Back to index

lightning-sunbird  0.9+nobinonly
Functions | Variables
stanpcertdb.c File Reference
#include "prtime.h"
#include "cert.h"
#include "mcom_db.h"
#include "certdb.h"
#include "secitem.h"
#include "secder.h"
#include "secasn1.h"
#include "secerr.h"
#include "nssilock.h"
#include "prmon.h"
#include "nsslocks.h"
#include "base64.h"
#include "sechash.h"
#include "plhash.h"
#include "pk11func.h"
#include "nsspki.h"
#include "pki.h"
#include "pkim.h"
#include "pki3hack.h"
#include "ckhelper.h"
#include "base.h"
#include "pkistore.h"
#include "dev3hack.h"
#include "dev.h"

Go to the source code of this file.

Functions

PRBool SEC_CertNicknameConflict (char *nickname, SECItem *derSubject, CERTCertDBHandle *handle)
SECStatus SEC_DeletePermCertificate (CERTCertificate *cert)
SECStatus CERT_GetCertTrust (CERTCertificate *cert, CERTCertTrust *trust)
SECStatus CERT_ChangeCertTrust (CERTCertDBHandle *handle, CERTCertificate *cert, CERTCertTrust *trust)
SECStatus __CERT_AddTempCertToPerm (CERTCertificate *cert, char *nickname, CERTCertTrust *trust)
SECStatus CERT_AddTempCertToPerm (CERTCertificate *cert, char *nickname, CERTCertTrust *trust)
CERTCertificate * __CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert, char *nickname, PRBool isperm, PRBool copyDER)
CERTCertificate * CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert, char *nickname, PRBool isperm, PRBool copyDER)
CERTCertificate * CERT_FindCertByIssuerAndSN (CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN)
static NSSCertificate * get_best_temp_or_perm (NSSCertificate *ct, NSSCertificate *cp)
CERTCertificate * CERT_FindCertByName (CERTCertDBHandle *handle, SECItem *name)
CERTCertificate * CERT_FindCertByKeyID (CERTCertDBHandle *handle, SECItem *name, SECItem *keyID)
CERTCertificate * CERT_FindCertByNickname (CERTCertDBHandle *handle, char *nickname)
CERTCertificate * CERT_FindCertByDERCert (CERTCertDBHandle *handle, SECItem *derCert)
CERTCertificate * CERT_FindCertByNicknameOrEmailAddr (CERTCertDBHandle *handle, char *name)
static void add_to_subject_list (CERTCertList *certList, CERTCertificate *cert, PRBool validOnly, int64 sorttime)
CERTCertList * CERT_CreateSubjectCertList (CERTCertList *certList, CERTCertDBHandle *handle, SECItem *name, int64 sorttime, PRBool validOnly)
void CERT_DestroyCertificate (CERTCertificate *cert)
int CERT_GetDBContentVersion (CERTCertDBHandle *handle)
SECStatus certdb_SaveSingleProfile (CERTCertificate *cert, const char *emailAddr, SECItem *emailProfile, SECItem *profileTime)
SECStatus CERT_SaveSMimeProfile (CERTCertificate *cert, SECItem *emailProfile, SECItem *profileTime)
SECItem * CERT_FindSMimeProfile (CERTCertificate *cert)
void __CERT_ClosePermCertDB (CERTCertDBHandle *handle)
SECStatus CERT_OpenCertDBFilename (CERTCertDBHandle *handle, char *certdbname, PRBool readOnly)
SECItem * SECKEY_HashPassword (char *pw, SECItem *salt)
SECStatus __CERT_TraversePermCertsForSubject (CERTCertDBHandle *handle, SECItem *derSubject, void *cb, void *cbarg)
SECStatus __CERT_TraversePermCertsForNickname (CERTCertDBHandle *handle, char *nickname, void *cb, void *cbarg)

Variables

const NSSError NSS_ERROR_INVALID_CERTIFICATE

Function Documentation

SECStatus __CERT_AddTempCertToPerm ( CERTCertificate *  cert,
char *  nickname,
CERTCertTrust *  trust 
)

Definition at line 146 of file stanpcertdb.c.

{
    NSSUTF8 *stanNick;
    PK11SlotInfo *slot;
    NSSToken *internal;
    NSSCryptoContext *context;
    nssCryptokiObject *permInstance;
    NSSCertificate *c = STAN_GetNSSCertificate(cert);
    nssCertificateStoreTrace lockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
    nssCertificateStoreTrace unlockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};

    context = c->object.cryptoContext;
    if (!context) {
       PORT_SetError(SEC_ERROR_ADDING_CERT); 
       return SECFailure; /* wasn't a temp cert */
    }
    stanNick = nssCertificate_GetNickname(c, NULL);
    if (stanNick && nickname && strcmp(nickname, stanNick) != 0) {
       /* take the new nickname */
       cert->nickname = NULL;
       stanNick = NULL;
    }
    if (!stanNick && nickname) {
       stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, c->object.arena);
    }
    /* Delete the temp instance */
    nssCertificateStore_Lock(context->certStore, &lockTrace);
    nssCertificateStore_RemoveCertLOCKED(context->certStore, c);
    nssCertificateStore_Unlock(context->certStore, &lockTrace, &unlockTrace);
    nssCertificateStore_Check(&lockTrace, &unlockTrace);
    c->object.cryptoContext = NULL;
    /* Import the perm instance onto the internal token */
    slot = PK11_GetInternalKeySlot();
    internal = PK11Slot_GetNSSToken(slot);
    permInstance = nssToken_ImportCertificate(internal, NULL,
                                              NSSCertificateType_PKIX,
                                              &c->id,
                                              stanNick,
                                              &c->encoding,
                                              &c->issuer,
                                              &c->subject,
                                              &c->serial,
                                         cert->emailAddr,
                                              PR_TRUE);
    PK11_FreeSlot(slot);
    if (!permInstance) {
       if (NSS_GetError() == NSS_ERROR_INVALID_CERTIFICATE) {
           PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
       }
       return SECFailure;
    }
    nssPKIObject_AddInstance(&c->object, permInstance);
    nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
    /* reset the CERTCertificate fields */
    cert->nssCertificate = NULL;
    cert = STAN_GetCERTCertificateOrRelease(c); /* should return same pointer */
    if (!cert) {
        return SECFailure;
    }
    cert->istemp = PR_FALSE;
    cert->isperm = PR_TRUE;
    if (!trust) {
       return SECSuccess;
    }
    return (STAN_ChangeCertTrust(cert, trust) == PR_SUCCESS) ? 
                                                 SECSuccess: SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void __CERT_ClosePermCertDB ( CERTCertDBHandle *  handle)

Definition at line 930 of file stanpcertdb.c.

{
    PORT_Assert("CERT_ClosePermCertDB is Depricated" == NULL);
    return;
}
CERTCertificate* __CERT_NewTempCertificate ( CERTCertDBHandle *  handle,
SECItem *  derCert,
char *  nickname,
PRBool  isperm,
PRBool  copyDER 
)

Definition at line 223 of file stanpcertdb.c.

{
    PRStatus nssrv;
    NSSCertificate *c;
    CERTCertificate *cc;
    NSSCertificate *tempCert = NULL;
    nssPKIObject *pkio;
    NSSCryptoContext *gCC = STAN_GetDefaultCryptoContext();
    NSSTrustDomain *gTD = STAN_GetDefaultTrustDomain();
    if (!isperm) {
       NSSDER encoding;
       NSSITEM_FROM_SECITEM(&encoding, derCert);
       /* First, see if it is already a temp cert */
       c = NSSCryptoContext_FindCertificateByEncodedCertificate(gCC, 
                                                              &encoding);
       if (!c) {
           /* Then, see if it is already a perm cert */
           c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle, 
                                                                  &encoding);
       }
       if (c) {
           /* actually, that search ends up going by issuer/serial,
            * so it is still possible to return a cert with the same
            * issuer/serial but a different encoding, and we're
            * going to reject that
            */
           if (!nssItem_Equal(&c->encoding, &encoding, NULL)) {
              nssCertificate_Destroy(c);
              PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
              cc = NULL;
           } else {
              cc = STAN_GetCERTCertificateOrRelease(c);
           }
           return cc;
       }
    }
    pkio = nssPKIObject_Create(NULL, NULL, gTD, gCC, nssPKIMonitor);
    if (!pkio) {
       return NULL;
    }
    c = nss_ZNEW(pkio->arena, NSSCertificate);
    if (!c) {
       nssPKIObject_Destroy(pkio);
       return NULL;
    }
    c->object = *pkio;
    if (copyDER) {
       nssItem_Create(c->object.arena, &c->encoding, 
                      derCert->len, derCert->data);
    } else {
       NSSITEM_FROM_SECITEM(&c->encoding, derCert);
    }
    /* Forces a decoding of the cert in order to obtain the parts used
     * below
     */
    /* 'c' is not adopted here, if we fail loser frees what has been
     * allocated so far for 'c' */
    cc = STAN_GetCERTCertificate(c);
    if (!cc) {
        goto loser;
    }
    nssItem_Create(c->object.arena, 
                   &c->issuer, cc->derIssuer.len, cc->derIssuer.data);
    nssItem_Create(c->object.arena, 
                   &c->subject, cc->derSubject.len, cc->derSubject.data);
    if (PR_TRUE) {
       /* CERTCertificate stores serial numbers decoded.  I need the DER
       * here.  sigh.
       */
       SECItem derSerial = { 0 };
       CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
       if (!derSerial.data) goto loser;
       nssItem_Create(c->object.arena, &c->serial, derSerial.len, derSerial.data);
       PORT_Free(derSerial.data);
    }
    if (nickname) {
       c->object.tempName = nssUTF8_Create(c->object.arena, 
                                            nssStringType_UTF8String, 
                                            (NSSUTF8 *)nickname, 
                                            PORT_Strlen(nickname));
    }
    if (cc->emailAddr && cc->emailAddr[0]) {
       c->email = nssUTF8_Create(c->object.arena, 
                                 nssStringType_PrintableString, 
                                 (NSSUTF8 *)cc->emailAddr, 
                                 PORT_Strlen(cc->emailAddr));
    }

    tempCert = NSSCryptoContext_FindOrImportCertificate(gCC, c);
    if (!tempCert) {
       goto loser;
    }
    /* destroy our copy */
    NSSCertificate_Destroy(c);
    /* and use the stored entry */
    c = tempCert;
    cc = STAN_GetCERTCertificateOrRelease(c);
    if (!cc) {
       /* STAN_GetCERTCertificateOrRelease destroys c on failure. */
       return NULL;
    }

    cc->istemp = PR_TRUE;
    cc->isperm = PR_FALSE;
    return cc;
loser:
    /* Perhaps this should be nssCertificate_Destroy(c) */
    nssPKIObject_Destroy(&c->object);
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus __CERT_TraversePermCertsForNickname ( CERTCertDBHandle *  handle,
char *  nickname,
void cb,
void cbarg 
)

Definition at line 962 of file stanpcertdb.c.

{
    PORT_Assert("CERT_TraversePermCertsForNickname is Depricated" == NULL);
    return SECFailure;
}
SECStatus __CERT_TraversePermCertsForSubject ( CERTCertDBHandle *  handle,
SECItem *  derSubject,
void cb,
void cbarg 
)

Definition at line 952 of file stanpcertdb.c.

{
    PORT_Assert("CERT_TraversePermCertsForSubject is Depricated" == NULL);
    return SECFailure;
}
static void add_to_subject_list ( CERTCertList *  certList,
CERTCertificate *  cert,
PRBool  validOnly,
int64  sorttime 
) [static]

Definition at line 508 of file stanpcertdb.c.

{
    SECStatus secrv;
    if (!validOnly ||
       CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE) 
        == secCertTimeValid) {
           secrv = CERT_AddCertToListSorted(certList, cert, 
                                            CERT_SortCBValidity, 
                                            (void *)&sorttime);
           if (secrv != SECSuccess) {
              CERT_DestroyCertificate(cert);
           }
    } else {
       CERT_DestroyCertificate(cert);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_AddTempCertToPerm ( CERTCertificate *  cert,
char *  nickname,
CERTCertTrust *  trust 
)

Definition at line 216 of file stanpcertdb.c.

{
    return __CERT_AddTempCertToPerm(cert, nickname, trust);
}
SECStatus CERT_ChangeCertTrust ( CERTCertDBHandle *  handle,
CERTCertificate *  cert,
CERTCertTrust *  trust 
)

Definition at line 130 of file stanpcertdb.c.

CERTCertList* CERT_CreateSubjectCertList ( CERTCertList *  certList,
CERTCertDBHandle *  handle,
SECItem *  name,
int64  sorttime,
PRBool  validOnly 
)

Definition at line 527 of file stanpcertdb.c.

{
    NSSCryptoContext *cc;
    NSSCertificate **tSubjectCerts, **pSubjectCerts;
    NSSCertificate **ci;
    CERTCertificate *cert;
    NSSDER subject;
    PRBool myList = PR_FALSE;
    cc = STAN_GetDefaultCryptoContext();
    NSSITEM_FROM_SECITEM(&subject, name);
    /* Collect both temp and perm certs for the subject */
    tSubjectCerts = NSSCryptoContext_FindCertificatesBySubject(cc,
                                                               &subject,
                                                               NULL,
                                                               0,
                                                               NULL);
    pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle,
                                                             &subject,
                                                             NULL,
                                                             0,
                                                             NULL);
    if (!tSubjectCerts && !pSubjectCerts) {
       return NULL;
    }
    if (certList == NULL) {
       certList = CERT_NewCertList();
       myList = PR_TRUE;
       if (!certList) goto loser;
    }
    /* Iterate over the matching temp certs.  Add them to the list */
    ci = tSubjectCerts;
    while (ci && *ci) {
       cert = STAN_GetCERTCertificateOrRelease(*ci);
       /* *ci may be invalid at this point, don't reference it again */
        if (cert) {
           /* NOTE: add_to_subject_list adopts the incoming cert. */
           add_to_subject_list(certList, cert, validOnly, sorttime);
        }
       ci++;
    }
    /* Iterate over the matching perm certs.  Add them to the list */
    ci = pSubjectCerts;
    while (ci && *ci) {
       cert = STAN_GetCERTCertificateOrRelease(*ci);
       /* *ci may be invalid at this point, don't reference it again */
        if (cert) {
           /* NOTE: add_to_subject_list adopts the incoming cert. */
           add_to_subject_list(certList, cert, validOnly, sorttime);
        }
       ci++;
    }
    /* all the references have been adopted or freed at this point, just
     * free the arrays now */
    nss_ZFreeIf(tSubjectCerts);
    nss_ZFreeIf(pSubjectCerts);
    return certList;
loser:
    /* need to free the references in tSubjectCerts and pSubjectCerts! */
    nssCertificateArray_Destroy(tSubjectCerts);
    nssCertificateArray_Destroy(pSubjectCerts);
    if (myList && certList != NULL) {
       CERT_DestroyCertList(certList);
    }
    return NULL;
}
void CERT_DestroyCertificate ( CERTCertificate *  cert)

Definition at line 595 of file stanpcertdb.c.

{
    if ( cert ) {
       /* don't use STAN_GetNSSCertificate because we don't want to
        * go to the trouble of translating the CERTCertificate into
        * an NSSCertificate just to destroy it.  If it hasn't been done
        * yet, don't do it at all.
        */
       NSSCertificate *tmp = cert->nssCertificate;
       if (tmp) {
           /* delete the NSSCertificate */
           NSSCertificate_Destroy(tmp);
       } else if (cert->arena) {
           PORT_FreeArena(cert->arena, PR_FALSE);
       }
    }
    return;
}
CERTCertificate* CERT_FindCertByDERCert ( CERTCertDBHandle *  handle,
SECItem *  derCert 
)

Definition at line 454 of file stanpcertdb.c.

{
    NSSCryptoContext *cc;
    NSSCertificate *c;
    NSSDER encoding;
    NSSITEM_FROM_SECITEM(&encoding, derCert);
    cc = STAN_GetDefaultCryptoContext();
    c = NSSCryptoContext_FindCertificateByEncodedCertificate(cc, &encoding);
    if (!c) {
       c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle, 
                                                              &encoding);
       if (!c) return NULL;
    }
    return STAN_GetCERTCertificateOrRelease(c);
}
CERTCertificate* CERT_FindCertByIssuerAndSN ( CERTCertDBHandle *  handle,
CERTIssuerAndSN *  issuerAndSN 
)

Definition at line 345 of file stanpcertdb.c.

{
    PK11SlotInfo *slot;
    CERTCertificate *cert;

    cert = PK11_FindCertByIssuerAndSN(&slot,issuerAndSN,NULL);
    if (cert && slot) {
        PK11_FreeSlot(slot);
    }

    return cert;
}
CERTCertificate* CERT_FindCertByKeyID ( CERTCertDBHandle *  handle,
SECItem *  name,
SECItem *  keyID 
)

Definition at line 400 of file stanpcertdb.c.

{
    CERTCertList *list;
    CERTCertificate *cert = NULL;
    CERTCertListNode *node, *head;

    list = CERT_CreateSubjectCertList(NULL,handle,name,0,PR_FALSE);
    if (list == NULL) return NULL;

    node = head = CERT_LIST_HEAD(list);
    if (head) {
       do {
           if (node->cert && 
              SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID) ) {
              cert = CERT_DupCertificate(node->cert);
              goto done;
           }
           node = CERT_LIST_NEXT(node);
       } while (node && head != node);
    }
    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
done:
    if (list) {
        CERT_DestroyCertList(list);
    }
    return cert;
}
CERTCertificate* CERT_FindCertByName ( CERTCertDBHandle *  handle,
SECItem *  name 
)

Definition at line 376 of file stanpcertdb.c.

{
    NSSCertificate *cp, *ct, *c;
    NSSDER subject;
    NSSUsage usage;
    NSSCryptoContext *cc;
    NSSITEM_FROM_SECITEM(&subject, name);
    usage.anyUsage = PR_TRUE;
    cc = STAN_GetDefaultCryptoContext();
    ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject, 
                                                       NULL, &usage, NULL);
    cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject, 
                                                     NULL, &usage, NULL);
    c = get_best_temp_or_perm(ct, cp);
    if (ct) {
       CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
    }
    if (cp) {
       CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(cp));
    }
    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
CERTCertificate* CERT_FindCertByNickname ( CERTCertDBHandle *  handle,
char *  nickname 
)

Definition at line 429 of file stanpcertdb.c.

{
    NSSCryptoContext *cc;
    NSSCertificate *c, *ct;
    CERTCertificate *cert;
    NSSUsage usage;
    usage.anyUsage = PR_TRUE;
    cc = STAN_GetDefaultCryptoContext();
    ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, 
                                                       NULL, &usage, NULL);
    cert = PK11_FindCertFromNickname(nickname, NULL);
    c = NULL;
    if (cert) {
       c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
       CERT_DestroyCertificate(cert);
       if (ct) {
           CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
       }
    } else {
       c = ct;
    }
    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
CERTCertificate* CERT_FindCertByNicknameOrEmailAddr ( CERTCertDBHandle *  handle,
char *  name 
)

Definition at line 471 of file stanpcertdb.c.

{
    NSSCryptoContext *cc;
    NSSCertificate *c, *ct;
    CERTCertificate *cert;
    NSSUsage usage;

    if (NULL == name) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    usage.anyUsage = PR_TRUE;
    cc = STAN_GetDefaultCryptoContext();
    ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, 
                                                       NULL, &usage, NULL);
    if (!ct && PORT_Strchr(name, '@') != NULL) {
        char* lowercaseName = CERT_FixupEmailAddr(name);
        if (lowercaseName) {
           ct = NSSCryptoContext_FindBestCertificateByEmail(cc, lowercaseName, 
                                                     NULL, &usage, NULL);
            PORT_Free(lowercaseName);
        }
    }
    cert = PK11_FindCertFromNickname(name, NULL);
    if (cert) {
       c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
       CERT_DestroyCertificate(cert);
       if (ct) {
           CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
       }
    } else {
       c = ct;
    }
    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
SECItem* CERT_FindSMimeProfile ( CERTCertificate *  cert)

Definition at line 888 of file stanpcertdb.c.

{
    PK11SlotInfo *slot = NULL;
    NSSCertificate *c;
    NSSCryptoContext *cc;
    SECItem *rvItem = NULL;

    if (!cert || !cert->emailAddr || !cert->emailAddr[0]) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    c = STAN_GetNSSCertificate(cert);
    if (!c) return NULL;
    cc = c->object.cryptoContext;
    if (cc != NULL) {
       nssSMIMEProfile *stanProfile;
       stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
       if (stanProfile) {
           rvItem = SECITEM_AllocItem(NULL, NULL, 
                                      stanProfile->profileData->size);
           if (rvItem) {
              rvItem->data = stanProfile->profileData->data;
           }
           nssSMIMEProfile_Destroy(stanProfile);
       }
       return rvItem;
    }
    rvItem =
       PK11_FindSMimeProfile(&slot, cert->emailAddr, &cert->derSubject, NULL);
    if (slot) {
       PK11_FreeSlot(slot);
    }
    return rvItem;
}
SECStatus CERT_GetCertTrust ( CERTCertificate *  cert,
CERTCertTrust *  trust 
)

Definition at line 104 of file stanpcertdb.c.

{
    SECStatus rv;
    CERT_LockCertTrust(cert);
    if ( cert->trust == NULL ) {
       rv = SECFailure;
    } else {
       *trust = *cert->trust;
       rv = SECSuccess;
    }
    CERT_UnlockCertTrust(cert);
    return(rv);
}
int CERT_GetDBContentVersion ( CERTCertDBHandle *  handle)

Definition at line 710 of file stanpcertdb.c.

{
    /* should read the DB content version from the pkcs #11 device */
    return 0;
}
CERTCertificate* CERT_NewTempCertificate ( CERTCertDBHandle *  handle,
SECItem *  derCert,
char *  nickname,
PRBool  isperm,
PRBool  copyDER 
)

Definition at line 336 of file stanpcertdb.c.

{
    return( __CERT_NewTempCertificate(handle, derCert, nickname,
                                      isperm, copyDER) );
}
SECStatus CERT_OpenCertDBFilename ( CERTCertDBHandle *  handle,
char *  certdbname,
PRBool  readOnly 
)

Definition at line 937 of file stanpcertdb.c.

{
    PORT_Assert("CERT_OpenCertDBFilename is Depricated" == NULL);
    return SECFailure;
}
SECStatus CERT_SaveSMimeProfile ( CERTCertificate *  cert,
SECItem *  emailProfile,
SECItem *  profileTime 
)

Definition at line 848 of file stanpcertdb.c.

{
    const char *emailAddr;
    SECStatus rv;

    if (!cert) {
        return SECFailure;
    }

    if (cert->slot &&  !PK11_IsInternal(cert->slot)) {
        /* this cert comes from an external source, we need to add it
        to the cert db before creating an S/MIME profile */
        PK11SlotInfo* internalslot = PK11_GetInternalKeySlot();
        if (!internalslot) {
            return SECFailure;
        }
        rv = PK11_ImportCert(internalslot, cert,
            CK_INVALID_HANDLE, NULL, PR_FALSE);

        PK11_FreeSlot(internalslot);
        if (rv != SECSuccess ) {
            return SECFailure;
        }
    }

    
    for (emailAddr = CERT_GetFirstEmailAddress(cert); emailAddr != NULL;
              emailAddr = CERT_GetNextEmailAddress(cert,emailAddr)) {
       rv = certdb_SaveSingleProfile(cert,emailAddr,emailProfile,profileTime);
       if (rv != SECSuccess) {
          return SECFailure;
       }
    }
    return SECSuccess;

}
SECStatus certdb_SaveSingleProfile ( CERTCertificate *  cert,
const char *  emailAddr,
SECItem *  emailProfile,
SECItem *  profileTime 
)

Definition at line 717 of file stanpcertdb.c.

{
    int64 oldtime;
    int64 newtime;
    SECStatus rv = SECFailure;
    PRBool saveit;
    SECItem oldprof, oldproftime;
    SECItem *oldProfile = NULL;
    SECItem *oldProfileTime = NULL;
    PK11SlotInfo *slot = NULL;
    NSSCertificate *c;
    NSSCryptoContext *cc;
    nssSMIMEProfile *stanProfile = NULL;
    PRBool freeOldProfile = PR_FALSE;

    c = STAN_GetNSSCertificate(cert);
    if (!c) return SECFailure;
    cc = c->object.cryptoContext;
    if (cc != NULL) {
       stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
       if (stanProfile) {
           PORT_Assert(stanProfile->profileData);
           SECITEM_FROM_NSSITEM(&oldprof, stanProfile->profileData);
           oldProfile = &oldprof;
           SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime);
           oldProfileTime = &oldproftime;
       }
    } else {
       oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr, 
                                   &cert->derSubject, &oldProfileTime); 
       freeOldProfile = PR_TRUE;
    }

    saveit = PR_FALSE;
    
    /* both profileTime and emailProfile have to exist or not exist */
    if ( emailProfile == NULL ) {
       profileTime = NULL;
    } else if ( profileTime == NULL ) {
       emailProfile = NULL;
    }
   
    if ( oldProfileTime == NULL ) {
       saveit = PR_TRUE;
    } else {
       /* there was already a profile for this email addr */
       if ( profileTime ) {
           /* we have an old and new profile - save whichever is more recent*/
           if ( oldProfileTime->len == 0 ) {
              /* always replace if old entry doesn't have a time */
              oldtime = LL_MININT;
           } else {
              rv = DER_UTCTimeToTime(&oldtime, oldProfileTime);
              if ( rv != SECSuccess ) {
                  goto loser;
              }
           }
           
           rv = DER_UTCTimeToTime(&newtime, profileTime);
           if ( rv != SECSuccess ) {
              goto loser;
           }
       
           if ( LL_CMP(newtime, >, oldtime ) ) {
              /* this is a newer profile, save it and cert */
              saveit = PR_TRUE;
           }
       } else {
           saveit = PR_TRUE;
       }
    }


    if (saveit) {
       if (cc) {
           if (stanProfile) {
              /* stanProfile is already stored in the crypto context,
               * overwrite the data
               */
              NSSArena *arena = stanProfile->object.arena;
              stanProfile->profileTime = nssItem_Create(arena, 
                                                        NULL,
                                                        profileTime->len,
                                                        profileTime->data);
              stanProfile->profileData = nssItem_Create(arena, 
                                                        NULL,
                                                        emailProfile->len,
                                                        emailProfile->data);
           } else if (profileTime && emailProfile) {
              PRStatus nssrv;
              NSSItem profTime, profData;
              NSSITEM_FROM_SECITEM(&profTime, profileTime);
              NSSITEM_FROM_SECITEM(&profData, emailProfile);
              stanProfile = nssSMIMEProfile_Create(c, &profTime, &profData);
              if (!stanProfile) goto loser;
              nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile);
              rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
           }
       } else {
           rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr, 
                            &cert->derSubject, emailProfile, profileTime);
       }
    } else {
       rv = SECSuccess;
    }

loser:
    if (oldProfile && freeOldProfile) {
       SECITEM_FreeItem(oldProfile,PR_TRUE);
    }
    if (oldProfileTime && freeOldProfile) {
       SECITEM_FreeItem(oldProfileTime,PR_TRUE);
    }
    if (stanProfile) {
       nssSMIMEProfile_Destroy(stanProfile);
    }
    if (slot) {
       PK11_FreeSlot(slot);
    }
    
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSCertificate* get_best_temp_or_perm ( NSSCertificate *  ct,
NSSCertificate *  cp 
) [static]

Definition at line 359 of file stanpcertdb.c.

{
    NSSUsage usage;
    NSSCertificate *arr[3];
    if (!ct) {
       return nssCertificate_AddRef(cp);
    } else if (!cp) {
       return nssCertificate_AddRef(ct);
    }
    arr[0] = ct;
    arr[1] = cp;
    arr[2] = NULL;
    usage.anyUsage = PR_TRUE;
    return nssCertificateArray_FindBestCertificate(arr, NULL, &usage, NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SEC_CertNicknameConflict ( char *  nickname,
SECItem *  derSubject,
CERTCertDBHandle *  handle 
)

Definition at line 68 of file stanpcertdb.c.

{
    CERTCertificate *cert;
    PRBool conflict = PR_FALSE;

    cert=CERT_FindCertByNickname(handle, nickname);

    if (!cert) {
       return conflict;
    }

    conflict = !SECITEM_ItemsAreEqual(derSubject,&cert->derSubject);
    CERT_DestroyCertificate(cert);
    return conflict;
}
SECStatus SEC_DeletePermCertificate ( CERTCertificate *  cert)

Definition at line 86 of file stanpcertdb.c.

{
    PRStatus nssrv;
    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
    NSSCertificate *c = STAN_GetNSSCertificate(cert);

    /* get rid of the token instances */
    nssrv = NSSCertificate_DeleteStoredObject(c, NULL);

    /* get rid of the cache entry */
    nssTrustDomain_LockCertCache(td);
    nssTrustDomain_RemoveCertFromCacheLOCKED(td, c);
    nssTrustDomain_UnlockCertCache(td);

    return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
}
SECItem* SECKEY_HashPassword ( char *  pw,
SECItem *  salt 
)

Definition at line 945 of file stanpcertdb.c.

{
    PORT_Assert("SECKEY_HashPassword is Depricated" == NULL);
    return NULL;
}

Variable Documentation

Definition at line 93 of file errorval.c.