Back to index

lightning-sunbird  0.9+nobinonly
Functions | Variables
certificate.c File Reference
#include "nsspki.h"
#include "pkit.h"
#include "pkim.h"
#include "dev.h"
#include "pkistore.h"
#include "pki3hack.h"
#include "pk11func.h"
#include "hasht.h"
#include "base.h"

Go to the source code of this file.

Functions

NSS_IMPLEMENT NSSCertificate * nssCertificate_Create (nssPKIObject *object)
NSS_IMPLEMENT NSSCertificate * nssCertificate_AddRef (NSSCertificate *c)
NSS_IMPLEMENT PRStatus nssCertificate_Destroy (NSSCertificate *c)
NSS_IMPLEMENT PRStatus NSSCertificate_Destroy (NSSCertificate *c)
NSS_IMPLEMENT NSSDERnssCertificate_GetEncoding (NSSCertificate *c)
NSS_IMPLEMENT NSSDERnssCertificate_GetIssuer (NSSCertificate *c)
NSS_IMPLEMENT NSSDERnssCertificate_GetSerialNumber (NSSCertificate *c)
NSS_IMPLEMENT NSSDERnssCertificate_GetSubject (NSSCertificate *c)
NSS_IMPLEMENT NSSUTF8nssCertificate_GetNickname (NSSCertificate *c, NSSToken *tokenOpt)
NSS_IMPLEMENT NSSASCII7nssCertificate_GetEmailAddress (NSSCertificate *c)
NSS_IMPLEMENT PRStatus NSSCertificate_DeleteStoredObject (NSSCertificate *c, NSSCallback *uhh)
NSS_IMPLEMENT PRStatus NSSCertificate_Validate (NSSCertificate *c, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt)
NSS_IMPLEMENT void ** NSSCertificate_ValidateCompletely (NSSCertificate *c, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, void **rvOpt, PRUint32 rvLimit, NSSArena *arenaOpt)
NSS_IMPLEMENT PRStatus NSSCertificate_ValidateAndDiscoverUsagesAndPolicies (NSSCertificate *c, NSSTime **notBeforeOutOpt, NSSTime **notAfterOutOpt, void *allowedUsages, void *disallowedUsages, void *allowedPolicies, void *disallowedPolicies, NSSArena *arenaOpt)
NSS_IMPLEMENT NSSDERNSSCertificate_Encode (NSSCertificate *c, NSSDER *rvOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT nssDecodedCert * nssCertificate_GetDecoding (NSSCertificate *c)
static NSSCertificate ** filter_subject_certs_for_id (NSSCertificate **subjectCerts, void *id)
static NSSCertificate ** filter_certs_for_valid_issuers (NSSCertificate **certs)
static NSSCertificate * find_cert_issuer (NSSCertificate *c, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSTrustDomain *td, NSSCryptoContext *cc)
NSS_IMPLEMENT NSSCertificate ** nssCertificate_BuildChain (NSSCertificate *c, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCertificate **rvOpt, PRUint32 rvLimit, NSSArena *arenaOpt, PRStatus *statusOpt, NSSTrustDomain *td, NSSCryptoContext *cc)
NSS_IMPLEMENT NSSCertificate ** NSSCertificate_BuildChain (NSSCertificate *c, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCertificate **rvOpt, PRUint32 rvLimit, NSSArena *arenaOpt, PRStatus *statusOpt, NSSTrustDomain *td, NSSCryptoContext *cc)
NSS_IMPLEMENT NSSCryptoContext * nssCertificate_GetCryptoContext (NSSCertificate *c)
NSS_IMPLEMENT NSSTrustDomain * nssCertificate_GetTrustDomain (NSSCertificate *c)
NSS_IMPLEMENT NSSTrustDomain * NSSCertificate_GetTrustDomain (NSSCertificate *c)
NSS_IMPLEMENT NSSToken * NSSCertificate_GetToken (NSSCertificate *c, PRStatus *statusOpt)
NSS_IMPLEMENT NSSSlot * NSSCertificate_GetSlot (NSSCertificate *c, PRStatus *statusOpt)
NSS_IMPLEMENT NSSModule * NSSCertificate_GetModule (NSSCertificate *c, PRStatus *statusOpt)
NSS_IMPLEMENT NSSItem * NSSCertificate_Encrypt (NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSItem *data, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT PRStatus NSSCertificate_Verify (NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSItem *data, NSSItem *signature, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh)
NSS_IMPLEMENT NSSItem * NSSCertificate_VerifyRecover (NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSItem *signature, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT NSSItem * NSSCertificate_WrapSymmetricKey (NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSSymmetricKey *keyToWrap, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT NSSCryptoContext * NSSCertificate_CreateCryptoContext (NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh)
NSS_IMPLEMENT NSSPublicKey * NSSCertificate_GetPublicKey (NSSCertificate *c)
NSS_IMPLEMENT NSSPrivateKey * NSSCertificate_FindPrivateKey (NSSCertificate *c, NSSCallback *uhh)
NSS_IMPLEMENT PRBool NSSCertificate_IsPrivateKeyAvailable (NSSCertificate *c, NSSCallback *uhh, PRStatus *statusOpt)
PRIntn nssCertificate_SubjectListSort (void *v1, void *v2)
NSS_IMPLEMENT PRBool NSSUserCertificate_IsStillPresent (NSSUserCertificate *uc, PRStatus *statusOpt)
NSS_IMPLEMENT NSSItem * NSSUserCertificate_Decrypt (NSSUserCertificate *uc, NSSAlgorithmAndParameters *apOpt, NSSItem *data, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT NSSItem * NSSUserCertificate_Sign (NSSUserCertificate *uc, NSSAlgorithmAndParameters *apOpt, NSSItem *data, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT NSSItem * NSSUserCertificate_SignRecover (NSSUserCertificate *uc, NSSAlgorithmAndParameters *apOpt, NSSItem *data, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT NSSSymmetricKey * NSSUserCertificate_UnwrapSymmetricKey (NSSUserCertificate *uc, NSSAlgorithmAndParameters *apOpt, NSSItem *wrappedKey, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT NSSSymmetricKey * NSSUserCertificate_DeriveSymmetricKey (NSSUserCertificate *uc, NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSOID *target, PRUint32 keySizeOpt, NSSOperations operations, NSSCallback *uhh)
NSS_IMPLEMENT nssSMIMEProfile * nssSMIMEProfile_Create (NSSCertificate *cert, NSSItem *profileTime, NSSItem *profileData)
NSS_EXTERN PRStatus nssCertificateList_DoCallback (nssList *certList, PRStatus(*callback)(NSSCertificate *c, void *arg), void *arg)
static PRStatus add_ref_callback (NSSCertificate *c, void *a)
NSS_IMPLEMENT void nssCertificateList_AddReferences (nssList *certList)
NSS_IMPLEMENT NSSTrust * nssTrust_Create (nssPKIObject *object, NSSItem *certData)
NSS_IMPLEMENT NSSTrust * nssTrust_AddRef (NSSTrust *trust)
NSS_IMPLEMENT PRStatus nssTrust_Destroy (NSSTrust *trust)
NSS_IMPLEMENT nssSMIMEProfile * nssSMIMEProfile_AddRef (nssSMIMEProfile *profile)
NSS_IMPLEMENT PRStatus nssSMIMEProfile_Destroy (nssSMIMEProfile *profile)
NSS_IMPLEMENT NSSCRL * nssCRL_Create (nssPKIObject *object)
NSS_IMPLEMENT NSSCRL * nssCRL_AddRef (NSSCRL *crl)
NSS_IMPLEMENT PRStatus nssCRL_Destroy (NSSCRL *crl)
NSS_IMPLEMENT PRStatus nssCRL_DeleteStoredObject (NSSCRL *crl, NSSCallback *uhh)
NSS_IMPLEMENT NSSDERnssCRL_GetEncoding (NSSCRL *crl)

Variables

const NSSError NSS_ERROR_NOT_FOUND

Function Documentation

static PRStatus add_ref_callback ( NSSCertificate *  c,
void a 
) [static]

Definition at line 944 of file certificate.c.

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSCertificate** filter_certs_for_valid_issuers ( NSSCertificate **  certs) [static]

Definition at line 387 of file certificate.c.

{
    NSSCertificate **cp;
    nssDecodedCert *dcp;
    int nextOpenSlot = 0;

    for (cp = certs; *cp; cp++) {
       dcp = nssCertificate_GetDecoding(*cp);
       if (dcp && dcp->isValidIssuer(dcp)) {
           certs[nextOpenSlot++] = *cp;
       } else {
           NSSCertificate_Destroy(*cp);
       }
    }
    certs[nextOpenSlot] = NULL;
    return certs;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSCertificate** filter_subject_certs_for_id ( NSSCertificate **  subjectCerts,
void id 
) [static]

Definition at line 334 of file certificate.c.

{
    NSSCertificate **si;
    nssDecodedCert *dcp;
    int nextOpenSlot = 0;
    int i;
    nssCertIDMatch matchLevel = nssCertIDMatch_Unknown;
    nssCertIDMatch match;

    /* walk the subject certs */
    for (si = subjectCerts; *si; si++) {
       dcp = nssCertificate_GetDecoding(*si);
       if (!dcp) {
           NSSCertificate_Destroy(*si);
           continue;
       }
       match = dcp->matchIdentifier(dcp, id);
       switch (match) {
       case nssCertIDMatch_Yes:
           if (matchLevel == nssCertIDMatch_Unknown) {
              /* we have non-definitive matches, forget them */
              for (i = 0; i < nextOpenSlot; i++) {
                  NSSCertificate_Destroy(subjectCerts[i]);
                  subjectCerts[i] = NULL;
              }
              nextOpenSlot = 0;
              /* only keep definitive matches from now on */
              matchLevel = nssCertIDMatch_Yes;
           }
           /* keep the cert */
           subjectCerts[nextOpenSlot++] = *si;
           break;
       case nssCertIDMatch_Unknown:
           if (matchLevel == nssCertIDMatch_Unknown) {
              /* only have non-definitive matches so far, keep it */
              subjectCerts[nextOpenSlot++] = *si;
              break;
           }
           /* else fall through, we have a definitive match already */
       case nssCertIDMatch_No:
       default:
           NSSCertificate_Destroy(*si);
           *si = NULL;
       }
    }
    subjectCerts[nextOpenSlot] = NULL;
    return subjectCerts;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSCertificate* find_cert_issuer ( NSSCertificate *  c,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSTrustDomain *  td,
NSSCryptoContext *  cc 
) [static]

Definition at line 408 of file certificate.c.

{
    NSSArena *arena;
    NSSCertificate **certs = NULL;
    NSSCertificate **ccIssuers = NULL;
    NSSCertificate **tdIssuers = NULL;
    NSSCertificate *issuer = NULL;

    if (!cc)
       cc = c->object.cryptoContext;
    if (!td)
       td = NSSCertificate_GetTrustDomain(c);
    arena = nssArena_Create();
    if (!arena) {
       return (NSSCertificate *)NULL;
    }
    if (cc) {
       ccIssuers = nssCryptoContext_FindCertificatesBySubject(cc,
                                                              &c->issuer,
                                                              NULL,
                                                              0,
                                                              arena);
    }
    if (td)
       tdIssuers = nssTrustDomain_FindCertificatesBySubject(td,
                                                         &c->issuer,
                                                         NULL,
                                                         0,
                                                         arena);
    certs = nssCertificateArray_Join(ccIssuers, tdIssuers);
    if (certs) {
       nssDecodedCert *dc = NULL;
       void *issuerID = NULL;
       dc = nssCertificate_GetDecoding(c);
       if (dc) {
           issuerID = dc->getIssuerIdentifier(dc);
       }
       /* XXX review based on CERT_FindCertIssuer
        * this function is not using the authCertIssuer field as a fallback
        * if authority key id does not exist
        */
       if (issuerID) {
           certs = filter_subject_certs_for_id(certs, issuerID);
       }
       certs = filter_certs_for_valid_issuers(certs);
       issuer = nssCertificateArray_FindBestCertificate(certs,
                                                        timeOpt,
                                                        usage,
                                                        policiesOpt);
       nssCertificateArray_Destroy(certs);
    }
    nssArena_Destroy(arena);
    return issuer;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCertificate* nssCertificate_AddRef ( NSSCertificate *  c)

Definition at line 107 of file certificate.c.

{
    if (c) {
       nssPKIObject_AddRef(&c->object);
    }
    return c;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCertificate** nssCertificate_BuildChain ( NSSCertificate *  c,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCertificate **  rvOpt,
PRUint32  rvLimit,
NSSArena *  arenaOpt,
PRStatus statusOpt,
NSSTrustDomain *  td,
NSSCryptoContext *  cc 
)

Definition at line 474 of file certificate.c.

{
    NSSCertificate **rvChain = NULL;
    NSSUsage issuerUsage = *usage;
    nssPKIObjectCollection *collection = NULL;
    PRUint32  rvCount = 0;
    PRStatus  st;
    PRStatus  ret = PR_SUCCESS;

    if (!td)
       td = NSSCertificate_GetTrustDomain(c);
    if (!td || !c || !cc) 
       goto loser;
    /* bump the usage up to CA level */
    issuerUsage.nss3lookingForCA = PR_TRUE;
    collection = nssCertificateCollection_Create(td, NULL);
    if (!collection)
       goto loser;
    st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c);
    if (st != PR_SUCCESS)
       goto loser;
    for (rvCount = 1; (!rvLimit || rvCount < rvLimit); ++rvCount) {
       CERTCertificate *cCert = STAN_GetCERTCertificate(c);
       if (cCert->isRoot) {
           /* not including the issuer of the self-signed cert, which is,
            * of course, itself
            */
           break;
       }
       c = find_cert_issuer(c, timeOpt, &issuerUsage, policiesOpt, td, cc);
       if (!c) {
           ret = PR_FAILURE;
           break;
       }
       st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c);
       nssCertificate_Destroy(c); /* collection has it */
       if (st != PR_SUCCESS)
           goto loser;
    }
    rvChain = nssPKIObjectCollection_GetCertificates(collection, 
                                                     rvOpt, 
                                                     rvLimit, 
                                                     arenaOpt);
    if (rvChain) {
       nssPKIObjectCollection_Destroy(collection);
       if (statusOpt) 
           *statusOpt = ret;
       if (ret != PR_SUCCESS)
           nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND);
       return rvChain;
    }

loser:
    if (collection)
       nssPKIObjectCollection_Destroy(collection);
    if (statusOpt) 
       *statusOpt = PR_FAILURE;
    nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND);
    return rvChain;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCertificate** NSSCertificate_BuildChain ( NSSCertificate *  c,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCertificate **  rvOpt,
PRUint32  rvLimit,
NSSArena *  arenaOpt,
PRStatus statusOpt,
NSSTrustDomain *  td,
NSSCryptoContext *  cc 
)

Definition at line 547 of file certificate.c.

{
    return nssCertificate_BuildChain(c, timeOpt, usage, policiesOpt,
                                     rvOpt, rvLimit, arenaOpt, statusOpt,
                                 td, cc);
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCertificate* nssCertificate_Create ( nssPKIObject *  object)

Definition at line 71 of file certificate.c.

{
    PRStatus status;
    NSSCertificate *rvCert;
    /* mark? */
    NSSArena *arena = object->arena;
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    PR_ASSERT(object->lockType == nssPKIMonitor);
    rvCert = nss_ZNEW(arena, NSSCertificate);
    if (!rvCert) {
       return (NSSCertificate *)NULL;
    }
    rvCert->object = *object;
    /* XXX should choose instance based on some criteria */
    status = nssCryptokiCertificate_GetAttributes(object->instances[0],
                                                  NULL,  /* XXX sessionOpt */
                                                  arena,
                                                  &rvCert->type,
                                                  &rvCert->id,
                                                  &rvCert->encoding,
                                                  &rvCert->issuer,
                                                  &rvCert->serial,
                                                  &rvCert->subject);
    if (status != PR_SUCCESS) {
       return (NSSCertificate *)NULL;
    }
    /* all certs need an encoding value */
    if (rvCert->encoding.data == NULL) {
       return (NSSCertificate *)NULL;
    }
    return rvCert;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCryptoContext* NSSCertificate_CreateCryptoContext ( NSSCertificate *  c,
NSSAlgorithmAndParameters *  apOpt,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh 
)

Definition at line 684 of file certificate.c.

NSS_IMPLEMENT PRStatus NSSCertificate_DeleteStoredObject ( NSSCertificate *  c,
NSSCallback *  uhh 
)

Definition at line 252 of file certificate.c.

{
    return nssPKIObject_DeleteStoredObject(&c->object, uhh, PR_TRUE);
}

Here is the caller graph for this function:

Definition at line 118 of file certificate.c.

{
    nssCertificateStoreTrace lockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
    nssCertificateStoreTrace unlockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
    PRBool locked = PR_FALSE;

    if (c) {
       PRUint32 i;
       nssDecodedCert *dc = c->decoding;
       NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
       NSSCryptoContext *cc = c->object.cryptoContext;

       PR_ASSERT(c->object.refCount > 0);

       /* --- LOCK storage --- */
       if (cc) {
           nssCertificateStore_Lock(cc->certStore, &lockTrace);
            locked = PR_TRUE;
       } else {
           nssTrustDomain_LockCertCache(td);
       }
       if (PR_AtomicDecrement(&c->object.refCount) == 0) {
           /* --- remove cert and UNLOCK storage --- */
           if (cc) {
              nssCertificateStore_RemoveCertLOCKED(cc->certStore, c);
              nssCertificateStore_Unlock(cc->certStore, &lockTrace,
                                           &unlockTrace);
                nssCertificateStore_Check(&lockTrace, &unlockTrace);

           } else {
              nssTrustDomain_RemoveCertFromCacheLOCKED(td, c);
              nssTrustDomain_UnlockCertCache(td);
           }
           /* free cert data */
           for (i=0; i<c->object.numInstances; i++) {
              nssCryptokiObject_Destroy(c->object.instances[i]);
           }
           nssPKIObject_DestroyLock(&c->object);
           nssArena_Destroy(c->object.arena);
           nssDecodedCert_Destroy(dc);
       } else {
           /* --- UNLOCK storage --- */
           if (cc) {
              nssCertificateStore_Unlock(cc->certStore,
                                      &lockTrace,
                                      &unlockTrace);
              nssCertificateStore_Check(&lockTrace, &unlockTrace);
           } else {
              nssTrustDomain_UnlockCertCache(td);
           }
       }
    }
    if (locked) {
        nssCertificateStore_Check(&lockTrace, &unlockTrace);
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

Definition at line 179 of file certificate.c.

Here is the caller graph for this function:

NSS_IMPLEMENT NSSDER* NSSCertificate_Encode ( NSSCertificate *  c,
NSSDER rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 305 of file certificate.c.

{
    /* Item, DER, BER are all typedefs now... */
    return nssItem_Duplicate((NSSItem *)&c->encoding, arenaOpt, rvOpt);
}
NSS_IMPLEMENT NSSItem* NSSCertificate_Encrypt ( NSSCertificate *  c,
NSSAlgorithmAndParameters *  apOpt,
NSSItem *  data,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 617 of file certificate.c.

NSS_IMPLEMENT NSSPrivateKey* NSSCertificate_FindPrivateKey ( NSSCertificate *  c,
NSSCallback *  uhh 
)

Definition at line 735 of file certificate.c.

NSS_IMPLEMENT NSSCryptoContext* nssCertificate_GetCryptoContext ( NSSCertificate *  c)

Definition at line 566 of file certificate.c.

{
    return c->object.cryptoContext;
}

Here is the caller graph for this function:

NSS_IMPLEMENT nssDecodedCert* nssCertificate_GetDecoding ( NSSCertificate *  c)

Definition at line 316 of file certificate.c.

{
    nssDecodedCert* deco = NULL;
    nssPKIObject_Lock(&c->object);
    if (!c->decoding) {
       deco = nssDecodedCert_Create(NULL, &c->encoding, c->type);
       PORT_Assert(!c->decoding); 
        c->decoding = deco;
    } else {
        deco = c->decoding;
    }
    nssPKIObject_Unlock(&c->object);
    return deco;
}

Here is the caller graph for this function:

Definition at line 244 of file certificate.c.

{
    return c->email;
}

Definition at line 187 of file certificate.c.

{
    if (c->encoding.size > 0 && c->encoding.data) {
       return &c->encoding;
    } else {
       return (NSSDER *)NULL;
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSDER* nssCertificate_GetIssuer ( NSSCertificate *  c)

Definition at line 199 of file certificate.c.

{
    if (c->issuer.size > 0 && c->issuer.data) {
       return &c->issuer;
    } else {
       return (NSSDER *)NULL;
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSModule* NSSCertificate_GetModule ( NSSCertificate *  c,
PRStatus statusOpt 
)

Definition at line 608 of file certificate.c.

{
    return (NSSModule *)NULL;
}
NSS_IMPLEMENT NSSUTF8* nssCertificate_GetNickname ( NSSCertificate *  c,
NSSToken *  tokenOpt 
)

Definition at line 235 of file certificate.c.

{
    return nssPKIObject_GetNicknameForToken(&c->object, tokenOpt);
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSPublicKey* NSSCertificate_GetPublicKey ( NSSCertificate *  c)

Definition at line 698 of file certificate.c.

{
#if 0
    CK_ATTRIBUTE pubktemplate[] = {
       { CKA_CLASS,   NULL, 0 },
       { CKA_ID,      NULL, 0 },
       { CKA_SUBJECT, NULL, 0 }
    };
    PRStatus nssrv;
    CK_ULONG count = sizeof(pubktemplate) / sizeof(pubktemplate[0]);
    NSS_CK_SET_ATTRIBUTE_ITEM(pubktemplate, 0, &g_ck_class_pubkey);
    if (c->id.size > 0) {
       /* CKA_ID */
       NSS_CK_ITEM_TO_ATTRIBUTE(&c->id, &pubktemplate[1]);
    } else {
       /* failure, yes? */
       return (NSSPublicKey *)NULL;
    }
    if (c->subject.size > 0) {
       /* CKA_SUBJECT */
       NSS_CK_ITEM_TO_ATTRIBUTE(&c->subject, &pubktemplate[2]);
    } else {
       /* failure, yes? */
       return (NSSPublicKey *)NULL;
    }
    /* Try the cert's token first */
    if (c->token) {
       nssrv = nssToken_FindObjectByTemplate(c->token, pubktemplate, count);
    }
#endif
    /* Try all other key tokens */
    return (NSSPublicKey *)NULL;
}

Definition at line 211 of file certificate.c.

{
    if (c->serial.size > 0 && c->serial.data) {
       return &c->serial;
    } else {
       return (NSSDER *)NULL;
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSSlot* NSSCertificate_GetSlot ( NSSCertificate *  c,
PRStatus statusOpt 
)

Definition at line 599 of file certificate.c.

{
    return (NSSSlot *)NULL;
}

Definition at line 223 of file certificate.c.

{
    if (c->subject.size > 0 && c->subject.data) {
       return &c->subject;
    } else {
       return (NSSDER *)NULL;
    }
}
NSS_IMPLEMENT NSSToken* NSSCertificate_GetToken ( NSSCertificate *  c,
PRStatus statusOpt 
)

Definition at line 590 of file certificate.c.

{
    return (NSSToken *)NULL;
}
NSS_IMPLEMENT NSSTrustDomain* nssCertificate_GetTrustDomain ( NSSCertificate *  c)

Definition at line 574 of file certificate.c.

{
    return c->object.trustDomain;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSTrustDomain* NSSCertificate_GetTrustDomain ( NSSCertificate *  c)

Definition at line 582 of file certificate.c.

Here is the caller graph for this function:

NSS_IMPLEMENT PRBool NSSCertificate_IsPrivateKeyAvailable ( NSSCertificate *  c,
NSSCallback *  uhh,
PRStatus statusOpt 
)

Definition at line 745 of file certificate.c.

{
    PRBool isUser = PR_FALSE;
    nssCryptokiObject **ip;
    nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
    if (!instances) {
       return PR_FALSE;
    }
    for (ip = instances; *ip; ip++) {
       nssCryptokiObject *instance = *ip;
       if (nssToken_IsPrivateKeyAvailable(instance->token, c, instance)) {
           isUser = PR_TRUE;
       }
    }
    nssCryptokiObjectArray_Destroy(instances);
    return isUser;
}

Here is the caller graph for this function:

PRIntn nssCertificate_SubjectListSort ( void v1,
void v2 
)

Definition at line 769 of file certificate.c.

{
    NSSCertificate *c1 = (NSSCertificate *)v1;
    NSSCertificate *c2 = (NSSCertificate *)v2;
    nssDecodedCert *dc1 = nssCertificate_GetDecoding(c1);
    nssDecodedCert *dc2 = nssCertificate_GetDecoding(c2);
    if (!dc1) {
       return dc2 ? 1 : 0;
    } else if (!dc2) {
       return -1;
    } else {
       return dc1->isNewerThan(dc1, dc2) ? -1 : 1;
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus NSSCertificate_Validate ( NSSCertificate *  c,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt 
)

Definition at line 261 of file certificate.c.

NSS_IMPLEMENT PRStatus NSSCertificate_ValidateAndDiscoverUsagesAndPolicies ( NSSCertificate *  c,
NSSTime **  notBeforeOutOpt,
NSSTime **  notAfterOutOpt,
void allowedUsages,
void disallowedUsages,
void allowedPolicies,
void disallowedPolicies,
NSSArena *  arenaOpt 
)

Definition at line 288 of file certificate.c.

NSS_IMPLEMENT void** NSSCertificate_ValidateCompletely ( NSSCertificate *  c,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
void **  rvOpt,
PRUint32  rvLimit,
NSSArena *  arenaOpt 
)

Definition at line 273 of file certificate.c.

NSS_IMPLEMENT PRStatus NSSCertificate_Verify ( NSSCertificate *  c,
NSSAlgorithmAndParameters *  apOpt,
NSSItem *  data,
NSSItem *  signature,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh 
)

Definition at line 634 of file certificate.c.

NSS_IMPLEMENT NSSItem* NSSCertificate_VerifyRecover ( NSSCertificate *  c,
NSSAlgorithmAndParameters *  apOpt,
NSSItem *  signature,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 650 of file certificate.c.

NSS_IMPLEMENT NSSItem* NSSCertificate_WrapSymmetricKey ( NSSCertificate *  c,
NSSAlgorithmAndParameters *  apOpt,
NSSSymmetricKey *  keyToWrap,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 667 of file certificate.c.

Definition at line 951 of file certificate.c.

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssCertificateList_DoCallback ( nssList *  certList,
PRStatus(*)(NSSCertificate *c, void *arg callback,
void arg 
)

Definition at line 923 of file certificate.c.

{
    nssListIterator *certs;
    NSSCertificate *cert;
    PRStatus nssrv;
    certs = nssList_CreateIterator(certList);
    for (cert  = (NSSCertificate *)nssListIterator_Start(certs);
         cert != (NSSCertificate *)NULL;
         cert  = (NSSCertificate *)nssListIterator_Next(certs))
    {
       nssrv = (*callback)(cert, arg);
    }
    nssListIterator_Finish(certs);
    nssListIterator_Destroy(certs);
    return PR_SUCCESS;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCRL* nssCRL_AddRef ( NSSCRL *  crl)

Definition at line 1112 of file certificate.c.

{
    if (crl) {
       nssPKIObject_AddRef(&crl->object);
    }
    return crl;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCRL* nssCRL_Create ( nssPKIObject *  object)

Definition at line 1083 of file certificate.c.

{
    PRStatus status;
    NSSCRL *rvCRL;
    NSSArena *arena = object->arena;
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    rvCRL = nss_ZNEW(arena, NSSCRL);
    if (!rvCRL) {
       return (NSSCRL *)NULL;
    }
    rvCRL->object = *object;
    /* XXX should choose instance based on some criteria */
    status = nssCryptokiCRL_GetAttributes(object->instances[0],
                                          NULL,  /* XXX sessionOpt */
                                          arena,
                                          &rvCRL->encoding,
                                          NULL, /* subject */
                                          NULL, /* class */
                                          &rvCRL->url,
                                          &rvCRL->isKRL);
    if (status != PR_SUCCESS) {
       return (NSSCRL *)NULL;
    }
    return rvCRL;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssCRL_DeleteStoredObject ( NSSCRL *  crl,
NSSCallback *  uhh 
)

Definition at line 1134 of file certificate.c.

{
    return nssPKIObject_DeleteStoredObject(&crl->object, uhh, PR_TRUE);
}

Definition at line 1123 of file certificate.c.

{
    if (crl) {
       (void)nssPKIObject_Destroy(&crl->object);
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

Definition at line 1143 of file certificate.c.

{
    if (crl->encoding.data != NULL && crl->encoding.size > 0) {
       return &crl->encoding;
    } else {
       return (NSSDER *)NULL;
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT nssSMIMEProfile* nssSMIMEProfile_AddRef ( nssSMIMEProfile *  profile)

Definition at line 1061 of file certificate.c.

{
    if (profile) {
       nssPKIObject_AddRef(&profile->object);
    }
    return profile;
}

Here is the caller graph for this function:

NSS_IMPLEMENT nssSMIMEProfile* nssSMIMEProfile_Create ( NSSCertificate *  cert,
NSSItem *  profileTime,
NSSItem *  profileData 
)

Definition at line 881 of file certificate.c.

{
    NSSArena *arena;
    nssSMIMEProfile *rvProfile;
    nssPKIObject *object;
    NSSTrustDomain *td = nssCertificate_GetTrustDomain(cert);
    NSSCryptoContext *cc = nssCertificate_GetCryptoContext(cert);
    arena = nssArena_Create();
    if (!arena) {
       return NULL;
    }
    object = nssPKIObject_Create(arena, NULL, td, cc, nssPKILock);
    if (!object) {
       goto loser;
    }
    rvProfile = nss_ZNEW(arena, nssSMIMEProfile);
    if (!rvProfile) {
       goto loser;
    }
    rvProfile->object = *object;
    rvProfile->certificate = cert;
    rvProfile->email = nssUTF8_Duplicate(cert->email, arena);
    rvProfile->subject = nssItem_Duplicate(&cert->subject, arena, NULL);
    if (profileTime) {
       rvProfile->profileTime = nssItem_Duplicate(profileTime, arena, NULL);
    }
    if (profileData) {
       rvProfile->profileData = nssItem_Duplicate(profileData, arena, NULL);
    }
    return rvProfile;
loser:
    if (object) nssPKIObject_Destroy(object);
    else if (arena)  nssArena_Destroy(arena);
    return (nssSMIMEProfile *)NULL;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssSMIMEProfile_Destroy ( nssSMIMEProfile *  profile)

Definition at line 1072 of file certificate.c.

{
    if (profile) {
       (void)nssPKIObject_Destroy(&profile->object);
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSTrust* nssTrust_AddRef ( NSSTrust *  trust)

Definition at line 1039 of file certificate.c.

{
    if (trust) {
       nssPKIObject_AddRef(&trust->object);
    }
    return trust;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSTrust* nssTrust_Create ( nssPKIObject *  object,
NSSItem *  certData 
)

Definition at line 959 of file certificate.c.

{
    PRStatus status;
    PRUint32 i;
    PRUint32 lastTrustOrder, myTrustOrder;
    unsigned char sha1_hashcmp[SHA1_LENGTH];
    unsigned char sha1_hashin[SHA1_LENGTH];
    NSSItem sha1_hash;
    NSSTrust *rvt;
    nssCryptokiObject *instance;
    nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
    SECStatus rv; /* Should be stan flavor */
    PRBool stepUp;

    lastTrustOrder = 1<<16; /* just make it big */
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    rvt = nss_ZNEW(object->arena, NSSTrust);
    if (!rvt) {
       return (NSSTrust *)NULL;
    }
    rvt->object = *object;

    /* should be stan flavor of Hashbuf */
    rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size);
    if (rv != SECSuccess) {
       return (NSSTrust *)NULL;
    }
    sha1_hash.data = sha1_hashin;
    sha1_hash.size = sizeof (sha1_hashin);
    /* trust has to peek into the base object members */
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
       instance = object->instances[i];
       myTrustOrder = nssToken_GetTrustOrder(instance->token);
       status = nssCryptokiTrust_GetAttributes(instance, NULL,
                                          &sha1_hash,
                                               &serverAuth,
                                               &clientAuth,
                                               &codeSigning,
                                               &emailProtection,
                                               &stepUp);
       if (status != PR_SUCCESS) {
           nssPKIObject_Unlock(object);
           return (NSSTrust *)NULL;
       }
       if (PORT_Memcmp(sha1_hashin,sha1_hashcmp,SHA1_LENGTH) != 0) {
           nssPKIObject_Unlock(object);
           return (NSSTrust *)NULL;
       }
       if (rvt->serverAuth == nssTrustLevel_Unknown ||
           myTrustOrder < lastTrustOrder) 
       {
           rvt->serverAuth = serverAuth;
       }
       if (rvt->clientAuth == nssTrustLevel_Unknown ||
           myTrustOrder < lastTrustOrder) 
       {
           rvt->clientAuth = clientAuth;
       }
       if (rvt->emailProtection == nssTrustLevel_Unknown ||
           myTrustOrder < lastTrustOrder) 
       {
           rvt->emailProtection = emailProtection;
       }
       if (rvt->codeSigning == nssTrustLevel_Unknown ||
           myTrustOrder < lastTrustOrder) 
       {
           rvt->codeSigning = codeSigning;
       }
       rvt->stepUpApproved = stepUp;
       lastTrustOrder = myTrustOrder;
    }
    nssPKIObject_Unlock(object);
    return rvt;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssTrust_Destroy ( NSSTrust *  trust)

Definition at line 1050 of file certificate.c.

{
    if (trust) {
       (void)nssPKIObject_Destroy(&trust->object);
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSItem* NSSUserCertificate_Decrypt ( NSSUserCertificate uc,
NSSAlgorithmAndParameters *  apOpt,
NSSItem *  data,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 798 of file certificate.c.

NSS_IMPLEMENT NSSSymmetricKey* NSSUserCertificate_DeriveSymmetricKey ( NSSUserCertificate uc,
NSSCertificate *  c,
NSSAlgorithmAndParameters *  apOpt,
NSSOID *  target,
PRUint32  keySizeOpt,
NSSOperations  operations,
NSSCallback *  uhh 
)

Definition at line 866 of file certificate.c.

Definition at line 788 of file certificate.c.

NSS_IMPLEMENT NSSItem* NSSUserCertificate_Sign ( NSSUserCertificate uc,
NSSAlgorithmAndParameters *  apOpt,
NSSItem *  data,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 815 of file certificate.c.

NSS_IMPLEMENT NSSItem* NSSUserCertificate_SignRecover ( NSSUserCertificate uc,
NSSAlgorithmAndParameters *  apOpt,
NSSItem *  data,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 832 of file certificate.c.

NSS_IMPLEMENT NSSSymmetricKey* NSSUserCertificate_UnwrapSymmetricKey ( NSSUserCertificate uc,
NSSAlgorithmAndParameters *  apOpt,
NSSItem *  wrappedKey,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt,
NSSCallback *  uhh,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 849 of file certificate.c.


Variable Documentation

Definition at line 80 of file errorval.c.