Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions
certdb.h File Reference

Go to the source code of this file.

Defines

#define CERTDB_VALID_PEER   (1<<0)
#define CERTDB_TRUSTED   (1<<1)
#define CERTDB_SEND_WARN   (1<<2)
#define CERTDB_VALID_CA   (1<<3)
#define CERTDB_TRUSTED_CA   (1<<4) /* trusted for issuing server certs */
#define CERTDB_NS_TRUSTED_CA   (1<<5)
#define CERTDB_USER   (1<<6)
#define CERTDB_TRUSTED_CLIENT_CA   (1<<7) /* trusted for issuing client certs */
#define CERTDB_INVISIBLE_CA   (1<<8) /* don't show in UI */
#define CERTDB_GOVT_APPROVED_CA   (1<<9) /* can do strong crypto in export ver */

Functions

SEC_BEGIN_PROTOS CERTSignedCrl * SEC_FindCrlByKey (CERTCertDBHandle *handle, SECItem *crlKey, int type)
CERTSignedCrl * SEC_FindCrlByName (CERTCertDBHandle *handle, SECItem *crlKey, int type)
CERTSignedCrl * SEC_FindCrlByDERCert (CERTCertDBHandle *handle, SECItem *derCrl, int type)
PRBool SEC_CertNicknameConflict (char *nickname, SECItem *derSubject, CERTCertDBHandle *handle)
CERTSignedCrl * SEC_NewCrl (CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type)
SECStatus SEC_DeletePermCRL (CERTSignedCrl *crl)
SECStatus SEC_LookupCrls (CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type)
SECStatus SEC_DestroyCrl (CERTSignedCrl *crl)
CERTSignedCrl * SEC_DupCrl (CERTSignedCrl *acrl)
SECStatus CERT_AddTempCertToPerm (CERTCertificate *cert, char *nickname, CERTCertTrust *trust)
SECStatus SEC_DeletePermCertificate (CERTCertificate *cert)
PRBool SEC_CrlIsNewer (CERTCrl *inNew, CERTCrl *old)
SECCertTimeValidity SEC_CheckCrlTimes (CERTCrl *crl, PRTime t)

Define Documentation

#define CERTDB_GOVT_APPROVED_CA   (1<<9) /* can do strong crypto in export ver */

Definition at line 51 of file certdb.h.

#define CERTDB_INVISIBLE_CA   (1<<8) /* don't show in UI */

Definition at line 50 of file certdb.h.

Definition at line 47 of file certdb.h.

#define CERTDB_SEND_WARN   (1<<2)

Definition at line 44 of file certdb.h.

#define CERTDB_TRUSTED   (1<<1)

Definition at line 43 of file certdb.h.

#define CERTDB_TRUSTED_CA   (1<<4) /* trusted for issuing server certs */

Definition at line 46 of file certdb.h.

#define CERTDB_TRUSTED_CLIENT_CA   (1<<7) /* trusted for issuing client certs */

Definition at line 49 of file certdb.h.

#define CERTDB_USER   (1<<6)

Definition at line 48 of file certdb.h.

#define CERTDB_VALID_CA   (1<<3)

Definition at line 45 of file certdb.h.

#define CERTDB_VALID_PEER   (1<<0)

Definition at line 42 of file certdb.h.


Function Documentation

SECStatus CERT_AddTempCertToPerm ( CERTCertificate *  cert,
char *  nickname,
CERTCertTrust *  trust 
)

Definition at line 216 of file stanpcertdb.c.

{
    return __CERT_AddTempCertToPerm(cert, nickname, trust);
}

Here is the call graph for this function:

PRBool SEC_CertNicknameConflict ( char *  nickname,
SECItem *  derSubject,
CERTCertDBHandle *  handle 
)

Definition at line 68 of file stanpcertdb.c.

{
    CERTCertificate *cert;
    PRBool conflict = PR_FALSE;

    cert=CERT_FindCertByNickname(handle, nickname);

    if (!cert) {
       return conflict;
    }

    conflict = !SECITEM_ItemsAreEqual(derSubject,&cert->derSubject);
    CERT_DestroyCertificate(cert);
    return conflict;
}

Here is the call graph for this function:

SECCertTimeValidity SEC_CheckCrlTimes ( CERTCrl *  crl,
PRTime  t 
)

Definition at line 1066 of file certdb.c.

                                          {
    PRTime notBefore, notAfter, llPendingSlop, tmp1;
    SECStatus rv;

    rv = SEC_GetCrlTimes(crl, &notBefore, &notAfter);
    
    if (rv) {
       return(secCertTimeExpired); 
    }

    LL_I2L(llPendingSlop, pendingSlop);
    /* convert to micro seconds */
    LL_I2L(tmp1, PR_USEC_PER_SEC);
    LL_MUL(llPendingSlop, llPendingSlop, tmp1);
    LL_SUB(notBefore, notBefore, llPendingSlop);
    if ( LL_CMP( t, <, notBefore ) ) {
       return(secCertTimeNotValidYet);
    }

    /* If next update is omitted and the test for notBefore passes, then
       we assume that the crl is up to date.
     */
    if ( LL_IS_ZERO(notAfter) ) {
       return(secCertTimeValid);
    }

    if ( LL_CMP( t, >, notAfter) ) {
       return(secCertTimeExpired);
    }

    return(secCertTimeValid);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SEC_CrlIsNewer ( CERTCrl *  inNew,
CERTCrl *  old 
)

Definition at line 1100 of file certdb.c.

                                             {
    PRTime newNotBefore, newNotAfter;
    PRTime oldNotBefore, oldNotAfter;
    SECStatus rv;

    /* problems with the new CRL? reject it */
    rv = SEC_GetCrlTimes(inNew, &newNotBefore, &newNotAfter);
    if (rv) return PR_FALSE;

    /* problems with the old CRL? replace it */
    rv = SEC_GetCrlTimes(old, &oldNotBefore, &oldNotAfter);
    if (rv) return PR_TRUE;

    /* Question: what about the notAfter's? */
    return ((PRBool)LL_CMP(oldNotBefore, <, newNotBefore));
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_DeletePermCertificate ( CERTCertificate *  cert)

Definition at line 86 of file stanpcertdb.c.

{
    PRStatus nssrv;
    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
    NSSCertificate *c = STAN_GetNSSCertificate(cert);

    /* get rid of the token instances */
    nssrv = NSSCertificate_DeleteStoredObject(c, NULL);

    /* get rid of the cache entry */
    nssTrustDomain_LockCertCache(td);
    nssTrustDomain_RemoveCertFromCacheLOCKED(td, c);
    nssTrustDomain_UnlockCertCache(td);

    return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
}

Here is the call graph for this function:

SECStatus SEC_DeletePermCRL ( CERTSignedCrl *  crl)

Definition at line 539 of file pk11nobj.c.

{
    PRStatus status;
    NSSToken *token;
    nssCryptokiObject *object;
    PK11SlotInfo *slot = crl->slot;

    if (slot == NULL) {
        PORT_Assert(slot);
       /* shouldn't happen */
       PORT_SetError( SEC_ERROR_CRL_INVALID);
       return SECFailure;
    }
    token = PK11Slot_GetNSSToken(slot);

    object = nss_ZNEW(NULL, nssCryptokiObject);
    object->token = nssToken_AddRef(token);
    object->handle = crl->pkcs11ID;
    object->isTokenObject = PR_TRUE;

    status = nssToken_DeleteStoredObject(object);

    nssCryptokiObject_Destroy(object);
    return (status == PR_SUCCESS) ? SECSuccess : SECFailure;
}

Here is the call graph for this function:

SECStatus SEC_DestroyCrl ( CERTSignedCrl *  crl)

Definition at line 829 of file crl.c.

{
    if (crl) {
       if (PR_AtomicDecrement(&crl->referenceCount) < 1) {
           if (crl->slot) {
              PK11_FreeSlot(crl->slot);
           }
            if (GetOpaqueCRLFields(crl) &&
                PR_TRUE == GetOpaqueCRLFields(crl)->heapDER) {
                SECITEM_FreeItem(crl->derCrl, PR_TRUE);
            }
            if (crl->arena) {
                PORT_FreeArena(crl->arena, PR_FALSE);
            }
       }
        return SECSuccess;
    } else {
        return SECFailure;
    }
}

Here is the call graph for this function:

CERTSignedCrl* SEC_DupCrl ( CERTSignedCrl *  acrl)

Definition at line 818 of file crl.c.

{
    if (acrl)
    {
        PR_AtomicIncrement(&acrl->referenceCount);
        return acrl;
    }
    return NULL;
}

Here is the call graph for this function:

CERTSignedCrl* SEC_FindCrlByDERCert ( CERTCertDBHandle *  handle,
SECItem *  derCrl,
int  type 
)

Definition at line 791 of file crl.c.

{
    PRArenaPool *arena;
    SECItem crlKey;
    SECStatus rv;
    CERTSignedCrl *crl = NULL;
    
    /* create a scratch arena */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       return(NULL);
    }
    
    /* extract the database key from the cert */
    rv = CERT_KeyFromDERCrl(arena, derCrl, &crlKey);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* find the crl */
    crl = SEC_FindCrlByName(handle, &crlKey, type);
    
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return(crl);
}

Here is the call graph for this function:

SEC_BEGIN_PROTOS CERTSignedCrl* SEC_FindCrlByKey ( CERTCertDBHandle *  handle,
SECItem *  crlKey,
int  type 
)
CERTSignedCrl* SEC_FindCrlByName ( CERTCertDBHandle *  handle,
SECItem *  crlKey,
int  type 
)

Definition at line 2616 of file crl.c.

{
    CERTSignedCrl* acrl = NULL;
    CRLDPCache* dpcache = NULL;
    SECStatus rv = SECSuccess;
    PRBool writeLocked = PR_FALSE;

    if (!crlKey)
    {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
    }

    rv = AcquireDPCache(NULL, crlKey, NULL, 0, NULL, &dpcache, &writeLocked);
    if (SECSuccess == rv)
    {
        acrl = GetBestCRL(dpcache, PR_TRUE); /* decode entries, because
        SEC_FindCrlByName always returned fully decoded CRLs in the past */
        ReleaseDPCache(dpcache, writeLocked);
    }
    return acrl;
}

Here is the call graph for this function:

SECStatus SEC_LookupCrls ( CERTCertDBHandle *  handle,
CERTCrlHeadNode **  nodes,
int  type 
)

Definition at line 851 of file crl.c.

{
    CERTCrlHeadNode *head;
    PRArenaPool *arena = NULL;
    SECStatus rv;

    *nodes = NULL;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       return SECFailure;
    }

    /* build a head structure */
    head = (CERTCrlHeadNode *)PORT_ArenaAlloc(arena, sizeof(CERTCrlHeadNode));
    head->arena = arena;
    head->first = NULL;
    head->last = NULL;
    head->dbhandle = handle;

    /* Look up the proper crl types */
    *nodes = head;

    rv = PK11_LookupCrls(head, type, NULL);
    
    if (rv != SECSuccess) {
       if ( arena ) {
           PORT_FreeArena(arena, PR_FALSE);
           *nodes = NULL;
       }
    }

    return rv;
}

Here is the call graph for this function:

CERTSignedCrl* SEC_NewCrl ( CERTCertDBHandle *  handle,
char *  url,
SECItem *  derCrl,
int  type 
)

Definition at line 779 of file crl.c.

{
    CERTSignedCrl* retCrl = NULL;
    PK11SlotInfo* slot = PK11_GetInternalKeySlot();
    retCrl = PK11_ImportCRL(slot, derCrl, url, type, NULL,
        CRL_IMPORT_BYPASS_CHECKS, NULL, CRL_DECODE_DEFAULT_OPTIONS);
    PK11_FreeSlot(slot);

    return retCrl;
}

Here is the call graph for this function: