Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Enumerations | Functions | Variables
pkibase.c File Reference
#include "dev.h"
#include "pkim.h"
#include "pki3hack.h"

Go to the source code of this file.

Classes

struct  pkiObjectCollectionNode
struct  nssPKIObjectCollectionStr

Defines

#define MAX_ITEMS_FOR_UID   2

Enumerations

enum  pkiObjectType {
  pkiObjectType_Certificate = 0, pkiObjectType_CRL = 1, pkiObjectType_PrivateKey = 2, pkiObjectType_PublicKey = 3,
  pkiObjectType_Certificate = 0, pkiObjectType_CRL = 1, pkiObjectType_PrivateKey = 2, pkiObjectType_PublicKey = 3
}

Functions

NSS_IMPLEMENT void nssPKIObject_Lock (nssPKIObject *object)
NSS_IMPLEMENT void nssPKIObject_Unlock (nssPKIObject *object)
NSS_IMPLEMENT PRStatus nssPKIObject_NewLock (nssPKIObject *object, nssPKILockType lockType)
NSS_IMPLEMENT void nssPKIObject_DestroyLock (nssPKIObject *object)
NSS_IMPLEMENT nssPKIObject * nssPKIObject_Create (NSSArena *arenaOpt, nssCryptokiObject *instanceOpt, NSSTrustDomain *td, NSSCryptoContext *cc, nssPKILockType lockType)
NSS_IMPLEMENT PRBool nssPKIObject_Destroy (nssPKIObject *object)
NSS_IMPLEMENT nssPKIObject * nssPKIObject_AddRef (nssPKIObject *object)
NSS_IMPLEMENT PRStatus nssPKIObject_AddInstance (nssPKIObject *object, nssCryptokiObject *instance)
NSS_IMPLEMENT PRBool nssPKIObject_HasInstance (nssPKIObject *object, nssCryptokiObject *instance)
NSS_IMPLEMENT PRStatus nssPKIObject_RemoveInstanceForToken (nssPKIObject *object, NSSToken *token)
NSS_IMPLEMENT PRStatus nssPKIObject_DeleteStoredObject (nssPKIObject *object, NSSCallback *uhh, PRBool isFriendly)
NSS_IMPLEMENT NSSToken ** nssPKIObject_GetTokens (nssPKIObject *object, PRStatus *statusOpt)
NSS_IMPLEMENT NSSUTF8nssPKIObject_GetNicknameForToken (nssPKIObject *object, NSSToken *tokenOpt)
NSS_IMPLEMENT nssCryptokiObject ** nssPKIObject_GetInstances (nssPKIObject *object)
NSS_IMPLEMENT void nssCertificateArray_Destroy (NSSCertificate **certs)
NSS_IMPLEMENT void NSSCertificateArray_Destroy (NSSCertificate **certs)
NSS_IMPLEMENT NSSCertificate ** nssCertificateArray_Join (NSSCertificate **certs1, NSSCertificate **certs2)
NSS_IMPLEMENT NSSCertificate * nssCertificateArray_FindBestCertificate (NSSCertificate **certs, NSSTime *timeOpt, const NSSUsage *usage, NSSPolicies *policiesOpt)
NSS_IMPLEMENT PRStatus nssCertificateArray_Traverse (NSSCertificate **certs, PRStatus(*callback)(NSSCertificate *c, void *arg), void *arg)
NSS_IMPLEMENT void nssCRLArray_Destroy (NSSCRL **crls)
static nssPKIObjectCollection * nssPKIObjectCollection_Create (NSSTrustDomain *td, NSSCryptoContext *ccOpt, nssPKILockType lockType)
NSS_IMPLEMENT void nssPKIObjectCollection_Destroy (nssPKIObjectCollection *collection)
NSS_IMPLEMENT PRUint32 nssPKIObjectCollection_Count (nssPKIObjectCollection *collection)
NSS_IMPLEMENT PRStatus nssPKIObjectCollection_AddObject (nssPKIObjectCollection *collection, nssPKIObject *object)
static pkiObjectCollectionNodefind_instance_in_collection (nssPKIObjectCollection *collection, nssCryptokiObject *instance)
static pkiObjectCollectionNodefind_object_in_collection (nssPKIObjectCollection *collection, NSSItem *uid)
static pkiObjectCollectionNodeadd_object_instance (nssPKIObjectCollection *collection, nssCryptokiObject *instance, PRBool *foundIt)
NSS_IMPLEMENT PRStatus nssPKIObjectCollection_AddInstances (nssPKIObjectCollection *collection, nssCryptokiObject **instances, PRUint32 numInstances)
static void nssPKIObjectCollection_RemoveNode (nssPKIObjectCollection *collection, pkiObjectCollectionNode *node)
static PRStatus nssPKIObjectCollection_GetObjects (nssPKIObjectCollection *collection, nssPKIObject **rvObjects, PRUint32 rvSize)
NSS_IMPLEMENT PRStatus nssPKIObjectCollection_Traverse (nssPKIObjectCollection *collection, nssPKIObjectCallback *callback)
NSS_IMPLEMENT PRStatus nssPKIObjectCollection_AddInstanceAsObject (nssPKIObjectCollection *collection, nssCryptokiObject *instance)
static void cert_destroyObject (nssPKIObject *o)
static PRStatus cert_getUIDFromObject (nssPKIObject *o, NSSItem *uid)
static PRStatus cert_getUIDFromInstance (nssCryptokiObject *instance, NSSItem *uid, NSSArena *arena)
static nssPKIObject * cert_createObject (nssPKIObject *o)
NSS_IMPLEMENT
nssPKIObjectCollection * 
nssCertificateCollection_Create (NSSTrustDomain *td, NSSCertificate **certsOpt)
NSS_IMPLEMENT NSSCertificate ** nssPKIObjectCollection_GetCertificates (nssPKIObjectCollection *collection, NSSCertificate **rvOpt, PRUint32 maximumOpt, NSSArena *arenaOpt)
static void crl_destroyObject (nssPKIObject *o)
static PRStatus crl_getUIDFromObject (nssPKIObject *o, NSSItem *uid)
static PRStatus crl_getUIDFromInstance (nssCryptokiObject *instance, NSSItem *uid, NSSArena *arena)
static nssPKIObject * crl_createObject (nssPKIObject *o)
NSS_IMPLEMENT
nssPKIObjectCollection * 
nssCRLCollection_Create (NSSTrustDomain *td, NSSCRL **crlsOpt)
NSS_IMPLEMENT NSSCRL ** nssPKIObjectCollection_GetCRLs (nssPKIObjectCollection *collection, NSSCRL **rvOpt, PRUint32 maximumOpt, NSSArena *arenaOpt)
NSS_IMPLEMENT NSSTime * NSSTime_Now (NSSTime *timeOpt)
NSS_IMPLEMENT NSSTime * NSSTime_SetPRTime (NSSTime *timeOpt, PRTime prTime)
NSS_IMPLEMENT PRTime NSSTime_GetPRTime (NSSTime *time)

Variables

const NSSError NSS_ERROR_NOT_FOUND

Class Documentation

struct pkiObjectCollectionNode

Definition at line 606 of file pkibase.c.

Class Members
PRBool haveObject
PRCList link
nssPKIObject * object
NSSItem uid

Define Documentation

Definition at line 599 of file pkibase.c.


Enumeration Type Documentation

Enumerator:
pkiObjectType_Certificate 
pkiObjectType_CRL 
pkiObjectType_PrivateKey 
pkiObjectType_PublicKey 
pkiObjectType_Certificate 
pkiObjectType_CRL 
pkiObjectType_PrivateKey 
pkiObjectType_PublicKey 

Definition at line 583 of file pkibase.c.


Function Documentation

static pkiObjectCollectionNode* add_object_instance ( nssPKIObjectCollection *  collection,
nssCryptokiObject *  instance,
PRBool foundIt 
) [static]

Definition at line 763 of file pkibase.c.

{
    PRUint32 i;
    PRStatus status;
    pkiObjectCollectionNode *node;
    nssArenaMark *mark = NULL;
    NSSItem uid[MAX_ITEMS_FOR_UID];
    nsslibc_memset(uid, 0, sizeof uid);
    /* The list is traversed twice, first (here) looking to match the
     * { token, handle } tuple, and if that is not found, below a search
     * for unique identifier is done.  Here, a match means this exact object
     * instance is already in the collection, and we have nothing to do.
     */
    *foundIt = PR_FALSE;
    node = find_instance_in_collection(collection, instance);
    if (node) {
       /* The collection is assumed to take over the instance.  Since we
        * are not using it, it must be destroyed.
        */
       nssCryptokiObject_Destroy(instance);
       *foundIt = PR_TRUE;
       return node;
    }
    mark = nssArena_Mark(collection->arena);
    if (!mark) {
       goto loser;
    }
    status = (*collection->getUIDFromInstance)(instance, uid, 
                                               collection->arena);
    if (status != PR_SUCCESS) {
       goto loser;
    }
    /* Search for unique identifier.  A match here means the object exists 
     * in the collection, but does not have this instance, so the instance 
     * needs to be added.
     */
    node = find_object_in_collection(collection, uid);
    if (node) {
       /* This is an object with multiple instances */
       status = nssPKIObject_AddInstance(node->object, instance);
    } else {
       /* This is a completely new object.  Create a node for it. */
       node = nss_ZNEW(collection->arena, pkiObjectCollectionNode);
       if (!node) {
           goto loser;
       }
       node->object = nssPKIObject_Create(NULL, instance, 
                                          collection->td, collection->cc,
                                           collection->lockType);
       if (!node->object) {
           goto loser;
       }
       for (i=0; i<MAX_ITEMS_FOR_UID; i++) {
           node->uid[i] = uid[i];
       }
       node->haveObject = PR_FALSE;
       PR_INIT_CLIST(&node->link);
       PR_INSERT_BEFORE(&node->link, &collection->head);
       collection->size++;
       status = PR_SUCCESS;
    }
    nssArena_Unmark(collection->arena, mark);
    return node;
loser:
    if (mark) {
       nssArena_Release(collection->arena, mark);
    }
    nssCryptokiObject_Destroy(instance);
    return (pkiObjectCollectionNode *)NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nssPKIObject* cert_createObject ( nssPKIObject *  o) [static]

Definition at line 1048 of file pkibase.c.

{
    NSSCertificate *cert;
    cert = nssCertificate_Create(o);
/*    if (STAN_GetCERTCertificate(cert) == NULL) {
       nssCertificate_Destroy(cert);
       return (nssPKIObject *)NULL;
    } */
    /* In 3.4, have to maintain uniqueness of cert pointers by caching all
     * certs.  Cache the cert here, before returning.  If it is already
     * cached, take the cached entry.
     */
    {
       NSSTrustDomain *td = o->trustDomain;
       nssTrustDomain_AddCertsToCache(td, &cert, 1);
    }
    return (nssPKIObject *)cert;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void cert_destroyObject ( nssPKIObject *  o) [static]

Definition at line 996 of file pkibase.c.

{
    NSSCertificate *c = (NSSCertificate *)o;
    if (c->decoding) {
       CERTCertificate *cc = STAN_GetCERTCertificate(c);
       if (cc) {
           CERT_DestroyCertificate(cc);
           return;
       } /* else destroy it as NSSCertificate below */
    }
    nssCertificate_Destroy(c);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRStatus cert_getUIDFromInstance ( nssCryptokiObject *  instance,
NSSItem *  uid,
NSSArena *  arena 
) [static]

Definition at line 1028 of file pkibase.c.

{
    /* The builtins are still returning decoded serial numbers.  Until
     * this compatibility issue is resolved, use the full DER of the
     * cert to uniquely identify it.
     */
    uid[1].data = NULL; uid[1].size = 0;
    return nssCryptokiCertificate_GetAttributes(instance,
                                                NULL,  /* XXX sessionOpt */
                                                arena, /* arena    */
                                                NULL,  /* type     */
                                                NULL,  /* id       */
                                                &uid[0], /* encoding */
                                                NULL,  /* issuer   */
                                                NULL,  /* serial   */
                                                NULL);  /* subject  */
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRStatus cert_getUIDFromObject ( nssPKIObject *  o,
NSSItem *  uid 
) [static]

Definition at line 1010 of file pkibase.c.

{
    NSSCertificate *c = (NSSCertificate *)o;
    /* The builtins are still returning decoded serial numbers.  Until
     * this compatibility issue is resolved, use the full DER of the
     * cert to uniquely identify it.
     */
    NSSDER *derCert;
    derCert = nssCertificate_GetEncoding(c);
    uid[0].data = NULL; uid[0].size = 0;
    uid[1].data = NULL; uid[1].size = 0;
    if (derCert != NULL) {
       uid[0] = *derCert;
    }
    return PR_SUCCESS;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nssPKIObject* crl_createObject ( nssPKIObject *  o) [static]

Definition at line 1165 of file pkibase.c.

{
    return (nssPKIObject *)nssCRL_Create(o);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void crl_destroyObject ( nssPKIObject *  o) [static]

Definition at line 1133 of file pkibase.c.

{
    NSSCRL *crl = (NSSCRL *)o;
    nssCRL_Destroy(crl);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRStatus crl_getUIDFromInstance ( nssCryptokiObject *  instance,
NSSItem *  uid,
NSSArena *  arena 
) [static]

Definition at line 1151 of file pkibase.c.

{
    return nssCryptokiCRL_GetAttributes(instance,
                                        NULL,    /* XXX sessionOpt */
                                        arena,   /* arena    */
                                        &uid[0], /* encoding */
                                        NULL,    /* subject  */
                                        NULL,    /* class    */
                                        NULL,    /* url      */
                                        NULL);   /* isKRL    */
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRStatus crl_getUIDFromObject ( nssPKIObject *  o,
NSSItem *  uid 
) [static]

Definition at line 1140 of file pkibase.c.

{
    NSSCRL *crl = (NSSCRL *)o;
    NSSDER *encoding;
    encoding = nssCRL_GetEncoding(crl);
    uid[0] = *encoding;
    uid[1].data = NULL; uid[1].size = 0;
    return PR_SUCCESS;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static pkiObjectCollectionNode* find_instance_in_collection ( nssPKIObjectCollection *  collection,
nssCryptokiObject *  instance 
) [static]

Definition at line 718 of file pkibase.c.

{
    PRCList *link;
    pkiObjectCollectionNode *node;
    link = PR_NEXT_LINK(&collection->head);
    while (link != &collection->head) {
       node = (pkiObjectCollectionNode *)link;
       if (nssPKIObject_HasInstance(node->object, instance)) {
           return node;
       }
       link = PR_NEXT_LINK(link);
    }
    return (pkiObjectCollectionNode *)NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static pkiObjectCollectionNode* find_object_in_collection ( nssPKIObjectCollection *  collection,
NSSItem *  uid 
) [static]

Definition at line 737 of file pkibase.c.

{
    PRUint32 i;
    PRStatus status;
    PRCList *link;
    pkiObjectCollectionNode *node;
    link = PR_NEXT_LINK(&collection->head);
    while (link != &collection->head) {
       node = (pkiObjectCollectionNode *)link;
       for (i=0; i<MAX_ITEMS_FOR_UID; i++) {
           if (!nssItem_Equal(&node->uid[i], &uid[i], &status)) {
              break;
           }
       }
       if (i == MAX_ITEMS_FOR_UID) {
           return node;
       }
       link = PR_NEXT_LINK(link);
    }
    return (pkiObjectCollectionNode *)NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_IMPLEMENT void nssCertificateArray_Destroy ( NSSCertificate **  certs)

Definition at line 402 of file pkibase.c.

{
    if (certs) {
       NSSCertificate **certp;
       for (certp = certs; *certp; certp++) {
           if ((*certp)->decoding) {
              CERTCertificate *cc = STAN_GetCERTCertificate(*certp);
              if (cc) {
                  CERT_DestroyCertificate(cc);
              }
              continue;
           }
           nssCertificate_Destroy(*certp);
       }
       nss_ZFreeIf(certs);
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT void NSSCertificateArray_Destroy ( NSSCertificate **  certs)

Definition at line 423 of file pkibase.c.

Here is the call graph for this function:

NSS_IMPLEMENT NSSCertificate* nssCertificateArray_FindBestCertificate ( NSSCertificate **  certs,
NSSTime *  timeOpt,
const NSSUsage *  usage,
NSSPolicies *  policiesOpt 
)

Definition at line 464 of file pkibase.c.

{
    NSSCertificate *bestCert = NULL;
    NSSTime *time, sTime;
    PRBool haveUsageMatch = PR_FALSE;
    PRBool thisCertMatches;

    if (timeOpt) {
       time = timeOpt;
    } else {
       NSSTime_Now(&sTime);
       time = &sTime;
    }
    if (!certs) {
       return (NSSCertificate *)NULL;
    }
    for (; *certs; certs++) {
       nssDecodedCert *dc, *bestdc;
       NSSCertificate *c = *certs;
       dc = nssCertificate_GetDecoding(c);
       if (!dc) continue;
       thisCertMatches = dc->matchUsage(dc, usage);
       if (!bestCert) {
           /* always take the first cert, but remember whether or not
            * the usage matched 
            */
           bestCert = nssCertificate_AddRef(c);
           haveUsageMatch = thisCertMatches;
           continue;
       } else {
           if (haveUsageMatch && !thisCertMatches) {
              /* if already have a cert for this usage, and if this cert 
               * doesn't have the correct usage, continue
               */
              continue;
           } else if (!haveUsageMatch && thisCertMatches) {
              /* this one does match usage, replace the other */
              nssCertificate_Destroy(bestCert);
              bestCert = nssCertificate_AddRef(c);
              haveUsageMatch = PR_TRUE;
              continue;
           }
           /* this cert match as well as any cert we've found so far, 
            * defer to time/policies 
            * */
       }
       bestdc = nssCertificate_GetDecoding(bestCert);
       /* time */
       if (bestdc->isValidAtTime(bestdc, time)) {
           /* The current best cert is valid at time */
           if (!dc->isValidAtTime(dc, time)) {
              /* If the new cert isn't valid at time, it's not better */
              continue;
           }
       } else {
           /* The current best cert is not valid at time */
           if (dc->isValidAtTime(dc, time)) {
              /* If the new cert is valid at time, it's better */
              nssCertificate_Destroy(bestCert);
              bestCert = nssCertificate_AddRef(c);
           }
       }
       /* either they are both valid at time, or neither valid; 
        * take the newer one
        */
       if (!bestdc->isNewerThan(bestdc, dc)) {
           nssCertificate_Destroy(bestCert);
           bestCert = nssCertificate_AddRef(c);
       }
       /* policies */
       /* XXX later -- defer to policies */
    }
    return bestCert;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCertificate** nssCertificateArray_Join ( NSSCertificate **  certs1,
NSSCertificate **  certs2 
)

Definition at line 431 of file pkibase.c.

{
    if (certs1 && certs2) {
       NSSCertificate **certs, **cp;
       PRUint32 count = 0;
       PRUint32 count1 = 0;
       cp = certs1;
       while (*cp++) count1++;
       count = count1;
       cp = certs2;
       while (*cp++) count++;
       certs = nss_ZREALLOCARRAY(certs1, NSSCertificate *, count + 1);
       if (!certs) {
           nss_ZFreeIf(certs1);
           nss_ZFreeIf(certs2);
           return (NSSCertificate **)NULL;
       }
       for (cp = certs2; *cp; cp++, count1++) {
           certs[count1] = *cp;
       }
       nss_ZFreeIf(certs2);
       return certs;
    } else if (certs1) {
       return certs1;
    } else {
       return certs2;
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssCertificateArray_Traverse ( NSSCertificate **  certs,
PRStatus(*)(NSSCertificate *c, void *arg callback,
void arg 
)

Definition at line 545 of file pkibase.c.

{
    PRStatus status = PR_SUCCESS;
    if (certs) {
       NSSCertificate **certp;
       for (certp = certs; *certp; certp++) {
           status = (*callback)(*certp, arg);
           if (status != PR_SUCCESS) {
              break;
           }
       }
    }
    return status;
}
NSS_IMPLEMENT nssPKIObjectCollection* nssCertificateCollection_Create ( NSSTrustDomain *  td,
NSSCertificate **  certsOpt 
)

Definition at line 1068 of file pkibase.c.

{
    PRStatus status;
    nssPKIObjectCollection *collection;
    collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor);
    collection->objectType = pkiObjectType_Certificate;
    collection->destroyObject = cert_destroyObject;
    collection->getUIDFromObject = cert_getUIDFromObject;
    collection->getUIDFromInstance = cert_getUIDFromInstance;
    collection->createObject = cert_createObject;
    if (certsOpt) {
       for (; *certsOpt; certsOpt++) {
           nssPKIObject *object = (nssPKIObject *)(*certsOpt);
           status = nssPKIObjectCollection_AddObject(collection, object);
       }
    }
    return collection;
}

Here is the caller graph for this function:

NSS_IMPLEMENT void nssCRLArray_Destroy ( NSSCRL **  crls)

Definition at line 566 of file pkibase.c.

{
    if (crls) {
       NSSCRL **crlp;
       for (crlp = crls; *crlp; crlp++) {
           nssCRL_Destroy(*crlp);
       }
       nss_ZFreeIf(crls);
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT nssPKIObjectCollection* nssCRLCollection_Create ( NSSTrustDomain *  td,
NSSCRL **  crlsOpt 
)

Definition at line 1171 of file pkibase.c.

{
    PRStatus status;
    nssPKIObjectCollection *collection;
    collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock);
    collection->objectType = pkiObjectType_CRL;
    collection->destroyObject = crl_destroyObject;
    collection->getUIDFromObject = crl_getUIDFromObject;
    collection->getUIDFromInstance = crl_getUIDFromInstance;
    collection->createObject = crl_createObject;
    if (crlsOpt) {
       for (; *crlsOpt; crlsOpt++) {
           nssPKIObject *object = (nssPKIObject *)(*crlsOpt);
           status = nssPKIObjectCollection_AddObject(collection, object);
       }
    }
    return collection;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssPKIObject_AddInstance ( nssPKIObject *  object,
nssCryptokiObject *  instance 
)

Definition at line 197 of file pkibase.c.

{
    nssPKIObject_Lock(object);
    if (object->numInstances == 0) {
       object->instances = nss_ZNEWARRAY(object->arena,
                                         nssCryptokiObject *,
                                         object->numInstances + 1);
    } else {
       PRUint32 i;
       for (i=0; i<object->numInstances; i++) {
           if (nssCryptokiObject_Equal(object->instances[i], instance)) {
              nssPKIObject_Unlock(object);
              if (instance->label) {
                  if (!object->instances[i]->label ||
                      !nssUTF8_Equal(instance->label,
                                     object->instances[i]->label, NULL))
                  {
                     /* Either the old instance did not have a label,
                      * or the label has changed.
                      */
                     nss_ZFreeIf(object->instances[i]->label);
                     object->instances[i]->label = instance->label;
                     instance->label = NULL;
                  }
              } else if (object->instances[i]->label) {
                  /* The old label was removed */
                  nss_ZFreeIf(object->instances[i]->label);
                  object->instances[i]->label = NULL;
              }
              nssCryptokiObject_Destroy(instance);
              return PR_SUCCESS;
           }
       }
       object->instances = nss_ZREALLOCARRAY(object->instances,
                                             nssCryptokiObject *,
                                             object->numInstances + 1);
    }
    if (!object->instances) {
       nssPKIObject_Unlock(object);
       return PR_FAILURE;
    }
    object->instances[object->numInstances++] = instance;
    nssPKIObject_Unlock(object);
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_IMPLEMENT nssPKIObject* nssPKIObject_AddRef ( nssPKIObject *  object)

Definition at line 188 of file pkibase.c.

{
    PR_AtomicIncrement(&object->refCount);
    return object;
}

Here is the caller graph for this function:

NSS_IMPLEMENT nssPKIObject* nssPKIObject_Create ( NSSArena *  arenaOpt,
nssCryptokiObject *  instanceOpt,
NSSTrustDomain *  td,
NSSCryptoContext *  cc,
nssPKILockType  lockType 
)

Definition at line 120 of file pkibase.c.

{
    NSSArena *arena;
    nssArenaMark *mark = NULL;
    nssPKIObject *object;
    if (arenaOpt) {
       arena = arenaOpt;
       mark = nssArena_Mark(arena);
    } else {
       arena = nssArena_Create();
       if (!arena) {
           return (nssPKIObject *)NULL;
       }
    }
    object = nss_ZNEW(arena, nssPKIObject);
    if (!object) {
       goto loser;
    }
    object->arena = arena;
    object->trustDomain = td; /* XXX */
    object->cryptoContext = cc;
    if (PR_SUCCESS != nssPKIObject_NewLock(object, lockType)) {
       goto loser;
    }
    if (instanceOpt) {
       if (nssPKIObject_AddInstance(object, instanceOpt) != PR_SUCCESS) {
           goto loser;
       }
    }
    PR_AtomicIncrement(&object->refCount);
    if (mark) {
       nssArena_Unmark(arena, mark);
    }
    return object;
loser:
    if (mark) {
       nssArena_Release(arena, mark);
    } else {
       nssArena_Destroy(arena);
    }
    return (nssPKIObject *)NULL;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssPKIObject_DeleteStoredObject ( nssPKIObject *  object,
NSSCallback *  uhh,
PRBool  isFriendly 
)

Definition at line 305 of file pkibase.c.

{
    PRUint32 i, numNotDestroyed;
    PRStatus status = PR_SUCCESS;
    numNotDestroyed = 0;
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
       nssCryptokiObject *instance = object->instances[i];
       status = nssToken_DeleteStoredObject(instance);
       object->instances[i] = NULL;
       if (status == PR_SUCCESS) {
           nssCryptokiObject_Destroy(instance);
       } else {
           object->instances[numNotDestroyed++] = instance;
       }
    }
    if (numNotDestroyed == 0) {
       nss_ZFreeIf(object->instances);
       object->numInstances = 0;
    } else {
       object->numInstances = numNotDestroyed;
    }
    nssPKIObject_Unlock(object);
    return status;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRBool nssPKIObject_Destroy ( nssPKIObject *  object)

Definition at line 170 of file pkibase.c.

{
    PRUint32 i;
    PR_ASSERT(object->refCount > 0);
    if (PR_AtomicDecrement(&object->refCount) == 0) {
       for (i=0; i<object->numInstances; i++) {
           nssCryptokiObject_Destroy(object->instances[i]);
       }
       nssPKIObject_DestroyLock(object);
       nssArena_Destroy(object->arena);
       return PR_TRUE;
    }
    return PR_FALSE;
}

Here is the caller graph for this function:

NSS_IMPLEMENT void nssPKIObject_DestroyLock ( nssPKIObject *  object)

Definition at line 101 of file pkibase.c.

{
    switch (object->lockType) {
    case nssPKIMonitor:
        PZ_DestroyMonitor(object->sync.mlock);
        object->sync.mlock = NULL;
        break;
    case nssPKILock:
        PZ_DestroyLock(object->sync.lock);
        object->sync.lock = NULL;
        break;
    default:
        PORT_Assert(0);
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT nssCryptokiObject** nssPKIObject_GetInstances ( nssPKIObject *  object)

Definition at line 380 of file pkibase.c.

{
    nssCryptokiObject **instances = NULL;
    PRUint32 i;
    if (object->numInstances == 0) {
       return (nssCryptokiObject **)NULL;
    }
    nssPKIObject_Lock(object);
    instances = nss_ZNEWARRAY(NULL, nssCryptokiObject *, 
                              object->numInstances + 1);
    if (instances) {
       for (i=0; i<object->numInstances; i++) {
           instances[i] = nssCryptokiObject_Clone(object->instances[i]);
       }
    }
    nssPKIObject_Unlock(object);
    return instances;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_IMPLEMENT NSSUTF8* nssPKIObject_GetNicknameForToken ( nssPKIObject *  object,
NSSToken *  tokenOpt 
)

Definition at line 358 of file pkibase.c.

{
    PRUint32 i;
    NSSUTF8 *nickname = NULL;
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
       if ((!tokenOpt && object->instances[i]->label) ||
           (object->instances[i]->token == tokenOpt)) 
       {
            /* XXX should be copy? safe as long as caller has reference */
           nickname = object->instances[i]->label; 
           break;
       }
    }
    nssPKIObject_Unlock(object);
    return nickname;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSToken** nssPKIObject_GetTokens ( nssPKIObject *  object,
PRStatus statusOpt 
)

Definition at line 336 of file pkibase.c.

{
    NSSToken **tokens = NULL;
    nssPKIObject_Lock(object);
    if (object->numInstances > 0) {
       tokens = nss_ZNEWARRAY(NULL, NSSToken *, object->numInstances + 1);
       if (tokens) {
           PRUint32 i;
           for (i=0; i<object->numInstances; i++) {
              tokens[i] = nssToken_AddRef(object->instances[i]->token);
           }
       }
    }
    nssPKIObject_Unlock(object);
    if (statusOpt) *statusOpt = PR_SUCCESS; /* until more logic here */
    return tokens;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRBool nssPKIObject_HasInstance ( nssPKIObject *  object,
nssCryptokiObject *  instance 
)

Definition at line 247 of file pkibase.c.

{
    PRUint32 i;
    PRBool hasIt = PR_FALSE;;
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
       if (nssCryptokiObject_Equal(object->instances[i], instance)) {
           hasIt = PR_TRUE;
           break;
       }
    }
    nssPKIObject_Unlock(object);
    return hasIt;
}

Here is the caller graph for this function:

NSS_IMPLEMENT void nssPKIObject_Lock ( nssPKIObject *  object)

Definition at line 54 of file pkibase.c.

{
    switch (object->lockType) {
    case nssPKIMonitor:
        PZ_EnterMonitor(object->sync.mlock);
        break;
    case nssPKILock:
        PZ_Lock(object->sync.lock);
        break;
    default:
        PORT_Assert(0);
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssPKIObject_NewLock ( nssPKIObject *  object,
nssPKILockType  lockType 
)

Definition at line 84 of file pkibase.c.

{
    object->lockType = lockType;
    switch (lockType) {
    case nssPKIMonitor:
        object->sync.mlock = PZ_NewMonitor(nssILockSSL);
        return (object->sync.mlock ? PR_SUCCESS : PR_FAILURE);
    case nssPKILock:
        object->sync.lock = PZ_NewLock(nssILockSSL);
        return (object->sync.lock ? PR_SUCCESS : PR_FAILURE);
    default:
        PORT_Assert(0);
        return PR_FAILURE;
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssPKIObject_RemoveInstanceForToken ( nssPKIObject *  object,
NSSToken *  token 
)

Definition at line 266 of file pkibase.c.

{
    PRUint32 i;
    nssCryptokiObject *instanceToRemove = NULL;
    nssPKIObject_Lock(object);
    if (object->numInstances == 0) {
       nssPKIObject_Unlock(object);
       return PR_SUCCESS;
    }
    for (i=0; i<object->numInstances; i++) {
       if (object->instances[i]->token == token) {
           instanceToRemove = object->instances[i];
           object->instances[i] = object->instances[object->numInstances-1];
           object->instances[object->numInstances-1] = NULL;
           break;
       }
    }
    if (--object->numInstances > 0) {
       nssCryptokiObject **instances = nss_ZREALLOCARRAY(object->instances,
                                             nssCryptokiObject *,
                                             object->numInstances);
       if (instances) {
           object->instances = instances;
       }
    } else {
       nss_ZFreeIf(object->instances);
    }
    nssCryptokiObject_Destroy(instanceToRemove);
    nssPKIObject_Unlock(object);
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_IMPLEMENT void nssPKIObject_Unlock ( nssPKIObject *  object)

Definition at line 69 of file pkibase.c.

{
    switch (object->lockType) {
    case nssPKIMonitor:
        PZ_ExitMonitor(object->sync.mlock);
        break;
    case nssPKILock:
        PZ_Unlock(object->sync.lock);
        break;
    default:
        PORT_Assert(0);
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssPKIObjectCollection_AddInstanceAsObject ( nssPKIObjectCollection *  collection,
nssCryptokiObject *  instance 
)

Definition at line 958 of file pkibase.c.

{
    pkiObjectCollectionNode *node;
    PRBool foundIt;
    node = add_object_instance(collection, instance, &foundIt);
    if (node == NULL) {
       return PR_FAILURE;
    }
    if (!node->haveObject) {
       node->object = (*collection->createObject)(node->object);
       if (!node->object) {
           /*remove bogus object from list*/
           nssPKIObjectCollection_RemoveNode(collection,node);
           return PR_FAILURE;
       }
       node->haveObject = PR_TRUE;
    } else if (!foundIt) {
       /* The instance was added to a pre-existing node.  This
        * function is *only* being used for certificates, and having
        * multiple instances of certs in 3.X requires updating the
        * CERTCertificate.
        * But only do it if it was a new instance!!!  If the same instance
        * is encountered, we set *foundIt to true.  Detect that here and
        * ignore it.
        */
       STAN_ForceCERTCertificateUpdate((NSSCertificate *)node->object);
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssPKIObjectCollection_AddInstances ( nssPKIObjectCollection *  collection,
nssCryptokiObject **  instances,
PRUint32  numInstances 
)

Definition at line 839 of file pkibase.c.

{
    PRStatus status = PR_SUCCESS;
    PRUint32 i = 0;
    PRBool foundIt;
    pkiObjectCollectionNode *node;
    if (instances) {
       for (; *instances; instances++, i++) {
           if (numInstances > 0 && i == numInstances) {
              break;
           }
           if (status == PR_SUCCESS) {
              node = add_object_instance(collection, *instances, &foundIt);
              if (node == NULL) {
                  /* add_object_instance freed the current instance */
                  /* free the remaining instances */
                  status = PR_FAILURE;
              }
           } else {
              nssCryptokiObject_Destroy(*instances);
           }
       }
    }
    return status;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssPKIObjectCollection_AddObject ( nssPKIObjectCollection *  collection,
nssPKIObject *  object 
)

Definition at line 698 of file pkibase.c.

{
    pkiObjectCollectionNode *node;
    node = nss_ZNEW(collection->arena, pkiObjectCollectionNode);
    if (!node) {
       return PR_FAILURE;
    }
    node->haveObject = PR_TRUE;
    node->object = nssPKIObject_AddRef(object);
    (*collection->getUIDFromObject)(object, node->uid);
    PR_INIT_CLIST(&node->link);
    PR_INSERT_BEFORE(&node->link, &collection->head);
    collection->size++;
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRUint32 nssPKIObjectCollection_Count ( nssPKIObjectCollection *  collection)

Definition at line 690 of file pkibase.c.

{
    return collection->size;
}

Here is the caller graph for this function:

static nssPKIObjectCollection* nssPKIObjectCollection_Create ( NSSTrustDomain *  td,
NSSCryptoContext *  ccOpt,
nssPKILockType  lockType 
) [static]

Definition at line 638 of file pkibase.c.

{
    NSSArena *arena;
    nssPKIObjectCollection *rvCollection = NULL;
    arena = nssArena_Create();
    if (!arena) {
       return (nssPKIObjectCollection *)NULL;
    }
    rvCollection = nss_ZNEW(arena, nssPKIObjectCollection);
    if (!rvCollection) {
       goto loser;
    }
    PR_INIT_CLIST(&rvCollection->head);
    rvCollection->arena = arena;
    rvCollection->td = td; /* XXX */
    rvCollection->cc = ccOpt;
    rvCollection->lockType = lockType;
    return rvCollection;
loser:
    nssArena_Destroy(arena);
    return (nssPKIObjectCollection *)NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_IMPLEMENT void nssPKIObjectCollection_Destroy ( nssPKIObjectCollection *  collection)

Definition at line 666 of file pkibase.c.

{
    if (collection) {
       PRCList *link;
       pkiObjectCollectionNode *node;
       /* first destroy any objects in the collection */
       link = PR_NEXT_LINK(&collection->head);
       while (link != &collection->head) {
           node = (pkiObjectCollectionNode *)link;
           if (node->haveObject) {
              (*collection->destroyObject)(node->object);
           } else {
              nssPKIObject_Destroy(node->object);
           }
           link = PR_NEXT_LINK(link);
       }
       /* then destroy it */
       nssArena_Destroy(collection->arena);
    }
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCertificate** nssPKIObjectCollection_GetCertificates ( nssPKIObjectCollection *  collection,
NSSCertificate **  rvOpt,
PRUint32  maximumOpt,
NSSArena *  arenaOpt 
)

Definition at line 1091 of file pkibase.c.

{
    PRStatus status;
    PRUint32 rvSize;
    PRBool allocated = PR_FALSE;
    if (collection->size == 0) {
       return (NSSCertificate **)NULL;
    }
    if (maximumOpt == 0) {
       rvSize = collection->size;
    } else {
       rvSize = PR_MIN(collection->size, maximumOpt);
    }
    if (!rvOpt) {
       rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, rvSize + 1);
       if (!rvOpt) {
           return (NSSCertificate **)NULL;
       }
       allocated = PR_TRUE;
    }
    status = nssPKIObjectCollection_GetObjects(collection, 
                                               (nssPKIObject **)rvOpt, 
                                               rvSize);
    if (status != PR_SUCCESS) {
       if (allocated) {
           nss_ZFreeIf(rvOpt);
       }
       return (NSSCertificate **)NULL;
    }
    return rvOpt;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSCRL** nssPKIObjectCollection_GetCRLs ( nssPKIObjectCollection *  collection,
NSSCRL **  rvOpt,
PRUint32  maximumOpt,
NSSArena *  arenaOpt 
)

Definition at line 1194 of file pkibase.c.

{
    PRStatus status;
    PRUint32 rvSize;
    PRBool allocated = PR_FALSE;
    if (collection->size == 0) {
       return (NSSCRL **)NULL;
    }
    if (maximumOpt == 0) {
       rvSize = collection->size;
    } else {
       rvSize = PR_MIN(collection->size, maximumOpt);
    }
    if (!rvOpt) {
       rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCRL *, rvSize + 1);
       if (!rvOpt) {
           return (NSSCRL **)NULL;
       }
       allocated = PR_TRUE;
    }
    status = nssPKIObjectCollection_GetObjects(collection, 
                                               (nssPKIObject **)rvOpt, 
                                               rvSize);
    if (status != PR_SUCCESS) {
       if (allocated) {
           nss_ZFreeIf(rvOpt);
       }
       return (NSSCRL **)NULL;
    }
    return rvOpt;
}

Here is the caller graph for this function:

static PRStatus nssPKIObjectCollection_GetObjects ( nssPKIObjectCollection *  collection,
nssPKIObject **  rvObjects,
PRUint32  rvSize 
) [static]

Definition at line 880 of file pkibase.c.

{
    PRUint32 i = 0;
    PRCList *link = PR_NEXT_LINK(&collection->head);
    pkiObjectCollectionNode *node;
    int error=0;
    while ((i < rvSize) && (link != &collection->head)) {
       node = (pkiObjectCollectionNode *)link;
       if (!node->haveObject) {
           /* Convert the proto-object to an object */
           node->object = (*collection->createObject)(node->object);
           if (!node->object) {
              link = PR_NEXT_LINK(link);
              /*remove bogus object from list*/
              nssPKIObjectCollection_RemoveNode(collection,node);
              error++;
              continue;
           }
           node->haveObject = PR_TRUE;
       }
       rvObjects[i++] = nssPKIObject_AddRef(node->object);
       link = PR_NEXT_LINK(link);
    }
    if (!error && *rvObjects == NULL) {
       nss_SetError(NSS_ERROR_NOT_FOUND);
    }
    return PR_SUCCESS;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void nssPKIObjectCollection_RemoveNode ( nssPKIObjectCollection *  collection,
pkiObjectCollectionNode node 
) [static]

Definition at line 870 of file pkibase.c.

{
    PR_REMOVE_LINK(&node->link); 
    collection->size--;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRStatus nssPKIObjectCollection_Traverse ( nssPKIObjectCollection *  collection,
nssPKIObjectCallback callback 
)

Definition at line 914 of file pkibase.c.

{
    PRStatus status;
    PRCList *link = PR_NEXT_LINK(&collection->head);
    pkiObjectCollectionNode *node;
    while (link != &collection->head) {
       node = (pkiObjectCollectionNode *)link;
       if (!node->haveObject) {
           node->object = (*collection->createObject)(node->object);
           if (!node->object) {
              link = PR_NEXT_LINK(link);
              /*remove bogus object from list*/
              nssPKIObjectCollection_RemoveNode(collection,node);
              continue;
           }
           node->haveObject = PR_TRUE;
       }
       switch (collection->objectType) {
       case pkiObjectType_Certificate: 
           status = (*callback->func.cert)((NSSCertificate *)node->object, 
                                           callback->arg);
           break;
       case pkiObjectType_CRL: 
           status = (*callback->func.crl)((NSSCRL *)node->object, 
                                          callback->arg);
           break;
       case pkiObjectType_PrivateKey: 
           status = (*callback->func.pvkey)((NSSPrivateKey *)node->object, 
                                            callback->arg);
           break;
       case pkiObjectType_PublicKey: 
           status = (*callback->func.pbkey)((NSSPublicKey *)node->object, 
                                            callback->arg);
           break;
       }
       link = PR_NEXT_LINK(link);
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_IMPLEMENT PRTime NSSTime_GetPRTime ( NSSTime *  time)

Definition at line 1255 of file pkibase.c.

{
  return time->prTime;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSTime* NSSTime_Now ( NSSTime *  timeOpt)

Definition at line 1235 of file pkibase.c.

{
    return NSSTime_SetPRTime(timeOpt, PR_Now());
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSTime* NSSTime_SetPRTime ( NSSTime *  timeOpt,
PRTime  prTime 
)

Definition at line 1243 of file pkibase.c.

{
    NSSTime *rvTime;
    rvTime = (timeOpt) ? timeOpt : nss_ZNEW(NULL, NSSTime);
    rvTime->prTime = prTime;
    return rvTime;
}

Here is the caller graph for this function:


Variable Documentation

Definition at line 80 of file errorval.c.