Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Enumerations | Functions | Variables
pcertdb.c File Reference
#include "prtime.h"
#include "lowkeyti.h"
#include "pcert.h"
#include "mcom_db.h"
#include "secitem.h"
#include "secder.h"
#include "secasn1.h"
#include "secerr.h"
#include "nssilock.h"
#include "prmon.h"
#include "nsslocks.h"
#include "base64.h"
#include "sechash.h"
#include "plhash.h"
#include "cdbhdl.h"
#include "pkcs11i.h"

Go to the source code of this file.

Classes

struct  PermCertCallbackState

Defines

#define MAX_CERT_LIST_COUNT   10
#define MAX_TRUST_LIST_COUNT   10
#define MAX_ENTRY_LIST_COUNT   10
#define DB_NOT_FOUND   -30991 /* from DBM 3.2 */
#define NO_RDONLY   O_RDONLY
#define NO_RDWR   O_RDWR
#define NO_CREATE   (O_RDWR | O_CREAT | O_TRUNC)

Enumerations

enum  nsslowcertUpdateType { nsslowcert_remove, nsslowcert_add, nsslowcert_remove, nsslowcert_add }

Functions

NSSLOWCERTCertificate * nsslowcert_FindCertByDERCertNoLocking (NSSLOWCERTCertDBHandle *handle, SECItem *derCert)
static SECStatus nsslowcert_UpdateSMimeProfile (NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime)
static SECStatus nsslowcert_UpdatePermCert (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust)
static SECStatus nsslowcert_UpdateCrl (NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, SECItem *crlKey, char *url, PRBool isKRL)
void certdb_InitDBLock (NSSLOWCERTCertDBHandle *handle)
SECStatus nsslowcert_InitLocks (void)
static void nsslowcert_LockDB (NSSLOWCERTCertDBHandle *handle)
static void nsslowcert_UnlockDB (NSSLOWCERTCertDBHandle *handle)
static void nsslowcert_LockCertRefCount (NSSLOWCERTCertificate *cert)
static void nsslowcert_UnlockCertRefCount (NSSLOWCERTCertificate *cert)
void nsslowcert_LockCertTrust (NSSLOWCERTCertificate *cert)
void nsslowcert_UnlockCertTrust (NSSLOWCERTCertificate *cert)
static void nsslowcert_LockFreeList (void)
static void nsslowcert_UnlockFreeList (void)
NSSLOWCERTCertificate * nsslowcert_DupCertificate (NSSLOWCERTCertificate *c)
static int certdb_Get (DB *db, DBT *key, DBT *data, unsigned int flags)
static int certdb_Put (DB *db, DBT *key, DBT *data, unsigned int flags)
static int certdb_Sync (DB *db, unsigned int flags)
static int certdb_Del (DB *db, DBT *key, unsigned int flags)
static int certdb_Seq (DB *db, DBT *key, DBT *data, unsigned int flags)
static void certdb_Close (DB *db)
void pkcs11_freeNickname (char *nickname, char *space)
char * pkcs11_copyNickname (char *nickname, char *space, int spaceLen)
void pkcs11_freeStaticData (unsigned char *data, unsigned char *space)
unsigned char * pkcs11_allocStaticData (int len, unsigned char *space, int spaceLen)
unsigned char * pkcs11_copyStaticData (unsigned char *data, int len, unsigned char *space, int spaceLen)
static void DestroyDBEntry (certDBEntry *entry)
static void nsslowcert_DestroyCertificateNoLocking (NSSLOWCERTCertificate *cert)
static SECStatus DeleteDBEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryType type, SECItem *dbkey)
static SECStatus ReadDBEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryCommon *entry, SECItem *dbkey, SECItem *dbentry, PRArenaPool *arena)
static SECStatus WriteDBEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryCommon *entry, SECItem *dbkey, SECItem *dbentry)
 Implement low level database access.
static SECStatus EncodeDBCertEntry (certDBEntryCert *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus EncodeDBCertKey (SECItem *certKey, PRArenaPool *arena, SECItem *dbkey)
static SECStatus EncodeDBGenericKey (SECItem *certKey, PRArenaPool *arena, SECItem *dbkey, certDBEntryType entryType)
static SECStatus DecodeDBCertEntry (certDBEntryCert *entry, SECItem *dbentry)
static certDBEntryCert * NewDBCertEntry (SECItem *derCert, char *nickname, NSSLOWCERTCertTrust *trust, int flags)
static certDBEntryCert * DecodeV4DBCertEntry (unsigned char *buf, int len)
static SECStatus WriteDBCertEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry)
static SECStatus DeleteDBCertEntry (NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
static certDBEntryCert * CreateCertEntry (void)
static void DestroyCertEntryFreeList (void)
static certDBEntryCert * ReadDBCertEntry (NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
static SECStatus EncodeDBCrlEntry (certDBEntryRevocation *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus DecodeDBCrlEntry (certDBEntryRevocation *entry, SECItem *dbentry)
static certDBEntryRevocation * NewDBCrlEntry (SECItem *derCrl, char *url, certDBEntryType crlType, int flags)
static SECStatus WriteDBCrlEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryRevocation *entry, SECItem *crlKey)
static SECStatus DeleteDBCrlEntry (NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, certDBEntryType crlType)
static certDBEntryRevocation * ReadDBCrlEntry (NSSLOWCERTCertDBHandle *handle, SECItem *certKey, certDBEntryType crlType)
void nsslowcert_DestroyDBEntry (certDBEntry *entry)
static SECStatus EncodeDBNicknameEntry (certDBEntryNickname *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus EncodeDBNicknameKey (char *nickname, PRArenaPool *arena, SECItem *dbkey)
static SECStatus DecodeDBNicknameEntry (certDBEntryNickname *entry, SECItem *dbentry, char *nickname)
static certDBEntryNicknameNewDBNicknameEntry (char *nickname, SECItem *subjectName, unsigned int flags)
static SECStatus DeleteDBNicknameEntry (NSSLOWCERTCertDBHandle *handle, char *nickname)
static certDBEntryNicknameReadDBNicknameEntry (NSSLOWCERTCertDBHandle *handle, char *nickname)
static SECStatus WriteDBNicknameEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryNickname *entry)
SECStatus EncodeDBSMimeEntry (certDBEntrySMime *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus EncodeDBSMimeKey (char *emailAddr, PRArenaPool *arena, SECItem *dbkey)
static SECStatus DecodeDBSMimeEntry (certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
static certDBEntrySMimeNewDBSMimeEntry (char *emailAddr, SECItem *subjectName, SECItem *smimeOptions, SECItem *optionsDate, unsigned int flags)
static SECStatus DeleteDBSMimeEntry (NSSLOWCERTCertDBHandle *handle, char *emailAddr)
certDBEntrySMimensslowcert_ReadDBSMimeEntry (NSSLOWCERTCertDBHandle *handle, char *emailAddr)
static SECStatus WriteDBSMimeEntry (NSSLOWCERTCertDBHandle *handle, certDBEntrySMime *entry)
static SECStatus EncodeDBSubjectEntry (certDBEntrySubject *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus EncodeDBSubjectKey (SECItem *derSubject, PRArenaPool *arena, SECItem *dbkey)
static SECStatus DecodeDBSubjectEntry (certDBEntrySubject *entry, SECItem *dbentry, SECItem *derSubject)
static certDBEntrySubjectNewDBSubjectEntry (SECItem *derSubject, SECItem *certKey, SECItem *keyID, char *nickname, char *emailAddr, unsigned int flags)
static SECStatus DeleteDBSubjectEntry (NSSLOWCERTCertDBHandle *handle, SECItem *derSubject)
static certDBEntrySubjectReadDBSubjectEntry (NSSLOWCERTCertDBHandle *handle, SECItem *derSubject)
static SECStatus WriteDBSubjectEntry (NSSLOWCERTCertDBHandle *handle, certDBEntrySubject *entry)
static SECStatus nsslowcert_UpdateSubjectEmailAddr (NSSLOWCERTCertDBHandle *dbhandle, SECItem *derSubject, char *emailAddr, nsslowcertUpdateType updateType)
static SECStatus AddNicknameToSubject (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname)
static certDBEntryVersionNewDBVersionEntry (unsigned int flags)
static certDBEntryVersionReadDBVersionEntry (NSSLOWCERTCertDBHandle *handle)
static SECStatus WriteDBVersionEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryVersion *entry)
static SECStatus RemovePermSubjectNode (NSSLOWCERTCertificate *cert)
static SECStatus AddPermSubjectNode (certDBEntrySubject *entry, NSSLOWCERTCertificate *cert, char *nickname)
SECStatus nsslowcert_TraversePermCertsForSubject (NSSLOWCERTCertDBHandle *handle, SECItem *derSubject, NSSLOWCERTCertCallback cb, void *cbarg)
int nsslowcert_NumPermCertsForSubject (NSSLOWCERTCertDBHandle *handle, SECItem *derSubject)
SECStatus nsslowcert_TraversePermCertsForNickname (NSSLOWCERTCertDBHandle *handle, char *nickname, NSSLOWCERTCertCallback cb, void *cbarg)
int nsslowcert_NumPermCertsForNickname (NSSLOWCERTCertDBHandle *handle, char *nickname)
static SECStatus AddNicknameToPermCert (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname)
SECStatus nsslowcert_AddPermNickname (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname)
static certDBEntryCert * AddCertToPermDB (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust)
static SECStatus UpdateV7DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
static SECStatus UpdateV8DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
static SECStatus UpdateV6DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
static SECStatus updateV5Callback (NSSLOWCERTCertificate *cert, SECItem *k, void *pdata)
static SECStatus UpdateV5DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
static PRBool isV4DB (DB *db)
static SECStatus UpdateV4DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
PRBool nsslowcert_CertDBKeyConflict (SECItem *derCert, NSSLOWCERTCertDBHandle *handle)
static PRBool nsslowcert_CertNicknameConflict (char *nickname, SECItem *derSubject, NSSLOWCERTCertDBHandle *handle)
static DBnsslowcert_openolddb (NSSLOWCERTDBNameFunc namecb, void *cbarg, int version)
static SECStatus openNewCertDB (const char *appName, const char *prefix, const char *certdbname, NSSLOWCERTCertDBHandle *handle, NSSLOWCERTDBNameFunc namecb, void *cbarg)
static int nsslowcert_GetVersionNumber (NSSLOWCERTCertDBHandle *handle)
static SECStatus nsslowcert_OpenPermCertDB (NSSLOWCERTCertDBHandle *handle, PRBool readOnly, const char *appName, const char *prefix, NSSLOWCERTDBNameFunc namecb, void *cbarg)
static SECStatus DeletePermCert (NSSLOWCERTCertificate *cert)
SECStatus nsslowcert_DeletePermCertificate (NSSLOWCERTCertificate *cert)
SECStatus nsslowcert_TraverseDBEntries (NSSLOWCERTCertDBHandle *handle, certDBEntryType type, SECStatus(*callback)(SECItem *data, SECItem *key, certDBEntryType type, void *pdata), void *udata)
static NSSLOWCERTCertificate * DecodeACert (NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry)
static NSSLOWCERTTrust * CreateTrust (void)
static void DestroyTrustFreeList (void)
static NSSLOWCERTTrust * DecodeTrustEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry, SECItem *dbKey)
static SECStatus certcallback (SECItem *dbdata, SECItem *dbkey, certDBEntryType type, void *data)
static SECStatus TraversePermCertsNoLocking (NSSLOWCERTCertDBHandle *handle, SECStatus(*certfunc)(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata), void *udata)
SECStatus nsslowcert_TraversePermCerts (NSSLOWCERTCertDBHandle *handle, SECStatus(*certfunc)(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata), void *udata)
void nsslowcert_ClosePermCertDB (NSSLOWCERTCertDBHandle *handle)
SECStatus nsslowcert_GetCertTrust (NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust)
SECStatus nsslowcert_ChangeCertTrust (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust)
SECStatus nsslowcert_AddPermCert (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust)
SECStatus nsslowcert_OpenCertDB (NSSLOWCERTCertDBHandle *handle, PRBool readOnly, const char *appName, const char *prefix, NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile)
PRBool nsslowcert_needDBVerify (NSSLOWCERTCertDBHandle *handle)
void nsslowcert_setDBVerify (NSSLOWCERTCertDBHandle *handle, PRBool value)
static NSSLOWCERTCertificate * FindCertByKey (NSSLOWCERTCertDBHandle *handle, SECItem *certKey, PRBool lockdb)
static NSSLOWCERTTrust * FindTrustByKey (NSSLOWCERTCertDBHandle *handle, SECItem *certKey, PRBool lockdb)
NSSLOWCERTCertificate * nsslowcert_FindCertByKey (NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
NSSLOWCERTTrust * nsslowcert_FindTrustByKey (NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
NSSLOWCERTCertificate * nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN)
NSSLOWCERTTrust * nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN)
NSSLOWCERTCertificate * nsslowcert_FindCertByDERCert (NSSLOWCERTCertDBHandle *handle, SECItem *derCert)
static void DestroyCertificate (NSSLOWCERTCertificate *cert, PRBool lockdb)
NSSLOWCERTCertificate * nsslowcert_CreateCert (void)
static void DestroyCertFreeList (void)
void nsslowcert_DestroyTrust (NSSLOWCERTTrust *trust)
void nsslowcert_DestroyCertificate (NSSLOWCERTCertificate *cert)
certDBEntryRevocation * nsslowcert_FindCrlByKey (NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, PRBool isKRL)
SECStatus nsslowcert_AddCrl (NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, SECItem *crlKey, char *url, PRBool isKRL)
SECStatus nsslowcert_DeletePermCRL (NSSLOWCERTCertDBHandle *handle, SECItem *derName, PRBool isKRL)
PRBool nsslowcert_hasTrust (NSSLOWCERTCertTrust *trust)
SECStatus nsslowcert_SaveSMimeProfile (NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime)
void nsslowcert_DestroyFreeLists (void)
void nsslowcert_DestroyGlobalLocks (void)
certDBEntrynsslowcert_DecodeAnyDBEntry (SECItem *dbData, SECItem *dbKey, certDBEntryType entryType, void *pdata)

Variables

static NSSLOWCERTCertificate * certListHead = NULL
static NSSLOWCERTTrust * trustListHead = NULL
static certDBEntryCert * entryListHead = NULL
static int certListCount = 0
static int trustListCount = 0
static int entryListCount = 0
static PZLockdbLock = NULL
static PZLockcertRefCountLock = NULL
static PZLockcertTrustLock = NULL
static PZLockfreeListLock = NULL

Class Documentation

struct PermCertCallbackState

Definition at line 4402 of file pcertdb.c.

Class Members
PermCertCallback certfunc
void * data
NSSLOWCERTCertDBHandle * handle

Define Documentation

#define DB_NOT_FOUND   -30991 /* from DBM 3.2 */

Definition at line 319 of file pcertdb.c.

Definition at line 85 of file pcertdb.c.

Definition at line 87 of file pcertdb.c.

Definition at line 86 of file pcertdb.c.

Definition at line 4027 of file pcertdb.c.

Definition at line 4025 of file pcertdb.c.

Definition at line 4026 of file pcertdb.c.


Enumeration Type Documentation

Enumerator:
nsslowcert_remove 
nsslowcert_add 
nsslowcert_remove 
nsslowcert_add 

Definition at line 2695 of file pcertdb.c.


Function Documentation

static certDBEntryCert* AddCertToPermDB ( NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTCertificate *  cert,
char *  nickname,
NSSLOWCERTCertTrust *  trust 
) [static]

Definition at line 3352 of file pcertdb.c.

{
    certDBEntryCert *certEntry = NULL;
    certDBEntryNickname *nicknameEntry = NULL;
    certDBEntrySubject *subjectEntry = NULL;
    int state = 0;
    SECStatus rv;
    PRBool donnentry = PR_FALSE;

    if ( nickname ) {
       donnentry = PR_TRUE;
    }

    subjectEntry = ReadDBSubjectEntry(handle, &cert->derSubject);
       
    if ( subjectEntry && subjectEntry->nickname ) {
       donnentry = PR_FALSE;
       nickname = subjectEntry->nickname;
    }
    
    certEntry = NewDBCertEntry(&cert->derCert, nickname, trust, 0);
    if ( certEntry == NULL ) {
       goto loser;
    }
    
    if ( donnentry ) {
       nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0);
       if ( nicknameEntry == NULL ) {
           goto loser;
       }
    }
    
    rv = WriteDBCertEntry(handle, certEntry);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    state = 1;
    
    if ( nicknameEntry ) {
       rv = WriteDBNicknameEntry(handle, nicknameEntry);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    }
    
    state = 2;

    /* "Change" handles if necessary */
    if (cert->dbhandle) {
       sftk_freeCertDB(cert->dbhandle);
    }
    cert->dbhandle = nsslowcert_reference(handle);
    
    /* add to or create new subject entry */
    if ( subjectEntry ) {
       /* REWRITE BASED ON SUBJECT ENTRY */
       rv = AddPermSubjectNode(subjectEntry, cert, nickname);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    } else {
       /* make a new subject entry - this case is only used when updating
        * an old version of the database.  This is OK because the oldnickname
        * db format didn't allow multiple certs with the same subject.
        */
       /* where does subjectKeyID and certKey come from? */
       subjectEntry = NewDBSubjectEntry(&cert->derSubject, &cert->certKey,
                                    &cert->subjectKeyID, nickname,
                                    NULL, 0);
       if ( subjectEntry == NULL ) {
           goto loser;
       }
       rv = WriteDBSubjectEntry(handle, subjectEntry);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    }
    
    state = 3;
    
    if ( nicknameEntry ) {
       DestroyDBEntry((certDBEntry *)nicknameEntry);
    }
    
    if ( subjectEntry ) {
       DestroyDBEntry((certDBEntry *)subjectEntry);
    }

    return(certEntry);

loser:
    /* don't leave partial entry in the database */
    if ( state > 0 ) {
       rv = DeleteDBCertEntry(handle, &cert->certKey);
    }
    if ( ( state > 1 ) && donnentry ) {
       rv = DeleteDBNicknameEntry(handle, nickname);
    }
    if ( state > 2 ) {
       rv = DeleteDBSubjectEntry(handle, &cert->derSubject);
    }
    if ( certEntry ) {
       DestroyDBEntry((certDBEntry *)certEntry);
    }
    if ( nicknameEntry ) {
       DestroyDBEntry((certDBEntry *)nicknameEntry);
    }
    if ( subjectEntry ) {
       DestroyDBEntry((certDBEntry *)subjectEntry);
    }

    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus AddNicknameToPermCert ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname 
) [static]

Definition at line 3246 of file pcertdb.c.

{
    certDBEntryCert *entry;
    int rv;

    entry = cert->dbEntry;
    PORT_Assert(entry != NULL);
    if ( entry == NULL ) {
       goto loser;
    }

    pkcs11_freeNickname(entry->nickname,entry->nicknameSpace);
    entry->nickname = NULL;
    entry->nickname = pkcs11_copyNickname(nickname,entry->nicknameSpace,
                                   sizeof(entry->nicknameSpace));

    rv = WriteDBCertEntry(dbhandle, entry);
    if ( rv ) {
       goto loser;
    }

    pkcs11_freeNickname(cert->nickname,cert->nicknameSpace);
    cert->nickname = NULL;
    cert->nickname = pkcs11_copyNickname(nickname,cert->nicknameSpace,
                                   sizeof(cert->nicknameSpace));

    return(SECSuccess);
    
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus AddNicknameToSubject ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname 
) [static]

Definition at line 2778 of file pcertdb.c.

{
    certDBEntrySubject *entry;
    SECStatus rv;
    
    if ( nickname == NULL ) {
       return(SECFailure);
    }
    
    entry = ReadDBSubjectEntry(dbhandle,&cert->derSubject);
    PORT_Assert(entry != NULL);
    if ( entry == NULL ) {
       goto loser;
    }
    
    PORT_Assert(entry->nickname == NULL);
    if ( entry->nickname != NULL ) {
       goto loser;
    }
    
    entry->nickname = PORT_ArenaStrdup(entry->common.arena, nickname);
    
    if ( entry->nickname == NULL ) {
       goto loser;
    }
       
    /* delete the subject entry */
    DeleteDBSubjectEntry(dbhandle, &cert->derSubject);

    /* write the new one */
    rv = WriteDBSubjectEntry(dbhandle, entry);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus AddPermSubjectNode ( certDBEntrySubject entry,
NSSLOWCERTCertificate *  cert,
char *  nickname 
) [static]

Definition at line 3025 of file pcertdb.c.

{
    SECItem *newCertKeys, *newKeyIDs;
    unsigned int i, new_i;
    SECStatus rv;
    NSSLOWCERTCertificate *cmpcert;
    unsigned int nnlen;
    unsigned int ncerts;
    PRBool added = PR_FALSE;

    PORT_Assert(entry);    
    ncerts = entry->ncerts;
       
    if ( nickname && entry->nickname ) {
       /* nicknames must be the same */
       PORT_Assert(PORT_Strcmp(nickname, entry->nickname) == 0);
    }

    if ( ( entry->nickname == NULL ) && ( nickname != NULL ) ) {
       /* copy nickname into the entry */
       nnlen = PORT_Strlen(nickname) + 1;
       entry->nickname = (char *)PORT_ArenaAlloc(entry->common.arena,nnlen);
       if ( entry->nickname == NULL ) {
           return(SECFailure);
       }
       PORT_Memcpy(entry->nickname, nickname, nnlen);
    }
       
    /* a DB entry already exists, so add this cert */
    newCertKeys = (SECItem *)PORT_ArenaAlloc(entry->common.arena,
                                    sizeof(SECItem) * ( ncerts + 1 ) );
    newKeyIDs = (SECItem *)PORT_ArenaAlloc(entry->common.arena,
                                    sizeof(SECItem) * ( ncerts + 1 ) );

    if ( ( newCertKeys == NULL ) || ( newKeyIDs == NULL ) ) {
           return(SECFailure);
    }

    for ( i = 0, new_i=0; i < ncerts; i++ ) {
       cmpcert = nsslowcert_FindCertByKey(cert->dbhandle,
                                            &entry->certKeys[i]);
       /* The entry has been corrupted, remove it from the list */
       if (!cmpcert) {
           continue;
       }

       if ( nsslowcert_IsNewer(cert, cmpcert) ) {
           nsslowcert_DestroyCertificate(cmpcert);
           /* insert before cmpcert */
           rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i],
                                  &cert->certKey);
           if ( rv != SECSuccess ) {
              return(SECFailure);
           }
           rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i],
                                  &cert->subjectKeyID);
           if ( rv != SECSuccess ) {
              return(SECFailure);
           }
           new_i++;
           /* copy the rest of the entry */
           for ( ; i < ncerts; i++ ,new_i++) {
              newCertKeys[new_i] = entry->certKeys[i];
              newKeyIDs[new_i] = entry->keyIDs[i];
           }

           /* update certKeys and keyIDs */
           entry->certKeys = newCertKeys;
           entry->keyIDs = newKeyIDs;
              
           /* set new count value */
           entry->ncerts = new_i;
           added = PR_TRUE;
           break;
       }
       nsslowcert_DestroyCertificate(cmpcert);
       /* copy this cert entry */
       newCertKeys[new_i] = entry->certKeys[i];
       newKeyIDs[new_i] = entry->keyIDs[i];
       new_i++; /* only increment if we copied the entries */
    }

    if ( !added ) {
       /* insert new one at end */
       rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i],
                              &cert->certKey);
       if ( rv != SECSuccess ) {
           return(SECFailure);
       }
       rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i],
                              &cert->subjectKeyID);
       if ( rv != SECSuccess ) {
           return(SECFailure);
       }
       new_i++;

       /* update certKeys and keyIDs */
       entry->certKeys = newCertKeys;
       entry->keyIDs = newKeyIDs;
              
       /* increment count */
       entry->ncerts = new_i;
    }
    DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
    rv = WriteDBSubjectEntry(cert->dbhandle, entry);
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus certcallback ( SECItem *  dbdata,
SECItem *  dbkey,
certDBEntryType  type,
void data 
) [static]

Definition at line 4413 of file pcertdb.c.

{
    PermCertCallbackState *mystate;
    SECStatus rv;
    certDBEntryCert *entry;
    SECItem entryitem;
    NSSLOWCERTCertificate *cert;
    PRArenaPool *arena = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }
    
    entry = (certDBEntryCert *)PORT_ArenaAlloc(arena, sizeof(certDBEntryCert));
    mystate = (PermCertCallbackState *)data;
    entry->common.version = (unsigned int)dbdata->data[0];
    entry->common.type = (certDBEntryType)dbdata->data[1];
    entry->common.flags = (unsigned int)dbdata->data[2];
    entry->common.arena = arena;
    
    entryitem.len = dbdata->len - SEC_DB_ENTRY_HEADER_LEN;
    entryitem.data = &dbdata->data[SEC_DB_ENTRY_HEADER_LEN];
    
    rv = DecodeDBCertEntry(entry, &entryitem);
    if (rv != SECSuccess ) {
       goto loser;
    }
    entry->derCert.type = siBuffer;
   
    /* note: Entry is 'inheritted'.  */
    cert = DecodeACert(mystate->handle, entry);

    rv = (* mystate->certfunc)(cert, dbkey, mystate->data);

    /* arena stored in entry destroyed by nsslowcert_DestroyCertificate */
    nsslowcert_DestroyCertificateNoLocking(cert);

    return(rv);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void certdb_Close ( DB db) [static]

Definition at line 358 of file pcertdb.c.

{
    PRStatus prstat;

    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    (* db->close)(db);
    
    prstat = PZ_Unlock(dbLock);

    return;
}

Here is the caller graph for this function:

static int certdb_Del ( DB db,
DBT key,
unsigned int  flags 
) [static]

Definition at line 321 of file pcertdb.c.

{
    PRStatus prstat;
    int ret;

    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    ret = (* db->del)(db, key, flags);
    
    prstat = PZ_Unlock(dbLock);

    /* don't fail if the record is already deleted */
    if (ret == DB_NOT_FOUND) {
       ret = 0;
    }

    return(ret);
}

Here is the caller graph for this function:

static int certdb_Get ( DB db,
DBT key,
DBT data,
unsigned int  flags 
) [static]

Definition at line 272 of file pcertdb.c.

{
    PRStatus prstat;
    int ret;
    
    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    ret = (* db->get)(db, key, data, flags);

    prstat = PZ_Unlock(dbLock);

    return(ret);
}

Here is the caller graph for this function:

void certdb_InitDBLock ( NSSLOWCERTCertDBHandle *  handle)

Definition at line 99 of file pcertdb.c.

static int certdb_Put ( DB db,
DBT key,
DBT data,
unsigned int  flags 
) [static]

Definition at line 288 of file pcertdb.c.

{
    PRStatus prstat;
    int ret = 0;

    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    ret = (* db->put)(db, key, data, flags);
    
    prstat = PZ_Unlock(dbLock);

    return(ret);
}

Here is the caller graph for this function:

static int certdb_Seq ( DB db,
DBT key,
DBT data,
unsigned int  flags 
) [static]

Definition at line 342 of file pcertdb.c.

{
    PRStatus prstat;
    int ret;
    
    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);
    
    ret = (* db->seq)(db, key, data, flags);

    prstat = PZ_Unlock(dbLock);

    return(ret);
}

Here is the caller graph for this function:

static int certdb_Sync ( DB db,
unsigned int  flags 
) [static]

Definition at line 304 of file pcertdb.c.

{
    PRStatus prstat;
    int ret;

    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    ret = (* db->sync)(db, flags);
    
    prstat = PZ_Unlock(dbLock);

    return(ret);
}

Here is the caller graph for this function:

static certDBEntryCert* CreateCertEntry ( void  ) [static]

Definition at line 1054 of file pcertdb.c.

{
    certDBEntryCert *entry;

    nsslowcert_LockFreeList();
    entry = entryListHead;
    if (entry) {
       entryListCount--;
       entryListHead = entry->next;
    }
    PORT_Assert(entryListCount >= 0);
    nsslowcert_UnlockFreeList();
    if (entry) {
       return entry;
    }

    return PORT_ZNew(certDBEntryCert);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTTrust* CreateTrust ( void  ) [static]

Definition at line 4344 of file pcertdb.c.

{
    NSSLOWCERTTrust *trust = NULL;

    nsslowcert_LockFreeList();
    trust = trustListHead;
    if (trust) {
       trustListCount--;
       trustListHead = trust->next;
    }
    PORT_Assert(trustListCount >= 0);
    nsslowcert_UnlockFreeList();
    if (trust) {
       return trust;
    }

    return PORT_ZNew(NSSLOWCERTTrust);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTCertificate* DecodeACert ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryCert *  entry 
) [static]

Definition at line 4323 of file pcertdb.c.

{
    NSSLOWCERTCertificate *cert = NULL;
    
    cert = nsslowcert_DecodeDERCertificate(&entry->derCert, entry->nickname );
    
    if ( cert == NULL ) {
       goto loser;
    }

    cert->dbhandle = nsslowcert_reference(handle);
    cert->dbEntry = entry;
    cert->trust = &entry->trust;

    return(cert);

loser:
    return(0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBCertEntry ( certDBEntryCert *  entry,
SECItem *  dbentry 
) [static]

Definition at line 736 of file pcertdb.c.

{
    unsigned int nnlen;
    unsigned int headerlen;
    int lenoff;

    /* allow updates of old versions of the database */
    switch ( entry->common.version ) {
      case 5:
       headerlen = DB_CERT_V5_ENTRY_HEADER_LEN;
       lenoff = 3;
       break;
      case 6:
       /* should not get here */
       PORT_Assert(0);
       headerlen = DB_CERT_V6_ENTRY_HEADER_LEN;
       lenoff = 3;
       break;
      case 7:
      case 8:
       headerlen = DB_CERT_ENTRY_HEADER_LEN;
       lenoff = 6;
       break;
      default:
       /* better not get here */
       PORT_Assert(0);
       headerlen = DB_CERT_V5_ENTRY_HEADER_LEN;
       lenoff = 3;
       break;
    }
    
    /* is record long enough for header? */
    if ( dbentry->len < headerlen ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* is database entry correct length? */
    entry->derCert.len = ( ( dbentry->data[lenoff] << 8 ) |
                       dbentry->data[lenoff+1] );
    nnlen = ( ( dbentry->data[lenoff+2] << 8 ) | dbentry->data[lenoff+3] );
    if ( ( entry->derCert.len + nnlen + headerlen )
       != dbentry->len) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* copy the dercert */

    entry->derCert.data = pkcs11_copyStaticData(&dbentry->data[headerlen],
       entry->derCert.len,entry->derCertSpace,sizeof(entry->derCertSpace));
    if ( entry->derCert.data == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    /* copy the nickname */
    if ( nnlen > 1 ) {
       entry->nickname = (char *)pkcs11_copyStaticData(
                     &dbentry->data[headerlen+entry->derCert.len], nnlen,
                     (unsigned char *)entry->nicknameSpace, 
                     sizeof(entry->nicknameSpace));
       if ( entry->nickname == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
    } else {
       entry->nickname = NULL;
    }
    
    if ( entry->common.version < 7 ) {
       /* allow updates of v5 db */
       entry->trust.sslFlags = dbentry->data[0];
       entry->trust.emailFlags = dbentry->data[1];
       entry->trust.objectSigningFlags = dbentry->data[2];
    } else {
       entry->trust.sslFlags = ( dbentry->data[0] << 8 ) | dbentry->data[1];
       entry->trust.emailFlags = ( dbentry->data[2] << 8 ) | dbentry->data[3];
       entry->trust.objectSigningFlags =
           ( dbentry->data[4] << 8 ) | dbentry->data[5];
    }
    
    return(SECSuccess);
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBCrlEntry ( certDBEntryRevocation *  entry,
SECItem *  dbentry 
) [static]

Definition at line 1189 of file pcertdb.c.

{
    unsigned int nnlen;
    
    /* is record long enough for header? */
    if ( dbentry->len < DB_CRL_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* is database entry correct length? */
    entry->derCrl.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
    nnlen = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
    if ( ( entry->derCrl.len + nnlen + DB_CRL_ENTRY_HEADER_LEN )
       != dbentry->len) {
      /* CRL entry is greater than 64 K. Hack to make this continue to work */
      if (dbentry->len >= (0xffff - DB_CRL_ENTRY_HEADER_LEN) - nnlen) {
          entry->derCrl.len = 
                      (dbentry->len - DB_CRL_ENTRY_HEADER_LEN) - nnlen;
      } else {
          PORT_SetError(SEC_ERROR_BAD_DATABASE);
          goto loser;
      }    
    }
    
    /* copy the dercert */
    entry->derCrl.data = (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                                  entry->derCrl.len);
    if ( entry->derCrl.data == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    PORT_Memcpy(entry->derCrl.data, &dbentry->data[DB_CRL_ENTRY_HEADER_LEN],
             entry->derCrl.len);

    /* copy the url */
    entry->url = NULL;
    if (nnlen != 0) {
       entry->url = (char *)PORT_ArenaAlloc(entry->common.arena, nnlen);
       if ( entry->url == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->url,
             &dbentry->data[DB_CRL_ENTRY_HEADER_LEN + entry->derCrl.len],
             nnlen);
    }
    
    return(SECSuccess);
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBNicknameEntry ( certDBEntryNickname entry,
SECItem *  dbentry,
char *  nickname 
) [static]

Definition at line 1513 of file pcertdb.c.

{
    /* is record long enough for header? */
    if ( dbentry->len < DB_NICKNAME_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* is database entry correct length? */
    entry->subjectName.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
    if (( entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN ) !=
       dbentry->len ){
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* copy the certkey */
    entry->subjectName.data =
       (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                    entry->subjectName.len);
    if ( entry->subjectName.data == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    PORT_Memcpy(entry->subjectName.data,
             &dbentry->data[DB_NICKNAME_ENTRY_HEADER_LEN],
             entry->subjectName.len);
    entry->subjectName.type = siBuffer;
    
    entry->nickname = (char *)PORT_ArenaAlloc(entry->common.arena, 
                                              PORT_Strlen(nickname)+1);
    if ( entry->nickname ) {
       PORT_Strcpy(entry->nickname, nickname);
    }
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBSMimeEntry ( certDBEntrySMime entry,
SECItem *  dbentry,
char *  emailAddr 
) [static]

Definition at line 1842 of file pcertdb.c.

{
    /* is record long enough for header? */
    if ( dbentry->len < DB_SMIME_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* is database entry correct length? */
    entry->subjectName.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
    entry->smimeOptions.len = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
    entry->optionsDate.len = ( ( dbentry->data[4] << 8 ) | dbentry->data[5] );
    if (( entry->subjectName.len + entry->smimeOptions.len +
        entry->optionsDate.len + DB_SMIME_ENTRY_HEADER_LEN ) != dbentry->len){
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* copy the subject name */
    entry->subjectName.data =
       (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                    entry->subjectName.len);
    if ( entry->subjectName.data == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    PORT_Memcpy(entry->subjectName.data,
             &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN],
             entry->subjectName.len);

    /* copy the smime options */
    if ( entry->smimeOptions.len ) {
       entry->smimeOptions.data =
           (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                        entry->smimeOptions.len);
       if ( entry->smimeOptions.data == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->smimeOptions.data,
                  &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
                               entry->subjectName.len],
                  entry->smimeOptions.len);
    }
    if ( entry->optionsDate.len ) {
       entry->optionsDate.data =
           (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                        entry->optionsDate.len);
       if ( entry->optionsDate.data == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->optionsDate.data,
                  &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
                               entry->subjectName.len +
                               entry->smimeOptions.len],
                  entry->optionsDate.len);
    }

    /* both options and options date must either exist or not exist */
    if ( ( ( entry->optionsDate.len == 0 ) ||
         ( entry->smimeOptions.len == 0 ) ) &&
       entry->smimeOptions.len != entry->optionsDate.len ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    entry->emailAddr = (char *)PORT_ArenaAlloc(entry->common.arena,
                                          PORT_Strlen(emailAddr)+1);
    if ( entry->emailAddr ) {
       PORT_Strcpy(entry->emailAddr, emailAddr);
    }
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBSubjectEntry ( certDBEntrySubject entry,
SECItem *  dbentry,
SECItem *  derSubject 
) [static]

Definition at line 2282 of file pcertdb.c.

{
    unsigned int ncerts;
    PRArenaPool *arena;
    unsigned int len, itemlen;
    unsigned char *tmpbuf;
    unsigned char *end;
    unsigned int i;
    SECStatus rv;
    unsigned int keyidoff;
    unsigned int nnlen, eaddrlen;
    unsigned int stdlen;
    
    arena = entry->common.arena;

    rv = SECITEM_CopyItem(arena, &entry->derSubject, derSubject);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* is record long enough for header? */
    if ( dbentry->len < DB_SUBJECT_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    entry->ncerts = ncerts = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
    nnlen = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
    eaddrlen = ( ( dbentry->data[4] << 8 ) | dbentry->data[5] );
    stdlen = ncerts * 4 + DB_SUBJECT_ENTRY_HEADER_LEN + nnlen + eaddrlen;
    if ( dbentry->len < stdlen) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    entry->certKeys = (SECItem *)PORT_ArenaAlloc(arena,
                                           sizeof(SECItem) * ncerts);
    entry->keyIDs = (SECItem *)PORT_ArenaAlloc(arena,
                                          sizeof(SECItem) * ncerts);

    if ( ( entry->certKeys == NULL ) || ( entry->keyIDs == NULL ) ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    if ( nnlen > 1 ) { /* null terminator is stored */
       entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
       if ( entry->nickname == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->nickname,
                  &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN],
                  nnlen);
    } else {
       entry->nickname = NULL;
    }

    /* if we have an old style email entry, there is only one */    
    entry->nemailAddrs = 0;
    if ( eaddrlen > 1 ) { /* null terminator is stored */
       entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *));
       if ( entry->emailAddrs == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       entry->emailAddrs[0] = (char *)PORT_ArenaAlloc(arena, eaddrlen);
       if ( entry->emailAddrs[0] == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->emailAddrs[0],
                  &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN+nnlen],
                  eaddrlen);
        entry->nemailAddrs = 1;
    } else {
       entry->emailAddrs = NULL;
    }
    
    /* collect the lengths of the certKeys and keyIDs, and total the
     * overall length.
     */
    keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN + nnlen + eaddrlen;
    len = keyidoff + 4 * ncerts;

    tmpbuf = &dbentry->data[0];
    
    for ( i = 0; i < ncerts; i++ ) {

       itemlen = ( tmpbuf[keyidoff + 2*i] << 8 ) | tmpbuf[keyidoff + 1 + 2*i] ;
       len += itemlen;
       entry->certKeys[i].len = itemlen;

       itemlen = ( tmpbuf[keyidoff + 2*ncerts + 2*i] << 8 ) |
           tmpbuf[keyidoff + 1 + 2*ncerts + 2*i] ;
       len += itemlen;
       entry->keyIDs[i].len = itemlen;
    }
    
    /* is database entry correct length? */
    if ( len > dbentry->len ){
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    tmpbuf = &tmpbuf[keyidoff + 4*ncerts];
    for ( i = 0; i < ncerts; i++ ) {
       entry->certKeys[i].data =
           (unsigned char *)PORT_ArenaAlloc(arena, entry->certKeys[i].len);
       if ( entry->certKeys[i].data == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->certKeys[i].data, tmpbuf, entry->certKeys[i].len);
       tmpbuf = &tmpbuf[entry->certKeys[i].len];
    }

    for ( i = 0; i < ncerts; i++ ) {
       entry->keyIDs[i].data =
           (unsigned char *)PORT_ArenaAlloc(arena, entry->keyIDs[i].len);
       if ( entry->keyIDs[i].data == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->keyIDs[i].data, tmpbuf, entry->keyIDs[i].len);
       tmpbuf = &tmpbuf[entry->keyIDs[i].len];
    }

    end = &dbentry->data[dbentry->len];
    if ((eaddrlen == 0) && (tmpbuf+1 < end)) {
       /* read in the additional email addresses */
       entry->nemailAddrs = tmpbuf[0] << 8 | tmpbuf[1];
       tmpbuf += 2;
       entry->emailAddrs = (char **)
              PORT_ArenaAlloc(arena, entry->nemailAddrs * sizeof(char *));
       if (entry->emailAddrs == NULL) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       for (i=0; i < entry->nemailAddrs; i++) {
           int nameLen;
           if (tmpbuf + 2 > end) {
              goto loser;
           }

           nameLen = tmpbuf[0] << 8 | tmpbuf[1];
           entry->emailAddrs[i] = PORT_ArenaAlloc(arena,nameLen);
           if (entry->emailAddrs == NULL) {
               PORT_SetError(SEC_ERROR_NO_MEMORY);
               goto loser;
           }
           if (tmpbuf + (nameLen+2) > end) {
              goto loser;
           }
           PORT_Memcpy(entry->emailAddrs[i],&tmpbuf[2],nameLen);
           tmpbuf += 2 + nameLen;
       }
    }
    
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTTrust* DecodeTrustEntry ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryCert *  entry,
SECItem *  dbKey 
) [static]

Definition at line 4380 of file pcertdb.c.

{
    NSSLOWCERTTrust *trust = CreateTrust();
    if (trust == NULL) {
       return trust;
    }
    trust->dbhandle = nsslowcert_reference(handle);
    trust->dbEntry = entry;
    trust->dbKey.data = pkcs11_copyStaticData(dbKey->data,dbKey->len,
                            trust->dbKeySpace, sizeof(trust->dbKeySpace));
    if (!trust->dbKey.data) {
       PORT_Free(trust);
       return NULL;
    }
    trust->dbKey.len = dbKey->len;
 
    trust->trust = &entry->trust;
    trust->derCert = &entry->derCert;

    return(trust);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryCert* DecodeV4DBCertEntry ( unsigned char *  buf,
int  len 
) [static]

Definition at line 894 of file pcertdb.c.

{
    certDBEntryCert *entry;
    int certlen;
    int nnlen;
    PRArenaPool *arena;
    
    /* make sure length is at least long enough for the header */
    if ( len < DBCERT_V4_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return(0);
    }

    /* get other lengths */
    certlen = buf[3] << 8 | buf[4];
    nnlen = buf[5] << 8 | buf[6];
    
    /* make sure DB entry is the right size */
    if ( ( certlen + nnlen + DBCERT_V4_HEADER_LEN ) != len ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return(0);
    }

    /* allocate arena */
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );

    if ( !arena ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       return(0);
    }
       
    /* allocate structure and members */
    entry = (certDBEntryCert *)  PORT_ArenaAlloc(arena, sizeof(certDBEntryCert));

    if ( !entry ) {
       goto loser;
    }

    entry->common.arena = arena;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.type = certDBEntryTypeCert;
    entry->common.flags = 0;
    entry->trust.sslFlags = buf[0];
    entry->trust.emailFlags = buf[1];
    entry->trust.objectSigningFlags = buf[2];

    entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(arena, certlen);
    if ( !entry->derCert.data ) {
       goto loser;
    }
    entry->derCert.len = certlen;
    PORT_Memcpy(entry->derCert.data, &buf[DBCERT_V4_HEADER_LEN], certlen);

    if ( nnlen ) {
        entry->nickname = (char *) PORT_ArenaAlloc(arena, nnlen);
        if ( !entry->nickname ) {
            goto loser;
        }
        PORT_Memcpy(entry->nickname, &buf[DBCERT_V4_HEADER_LEN + certlen], nnlen);
        
        if (PORT_Strcmp(entry->nickname, "Server-Cert") == 0) {
            entry->trust.sslFlags |= CERTDB_USER;
        }
    } else {
        entry->nickname = 0;
    }

    return(entry);
    
loser:
    PORT_FreeArena(arena, PR_FALSE);
    PORT_SetError(SEC_ERROR_NO_MEMORY);
    return(0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBCertEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey 
) [static]

Definition at line 1023 of file pcertdb.c.

{
    SECItem dbkey;
    SECStatus rv;

    dbkey.data= NULL;
    dbkey.len = 0;

    rv = EncodeDBCertKey(certKey, NULL, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = DeleteDBEntry(handle, certDBEntryTypeCert, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    if (dbkey.data) {
       PORT_Free(dbkey.data);
    }
    return(SECSuccess);

loser:
    if (dbkey.data) {
       PORT_Free(dbkey.data);
    }
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBCrlEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  crlKey,
certDBEntryType  crlType 
) [static]

Definition at line 1347 of file pcertdb.c.

{
    SECItem dbkey;
    PRArenaPool *arena = NULL;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }

    rv = EncodeDBGenericKey(crlKey, arena, &dbkey, crlType);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = DeleteDBEntry(handle, crlType, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    return(SECSuccess);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBEntry ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryType  type,
SECItem *  dbkey 
) [static]

Definition at line 476 of file pcertdb.c.

{
    DBT key;
    int ret;

    /* init the database key */
    key.data = dbkey->data;
    key.size = dbkey->len;
    
    dbkey->data[0] = (unsigned char)type;

    /* delete entry from database */
    ret = certdb_Del(handle->permCertDB, &key, 0 );
    if ( ret != 0 ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    ret = certdb_Sync(handle->permCertDB, 0);
    if ( ret ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    return(SECSuccess);
    
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBNicknameEntry ( NSSLOWCERTCertDBHandle *  handle,
char *  nickname 
) [static]

Definition at line 1613 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    SECStatus rv;
    SECItem dbkey;
    
    if ( nickname == NULL ) {
       return(SECSuccess);
    }
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }

    rv = EncodeDBNicknameKey(nickname, arena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    rv = DeleteDBEntry(handle, certDBEntryTypeNickname, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    return(SECSuccess);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBSMimeEntry ( NSSLOWCERTCertDBHandle *  handle,
char *  emailAddr 
) [static]

Definition at line 2005 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    SECStatus rv;
    SECItem dbkey;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }

    rv = EncodeDBSMimeKey(emailAddr, arena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    rv = DeleteDBEntry(handle, certDBEntryTypeSMimeProfile, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    return(SECSuccess);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBSubjectEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derSubject 
) [static]

Definition at line 2557 of file pcertdb.c.

{
    SECItem dbkey;
    PRArenaPool *arena = NULL;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }
    
    rv = EncodeDBSubjectKey(derSubject, arena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = DeleteDBEntry(handle, certDBEntryTypeSubject, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    return(SECSuccess);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeletePermCert ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 4221 of file pcertdb.c.

{
    SECStatus rv;
    SECStatus ret;

    ret = SECSuccess;
    
    rv = DeleteDBCertEntry(cert->dbhandle, &cert->certKey);
    if ( rv != SECSuccess ) {
       ret = SECFailure;
    }
    
    rv = RemovePermSubjectNode(cert);


    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyCertEntryFreeList ( void  ) [static]

Definition at line 1074 of file pcertdb.c.

{
    certDBEntryCert *entry;

    nsslowcert_LockFreeList();
    while (NULL != (entry = entryListHead)) {
       entryListCount--;
       entryListHead = entry->next;
       PORT_Free(entry);
    }
    PORT_Assert(!entryListCount);
    entryListCount = 0;
    nsslowcert_UnlockFreeList();
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyCertFreeList ( void  ) [static]

Definition at line 5091 of file pcertdb.c.

{
    NSSLOWCERTCertificate *cert;

    nsslowcert_LockFreeList();
    while (NULL != (cert = certListHead)) {
       certListCount--;
       certListHead = cert->next;
       PORT_Free(cert);
    }
    PORT_Assert(!certListCount);
    certListCount = 0;
    nsslowcert_UnlockFreeList();
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyCertificate ( NSSLOWCERTCertificate *  cert,
PRBool  lockdb 
) [static]

Definition at line 5006 of file pcertdb.c.

{
    int refCount;
    NSSLOWCERTCertDBHandle *handle;
    
    if ( cert ) {

       handle = cert->dbhandle;

       /*
        * handle may be NULL, for example if the cert was created with
        * nsslowcert_DecodeDERCertificate.
        */
       if ( lockdb && handle ) {
           nsslowcert_LockDB(handle);
           /* keep a reference until we unlock, so handle won't disappear
            * before we are through with it */
           nsslowcert_reference(handle);
       }

        nsslowcert_LockCertRefCount(cert);
       PORT_Assert(cert->referenceCount > 0);
       refCount = --cert->referenceCount;
        nsslowcert_UnlockCertRefCount(cert);

       if ( ( refCount == 0 ) ) {
           certDBEntryCert *entry  = cert->dbEntry;

           if ( entry ) {
              DestroyDBEntry((certDBEntry *)entry);
            }

           pkcs11_freeNickname(cert->nickname,cert->nicknameSpace);
           pkcs11_freeStaticData(cert->certKey.data,cert->certKeySpace);
           cert->certKey.data = NULL;
           cert->nickname = NULL;

           /* zero cert before freeing. Any stale references to this cert
            * after this point will probably cause an exception.  */
           PORT_Memset(cert, 0, sizeof *cert);

           /* use reflock to protect the free list */
           nsslowcert_LockFreeList();
           if (certListCount > MAX_CERT_LIST_COUNT) {
              PORT_Free(cert);
           } else {
              certListCount++;
              cert->next = certListHead;
              certListHead = cert;
           }
           nsslowcert_UnlockFreeList();
           if (handle) {
               sftk_freeCertDB(handle);
           }
              
           cert = NULL;
        }
       if ( lockdb && handle ) {
           nsslowcert_UnlockDB(handle);
           sftk_freeCertDB(handle);
       }
    }

    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyDBEntry ( certDBEntry entry) [static]

Definition at line 435 of file pcertdb.c.

{
    PRArenaPool *arena = entry->common.arena;

    /* must be one of our certDBEntry from the free list */
    if (arena == NULL) {
       certDBEntryCert *certEntry;
       if ( entry->common.type != certDBEntryTypeCert) {
           return;
       }
       certEntry = (certDBEntryCert *)entry;

       pkcs11_freeStaticData(certEntry->derCert.data, certEntry->derCertSpace);
       pkcs11_freeNickname(certEntry->nickname, certEntry->nicknameSpace);

       nsslowcert_LockFreeList();
       if (entryListCount > MAX_ENTRY_LIST_COUNT) {
           PORT_Free(certEntry);
       } else {
           entryListCount++;
           PORT_Memset(certEntry, 0, sizeof( *certEntry));
           certEntry->next = entryListHead;
           entryListHead = certEntry;
       }
       nsslowcert_UnlockFreeList();
       return;
    }


    /* Zero out the entry struct, so that any further attempts to use it
     * will cause an exception (e.g. null pointer reference). */
    PORT_Memset(&entry->common, 0, sizeof entry->common);
    PORT_FreeArena(arena, PR_FALSE);

    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyTrustFreeList ( void  ) [static]

Definition at line 4364 of file pcertdb.c.

{
    NSSLOWCERTTrust *trust;

    nsslowcert_LockFreeList();
    while (NULL != (trust = trustListHead)) {
       trustListCount--;
       trustListHead = trust->next;
       PORT_Free(trust);
    }
    PORT_Assert(!trustListCount);
    trustListCount = 0;
    nsslowcert_UnlockFreeList();
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBCertEntry ( certDBEntryCert *  entry,
PRArenaPool arena,
SECItem *  dbitem 
) [static]

Definition at line 624 of file pcertdb.c.

{
    unsigned int nnlen;
    unsigned char *buf;
    char *nn;
    char zbuf = 0;
    
    if ( entry->nickname ) {
       nn = entry->nickname;
    } else {
       nn = &zbuf;
    }
    nnlen = PORT_Strlen(nn) + 1;
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = entry->derCert.len + nnlen + DB_CERT_ENTRY_HEADER_LEN +
       SEC_DB_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( entry->trust.sslFlags >> 8 ) & 0xff;
    buf[1] = entry->trust.sslFlags & 0xff;
    buf[2] = ( entry->trust.emailFlags >> 8 ) & 0xff;
    buf[3] = entry->trust.emailFlags & 0xff;
    buf[4] = ( entry->trust.objectSigningFlags >> 8 ) & 0xff;
    buf[5] = entry->trust.objectSigningFlags & 0xff;
    buf[6] = ( entry->derCert.len >> 8 ) & 0xff;
    buf[7] = entry->derCert.len & 0xff;
    buf[8] = ( nnlen >> 8 ) & 0xff;
    buf[9] = nnlen & 0xff;
    
    PORT_Memcpy(&buf[DB_CERT_ENTRY_HEADER_LEN], entry->derCert.data,
             entry->derCert.len);

    PORT_Memcpy(&buf[DB_CERT_ENTRY_HEADER_LEN + entry->derCert.len],
             nn, nnlen);

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBCertKey ( SECItem *  certKey,
PRArenaPool arena,
SECItem *  dbkey 
) [static]

Definition at line 680 of file pcertdb.c.

{
    unsigned int len = certKey->len + SEC_DB_KEY_HEADER_LEN;
    if (arena) {
       dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
    } else {
       if (dbkey->len < len) {
           dbkey->data = (unsigned char *)PORT_Alloc(len);
       }
    }
    dbkey->len = len;
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN],
             certKey->data, certKey->len);
    dbkey->data[0] = certDBEntryTypeCert;

    return(SECSuccess);
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBCrlEntry ( certDBEntryRevocation *  entry,
PRArenaPool arena,
SECItem *  dbitem 
) [static]

Definition at line 1145 of file pcertdb.c.

{
    unsigned int nnlen = 0;
    unsigned char *buf;
  
    if (entry->url) {  
       nnlen = PORT_Strlen(entry->url) + 1;
    }
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = entry->derCrl.len + nnlen 
              + SEC_DB_ENTRY_HEADER_LEN + DB_CRL_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( entry->derCrl.len >> 8 ) & 0xff;
    buf[1] = entry->derCrl.len & 0xff;
    buf[2] = ( nnlen >> 8 ) & 0xff;
    buf[3] = nnlen & 0xff;
    
    PORT_Memcpy(&buf[DB_CRL_ENTRY_HEADER_LEN], entry->derCrl.data,
             entry->derCrl.len);

    if (nnlen != 0) {
       PORT_Memcpy(&buf[DB_CRL_ENTRY_HEADER_LEN + entry->derCrl.len],
             entry->url, nnlen);
    }

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBGenericKey ( SECItem *  certKey,
PRArenaPool arena,
SECItem *  dbkey,
certDBEntryType  entryType 
) [static]

Definition at line 704 of file pcertdb.c.

{
    /*
     * we only allow _one_ KRL key!
     */
    if (entryType == certDBEntryTypeKeyRevocation) {
       dbkey->len = SEC_DB_KEY_HEADER_LEN;
       dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
       if ( dbkey->data == NULL ) {
           goto loser;
       }
        dbkey->data[0] = (unsigned char) entryType;
        return(SECSuccess);
    }
    

    dbkey->len = certKey->len + SEC_DB_KEY_HEADER_LEN;
    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN],
             certKey->data, certKey->len);
    dbkey->data[0] = (unsigned char) entryType;

    return(SECSuccess);
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBNicknameEntry ( certDBEntryNickname entry,
PRArenaPool arena,
SECItem *  dbitem 
) [static]

Definition at line 1455 of file pcertdb.c.

{
    unsigned char *buf;
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN +
       SEC_DB_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( entry->subjectName.len >> 8 ) & 0xff;
    buf[1] = entry->subjectName.len & 0xff;
    
    PORT_Memcpy(&buf[DB_NICKNAME_ENTRY_HEADER_LEN], entry->subjectName.data,
             entry->subjectName.len);

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBNicknameKey ( char *  nickname,
PRArenaPool arena,
SECItem *  dbkey 
) [static]

Definition at line 1490 of file pcertdb.c.

{
    unsigned int nnlen;
    
    nnlen = PORT_Strlen(nickname) + 1; /* includes null */

    /* now get the database key and format it */
    dbkey->len = nnlen + SEC_DB_KEY_HEADER_LEN;
    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], nickname, nnlen);
    dbkey->data[0] = certDBEntryTypeNickname;

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus EncodeDBSMimeEntry ( certDBEntrySMime entry,
PRArenaPool arena,
SECItem *  dbitem 
)

Definition at line 1762 of file pcertdb.c.

{
    unsigned char *buf;
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = entry->subjectName.len + entry->smimeOptions.len +
       entry->optionsDate.len +
       DB_SMIME_ENTRY_HEADER_LEN + SEC_DB_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( entry->subjectName.len >> 8 ) & 0xff;
    buf[1] = entry->subjectName.len & 0xff;
    buf[2] = ( entry->smimeOptions.len >> 8 ) & 0xff;
    buf[3] = entry->smimeOptions.len & 0xff;
    buf[4] = ( entry->optionsDate.len >> 8 ) & 0xff;
    buf[5] = entry->optionsDate.len & 0xff;

    /* if no smime options, then there should not be an options date either */
    PORT_Assert( ! ( ( entry->smimeOptions.len == 0 ) &&
                  ( entry->optionsDate.len != 0 ) ) );
    
    PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN], entry->subjectName.data,
             entry->subjectName.len);
    if ( entry->smimeOptions.len ) {
       PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN+entry->subjectName.len],
                  entry->smimeOptions.data,
                  entry->smimeOptions.len);
       PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN + entry->subjectName.len +
                      entry->smimeOptions.len],
                  entry->optionsDate.data,
                  entry->optionsDate.len);
    }

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

static SECStatus EncodeDBSMimeKey ( char *  emailAddr,
PRArenaPool arena,
SECItem *  dbkey 
) [static]

Definition at line 1816 of file pcertdb.c.

{
    unsigned int addrlen;
    
    addrlen = PORT_Strlen(emailAddr) + 1; /* includes null */

    /* now get the database key and format it */
    dbkey->len = addrlen + SEC_DB_KEY_HEADER_LEN;
    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], emailAddr, addrlen);
    dbkey->data[0] = certDBEntryTypeSMimeProfile;

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBSubjectEntry ( certDBEntrySubject entry,
PRArenaPool arena,
SECItem *  dbitem 
) [static]

Definition at line 2153 of file pcertdb.c.

{
    unsigned char *buf;
    int len;
    unsigned int ncerts;
    unsigned int i;
    unsigned char *tmpbuf;
    unsigned int nnlen = 0;
    unsigned int eaddrslen = 0;
    int keyidoff;
    SECItem *certKeys;
    SECItem *keyIDs;
    
    if ( entry->nickname ) {
       nnlen = PORT_Strlen(entry->nickname) + 1;
    }
    if ( entry->emailAddrs ) {
       eaddrslen = 2;
       for (i=0; i < entry->nemailAddrs; i++) {
           eaddrslen += PORT_Strlen(entry->emailAddrs[i]) + 1 + 2;
       }
    }

    ncerts = entry->ncerts;
    
    /* compute the length of the entry */
    keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN + nnlen ;
    len = keyidoff + 4 * ncerts + eaddrslen;
    for ( i = 0; i < ncerts; i++ ) {
       len += entry->certKeys[i].len;
       len += entry->keyIDs[i].len;
    }
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = len + SEC_DB_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( ncerts >> 8 ) & 0xff;
    buf[1] = ncerts & 0xff;
    buf[2] = ( nnlen >> 8 ) & 0xff;
    buf[3] = nnlen & 0xff;
    /* v7 email field is NULL in v8 */
    buf[4] = 0;
    buf[5] = 0;

    PORT_Memcpy(&buf[DB_SUBJECT_ENTRY_HEADER_LEN], entry->nickname, nnlen);
    
    for ( i = 0; i < ncerts; i++ ) {

       certKeys = entry->certKeys;
       keyIDs = entry->keyIDs;

       buf[keyidoff+i*2] = ( certKeys[i].len >> 8 ) & 0xff;
       buf[keyidoff+1+i*2] = certKeys[i].len & 0xff;
       buf[keyidoff+ncerts*2+i*2] = ( keyIDs[i].len >> 8 ) & 0xff;
       buf[keyidoff+1+ncerts*2+i*2] = keyIDs[i].len & 0xff;
    }
    
    /* temp pointer used to stuff certkeys and keyids into the buffer */
    tmpbuf = &buf[keyidoff+ncerts*4];

    for ( i = 0; i < ncerts; i++ ) {
       certKeys = entry->certKeys;
       PORT_Memcpy(tmpbuf, certKeys[i].data, certKeys[i].len);
       tmpbuf = tmpbuf + certKeys[i].len;
    }
    
    for ( i = 0; i < ncerts; i++ ) {
       keyIDs = entry->keyIDs;
       PORT_Memcpy(tmpbuf, keyIDs[i].data, keyIDs[i].len);
       tmpbuf = tmpbuf + keyIDs[i].len;
    }

    if (entry->emailAddrs) {
       tmpbuf[0] =  (entry->nemailAddrs >> 8) & 0xff;
       tmpbuf[1] =  entry->nemailAddrs  & 0xff;
       tmpbuf += 2;
       for (i=0; i < entry->nemailAddrs; i++) {
           int nameLen = PORT_Strlen(entry->emailAddrs[i]) + 1;
           tmpbuf[0] =  (nameLen >> 8) & 0xff;
           tmpbuf[1] =  nameLen & 0xff;
           tmpbuf += 2;
           PORT_Memcpy(tmpbuf,entry->emailAddrs[i],nameLen);
           tmpbuf +=nameLen;
       }
    }

    PORT_Assert(tmpbuf == &buf[len]);
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBSubjectKey ( SECItem *  derSubject,
PRArenaPool arena,
SECItem *  dbkey 
) [static]

Definition at line 2263 of file pcertdb.c.

{
    dbkey->len = derSubject->len + SEC_DB_KEY_HEADER_LEN;
    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], derSubject->data,
             derSubject->len);
    dbkey->data[0] = certDBEntryTypeSubject;

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTCertificate* FindCertByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey,
PRBool  lockdb 
) [static]

Definition at line 4699 of file pcertdb.c.

{
    NSSLOWCERTCertificate *cert = NULL;
    certDBEntryCert *entry;
    PRBool locked = PR_FALSE;
    
    if ( lockdb ) {
       locked = PR_TRUE;
       nsslowcert_LockDB(handle);
    }
       
    /* find in perm database */
    entry = ReadDBCertEntry(handle, certKey);
       
    if ( entry == NULL ) {
       goto loser;
    }
  
    /* inherit entry */  
    cert = DecodeACert(handle, entry);

loser:
    if (cert == NULL) {
       if (entry) {
           DestroyDBEntry((certDBEntry *)entry);
       }
    }

    if ( locked ) {
       nsslowcert_UnlockDB(handle);
    }
    
    return(cert);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTTrust* FindTrustByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey,
PRBool  lockdb 
) [static]

Definition at line 4738 of file pcertdb.c.

{
    NSSLOWCERTTrust *trust = NULL;
    certDBEntryCert *entry;
    PRBool locked = PR_FALSE;
    
    if ( lockdb ) {
       locked = PR_TRUE;
       nsslowcert_LockDB(handle);
    }
       
    /* find in perm database */
    entry = ReadDBCertEntry(handle, certKey);
       
    if ( entry == NULL ) {
       goto loser;
    }

    if (!nsslowcert_hasTrust(&entry->trust)) {
       goto loser;
    }
  
    /* inherit entry */  
    trust = DecodeTrustEntry(handle, entry, certKey);

loser:
    if (trust == NULL) {
       if (entry) {
           DestroyDBEntry((certDBEntry *)entry);
       }
    }

    if ( locked ) {
       nsslowcert_UnlockDB(handle);
    }
    
    return(trust);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRBool isV4DB ( DB db) [static]

Definition at line 3867 of file pcertdb.c.

               {
    DBT key,data;
    int ret;

    key.data = "Version";
    key.size = 7;

    ret = (*db->get)(db, &key, &data, 0);
    if (ret) {
       return PR_FALSE;
    }

    if ((data.size == 1) && (*(unsigned char *)data.data <= 4))  {
       return PR_TRUE;
    }

    return PR_FALSE;
}

Here is the caller graph for this function:

static certDBEntryCert* NewDBCertEntry ( SECItem *  derCert,
char *  nickname,
NSSLOWCERTCertTrust *  trust,
int  flags 
) [static]

Definition at line 828 of file pcertdb.c.

{
    certDBEntryCert *entry;
    PRArenaPool *arena = NULL;
    int nnlen;
    
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );

    if ( !arena ) {
       goto loser;
    }
       
    entry = PORT_ArenaZNew(arena, certDBEntryCert);
    if ( entry == NULL ) {
       goto loser;
    }
    
    /* fill in the dbCert */
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeCert;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;
    
    if ( trust ) {
       entry->trust = *trust;
    }

    entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(arena, derCert->len);
    if ( !entry->derCert.data ) {
       goto loser;
    }
    entry->derCert.len = derCert->len;
    PORT_Memcpy(entry->derCert.data, derCert->data, derCert->len);
    
    nnlen = ( nickname ? strlen(nickname) + 1 : 0 );
    
    if ( nnlen ) {
       entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
       if ( !entry->nickname ) {
           goto loser;
       }
       PORT_Memcpy(entry->nickname, nickname, nnlen);
       
    } else {
       entry->nickname = 0;
    }

    return(entry);

loser:
    
    /* allocation error, free arena and return */
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    PORT_SetError(SEC_ERROR_NO_MEMORY);
    return(0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryRevocation* NewDBCrlEntry ( SECItem *  derCrl,
char *  url,
certDBEntryType  crlType,
int  flags 
) [static]

Definition at line 1246 of file pcertdb.c.

{
    certDBEntryRevocation *entry;
    PRArenaPool *arena = NULL;
    int nnlen;
    
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );

    if ( !arena ) {
       goto loser;
    }
       
    entry = PORT_ArenaZNew(arena, certDBEntryRevocation);
    if ( entry == NULL ) {
       goto loser;
    }
    
    /* fill in the dbRevolcation */
    entry->common.arena = arena;
    entry->common.type = crlType;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;
    

    entry->derCrl.data = (unsigned char *)PORT_ArenaAlloc(arena, derCrl->len);
    if ( !entry->derCrl.data ) {
       goto loser;
    }

    if (url) {
       nnlen = PORT_Strlen(url) + 1;
       entry->url  = (char *)PORT_ArenaAlloc(arena, nnlen);
       if ( !entry->url ) {
           goto loser;
       }
       PORT_Memcpy(entry->url, url, nnlen);
    } else {
       entry->url = NULL;
    }

       
    entry->derCrl.len = derCrl->len;
    PORT_Memcpy(entry->derCrl.data, derCrl->data, derCrl->len);

    return(entry);

loser:
    
    /* allocation error, free arena and return */
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    PORT_SetError(SEC_ERROR_NO_MEMORY);
    return(0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryNickname* NewDBNicknameEntry ( char *  nickname,
SECItem *  subjectName,
unsigned int  flags 
) [static]

Definition at line 1559 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    certDBEntryNickname *entry;
    int nnlen;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    entry = (certDBEntryNickname *)PORT_ArenaAlloc(arena,
                                           sizeof(certDBEntryNickname));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    /* init common fields */
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeNickname;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;

    /* copy the nickname */
    nnlen = PORT_Strlen(nickname) + 1;
    
    entry->nickname = (char*)PORT_ArenaAlloc(arena, nnlen);
    if ( entry->nickname == NULL ) {
       goto loser;
    }
    
    PORT_Memcpy(entry->nickname, nickname, nnlen);
    
    rv = SECITEM_CopyItem(arena, &entry->subjectName, subjectName);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    return(entry);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntrySMime* NewDBSMimeEntry ( char *  emailAddr,
SECItem *  subjectName,
SECItem *  smimeOptions,
SECItem *  optionsDate,
unsigned int  flags 
) [static]

Definition at line 1925 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    certDBEntrySMime *entry;
    int addrlen;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
                                          sizeof(certDBEntrySMime));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    /* init common fields */
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeSMimeProfile;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;

    /* copy the email addr */
    addrlen = PORT_Strlen(emailAddr) + 1;
    
    entry->emailAddr = (char*)PORT_ArenaAlloc(arena, addrlen);
    if ( entry->emailAddr == NULL ) {
       goto loser;
    }
    
    PORT_Memcpy(entry->emailAddr, emailAddr, addrlen);
    
    /* copy the subject name */
    rv = SECITEM_CopyItem(arena, &entry->subjectName, subjectName);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* copy the smime options */
    if ( smimeOptions ) {
       rv = SECITEM_CopyItem(arena, &entry->smimeOptions, smimeOptions);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    } else {
       PORT_Assert(optionsDate == NULL);
       entry->smimeOptions.data = NULL;
       entry->smimeOptions.len = 0;
    }

    /* copy the options date */
    if ( optionsDate ) {
       rv = SECITEM_CopyItem(arena, &entry->optionsDate, optionsDate);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    } else {
       PORT_Assert(smimeOptions == NULL);
       entry->optionsDate.data = NULL;
       entry->optionsDate.len = 0;
    }
    
    return(entry);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntrySubject* NewDBSubjectEntry ( SECItem *  derSubject,
SECItem *  certKey,
SECItem *  keyID,
char *  nickname,
char *  emailAddr,
unsigned int  flags 
) [static]

Definition at line 2453 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    certDBEntrySubject *entry;
    SECStatus rv;
    unsigned int nnlen;
    unsigned int eaddrlen;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    entry = (certDBEntrySubject *)PORT_ArenaAlloc(arena,
                                            sizeof(certDBEntrySubject));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    /* init common fields */
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeSubject;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;

    /* copy the subject */
    rv = SECITEM_CopyItem(arena, &entry->derSubject, derSubject);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    entry->ncerts = 1;
    entry->nemailAddrs = 0;
    /* copy nickname */
    if ( nickname && ( *nickname != '\0' ) ) {
       nnlen = PORT_Strlen(nickname) + 1;
       entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
       if ( entry->nickname == NULL ) {
           goto loser;
       }
                                            
       PORT_Memcpy(entry->nickname, nickname, nnlen);
    } else {
       entry->nickname = NULL;
    }
    
    /* copy email addr */
    if ( emailAddr && ( *emailAddr != '\0' ) ) {
       emailAddr = nsslowcert_FixupEmailAddr(emailAddr);
       if ( emailAddr == NULL ) {
           entry->emailAddrs = NULL;
           goto loser;
       }
       
       eaddrlen = PORT_Strlen(emailAddr) + 1;
       entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *));
       if ( entry->emailAddrs == NULL ) {
           PORT_Free(emailAddr);
           goto loser;
       }
       entry->emailAddrs[0] = PORT_ArenaStrdup(arena,emailAddr);
       if (entry->emailAddrs[0]) {
           entry->nemailAddrs = 1;
       } 
       
       PORT_Free(emailAddr);
    } else {
       entry->emailAddrs = NULL;
    }
    
    /* allocate space for certKeys and keyIDs */
    entry->certKeys = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
    entry->keyIDs = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
    if ( ( entry->certKeys == NULL ) || ( entry->keyIDs == NULL ) ) {
       goto loser;
    }

    /* copy the certKey and keyID */
    rv = SECITEM_CopyItem(arena, &entry->certKeys[0], certKey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    rv = SECITEM_CopyItem(arena, &entry->keyIDs[0], keyID);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    return(entry);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryVersion* NewDBVersionEntry ( unsigned int  flags) [static]

Definition at line 2824 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    certDBEntryVersion *entry;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    entry = (certDBEntryVersion *)PORT_ArenaAlloc(arena,
                                          sizeof(certDBEntryVersion));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeVersion;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;

    return(entry);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_AddCrl ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derCrl,
SECItem *  crlKey,
char *  url,
PRBool  isKRL 
)

Definition at line 5219 of file pcertdb.c.

{
    SECStatus rv;

    rv = db_BeginTransaction(handle->permCertDB);
    if (rv != SECSuccess) {
       return SECFailure;
    }
    rv = nsslowcert_UpdateCrl(handle, derCrl, crlKey, url, isKRL);

    db_FinishTransaction(handle->permCertDB, rv != SECSuccess);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_AddPermCert ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname,
NSSLOWCERTCertTrust *  trust 
)

Definition at line 4630 of file pcertdb.c.

{
    SECStatus ret;
    SECStatus rv;

    nsslowcert_LockDB(dbhandle);
    rv = db_BeginTransaction(dbhandle->permCertDB);
    if (rv != SECSuccess) {
       nsslowcert_UnlockDB(dbhandle);
       return SECFailure;
    }

    ret = nsslowcert_UpdatePermCert(dbhandle, cert, nickname, trust);
    
    db_FinishTransaction(dbhandle->permCertDB, ret != SECSuccess);
    nsslowcert_UnlockDB(dbhandle);
    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_AddPermNickname ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname 
)

Definition at line 3284 of file pcertdb.c.

{
    SECStatus rv = SECFailure;
    certDBEntrySubject *entry = NULL;
    certDBEntryNickname *nicknameEntry = NULL;
    
    nsslowcert_LockDB(dbhandle);

    entry = ReadDBSubjectEntry(dbhandle, &cert->derSubject);
    if (entry == NULL) goto loser;

    if ( entry->nickname == NULL ) {

       /* no nickname for subject */
       rv = AddNicknameToSubject(dbhandle, cert, nickname);
       if ( rv != SECSuccess ) {
           goto loser;
       }
       rv = AddNicknameToPermCert(dbhandle, cert, nickname);
       if ( rv != SECSuccess ) {
           goto loser;
       }
       nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0);
       if ( nicknameEntry == NULL ) {
           goto loser;
       }
    
       rv = WriteDBNicknameEntry(dbhandle, nicknameEntry);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    } else {
       /* subject already has a nickname */
       rv = AddNicknameToPermCert(dbhandle, cert, entry->nickname);
       if ( rv != SECSuccess ) {
           goto loser;
       }
       /* make sure nickname entry exists. If the database was corrupted,
        * we may have lost the nickname entry. Add it back now  */
       nicknameEntry = ReadDBNicknameEntry(dbhandle, entry->nickname);
       if (nicknameEntry == NULL ) {
           nicknameEntry = NewDBNicknameEntry(entry->nickname, 
                                                 &cert->derSubject, 0);
           if ( nicknameEntry == NULL ) {
              goto loser;
           }
    
           rv = WriteDBNicknameEntry(dbhandle, nicknameEntry);
           if ( rv != SECSuccess ) {
              goto loser;
           }
       }
    }
    rv = SECSuccess;

loser:
    if (entry) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    if (nicknameEntry) {
       DestroyDBEntry((certDBEntry *)nicknameEntry);
    }
    nsslowcert_UnlockDB(dbhandle);
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool nsslowcert_CertDBKeyConflict ( SECItem *  derCert,
NSSLOWCERTCertDBHandle *  handle 
)

Definition at line 3942 of file pcertdb.c.

{
    SECStatus rv;
    DBT tmpdata;
    DBT namekey;
    int ret;
    SECItem keyitem;
    PRArenaPool *arena = NULL;
    SECItem derKey;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }

    /* get the db key of the cert */
    rv = nsslowcert_KeyFromDERCert(arena, derCert, &derKey);
    if ( rv != SECSuccess ) {
        goto loser;
    }

    rv = EncodeDBCertKey(&derKey, arena, &keyitem);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    namekey.data = keyitem.data;
    namekey.size = keyitem.len;
    
    ret = certdb_Get(handle->permCertDB, &namekey, &tmpdata, 0);
    if ( ret == 0 ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    
    return(PR_FALSE);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(PR_TRUE);
}

Here is the call graph for this function:

static PRBool nsslowcert_CertNicknameConflict ( char *  nickname,
SECItem *  derSubject,
NSSLOWCERTCertDBHandle *  handle 
) [static]

Definition at line 3993 of file pcertdb.c.

{
    PRBool rv;
    certDBEntryNickname *entry;
    
    if ( nickname == NULL ) {
       return(PR_FALSE);
    }
    
    entry = ReadDBNicknameEntry(handle, nickname);

    if ( entry == NULL ) {
       /* no entry for this nickname, so no conflict */
       return(PR_FALSE);
    }

    rv = PR_TRUE;
    if ( SECITEM_CompareItem(derSubject, &entry->subjectName) == SECEqual ) {
       /* if subject names are the same, then no conflict */
       rv = PR_FALSE;
    }

    DestroyDBEntry((certDBEntry *)entry);
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_ChangeCertTrust ( NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTCertificate *  cert,
NSSLOWCERTCertTrust *  trust 
)

Definition at line 4549 of file pcertdb.c.

{
    certDBEntryCert *entry;
    int rv;
    SECStatus ret;
    
    nsslowcert_LockDB(handle);
    nsslowcert_LockCertTrust(cert);
    /* only set the trust on permanent certs */
    if ( cert->trust == NULL ) {
       ret = SECFailure;
       goto done;
    }

    *cert->trust = *trust;
    if ( cert->dbEntry == NULL ) {
       ret = SECSuccess; /* not in permanent database */
       goto done;
    }
    
    entry = cert->dbEntry;
    entry->trust = *trust;
    
    rv = WriteDBCertEntry(handle, entry);
    if ( rv ) {
       ret = SECFailure;
       goto done;
    }

    ret = SECSuccess;
    
done:
    nsslowcert_UnlockCertTrust(cert);
    nsslowcert_UnlockDB(handle);
    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void nsslowcert_ClosePermCertDB ( NSSLOWCERTCertDBHandle *  handle)

Definition at line 4508 of file pcertdb.c.

{
    if ( handle ) {
       if ( handle->permCertDB ) {
           certdb_Close( handle->permCertDB );
           handle->permCertDB = NULL;
       }
       if (handle->dbMon) {
           PZ_DestroyMonitor(handle->dbMon);
           handle->dbMon = NULL;
       }
    }
    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSSLOWCERTCertificate* nsslowcert_CreateCert ( void  )

Definition at line 5073 of file pcertdb.c.

{
    NSSLOWCERTCertificate *cert;
    nsslowcert_LockFreeList();
    cert = certListHead;
    if (cert) {
       certListHead = cert->next;
       certListCount--;
    }
    PORT_Assert(certListCount >= 0);
    nsslowcert_UnlockFreeList();
    if (cert) {
       return cert;
    }
    return PORT_ZNew(NSSLOWCERTCertificate);
}

Here is the call graph for this function:

Here is the caller graph for this function:

certDBEntry* nsslowcert_DecodeAnyDBEntry ( SECItem *  dbData,
SECItem *  dbKey,
certDBEntryType  entryType,
void pdata 
)

Definition at line 5377 of file pcertdb.c.

{
    PLArenaPool *arena = NULL;
    certDBEntry *entry;
    SECStatus rv;
    SECItem dbEntry;


    if ((dbData->len < SEC_DB_ENTRY_HEADER_LEN) || (dbKey->len == 0)) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       goto loser;
    }
    dbEntry.data = &dbData->data[SEC_DB_ENTRY_HEADER_LEN];
    dbEntry.len  = dbData->len - SEC_DB_ENTRY_HEADER_LEN;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       goto loser;
    }
    entry = PORT_ArenaZNew(arena, certDBEntry);
    if (!entry)
       goto loser;

    entry->common.version = (unsigned int)dbData->data[0];
    entry->common.flags   = (unsigned int)dbData->data[2];
    entry->common.type    = entryType;
    entry->common.arena   = arena;

    switch (entryType) {
    case certDBEntryTypeContentVersion: /* This type appears to be unused */
    case certDBEntryTypeVersion:        /* This type has only the common hdr */
       rv = SECSuccess;
       break;

    case certDBEntryTypeSubject:
       rv = DecodeDBSubjectEntry(&entry->subject, &dbEntry, dbKey);
       break;

    case certDBEntryTypeNickname:
       rv = DecodeDBNicknameEntry(&entry->nickname, &dbEntry,
                                   (char *)dbKey->data);
       break;

    /* smime profiles need entries created after the certs have
     * been imported, loop over them in a second run */
    case certDBEntryTypeSMimeProfile:
       rv = DecodeDBSMimeEntry(&entry->smime, &dbEntry, (char *)dbKey->data);
       break;

    case certDBEntryTypeCert:
       rv = DecodeDBCertEntry(&entry->cert, &dbEntry);
       break;

    case certDBEntryTypeKeyRevocation:
    case certDBEntryTypeRevocation:
       rv = DecodeDBCrlEntry(&entry->revocation, &dbEntry);
       break;

    default:
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       rv = SECFailure;
    }

    if (rv == SECSuccess)
       return entry;

loser:
    if (arena)
       PORT_FreeArena(arena, PR_FALSE);
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_DeletePermCertificate ( NSSLOWCERTCertificate *  cert)

Definition at line 4243 of file pcertdb.c.

{
    SECStatus rv;
    
    nsslowcert_LockDB(cert->dbhandle);

    rv = db_BeginTransaction(cert->dbhandle->permCertDB);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    /* delete the records from the permanent database */
    rv = DeletePermCert(cert);

    /* get rid of dbcert and stuff pointing to it */
    DestroyDBEntry((certDBEntry *)cert->dbEntry);
    cert->dbEntry = NULL;
    cert->trust = NULL;

    db_FinishTransaction(cert->dbhandle->permCertDB,rv != SECSuccess);
loser:
       
    nsslowcert_UnlockDB(cert->dbhandle);
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_DeletePermCRL ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derName,
PRBool  isKRL 
)

Definition at line 5235 of file pcertdb.c.

{
    SECStatus rv;
    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation  
                                   : certDBEntryTypeRevocation;
    rv = db_BeginTransaction(handle->permCertDB);
    if (rv != SECSuccess) {
       return SECFailure;
    }
    
    rv = DeleteDBCrlEntry(handle, derName, crlType);
    if (rv != SECSuccess) goto done;
  
done:
    db_FinishTransaction(handle->permCertDB, rv != SECSuccess);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void nsslowcert_DestroyCertificate ( NSSLOWCERTCertificate *  cert)

Definition at line 5134 of file pcertdb.c.

Here is the call graph for this function:

Here is the caller graph for this function:

static void nsslowcert_DestroyCertificateNoLocking ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 5141 of file pcertdb.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1445 of file pcertdb.c.

{
    DestroyDBEntry(entry);
    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 5350 of file pcertdb.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 5360 of file pcertdb.c.

Here is the caller graph for this function:

void nsslowcert_DestroyTrust ( NSSLOWCERTTrust *  trust)

Definition at line 5107 of file pcertdb.c.

{
    certDBEntryCert *entry  = trust->dbEntry;

    if ( entry ) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    if (trust->dbhandle) {
       sftk_freeCertDB(trust->dbhandle);
    }
    pkcs11_freeStaticData(trust->dbKey.data,trust->dbKeySpace);
    PORT_Memset(trust, 0, sizeof(*trust));

    nsslowcert_LockFreeList();
    if (trustListCount > MAX_TRUST_LIST_COUNT) {
       PORT_Free(trust);
    } else {
       trustListCount++;
       trust->next = trustListHead;
       trustListHead = trust;
    }
    nsslowcert_UnlockFreeList();

    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSSLOWCERTCertificate* nsslowcert_DupCertificate ( NSSLOWCERTCertificate *  c)

Definition at line 261 of file pcertdb.c.

{
    if (c) {
       nsslowcert_LockCertRefCount(c);
       ++c->referenceCount;
       nsslowcert_UnlockCertRefCount(c);
    }
    return c;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSSLOWCERTCertificate* nsslowcert_FindCertByDERCert ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derCert 
)

Definition at line 4978 of file pcertdb.c.

{
    PRArenaPool *arena;
    SECItem certKey;
    SECStatus rv;
    NSSLOWCERTCertificate *cert = NULL;
    
    /* create a scratch arena */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       return(NULL);
    }
    
    /* extract the database key from the cert */
    rv = nsslowcert_KeyFromDERCert(arena, derCert, &certKey);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* find the certificate */
    cert = nsslowcert_FindCertByKey(handle, &certKey);
    
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return(cert);
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSSLOWCERTCertificate* nsslowcert_FindCertByDERCertNoLocking ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derCert 
)
NSSLOWCERTCertificate* nsslowcert_FindCertByIssuerAndSN ( NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTIssuerAndSN *  issuerAndSN 
)

Definition at line 4800 of file pcertdb.c.

{
    SECItem certKey;
    SECItem *sn = &issuerAndSN->serialNumber;
    SECItem *issuer = &issuerAndSN->derIssuer;
    NSSLOWCERTCertificate *cert;
    int data_left = sn->len-1;
    int data_len = sn->len;
    int index = 0;

    /* automatically detect DER encoded serial numbers and remove the der
     * encoding since the database expects unencoded data. 
     * if it's DER encoded, there must be at least 3 bytes, tag, len, data */
    if ((sn->len >= 3) && (sn->data[0] == 0x2)) {
       /* remove the der encoding of the serial number before generating the
        * key.. */
       data_left = sn->len-2;
       data_len = sn->data[1];
       index = 2;

       /* extended length ? (not very likely for a serial number) */
       if (data_len & 0x80) {
           int len_count = data_len & 0x7f;

           data_len = 0;
           data_left -= len_count;
           if (data_left > 0) {
              while (len_count --) {
                  data_len = (data_len << 8) | sn->data[index++];
              }
           } 
       }
       /* XXX leaving any leading zeros on the serial number for backwards
        * compatibility
        */
       /* not a valid der, must be just an unlucky serial number value */
       if (data_len != data_left) {
           data_len = sn->len;
           index = 0;
       }
    }

    certKey.type = 0;
    certKey.data = (unsigned char*)PORT_Alloc(sn->len + issuer->len);
    certKey.len = data_len + issuer->len;
    
    if ( certKey.data == NULL ) {
       return(0);
    }

    /* first try the serial number as hand-decoded above*/
    /* copy the serialNumber */
    PORT_Memcpy(certKey.data, &sn->data[index], data_len);

    /* copy the issuer */
    PORT_Memcpy( &certKey.data[data_len],issuer->data,issuer->len);

    cert = nsslowcert_FindCertByKey(handle, &certKey);
    if (cert) {
       PORT_Free(certKey.data);
       return (cert);
    }

    /* didn't find it, try by der encoded serial number */
    /* copy the serialNumber */
    PORT_Memcpy(certKey.data, sn->data, sn->len);

    /* copy the issuer */
    PORT_Memcpy( &certKey.data[sn->len], issuer->data, issuer->len);
    certKey.len = sn->len + issuer->len;

    cert = nsslowcert_FindCertByKey(handle, &certKey);
    
    PORT_Free(certKey.data);
    
    return(cert);
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSSLOWCERTCertificate* nsslowcert_FindCertByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey 
)

Definition at line 4781 of file pcertdb.c.

{
    return(FindCertByKey(handle, certKey, PR_FALSE));
}

Here is the call graph for this function:

Here is the caller graph for this function:

certDBEntryRevocation* nsslowcert_FindCrlByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  crlKey,
PRBool  isKRL 
)

Definition at line 5152 of file pcertdb.c.

{
    SECItem keyitem;
    DBT key;
    SECStatus rv;
    PRArenaPool *arena = NULL;
    certDBEntryRevocation *entry = NULL;
    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation  
                                   : certDBEntryTypeRevocation;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }
    
    rv = EncodeDBGenericKey(crlKey, arena, &keyitem, crlType);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    key.data = keyitem.data;
    key.size = keyitem.len;

    /* find in perm database */
    entry = ReadDBCrlEntry(handle, crlKey, crlType);
       
    if ( entry == NULL ) {
       goto loser;
    }

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return entry;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSSLOWCERTTrust* nsslowcert_FindTrustByIssuerAndSN ( NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTIssuerAndSN *  issuerAndSN 
)

Definition at line 4883 of file pcertdb.c.

{
    SECItem certKey;
    SECItem *sn = &issuerAndSN->serialNumber;
    SECItem *issuer = &issuerAndSN->derIssuer;
    NSSLOWCERTTrust *trust;
    unsigned char keyBuf[512];
    int data_left = sn->len-1;
    int data_len = sn->len;
    int index = 0;
    int len;

    /* automatically detect DER encoded serial numbers and remove the der
     * encoding since the database expects unencoded data. 
     * if it's DER encoded, there must be at least 3 bytes, tag, len, data */
    if ((sn->len >= 3) && (sn->data[0] == 0x2)) {
       /* remove the der encoding of the serial number before generating the
        * key.. */
       data_left = sn->len-2;
       data_len = sn->data[1];
       index = 2;

       /* extended length ? (not very likely for a serial number) */
       if (data_len & 0x80) {
           int len_count = data_len & 0x7f;

           data_len = 0;
           data_left -= len_count;
           if (data_left > 0) {
              while (len_count --) {
                  data_len = (data_len << 8) | sn->data[index++];
              }
           } 
       }
       /* XXX leaving any leading zeros on the serial number for backwards
        * compatibility
        */
       /* not a valid der, must be just an unlucky serial number value */
       if (data_len != data_left) {
           data_len = sn->len;
           index = 0;
       }
    }

    certKey.type = 0;
    certKey.len = data_len + issuer->len;
    len = sn->len + issuer->len;
    if (len > sizeof (keyBuf)) {
       certKey.data = (unsigned char*)PORT_Alloc(len);
    } else {
       certKey.data = keyBuf;
    }
    
    if ( certKey.data == NULL ) {
       return(0);
    }

    /* first try the serial number as hand-decoded above*/
    /* copy the serialNumber */
    PORT_Memcpy(certKey.data, &sn->data[index], data_len);

    /* copy the issuer */
    PORT_Memcpy( &certKey.data[data_len],issuer->data,issuer->len);

    trust = nsslowcert_FindTrustByKey(handle, &certKey);
    if (trust) {
       pkcs11_freeStaticData(certKey.data, keyBuf);
       return (trust);
    }

    if (index == 0) {
       pkcs11_freeStaticData(certKey.data, keyBuf);
       return NULL;
    }

    /* didn't find it, try by der encoded serial number */
    /* copy the serialNumber */
    PORT_Memcpy(certKey.data, sn->data, sn->len);

    /* copy the issuer */
    PORT_Memcpy( &certKey.data[sn->len], issuer->data, issuer->len);
    certKey.len = sn->len + issuer->len;

    trust = nsslowcert_FindTrustByKey(handle, &certKey);
    
    pkcs11_freeStaticData(certKey.data, keyBuf);
    
    return(trust);
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSSLOWCERTTrust* nsslowcert_FindTrustByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey 
)

Definition at line 4790 of file pcertdb.c.

{
    return(FindTrustByKey(handle, certKey, PR_FALSE));
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_GetCertTrust ( NSSLOWCERTCertificate *  cert,
NSSLOWCERTCertTrust *  trust 
)

Definition at line 4527 of file pcertdb.c.

{
    SECStatus rv;
    
    nsslowcert_LockCertTrust(cert);
    
    if ( cert->trust == NULL ) {
       rv = SECFailure;
    } else {
       *trust = *cert->trust;
       rv = SECSuccess;
    }
    
    nsslowcert_UnlockCertTrust(cert);
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int nsslowcert_GetVersionNumber ( NSSLOWCERTCertDBHandle *  handle) [static]

Definition at line 4116 of file pcertdb.c.

{
    certDBEntryVersion *versionEntry = NULL;
    int version = 0;

    versionEntry = ReadDBVersionEntry(handle); 
    if ( versionEntry == NULL ) {
       return 0;
    }
    version = versionEntry->common.version;
    DestroyDBEntry((certDBEntry *)versionEntry);
    return version;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool nsslowcert_hasTrust ( NSSLOWCERTCertTrust *  trust)

Definition at line 5256 of file pcertdb.c.

{
    if (trust == NULL) {
       return PR_FALSE;
    }
    return !((trust->sslFlags & CERTDB_TRUSTED_UNKNOWN) && 
              (trust->emailFlags & CERTDB_TRUSTED_UNKNOWN) && 
                     (trust->objectSigningFlags & CERTDB_TRUSTED_UNKNOWN));
}

Here is the caller graph for this function:

Definition at line 108 of file pcertdb.c.

Here is the caller graph for this function:

static void nsslowcert_LockCertRefCount ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 170 of file pcertdb.c.

Here is the caller graph for this function:

void nsslowcert_LockCertTrust ( NSSLOWCERTCertificate *  cert)

Definition at line 202 of file pcertdb.c.

static void nsslowcert_LockDB ( NSSLOWCERTCertDBHandle *  handle) [static]

Definition at line 141 of file pcertdb.c.

{
    PZ_EnterMonitor(handle->dbMon);
    return;
}

Here is the caller graph for this function:

static void nsslowcert_LockFreeList ( void  ) [static]

Definition at line 235 of file pcertdb.c.

Here is the caller graph for this function:

PRBool nsslowcert_needDBVerify ( NSSLOWCERTCertDBHandle *  handle)

Definition at line 4682 of file pcertdb.c.

{
    if (!handle) return PR_FALSE;
    return handle->dbVerify;
}

Here is the caller graph for this function:

int nsslowcert_NumPermCertsForNickname ( NSSLOWCERTCertDBHandle *  handle,
char *  nickname 
)

Definition at line 3225 of file pcertdb.c.

{
    certDBEntryNickname *entry;
    int ret;
    
    entry = ReadDBNicknameEntry(handle, nickname);
    
    if ( entry ) {
       ret = nsslowcert_NumPermCertsForSubject(handle, &entry->subjectName);
       DestroyDBEntry((certDBEntry *)entry);
    } else {
       ret = 0;
    }
    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int nsslowcert_NumPermCertsForSubject ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derSubject 
)

Definition at line 3169 of file pcertdb.c.

{
    certDBEntrySubject *entry;
    int ret;
    
    entry = ReadDBSubjectEntry(handle, derSubject);

    if ( entry == NULL ) {
       return(SECFailure);
    }

    ret = entry->ncerts;
    
    DestroyDBEntry((certDBEntry *)entry);
    
    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_OpenCertDB ( NSSLOWCERTCertDBHandle *  handle,
PRBool  readOnly,
const char *  appName,
const char *  prefix,
NSSLOWCERTDBNameFunc  namecb,
void cbarg,
PRBool  openVolatile 
)

Definition at line 4655 of file pcertdb.c.

{
    int rv;

    certdb_InitDBLock(handle);
    
    handle->dbMon = PZ_NewMonitor(nssILockCertDB);
    PORT_Assert(handle->dbMon != NULL);
    handle->dbVerify = PR_FALSE;

    rv = nsslowcert_OpenPermCertDB(handle, readOnly, appName, prefix, 
                                                 namecb, cbarg);
    if ( rv ) {
       goto loser;
    }

    return (SECSuccess);
    
loser:

    PORT_SetError(SEC_ERROR_BAD_DATABASE);
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static DB* nsslowcert_openolddb ( NSSLOWCERTDBNameFunc  namecb,
void cbarg,
int  version 
) [static]

Definition at line 4034 of file pcertdb.c.

{
    char * tmpname;
    DB *updatedb = NULL;

    tmpname = (* namecb)(cbarg, version); /* get v6 db name */
    if ( tmpname ) {
       updatedb = dbopen( tmpname, NO_RDONLY, 0600, DB_HASH, 0 );
       PORT_Free(tmpname);
    }
    return updatedb;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nsslowcert_OpenPermCertDB ( NSSLOWCERTCertDBHandle *  handle,
PRBool  readOnly,
const char *  appName,
const char *  prefix,
NSSLOWCERTDBNameFunc  namecb,
void cbarg 
) [static]

Definition at line 4135 of file pcertdb.c.

{
    SECStatus rv;
    int openflags;
    char *certdbname;
    int version = 0;
    
    certdbname = (* namecb)(cbarg, CERT_DB_FILE_VERSION);
    if ( certdbname == NULL ) {
       return(SECFailure);
    }

    openflags = readOnly ? NO_RDONLY : NO_RDWR;

    /*
     * first open the permanent file based database.
     */
    if (appName) {
       handle->permCertDB = rdbopen( appName, prefix, "cert", openflags, NULL);
    } else {
       handle->permCertDB = dbsopen( certdbname, openflags, 0600, DB_HASH, 0 );
    }

    /* check for correct version number */
    if ( handle->permCertDB ) {
       version = nsslowcert_GetVersionNumber(handle);
       if ((version != CERT_DB_FILE_VERSION) &&
              !(appName && version == CERT_DB_V7_FILE_VERSION)) {
           goto loser;
       }
    } else if ( readOnly ) {
       /* don't create if readonly */
           /* Try openning a version 7 database */
           handle->permCertDB = nsslowcert_openolddb(namecb,cbarg, 7);
           if (!handle->permCertDB) {
              goto loser;
           }
           if (nsslowcert_GetVersionNumber(handle) != 7) {
              goto loser;
           }
    } else {
        /* if first open fails, try to create a new DB */
       rv = openNewCertDB(appName,prefix,certdbname,handle,namecb,cbarg);
       if (rv == SECWouldBlock) {
           /* only the rdb version can fail with wouldblock */
           handle->permCertDB = 
                     rdbopen( appName, prefix, "cert", openflags, NULL);

           /* check for correct version number */
           if ( !handle->permCertDB ) {
              goto loser;
           }
           version = nsslowcert_GetVersionNumber(handle);
           if ((version != CERT_DB_FILE_VERSION) &&
              !(appName && version == CERT_DB_V7_FILE_VERSION)) {
              goto loser;
           }
       } else if (rv != SECSuccess) {
           goto loser;
       }
    }

    PORT_Free(certdbname);
    
    return (SECSuccess);
    
loser:

    PORT_SetError(SEC_ERROR_BAD_DATABASE);
    
    if ( handle->permCertDB ) {
       certdb_Close(handle->permCertDB);
       handle->permCertDB = 0;
    }

    PORT_Free(certdbname);

    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

certDBEntrySMime* nsslowcert_ReadDBSMimeEntry ( NSSLOWCERTCertDBHandle *  handle,
char *  emailAddr 
)

Definition at line 2041 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    PRArenaPool *tmparena = NULL;
    certDBEntrySMime *entry;
    SECItem dbkey;
    SECItem dbentry;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( tmparena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
                                          sizeof(certDBEntrySMime));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeSMimeProfile;

    rv = EncodeDBSMimeKey(emailAddr, tmparena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
    if ( rv == SECFailure ) {
       goto loser;
    }

    /* is record long enough for header? */
    if ( dbentry.len < DB_SMIME_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    rv = DecodeDBSMimeEntry(entry, &dbentry, emailAddr);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    PORT_FreeArena(tmparena, PR_FALSE);
    return(entry);
    
loser:
    if ( tmparena ) {
       PORT_FreeArena(tmparena, PR_FALSE);
    }
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_SaveSMimeProfile ( NSSLOWCERTCertDBHandle *  dbhandle,
char *  emailAddr,
SECItem *  derSubject,
SECItem *  emailProfile,
SECItem *  profileTime 
)

Definition at line 5332 of file pcertdb.c.

{
    SECStatus rv = SECFailure;;

    rv = db_BeginTransaction(dbhandle->permCertDB);
    if (rv != SECSuccess) {
       return SECFailure;
    }

    rv = nsslowcert_UpdateSMimeProfile(dbhandle, emailAddr, 
        derSubject, emailProfile, profileTime);
    
    db_FinishTransaction(dbhandle->permCertDB, rv != SECSuccess);
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void nsslowcert_setDBVerify ( NSSLOWCERTCertDBHandle *  handle,
PRBool  value 
)

Definition at line 4689 of file pcertdb.c.

{
    handle->dbVerify = value;
}
SECStatus nsslowcert_TraverseDBEntries ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryType  type,
SECStatus(*)(SECItem *data, SECItem *key, certDBEntryType type, void *pdata)  callback,
void udata 
)

Definition at line 4273 of file pcertdb.c.

{
    DBT data;
    DBT key;
    SECStatus rv;
    int ret;
    SECItem dataitem;
    SECItem keyitem;
    unsigned char *buf;
    unsigned char *keybuf;
    
    ret = certdb_Seq(handle->permCertDB, &key, &data, R_FIRST);

    if ( ret ) {
       return(SECFailure);
    }
    
    do {
       buf = (unsigned char *)data.data;
       
       if ( buf[1] == (unsigned char)type ) {
           dataitem.len = data.size;
           dataitem.data = buf;
            dataitem.type = siBuffer;
           keyitem.len = key.size - SEC_DB_KEY_HEADER_LEN;
           keybuf = (unsigned char *)key.data;
           keyitem.data = &keybuf[SEC_DB_KEY_HEADER_LEN];
            keyitem.type = siBuffer;
           /* type should equal keybuf[0].  */

           rv = (* callback)(&dataitem, &keyitem, type, udata);
           if ( rv != SECSuccess ) {
              return(rv);
           }
       }
    } while ( certdb_Seq(handle->permCertDB, &key, &data, R_NEXT) == 0 );

    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_TraversePermCerts ( NSSLOWCERTCertDBHandle *  handle,
SECStatus(*)(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata)  certfunc,
void udata 
)

Definition at line 4488 of file pcertdb.c.

Here is the call graph for this function:

SECStatus nsslowcert_TraversePermCertsForNickname ( NSSLOWCERTCertDBHandle *  handle,
char *  nickname,
NSSLOWCERTCertCallback  cb,
void cbarg 
)

Definition at line 3189 of file pcertdb.c.

{
    certDBEntryNickname *nnentry = NULL;
    certDBEntrySMime *smentry = NULL;
    SECStatus rv;
    SECItem *derSubject = NULL;
    
    nnentry = ReadDBNicknameEntry(handle, nickname);
    if ( nnentry ) {
       derSubject = &nnentry->subjectName;
    } else {
       smentry = nsslowcert_ReadDBSMimeEntry(handle, nickname);
       if ( smentry ) {
           derSubject = &smentry->subjectName;
       }
    }
    
    if ( derSubject ) {
       rv = nsslowcert_TraversePermCertsForSubject(handle, derSubject,
                                         cb, cbarg);
    } else {
       rv = SECFailure;
    }

    if ( nnentry ) {
       DestroyDBEntry((certDBEntry *)nnentry);
    }
    if ( smentry ) {
       DestroyDBEntry((certDBEntry *)smentry);
    }
    
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_TraversePermCertsForSubject ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derSubject,
NSSLOWCERTCertCallback  cb,
void cbarg 
)

Definition at line 3136 of file pcertdb.c.

{
    certDBEntrySubject *entry;
    unsigned int i;
    NSSLOWCERTCertificate *cert;
    SECStatus rv = SECSuccess;
    
    entry = ReadDBSubjectEntry(handle, derSubject);

    if ( entry == NULL ) {
       return(SECFailure);
    }
    
    for( i = 0; i < entry->ncerts; i++ ) {
       cert = nsslowcert_FindCertByKey(handle, &entry->certKeys[i]);
       if (!cert) {
           continue;
       }
       rv = (* cb)(cert, cbarg);
       nsslowcert_DestroyCertificate(cert);
       if ( rv == SECFailure ) {
           break;
       }
    }

    DestroyDBEntry((certDBEntry *)entry);

    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void nsslowcert_UnlockCertRefCount ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 182 of file pcertdb.c.

Here is the caller graph for this function:

void nsslowcert_UnlockCertTrust ( NSSLOWCERTCertificate *  cert)

Definition at line 214 of file pcertdb.c.

{
    PRStatus prstat;

    PORT_Assert(certTrustLock != NULL);
    
    prstat = PZ_Unlock(certTrustLock);
    
    PORT_Assert(prstat == PR_SUCCESS);

    return;
}
static void nsslowcert_UnlockDB ( NSSLOWCERTCertDBHandle *  handle) [static]

Definition at line 151 of file pcertdb.c.

{
    PRStatus prstat;
    
    prstat = PZ_ExitMonitor(handle->dbMon);
    
    PORT_Assert(prstat == PR_SUCCESS);
    
    return;
}

Here is the caller graph for this function:

static void nsslowcert_UnlockFreeList ( void  ) [static]

Definition at line 247 of file pcertdb.c.

{
    PRStatus prstat;

    PORT_Assert(freeListLock != NULL);
    
    prstat = PZ_Unlock(freeListLock);
    
    PORT_Assert(prstat == PR_SUCCESS);

    return;
}

Here is the caller graph for this function:

static SECStatus nsslowcert_UpdateCrl ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derCrl,
SECItem *  crlKey,
char *  url,
PRBool  isKRL 
) [static]

Definition at line 5195 of file pcertdb.c.

{
    SECStatus rv = SECFailure;
    certDBEntryRevocation *entry = NULL;
    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation  
                                   : certDBEntryTypeRevocation;
    DeleteDBCrlEntry(handle, crlKey, crlType);

    /* Write the new entry into the data base */
    entry = NewDBCrlEntry(derCrl, url, crlType, 0);
    if (entry == NULL) goto done;

    rv = WriteDBCrlEntry(handle, entry, crlKey);
    if (rv != SECSuccess) goto done;

done:
    if (entry) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nsslowcert_UpdatePermCert ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname,
NSSLOWCERTCertTrust *  trust 
) [static]

Definition at line 4589 of file pcertdb.c.

{
    char *oldnn;
    certDBEntryCert *entry;
    PRBool conflict;
    SECStatus ret;

    PORT_Assert(!cert->dbEntry);

    /* don't add a conflicting nickname */
    conflict = nsslowcert_CertNicknameConflict(nickname, &cert->derSubject,
                                   dbhandle);
    if ( conflict ) {
       ret = SECFailure;
       goto done;
    }
    
    /* save old nickname so that we can delete it */
    oldnn = cert->nickname;

    entry = AddCertToPermDB(dbhandle, cert, nickname, trust);
    
    if ( entry == NULL ) {
       ret = SECFailure;
       goto done;
    }

    pkcs11_freeNickname(oldnn,cert->nicknameSpace);
    
    cert->nickname = (entry->nickname) ? pkcs11_copyNickname(entry->nickname,
              cert->nicknameSpace, sizeof(cert->nicknameSpace)) : NULL;
    cert->trust = &entry->trust;
    cert->dbEntry = entry;
    
    ret = SECSuccess;
done:
    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nsslowcert_UpdateSMimeProfile ( NSSLOWCERTCertDBHandle *  dbhandle,
char *  emailAddr,
SECItem *  derSubject,
SECItem *  emailProfile,
SECItem *  profileTime 
) [static]

Definition at line 5272 of file pcertdb.c.

{
    certDBEntrySMime *entry = NULL;
    SECStatus rv = SECFailure;;


    /* find our existing entry */
    entry = nsslowcert_ReadDBSMimeEntry(dbhandle, emailAddr);

    if ( entry ) {
       /* keep our old db entry consistant for old applications. */
       if (!SECITEM_ItemsAreEqual(derSubject, &entry->subjectName)) {
           nsslowcert_UpdateSubjectEmailAddr(dbhandle, &entry->subjectName, 
                            emailAddr, nsslowcert_remove);
       } 
       DestroyDBEntry((certDBEntry *)entry);
       entry = NULL;
    }

    /* now save the entry */
    entry = NewDBSMimeEntry(emailAddr, derSubject, emailProfile,
                            profileTime, 0);
    if ( entry == NULL ) {
       rv = SECFailure;
       goto loser;
    }

    nsslowcert_LockDB(dbhandle);

    rv = DeleteDBSMimeEntry(dbhandle, emailAddr);
    /* if delete fails, try to write new entry anyway... */

    /* link subject entry back here */
    rv = nsslowcert_UpdateSubjectEmailAddr(dbhandle, derSubject, emailAddr,
                                   nsslowcert_add);
    if ( rv != SECSuccess ) {
           nsslowcert_UnlockDB(dbhandle);
           goto loser;
    }
       
    rv = WriteDBSMimeEntry(dbhandle, entry);
    if ( rv != SECSuccess ) {
           nsslowcert_UnlockDB(dbhandle);
           goto loser;
    }

    nsslowcert_UnlockDB(dbhandle);

    rv = SECSuccess;
    
loser:
    if ( entry ) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nsslowcert_UpdateSubjectEmailAddr ( NSSLOWCERTCertDBHandle *  dbhandle,
SECItem *  derSubject,
char *  emailAddr,
nsslowcertUpdateType  updateType 
) [static]

Definition at line 2698 of file pcertdb.c.

{
    certDBEntrySubject *entry = NULL;
    int index = -1, i;
    SECStatus rv;
   
    if (emailAddr) { 
       emailAddr = nsslowcert_FixupEmailAddr(emailAddr);
       if (emailAddr == NULL) {
           return SECFailure;
       }
    } else {
       return SECSuccess;
    }

    entry = ReadDBSubjectEntry(dbhandle,derSubject);    
    if (entry == NULL) {
       rv = SECFailure;
       goto done;
    } 

    for (i=0; i < (int)(entry->nemailAddrs); i++) {
        if (PORT_Strcmp(entry->emailAddrs[i],emailAddr) == 0) {
           index = i;
       }
    }

    if (updateType == nsslowcert_remove) {
       if (index == -1) {
           rv = SECSuccess;
           goto done;
       }
       entry->nemailAddrs--;
       for (i=index; i < (int)(entry->nemailAddrs); i++) {
          entry->emailAddrs[i] = entry->emailAddrs[i+1];
       }
    } else {
       char **newAddrs = NULL;

       if (index != -1) {
           rv = SECSuccess;
           goto done;
       }
       newAddrs = (char **)PORT_ArenaAlloc(entry->common.arena,
              (entry->nemailAddrs+1)* sizeof(char *));
       if (!newAddrs) {
           rv = SECFailure;
           goto done;
       }
       for (i=0; i < (int)(entry->nemailAddrs); i++) {
          newAddrs[i] = entry->emailAddrs[i];
       }
       newAddrs[entry->nemailAddrs] = 
                     PORT_ArenaStrdup(entry->common.arena,emailAddr);
       if (!newAddrs[entry->nemailAddrs]) {
          rv = SECFailure;
          goto done;
       }
       entry->emailAddrs = newAddrs;
       entry->nemailAddrs++;
    }
       
    /* delete the subject entry */
    DeleteDBSubjectEntry(dbhandle, derSubject);

    /* write the new one */
    rv = WriteDBSubjectEntry(dbhandle, entry);

  done:
    if (entry) DestroyDBEntry((certDBEntry *)entry);
    if (emailAddr) PORT_Free(emailAddr);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus openNewCertDB ( const char *  appName,
const char *  prefix,
const char *  certdbname,
NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTDBNameFunc  namecb,
void cbarg 
) [static]

Definition at line 4048 of file pcertdb.c.

{
    SECStatus rv;
    certDBEntryVersion *versionEntry = NULL;
    DB *updatedb = NULL;
    int status = RDB_FAIL;

    if (appName) {
       handle->permCertDB=rdbopen( appName, prefix, "cert", NO_CREATE, &status);
    } else {
       handle->permCertDB=dbsopen(certdbname, NO_CREATE, 0600, DB_HASH, 0);
    }

    /* if create fails then we lose */
    if ( handle->permCertDB == 0 ) {
       return status == RDB_RETRY ? SECWouldBlock : SECFailure;
    }

    rv = db_BeginTransaction(handle->permCertDB);
    if (rv != SECSuccess) {
       db_InitComplete(handle->permCertDB);
       return SECFailure;
    }

    /* Verify version number; */
    versionEntry = NewDBVersionEntry(0);
    if ( versionEntry == NULL ) {
       rv = SECFailure;
       goto loser;
    }
       
    rv = WriteDBVersionEntry(handle, versionEntry);

    DestroyDBEntry((certDBEntry *)versionEntry);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* rv must already be Success here because of previous if statement */
    /* try to upgrade old db here */
    if (appName &&
       (updatedb = dbsopen(certdbname, NO_RDONLY, 0600, DB_HASH, 0)) != NULL) {
       rv = UpdateV8DB(handle, updatedb);
    } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,7)) != NULL) {
       rv = UpdateV7DB(handle, updatedb);
    } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,6)) != NULL) {
       rv = UpdateV6DB(handle, updatedb);
    } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,5)) != NULL) {
       rv = UpdateV5DB(handle, updatedb);
    } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,4)) != NULL) {
       /* NES has v5 format db's with v4 db names! */
       if (isV4DB(updatedb)) {
           rv = UpdateV4DB(handle,updatedb);
       } else {
           rv = UpdateV5DB(handle,updatedb);
       }
    }


loser:
    db_FinishTransaction(handle->permCertDB,rv != SECSuccess);
    db_InitComplete(handle->permCertDB);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned char* pkcs11_allocStaticData ( int  len,
unsigned char *  space,
int  spaceLen 
)

Definition at line 406 of file pcertdb.c.

{
    unsigned char *data = NULL;

    if (len <= spaceLen) {
       data = space;
    } else {
       data = (unsigned char *) PORT_Alloc(len);
    }

    return data;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* pkcs11_copyNickname ( char *  nickname,
char *  space,
int  spaceLen 
)

Definition at line 381 of file pcertdb.c.

{
    int len;
    char *copy = NULL;

    len = PORT_Strlen(nickname)+1;
    if (len <= spaceLen) {
       copy = space;
       PORT_Memcpy(copy,nickname,len);
    } else {
       copy = PORT_Strdup(nickname);
    }

    return copy;
}

Here is the call graph for this function:

Here is the caller graph for this function: