;
           goto loser;
       }

       /* now recurse to decode the binary */
       rv = CERT_DecodeCertPackage((char *)bincert, binLen, f, arg);
       
    } else {
       rv = SECFailure;
    }
  }

loser:

    if ( bincert ) {
       PORT_Free(bincert);
    }

    if ( ascCert ) {
       PORT_Free(ascCert);
    }

    return(rv);
}

Here is the call graph for this function:

CERTCrlDistributionPoints* CERT_DecodeCRLDistributionPoints ( PRArenaPool arena,
SECItem *  der 
)

Definition at line 147 of file xcrldist.c.

{
   CERTCrlDistributionPoints *value = NULL;    
   CRLDistributionPoint **pointList, *point;    
   SECStatus rv;
   SECItem newEncodedValue;

   PORT_Assert (arena);
   do {
       value = (CERTCrlDistributionPoints*)PORT_ArenaZAlloc (arena, sizeof (*value));
       if (value == NULL) {
           rv = SECFailure;
           break;
       }

        /* copy the DER into the arena, since Quick DER returns data that points
           into the DER input, which may get freed by the caller */
        rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
        if ( rv != SECSuccess ) {
           break;
        }

       rv = SEC_QuickDERDecodeItem
            (arena, &value->distPoints, CERTCRLDistributionPointsTemplate,
             &newEncodedValue);
       if (rv != SECSuccess)
           break;

       pointList = value->distPoints;
       while (*pointList) {
           point = *pointList;

           /* get the data if the distributionPointName is not omitted */
           if (point->derDistPoint.data != NULL) {
              point->distPointType = (DistributionPointTypes)
                                   ((point->derDistPoint.data[0] & 0x1f) +1);
              if (point->distPointType == generalName) {
                  SECItem innerDER;
              
                  innerDER.data = NULL;
                  rv = SEC_QuickDERDecodeItem
                      (arena, point, FullNameTemplate, &(point->derDistPoint));
                  if (rv != SECSuccess)
                     break;
                  point->distPoint.fullName = cert_DecodeGeneralNames
                     (arena, point->derFullName);

                  if (!point->distPoint.fullName)
                     break;
              }
              else if ( relativeDistinguishedName) {
                  rv = SEC_QuickDERDecodeItem
                      (arena, point, RelativeNameTemplate, &(point->derDistPoint));
                  if (rv != SECSuccess)
                     break;
              }
              else {
                  PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
                  break;
              }
           }

           /* Get the reason code if it's not omitted in the encoding */
           if (point->bitsmap.data != NULL) {
              point->reasons.data = (unsigned char*) PORT_ArenaAlloc
                                  (arena, (point->bitsmap.len + 7) >> 3);
              if (!point->reasons.data) {
                  rv = SECFailure;
                  break;
              }
              PORT_Memcpy (point->reasons.data, point->bitsmap.data,
                          point->reasons.len = ((point->bitsmap.len + 7) >> 3));
           }

           /* Get the crl issuer name if it's not omitted in the encoding */
           if (point->derCrlIssuer != NULL) {
              point->crlIssuer = cert_DecodeGeneralNames
                  (arena, point->derCrlIssuer);

              if (!point->crlIssuer)
                  break;
           }
           ++pointList;
       }
   } while (0);
   return (rv == SECSuccess ? value : NULL);
}

Here is the call graph for this function:

CERTCertificate* CERT_DecodeDERCertificate ( SECItem *  derSignedCert,
PRBool  copyDER,
char *  nickname 
)

Definition at line 815 of file certdb.c.

{
    CERTCertificate *cert;
    PRArenaPool *arena;
    void *data;
    int rv;
    int len;
    char *tmpname;
    
    /* make a new arena */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( !arena ) {
       return 0;
    }

    /* allocate the certificate structure */
    cert = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
    
    if ( !cert ) {
       goto loser;
    }
    
    cert->arena = arena;
    
    if ( copyDER ) {
       /* copy the DER data for the cert into this arena */
       data = (void *)PORT_ArenaAlloc(arena, derSignedCert->len);
       if ( !data ) {
           goto loser;
       }
       cert->derCert.data = (unsigned char *)data;
       cert->derCert.len = derSignedCert->len;
       PORT_Memcpy(data, derSignedCert->data, derSignedCert->len);
    } else {
       /* point to passed in DER data */
       cert->derCert = *derSignedCert;
    }

    /* decode the certificate info */
    rv = SEC_QuickDERDecodeItem(arena, cert, SEC_SignedCertificateTemplate,
                  &cert->derCert);

    if ( rv ) {
       goto loser;
    }

    if (cert_HasUnknownCriticalExten (cert->extensions) == PR_TRUE) {
        cert->options.bits.hasUnsupportedCriticalExt = PR_TRUE;
    }

    /* generate and save the database key for the cert */
    rv = CERT_KeyFromIssuerAndSN(arena, &cert->derIssuer, &cert->serialNumber,
                     &cert->certKey);
    if ( rv ) {
       goto loser;
    }

    /* set the nickname */
    if ( nickname == NULL ) {
       cert->nickname = NULL;
    } else {
       /* copy and install the nickname */
       len = PORT_Strlen(nickname) + 1;
       cert->nickname = (char*)PORT_ArenaAlloc(arena, len);
       if ( cert->nickname == NULL ) {
           goto loser;
       }

       PORT_Memcpy(cert->nickname, nickname, len);
    }

    /* set the email address */
    cert->emailAddr = cert_GetCertificateEmailAddresses(cert);
    
    /* initialize the subjectKeyID */
    rv = cert_GetKeyID(cert);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* initialize keyUsage */
    rv = GetKeyUsage(cert);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* initialize the certType */
    rv = cert_GetCertType(cert);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* determine if this is a root cert */
    cert->isRoot = cert_IsRootCert(cert);

    tmpname = CERT_NameToAscii(&cert->subject);
    if ( tmpname != NULL ) {
       cert->subjectName = PORT_ArenaStrdup(cert->arena, tmpname);
       PORT_Free(tmpname);
    }
    
    tmpname = CERT_NameToAscii(&cert->issuer);
    if ( tmpname != NULL ) {
       cert->issuerName = PORT_ArenaStrdup(cert->arena, tmpname);
       PORT_Free(tmpname);
    }
    
    cert->referenceCount = 1;
    cert->slot = NULL;
    cert->pkcs11ID = CK_INVALID_HANDLE;
    cert->dbnickname = NULL;
    
    return(cert);
    
loser:

    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(0);
}

Here is the call graph for this function:

CERTSignedCrl* CERT_DecodeDERCrl ( PRArenaPool arena,
SECItem *  derSignedCrl,
int  type 
)

Definition at line 601 of file crl.c.

{
    return CERT_DecodeDERCrlWithFlags(narena, derSignedCrl, type,
                                      CRL_DECODE_DEFAULT_OPTIONS);
}

Here is the call graph for this function:

CERTSignedCrl* CERT_DecodeDERCrlWithFlags ( PRArenaPool narena,
SECItem *  derSignedCrl,
int  type,
PRInt32  options 
)

Definition at line 458 of file crl.c.

{
    PRArenaPool *arena;
    CERTSignedCrl *crl;
    SECStatus rv;
    OpaqueCRLFields* extended = NULL;
    const SEC_ASN1Template* crlTemplate = CERT_SignedCrlTemplate;
    PRInt32 testOptions = options;

    PORT_Assert(derSignedCrl);
    if (!derSignedCrl) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
    }

    /* Adopting DER requires not copying it.  Code that sets ADOPT flag 
     * but doesn't set DONT_COPY probably doesn't know What it is doing.  
     * That condition is a programming error in the caller.
     */
    testOptions &= (CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_DONT_COPY_DER);
    PORT_Assert(testOptions != CRL_DECODE_ADOPT_HEAP_DER);
    if (testOptions == CRL_DECODE_ADOPT_HEAP_DER) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
    }

    /* make a new arena if needed */
    if (narena == NULL) {
       arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
       if ( !arena ) {
           return NULL;
       }
    } else {
       arena = narena;
    }

    /* allocate the CRL structure */
    crl = (CERTSignedCrl *)PORT_ArenaZAlloc(arena, sizeof(CERTSignedCrl));
    if ( !crl ) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    crl->arena = arena;

    /* allocate opaque fields */
    crl->opaque = (void*)PORT_ArenaZAlloc(arena, sizeof(OpaqueCRLFields));
    if ( !crl->opaque ) {
       goto loser;
    }
    extended = (OpaqueCRLFields*) crl->opaque;
    if (options & CRL_DECODE_ADOPT_HEAP_DER) {
        extended->heapDER = PR_TRUE;
    }
    if (options & CRL_DECODE_DONT_COPY_DER) {
        crl->derCrl = derSignedCrl; /* DER is not copied . The application
                                       must keep derSignedCrl until it
                                       destroys the CRL */
    } else {
        crl->derCrl = (SECItem *)PORT_ArenaZAlloc(arena,sizeof(SECItem));
        if (crl->derCrl == NULL) {
            goto loser;
        }
        rv = SECITEM_CopyItem(arena, crl->derCrl, derSignedCrl);
        if (rv != SECSuccess) {
            goto loser;
        }
    }

    /* Save the arena in the inner crl for CRL extensions support */
    crl->crl.arena = arena;
    if (options & CRL_DECODE_SKIP_ENTRIES) {
        crlTemplate = cert_SignedCrlTemplateNoEntries;
        extended->partial = PR_TRUE;
    }

    /* decode the CRL info */
    switch (type) {
    case SEC_CRL_TYPE:
        rv = SEC_QuickDERDecodeItem(arena, crl, crlTemplate, crl->derCrl);
        if (rv != SECSuccess) {
            extended->badDER = PR_TRUE;
            break;
        }
        /* check for critical extensions */
        rv =  cert_check_crl_version (&crl->crl);
        if (rv != SECSuccess) {
            extended->badExtensions = PR_TRUE;
            break;
        }

        if (PR_TRUE == extended->partial) {
            /* partial decoding, don't verify entries */
            break;
        }

        rv = cert_check_crl_entries(&crl->crl);
        if (rv != SECSuccess) {
            extended->badExtensions = PR_TRUE;
        }

        break;

    case SEC_KRL_TYPE:
       rv = SEC_QuickDERDecodeItem
            (arena, crl, cert_SignedKrlTemplate, derSignedCrl);
       break;
    default:
       rv = SECFailure;
       break;
    }

    if (rv != SECSuccess) {
       goto loser;
    }

    crl->referenceCount = 1;
    
    return(crl);
    
loser:
    if (options & CRL_DECODE_KEEP_BAD_CRL) {
        if (extended) {
            extended->decodingError = PR_TRUE;
        }
        if (crl) {
            crl->referenceCount = 1;
            return(crl);
        }
    }

    if ((narena == NULL) && arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(0);
}

Here is the call graph for this function:

CERTGeneralName* CERT_DecodeGeneralName ( PRArenaPool arena,
SECItem *  encodedName,
CERTGeneralName *  genName 
)

Definition at line 416 of file genname.c.

{
    const SEC_ASN1Template *         template;
    CERTGeneralNameType              genNameType;
    SECStatus                        rv = SECSuccess;

    PORT_Assert(arena);
    /* TODO: mark arena */
    genNameType = (CERTGeneralNameType)((*(encodedName->data) & 0x0f) + 1);
    if (genName == NULL) {
       genName = cert_NewGeneralName(arena, genNameType);
       if (!genName)
           goto loser;
    } else {
       genName->type = genNameType;
       genName->l.prev = genName->l.next = &genName->l;
    }
    switch (genNameType) {
    case certURI:           template = CERT_URITemplate;           break;
    case certRFC822Name:    template = CERT_RFC822NameTemplate;    break;
    case certDNSName:              template = CERT_DNSNameTemplate;       break;
    case certIPAddress:     template = CERT_IPAddressTemplate;     break;
    case certOtherName:     template = CERTOtherNameTemplate;      break;
    case certRegisterID:    template = CERT_RegisteredIDTemplate;  break;
    case certEDIPartyName:  template = CERT_EDIPartyNameTemplate;  break;
    case certX400Address:   template = CERT_X400AddressTemplate;   break;
    case certDirectoryName:        template = CERT_DirectoryNameTemplate; break;
    default: 
        goto loser;
    }
    rv = SEC_ASN1DecodeItem(arena, genName, template, encodedName);
    if (rv != SECSuccess) 
       goto loser;
    if (genNameType == certDirectoryName) {
       rv = SEC_ASN1DecodeItem(arena, &(genName->name.directoryName), 
                            CERT_NameTemplate, 
                            &(genName->derDirectoryName));
        if (rv != SECSuccess)
           goto loser;
    }

    /* TODO: unmark arena */
    return genName;
loser:
    /* TODO: release arena to mark */
    return NULL;
}

Here is the call graph for this function:

CERTNameConstraints* CERT_DecodeNameConstraintsExtension ( PRArenaPool arena,
SECItem *  encodedConstraints 
)

Definition at line 243 of file xconst.c.

{
    return cert_DecodeNameConstraints(arena, encodedConstraints);
}

Here is the call graph for this function:

CERTOidSequence* CERT_DecodeOidSequence ( SECItem *  seqItem)

Definition at line 466 of file polcyxtn.c.

{
    PRArenaPool *arena = NULL;
    SECStatus rv;
    CERTOidSequence *oidSeq;
    SECItem newSeqItem;
    
    /* make a new arena */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( !arena ) {
       goto loser;
    }

    /* allocate the userNotice structure */
    oidSeq = (CERTOidSequence *)PORT_ArenaZAlloc(arena,
                                           sizeof(CERTOidSequence));
    
    if ( oidSeq == NULL ) {
       goto loser;
    }
    
    oidSeq->arena = arena;

    /* copy the DER into the arena, since Quick DER returns data that points
       into the DER input, which may get freed by the caller */
    rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* decode the user notice */
    rv = SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    return(oidSeq);
    
loser:
    return(NULL);
}

Here is the call graph for this function:

CERTPrivKeyUsagePeriod* CERT_DecodePrivKeyUsagePeriodExtension ( PLArenaPool arena,
SECItem *  extnValue 
)

Definition at line 137 of file xconst.c.

{
    SECStatus rv;
    CERTPrivKeyUsagePeriod *pPeriod;
    SECItem newExtnValue;

    /* allocate the certificate policies structure */
    pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
    if ( pPeriod == NULL ) {
       goto loser;
    }
    
    pPeriod->arena = arena;

    /* copy the DER into the arena, since Quick DER returns data that points
       into the DER input, which may get freed by the caller */
    rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, pPeriod, 
                                CERTPrivateKeyUsagePeriodTemplate,
                             &newExtnValue);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    return pPeriod;
    
loser:
    return NULL;
}

Here is the call graph for this function:

SECStatus CERT_DecodeTrustString ( CERTCertTrust *  trust,
char *  trusts 
)

Definition at line 2051 of file certdb.c.

{
    unsigned int i;
    unsigned int *pflags;
    
    if (!trust) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    trust->sslFlags = 0;
    trust->emailFlags = 0;
    trust->objectSigningFlags = 0;
    if (!trusts) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }

    pflags = &trust->sslFlags;
    
    for (i=0; i < PORT_Strlen(trusts); i++) {
       switch (trusts[i]) {
         case 'p':
             *pflags = *pflags | CERTDB_VALID_PEER;
             break;

         case 'P':
             *pflags = *pflags | CERTDB_TRUSTED | CERTDB_VALID_PEER;
             break;

         case 'w':
             *pflags = *pflags | CERTDB_SEND_WARN;
             break;

         case 'c':
             *pflags = *pflags | CERTDB_VALID_CA;
             break;

         case 'T':
             *pflags = *pflags | CERTDB_TRUSTED_CLIENT_CA | CERTDB_VALID_CA;
             break;

         case 'C' :
             *pflags = *pflags | CERTDB_TRUSTED_CA | CERTDB_VALID_CA;
             break;

         case 'u':
             *pflags = *pflags | CERTDB_USER;
             break;

         case 'i':
             *pflags = *pflags | CERTDB_INVISIBLE_CA;
             break;
         case 'g':
             *pflags = *pflags | CERTDB_GOVT_APPROVED_CA;
             break;

         case ',':
             if ( pflags == &trust->sslFlags ) {
                pflags = &trust->emailFlags;
             } else {
                pflags = &trust->objectSigningFlags;
             }
             break;
         default:
             return SECFailure;
       }
    }

    return SECSuccess;
}

Here is the call graph for this function:

CERTUserNotice* CERT_DecodeUserNotice ( SECItem *  noticeItem)

Definition at line 214 of file polcyxtn.c.

{
    PRArenaPool *arena = NULL;
    SECStatus rv;
    CERTUserNotice *userNotice;
    SECItem newNoticeItem;
    
    /* make a new arena */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( !arena ) {
       goto loser;
    }

    /* allocate the userNotice structure */
    userNotice = (CERTUserNotice *)PORT_ArenaZAlloc(arena,
                                              sizeof(CERTUserNotice));
    
    if ( userNotice == NULL ) {
       goto loser;
    }
    
    userNotice->arena = arena;

    /* copy the DER into the arena, since Quick DER returns data that points
       into the DER input, which may get freed by the caller */
    rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* decode the user notice */
    rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate, 
                         &newNoticeItem);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    if (userNotice->derNoticeReference.data != NULL) {
       /* sigh, the asn1 parser stripped the sequence encoding, re add it
        * before we decode.
        */
       SECItem tmpbuf;
       int    newBytes;

       newBytes = SEC_ASN1LengthLength(userNotice->derNoticeReference.len)+1;
       tmpbuf.len = newBytes + userNotice->derNoticeReference.len;
       tmpbuf.data = PORT_ArenaZAlloc(arena, tmpbuf.len);
       if (tmpbuf.data == NULL) {
           goto loser;
       }
       tmpbuf.data[0] = SEC_ASN1_SEQUENCE | SEC_ASN1_CONSTRUCTED;
       SEC_ASN1EncodeLength(&tmpbuf.data[1],userNotice->derNoticeReference.len);
       PORT_Memcpy(&tmpbuf.data[newBytes],userNotice->derNoticeReference.data,
                            userNotice->derNoticeReference.len);

       /* OK, no decode it */
       rv = SEC_QuickDERDecodeItem(arena, &userNotice->noticeReference, 
           CERT_NoticeReferenceTemplate, &tmpbuf);

       PORT_Free(tmpbuf.data); tmpbuf.data = NULL;
       if ( rv != SECSuccess ) {
           goto loser;
       }
    }

    return(userNotice);
    
loser:
    if ( arena != NULL ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

char* CERT_DerNameToAscii ( SECItem *  dername)

Definition at line 810 of file alg1485.c.

{
    int rv;
    PRArenaPool *arena = NULL;
    CERTName name;
    char *retstr = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( arena == NULL) {
       goto loser;
    }
    
    rv = SEC_QuickDERDecodeItem(arena, &name, CERT_NameTemplate, dername);
    
    if ( rv != SECSuccess ) {
       goto loser;
    }

    retstr = CERT_NameToAscii(&name);

loser:
    if ( arena != NULL ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(retstr);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void CERT_DestroyCertArray ( CERTCertificate **  certs,
unsigned int  ncerts 
)

Definition at line 2005 of file certdb.c.

{
    unsigned int i;
    
    if ( certs ) {
       for ( i = 0; i < ncerts; i++ ) {
           if ( certs[i] ) {
              CERT_DestroyCertificate(certs[i]);
           }
       }

       PORT_Free(certs);
    }
    
    return;
}

Here is the call graph for this function:

void CERT_DestroyCertificate ( CERTCertificate *  cert)

Definition at line 595 of file stanpcertdb.c.

{
    if ( cert ) {
       /* don't use STAN_GetNSSCertificate because we don't want to
        * go to the trouble of translating the CERTCertificate into
        * an NSSCertificate just to destroy it.  If it hasn't been done
        * yet, don't do it at all.
        */
       NSSCertificate *tmp = cert->nssCertificate;
       if (tmp) {
           /* delete the NSSCertificate */
           NSSCertificate_Destroy(tmp);
       } else if (cert->arena) {
           PORT_FreeArena(cert->arena, PR_FALSE);
       }
    }
    return;
}

Here is the call graph for this function:

void CERT_DestroyCertificateList ( CERTCertificateList *  list)

Definition at line 1102 of file certhigh.c.

Here is the call graph for this function:

Definition at line 204 of file polcyxtn.c.

{
    if ( policies != NULL ) {
       PORT_FreeArena(policies->arena, PR_FALSE);
    }
    return;
}

Here is the call graph for this function:

void CERT_DestroyCertificateRequest ( CERTCertificateRequest *  r)

Definition at line 250 of file certreq.c.

{
    if (req && req->arena) {
       PORT_FreeArena(req->arena, PR_FALSE);
    }
    return;
}

Here is the call graph for this function:

void CERT_DestroyCertList ( CERTCertList *  certs)

Definition at line 2405 of file certdb.c.

{
    PRCList *node;

    while( !PR_CLIST_IS_EMPTY(&certs->list) ) {
       node = PR_LIST_HEAD(&certs->list);
       CERT_DestroyCertificate(((CERTCertListNode *)node)->cert);
       PR_REMOVE_LINK(node);
    }
    
    PORT_FreeArena(certs->arena, PR_FALSE);
    
    return;
}

Here is the call graph for this function:

void CERT_DestroyCrl ( CERTSignedCrl *  crl)

Definition at line 1793 of file certdb.c.

{
    SEC_DestroyCrl (crl);
}

Here is the call graph for this function:

void CERT_DestroyName ( CERTName *  name)

Definition at line 395 of file secname.c.

{
    if (name)
    {
        PRArenaPool *arena = name->arena;
        name->rdns = NULL;
       name->arena = NULL;
       if (arena) PORT_FreeArena(arena, PR_FALSE);
    }
}

Here is the call graph for this function:

Definition at line 512 of file polcyxtn.c.

{
    if ( oidSeq != NULL ) {
       PORT_FreeArena(oidSeq->arena, PR_FALSE);
    }
    return;
}

Here is the call graph for this function:

void CERT_DestroyRDN ( CERTRDN *  rdn,
PRBool  freeit 
)

Definition at line 292 of file polcyxtn.c.

{
    if ( userNotice != NULL ) {
       PORT_FreeArena(userNotice->arena, PR_FALSE);
    }
    return;
}

Here is the call graph for this function:

void CERT_DestroyValidity ( CERTValidity *  v)

Definition at line 159 of file sectime.c.

{
    if (v && v->arena) {
       PORT_FreeArena(v->arena, PR_FALSE);
    }
    return;
}

Here is the call graph for this function:

CERTDistNames* CERT_DistNamesFromNicknames ( CERTCertDBHandle *  handle,
char **  nicknames,
int  nnames 
)

Definition at line 662 of file certhigh.c.

{
    CERTDistNames *dnames = NULL;
    PRArenaPool *arena;
    int i, rv;
    SECItem *names = NULL;
    CERTCertificate *cert = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) goto loser;
    dnames = PORT_ArenaZNew(arena, CERTDistNames);
    if (dnames == NULL) goto loser;

    dnames->arena = arena;
    dnames->nnames = nnames;
    dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames);
    if (names == NULL) goto loser;
    
    for (i = 0; i < nnames; i++) {
       cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]);
       if (cert == NULL) goto loser;
       rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject);
       if (rv == SECFailure) goto loser;
       CERT_DestroyCertificate(cert);
    }
    return dnames;
    
loser:
    if (cert != NULL)
       CERT_DestroyCertificate(cert);
    if (arena != NULL)
       PORT_FreeArena(arena, PR_FALSE);
    return NULL;
}

Here is the call graph for this function:

CERTCertificate* CERT_DupCertificate ( CERTCertificate *  c)

Definition at line 1279 of file certdb.c.

{
    if (c) {
       NSSCertificate *tmp = STAN_GetNSSCertificate(c);
       nssCertificate_AddRef(tmp);
    }
    return c;
}

Here is the call graph for this function:

CERTCertificateList* CERT_DupCertList ( CERTCertificateList *  oldList)

Definition at line 1060 of file certhigh.c.

{
    CERTCertificateList *newList = NULL;
    PRArenaPool         *arena   = NULL;
    SECItem             *newItem;
    SECItem             *oldItem;
    int                 len      = oldList->len;
    int                 rv;

    /* arena for SecCertificateList */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) 
       goto no_memory;

    /* now build the CERTCertificateList */
    newList = PORT_ArenaNew(arena, CERTCertificateList);
    if (newList == NULL) 
       goto no_memory;
    newList->arena = arena;
    newItem = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
    if (newItem == NULL) 
       goto no_memory;
    newList->certs = newItem;
    newList->len   = len;

    for (oldItem = oldList->certs; len > 0; --len, ++newItem, ++oldItem) {
       rv = SECITEM_CopyItem(arena, newItem, oldItem);
       if (rv < 0) 
           goto loser;
    }
    return newList;

no_memory:
    PORT_SetError(SEC_ERROR_NO_MEMORY);
loser:
    if (arena != NULL) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}

Here is the call graph for this function:

SECStatus CERT_EncodeAltNameExtension ( PRArenaPool arena,
CERTGeneralName *  value,
SECItem *  encodedValue 
)

Definition at line 193 of file xconst.c.

{
    SECItem                **encodedGenName;
    SECStatus              rv = SECSuccess;

    encodedGenName = cert_EncodeGeneralNames(arena, value);
    if (SEC_ASN1EncodeItem (arena, encodedValue, &encodedGenName,
                         CERT_GeneralNamesTemplate) == NULL) {
       rv = SECFailure;
    }

    return rv;
}

Here is the call graph for this function:

SECStatus CERT_EncodeAndAddBitStrExtension ( void exthandle,
int  idtag,
SECItem *  value,
PRBool  critical 
)

Definition at line 301 of file certxutl.c.

{
  SECItem bitsmap;
  
  PrepareBitStringForEncoding (&bitsmap, value);
  return (CERT_EncodeAndAddExtension
         (exthandle, idtag, &bitsmap, critical, SEC_BitStringTemplate));
}

Here is the call graph for this function:

SECStatus CERT_EncodeAndAddExtension ( void exthandle,
int  idtag,
void value,
PRBool  critical,
const SEC_ASN1Template atemplate 
)

Definition at line 262 of file certxutl.c.

{
    extRec *handle;
    SECItem *encitem;

    handle = (extRec *)exthandle;

    encitem = SEC_ASN1EncodeItem(handle->ownerArena, NULL, value, atemplate);
    if ( encitem == NULL ) {
       return(SECFailure);
    }

    return CERT_AddExtension(exthandle, idtag, encitem, critical, PR_FALSE);
}

Here is the call graph for this function:

SECStatus CERT_EncodeAuthKeyID ( PRArenaPool arena,
CERTAuthKeyID *  value,
SECItem *  encodedValue 
)

Definition at line 68 of file xauthkid.c.

{
    SECStatus rv = SECFailure;
 
    PORT_Assert (value);
    PORT_Assert (arena);
    PORT_Assert (value->DERAuthCertIssuer == NULL);
    PORT_Assert (encodedValue);

    do {
       
       /* If both of the authCertIssuer and the serial number exist, encode
          the name first.  Otherwise, it is an error if one exist and the other
          is not.
        */
       if (value->authCertIssuer) {
           if (!value->authCertSerialNumber.data) {
              PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
              break;
           }

           value->DERAuthCertIssuer = cert_EncodeGeneralNames
              (arena, value->authCertIssuer);
           if (!value->DERAuthCertIssuer) {
              PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
              break;
           }
       }
       else if (value->authCertSerialNumber.data) {
              PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
              break;
       }

       if (SEC_ASN1EncodeItem (arena, encodedValue, value,
                            CERTAuthKeyIDTemplate) == NULL)
           break;
       rv = SECSuccess;

    } while (0);
     return(rv);
}

Here is the call graph for this function:

SECStatus CERT_EncodeBasicConstraintValue ( PRArenaPool arena,
CERTBasicConstraints *  value,
SECItem *  encodedValue 
)

Definition at line 76 of file xbsconst.c.

{
    EncodedContext encodeContext;
    PRArenaPool *our_pool = NULL;   
    SECStatus rv = SECSuccess;

    do {
       PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
       if (!value->isCA && value->pathLenConstraint >= 0) {
           PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
           GEN_BREAK (SECFailure);
       }

        encodeContext.arena = arena;
       if (value->isCA == PR_TRUE) {
           encodeContext.isCA.data =  &hexTrue ;
           encodeContext.isCA.len = 1;
       }

       /* If the pathLenConstraint is less than 0, then it should be
        * omitted from the encoding.
        */
       if (value->isCA && value->pathLenConstraint >= 0) {
           our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
           if (our_pool == NULL) {
              PORT_SetError (SEC_ERROR_NO_MEMORY);
              GEN_BREAK (SECFailure);
           }
           if (SEC_ASN1EncodeUnsignedInteger
              (our_pool, &encodeContext.pathLenConstraint,
               (unsigned long)value->pathLenConstraint) == NULL) {
              PORT_SetError (SEC_ERROR_NO_MEMORY);
              GEN_BREAK (SECFailure);
           }
       }
       if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
                            CERTBasicConstraintsTemplate) == NULL) {
           GEN_BREAK (SECFailure);
       }
    } while (0);
    if (our_pool)
       PORT_FreeArena (our_pool, PR_FALSE);
    return(rv);

}

Here is the call graph for this function:

SECStatus CERT_EncodeCRLDistributionPoints ( PRArenaPool arena,
CERTCrlDistributionPoints *  value,
SECItem *  derValue 
)

Definition at line 74 of file xcrldist.c.

{
    CRLDistributionPoint **pointList, *point;
    PRArenaPool *ourPool = NULL;
    SECStatus rv = SECSuccess;

    PORT_Assert (derValue);
    PORT_Assert (value && value->distPoints);

    do {
       ourPool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
       if (ourPool == NULL) {
           rv = SECFailure;
           break;
       }    
       
       pointList = value->distPoints;
       while (*pointList) {
           point = *pointList;
           point->derFullName = NULL;
           point->derDistPoint.data = NULL;

           if (point->distPointType == generalName) {
              point->derFullName = cert_EncodeGeneralNames
                  (ourPool, point->distPoint.fullName);
              
              if (point->derFullName) {
                  rv = (SEC_ASN1EncodeItem (ourPool, &point->derDistPoint,
                       point, FullNameTemplate) == NULL) ? SECFailure : SECSuccess;
              } else {
                  rv = SECFailure;
              }
           }
           else if (point->distPointType == relativeDistinguishedName) {
              if (SEC_ASN1EncodeItem
                   (ourPool, &point->derDistPoint, 
                    point, RelativeNameTemplate) == NULL) 
                  rv = SECFailure;
           }
           /* distributionPointName is omitted */
           else if (point->distPointType != 0) {
              PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
              rv = SECFailure;
           }
           if (rv != SECSuccess)
              break;

           if (point->reasons.data)
              PrepareBitStringForEncoding (&point->bitsmap, &point->reasons);

           if (point->crlIssuer) {
              point->derCrlIssuer = cert_EncodeGeneralNames
                  (ourPool, point->crlIssuer);
              if (!point->crlIssuer)
                  break;
           }
           
           ++pointList;
       }
       if (rv != SECSuccess)
           break;
       if (SEC_ASN1EncodeItem
            (arena, derValue, value, CERTCRLDistributionPointsTemplate) == NULL) {
           rv = SECFailure;
           break;
       }
    } while (0);
    PORT_FreeArena (ourPool, PR_FALSE);
    return (rv);
}

Here is the call graph for this function:

SECItem* CERT_EncodeGeneralName ( CERTGeneralName *  genName,
SECItem *  dest,
PRArenaPool arena 
)

Definition at line 319 of file genname.c.

{

    const SEC_ASN1Template * template;

    PORT_Assert(arena);
    if (arena == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    /* TODO: mark arena */
    if (dest == NULL) {
       dest = PORT_ArenaZNew(arena, SECItem);
       if (!dest)
           goto loser;
    }
    if (genName->type == certDirectoryName) {
       if (genName->derDirectoryName.data == NULL) {
           /* The field hasn't been encoded yet. */
            SECItem * pre_dest =
            SEC_ASN1EncodeItem (arena, &(genName->derDirectoryName),
                                &(genName->name.directoryName),
                                CERT_NameTemplate);
            if (!pre_dest)
                goto loser;
       }
       if (genName->derDirectoryName.data == NULL) {
           goto loser;
       }
    }
    switch (genName->type) {
    case certURI:           template = CERT_URITemplate;           break;
    case certRFC822Name:    template = CERT_RFC822NameTemplate;    break;
    case certDNSName:       template = CERT_DNSNameTemplate;       break;
    case certIPAddress:     template = CERT_IPAddressTemplate;     break;
    case certOtherName:     template = CERTOtherNameTemplate;      break;
    case certRegisterID:    template = CERT_RegisteredIDTemplate;  break;
         /* for this type, we expect the value is already encoded */
    case certEDIPartyName:  template = CERT_EDIPartyNameTemplate;  break;
        /* for this type, we expect the value is already encoded */
    case certX400Address:   template = CERT_X400AddressTemplate;   break;
    case certDirectoryName: template = CERT_DirectoryNameTemplate; break;
    default:
       PORT_Assert(0); goto loser;
    }
    dest = SEC_ASN1EncodeItem(arena, dest, genName, template);
    if (!dest) {
       goto loser;
    }
    /* TODO: unmark arena */
    return dest;
loser:
    /* TODO: release arena back to mark */
    return NULL;
}

Here is the call graph for this function:

SECStatus CERT_EncodeSubjectKeyID ( PRArenaPool arena,
char *  value,
int  len,
SECItem *  encodedValue 
)

Definition at line 101 of file xconst.c.

{
    SECItem encodeContext;
    SECStatus rv = SECSuccess;


    PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
    
    if (value != NULL) {
       encodeContext.data = (unsigned char *)value;
       encodeContext.len = len;
    }
    if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
                         CERTSubjectKeyIDTemplate) == NULL) {
       rv = SECFailure;
    }
    
    return(rv);
}
char* CERT_EncodeTrustString ( CERTCertTrust *  trust)

Definition at line 2150 of file certdb.c.

{
    char tmpTrustSSL[32];
    char tmpTrustEmail[32];
    char tmpTrustSigning[32];
    char *retstr = NULL;

    if ( trust ) {
       tmpTrustSSL[0] = '\0';
       tmpTrustEmail[0] = '\0';
       tmpTrustSigning[0] = '\0';
    
       EncodeFlags(tmpTrustSSL, trust->sslFlags);
       EncodeFlags(tmpTrustEmail, trust->emailFlags);
       EncodeFlags(tmpTrustSigning, trust->objectSigningFlags);
    
       retstr = PR_smprintf("%s,%s,%s", tmpTrustSSL, tmpTrustEmail,
                          tmpTrustSigning);
    }
    
    return(retstr);
}

Here is the call graph for this function:

char* CERT_ExtractNicknameString ( char *  namestring,
char *  expiredString,
char *  notYetGoodString 
)

Definition at line 1873 of file certvfy.c.

{
    int explen, nyglen, namelen;
    int retlen;
    char *retstr;
    
    namelen = PORT_Strlen(namestring);
    explen = PORT_Strlen(expiredString);
    nyglen = PORT_Strlen(notYetGoodString);
    
    if ( namelen > explen ) {
       if ( PORT_Strcmp(expiredString, &namestring[namelen-explen]) == 0 ) {
           retlen = namelen - explen;
           retstr = (char *)PORT_Alloc(retlen+1);
           if ( retstr == NULL ) {
              goto loser;
           }
           
           PORT_Memcpy(retstr, namestring, retlen);
           retstr[retlen] = '\0';
           goto done;
       }
    }

    if ( namelen > nyglen ) {
       if ( PORT_Strcmp(notYetGoodString, &namestring[namelen-nyglen]) == 0) {
           retlen = namelen - nyglen;
           retstr = (char *)PORT_Alloc(retlen+1);
           if ( retstr == NULL ) {
              goto loser;
           }
           
           PORT_Memcpy(retstr, namestring, retlen);
           retstr[retlen] = '\0';
           goto done;
       }
    }

    /* if name string is shorter than either invalid string, then it must
     * be a raw nickname
     */
    retstr = PORT_Strdup(namestring);
    
done:
    return(retstr);

loser:
    return(NULL);
}

Here is the call graph for this function:

SECKEYPublicKey* CERT_ExtractPublicKey ( CERTCertificate *  cert)

Definition at line 1146 of file seckey.c.

{
    SECStatus rv;

    if (!cert) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    rv = SECKEY_UpdateCertPQG(cert);
    if (rv != SECSuccess) return NULL;

    return seckey_ExtractPublicKey(&cert->subjectPublicKeyInfo);
}

Here is the call graph for this function:

SECStatus CERT_FilterCertListByCANames ( CERTCertList *  certList,
int  nCANames,
char **  caNames,
SECCertUsage  usage 
)

Definition at line 1632 of file certvfy.c.

{
    CERTCertificate *issuerCert = NULL;
    CERTCertificate *subjectCert;
    CERTCertListNode *node, *freenode;
    CERTCertificate *cert;
    int n;
    char **names;
    PRBool found;
    int64 time;
    
    if ( nCANames <= 0 ) {
       return(SECSuccess);
    }

    time = PR_Now();
    
    node = CERT_LIST_HEAD(certList);
    
    while ( ! CERT_LIST_END(node, certList) ) {
       cert = node->cert;
       
       subjectCert = CERT_DupCertificate(cert);

       /* traverse the CA certs for this cert */
       found = PR_FALSE;
       while ( subjectCert != NULL ) {
           n = nCANames;
           names = caNames;
          
            if (subjectCert->issuerName != NULL) { 
               while ( n > 0 ) {
                  if ( PORT_Strcmp(*names, subjectCert->issuerName) == 0 ) {
                      found = PR_TRUE;
                      break;
                  }

                  n--;
                  names++;
                }
           }

           if ( found ) {
              break;
           }
           
           issuerCert = CERT_FindCertIssuer(subjectCert, time, usage);
           if ( issuerCert == subjectCert ) {
              CERT_DestroyCertificate(issuerCert);
              issuerCert = NULL;
              break;
           }
           CERT_DestroyCertificate(subjectCert);
           subjectCert = issuerCert;

       }
       CERT_DestroyCertificate(subjectCert);
       if ( !found ) {
           /* CA was not found, so remove this cert from the list */
           freenode = node;
           node = CERT_LIST_NEXT(node);
           CERT_RemoveCertListNode(freenode);
       } else {
           /* CA was found, so leave it in the list */
           node = CERT_LIST_NEXT(node);
       }
    }
    
    return(SECSuccess);
}

Here is the call graph for this function:

SECStatus CERT_FilterCertListByUsage ( CERTCertList *  certList,
SECCertUsage  usage,
PRBool  ca 
)

Definition at line 2624 of file certdb.c.

{
    unsigned int requiredKeyUsage;
    unsigned int requiredCertType;
    CERTCertListNode *node, *savenode;
    SECStatus rv;
    
    if (certList == NULL) goto loser;

    rv = CERT_KeyUsageAndTypeForCertUsage(usage, ca, &requiredKeyUsage,
                                     &requiredCertType);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    node = CERT_LIST_HEAD(certList);
       
    while ( !CERT_LIST_END(node, certList) ) {

       PRBool bad = (PRBool)(!node->cert);

       /* bad key usage ? */
       if ( !bad && 
            CERT_CheckKeyUsage(node->cert, requiredKeyUsage) != SECSuccess ) {
           bad = PR_TRUE;
       }
       /* bad cert type ? */
       if ( !bad ) {
           unsigned int certType = 0;
           if ( ca ) {
              /* This function returns a more comprehensive cert type that
               * takes trust flags into consideration.  Should probably
               * fix the cert decoding code to do this.
               */
              (void)CERT_IsCACert(node->cert, &certType);
           } else {
              certType = node->cert->nsCertType;
           }
           if ( !( certType & requiredCertType ) ) {
              bad = PR_TRUE;
           }
       }

       if ( bad ) {
           /* remove the node if it is bad */
           savenode = CERT_LIST_NEXT(node);
           CERT_RemoveCertListNode(node);
           node = savenode;
       } else {
           node = CERT_LIST_NEXT(node);
       }
    }
    return(SECSuccess);
    
loser:
    return(SECFailure);
}

Here is the call graph for this function:

SECStatus CERT_FilterCertListForUserCerts ( CERTCertList *  certList)

Definition at line 2696 of file certdb.c.

{
    CERTCertListNode *node, *freenode;
    CERTCertificate *cert;

    if (!certList) {
        return SECFailure;
    }

    node = CERT_LIST_HEAD(certList);
    
    while ( ! CERT_LIST_END(node, certList) ) {
       cert = node->cert;
       if ( PR_TRUE != CERT_IsUserCert(cert) ) {
           /* Not a User Cert, so remove this cert from the list */
           freenode = node;
           node = CERT_LIST_NEXT(node);
           CERT_RemoveCertListNode(freenode);
       } else {
           /* Is a User cert, so leave it in the list */
           node = CERT_LIST_NEXT(node);
       }
    }

    return(SECSuccess);
}

Here is the call graph for this function:

CERTAuthKeyID* CERT_FindAuthKeyIDExten ( PRArenaPool arena,
CERTCertificate *  cert 
)

Definition at line 350 of file certv3.c.

{
    SECItem encodedExtenValue;
    SECStatus rv;
    CERTAuthKeyID *ret;
    
    encodedExtenValue.data = NULL;
    encodedExtenValue.len = 0;

    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_AUTH_KEY_ID,
                         &encodedExtenValue);
    if ( rv != SECSuccess ) {
       return (NULL);
    }

    ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);

    PORT_Free(encodedExtenValue.data);
    encodedExtenValue.data = NULL;
    
    return(ret);
}

Here is the call graph for this function:

SECStatus CERT_FindBasicConstraintExten ( CERTCertificate *  cert,
CERTBasicConstraints *  value 
)

Definition at line 325 of file certv3.c.

{
    SECItem encodedExtenValue;
    SECStatus rv;

    encodedExtenValue.data = NULL;
    encodedExtenValue.len = 0;

    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_BASIC_CONSTRAINTS,
                         &encodedExtenValue);
    if ( rv != SECSuccess ) {
       return (rv);
    }

    rv = CERT_DecodeBasicConstraintValue (value, &encodedExtenValue);
    
    /* free the raw extension data */
    PORT_Free(encodedExtenValue.data);
    encodedExtenValue.data = NULL;
    
    return(rv);
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertByDERCert ( CERTCertDBHandle *  handle,
SECItem *  derCert 
)

Definition at line 454 of file stanpcertdb.c.

{
    NSSCryptoContext *cc;
    NSSCertificate *c;
    NSSDER encoding;
    NSSITEM_FROM_SECITEM(&encoding, derCert);
    cc = STAN_GetDefaultCryptoContext();
    c = NSSCryptoContext_FindCertificateByEncodedCertificate(cc, &encoding);
    if (!c) {
       c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle, 
                                                              &encoding);
       if (!c) return NULL;
    }
    return STAN_GetCERTCertificateOrRelease(c);
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertByEmailAddr ( CERTCertDBHandle *  handle,
char *  emailAddr 
)
CERTCertificate* CERT_FindCertByIssuerAndSN ( CERTCertDBHandle *  handle,
CERTIssuerAndSN *  issuerAndSN 
)

Definition at line 345 of file stanpcertdb.c.

{
    PK11SlotInfo *slot;
    CERTCertificate *cert;

    cert = PK11_FindCertByIssuerAndSN(&slot,issuerAndSN,NULL);
    if (cert && slot) {
        PK11_FreeSlot(slot);
    }

    return cert;
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertByKey ( CERTCertDBHandle *  handle,
SECItem *  key 
)
CERTCertificate* CERT_FindCertByKeyID ( CERTCertDBHandle *  handle,
SECItem *  name,
SECItem *  keyID 
)

Definition at line 400 of file stanpcertdb.c.

{
    CERTCertList *list;
    CERTCertificate *cert = NULL;
    CERTCertListNode *node, *head;

    list = CERT_CreateSubjectCertList(NULL,handle,name,0,PR_FALSE);
    if (list == NULL) return NULL;

    node = head = CERT_LIST_HEAD(list);
    if (head) {
       do {
           if (node->cert && 
              SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID) ) {
              cert = CERT_DupCertificate(node->cert);
              goto done;
           }
           node = CERT_LIST_NEXT(node);
       } while (node && head != node);
    }
    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
done:
    if (list) {
        CERT_DestroyCertList(list);
    }
    return cert;
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertByName ( CERTCertDBHandle *  handle,
SECItem *  name 
)

Definition at line 376 of file stanpcertdb.c.

{
    NSSCertificate *cp, *ct, *c;
    NSSDER subject;
    NSSUsage usage;
    NSSCryptoContext *cc;
    NSSITEM_FROM_SECITEM(&subject, name);
    usage.anyUsage = PR_TRUE;
    cc = STAN_GetDefaultCryptoContext();
    ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject, 
                                                       NULL, &usage, NULL);
    cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject, 
                                                     NULL, &usage, NULL);
    c = get_best_temp_or_perm(ct, cp);
    if (ct) {
       CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
    }
    if (cp) {
       CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(cp));
    }
    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertByNameString ( CERTCertDBHandle *  handle,
char *  name 
)

Definition at line 703 of file certhigh.c.

{
    CERTName *name;
    SECItem *nameItem;
    CERTCertificate *cert = NULL;
    PRArenaPool *arena = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( arena == NULL ) {
       goto loser;
    }
    
    name = CERT_AsciiToName(nameStr);
    
    if ( name ) {
       nameItem = SEC_ASN1EncodeItem (arena, NULL, (void *)name,
                                   CERT_NameTemplate);
       if ( nameItem != NULL ) {
            cert = CERT_FindCertByName(handle, nameItem);
       }
       CERT_DestroyName(name);
    }

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(cert);
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertByNickname ( CERTCertDBHandle *  handle,
char *  nickname 
)

Definition at line 429 of file stanpcertdb.c.

{
    NSSCryptoContext *cc;
    NSSCertificate *c, *ct;
    CERTCertificate *cert;
    NSSUsage usage;
    usage.anyUsage = PR_TRUE;
    cc = STAN_GetDefaultCryptoContext();
    ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, 
                                                       NULL, &usage, NULL);
    cert = PK11_FindCertFromNickname(nickname, NULL);
    c = NULL;
    if (cert) {
       c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
       CERT_DestroyCertificate(cert);
       if (ct) {
           CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
       }
    } else {
       c = ct;
    }
    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertByNicknameOrEmailAddr ( CERTCertDBHandle *  handle,
char *  name 
)

Definition at line 471 of file stanpcertdb.c.

{
    NSSCryptoContext *cc;
    NSSCertificate *c, *ct;
    CERTCertificate *cert;
    NSSUsage usage;

    if (NULL == name) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    usage.anyUsage = PR_TRUE;
    cc = STAN_GetDefaultCryptoContext();
    ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, 
                                                       NULL, &usage, NULL);
    if (!ct && PORT_Strchr(name, '@') != NULL) {
        char* lowercaseName = CERT_FixupEmailAddr(name);
        if (lowercaseName) {
           ct = NSSCryptoContext_FindBestCertificateByEmail(cc, lowercaseName, 
                                                     NULL, &usage, NULL);
            PORT_Free(lowercaseName);
        }
    }
    cert = PK11_FindCertFromNickname(name, NULL);
    if (cert) {
       c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
       CERT_DestroyCertificate(cert);
       if (ct) {
           CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
       }
    } else {
       c = ct;
    }
    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertBySPKDigest ( CERTCertDBHandle *  handle,
SECItem *  spkDigest 
)
CERTCertificate* CERT_FindCertBySubjectKeyID ( CERTCertDBHandle *  handle,
SECItem *  subjKeyID 
)

Definition at line 2999 of file certdb.c.

{
    CERTCertificate *cert = NULL;
    SECItem *derCert;

    derCert = cert_FindDERCertBySubjectKeyID(subjKeyID);
    if (derCert) {
        cert = CERT_FindCertByDERCert(handle, derCert);
        SECITEM_FreeItem(derCert, PR_TRUE);
    }
    return cert;
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertByUsage ( CERTCertificate *  basecert,
unsigned int  requiredKeyUsage 
)
SECStatus CERT_FindCertExtension ( CERTCertificate *  cert,
int  tag,
SECItem *  value 
)

Definition at line 60 of file certv3.c.

{
    return (cert_FindExtension (cert->extensions, tag, value));
}

Here is the call graph for this function:

SECStatus CERT_FindCertExtensionByOID ( CERTCertificate *  cert,
SECItem *  oid,
SECItem *  value 
)

Definition at line 52 of file certv3.c.

{
    return (cert_FindExtensionByOID (cert->extensions, oid, value));
}

Here is the call graph for this function:

CERTCertificate* CERT_FindCertIssuer ( CERTCertificate *  cert,
int64  validTime,
SECCertUsage  usage 
)

Definition at line 223 of file certvfy.c.

{
    NSSCertificate *me;
    NSSTime *nssTime;
    NSSTrustDomain *td;
    NSSCryptoContext *cc;
    NSSCertificate *chain[3];
    NSSUsage nssUsage;
    PRStatus status;

    me = STAN_GetNSSCertificate(cert);
    if (!me) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
       return NULL;
    }
    nssTime = NSSTime_SetPRTime(NULL, validTime);
    nssUsage.anyUsage = PR_FALSE;
    nssUsage.nss3usage = usage;
    nssUsage.nss3lookingForCA = PR_TRUE;
    memset(chain, 0, 3*sizeof(NSSCertificate *));
    td   = STAN_GetDefaultTrustDomain();
    cc = STAN_GetDefaultCryptoContext();
    (void)NSSCertificate_BuildChain(me, nssTime, &nssUsage, NULL, 
                                    chain, 2, NULL, &status, td, cc);
    nss_ZFreeIf(nssTime);
    if (status == PR_SUCCESS) {
       PORT_Assert(me == chain[0]);
       /* if it's a root, the chain will only have one cert */
       if (!chain[1]) {
           /* already has a reference from the call to BuildChain */
           return cert;
       } 
       NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
       return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */
    } 
    if (chain[0]) {
       PORT_Assert(me == chain[0]);
       NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
    }
    PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
    return NULL;
}

Here is the call graph for this function:

char* CERT_FindCertURLExtension ( CERTCertificate *  cert,
int  tag,
int  catag 
)

Definition at line 102 of file certv3.c.

{
    SECStatus rv;
    SECItem urlitem;
    SECItem baseitem;
    SECItem urlstringitem = {siBuffer,0};
    SECItem basestringitem = {siBuffer,0};
    PRArenaPool *arena = NULL;
    PRBool hasbase;
    char *urlstring;
    char *str;
    int len;
    unsigned int i;
    
    urlstring = NULL;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( ! arena ) {
       goto loser;
    }
    
    hasbase = PR_FALSE;
    urlitem.data = NULL;
    baseitem.data = NULL;
    
    rv = cert_FindExtension(cert->extensions, tag, &urlitem);
    if ( rv == SECSuccess ) {
       rv = cert_FindExtension(cert->extensions, SEC_OID_NS_CERT_EXT_BASE_URL,
                               &baseitem);
       if ( rv == SECSuccess ) {
           hasbase = PR_TRUE;
       }
       
    } else if ( catag ) {
       /* if the cert doesn't have the extensions, see if the issuer does */
       rv = CERT_FindIssuerCertExtension(cert, catag, &urlitem);
       if ( rv != SECSuccess ) {
           goto loser;
       }          
       rv = CERT_FindIssuerCertExtension(cert, SEC_OID_NS_CERT_EXT_BASE_URL,
                                    &baseitem);
       if ( rv == SECSuccess ) {
           hasbase = PR_TRUE;
       }
    } else {
       goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, &urlstringitem, SEC_IA5StringTemplate, 
                         &urlitem);

    if ( rv != SECSuccess ) {
       goto loser;
    }
    if ( hasbase ) {
       rv = SEC_QuickDERDecodeItem(arena, &basestringitem, SEC_IA5StringTemplate,
                            &baseitem);

       if ( rv != SECSuccess ) {
           goto loser;
       }
    }
    
    len = urlstringitem.len + ( hasbase ? basestringitem.len : 0 ) + 1;
    
    str = urlstring = (char *)PORT_Alloc(len);
    if ( urlstring == NULL ) {
       goto loser;
    }
    
    /* copy the URL base first */
    if ( hasbase ) {

       /* if the urlstring has a : in it, then we assume it is an absolute
        * URL, and will not get the base string pre-pended
        */
       for ( i = 0; i < urlstringitem.len; i++ ) {
           if ( urlstringitem.data[i] == ':' ) {
              goto nobase;
           }
       }
       
       PORT_Memcpy(str, basestringitem.data, basestringitem.len);
       str += basestringitem.len;
       
    }

nobase:
    /* copy the rest (or all) of the URL */
    PORT_Memcpy(str, urlstringitem.data, urlstringitem.len);
    str += urlstringitem.len;
    
    *str = '\0';
    goto done;
    
loser:
    if ( urlstring ) {
       PORT_Free(urlstring);
    }
    
    urlstring = NULL;
done:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    if ( baseitem.data ) {
       PORT_Free(baseitem.data);
    }
    if ( urlitem.data ) {
       PORT_Free(urlitem.data);
    }

    return(urlstring);
}

Here is the call graph for this function:

CERTCrlDistributionPoints* CERT_FindCRLDistributionPoints ( CERTCertificate *  cert)

Definition at line 738 of file certhigh.c.

{
    SECItem encodedExtenValue;
    SECStatus rv;
    CERTCrlDistributionPoints *dps;

    encodedExtenValue.data = NULL;
    encodedExtenValue.len = 0;

    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_CRL_DIST_POINTS,
                         &encodedExtenValue);
    if ( rv != SECSuccess ) {
       return (NULL);
    }

    dps = CERT_DecodeCRLDistributionPoints(cert->arena, &encodedExtenValue);

    PORT_Free(encodedExtenValue.data);

    return dps;
}

Here is the call graph for this function:

SECStatus CERT_FindCRLExtension ( CERTCrl *  crl,
int  tag,
SECItem *  value 
)

Definition at line 59 of file crlv2.c.

{
    return (cert_FindExtension (crl->extensions, tag, value));
}

Here is the call graph for this function:

SECStatus CERT_FindCRLExtensionByOID ( CERTCrl *  crl,
SECItem *  oid,
SECItem *  value 
)

Definition at line 52 of file crlv2.c.

{
    return (cert_FindExtensionByOID (crl->extensions, oid, value));
}

Here is the call graph for this function:

SECStatus CERT_FindCRLNumberExten ( CERTCrl *  crl,
CERTCrlNumber value 
)

Definition at line 95 of file crlv2.c.

{
    SECItem encodedExtenValue;
    SECStatus rv;

    encodedExtenValue.data = NULL;
    encodedExtenValue.len = 0;

    rv = cert_FindExtension
        (crl->extensions, SEC_OID_X509_CRL_NUMBER, &encodedExtenValue);
    if ( rv != SECSuccess )
       return (rv);

    rv = SEC_ASN1DecodeItem (NULL, value, SEC_IntegerTemplate,
                          &encodedExtenValue);
    PORT_Free (encodedExtenValue.data);
    return (rv);
}

Here is the call graph for this function:

SECStatus CERT_FindInvalidDateExten ( CERTCrl *  crl,
int64 value 
)

Definition at line 120 of file crlv2.c.

{
    SECItem encodedExtenValue;
    SECItem decodedExtenValue = {siBuffer,0};
    SECStatus rv;

    encodedExtenValue.data = decodedExtenValue.data = NULL;
    encodedExtenValue.len = decodedExtenValue.len = 0;

    rv = cert_FindExtension
        (crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
    if ( rv != SECSuccess )
       return (rv);

    rv = SEC_ASN1DecodeItem (NULL, &decodedExtenValue,
                          SEC_GeneralizedTimeTemplate, &encodedExtenValue);
    if (rv == SECSuccess)
       rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
    PORT_Free (decodedExtenValue.data);
    PORT_Free (encodedExtenValue.data);
    return (rv);
}

Here is the call graph for this function:

SECStatus CERT_FindIssuerCertExtension ( CERTCertificate *  cert,
int  tag,
SECItem *  value 
)

Definition at line 82 of file certv3.c.

{
    CERTCertificate *issuercert;
    SECStatus rv;

    issuercert = CERT_FindCertByName(cert->dbhandle, &cert->derIssuer);
    if ( issuercert ) {
       rv = cert_FindExtension(issuercert->extensions, tag, value);
       CERT_DestroyCertificate(issuercert);
    } else {
       rv = SECFailure;
    }
    
    return(rv);
}

Here is the call graph for this function:

SECStatus CERT_FindKeyUsageExtension ( CERTCertificate *  cert,
SECItem *  value 
)

Definition at line 286 of file certv3.c.

{

    return (CERT_FindBitStringExtension(cert->extensions,
                                   SEC_OID_X509_KEY_USAGE, retItem));    
}

Here is the call graph for this function:

CERTCertificate* CERT_FindMatchingCert ( CERTCertDBHandle *  handle,
SECItem *  derName,
CERTCertOwner  owner,
SECCertUsage  usage,
PRBool  preferTrusted,
int64  validTime,
PRBool  validOnly 
)

Definition at line 1523 of file certvfy.c.

{
    CERTCertList *certList = NULL;
    CERTCertificate *cert = NULL;
    unsigned int requiredTrustFlags;
    SECTrustType requiredTrustType;
    unsigned int flags;
    
    PRBool lookingForCA = PR_FALSE;
    SECStatus rv;
    CERTCertListNode *node;
    CERTCertificate *saveUntrustedCA = NULL;
    
    /* if preferTrusted is set, must be a CA cert */
    PORT_Assert( ! ( preferTrusted && ( owner != certOwnerCA ) ) );
    
    if ( owner == certOwnerCA ) {
       lookingForCA = PR_TRUE;
       if ( preferTrusted ) {
           rv = CERT_TrustFlagsForCACertUsage(usage, &requiredTrustFlags,
                                          &requiredTrustType);
           if ( rv != SECSuccess ) {
              goto loser;
           }
           requiredTrustFlags |= CERTDB_VALID_CA;
       }
    }

    certList = CERT_CreateSubjectCertList(NULL, handle, derName, validTime,
                                     validOnly);
    if ( certList != NULL ) {
       rv = CERT_FilterCertListByUsage(certList, usage, lookingForCA);
       if ( rv != SECSuccess ) {
           goto loser;
       }
       
       node = CERT_LIST_HEAD(certList);
       
       while ( !CERT_LIST_END(node, certList) ) {
           cert = node->cert;

           /* looking for a trusted CA cert */
           if ( ( owner == certOwnerCA ) && preferTrusted &&
              ( requiredTrustType != trustTypeNone ) ) {

              if ( cert->trust == NULL ) {
                  flags = 0;
              } else {
                  flags = SEC_GET_TRUST_FLAGS(cert->trust, requiredTrustType);
              }

              if ( ( flags & requiredTrustFlags ) != requiredTrustFlags ) {
                  /* cert is not trusted */
                  /* if this is the first cert to get this far, then save
                   * it, so we can use it if we can't find a trusted one
                   */
                  if ( saveUntrustedCA == NULL ) {
                     saveUntrustedCA = cert;
                  }
                  goto endloop;
              }
           }
           /* if we got this far, then this cert meets all criteria */
           break;
           
endloop:
           node = CERT_LIST_NEXT(node);
           cert = NULL;
       }

       /* use the saved one if we have it */
       if ( cert == NULL ) {
           cert = saveUntrustedCA;
       }

       /* if we found one then bump the ref count before freeing the list */
       if ( cert != NULL ) {
           /* bump the ref count */
           cert = CERT_DupCertificate(cert);
       }
       
       CERT_DestroyCertList(certList);
    }

    return(cert);

loser:
    if ( certList != NULL ) {
       CERT_DestroyCertList(certList);
    }

    return(NULL);
}

Here is the call graph for this function:

SECStatus CERT_FindNSCertTypeExtension ( CERTCertificate *  cert,
SECItem *  value 
)

Definition at line 221 of file certv3.c.

{

    return (CERT_FindBitStringExtension
           (cert->extensions, SEC_OID_NS_CERT_EXT_CERT_TYPE, retItem));    
}

Here is the call graph for this function:

char* CERT_FindNSStringExtension ( CERTCertificate *  cert,
int  oidtag 
)

Definition at line 233 of file certv3.c.

{
    SECItem wrapperItem, tmpItem = {siBuffer,0};
    SECStatus rv;
    PRArenaPool *arena = NULL;
    char *retstring = NULL;
    
    wrapperItem.data = NULL;
    tmpItem.data = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( ! arena ) {
       goto loser;
    }
    
    rv = cert_FindExtension(cert->extensions, oidtag,
                            &wrapperItem);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, &tmpItem, SEC_IA5StringTemplate, 
                         &wrapperItem);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    retstring = (char *)PORT_Alloc(tmpItem.len + 1 );
    if ( retstring == NULL ) {
       goto loser;
    }
    
    PORT_Memcpy(retstring, tmpItem.data, tmpItem.len);
    retstring[tmpItem.len] = '\0';

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    if ( wrapperItem.data ) {
       PORT_Free(wrapperItem.data);
    }

    return(retstring);
}

Here is the call graph for this function:

SECItem* CERT_FindSMimeProfile ( CERTCertificate *  cert)

Definition at line 888 of file stanpcertdb.c.

{
    PK11SlotInfo *slot = NULL;
    NSSCertificate *c;
    NSSCryptoContext *cc;
    SECItem *rvItem = NULL;

    if (!cert || !cert->emailAddr || !cert->emailAddr[0]) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    c = STAN_GetNSSCertificate(cert);
    if (!c) return NULL;
    cc = c->object.cryptoContext;
    if (cc != NULL) {
       nssSMIMEProfile *stanProfile;
       stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
       if (stanProfile) {
           rvItem = SECITEM_AllocItem(NULL, NULL, 
                                      stanProfile->profileData->size);
           if (rvItem) {
              rvItem->data = stanProfile->profileData->data;
           }
           nssSMIMEProfile_Destroy(stanProfile);
       }
       return rvItem;
    }
    rvItem =
       PK11_FindSMimeProfile(&slot, cert->emailAddr, &cert->derSubject, NULL);
    if (slot) {
       PK11_FreeSlot(slot);
    }
    return rvItem;
}

Here is the call graph for this function:

SECStatus CERT_FindSubjectKeyIDExtension ( CERTCertificate *  cert,
SECItem *  retItem 
)

Definition at line 297 of file certv3.c.

{

    SECStatus rv;
    SECItem encodedValue = {siBuffer, NULL, 0 };
    SECItem decodedValue = {siBuffer, NULL, 0 };

    rv = cert_FindExtension
        (cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID, &encodedValue);
    if (rv == SECSuccess) {
       PLArenaPool * tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
       if (tmpArena) {
           rv = SEC_QuickDERDecodeItem(tmpArena, &decodedValue, 
                                       SEC_OctetStringTemplate, 
                                   &encodedValue);
           if (rv == SECSuccess) {
               rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
           }
           PORT_FreeArena(tmpArena, PR_FALSE);
       } else {
           rv = SECFailure;
       }
    }
    SECITEM_FreeItem(&encodedValue, PR_FALSE);
    return rv;
}

Here is the call graph for this function:

CERTCertificate* CERT_FindUserCertByUsage ( CERTCertDBHandle *  handle,
char *  nickname,
SECCertUsage  usage,
PRBool  validOnly,
void proto_win 
)

Definition at line 254 of file certhigh.c.

{
    CERTCertificate *cert = NULL;
    CERTCertList *certList = NULL;
    SECStatus rv;
    int64 time;
    
    time = PR_Now();
    
    /* use the pk11 call so that we pick up any certs on tokens,
     * which may require login
     */
    /* XXX - why is this restricted? */
    if ( proto_win != NULL ) {
       cert = PK11_FindCertFromNickname(nickname,proto_win);
    }


    /* sigh, There are still problems find smart cards from the temp
     * db. This will get smart cards working again. The real fix
     * is to make sure we can search the temp db by their token nickname.
     */
    if (cert == NULL) {
       cert = CERT_FindCertByNickname(handle,nickname);
    }

    if ( cert != NULL ) {
       /* collect certs for this nickname, sorting them into the list */
       certList = CERT_CreateSubjectCertList(certList, handle, 
                                   &cert->derSubject, time, validOnly);

       CERT_FilterCertListForUserCerts(certList);

       /* drop the extra reference */
       CERT_DestroyCertificate(cert);
       cert = NULL;
    }
       
    if ( certList == NULL ) {
       goto loser;
    }
    
    /* remove certs with incorrect usage */
    rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    if ( ! CERT_LIST_END(CERT_LIST_HEAD(certList), certList) ) {
       cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
    }
    
loser:
    if ( certList != NULL ) {
       CERT_DestroyCertList(certList);
    }

    return(cert);
}

Here is the call graph for this function:

CERTCertList* CERT_FindUserCertsByUsage ( CERTCertDBHandle *  handle,
SECCertUsage  usage,
PRBool  oneCertPerName,
PRBool  validOnly,
void proto_win 
)

Definition at line 103 of file certhigh.c.

{
    CERTCertNicknames *nicknames = NULL;
    char **nnptr;
    int nn;
    CERTCertificate *cert = NULL;
    CERTCertList *certList = NULL;
    SECStatus rv;
    int64 time;
    CERTCertListNode *node = NULL;
    CERTCertListNode *freenode = NULL;
    int n;
    
    time = PR_Now();
    
    nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER,
                                  proto_win);
    
    if ( ( nicknames == NULL ) || ( nicknames->numnicknames == 0 ) ) {
       goto loser;
    }

    nnptr = nicknames->nicknames;
    nn = nicknames->numnicknames;

    while ( nn > 0 ) {
       cert = NULL;
       /* use the pk11 call so that we pick up any certs on tokens,
        * which may require login
        */
       if ( proto_win != NULL ) {
           cert = PK11_FindCertFromNickname(*nnptr,proto_win);
       }

       /* Sigh, It turns out if the cert is already in the temp db, because
        * it's in the perm db, then the nickname lookup doesn't work.
        * since we already have the cert here, though, than we can just call
        * CERT_CreateSubjectCertList directly. For those cases where we didn't
        * find the cert in pkcs #11 (because we didn't have a password arg,
        * or because the nickname is for a peer, server, or CA cert, then we
        * go look the cert up.
        */
       if (cert == NULL) { 
           cert = CERT_FindCertByNickname(handle,*nnptr);
       }

       if ( cert != NULL ) {
          /* collect certs for this nickname, sorting them into the list */
           certList = CERT_CreateSubjectCertList(certList, handle, 
                            &cert->derSubject, time, validOnly);

           CERT_FilterCertListForUserCerts(certList);
       
           /* drop the extra reference */
           CERT_DestroyCertificate(cert);
       }
       
       nnptr++;
       nn--;
    }

    /* remove certs with incorrect usage */
    rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* remove any extra certs for each name */
    if ( oneCertPerName ) {
       PRBool *flags;

       nn = nicknames->numnicknames;
       nnptr = nicknames->nicknames;
       
       flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn);
       if ( flags == NULL ) {
           goto loser;
       }
       
       node = CERT_LIST_HEAD(certList);
       
       /* treverse all certs in the list */
       while ( !CERT_LIST_END(node, certList) ) {

           /* find matching nickname index */
           for ( n = 0; n < nn; n++ ) {
              if ( CERT_MatchNickname(nnptr[n], node->cert->nickname) ) {
                  /* We found a match.  If this is the first one, then
                   * set the flag and move on to the next cert.  If this
                   * is not the first one then delete it from the list.
                   */
                  if ( flags[n] ) {
                     /* We have already seen a cert with this nickname,
                      * so delete this one.
                      */
                     freenode = node;
                     node = CERT_LIST_NEXT(node);
                     CERT_RemoveCertListNode(freenode);
                  } else {
                     /* keep the first cert for each nickname, but set the
                      * flag so we know to delete any others with the same
                      * nickname.
                      */
                     flags[n] = PR_TRUE;
                     node = CERT_LIST_NEXT(node);
                  }
                  break;
              }
           }
           if ( n == nn ) {
              /* if we get here it means that we didn't find a matching
               * nickname, which should not happen.
               */
              PORT_Assert(0);
              node = CERT_LIST_NEXT(node);
           }
       }
       PORT_Free(flags);
    }

    goto done;
    
loser:
    if ( certList != NULL ) {
       CERT_DestroyCertList(certList);
       certList = NULL;
    }

done:
    if ( nicknames != NULL ) {
       CERT_FreeNicknames(nicknames);
    }

    return(certList);
}

Here is the call graph for this function:

SECStatus CERT_FinishCertificateRequestAttributes ( CERTCertificateRequest *  req)

Definition at line 285 of file certreq.c.

{   SECItem *extlist;
    SECOidData *oidrec;
    CERTAttribute *attribute;
   
    if (!req || !req->arena) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    if (req->attributes == NULL || req->attributes[0] == NULL)
        return SECSuccess;

    extlist = SEC_ASN1EncodeItem(req->arena, NULL, &req->attributes,
                            SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate));
    if (extlist == NULL)
        return(SECFailure);

    oidrec = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
    if (oidrec == NULL)
       return SECFailure;

    /* now change the list of cert extensions into a list of attributes
     */
    req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute*, 2);

    attribute = PORT_ArenaZNew(req->arena, CERTAttribute);
    
    if (req->attributes == NULL || attribute == NULL ||
        SECITEM_CopyItem(req->arena, &attribute->attrType, &oidrec->oid) != 0) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
       return SECFailure;
    }
    attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem*, 2);

    if (attribute->attrValue == NULL)
        return SECFailure;

    attribute->attrValue[0] = extlist;
    attribute->attrValue[1] = NULL;
    req->attributes[0] = attribute;
    req->attributes[1] = NULL;

    return SECSuccess;
}

Here is the call graph for this function:

Definition at line 312 of file certxutl.c.

{
    extRec *handle;
    extNode *node;
    CERTCertExtension **exts;
    SECStatus rv = SECFailure;
    
    handle = (extRec *)exthandle;

    /* allocate space for extensions array */
    exts = PORT_ArenaNewArray(handle->ownerArena, CERTCertExtension *,
                           handle->count + 1);
    if (exts == NULL) {
       goto loser;
    }

    /* put extensions in owner object and update its version number */

#ifdef OLD
    switch (handle->type) {
      case CertificateExtensions:
       handle->owner.cert->extensions = exts;
       DER_SetUInteger (ownerArena, &(handle->owner.cert->version),
                      SEC_CERTIFICATE_VERSION_3);
       break;
      case CrlExtensions:
       handle->owner.crl->extensions = exts;
       DER_SetUInteger (ownerArena, &(handle->owner.crl->version),
                      SEC_CRL_VERSION_2);
       break;
      case OCSPRequestExtensions:
       handle->owner.request->tbsRequest->requestExtensions = exts;
       break;
      case OCSPSingleRequestExtensions:
       handle->owner.singleRequest->singleRequestExtensions = exts;   
       break;
      case OCSPResponseSingleExtensions:
       handle->owner.singleResponse->singleExtensions = exts;  
       break;
    }
#endif

    handle->setExts(handle->object, exts);
       
    /* update the version number */

    /* copy each extension pointer */
    node = handle->head;
    while ( node ) {
       *exts = node->ext;
       
       node = node->next;
       exts++;
    }

    /* terminate the array of extensions */
    *exts = 0;

    rv = SECSuccess;

loser:
    /* free working arena */
    PORT_FreeArena(handle->arena, PR_FALSE);
    return rv;
}

Here is the call graph for this function:

char* CERT_FixupEmailAddr ( char *  emailAddr)

Definition at line 2023 of file certdb.c.

{
    char *retaddr;
    char *str;

    if ( emailAddr == NULL ) {
       return(NULL);
    }
    
    /* copy the string */
    str = retaddr = PORT_Strdup(emailAddr);
    if ( str == NULL ) {
       return(NULL);
    }
    
    /* make it lower case */
    while ( *str ) {
       *str = tolower( *str );
       str++;
    }
    
    return(retaddr);
}

Here is the call graph for this function:

char* CERT_FormatName ( CERTName *  name)

Definition at line 96 of file certhtml.c.

{
    CERTRDN** rdns;
    CERTRDN * rdn;
    CERTAVA** avas;
    CERTAVA*  ava;
    char *    buf    = 0;
    char *    tmpbuf = 0;
    SECItem * cn     = 0;
    SECItem * email  = 0;
    SECItem * org    = 0;
    SECItem * loc    = 0;
    SECItem * state  = 0;
    SECItem * country       = 0;
    SECItem * dq            = 0;

    unsigned  len    = 0;
    int       tag;
    int       i;
    int       ou_count = 0;
    int       dc_count = 0;
    PRBool    first;
    SECItem * orgunit[MAX_OUS];
    SECItem * dc[MAX_DC];

    /* Loop over name components and gather the interesting ones */
    rdns = name->rdns;
    while ((rdn = *rdns++) != 0) {
       avas = rdn->avas;
       while ((ava = *avas++) != 0) {
           tag = CERT_GetAVATag(ava);
           switch(tag) {
             case SEC_OID_AVA_COMMON_NAME:
              cn = CERT_DecodeAVAValue(&ava->value);
              len += cn->len;
              break;
             case SEC_OID_AVA_COUNTRY_NAME:
              country = CERT_DecodeAVAValue(&ava->value);
              len += country->len;
              break;
             case SEC_OID_AVA_LOCALITY:
              loc = CERT_DecodeAVAValue(&ava->value);
              len += loc->len;
              break;
             case SEC_OID_AVA_STATE_OR_PROVINCE:
              state = CERT_DecodeAVAValue(&ava->value);
              len += state->len;
              break;
             case SEC_OID_AVA_ORGANIZATION_NAME:
              org = CERT_DecodeAVAValue(&ava->value);
              len += org->len;
              break;
             case SEC_OID_AVA_DN_QUALIFIER:
              dq = CERT_DecodeAVAValue(&ava->value);
              len += dq->len;
              break;
             case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
              if (ou_count < MAX_OUS) {
                     orgunit[ou_count] = CERT_DecodeAVAValue(&ava->value);
                     len += orgunit[ou_count++]->len;
              }
              break;
             case SEC_OID_AVA_DC:
              if (dc_count < MAX_DC) {
                     dc[dc_count] = CERT_DecodeAVAValue(&ava->value);
                     len += dc[dc_count++]->len;
              }
              break;
             case SEC_OID_PKCS9_EMAIL_ADDRESS:
             case SEC_OID_RFC1274_MAIL:
              email = CERT_DecodeAVAValue(&ava->value);
              len += email->len;
              break;
             default:
              break;
           }
       }
    }

    /* XXX - add some for formatting */
    len += 128;

    /* allocate buffer */
    buf = (char *)PORT_Alloc(len);
    if ( !buf ) {
       return(0);
    }

    tmpbuf = buf;
    
    if ( cn ) {
       PORT_Memcpy(tmpbuf, cn->data, cn->len);
       tmpbuf += cn->len;
       PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
       tmpbuf += BREAKLEN;
       SECITEM_FreeItem(cn, PR_TRUE);
    }
    if ( email ) {
       PORT_Memcpy(tmpbuf, email->data, email->len);
       tmpbuf += ( email->len );
       PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
       tmpbuf += BREAKLEN;
       SECITEM_FreeItem(email, PR_TRUE);
    }
    for (i=ou_count-1; i >= 0; i--) {
       PORT_Memcpy(tmpbuf, orgunit[i]->data, orgunit[i]->len);
       tmpbuf += ( orgunit[i]->len );
       PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
       tmpbuf += BREAKLEN;
       SECITEM_FreeItem(orgunit[i], PR_TRUE);
    }
    if ( dq ) {
       PORT_Memcpy(tmpbuf, dq->data, dq->len);
       tmpbuf += ( dq->len );
       PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
       tmpbuf += BREAKLEN;
       SECITEM_FreeItem(dq, PR_TRUE);
    }
    if ( org ) {
       PORT_Memcpy(tmpbuf, org->data, org->len);
       tmpbuf += ( org->len );
       PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
       tmpbuf += BREAKLEN;
       SECITEM_FreeItem(org, PR_TRUE);
    }
    for (i=dc_count-1; i >= 0; i--) {
       PORT_Memcpy(tmpbuf, dc[i]->data, dc[i]->len);
       tmpbuf += ( dc[i]->len );
       PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
       tmpbuf += BREAKLEN;
       SECITEM_FreeItem(dc[i], PR_TRUE);
    }
    first = PR_TRUE;
    if ( loc ) {
       PORT_Memcpy(tmpbuf, loc->data,  loc->len);
       tmpbuf += ( loc->len );
       first = PR_FALSE;
       SECITEM_FreeItem(loc, PR_TRUE);
    }
    if ( state ) {
       if ( !first ) {
           PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
           tmpbuf += COMMALEN;
       }
       PORT_Memcpy(tmpbuf, state->data, state->len);
       tmpbuf += ( state->len );
       first = PR_FALSE;
       SECITEM_FreeItem(state, PR_TRUE);
    }
    if ( country ) {
       if ( !first ) {
           PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
           tmpbuf += COMMALEN;
       }
       PORT_Memcpy(tmpbuf, country->data, country->len);
       tmpbuf += ( country->len );
       first = PR_FALSE;
       SECITEM_FreeItem(country, PR_TRUE);
    }
    if ( !first ) {
       PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
       tmpbuf += BREAKLEN;
    }

    *tmpbuf = 0;

    return(buf);
}

Here is the call graph for this function:

void CERT_FreeDistNames ( CERTDistNames *  names)

Definition at line 543 of file certhigh.c.

{
    PORT_FreeArena(names->arena, PR_FALSE);
    
    return;
}

Here is the call graph for this function:

void CERT_FreeNicknames ( CERTCertNicknames *  nicknames)

Definition at line 528 of file certhigh.c.

{
    PORT_FreeArena(nicknames->arena, PR_FALSE);
    
    return;
}

Here is the call graph for this function:

SECOidTag CERT_GetAVATag ( CERTAVA *  ava)

Definition at line 106 of file secname.c.

{
    SECOidData *oid;
    if (!ava->type.data) return (SECOidTag)-1;

    oid = SECOID_FindOID(&ava->type);
    
    if ( oid ) {
       return(oid->offset);
    }
    return (SECOidTag)-1;
}

Here is the call graph for this function:

CERTCertList* CERT_GetCertChainFromCert ( CERTCertificate *  cert,
int64  time,
SECCertUsage  usage 
)

Definition at line 1925 of file certvfy.c.

{
    CERTCertList *chain = NULL;

    if (NULL == cert) {
        return NULL;
    }
    
    cert = CERT_DupCertificate(cert);
    if (NULL == cert) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
        return NULL;
    }

    chain = CERT_NewCertList();
    if (NULL == chain) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
        return NULL;
    }

    while (cert != NULL) {
       if (SECSuccess != CERT_AddCertToListTail(chain, cert)) {
            /* return partial chain */
            PORT_SetError(SEC_ERROR_NO_MEMORY);
            return chain;
        }

       if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject)
           == SECEqual) {
            /* return complete chain */
           return chain;
       }

       cert = CERT_FindCertIssuer(cert, time, usage);
    }

    /* return partial chain */
    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
    return chain;
}

Here is the call graph for this function:

char* CERT_GetCertCommentString ( CERTCertificate *  cert)

Definition at line 394 of file polcyxtn.c.

{
    char *retstring = NULL;
    SECStatus rv;
    SECItem policyItem;
    CERTCertificatePolicies *policies = NULL;
    CERTPolicyInfo **policyInfos;
    CERTPolicyQualifier **policyQualifiers, *qualifier;

    policyItem.data = NULL;
    
    rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES,
                            &policyItem);
    if ( rv != SECSuccess ) {
       goto nopolicy;
    }

    policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
    if ( policies == NULL ) {
       goto nopolicy;
    }

    policyInfos = policies->policyInfos;
    /* search through policyInfos looking for the verisign policy */
    while (*policyInfos != NULL ) {
       if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) {
           policyQualifiers = (*policyInfos)->policyQualifiers;
           /* search through the policy qualifiers looking for user notice */
           while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
              qualifier = *policyQualifiers;
              if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) {
                  retstring =
                     stringFromUserNotice(&qualifier->qualifierValue);
                  break;
              }

              policyQualifiers++;
           }
           break;
       }
       policyInfos++;
    }

nopolicy:
    if ( policyItem.data != NULL ) {
       PORT_Free(policyItem.data);
    }

    if ( policies != NULL ) {
       CERT_DestroyCertificatePoliciesExtension(policies);
    }
    
    if ( retstring == NULL ) {
       retstring = CERT_FindNSStringExtension(cert,
                                          SEC_OID_NS_CERT_EXT_COMMENT);
    }
    
    if ( retstring != NULL ) {
       breakLines(retstring);
    }
    
    return(retstring);
}

Here is the call graph for this function:

char* CERT_GetCertEmailAddress ( CERTName *  name)

Definition at line 1148 of file alg1485.c.

{
    char *rawEmailAddr;
    char *emailAddr;

    
    rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_PKCS9_EMAIL_ADDRESS);
    if ( rawEmailAddr == NULL ) {
       rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_MAIL);
    }
    emailAddr = CERT_FixupEmailAddr(rawEmailAddr);
    if ( rawEmailAddr ) {
       PORT_Free(rawEmailAddr);
    }
    return(emailAddr);
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* CERT_GetCertificateEmailAddress ( CERTCertificate *  cert)

Definition at line 923 of file alg1485.c.

{
    char *rawEmailAddr = NULL;
    SECItem subAltName;
    SECStatus rv;
    CERTGeneralName *nameList = NULL;
    CERTGeneralName *current;
    PRArenaPool *arena = NULL;
    int i;
    
    subAltName.data = NULL;

    rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject),
                                           SEC_OID_PKCS9_EMAIL_ADDRESS);
    if ( rawEmailAddr == NULL ) {
       rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject), 
                                                 SEC_OID_RFC1274_MAIL);
    }
    if ( rawEmailAddr == NULL) {

       rv = CERT_FindCertExtension(cert,  SEC_OID_X509_SUBJECT_ALT_NAME, 
                                                        &subAltName);
       if (rv != SECSuccess) {
           goto finish;
       }
       arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
       if (!arena) {
           goto finish;
       }
       nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName);
       if (!nameList ) {
           goto finish;
       }
       if (nameList != NULL) {
           do {
              if (current->type == certDirectoryName) {
                  rawEmailAddr = CERT_GetNameElement(cert->arena,
                     &(current->name.directoryName), 
                                          SEC_OID_PKCS9_EMAIL_ADDRESS);
                  if ( rawEmailAddr == NULL ) {
                     rawEmailAddr = CERT_GetNameElement(cert->arena,
                       &(current->name.directoryName), SEC_OID_RFC1274_MAIL);
                  }
              } else if (current->type == certRFC822Name) {
                  rawEmailAddr = (char*)PORT_ArenaZAlloc(cert->arena,
                                          current->name.other.len + 1);
                  if (!rawEmailAddr) {
                     goto finish;
                  }
                  PORT_Memcpy(rawEmailAddr, current->name.other.data, 
                            current->name.other.len);
                  rawEmailAddr[current->name.other.len] = '\0';
              }
              if (rawEmailAddr) {
                  break;
              }
              current = CERT_GetNextGeneralName(current);
           } while (current != nameList);
       }
    }
    if (rawEmailAddr) {
       for (i = 0; i <= (int) PORT_Strlen(rawEmailAddr); i++) {
           rawEmailAddr[i] = tolower(rawEmailAddr[i]);
       }
    } 

finish:

    /* Don't free nameList, it's part of the arena. */

    if (arena) {
       PORT_FreeArena(arena, PR_FALSE);
    }

    if ( subAltName.data ) {
       SECITEM_FreeItem(&subAltName, PR_FALSE);
    }

    return(rawEmailAddr);
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTGeneralName* CERT_GetCertificateNames ( CERTCertificate *  cert,
PRArenaPool arena 
)

Definition at line 1051 of file genname.c.

{
    CERTGeneralName  *DN;
    CERTGeneralName  *altName         = NULL;
    SECItem          altNameExtension = {siBuffer, NULL, 0 };
    SECStatus        rv;

    /* TODO: mark arena */
    DN = cert_NewGeneralName(arena, certDirectoryName);
    if (DN == NULL) {
       goto loser;
    }
    rv = CERT_CopyName(arena, &DN->name.directoryName, &cert->subject);
    if (rv != SECSuccess) {
       goto loser;
    }
    rv = SECITEM_CopyItem(arena, &DN->derDirectoryName, &cert->derSubject);
    if (rv != SECSuccess) {
       goto loser;
    }
    /* Extract email addresses from DN, construct CERTGeneralName structs 
    ** for them, add them to the name list 
    */
    rv = cert_ExtractDNEmailAddrs(DN, arena);
    if (rv != SECSuccess)
        goto loser;

    /* Now extract any GeneralNames from the subject name names extension. */
    rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, 
                            &altNameExtension);
    if (rv == SECSuccess) {
       altName = CERT_DecodeAltNameExtension(arena, &altNameExtension);
       rv = altName ? SECSuccess : SECFailure;
    }
    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND)
       rv = SECSuccess;
    if (altNameExtension.data)
       SECITEM_FreeItem(&altNameExtension, PR_FALSE);
    if (rv != SECSuccess)
        goto loser;
    DN = cert_CombineNamesLists(DN, altName);

    /* TODO: unmark arena */
    return DN;
loser:
    /* TODO: release arena to mark */
    return NULL;
}

Here is the call graph for this function:

SECStatus CERT_GetCertificateRequestExtensions ( CERTCertificateRequest *  req,
CERTCertExtension ***  exts 
)

Definition at line 331 of file certreq.c.

{
    if (req == NULL || exts == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    
    if (req->attributes == NULL || *req->attributes == NULL)
        return SECSuccess;
    
    if ((*req->attributes)->attrValue == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    return(SEC_ASN1DecodeItem(req->arena, exts, 
            SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate),
            (*req->attributes)->attrValue[0]));
}

Here is the call graph for this function:

CERTIssuerAndSN* CERT_GetCertIssuerAndSN ( PRArenaPool ,
CERTCertificate *   
)

Definition at line 1667 of file certdb.c.

{
    CERTIssuerAndSN *result;
    SECStatus rv;

    if ( arena == NULL ) {
       arena = cert->arena;
    }
    
    result = (CERTIssuerAndSN*)PORT_ArenaZAlloc(arena, sizeof(*result));
    if (result == NULL) {
       PORT_SetError (SEC_ERROR_NO_MEMORY);
       return NULL;
    }

    rv = SECITEM_CopyItem(arena, &result->derIssuer, &cert->derIssuer);
    if (rv != SECSuccess)
       return NULL;

    rv = CERT_CopyName(arena, &result->issuer, &cert->issuer);
    if (rv != SECSuccess)
       return NULL;

    rv = SECITEM_CopyItem(arena, &result->serialNumber, &cert->serialNumber);
    if (rv != SECSuccess)
       return NULL;

    return result;
}

Here is the call graph for this function:

KeyType CERT_GetCertKeyType ( CERTSubjectPublicKeyInfo *  spki)

Definition at line 953 of file seckey.c.

                                                     {
    int tag;
    KeyType keyType;

    tag = SECOID_GetAlgorithmTag(&spki->algorithm);
    switch (tag) {
      case SEC_OID_X500_RSA_ENCRYPTION:
      case SEC_OID_PKCS1_RSA_ENCRYPTION:
       keyType = rsaKey;
       break;
      case SEC_OID_ANSIX9_DSA_SIGNATURE:
       keyType = dsaKey;
       break;
      case SEC_OID_MISSI_KEA_DSS_OLD:
      case SEC_OID_MISSI_KEA_DSS:
      case SEC_OID_MISSI_DSS_OLD:
      case SEC_OID_MISSI_DSS:  
       keyType = fortezzaKey;
       break;
      case SEC_OID_MISSI_KEA:
      case SEC_OID_MISSI_ALT_KEA:
       keyType = keaKey;
       break;
      case SEC_OID_X942_DIFFIE_HELMAN_KEY:
       keyType = dhKey;
       break;
      case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
       keyType = ecKey;
       break;
      default:
       keyType = nullKey;
    }
    return keyType;
}

Here is the call graph for this function:

CERTCertNicknames* CERT_GetCertNicknames ( CERTCertDBHandle *  handle,
int  what,
void wincx 
)

Definition at line 469 of file certhigh.c.

{
    PRArenaPool *arena;
    CERTCertNicknames *names;
    int i;
    stringNode *node;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       return(NULL);
    }
    
    names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
    if ( names == NULL ) {
       goto loser;
    }

    names->arena = arena;
    names->head = NULL;
    names->numnicknames = 0;
    names->nicknames = NULL;
    names->what = what;
    names->totallen = 0;

    /* make sure we are logged in */
    (void) pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
   
    NSSTrustDomain_TraverseCertificates(handle,
                                       CollectNicknames, (void *)names);
    if ( names->numnicknames ) {
       names->nicknames = (char**)PORT_ArenaAlloc(arena,
                                    names->numnicknames * sizeof(char *));

       if ( names->nicknames == NULL ) {
           goto loser;
       }
    
       node = (stringNode *)names->head;
       
       for ( i = 0; i < names->numnicknames; i++ ) {
           PORT_Assert(node != NULL);
           
           names->nicknames[i] = node->string;
           names->totallen += PORT_Strlen(node->string);
           node = node->next;
       }

       PORT_Assert(node == NULL);
    }

    return(names);
    
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return(NULL);
}

Here is the call graph for this function:

char* CERT_GetCertNicknameWithValidity ( PRArenaPool arena,
CERTCertificate *  cert,
char *  expiredString,
char *  notYetGoodString 
)

Definition at line 1718 of file certvfy.c.

{
    SECCertTimeValidity validity;
    char *nickname = NULL, *tmpstr = NULL;
    
    validity = CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE);

    /* if the cert is good, then just use the nickname directly */
    if ( validity == secCertTimeValid ) {
       if ( arena == NULL ) {
           nickname = PORT_Strdup(cert->nickname);
       } else {
           nickname = PORT_ArenaStrdup(arena, cert->nickname);
       }
       
       if ( nickname == NULL ) {
           goto loser;
       }
    } else {
           
       /* if the cert is not valid, then tack one of the strings on the
        * end
        */
       if ( validity == secCertTimeExpired ) {
           tmpstr = PR_smprintf("%s%s", cert->nickname,
                             expiredString);
       } else if ( validity == secCertTimeNotValidYet ) {
           /* not yet valid */
           tmpstr = PR_smprintf("%s%s", cert->nickname,
                             notYetGoodString);
        } else {
            /* undetermined */
           tmpstr = PR_smprintf("%s",
                        "(NULL) (Validity Unknown)");
        }

       if ( tmpstr == NULL ) {
           goto loser;
       }

       if ( arena ) {
           /* copy the string into the arena and free the malloc'd one */
           nickname = PORT_ArenaStrdup(arena, tmpstr);
           PORT_Free(tmpstr);
       } else {
           nickname = tmpstr;
       }
       if ( nickname == NULL ) {
           goto loser;
       }
    }    
    return(nickname);

loser:
    return(NULL);
}

Here is the call graph for this function:

SECStatus CERT_GetCertTimes ( CERTCertificate *  c,
PRTime notBefore,
PRTime notAfter 
)

Definition at line 973 of file certdb.c.

{
    SECStatus rv;

    if (!c || !notBefore || !notAfter) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    
    /* convert DER not-before time */
    rv = DER_DecodeTimeChoice(notBefore, &c->validity.notBefore);
    if (rv) {
       return(SECFailure);
    }
    
    /* convert DER not-after time */
    rv = DER_DecodeTimeChoice(notAfter, &c->validity.notAfter);
    if (rv) {
       return(SECFailure);
    }

    return(SECSuccess);
}

Here is the call graph for this function:

SECStatus CERT_GetCertTrust ( CERTCertificate *  cert,
CERTCertTrust *  trust 
)

Definition at line 104 of file stanpcertdb.c.

{
    SECStatus rv;
    CERT_LockCertTrust(cert);
    if ( cert->trust == NULL ) {
       rv = SECFailure;
    } else {
       *trust = *cert->trust;
       rv = SECSuccess;
    }
    CERT_UnlockCertTrust(cert);
    return(rv);
}

Here is the call graph for this function:

SECStatus cert_GetCertType ( CERTCertificate *  cert)

Definition at line 528 of file certdb.c.

{
    SECStatus rv;
    SECItem tmpitem;
    SECItem encodedExtKeyUsage;
    CERTOidSequence *extKeyUsage = NULL;
    PRBool basicConstraintPresent = PR_FALSE;
    CERTBasicConstraints basicConstraint;
    unsigned int nsCertType = 0;

    if (cert->nsCertType) {
        /* once set, no need to recalculate */
        return SECSuccess;
    }

    tmpitem.data = NULL;
    CERT_FindNSCertTypeExtension(cert, &tmpitem);
    encodedExtKeyUsage.data = NULL;
    rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, 
                            &encodedExtKeyUsage);
    if (rv == SECSuccess) {
       extKeyUsage = CERT_DecodeOidSequence(&encodedExtKeyUsage);
    }
    rv = CERT_FindBasicConstraintExten(cert, &basicConstraint);
    if (rv == SECSuccess) {
       basicConstraintPresent = PR_TRUE;
    }
    if (tmpitem.data != NULL || extKeyUsage != NULL) {
       if (tmpitem.data == NULL) {
           nsCertType = 0;
       } else {
           nsCertType = tmpitem.data[0];
       }

       /* free tmpitem data pointer to avoid memory leak */
       PORT_Free(tmpitem.data);
       tmpitem.data = NULL;
       
       /*
        * for this release, we will allow SSL certs with an email address
        * to be used for email
        */
       if ( ( nsCertType & NS_CERT_TYPE_SSL_CLIENT ) &&
           cert->emailAddr && cert->emailAddr[0]) {
           nsCertType |= NS_CERT_TYPE_EMAIL;
       }
       /*
        * for this release, we will allow SSL intermediate CAs to be
        * email intermediate CAs too.
        */
       if ( nsCertType & NS_CERT_TYPE_SSL_CA ) {
           nsCertType |= NS_CERT_TYPE_EMAIL_CA;
       }
       /*
        * allow a cert with the extended key usage of EMail Protect
        * to be used for email or as an email CA, if basic constraints
        * indicates that it is a CA.
        */
       if (findOIDinOIDSeqByTagNum(extKeyUsage, 
                                SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT) ==
           SECSuccess) {
           if (basicConstraintPresent == PR_TRUE &&
              (basicConstraint.isCA)) {
              nsCertType |= NS_CERT_TYPE_EMAIL_CA;
           } else {
              nsCertType |= NS_CERT_TYPE_EMAIL;
           }
       }
       if (findOIDinOIDSeqByTagNum(extKeyUsage, 
                                SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) ==
           SECSuccess){
           if (basicConstraintPresent == PR_TRUE &&
              (basicConstraint.isCA)) {
              nsCertType |= NS_CERT_TYPE_SSL_CA;
           } else {
              nsCertType |= NS_CERT_TYPE_SSL_SERVER;
           }
       }
       /* Treat certs with step-up OID as also having SSL server type. */
       if (findOIDinOIDSeqByTagNum(extKeyUsage, 
                                SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) ==
           SECSuccess){
           if (basicConstraintPresent == PR_TRUE &&
              (basicConstraint.isCA)) {
              nsCertType |= NS_CERT_TYPE_SSL_CA;
           } else {
              nsCertType |= NS_CERT_TYPE_SSL_SERVER;
           }
       }
       if (findOIDinOIDSeqByTagNum(extKeyUsage,
                                SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) ==
           SECSuccess){
           if (basicConstraintPresent == PR_TRUE &&
              (basicConstraint.isCA)) {
              nsCertType |= NS_CERT_TYPE_SSL_CA;
           } else {
              nsCertType |= NS_CERT_TYPE_SSL_CLIENT;
           }
       }
       if (findOIDinOIDSeqByTagNum(extKeyUsage,
                                SEC_OID_EXT_KEY_USAGE_CODE_SIGN) ==
           SECSuccess) {
           if (basicConstraintPresent == PR_TRUE &&
              (basicConstraint.isCA)) {
              nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
           } else {
              nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING;
           }
       }
       if (findOIDinOIDSeqByTagNum(extKeyUsage,
                                SEC_OID_EXT_KEY_USAGE_TIME_STAMP) ==
           SECSuccess) {
           nsCertType |= EXT_KEY_USAGE_TIME_STAMP;
       }
       if (findOIDinOIDSeqByTagNum(extKeyUsage,
                                SEC_OID_OCSP_RESPONDER) == 
           SECSuccess) {
           nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
       }
    } else {
       /* if no extension, then allow any ssl or email (no ca or object
        * signing)
        */
       nsCertType = NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER |
           NS_CERT_TYPE_EMAIL;

       /* if the basic constraint extension says the cert is a CA, then
          allow SSL CA and EMAIL CA and Status Responder */
       if ((basicConstraintPresent == PR_TRUE)
           && (basicConstraint.isCA)) {
              nsCertType |= NS_CERT_TYPE_SSL_CA;
              nsCertType |= NS_CERT_TYPE_EMAIL_CA;
              nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
       } else if (CERT_IsCACert(cert, NULL) == PR_TRUE) {
              nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
       }

       /* if the cert is a fortezza CA cert, then allow SSL CA and EMAIL CA */
       if (fortezzaIsCA(cert)) {
              nsCertType |= NS_CERT_TYPE_SSL_CA;
              nsCertType |= NS_CERT_TYPE_EMAIL_CA;
       }
    }

    if (encodedExtKeyUsage.data != NULL) {
       PORT_Free(encodedExtKeyUsage.data);
    }
    if (extKeyUsage != NULL) {
       CERT_DestroyOidSequence(extKeyUsage);
    }
    /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */
    PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32));
    PR_AtomicSet((PRInt32 *)&cert->nsCertType, nsCertType);
    return(SECSuccess);
}

Here is the call graph for this function:

char* CERT_GetCertUid ( CERTName *  name)

Definition at line 1215 of file alg1485.c.

Here is the call graph for this function:

char* CERT_GetCommonName ( CERTName *  name)

Definition at line 1167 of file alg1485.c.

Here is the call graph for this function:

Here is the caller graph for this function:

char* CERT_GetCountryName ( CERTName *  name)

Definition at line 1173 of file alg1485.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int CERT_GetDBContentVersion ( CERTCertDBHandle *  handle)

Definition at line 710 of file stanpcertdb.c.

{
    /* should read the DB content version from the pkcs #11 device */
    return 0;
}
CERTCertDBHandle* CERT_GetDefaultCertDB ( void  )

Definition at line 1303 of file certdb.c.

char* CERT_GetDomainComponentName ( CERTName *  name)

Definition at line 1197 of file alg1485.c.

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_GetExtenCriticality ( CERTCertExtension **  extensions,
int  tag,
PRBool isCritical 
)

Definition at line 96 of file certxutl.c.

{
    CERTCertExtension *ext;
    SECOidData *oid;

    if (!isCritical)
       return (SECSuccess);
    
    /* find the extension in the extensions list */
    oid = SECOID_FindOIDByTag((SECOidTag)tag);
    if ( !oid ) {
       return(SECFailure);
    }
    ext = GetExtension (extensions, &oid->oid);
    if (ext == NULL) {
       PORT_SetError (SEC_ERROR_EXTENSION_NOT_FOUND);
       return (SECFailure);
    }

    /* If the criticality is omitted, then it is false by default.
       ex->critical.data is NULL */
    if (ext->critical.data == NULL)
       *isCritical = PR_FALSE;
    else
       *isCritical = (ext->critical.data[0] == 0xff) ? PR_TRUE : PR_FALSE;
    return (SECSuccess);    
}

Here is the call graph for this function:

const char* CERT_GetFirstEmailAddress ( CERTCertificate *  cert)

Definition at line 1120 of file alg1485.c.

{
    if (cert && cert->emailAddr && cert->emailAddr[0])
       return (const char *)cert->emailAddr;
    return NULL;
}

Here is the caller graph for this function:

void* CERT_GetGeneralNameByType ( CERTGeneralName *  genNames,
CERTGeneralNameType  type,
PRBool  derFormat 
)

Definition at line 943 of file genname.c.

{
    CERTGeneralName *current;
    
    if (!genNames)
       return NULL;
    current = genNames;

    do {
       if (current->type == type) {
           switch (type) {
           case certDNSName:
           case certEDIPartyName:
           case certIPAddress:
           case certRegisterID:
           case certRFC822Name:
           case certX400Address:
           case certURI: 
              return (void *)&current->name.other;           /* SECItem * */

           case certOtherName: 
              return (void *)&current->name.OthName;         /* OthName * */

           case certDirectoryName: 
              return derFormat 
                     ? (void *)&current->derDirectoryName    /* SECItem * */
                     : (void *)&current->name.directoryName; /* CERTName * */
           }
           PORT_Assert(0); 
           return NULL;
       }
       current = CERT_GetNextGeneralName(current);
    } while (current != genNames);
    return NULL;
}

Here is the call graph for this function:

char* CERT_GetLocalityName ( CERTName *  name)

Definition at line 1179 of file alg1485.c.

Here is the call graph for this function:

Here is the caller graph for this function:

const char* CERT_GetNextEmailAddress ( CERTCertificate *  cert,
const char *  prev 
)

Definition at line 1132 of file alg1485.c.

{
    if (cert && prev && prev[0]) {
       PRUint32 len = PL_strlen(prev);
       prev += len + 1;
       if (prev && prev[0])
           return prev;
    }
    return NULL;
}

Here is the caller graph for this function:

CERTGeneralName* CERT_GetNextGeneralName ( CERTGeneralName *  current)

Definition at line 285 of file genname.c.

{
    PRCList *next;
    
    next = current->l.next;
    return (CERTGeneralName *) (((char *) next) - offsetof(CERTGeneralName, l));
}
CERTNameConstraint* CERT_GetNextNameConstraint ( CERTNameConstraint *  current)

Definition at line 302 of file genname.c.

{
    PRCList *next;
    
    next = current->l.next;
    return (CERTNameConstraint *) (((char *) next) - offsetof(CERTNameConstraint, l));
}
char* CERT_GetNickName ( CERTCertificate *  cert,
CERTCertDBHandle *  handle,
PRArenaPool nicknameArena 
)

Definition at line 1534 of file genname.c.

{ 
    CERTGeneralName  *current;
    CERTGeneralName  *names;
    char             *nickname   = NULL;
    char             *returnName = NULL;
    char             *basename   = NULL;
    PRArenaPool      *arena      = NULL;
    CERTCertificate  *tmpcert;
    SECStatus        rv;
    int              count;
    int              found = 0;
    SECItem          altNameExtension;
    SECItem          nick;

    if (handle == NULL) {
       handle = CERT_GetDefaultCertDB();
    }
    altNameExtension.data = NULL;
    rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, 
                            &altNameExtension);
    if (rv != SECSuccess) { 
       goto loser; 
    }
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       goto loser;
    }
    names = CERT_DecodeAltNameExtension(arena, &altNameExtension);
    if (names == NULL) {
       goto loser;
    } 
    current = names;
    do {
       if (current->type == certOtherName && 
           SECOID_FindOIDTag(&current->name.OthName.oid) == 
             SEC_OID_NETSCAPE_NICKNAME) {
           found = 1;
           break;
       }
       current = CERT_GetNextGeneralName(current);
    } while (current != names);
    if (!found)
       goto loser;

    rv = SEC_ASN1DecodeItem(arena, &nick, SEC_IA5StringTemplate, 
                         &current->name.OthName.name);
    if (rv != SECSuccess) {
       goto loser;
    }

    /* make a null terminated string out of nick, with room enough at
    ** the end to add on a number of up to 21 digits in length, (a signed
    ** 64-bit number in decimal) plus a space and a "#". 
    */
    nickname = (char*)PORT_ZAlloc(nick.len + 24);
    if (!nickname) 
       goto loser;
    PORT_Strncpy(nickname, (char *)nick.data, nick.len);

    /* Don't let this cert's nickname duplicate one already in the DB.
    ** If it does, create a variant of the nickname that doesn't.
    */
    count = 0;
    while ((tmpcert = CERT_FindCertByNickname(handle, nickname)) != NULL) {
       CERT_DestroyCertificate(tmpcert);
       if (!basename) {
           basename = PORT_Strdup(nickname);
           if (!basename)
              goto loser;
       }
       count++;
       sprintf(nickname, "%s #%d", basename, count);
    }

    /* success */
    if (nicknameArena) {
       returnName =  PORT_ArenaStrdup(nicknameArena, nickname);
    } else {
       returnName = nickname;
       nickname = NULL;
    }
loser:
    if (arena != NULL) 
       PORT_FreeArena(arena, PR_FALSE);
    if (nickname)
       PORT_Free(nickname);
    if (basename)
       PORT_Free(basename);
    if (altNameExtension.data)
       PORT_Free(altNameExtension.data);
    return returnName;
}

Here is the call graph for this function:

char* CERT_GetOidString ( const SECItem *  oid)

Definition at line 550 of file alg1485.c.

{
    PRUint8 *end;
    PRUint8 *d;
    PRUint8 *e;
    char *a         = NULL;
    char *b;

#define MAX_OID_LEN 1024 /* bytes */

    if (oid->len > MAX_OID_LEN) {
       PORT_SetError(SEC_ERROR_INPUT_LEN);
       return NULL;
    }

    /* d will point to the next sequence of bytes to decode */
    d = (PRUint8 *)oid->data;
    /* end points to one past the legitimate data */
    end = &d[ oid->len ];

    /*
     * Check for our pseudo-encoded single-digit OIDs
     */
    if( (*d == 0x80) && (2 == oid->len) ) {
       /* Funky encoding.  The second byte is the number */
       a = PR_smprintf("%lu", (PRUint32)d[1]);
       if( (char *)NULL == a ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           return (char *)NULL;
       }
       return a;
    }

    for( ; d < end; d = &e[1] ) {
    
       for( e = d; e < end; e++ ) {
           if( 0 == (*e & 0x80) ) {
              break;
           }
       }
    
       if( ((e-d) > 4) || (((e-d) == 4) && (*d & 0x70)) ) {
           /* More than a 32-bit number */
       } else {
           PRUint32 n = 0;
      
           switch( e-d ) {
           case 4:
              n |= ((PRUint32)(e[-4] & 0x0f)) << 28;
           case 3:
              n |= ((PRUint32)(e[-3] & 0x7f)) << 21;
           case 2:
              n |= ((PRUint32)(e[-2] & 0x7f)) << 14;
           case 1:
              n |= ((PRUint32)(e[-1] & 0x7f)) <<  7;
           case 0:
              n |= ((PRUint32)(e[-0] & 0x7f))      ;
           }
      
           if( (char *)NULL == a ) {
              /* This is the first number.. decompose it */
              PRUint32 one = PR_MIN(n/40, 2); /* never > 2 */
              PRUint32 two = n - one * 40;
        
              a = PR_smprintf("OID.%lu.%lu", one, two);
              if( (char *)NULL == a ) {
                  PORT_SetError(SEC_ERROR_NO_MEMORY);
                  return (char *)NULL;
              }
           } else {
              b = PR_smprintf("%s.%lu", a, n);
              if( (char *)NULL == b ) {
                  PR_smprintf_free(a);
                  PORT_SetError(SEC_ERROR_NO_MEMORY);
                  return (char *)NULL;
              }
        
              PR_smprintf_free(a);
              a = b;
           }
       }
    }

    return a;
}

Here is the call graph for this function:

Here is the caller graph for this function: