Back to index

lightning-sunbird  0.9+nobinonly
Classes | Typedefs | Functions
certhigh.c File Reference
#include "nspr.h"
#include "secerr.h"
#include "secasn1.h"
#include "seccomon.h"
#include "pk11func.h"
#include "certdb.h"
#include "certt.h"
#include "cert.h"
#include "certxutl.h"
#include "nsspki.h"
#include "pki.h"
#include "pkit.h"
#include "pkitm.h"
#include "pki3hack.h"

Go to the source code of this file.

Classes

struct  stringNode
struct  dnameNode
struct  certNode

Typedefs

typedef struct stringNode stringNode
typedef struct dnameNode dnameNode
typedef struct certNode certNode

Functions

PRBool CERT_MatchNickname (char *name1, char *name2)
CERTCertList * CERT_FindUserCertsByUsage (CERTCertDBHandle *handle, SECCertUsage usage, PRBool oneCertPerName, PRBool validOnly, void *proto_win)
CERTCertificate * CERT_FindUserCertByUsage (CERTCertDBHandle *handle, char *nickname, SECCertUsage usage, PRBool validOnly, void *proto_win)
CERTCertList * CERT_MatchUserCert (CERTCertDBHandle *handle, SECCertUsage usage, int nCANames, char **caNames, void *proto_win)
static PRStatus CollectNicknames (NSSCertificate *c, void *data)
CERTCertNicknames * CERT_GetCertNicknames (CERTCertDBHandle *handle, int what, void *wincx)
void CERT_FreeNicknames (CERTCertNicknames *nicknames)
void CERT_FreeDistNames (CERTDistNames *names)
static SECStatus CollectDistNames (CERTCertificate *cert, SECItem *k, void *data)
CERTDistNames * CERT_GetSSLCACerts (CERTCertDBHandle *handle)
CERTDistNames * CERT_DistNamesFromNicknames (CERTCertDBHandle *handle, char **nicknames, int nnames)
CERTCertificate * CERT_FindCertByNameString (CERTCertDBHandle *handle, char *nameStr)
CERTCrlDistributionPoints * CERT_FindCRLDistributionPoints (CERTCertificate *cert)
CERTSignedCrl * CERT_ImportCRL (CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx)
static SECStatus cert_ImportCAChain (SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool trusted)
SECStatus CERT_ImportCAChain (SECItem *certs, int numcerts, SECCertUsage certUsage)
SECStatus CERT_ImportCAChainTrusted (SECItem *certs, int numcerts, SECCertUsage certUsage)
CERTCertificateList * CERT_CertChainFromCert (CERTCertificate *cert, SECCertUsage usage, PRBool includeRoot)
CERTCertificateList * CERT_CertListFromCert (CERTCertificate *cert)
CERTCertificateList * CERT_DupCertList (CERTCertificateList *oldList)
void CERT_DestroyCertificateList (CERTCertificateList *list)

Class Documentation

struct stringNode

Definition at line 353 of file certhigh.c.

Collaboration diagram for stringNode:
Class Members
struct stringNode * next
char * string
struct dnameNode

Definition at line 537 of file certhigh.c.

Collaboration diagram for dnameNode:
Class Members
SECItem name
struct dnameNode * next
struct certNode

Definition at line 932 of file certhigh.c.

Collaboration diagram for certNode:
Class Members
CERTCertificate * cert
struct certNode * next

Typedef Documentation

typedef struct certNode certNode
typedef struct dnameNode dnameNode
typedef struct stringNode stringNode

Function Documentation

CERTCertificateList* CERT_CertChainFromCert ( CERTCertificate *  cert,
SECCertUsage  usage,
PRBool  includeRoot 
)

Definition at line 938 of file certhigh.c.

{
    CERTCertificateList *chain = NULL;
    NSSCertificate **stanChain;
    NSSCertificate *stanCert;
    PRArenaPool *arena;
    NSSUsage nssUsage;
    int i, len;
    NSSTrustDomain *td   = STAN_GetDefaultTrustDomain();
    NSSCryptoContext *cc = STAN_GetDefaultCryptoContext();

    stanCert = STAN_GetNSSCertificate(cert);
    nssUsage.anyUsage = PR_FALSE;
    nssUsage.nss3usage = usage;
    nssUsage.nss3lookingForCA = PR_FALSE;
    stanChain = NSSCertificate_BuildChain(stanCert, NULL, &nssUsage, NULL, NULL,
                                     CERT_MAX_CERT_CHAIN, NULL, NULL, td, cc);
    if (!stanChain) {
       PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
       return NULL;
    }

    len = 0;
    stanCert = stanChain[0];
    while (stanCert) {
       stanCert = stanChain[++len];
    }

    arena = PORT_NewArena(4096);
    if (arena == NULL) {
       goto loser;
    }

    chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, 
                                                 sizeof(CERTCertificateList));
    if (!chain) goto loser;
    chain->certs = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
    if (!chain->certs) goto loser;
    i = 0;
    stanCert = stanChain[i];
    while (stanCert) {
       SECItem derCert;
       CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
       if (!cCert) {
           goto loser;
       }
       derCert.len = (unsigned int)stanCert->encoding.size;
       derCert.data = (unsigned char *)stanCert->encoding.data;
       derCert.type = siBuffer;
       SECITEM_CopyItem(arena, &chain->certs[i], &derCert);
       stanCert = stanChain[++i];
       if (!stanCert && !cCert->isRoot) {
           /* reached the end of the chain, but the final cert is
            * not a root.  Don't discard it.
            */
           includeRoot = PR_TRUE;
       }
       CERT_DestroyCertificate(cCert);
    }
    if ( !includeRoot && len > 1) {
       chain->len = len - 1;
    } else {
       chain->len = len;
    }
    
    chain->arena = arena;
    nss_ZFreeIf(stanChain);
    return chain;
loser:
    i = 0;
    stanCert = stanChain[i];
    while (stanCert) {
       CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
       if (cCert) {
           CERT_DestroyCertificate(cCert);
       }
       stanCert = stanChain[++i];
    }
    nss_ZFreeIf(stanChain);
    if (arena) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}
CERTCertificateList* CERT_CertListFromCert ( CERTCertificate *  cert)

Definition at line 1028 of file certhigh.c.

{
    CERTCertificateList *chain = NULL;
    int rv;
    PRArenaPool *arena;

    /* arena for SecCertificateList */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) goto no_memory;

    /* build the CERTCertificateList */
    chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
    if (chain == NULL) goto no_memory;
    chain->certs = (SECItem*)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem));
    if (chain->certs == NULL) goto no_memory;
    rv = SECITEM_CopyItem(arena, chain->certs, &(cert->derCert));
    if (rv < 0) goto loser;
    chain->len = 1;
    chain->arena = arena;

    return chain;

no_memory:
    PORT_SetError(SEC_ERROR_NO_MEMORY);
loser:
    if (arena != NULL) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}
void CERT_DestroyCertificateList ( CERTCertificateList *  list)

Definition at line 1102 of file certhigh.c.

CERTDistNames* CERT_DistNamesFromNicknames ( CERTCertDBHandle *  handle,
char **  nicknames,
int  nnames 
)

Definition at line 662 of file certhigh.c.

{
    CERTDistNames *dnames = NULL;
    PRArenaPool *arena;
    int i, rv;
    SECItem *names = NULL;
    CERTCertificate *cert = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) goto loser;
    dnames = PORT_ArenaZNew(arena, CERTDistNames);
    if (dnames == NULL) goto loser;

    dnames->arena = arena;
    dnames->nnames = nnames;
    dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames);
    if (names == NULL) goto loser;
    
    for (i = 0; i < nnames; i++) {
       cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]);
       if (cert == NULL) goto loser;
       rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject);
       if (rv == SECFailure) goto loser;
       CERT_DestroyCertificate(cert);
    }
    return dnames;
    
loser:
    if (cert != NULL)
       CERT_DestroyCertificate(cert);
    if (arena != NULL)
       PORT_FreeArena(arena, PR_FALSE);
    return NULL;
}
CERTCertificateList* CERT_DupCertList ( CERTCertificateList *  oldList)

Definition at line 1060 of file certhigh.c.

{
    CERTCertificateList *newList = NULL;
    PRArenaPool         *arena   = NULL;
    SECItem             *newItem;
    SECItem             *oldItem;
    int                 len      = oldList->len;
    int                 rv;

    /* arena for SecCertificateList */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) 
       goto no_memory;

    /* now build the CERTCertificateList */
    newList = PORT_ArenaNew(arena, CERTCertificateList);
    if (newList == NULL) 
       goto no_memory;
    newList->arena = arena;
    newItem = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
    if (newItem == NULL) 
       goto no_memory;
    newList->certs = newItem;
    newList->len   = len;

    for (oldItem = oldList->certs; len > 0; --len, ++newItem, ++oldItem) {
       rv = SECITEM_CopyItem(arena, newItem, oldItem);
       if (rv < 0) 
           goto loser;
    }
    return newList;

no_memory:
    PORT_SetError(SEC_ERROR_NO_MEMORY);
loser:
    if (arena != NULL) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return NULL;
}
CERTCertificate* CERT_FindCertByNameString ( CERTCertDBHandle *  handle,
char *  nameStr 
)

Definition at line 703 of file certhigh.c.

{
    CERTName *name;
    SECItem *nameItem;
    CERTCertificate *cert = NULL;
    PRArenaPool *arena = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( arena == NULL ) {
       goto loser;
    }
    
    name = CERT_AsciiToName(nameStr);
    
    if ( name ) {
       nameItem = SEC_ASN1EncodeItem (arena, NULL, (void *)name,
                                   CERT_NameTemplate);
       if ( nameItem != NULL ) {
            cert = CERT_FindCertByName(handle, nameItem);
       }
       CERT_DestroyName(name);
    }

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(cert);
}
CERTCrlDistributionPoints* CERT_FindCRLDistributionPoints ( CERTCertificate *  cert)

Definition at line 738 of file certhigh.c.

{
    SECItem encodedExtenValue;
    SECStatus rv;
    CERTCrlDistributionPoints *dps;

    encodedExtenValue.data = NULL;
    encodedExtenValue.len = 0;

    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_CRL_DIST_POINTS,
                         &encodedExtenValue);
    if ( rv != SECSuccess ) {
       return (NULL);
    }

    dps = CERT_DecodeCRLDistributionPoints(cert->arena, &encodedExtenValue);

    PORT_Free(encodedExtenValue.data);

    return dps;
}
CERTCertificate* CERT_FindUserCertByUsage ( CERTCertDBHandle *  handle,
char *  nickname,
SECCertUsage  usage,
PRBool  validOnly,
void proto_win 
)

Definition at line 254 of file certhigh.c.

{
    CERTCertificate *cert = NULL;
    CERTCertList *certList = NULL;
    SECStatus rv;
    int64 time;
    
    time = PR_Now();
    
    /* use the pk11 call so that we pick up any certs on tokens,
     * which may require login
     */
    /* XXX - why is this restricted? */
    if ( proto_win != NULL ) {
       cert = PK11_FindCertFromNickname(nickname,proto_win);
    }


    /* sigh, There are still problems find smart cards from the temp
     * db. This will get smart cards working again. The real fix
     * is to make sure we can search the temp db by their token nickname.
     */
    if (cert == NULL) {
       cert = CERT_FindCertByNickname(handle,nickname);
    }

    if ( cert != NULL ) {
       /* collect certs for this nickname, sorting them into the list */
       certList = CERT_CreateSubjectCertList(certList, handle, 
                                   &cert->derSubject, time, validOnly);

       CERT_FilterCertListForUserCerts(certList);

       /* drop the extra reference */
       CERT_DestroyCertificate(cert);
       cert = NULL;
    }
       
    if ( certList == NULL ) {
       goto loser;
    }
    
    /* remove certs with incorrect usage */
    rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    if ( ! CERT_LIST_END(CERT_LIST_HEAD(certList), certList) ) {
       cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
    }
    
loser:
    if ( certList != NULL ) {
       CERT_DestroyCertList(certList);
    }

    return(cert);
}
CERTCertList* CERT_FindUserCertsByUsage ( CERTCertDBHandle *  handle,
SECCertUsage  usage,
PRBool  oneCertPerName,
PRBool  validOnly,
void proto_win 
)

Definition at line 103 of file certhigh.c.

{
    CERTCertNicknames *nicknames = NULL;
    char **nnptr;
    int nn;
    CERTCertificate *cert = NULL;
    CERTCertList *certList = NULL;
    SECStatus rv;
    int64 time;
    CERTCertListNode *node = NULL;
    CERTCertListNode *freenode = NULL;
    int n;
    
    time = PR_Now();
    
    nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER,
                                  proto_win);
    
    if ( ( nicknames == NULL ) || ( nicknames->numnicknames == 0 ) ) {
       goto loser;
    }

    nnptr = nicknames->nicknames;
    nn = nicknames->numnicknames;

    while ( nn > 0 ) {
       cert = NULL;
       /* use the pk11 call so that we pick up any certs on tokens,
        * which may require login
        */
       if ( proto_win != NULL ) {
           cert = PK11_FindCertFromNickname(*nnptr,proto_win);
       }

       /* Sigh, It turns out if the cert is already in the temp db, because
        * it's in the perm db, then the nickname lookup doesn't work.
        * since we already have the cert here, though, than we can just call
        * CERT_CreateSubjectCertList directly. For those cases where we didn't
        * find the cert in pkcs #11 (because we didn't have a password arg,
        * or because the nickname is for a peer, server, or CA cert, then we
        * go look the cert up.
        */
       if (cert == NULL) { 
           cert = CERT_FindCertByNickname(handle,*nnptr);
       }

       if ( cert != NULL ) {
          /* collect certs for this nickname, sorting them into the list */
           certList = CERT_CreateSubjectCertList(certList, handle, 
                            &cert->derSubject, time, validOnly);

           CERT_FilterCertListForUserCerts(certList);
       
           /* drop the extra reference */
           CERT_DestroyCertificate(cert);
       }
       
       nnptr++;
       nn--;
    }

    /* remove certs with incorrect usage */
    rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* remove any extra certs for each name */
    if ( oneCertPerName ) {
       PRBool *flags;

       nn = nicknames->numnicknames;
       nnptr = nicknames->nicknames;
       
       flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn);
       if ( flags == NULL ) {
           goto loser;
       }
       
       node = CERT_LIST_HEAD(certList);
       
       /* treverse all certs in the list */
       while ( !CERT_LIST_END(node, certList) ) {

           /* find matching nickname index */
           for ( n = 0; n < nn; n++ ) {
              if ( CERT_MatchNickname(nnptr[n], node->cert->nickname) ) {
                  /* We found a match.  If this is the first one, then
                   * set the flag and move on to the next cert.  If this
                   * is not the first one then delete it from the list.
                   */
                  if ( flags[n] ) {
                     /* We have already seen a cert with this nickname,
                      * so delete this one.
                      */
                     freenode = node;
                     node = CERT_LIST_NEXT(node);
                     CERT_RemoveCertListNode(freenode);
                  } else {
                     /* keep the first cert for each nickname, but set the
                      * flag so we know to delete any others with the same
                      * nickname.
                      */
                     flags[n] = PR_TRUE;
                     node = CERT_LIST_NEXT(node);
                  }
                  break;
              }
           }
           if ( n == nn ) {
              /* if we get here it means that we didn't find a matching
               * nickname, which should not happen.
               */
              PORT_Assert(0);
              node = CERT_LIST_NEXT(node);
           }
       }
       PORT_Free(flags);
    }

    goto done;
    
loser:
    if ( certList != NULL ) {
       CERT_DestroyCertList(certList);
       certList = NULL;
    }

done:
    if ( nicknames != NULL ) {
       CERT_FreeNicknames(nicknames);
    }

    return(certList);
}
void CERT_FreeDistNames ( CERTDistNames *  names)

Definition at line 543 of file certhigh.c.

{
    PORT_FreeArena(names->arena, PR_FALSE);
    
    return;
}
void CERT_FreeNicknames ( CERTCertNicknames *  nicknames)

Definition at line 528 of file certhigh.c.

{
    PORT_FreeArena(nicknames->arena, PR_FALSE);
    
    return;
}
CERTCertNicknames* CERT_GetCertNicknames ( CERTCertDBHandle *  handle,
int  what,
void wincx 
)

Definition at line 469 of file certhigh.c.

{
    PRArenaPool *arena;
    CERTCertNicknames *names;
    int i;
    stringNode *node;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       return(NULL);
    }
    
    names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
    if ( names == NULL ) {
       goto loser;
    }

    names->arena = arena;
    names->head = NULL;
    names->numnicknames = 0;
    names->nicknames = NULL;
    names->what = what;
    names->totallen = 0;

    /* make sure we are logged in */
    (void) pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
   
    NSSTrustDomain_TraverseCertificates(handle,
                                       CollectNicknames, (void *)names);
    if ( names->numnicknames ) {
       names->nicknames = (char**)PORT_ArenaAlloc(arena,
                                    names->numnicknames * sizeof(char *));

       if ( names->nicknames == NULL ) {
           goto loser;
       }
    
       node = (stringNode *)names->head;
       
       for ( i = 0; i < names->numnicknames; i++ ) {
           PORT_Assert(node != NULL);
           
           names->nicknames[i] = node->string;
           names->totallen += PORT_Strlen(node->string);
           node = node->next;
       }

       PORT_Assert(node == NULL);
    }

    return(names);
    
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return(NULL);
}
CERTDistNames* CERT_GetSSLCACerts ( CERTCertDBHandle *  handle)

Definition at line 601 of file certhigh.c.

{
    PRArenaPool *arena;
    CERTDistNames *names;
    int i;
    SECStatus rv;
    dnameNode *node;
    
    /* allocate an arena to use */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       return(NULL);
    }
    
    /* allocate the header structure */
    names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames));
    if ( names == NULL ) {
       goto loser;
    }

    /* initialize the header struct */
    names->arena = arena;
    names->head = NULL;
    names->nnames = 0;
    names->names = NULL;
    
    /* collect the names from the database */
    rv = PK11_TraverseSlotCerts(CollectDistNames, (void *)names, NULL);
    if ( rv ) {
       goto loser;
    }

    /* construct the array from the list */
    if ( names->nnames ) {
       names->names = (SECItem*)PORT_ArenaAlloc(arena, names->nnames * sizeof(SECItem));

       if ( names->names == NULL ) {
           goto loser;
       }
    
       node = (dnameNode *)names->head;
       
       for ( i = 0; i < names->nnames; i++ ) {
           PORT_Assert(node != NULL);
           
           names->names[i] = node->name;
           node = node->next;
       }

       PORT_Assert(node == NULL);
    }

    return(names);
    
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return(NULL);
}
static SECStatus cert_ImportCAChain ( SECItem *  certs,
int  numcerts,
SECCertUsage  certUsage,
PRBool  trusted 
) [static]

Definition at line 775 of file certhigh.c.

{
    SECStatus rv;
    SECItem *derCert;
    CERTCertificate *cert = NULL;
    CERTCertificate *newcert = NULL;
    CERTCertDBHandle *handle;
    CERTCertTrust trust;
    PRBool isca;
    char *nickname;
    unsigned int certtype;
    
    handle = CERT_GetDefaultCertDB();
    
    while (numcerts--) {
       derCert = certs;
       certs++;

       /* decode my certificate */
       /* This use is ok -- only looks at decoded parts, calls NewTemp later */
       newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
       if ( newcert == NULL ) {
           goto loser;
       }

       if (!trusted) {
           /* make sure that cert is valid */
           rv = CERT_CertTimesValid(newcert);
           if ( rv == SECFailure ) {
              goto endloop;
           }
       }

       /* does it have the CA extension */
       
       /*
        * Make sure that if this is an intermediate CA in the chain that
        * it was given permission by its signer to be a CA.
        */
       isca = CERT_IsCACert(newcert, &certtype);

       if ( !isca ) {
           if (!trusted) {
              goto endloop;
           }
           trust.sslFlags = CERTDB_VALID_CA;
           trust.emailFlags = CERTDB_VALID_CA;
           trust.objectSigningFlags = CERTDB_VALID_CA;
       } else {
           /* SSL ca's must have the ssl bit set */
           if ( ( certUsage == certUsageSSLCA ) &&
              (( certtype & NS_CERT_TYPE_SSL_CA ) != NS_CERT_TYPE_SSL_CA )) {
              goto endloop;
           }

           /* it passed all of the tests, so lets add it to the database */
           /* mark it as a CA */
           PORT_Memset((void *)&trust, 0, sizeof(trust));
           switch ( certUsage ) {
             case certUsageSSLCA:
              trust.sslFlags = CERTDB_VALID_CA;
              break;
             case certUsageUserCertImport:
              if ((certtype & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
                  trust.sslFlags = CERTDB_VALID_CA;
              }
              if ((certtype & NS_CERT_TYPE_EMAIL_CA) 
                                          == NS_CERT_TYPE_EMAIL_CA ) {
                  trust.emailFlags = CERTDB_VALID_CA;
              }
              if ( ( certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA ) ==
                                   NS_CERT_TYPE_OBJECT_SIGNING_CA ) {
                   trust.objectSigningFlags = CERTDB_VALID_CA;
              }
              break;
             default:
              PORT_Assert(0);
              break;
           }
       }
       
       cert = CERT_NewTempCertificate(handle, derCert, NULL, 
                                                 PR_FALSE, PR_FALSE);
       if ( cert == NULL ) {
           goto loser;
       }
       
       /* if the cert is temp, make it perm; otherwise we're done */
       if (cert->istemp) {
           /* get a default nickname for it */
           nickname = CERT_MakeCANickname(cert);

           rv = CERT_AddTempCertToPerm(cert, nickname, &trust);

           /* free the nickname */
           if ( nickname ) {
              PORT_Free(nickname);
           }
       } else {
           rv = SECSuccess;
       }

       CERT_DestroyCertificate(cert);
       cert = NULL;
       
       if ( rv != SECSuccess ) {
           goto loser;
       }

endloop:
       if ( newcert ) {
           CERT_DestroyCertificate(newcert);
           newcert = NULL;
       }
       
    }

    rv = SECSuccess;
    goto done;
loser:
    rv = SECFailure;
done:
    
    if ( newcert ) {
       CERT_DestroyCertificate(newcert);
       newcert = NULL;
    }
    
    if ( cert ) {
       CERT_DestroyCertificate(cert);
       cert = NULL;
    }
    
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_ImportCAChain ( SECItem *  certs,
int  numcerts,
SECCertUsage  certUsage 
)

Definition at line 912 of file certhigh.c.

{
    return cert_ImportCAChain(certs, numcerts, certUsage, PR_FALSE);
}
SECStatus CERT_ImportCAChainTrusted ( SECItem *  certs,
int  numcerts,
SECCertUsage  certUsage 
)

Definition at line 918 of file certhigh.c.

                                                                                {
    return cert_ImportCAChain(certs, numcerts, certUsage, PR_TRUE);
}
CERTSignedCrl* CERT_ImportCRL ( CERTCertDBHandle *  handle,
SECItem *  derCRL,
char *  url,
int  type,
void wincx 
)

Definition at line 762 of file certhigh.c.

{
    CERTSignedCrl* retCrl = NULL;
    PK11SlotInfo* slot = PK11_GetInternalKeySlot();
    retCrl = PK11_ImportCRL(slot, derCRL, url, type, wincx,
        CRL_IMPORT_DEFAULT_OPTIONS, NULL, CRL_DECODE_DEFAULT_OPTIONS);
    PK11_FreeSlot(slot);

    return retCrl;
}
PRBool CERT_MatchNickname ( char *  name1,
char *  name2 
)

Definition at line 54 of file certhigh.c.

                                             {
    char *nickname1= NULL;
    char *nickname2 = NULL;
    char *token1;
    char *token2;
    char *token = NULL;
    int len;

    /* first deal with the straight comparison */
    if (PORT_Strcmp(name1, name2) == 0) {
       return PR_TRUE;
    }
    /* we need to handle the case where one name has an explicit token and the other
     * doesn't */
    token1 = PORT_Strchr(name1,':');
    token2 = PORT_Strchr(name2,':');
    if ((token1 && token2) || (!token1 && !token2)) {
       /* either both token names are specified or neither are, not match */
       return PR_FALSE;
    }
    if (token1) {
       token=name1;
       nickname1=token1;
       nickname2=name2;
    } else {
       token=name2;
       nickname1=token2;
       nickname2=name1;
    }
    len = nickname1-token;
    nickname1++;
    if (PORT_Strcmp(nickname1,nickname2) != 0) {
       return PR_FALSE;
    }
    /* compare the other token with the internal slot here */
    return PR_TRUE;
}

Here is the caller graph for this function:

CERTCertList* CERT_MatchUserCert ( CERTCertDBHandle *  handle,
SECCertUsage  usage,
int  nCANames,
char **  caNames,
void proto_win 
)

Definition at line 320 of file certhigh.c.

{
    CERTCertList *certList = NULL;
    SECStatus rv;

    certList = CERT_FindUserCertsByUsage(handle, usage, PR_TRUE, PR_TRUE,
                                    proto_win);
    if ( certList == NULL ) {
       goto loser;
    }
    
    rv = CERT_FilterCertListByCANames(certList, nCANames, caNames, usage);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    goto done;
    
loser:
    if ( certList != NULL ) {
       CERT_DestroyCertList(certList);
       certList = NULL;
    }

done:

    return(certList);
}
static SECStatus CollectDistNames ( CERTCertificate *  cert,
SECItem *  k,
void data 
) [static]

Definition at line 551 of file certhigh.c.

{
    CERTDistNames *names;
    PRBool saveit = PR_FALSE;
    CERTCertTrust *trust;
    dnameNode *node;
    int len;
    
    names = (CERTDistNames *)data;
    
    if ( cert->trust ) {
       trust = cert->trust;
       
       /* only collect names of CAs trusted for issuing SSL clients */
       if (  trust->sslFlags &  CERTDB_TRUSTED_CLIENT_CA )  {
           saveit = PR_TRUE;
       }
    }

    if ( saveit ) {
       /* allocate the node */
       node = (dnameNode*)PORT_ArenaAlloc(names->arena, sizeof(dnameNode));
       if ( node == NULL ) {
           return(SECFailure);
       }

       /* copy the name */
       node->name.len = len = cert->derSubject.len;
       node->name.type = siBuffer;
       node->name.data = (unsigned char*)PORT_ArenaAlloc(names->arena, len);
       if ( node->name.data == NULL ) {
           return(SECFailure);
       }
       PORT_Memcpy(node->name.data, cert->derSubject.data, len);

       /* link it into the list */
       node->next = (dnameNode *)names->head;
       names->head = (void *)node;

       /* bump the count */
       names->nnames++;
    }
    
    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRStatus CollectNicknames ( NSSCertificate *  c,
void data 
) [static]

Definition at line 359 of file certhigh.c.

{
    CERTCertNicknames *names;
    PRBool saveit = PR_FALSE;
    stringNode *node;
    int len;
#ifdef notdef
    NSSTrustDomain *td;
    NSSTrust *trust;
#endif
    char *stanNickname;
    char *nickname = NULL;
    
    names = (CERTCertNicknames *)data;

    stanNickname = nssCertificate_GetNickname(c,NULL);
    
    if ( stanNickname ) {
       if (names->what == SEC_CERT_NICKNAMES_USER) {
           saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL);
       }
#ifdef notdef
         else {
           td = NSSCertificate_GetTrustDomain(c);
           if (!td) {
              return PR_SUCCESS;
           }
           trust = nssTrustDomain_FindTrustForCertificate(td,c);
       
           switch(names->what) {
            case SEC_CERT_NICKNAMES_ALL:
              if ((trust->sslFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
               (trust->emailFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
               (trust->objectSigningFlags & 
                                   (CERTDB_VALID_CA|CERTDB_VALID_PEER))) {
                  saveit = PR_TRUE;
              }
           
              break;
            case SEC_CERT_NICKNAMES_SERVER:
              if ( trust->sslFlags & CERTDB_VALID_PEER ) {
                  saveit = PR_TRUE;
              }
           
              break;
            case SEC_CERT_NICKNAMES_CA:
              if (((trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA)||
               ((trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA) ||
               ((trust->objectSigningFlags & CERTDB_VALID_CA ) 
                                                 == CERTDB_VALID_CA)) {
                  saveit = PR_TRUE;
              }
              break;
           }
       }
#endif
    }

    /* traverse the list of collected nicknames and make sure we don't make
     * a duplicate
     */
    if ( saveit ) {
       nickname = STAN_GetCERTCertificateName(NULL, c);
       /* nickname can only be NULL here if we are having memory 
        * alloc problems */
       if (nickname == NULL) {
           return PR_FAILURE;
       }
       node = (stringNode *)names->head;
       while ( node != NULL ) {
           if ( PORT_Strcmp(nickname, node->string) == 0 ) { 
              /* if the string matches, then don't save this one */
              saveit = PR_FALSE;
              break;
           }
           node = node->next;
       }
    }

    if ( saveit ) {
       
       /* allocate the node */
       node = (stringNode*)PORT_ArenaAlloc(names->arena, sizeof(stringNode));
       if ( node == NULL ) {
           PORT_Free(nickname);
           return PR_FAILURE;
       }

       /* copy the string */
       len = PORT_Strlen(nickname) + 1;
       node->string = (char*)PORT_ArenaAlloc(names->arena, len);
       if ( node->string == NULL ) {
           PORT_Free(nickname);
           return PR_FAILURE;
       }
       PORT_Memcpy(node->string, nickname, len);

       /* link it into the list */
       node->next = (stringNode *)names->head;
       names->head = (void *)node;

       /* bump the count */
       names->numnicknames++;
    }
    
    if (nickname) PORT_Free(nickname);
    return(PR_SUCCESS);
}

Here is the call graph for this function:

Here is the caller graph for this function: