Back to index

lightning-sunbird  0.9+nobinonly
authcert.c
Go to the documentation of this file.
00001 /*
00002  * NSS utility functions
00003  *
00004  * ***** BEGIN LICENSE BLOCK *****
00005  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00006  *
00007  * The contents of this file are subject to the Mozilla Public License Version
00008  * 1.1 (the "License"); you may not use this file except in compliance with
00009  * the License. You may obtain a copy of the License at
00010  * http://www.mozilla.org/MPL/
00011  *
00012  * Software distributed under the License is distributed on an "AS IS" basis,
00013  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00014  * for the specific language governing rights and limitations under the
00015  * License.
00016  *
00017  * The Original Code is the Netscape security libraries.
00018  *
00019  * The Initial Developer of the Original Code is
00020  * Netscape Communications Corporation.
00021  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00022  * the Initial Developer. All Rights Reserved.
00023  *
00024  * Contributor(s):
00025  *
00026  * Alternatively, the contents of this file may be used under the terms of
00027  * either the GNU General Public License Version 2 or later (the "GPL"), or
00028  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00029  * in which case the provisions of the GPL or the LGPL are applicable instead
00030  * of those above. If you wish to allow use of your version of this file only
00031  * under the terms of either the GPL or the LGPL, and not to allow others to
00032  * use your version of this file under the terms of the MPL, indicate your
00033  * decision by deleting the provisions above and replace them with the notice
00034  * and other provisions required by the GPL or the LGPL. If you do not delete
00035  * the provisions above, a recipient may use your version of this file under
00036  * the terms of any one of the MPL, the GPL or the LGPL.
00037  *
00038  * ***** END LICENSE BLOCK ***** */
00039 /* $Id: authcert.c,v 1.5 2004/04/27 23:04:39 gerv%gerv.net Exp $ */
00040 
00041 #include <stdio.h>
00042 #include <string.h>
00043 #include "prerror.h"
00044 #include "secitem.h"
00045 #include "prnetdb.h"
00046 #include "cert.h"
00047 #include "nspr.h"
00048 #include "secder.h"
00049 #include "key.h"
00050 #include "nss.h"
00051 #include "ssl.h"
00052 #include "pk11func.h"       /* for PK11_ function calls */
00053 
00054 /*
00055  * This callback used by SSL to pull client sertificate upon
00056  * server request
00057  */
00058 SECStatus 
00059 NSS_GetClientAuthData(void *                       arg, 
00060                       PRFileDesc *                 socket, 
00061                     struct CERTDistNamesStr *    caNames, 
00062                     struct CERTCertificateStr ** pRetCert, 
00063                     struct SECKEYPrivateKeyStr **pRetKey)
00064 {
00065   CERTCertificate *  cert = NULL;
00066   SECKEYPrivateKey * privkey = NULL;
00067   char *             chosenNickName = (char *)arg;    /* CONST */
00068   void *             proto_win  = NULL;
00069   SECStatus          rv         = SECFailure;
00070   
00071   proto_win = SSL_RevealPinArg(socket);
00072   
00073   if (chosenNickName) {
00074     cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
00075                                     chosenNickName, certUsageSSLClient,
00076                                     PR_FALSE, proto_win);      
00077     if ( cert ) {
00078       privkey = PK11_FindKeyByAnyCert(cert, proto_win);
00079       if ( privkey ) {
00080        rv = SECSuccess;
00081       } else {
00082        CERT_DestroyCertificate(cert);
00083       }
00084     }
00085   } else { /* no name given, automatically find the right cert. */
00086     CERTCertNicknames * names;
00087     int                 i;
00088       
00089     names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
00090                               SEC_CERT_NICKNAMES_USER, proto_win);
00091     if (names != NULL) {
00092       for (i = 0; i < names->numnicknames; i++) {
00093        cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
00094                             names->nicknames[i], certUsageSSLClient,
00095                             PR_FALSE, proto_win);       
00096        if ( !cert )
00097          continue;
00098        /* Only check unexpired certs */
00099        if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != 
00100            secCertTimeValid ) {
00101          CERT_DestroyCertificate(cert);
00102          continue;
00103        }
00104        rv = NSS_CmpCertChainWCANames(cert, caNames);
00105        if ( rv == SECSuccess ) {
00106          privkey = PK11_FindKeyByAnyCert(cert, proto_win);
00107          if ( privkey )
00108            break;
00109        }
00110        rv = SECFailure;
00111        CERT_DestroyCertificate(cert);
00112       } 
00113       CERT_FreeNicknames(names);
00114     }
00115   }
00116   if (rv == SECSuccess) {
00117     *pRetCert = cert;
00118     *pRetKey  = privkey;
00119   }
00120   return rv;
00121 }
00122