Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Enumerations | Functions
certi.h File Reference
#include "certt.h"
#include "nssrwlkt.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  OpaqueCRLFieldsStr
struct  PreAllocatorStr
struct  CRLEntryCacheStr
struct  CachedCrlStr
struct  CRLDPCacheStr
struct  CRLIssuerCacheStr
struct  CRLCacheStr

Defines

#define DPC_RWLOCK   1
#define CRL_CACHE_INVALID_CRLS
#define CRL_CACHE_LAST_FETCH_FAILED
#define CRL_CACHE_OUT_OF_MEMORY

Typedefs

typedef struct OpaqueCRLFieldsStr
typedef struct CRLEntryCacheStr
typedef struct CRLDPCacheStr
typedef struct CRLIssuerCacheStr
typedef struct CRLCacheStr
typedef struct CachedCrlStr
typedef struct PreAllocatorStr

Enumerations

enum  CRLOrigin { CRL_OriginToken = 0, CRL_OriginExplicit = 1, CRL_OriginToken = 0, CRL_OriginExplicit = 1 }

Functions

SECStatus InitCRLCache (void)
SECStatus ShutdownCRLCache (void)
char * cert_GetCertificateEmailAddresses (CERTCertificate *cert)
SECStatus cert_CreateSubjectKeyIDHashTable (void)
SECStatus cert_AddSubjectKeyIDMapping (SECItem *subjKeyID, CERTCertificate *cert)
SECStatus cert_RemoveSubjectKeyIDMapping (SECItem *subjKeyID)
SECStatus cert_DestroySubjectKeyIDHashTable (void)
SECItem * cert_FindDERCertBySubjectKeyID (SECItem *subjKeyID)
int cert_AVAOidTagToMaxLen (SECOidTag tag)
SECStatus cert_InitLocks (void)
SECStatus cert_DestroyLocks (void)

Class Documentation

struct OpaqueCRLFieldsStr

Definition at line 62 of file certi.h.

Class Members
PRBool badDER
PRBool badEntries
PRBool badExtensions
PRBool decodingError
PRBool heapDER
PRBool partial
struct PreAllocatorStr

Definition at line 73 of file certi.h.

Class Members
PRArenaPool * arena
void * data
PRSize extra
PRSize len
PRSize used
struct CRLEntryCacheStr

Definition at line 86 of file certi.h.

Class Members
CERTCrlEntry entry
CRLEntryCache * next
CRLEntryCache * prev
struct CachedCrlStr

Definition at line 101 of file certi.h.

Collaboration diagram for CachedCrlStr:
Class Members
CERTSignedCrl * crl
PLHashTable * entries
CRLOrigin origin
PreAllocator * prebuffer
PRBool sigChecked
PRBool sigValid
struct CRLDPCacheStr

Definition at line 127 of file certi.h.

Collaboration diagram for CRLDPCacheStr:
Class Members
CachedCrl ** crls
SECItem * distributionPoint
PRUint16 invalid
CERTCertificate * issuer
PRTime lastcheck
PRTime lastfetch
NSSRWLock * lock
PRBool mustchoose
PRUint32 ncrls
PRBool refresh
CachedCrl * selected
SECItem * subject
struct CRLIssuerCacheStr

Definition at line 179 of file certi.h.

Class Members
CRLDPCache * dpp
SECItem * subject
struct CRLCacheStr

Definition at line 197 of file certi.h.

Collaboration diagram for CRLCacheStr:
Class Members
PLHashTable * issuers
PRLock * lock

Define Documentation

Value:
0x0001 /* this state will be set
        if we have CRL objects with an invalid DER or signature. Can be
        cleared if the invalid objects are deleted from the token */

Definition at line 91 of file certi.h.

Value:
0x0002 /* this state will be set
        if the last CRL fetch encountered an error. Can be cleared if a
        new fetch succeeds */

Definition at line 92 of file certi.h.

Value:
0x0004 /* this state will be set
        if we don't have enough memory to build the hash table of entries */

Definition at line 94 of file certi.h.

#define DPC_RWLOCK   1

Definition at line 51 of file certi.h.


Typedef Documentation

typedef struct CachedCrlStr

Definition at line 60 of file certi.h.

typedef struct CRLCacheStr

Definition at line 59 of file certi.h.

typedef struct CRLDPCacheStr

Definition at line 57 of file certi.h.

typedef struct CRLEntryCacheStr

Definition at line 56 of file certi.h.

typedef struct CRLIssuerCacheStr

Definition at line 58 of file certi.h.

typedef struct OpaqueCRLFieldsStr

Definition at line 55 of file certi.h.

typedef struct PreAllocatorStr

Definition at line 71 of file certi.h.


Enumeration Type Documentation

enum CRLOrigin
Enumerator:
CRL_OriginToken 
CRL_OriginExplicit 
CRL_OriginToken 
CRL_OriginExplicit 

Definition at line 96 of file certi.h.

             {

Function Documentation

SECStatus cert_AddSubjectKeyIDMapping ( SECItem *  subjKeyID,
CERTCertificate *  cert 
)

Definition at line 2913 of file certdb.c.

{
    SECItem *newKeyID, *oldVal, *newVal;
    SECStatus rv = SECFailure;

    if (!gSubjKeyIDLock) {
       /* If one is created, then both are there.  So only check for one. */
       return SECFailure;
    }

    newVal = SECITEM_DupItem(&cert->derCert);
    if (!newVal) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
        goto done;
    }
    newKeyID = SECITEM_DupItem(subjKeyID);
    if (!newKeyID) {
        SECITEM_FreeItem(newVal, PR_TRUE);
        PORT_SetError(SEC_ERROR_NO_MEMORY);
        goto done;
    }

    PR_Lock(gSubjKeyIDLock);
    /* The hash table implementation does not free up the memory 
     * associated with the key of an already existing entry if we add a 
     * duplicate, so we would wind up leaking the previously allocated 
     * key if we don't remove before adding.
     */
    oldVal = (SECItem*)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
    if (oldVal) {
        PL_HashTableRemove(gSubjKeyIDHash, subjKeyID);
    }

    rv = (PL_HashTableAdd(gSubjKeyIDHash, newKeyID, newVal)) ? SECSuccess :
                                                               SECFailure;
    PR_Unlock(gSubjKeyIDLock);
done:
    return rv;
}

Definition at line 124 of file alg1485.c.

{
    const struct NameToKind *n2k = name2kinds;

    while (n2k->kind != tag && n2k->kind != SEC_OID_UNKNOWN) {
       ++n2k;
    }
    return (n2k->kind != SEC_OID_UNKNOWN) ? n2k->maxLen : -1;
}

Definition at line 2796 of file certdb.c.

Here is the caller graph for this function:

SECItem* cert_FindDERCertBySubjectKeyID ( SECItem *  subjKeyID)

Definition at line 2982 of file certdb.c.

{
    SECItem   *val;
 
    if (!gSubjKeyIDLock)
        return NULL;

    PR_Lock(gSubjKeyIDLock);
    val = (SECItem*)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
    if (val) {
        val = SECITEM_DupItem(val);
    }
    PR_Unlock(gSubjKeyIDLock);
    return val;
}
char* cert_GetCertificateEmailAddresses ( CERTCertificate *  cert)

Definition at line 1040 of file alg1485.c.

{
    char *           rawEmailAddr = NULL;
    char *           addrBuf      = NULL;
    char *           pBuf         = NULL;
    PRArenaPool *    tmpArena     = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    PRUint32         maxLen       = 0;
    PRInt32          finalLen     = 0;
    SECStatus        rv;
    SECItem          subAltName;
    
    if (!tmpArena) 
       return addrBuf;

    subAltName.data = NULL;
    maxLen = cert->derCert.len;
    PORT_Assert(maxLen);
    if (!maxLen) 
       maxLen = 2000;  /* a guess, should never happen */

    pBuf = addrBuf = (char *)PORT_ArenaZAlloc(tmpArena, maxLen + 1);
    if (!addrBuf) 
       goto loser;

    rawEmailAddr = CERT_GetNameElement(tmpArena, &cert->subject,
                                   SEC_OID_PKCS9_EMAIL_ADDRESS);
    pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);

    rawEmailAddr = CERT_GetNameElement(tmpArena, &cert->subject, 
                                   SEC_OID_RFC1274_MAIL);
    pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);

    rv = CERT_FindCertExtension(cert,  SEC_OID_X509_SUBJECT_ALT_NAME, 
                            &subAltName);
    if (rv == SECSuccess && subAltName.data) {
       CERTGeneralName *nameList     = NULL;

       if (!!(nameList = CERT_DecodeAltNameExtension(tmpArena, &subAltName))) {
           CERTGeneralName *current = nameList;
           do {
              if (current->type == certDirectoryName) {
                  rawEmailAddr = CERT_GetNameElement(tmpArena,
                                            &current->name.directoryName, 
                                          SEC_OID_PKCS9_EMAIL_ADDRESS);
                  pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);

                  rawEmailAddr = CERT_GetNameElement(tmpArena,
                                         &current->name.directoryName, 
                                         SEC_OID_RFC1274_MAIL);
                  pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
              } else if (current->type == certRFC822Name) {
                  pBuf = appendItemToBuf(pBuf, &current->name.other, &maxLen);
              }
              current = CERT_GetNextGeneralName(current);
           } while (current != nameList);
       }
       SECITEM_FreeItem(&subAltName, PR_FALSE);
       /* Don't free nameList, it's part of the tmpArena. */
    }
    /* now copy superstring to cert's arena */
    finalLen = (pBuf - addrBuf) + 1;
    pBuf = NULL;
    if (finalLen > 1) {
       pBuf = PORT_ArenaAlloc(cert->arena, finalLen);
       if (pBuf) {
           PORT_Memcpy(pBuf, addrBuf, finalLen);
       }
    }
loser:
    if (tmpArena)
       PORT_FreeArena(tmpArena, PR_FALSE);

    return pBuf;
}

Definition at line 2773 of file certdb.c.

Here is the caller graph for this function:

SECStatus cert_RemoveSubjectKeyIDMapping ( SECItem *  subjKeyID)

Definition at line 2954 of file certdb.c.

Definition at line 1087 of file crl.c.

{
    if (PR_FALSE == crlcache_initialized)
    {
        PORT_Assert(NULL == crlcache.lock);
        PORT_Assert(NULL == crlcache.issuers);
        if (crlcache.lock || crlcache.issuers)
        {
            /* CRL cache already partially initialized */
            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
            return SECFailure;
        }
#ifdef GLOBAL_RWLOCK
        crlcache.lock = NSSRWLock_New(NSS_RWLOCK_RANK_NONE, NULL);
#else
        crlcache.lock = PR_NewLock();
#endif
        if (!crlcache.lock)
        {
            return SECFailure;
        }
        crlcache.issuers = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
                                  PL_CompareValues, NULL, NULL);
        if (!crlcache.issuers)
        {
#ifdef GLOBAL_RWLOCK
            NSSRWLock_Destroy(crlcache.lock);
#else
            PR_DestroyLock(crlcache.lock);
#endif
            crlcache.lock = NULL;
            return SECFailure;
        }
        crlcache_initialized = PR_TRUE;
        return SECSuccess;
    }
    else
    {
        PORT_Assert(crlcache.lock);
        PORT_Assert(crlcache.issuers);
        if ( (NULL == crlcache.lock) || (NULL == crlcache.issuers) )
        {
            /* CRL cache not fully initialized */
            return SECFailure;
        }
        else
        {
            /* CRL cache already initialized */
            return SECSuccess;
        }
    }
}

Here is the caller graph for this function:

Definition at line 1270 of file crl.c.

{
    SECStatus rv = SECSuccess;
    if (PR_FALSE == crlcache_initialized &&
        !crlcache.lock && !crlcache.issuers)
    {
        /* CRL cache has already been shut down */
        return SECSuccess;
    }
    if (PR_TRUE == crlcache_initialized &&
        (!crlcache.lock || !crlcache.issuers))
    {
        /* CRL cache has partially been shut down */
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
        return SECFailure;
    }
    /* empty the cache */
    /* free the issuers */
    PL_HashTableEnumerateEntries(crlcache.issuers, &FreeIssuer, &rv);
    /* free the hash table of issuers */
    PL_HashTableDestroy(crlcache.issuers);
    crlcache.issuers = NULL;
    /* free the global lock */
#ifdef GLOBAL_RWLOCK
    NSSRWLock_Destroy(crlcache.lock);
#else
    PR_DestroyLock(crlcache.lock);
#endif
    crlcache.lock = NULL;
    crlcache_initialized = PR_FALSE;
    return rv;
}

Here is the caller graph for this function: