Back to index

lightning-sunbird  0.9+nobinonly
Functions
pkim.h File Reference
#include "base.h"
#include "pki.h"
#include "pkitm.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

PR_BEGIN_EXTERN_C NSS_EXTERN void nssPKIObject_Lock (nssPKIObject *object)
NSS_EXTERN void nssPKIObject_Unlock (nssPKIObject *object)
NSS_EXTERN PRStatus nssPKIObject_NewLock (nssPKIObject *object, nssPKILockType lockType)
NSS_EXTERN void nssPKIObject_DestroyLock (nssPKIObject *object)
NSS_EXTERN nssPKIObject * nssPKIObject_Create (NSSArena *arenaOpt, nssCryptokiObject *instanceOpt, NSSTrustDomain *td, NSSCryptoContext *ccOpt, nssPKILockType lockType)
NSS_EXTERN nssPKIObject * nssPKIObject_AddRef (nssPKIObject *object)
NSS_EXTERN PRBool nssPKIObject_Destroy (nssPKIObject *object)
NSS_EXTERN PRStatus nssPKIObject_AddInstance (nssPKIObject *object, nssCryptokiObject *instance)
NSS_EXTERN PRBool nssPKIObject_HasInstance (nssPKIObject *object, nssCryptokiObject *instance)
NSS_EXTERN NSSToken ** nssPKIObject_GetTokens (nssPKIObject *object, PRStatus *statusOpt)
NSS_EXTERN NSSUTF8nssPKIObject_GetNicknameForToken (nssPKIObject *object, NSSToken *tokenOpt)
NSS_EXTERN PRStatus nssPKIObject_RemoveInstanceForToken (nssPKIObject *object, NSSToken *token)
NSS_EXTERN PRStatus nssPKIObject_DeleteStoredObject (nssPKIObject *object, NSSCallback *uhh, PRBool isFriendly)
NSS_EXTERN nssCryptokiObject ** nssPKIObject_GetInstances (nssPKIObject *object)
NSS_EXTERN NSSCertificate ** nssTrustDomain_FindCertificatesByID (NSSTrustDomain *td, NSSItem *id, NSSCertificate **rvOpt, PRUint32 maximumOpt, NSSArena *arenaOpt)
NSS_EXTERN NSSCRL ** nssTrustDomain_FindCRLsBySubject (NSSTrustDomain *td, NSSDER *subject)
NSS_EXTERN NSSCryptoContext * nssCryptoContext_Create (NSSTrustDomain *td, NSSCallback *uhhOpt)
NSS_EXTERN NSSCertificate * nssCertificate_Create (nssPKIObject *object)
NSS_EXTERN PRStatus nssCertificate_SetCertTrust (NSSCertificate *c, NSSTrust *trust)
NSS_EXTERN nssDecodedCert * nssCertificate_GetDecoding (NSSCertificate *c)
PRIntn nssCertificate_SubjectListSort (void *v1, void *v2)
NSS_EXTERN nssDecodedCert * nssDecodedCert_Create (NSSArena *arenaOpt, NSSDER *encoding, NSSCertificateType type)
NSS_EXTERN PRStatus nssDecodedCert_Destroy (nssDecodedCert *dc)
NSS_EXTERN NSSTrust * nssTrust_Create (nssPKIObject *object, NSSItem *certData)
NSS_EXTERN NSSCRL * nssCRL_Create (nssPKIObject *object)
NSS_EXTERN NSSCRL * nssCRL_AddRef (NSSCRL *crl)
NSS_EXTERN PRStatus nssCRL_Destroy (NSSCRL *crl)
NSS_EXTERN PRStatus nssCRL_DeleteStoredObject (NSSCRL *crl, NSSCallback *uhh)
NSS_EXTERN NSSPrivateKey * nssPrivateKey_Create (nssPKIObject *o)
NSS_EXTERN NSSDERnssCRL_GetEncoding (NSSCRL *crl)
NSS_EXTERN NSSPublicKey * nssPublicKey_Create (nssPKIObject *object)
NSS_EXTERN void nssCertificateArray_Destroy (NSSCertificate **certs)
NSS_EXTERN NSSCertificate ** nssCertificateArray_Join (NSSCertificate **certs1, NSSCertificate **certs2)
NSS_EXTERN NSSCertificate * nssCertificateArray_FindBestCertificate (NSSCertificate **certs, NSSTime *timeOpt, const NSSUsage *usage, NSSPolicies *policiesOpt)
NSS_EXTERN PRStatus nssCertificateArray_Traverse (NSSCertificate **certs, PRStatus(*callback)(NSSCertificate *c, void *arg), void *arg)
NSS_EXTERN void nssCRLArray_Destroy (NSSCRL **crls)
NSS_EXTERN nssPKIObjectCollection * nssCertificateCollection_Create (NSSTrustDomain *td, NSSCertificate **certsOpt)
NSS_EXTERN nssPKIObjectCollection * nssCRLCollection_Create (NSSTrustDomain *td, NSSCRL **crlsOpt)
NSS_EXTERN nssPKIObjectCollection * nssPrivateKeyCollection_Create (NSSTrustDomain *td, NSSPrivateKey **pvkOpt)
NSS_EXTERN nssPKIObjectCollection * nssPublicKeyCollection_Create (NSSTrustDomain *td, NSSPublicKey **pvkOpt)
NSS_EXTERN void nssPKIObjectCollection_Destroy (nssPKIObjectCollection *collection)
NSS_EXTERN PRUint32 nssPKIObjectCollection_Count (nssPKIObjectCollection *collection)
NSS_EXTERN PRStatus nssPKIObjectCollection_AddObject (nssPKIObjectCollection *collection, nssPKIObject *object)
NSS_EXTERN PRStatus nssPKIObjectCollection_AddInstances (nssPKIObjectCollection *collection, nssCryptokiObject **instances, PRUint32 numInstances)
NSS_EXTERN PRStatus nssPKIObjectCollection_Traverse (nssPKIObjectCollection *collection, nssPKIObjectCallback *callback)
NSS_EXTERN PRStatus nssPKIObjectCollection_AddInstanceAsObject (nssPKIObjectCollection *collection, nssCryptokiObject *instance)
NSS_EXTERN NSSCertificate ** nssPKIObjectCollection_GetCertificates (nssPKIObjectCollection *collection, NSSCertificate **rvOpt, PRUint32 maximumOpt, NSSArena *arenaOpt)
NSS_EXTERN NSSCRL ** nssPKIObjectCollection_GetCRLs (nssPKIObjectCollection *collection, NSSCRL **rvOpt, PRUint32 maximumOpt, NSSArena *arenaOpt)
NSS_EXTERN NSSPrivateKey ** nssPKIObjectCollection_GetPrivateKeys (nssPKIObjectCollection *collection, NSSPrivateKey **rvOpt, PRUint32 maximumOpt, NSSArena *arenaOpt)
NSS_EXTERN NSSPublicKey ** nssPKIObjectCollection_GetPublicKeys (nssPKIObjectCollection *collection, NSSPublicKey **rvOpt, PRUint32 maximumOpt, NSSArena *arenaOpt)
NSS_EXTERN NSSTime * NSSTime_Now (NSSTime *timeOpt)
NSS_EXTERN NSSTime * NSSTime_SetPRTime (NSSTime *timeOpt, PRTime prTime)
NSS_EXTERN PRTime NSSTime_GetPRTime (NSSTime *time)
NSS_EXTERN nssHash * nssHash_CreateCertificate (NSSArena *arenaOpt, PRUint32 numBuckets)
NSS_EXTERN PRStatus nssTrustDomain_InitializeCache (NSSTrustDomain *td, PRUint32 cacheSize)
NSS_EXTERN PRStatus nssTrustDomain_AddCertsToCache (NSSTrustDomain *td, NSSCertificate **certs, PRUint32 numCerts)
NSS_EXTERN void nssTrustDomain_RemoveCertFromCacheLOCKED (NSSTrustDomain *td, NSSCertificate *cert)
NSS_EXTERN void nssTrustDomain_LockCertCache (NSSTrustDomain *td)
NSS_EXTERN void nssTrustDomain_UnlockCertCache (NSSTrustDomain *td)
NSS_IMPLEMENT PRStatus nssTrustDomain_DestroyCache (NSSTrustDomain *td)
NSS_EXTERN PRStatus nssTrustDomain_RemoveTokenCertsFromCache (NSSTrustDomain *td, NSSToken *token)
NSS_EXTERN PRStatus nssTrustDomain_UpdateCachedTokenCerts (NSSTrustDomain *td, NSSToken *token)
NSS_EXTERN NSSCertificate ** nssTrustDomain_GetCertsForNicknameFromCache (NSSTrustDomain *td, NSSUTF8 *nickname, nssList *certListOpt)
NSS_EXTERN NSSCertificate ** nssTrustDomain_GetCertsForEmailAddressFromCache (NSSTrustDomain *td, NSSASCII7 *email, nssList *certListOpt)
NSS_EXTERN NSSCertificate ** nssTrustDomain_GetCertsForSubjectFromCache (NSSTrustDomain *td, NSSDER *subject, nssList *certListOpt)
NSS_EXTERN NSSCertificate * nssTrustDomain_GetCertForIssuerAndSNFromCache (NSSTrustDomain *td, NSSDER *issuer, NSSDER *serialNum)
NSS_EXTERN NSSCertificate * nssTrustDomain_GetCertByDERFromCache (NSSTrustDomain *td, NSSDER *der)
NSS_EXTERN NSSCertificate ** nssTrustDomain_GetCertsFromCache (NSSTrustDomain *td, nssList *certListOpt)
NSS_EXTERN void nssTrustDomain_DumpCacheInfo (NSSTrustDomain *td, void(*cert_dump_iter)(const void *, void *, void *), void *arg)
NSS_EXTERN void nssCertificateList_AddReferences (nssList *certList)

Function Documentation

NSS_EXTERN NSSCertificate* nssCertificate_Create ( nssPKIObject *  object)

Definition at line 71 of file certificate.c.

{
    PRStatus status;
    NSSCertificate *rvCert;
    /* mark? */
    NSSArena *arena = object->arena;
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    PR_ASSERT(object->lockType == nssPKIMonitor);
    rvCert = nss_ZNEW(arena, NSSCertificate);
    if (!rvCert) {
       return (NSSCertificate *)NULL;
    }
    rvCert->object = *object;
    /* XXX should choose instance based on some criteria */
    status = nssCryptokiCertificate_GetAttributes(object->instances[0],
                                                  NULL,  /* XXX sessionOpt */
                                                  arena,
                                                  &rvCert->type,
                                                  &rvCert->id,
                                                  &rvCert->encoding,
                                                  &rvCert->issuer,
                                                  &rvCert->serial,
                                                  &rvCert->subject);
    if (status != PR_SUCCESS) {
       return (NSSCertificate *)NULL;
    }
    /* all certs need an encoding value */
    if (rvCert->encoding.data == NULL) {
       return (NSSCertificate *)NULL;
    }
    return rvCert;
}
NSS_EXTERN nssDecodedCert* nssCertificate_GetDecoding ( NSSCertificate *  c)

Definition at line 316 of file certificate.c.

{
    nssDecodedCert* deco = NULL;
    nssPKIObject_Lock(&c->object);
    if (!c->decoding) {
       deco = nssDecodedCert_Create(NULL, &c->encoding, c->type);
       PORT_Assert(!c->decoding); 
        c->decoding = deco;
    } else {
        deco = c->decoding;
    }
    nssPKIObject_Unlock(&c->object);
    return deco;
}
NSS_EXTERN PRStatus nssCertificate_SetCertTrust ( NSSCertificate *  c,
NSSTrust *  trust 
)
PRIntn nssCertificate_SubjectListSort ( void v1,
void v2 
)

Definition at line 769 of file certificate.c.

{
    NSSCertificate *c1 = (NSSCertificate *)v1;
    NSSCertificate *c2 = (NSSCertificate *)v2;
    nssDecodedCert *dc1 = nssCertificate_GetDecoding(c1);
    nssDecodedCert *dc2 = nssCertificate_GetDecoding(c2);
    if (!dc1) {
       return dc2 ? 1 : 0;
    } else if (!dc2) {
       return -1;
    } else {
       return dc1->isNewerThan(dc1, dc2) ? -1 : 1;
    }
}
NSS_EXTERN void nssCertificateArray_Destroy ( NSSCertificate **  certs)

Definition at line 402 of file pkibase.c.

{
    if (certs) {
       NSSCertificate **certp;
       for (certp = certs; *certp; certp++) {
           if ((*certp)->decoding) {
              CERTCertificate *cc = STAN_GetCERTCertificate(*certp);
              if (cc) {
                  CERT_DestroyCertificate(cc);
              }
              continue;
           }
           nssCertificate_Destroy(*certp);
       }
       nss_ZFreeIf(certs);
    }
}
NSS_EXTERN NSSCertificate* nssCertificateArray_FindBestCertificate ( NSSCertificate **  certs,
NSSTime *  timeOpt,
const NSSUsage *  usage,
NSSPolicies *  policiesOpt 
)

Definition at line 464 of file pkibase.c.

{
    NSSCertificate *bestCert = NULL;
    NSSTime *time, sTime;
    PRBool haveUsageMatch = PR_FALSE;
    PRBool thisCertMatches;

    if (timeOpt) {
       time = timeOpt;
    } else {
       NSSTime_Now(&sTime);
       time = &sTime;
    }
    if (!certs) {
       return (NSSCertificate *)NULL;
    }
    for (; *certs; certs++) {
       nssDecodedCert *dc, *bestdc;
       NSSCertificate *c = *certs;
       dc = nssCertificate_GetDecoding(c);
       if (!dc) continue;
       thisCertMatches = dc->matchUsage(dc, usage);
       if (!bestCert) {
           /* always take the first cert, but remember whether or not
            * the usage matched 
            */
           bestCert = nssCertificate_AddRef(c);
           haveUsageMatch = thisCertMatches;
           continue;
       } else {
           if (haveUsageMatch && !thisCertMatches) {
              /* if already have a cert for this usage, and if this cert 
               * doesn't have the correct usage, continue
               */
              continue;
           } else if (!haveUsageMatch && thisCertMatches) {
              /* this one does match usage, replace the other */
              nssCertificate_Destroy(bestCert);
              bestCert = nssCertificate_AddRef(c);
              haveUsageMatch = PR_TRUE;
              continue;
           }
           /* this cert match as well as any cert we've found so far, 
            * defer to time/policies 
            * */
       }
       bestdc = nssCertificate_GetDecoding(bestCert);
       /* time */
       if (bestdc->isValidAtTime(bestdc, time)) {
           /* The current best cert is valid at time */
           if (!dc->isValidAtTime(dc, time)) {
              /* If the new cert isn't valid at time, it's not better */
              continue;
           }
       } else {
           /* The current best cert is not valid at time */
           if (dc->isValidAtTime(dc, time)) {
              /* If the new cert is valid at time, it's better */
              nssCertificate_Destroy(bestCert);
              bestCert = nssCertificate_AddRef(c);
           }
       }
       /* either they are both valid at time, or neither valid; 
        * take the newer one
        */
       if (!bestdc->isNewerThan(bestdc, dc)) {
           nssCertificate_Destroy(bestCert);
           bestCert = nssCertificate_AddRef(c);
       }
       /* policies */
       /* XXX later -- defer to policies */
    }
    return bestCert;
}
NSS_EXTERN NSSCertificate** nssCertificateArray_Join ( NSSCertificate **  certs1,
NSSCertificate **  certs2 
)

Definition at line 431 of file pkibase.c.

{
    if (certs1 && certs2) {
       NSSCertificate **certs, **cp;
       PRUint32 count = 0;
       PRUint32 count1 = 0;
       cp = certs1;
       while (*cp++) count1++;
       count = count1;
       cp = certs2;
       while (*cp++) count++;
       certs = nss_ZREALLOCARRAY(certs1, NSSCertificate *, count + 1);
       if (!certs) {
           nss_ZFreeIf(certs1);
           nss_ZFreeIf(certs2);
           return (NSSCertificate **)NULL;
       }
       for (cp = certs2; *cp; cp++, count1++) {
           certs[count1] = *cp;
       }
       nss_ZFreeIf(certs2);
       return certs;
    } else if (certs1) {
       return certs1;
    } else {
       return certs2;
    }
}
NSS_EXTERN PRStatus nssCertificateArray_Traverse ( NSSCertificate **  certs,
PRStatus(*)(NSSCertificate *c, void *arg callback,
void arg 
)

Definition at line 545 of file pkibase.c.

{
    PRStatus status = PR_SUCCESS;
    if (certs) {
       NSSCertificate **certp;
       for (certp = certs; *certp; certp++) {
           status = (*callback)(*certp, arg);
           if (status != PR_SUCCESS) {
              break;
           }
       }
    }
    return status;
}
NSS_EXTERN nssPKIObjectCollection* nssCertificateCollection_Create ( NSSTrustDomain *  td,
NSSCertificate **  certsOpt 
)

Definition at line 1068 of file pkibase.c.

{
    PRStatus status;
    nssPKIObjectCollection *collection;
    collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor);
    collection->objectType = pkiObjectType_Certificate;
    collection->destroyObject = cert_destroyObject;
    collection->getUIDFromObject = cert_getUIDFromObject;
    collection->getUIDFromInstance = cert_getUIDFromInstance;
    collection->createObject = cert_createObject;
    if (certsOpt) {
       for (; *certsOpt; certsOpt++) {
           nssPKIObject *object = (nssPKIObject *)(*certsOpt);
           status = nssPKIObjectCollection_AddObject(collection, object);
       }
    }
    return collection;
}

Definition at line 951 of file certificate.c.

NSS_EXTERN NSSCRL* nssCRL_AddRef ( NSSCRL *  crl)

Definition at line 1112 of file certificate.c.

{
    if (crl) {
       nssPKIObject_AddRef(&crl->object);
    }
    return crl;
}
NSS_EXTERN NSSCRL* nssCRL_Create ( nssPKIObject *  object)

Definition at line 1083 of file certificate.c.

{
    PRStatus status;
    NSSCRL *rvCRL;
    NSSArena *arena = object->arena;
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    rvCRL = nss_ZNEW(arena, NSSCRL);
    if (!rvCRL) {
       return (NSSCRL *)NULL;
    }
    rvCRL->object = *object;
    /* XXX should choose instance based on some criteria */
    status = nssCryptokiCRL_GetAttributes(object->instances[0],
                                          NULL,  /* XXX sessionOpt */
                                          arena,
                                          &rvCRL->encoding,
                                          NULL, /* subject */
                                          NULL, /* class */
                                          &rvCRL->url,
                                          &rvCRL->isKRL);
    if (status != PR_SUCCESS) {
       return (NSSCRL *)NULL;
    }
    return rvCRL;
}
NSS_EXTERN PRStatus nssCRL_DeleteStoredObject ( NSSCRL *  crl,
NSSCallback *  uhh 
)

Definition at line 1134 of file certificate.c.

{
    return nssPKIObject_DeleteStoredObject(&crl->object, uhh, PR_TRUE);
}
NSS_EXTERN PRStatus nssCRL_Destroy ( NSSCRL *  crl)

Definition at line 1123 of file certificate.c.

{
    if (crl) {
       (void)nssPKIObject_Destroy(&crl->object);
    }
    return PR_SUCCESS;
}
NSS_EXTERN NSSDER* nssCRL_GetEncoding ( NSSCRL *  crl)

Definition at line 1143 of file certificate.c.

{
    if (crl->encoding.data != NULL && crl->encoding.size > 0) {
       return &crl->encoding;
    } else {
       return (NSSDER *)NULL;
    }
}
NSS_EXTERN void nssCRLArray_Destroy ( NSSCRL **  crls)

Definition at line 566 of file pkibase.c.

{
    if (crls) {
       NSSCRL **crlp;
       for (crlp = crls; *crlp; crlp++) {
           nssCRL_Destroy(*crlp);
       }
       nss_ZFreeIf(crls);
    }
}
NSS_EXTERN nssPKIObjectCollection* nssCRLCollection_Create ( NSSTrustDomain *  td,
NSSCRL **  crlsOpt 
)

Definition at line 1171 of file pkibase.c.

{
    PRStatus status;
    nssPKIObjectCollection *collection;
    collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock);
    collection->objectType = pkiObjectType_CRL;
    collection->destroyObject = crl_destroyObject;
    collection->getUIDFromObject = crl_getUIDFromObject;
    collection->getUIDFromInstance = crl_getUIDFromInstance;
    collection->createObject = crl_createObject;
    if (crlsOpt) {
       for (; *crlsOpt; crlsOpt++) {
           nssPKIObject *object = (nssPKIObject *)(*crlsOpt);
           status = nssPKIObjectCollection_AddObject(collection, object);
       }
    }
    return collection;
}
NSS_EXTERN NSSCryptoContext* nssCryptoContext_Create ( NSSTrustDomain *  td,
NSSCallback *  uhhOpt 
)

Definition at line 59 of file cryptocontext.c.

{
    NSSArena *arena;
    NSSCryptoContext *rvCC;
    arena = NSSArena_Create();
    if (!arena) {
       return NULL;
    }
    rvCC = nss_ZNEW(arena, NSSCryptoContext);
    if (!rvCC) {
       return NULL;
    }
    rvCC->td = td;
    rvCC->arena = arena;
    rvCC->certStore = nssCertificateStore_Create(rvCC->arena);
    if (!rvCC->certStore) {
       nssArena_Destroy(arena);
       return NULL;
    }

    return rvCC;
}
NSS_EXTERN nssDecodedCert* nssDecodedCert_Create ( NSSArena *  arenaOpt,
NSSDER encoding,
NSSCertificateType  type 
)

Definition at line 62 of file certdecode.c.

{
    nssDecodedCert *rvDC = NULL;
    switch(type) {
    case NSSCertificateType_PKIX:
       rvDC = nssDecodedPKIXCertificate_Create(arenaOpt, encoding);
       break;
    default:
#if 0
       nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
#endif
       return (nssDecodedCert *)NULL;
    }
    return rvDC;
}
NSS_EXTERN PRStatus nssDecodedCert_Destroy ( nssDecodedCert *  dc)

Definition at line 83 of file certdecode.c.

{
    if (!dc) {
       return PR_FAILURE;
    }
    switch(dc->type) {
    case NSSCertificateType_PKIX:
       return nssDecodedPKIXCertificate_Destroy(dc);
    default:
#if 0
       nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
#endif
       break;
    }
    return PR_FAILURE;
}
NSS_EXTERN nssHash* nssHash_CreateCertificate ( NSSArena *  arenaOpt,
PRUint32  numBuckets 
)

Definition at line 739 of file pkistore.c.

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssPKIObject_AddInstance ( nssPKIObject *  object,
nssCryptokiObject *  instance 
)

Definition at line 197 of file pkibase.c.

{
    nssPKIObject_Lock(object);
    if (object->numInstances == 0) {
       object->instances = nss_ZNEWARRAY(object->arena,
                                         nssCryptokiObject *,
                                         object->numInstances + 1);
    } else {
       PRUint32 i;
       for (i=0; i<object->numInstances; i++) {
           if (nssCryptokiObject_Equal(object->instances[i], instance)) {
              nssPKIObject_Unlock(object);
              if (instance->label) {
                  if (!object->instances[i]->label ||
                      !nssUTF8_Equal(instance->label,
                                     object->instances[i]->label, NULL))
                  {
                     /* Either the old instance did not have a label,
                      * or the label has changed.
                      */
                     nss_ZFreeIf(object->instances[i]->label);
                     object->instances[i]->label = instance->label;
                     instance->label = NULL;
                  }
              } else if (object->instances[i]->label) {
                  /* The old label was removed */
                  nss_ZFreeIf(object->instances[i]->label);
                  object->instances[i]->label = NULL;
              }
              nssCryptokiObject_Destroy(instance);
              return PR_SUCCESS;
           }
       }
       object->instances = nss_ZREALLOCARRAY(object->instances,
                                             nssCryptokiObject *,
                                             object->numInstances + 1);
    }
    if (!object->instances) {
       nssPKIObject_Unlock(object);
       return PR_FAILURE;
    }
    object->instances[object->numInstances++] = instance;
    nssPKIObject_Unlock(object);
    return PR_SUCCESS;
}
NSS_EXTERN nssPKIObject* nssPKIObject_AddRef ( nssPKIObject *  object)

Definition at line 188 of file pkibase.c.

{
    PR_AtomicIncrement(&object->refCount);
    return object;
}
NSS_EXTERN nssPKIObject* nssPKIObject_Create ( NSSArena *  arenaOpt,
nssCryptokiObject *  instanceOpt,
NSSTrustDomain *  td,
NSSCryptoContext *  ccOpt,
nssPKILockType  lockType 
)

Definition at line 120 of file pkibase.c.

{
    NSSArena *arena;
    nssArenaMark *mark = NULL;
    nssPKIObject *object;
    if (arenaOpt) {
       arena = arenaOpt;
       mark = nssArena_Mark(arena);
    } else {
       arena = nssArena_Create();
       if (!arena) {
           return (nssPKIObject *)NULL;
       }
    }
    object = nss_ZNEW(arena, nssPKIObject);
    if (!object) {
       goto loser;
    }
    object->arena = arena;
    object->trustDomain = td; /* XXX */
    object->cryptoContext = cc;
    if (PR_SUCCESS != nssPKIObject_NewLock(object, lockType)) {
       goto loser;
    }
    if (instanceOpt) {
       if (nssPKIObject_AddInstance(object, instanceOpt) != PR_SUCCESS) {
           goto loser;
       }
    }
    PR_AtomicIncrement(&object->refCount);
    if (mark) {
       nssArena_Unmark(arena, mark);
    }
    return object;
loser:
    if (mark) {
       nssArena_Release(arena, mark);
    } else {
       nssArena_Destroy(arena);
    }
    return (nssPKIObject *)NULL;
}
NSS_EXTERN PRStatus nssPKIObject_DeleteStoredObject ( nssPKIObject *  object,
NSSCallback *  uhh,
PRBool  isFriendly 
)

Definition at line 305 of file pkibase.c.

{
    PRUint32 i, numNotDestroyed;
    PRStatus status = PR_SUCCESS;
    numNotDestroyed = 0;
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
       nssCryptokiObject *instance = object->instances[i];
       status = nssToken_DeleteStoredObject(instance);
       object->instances[i] = NULL;
       if (status == PR_SUCCESS) {
           nssCryptokiObject_Destroy(instance);
       } else {
           object->instances[numNotDestroyed++] = instance;
       }
    }
    if (numNotDestroyed == 0) {
       nss_ZFreeIf(object->instances);
       object->numInstances = 0;
    } else {
       object->numInstances = numNotDestroyed;
    }
    nssPKIObject_Unlock(object);
    return status;
}
NSS_EXTERN PRBool nssPKIObject_Destroy ( nssPKIObject *  object)

Definition at line 170 of file pkibase.c.

{
    PRUint32 i;
    PR_ASSERT(object->refCount > 0);
    if (PR_AtomicDecrement(&object->refCount) == 0) {
       for (i=0; i<object->numInstances; i++) {
           nssCryptokiObject_Destroy(object->instances[i]);
       }
       nssPKIObject_DestroyLock(object);
       nssArena_Destroy(object->arena);
       return PR_TRUE;
    }
    return PR_FALSE;
}
NSS_EXTERN void nssPKIObject_DestroyLock ( nssPKIObject *  object)

Definition at line 101 of file pkibase.c.

{
    switch (object->lockType) {
    case nssPKIMonitor:
        PZ_DestroyMonitor(object->sync.mlock);
        object->sync.mlock = NULL;
        break;
    case nssPKILock:
        PZ_DestroyLock(object->sync.lock);
        object->sync.lock = NULL;
        break;
    default:
        PORT_Assert(0);
    }
}
NSS_EXTERN nssCryptokiObject** nssPKIObject_GetInstances ( nssPKIObject *  object)

Definition at line 380 of file pkibase.c.

{
    nssCryptokiObject **instances = NULL;
    PRUint32 i;
    if (object->numInstances == 0) {
       return (nssCryptokiObject **)NULL;
    }
    nssPKIObject_Lock(object);
    instances = nss_ZNEWARRAY(NULL, nssCryptokiObject *, 
                              object->numInstances + 1);
    if (instances) {
       for (i=0; i<object->numInstances; i++) {
           instances[i] = nssCryptokiObject_Clone(object->instances[i]);
       }
    }
    nssPKIObject_Unlock(object);
    return instances;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_EXTERN NSSUTF8* nssPKIObject_GetNicknameForToken ( nssPKIObject *  object,
NSSToken *  tokenOpt 
)

Definition at line 358 of file pkibase.c.

{
    PRUint32 i;
    NSSUTF8 *nickname = NULL;
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
       if ((!tokenOpt && object->instances[i]->label) ||
           (object->instances[i]->token == tokenOpt)) 
       {
            /* XXX should be copy? safe as long as caller has reference */
           nickname = object->instances[i]->label; 
           break;
       }
    }
    nssPKIObject_Unlock(object);
    return nickname;
}
NSS_EXTERN NSSToken** nssPKIObject_GetTokens ( nssPKIObject *  object,
PRStatus statusOpt 
)

Definition at line 336 of file pkibase.c.

{
    NSSToken **tokens = NULL;
    nssPKIObject_Lock(object);
    if (object->numInstances > 0) {
       tokens = nss_ZNEWARRAY(NULL, NSSToken *, object->numInstances + 1);
       if (tokens) {
           PRUint32 i;
           for (i=0; i<object->numInstances; i++) {
              tokens[i] = nssToken_AddRef(object->instances[i]->token);
           }
       }
    }
    nssPKIObject_Unlock(object);
    if (statusOpt) *statusOpt = PR_SUCCESS; /* until more logic here */
    return tokens;
}
NSS_EXTERN PRBool nssPKIObject_HasInstance ( nssPKIObject *  object,
nssCryptokiObject *  instance 
)

Definition at line 247 of file pkibase.c.

{
    PRUint32 i;
    PRBool hasIt = PR_FALSE;;
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
       if (nssCryptokiObject_Equal(object->instances[i], instance)) {
           hasIt = PR_TRUE;
           break;
       }
    }
    nssPKIObject_Unlock(object);
    return hasIt;
}
PR_BEGIN_EXTERN_C NSS_EXTERN void nssPKIObject_Lock ( nssPKIObject *  object)

Definition at line 54 of file pkibase.c.

{
    switch (object->lockType) {
    case nssPKIMonitor:
        PZ_EnterMonitor(object->sync.mlock);
        break;
    case nssPKILock:
        PZ_Lock(object->sync.lock);
        break;
    default:
        PORT_Assert(0);
    }
}
NSS_EXTERN PRStatus nssPKIObject_NewLock ( nssPKIObject *  object,
nssPKILockType  lockType 
)

Definition at line 84 of file pkibase.c.

{
    object->lockType = lockType;
    switch (lockType) {
    case nssPKIMonitor:
        object->sync.mlock = PZ_NewMonitor(nssILockSSL);
        return (object->sync.mlock ? PR_SUCCESS : PR_FAILURE);
    case nssPKILock:
        object->sync.lock = PZ_NewLock(nssILockSSL);
        return (object->sync.lock ? PR_SUCCESS : PR_FAILURE);
    default:
        PORT_Assert(0);
        return PR_FAILURE;
    }
}
NSS_EXTERN PRStatus nssPKIObject_RemoveInstanceForToken ( nssPKIObject *  object,
NSSToken *  token 
)

Definition at line 266 of file pkibase.c.

{
    PRUint32 i;
    nssCryptokiObject *instanceToRemove = NULL;
    nssPKIObject_Lock(object);
    if (object->numInstances == 0) {
       nssPKIObject_Unlock(object);
       return PR_SUCCESS;
    }
    for (i=0; i<object->numInstances; i++) {
       if (object->instances[i]->token == token) {
           instanceToRemove = object->instances[i];
           object->instances[i] = object->instances[object->numInstances-1];
           object->instances[object->numInstances-1] = NULL;
           break;
       }
    }
    if (--object->numInstances > 0) {
       nssCryptokiObject **instances = nss_ZREALLOCARRAY(object->instances,
                                             nssCryptokiObject *,
                                             object->numInstances);
       if (instances) {
           object->instances = instances;
       }
    } else {
       nss_ZFreeIf(object->instances);
    }
    nssCryptokiObject_Destroy(instanceToRemove);
    nssPKIObject_Unlock(object);
    return PR_SUCCESS;
}
NSS_EXTERN void nssPKIObject_Unlock ( nssPKIObject *  object)

Definition at line 69 of file pkibase.c.

{
    switch (object->lockType) {
    case nssPKIMonitor:
        PZ_ExitMonitor(object->sync.mlock);
        break;
    case nssPKILock:
        PZ_Unlock(object->sync.lock);
        break;
    default:
        PORT_Assert(0);
    }
}
NSS_EXTERN PRStatus nssPKIObjectCollection_AddInstanceAsObject ( nssPKIObjectCollection *  collection,
nssCryptokiObject *  instance 
)

Definition at line 958 of file pkibase.c.

{
    pkiObjectCollectionNode *node;
    PRBool foundIt;
    node = add_object_instance(collection, instance, &foundIt);
    if (node == NULL) {
       return PR_FAILURE;
    }
    if (!node->haveObject) {
       node->object = (*collection->createObject)(node->object);
       if (!node->object) {
           /*remove bogus object from list*/
           nssPKIObjectCollection_RemoveNode(collection,node);
           return PR_FAILURE;
       }
       node->haveObject = PR_TRUE;
    } else if (!foundIt) {
       /* The instance was added to a pre-existing node.  This
        * function is *only* being used for certificates, and having
        * multiple instances of certs in 3.X requires updating the
        * CERTCertificate.
        * But only do it if it was a new instance!!!  If the same instance
        * is encountered, we set *foundIt to true.  Detect that here and
        * ignore it.
        */
       STAN_ForceCERTCertificateUpdate((NSSCertificate *)node->object);
    }
    return PR_SUCCESS;
}
NSS_EXTERN PRStatus nssPKIObjectCollection_AddInstances ( nssPKIObjectCollection *  collection,
nssCryptokiObject **  instances,
PRUint32  numInstances 
)

Definition at line 839 of file pkibase.c.

{
    PRStatus status = PR_SUCCESS;
    PRUint32 i = 0;
    PRBool foundIt;
    pkiObjectCollectionNode *node;
    if (instances) {
       for (; *instances; instances++, i++) {
           if (numInstances > 0 && i == numInstances) {
              break;
           }
           if (status == PR_SUCCESS) {
              node = add_object_instance(collection, *instances, &foundIt);
              if (node == NULL) {
                  /* add_object_instance freed the current instance */
                  /* free the remaining instances */
                  status = PR_FAILURE;
              }
           } else {
              nssCryptokiObject_Destroy(*instances);
           }
       }
    }
    return status;
}
NSS_EXTERN PRStatus nssPKIObjectCollection_AddObject ( nssPKIObjectCollection *  collection,
nssPKIObject *  object 
)

Definition at line 698 of file pkibase.c.

{
    pkiObjectCollectionNode *node;
    node = nss_ZNEW(collection->arena, pkiObjectCollectionNode);
    if (!node) {
       return PR_FAILURE;
    }
    node->haveObject = PR_TRUE;
    node->object = nssPKIObject_AddRef(object);
    (*collection->getUIDFromObject)(object, node->uid);
    PR_INIT_CLIST(&node->link);
    PR_INSERT_BEFORE(&node->link, &collection->head);
    collection->size++;
    return PR_SUCCESS;
}
NSS_EXTERN PRUint32 nssPKIObjectCollection_Count ( nssPKIObjectCollection *  collection)

Definition at line 690 of file pkibase.c.

{
    return collection->size;
}
NSS_EXTERN void nssPKIObjectCollection_Destroy ( nssPKIObjectCollection *  collection)

Definition at line 666 of file pkibase.c.

{
    if (collection) {
       PRCList *link;
       pkiObjectCollectionNode *node;
       /* first destroy any objects in the collection */
       link = PR_NEXT_LINK(&collection->head);
       while (link != &collection->head) {
           node = (pkiObjectCollectionNode *)link;
           if (node->haveObject) {
              (*collection->destroyObject)(node->object);
           } else {
              nssPKIObject_Destroy(node->object);
           }
           link = PR_NEXT_LINK(link);
       }
       /* then destroy it */
       nssArena_Destroy(collection->arena);
    }
}
NSS_EXTERN NSSCertificate** nssPKIObjectCollection_GetCertificates ( nssPKIObjectCollection *  collection,
NSSCertificate **  rvOpt,
PRUint32  maximumOpt,
NSSArena *  arenaOpt 
)

Definition at line 1091 of file pkibase.c.

{
    PRStatus status;
    PRUint32 rvSize;
    PRBool allocated = PR_FALSE;
    if (collection->size == 0) {
       return (NSSCertificate **)NULL;
    }
    if (maximumOpt == 0) {
       rvSize = collection->size;
    } else {
       rvSize = PR_MIN(collection->size, maximumOpt);
    }
    if (!rvOpt) {
       rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, rvSize + 1);
       if (!rvOpt) {
           return (NSSCertificate **)NULL;
       }
       allocated = PR_TRUE;
    }
    status = nssPKIObjectCollection_GetObjects(collection, 
                                               (nssPKIObject **)rvOpt, 
                                               rvSize);
    if (status != PR_SUCCESS) {
       if (allocated) {
           nss_ZFreeIf(rvOpt);
       }
       return (NSSCertificate **)NULL;
    }
    return rvOpt;
}
NSS_EXTERN NSSCRL** nssPKIObjectCollection_GetCRLs ( nssPKIObjectCollection *  collection,
NSSCRL **  rvOpt,
PRUint32  maximumOpt,
NSSArena *  arenaOpt 
)

Definition at line 1194 of file pkibase.c.

{
    PRStatus status;
    PRUint32 rvSize;
    PRBool allocated = PR_FALSE;
    if (collection->size == 0) {
       return (NSSCRL **)NULL;
    }
    if (maximumOpt == 0) {
       rvSize = collection->size;
    } else {
       rvSize = PR_MIN(collection->size, maximumOpt);
    }
    if (!rvOpt) {
       rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCRL *, rvSize + 1);
       if (!rvOpt) {
           return (NSSCRL **)NULL;
       }
       allocated = PR_TRUE;
    }
    status = nssPKIObjectCollection_GetObjects(collection, 
                                               (nssPKIObject **)rvOpt, 
                                               rvSize);
    if (status != PR_SUCCESS) {
       if (allocated) {
           nss_ZFreeIf(rvOpt);
       }
       return (NSSCRL **)NULL;
    }
    return rvOpt;
}
NSS_EXTERN NSSPrivateKey** nssPKIObjectCollection_GetPrivateKeys ( nssPKIObjectCollection *  collection,
NSSPrivateKey **  rvOpt,
PRUint32  maximumOpt,
NSSArena *  arenaOpt 
)
NSS_EXTERN NSSPublicKey** nssPKIObjectCollection_GetPublicKeys ( nssPKIObjectCollection *  collection,
NSSPublicKey **  rvOpt,
PRUint32  maximumOpt,
NSSArena *  arenaOpt 
)
NSS_EXTERN PRStatus nssPKIObjectCollection_Traverse ( nssPKIObjectCollection *  collection,
nssPKIObjectCallback callback 
)

Definition at line 914 of file pkibase.c.

{
    PRStatus status;
    PRCList *link = PR_NEXT_LINK(&collection->head);
    pkiObjectCollectionNode *node;
    while (link != &collection->head) {
       node = (pkiObjectCollectionNode *)link;
       if (!node->haveObject) {
           node->object = (*collection->createObject)(node->object);
           if (!node->object) {
              link = PR_NEXT_LINK(link);
              /*remove bogus object from list*/
              nssPKIObjectCollection_RemoveNode(collection,node);
              continue;
           }
           node->haveObject = PR_TRUE;
       }
       switch (collection->objectType) {
       case pkiObjectType_Certificate: 
           status = (*callback->func.cert)((NSSCertificate *)node->object, 
                                           callback->arg);
           break;
       case pkiObjectType_CRL: 
           status = (*callback->func.crl)((NSSCRL *)node->object, 
                                          callback->arg);
           break;
       case pkiObjectType_PrivateKey: 
           status = (*callback->func.pvkey)((NSSPrivateKey *)node->object, 
                                            callback->arg);
           break;
       case pkiObjectType_PublicKey: 
           status = (*callback->func.pbkey)((NSSPublicKey *)node->object, 
                                            callback->arg);
           break;
       }
       link = PR_NEXT_LINK(link);
    }
    return PR_SUCCESS;
}
NSS_EXTERN NSSPrivateKey* nssPrivateKey_Create ( nssPKIObject *  o)
NSS_EXTERN nssPKIObjectCollection* nssPrivateKeyCollection_Create ( NSSTrustDomain *  td,
NSSPrivateKey **  pvkOpt 
)
NSS_EXTERN NSSPublicKey* nssPublicKey_Create ( nssPKIObject *  object)
NSS_EXTERN nssPKIObjectCollection* nssPublicKeyCollection_Create ( NSSTrustDomain *  td,
NSSPublicKey **  pvkOpt 
)
NSS_EXTERN PRTime NSSTime_GetPRTime ( NSSTime *  time)

Definition at line 1255 of file pkibase.c.

{
  return time->prTime;
}
NSS_EXTERN NSSTime* NSSTime_Now ( NSSTime *  timeOpt)

Definition at line 1235 of file pkibase.c.

{
    return NSSTime_SetPRTime(timeOpt, PR_Now());
}
NSS_EXTERN NSSTime* NSSTime_SetPRTime ( NSSTime *  timeOpt,
PRTime  prTime 
)

Definition at line 1243 of file pkibase.c.

{
    NSSTime *rvTime;
    rvTime = (timeOpt) ? timeOpt : nss_ZNEW(NULL, NSSTime);
    rvTime->prTime = prTime;
    return rvTime;
}
NSS_EXTERN NSSTrust* nssTrust_Create ( nssPKIObject *  object,
NSSItem *  certData 
)

Definition at line 959 of file certificate.c.

{
    PRStatus status;
    PRUint32 i;
    PRUint32 lastTrustOrder, myTrustOrder;
    unsigned char sha1_hashcmp[SHA1_LENGTH];
    unsigned char sha1_hashin[SHA1_LENGTH];
    NSSItem sha1_hash;
    NSSTrust *rvt;
    nssCryptokiObject *instance;
    nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
    SECStatus rv; /* Should be stan flavor */
    PRBool stepUp;

    lastTrustOrder = 1<<16; /* just make it big */
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    rvt = nss_ZNEW(object->arena, NSSTrust);
    if (!rvt) {
       return (NSSTrust *)NULL;
    }
    rvt->object = *object;

    /* should be stan flavor of Hashbuf */
    rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size);
    if (rv != SECSuccess) {
       return (NSSTrust *)NULL;
    }
    sha1_hash.data = sha1_hashin;
    sha1_hash.size = sizeof (sha1_hashin);
    /* trust has to peek into the base object members */
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
       instance = object->instances[i];
       myTrustOrder = nssToken_GetTrustOrder(instance->token);
       status = nssCryptokiTrust_GetAttributes(instance, NULL,
                                          &sha1_hash,
                                               &serverAuth,
                                               &clientAuth,
                                               &codeSigning,
                                               &emailProtection,
                                               &stepUp);
       if (status != PR_SUCCESS) {
           nssPKIObject_Unlock(object);
           return (NSSTrust *)NULL;
       }
       if (PORT_Memcmp(sha1_hashin,sha1_hashcmp,SHA1_LENGTH) != 0) {
           nssPKIObject_Unlock(object);
           return (NSSTrust *)NULL;
       }
       if (rvt->serverAuth == nssTrustLevel_Unknown ||
           myTrustOrder < lastTrustOrder) 
       {
           rvt->serverAuth = serverAuth;
       }
       if (rvt->clientAuth == nssTrustLevel_Unknown ||
           myTrustOrder < lastTrustOrder) 
       {
           rvt->clientAuth = clientAuth;
       }
       if (rvt->emailProtection == nssTrustLevel_Unknown ||
           myTrustOrder < lastTrustOrder) 
       {
           rvt->emailProtection = emailProtection;
       }
       if (rvt->codeSigning == nssTrustLevel_Unknown ||
           myTrustOrder < lastTrustOrder) 
       {
           rvt->codeSigning = codeSigning;
       }
       rvt->stepUpApproved = stepUp;
       lastTrustOrder = myTrustOrder;
    }
    nssPKIObject_Unlock(object);
    return rvt;
}
NSS_EXTERN PRStatus nssTrustDomain_AddCertsToCache ( NSSTrustDomain *  td,
NSSCertificate **  certs,
PRUint32  numCerts 
)

Definition at line 868 of file tdcache.c.

{
    PRUint32 i;
    NSSCertificate *c;
    for (i=0; i<numCerts && certs[i]; i++) {
       c = add_cert_to_cache(td, certs[i]);
       if (c == NULL) {
           return PR_FAILURE;
       } else {
           certs[i] = c;
       }
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

Definition at line 228 of file tdcache.c.

{
    if (!td->cache) {
       nss_SetError(NSS_ERROR_INTERNAL_ERROR);
       return PR_FAILURE;
    }
    if (nssHash_Count(td->cache->issuerAndSN) > 0) {
       nss_SetError(NSS_ERROR_BUSY);
       return PR_FAILURE;
    }
    PZ_DestroyLock(td->cache->lock);
    nssHash_Destroy(td->cache->issuerAndSN);
    nssHash_Destroy(td->cache->subject);
    nssHash_Destroy(td->cache->nickname);
    nssHash_Destroy(td->cache->email);
    nssArena_Destroy(td->cache->arena);
    td->cache = NULL;
#ifdef DEBUG_CACHE
    PR_LOG(s_log, PR_LOG_DEBUG, ("Cache destroyed."));
#endif
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_EXTERN void nssTrustDomain_DumpCacheInfo ( NSSTrustDomain *  td,
void(*)(const void *, void *, void *)  cert_dump_iter,
void arg 
)

Definition at line 1163 of file tdcache.c.

{
    PZ_Lock(td->cache->lock);
    nssHash_Iterate(td->cache->issuerAndSN, cert_dump_iter, arg);
    PZ_Unlock(td->cache->lock);
}

Here is the caller graph for this function:

NSS_EXTERN NSSCertificate** nssTrustDomain_FindCertificatesByID ( NSSTrustDomain *  td,
NSSItem *  id,
NSSCertificate **  rvOpt,
PRUint32  maximumOpt,
NSSArena *  arenaOpt 
)
NSS_EXTERN NSSCRL** nssTrustDomain_FindCRLsBySubject ( NSSTrustDomain *  td,
NSSDER subject 
)

Definition at line 1242 of file trustdomain.c.

{
    PRStatus status;
    NSSSlot **slots;
    NSSSlot **slotp;
    NSSToken *token;
    nssUpdateLevel updateLevel;
    nssPKIObjectCollection *collection;
    NSSCRL **rvCRLs = NULL;
    collection = nssCRLCollection_Create(td, NULL);
    if (!collection) {
       return (NSSCRL **)NULL;
    }
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
    if (!slots) {
       goto loser;
    }
    for (slotp = slots; *slotp; slotp++) {
       token = nssSlot_GetToken(*slotp);
       if (token) {
           nssSession *session;
           nssCryptokiObject **instances;
           nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
           /* get a session for the token */
           session = nssTrustDomain_GetSessionForToken(td, token);
           if (!session) {
              nssToken_Destroy(token);
              goto loser;
           }
           /* perform the traversal */
           instances = nssToken_FindCRLsBySubject(token, session, subject,
                                                  tokenOnly, 0, &status);
           nssToken_Destroy(token);
           if (status != PR_SUCCESS) {
              goto loser;
           }
           /* add the found CRL's to the collection */
           status = nssPKIObjectCollection_AddInstances(collection, 
                                                        instances, 0);
           nss_ZFreeIf(instances);
           if (status != PR_SUCCESS) {
              goto loser;
           }
       }
    }
    rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
    nssPKIObjectCollection_Destroy(collection);
    nssSlotArray_Destroy(slots);
    return rvCRLs;
loser:
    nssPKIObjectCollection_Destroy(collection);
    nssSlotArray_Destroy(slots);
    return (NSSCRL **)NULL;
}

Here is the caller graph for this function:

NSS_EXTERN NSSCertificate* nssTrustDomain_GetCertByDERFromCache ( NSSTrustDomain *  td,
NSSDER der 
)

Definition at line 1104 of file tdcache.c.

{
    PRStatus nssrv = PR_FAILURE;
    NSSDER issuer, serial;
    NSSCertificate *rvCert;
    nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial);
    if (nssrv != PR_SUCCESS) {
       return NULL;
    }
#ifdef DEBUG_CACHE
    log_item_dump("looking for cert by DER", der);
#endif
    rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, 
                                                           &issuer, &serial);
    PORT_Free(issuer.data);
    PORT_Free(serial.data);
    return rvCert;
}
NSS_EXTERN NSSCertificate* nssTrustDomain_GetCertForIssuerAndSNFromCache ( NSSTrustDomain *  td,
NSSDER issuer,
NSSDER serialNum 
)

Definition at line 1043 of file tdcache.c.

{
    NSSCertificate certkey;
    NSSCertificate *rvCert = NULL;
    cache_entry *ce;
    certkey.issuer.data = issuer->data;
    certkey.issuer.size = issuer->size;
    certkey.serial.data = serial->data;
    certkey.serial.size = serial->size;
#ifdef DEBUG_CACHE
    log_item_dump("looking for cert by issuer/sn, issuer", issuer);
    log_item_dump("                               serial", serial);
#endif
    PZ_Lock(td->cache->lock);
    ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, &certkey);
    if (ce) {
       ce->hits++;
       ce->lastHit = PR_Now();
       rvCert = nssCertificate_AddRef(ce->entry.cert);
#ifdef DEBUG_CACHE
       PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
#endif
    }
    PZ_Unlock(td->cache->lock);
    return rvCert;
}

Here is the caller graph for this function:

NSS_EXTERN NSSCertificate** nssTrustDomain_GetCertsForEmailAddressFromCache ( NSSTrustDomain *  td,
NSSASCII7 email,
nssList *  certListOpt 
)

Definition at line 979 of file tdcache.c.

{
    NSSCertificate **rvArray = NULL;
    cache_entry *ce;
    nssList *collectList = NULL;
    nssListIterator *iter = NULL;
    nssList *subjectList;
#ifdef DEBUG_CACHE
    PR_LOG(s_log, PR_LOG_DEBUG, ("looking for cert by email %s", email));
#endif
    PZ_Lock(td->cache->lock);
    ce = (cache_entry *)nssHash_Lookup(td->cache->email, email);
    if (ce) {
       ce->hits++;
       ce->lastHit = PR_Now();
#ifdef DEBUG_CACHE
       PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
#endif
       /* loop over subject lists and get refs for certs */
       if (certListOpt) {
           collectList = certListOpt;
       } else {
           collectList = nssList_Create(NULL, PR_FALSE);
           if (!collectList) {
              PZ_Unlock(td->cache->lock);
              return NULL;
           }
       }
       iter = nssList_CreateIterator(ce->entry.list);
       if (!iter) {
           PZ_Unlock(td->cache->lock);
           if (!certListOpt) {
              nssList_Destroy(collectList);
           }
           return NULL;
       }
       for (subjectList  = (nssList *)nssListIterator_Start(iter);
            subjectList != (nssList *)NULL;
            subjectList  = (nssList *)nssListIterator_Next(iter)) {
           (void)collect_subject_certs(subjectList, collectList);
       }
       nssListIterator_Finish(iter);
       nssListIterator_Destroy(iter);
    }
    PZ_Unlock(td->cache->lock);
    if (!certListOpt && collectList) {
       PRUint32 count = nssList_Count(collectList);
       rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count);
       if (rvArray) {
           nssList_GetArray(collectList, (void **)rvArray, count);
       }
       nssList_Destroy(collectList);
    }
    return rvArray;
}

Here is the caller graph for this function:

NSS_EXTERN NSSCertificate** nssTrustDomain_GetCertsForNicknameFromCache ( NSSTrustDomain *  td,
NSSUTF8 nickname,
nssList *  certListOpt 
)

Definition at line 950 of file tdcache.c.

{
    NSSCertificate **rvArray = NULL;
    cache_entry *ce;
#ifdef DEBUG_CACHE
    PR_LOG(s_log, PR_LOG_DEBUG, ("looking for cert by nick %s", nickname));
#endif
    PZ_Lock(td->cache->lock);
    ce = (cache_entry *)nssHash_Lookup(td->cache->nickname, nickname);
    if (ce) {
       ce->hits++;
       ce->lastHit = PR_Now();
#ifdef DEBUG_CACHE
       PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
#endif
       rvArray = collect_subject_certs(ce->entry.list, certListOpt);
    }
    PZ_Unlock(td->cache->lock);
    return rvArray;
}

Here is the caller graph for this function:

NSS_EXTERN NSSCertificate** nssTrustDomain_GetCertsForSubjectFromCache ( NSSTrustDomain *  td,
NSSDER subject,
nssList *  certListOpt 
)

Definition at line 921 of file tdcache.c.

{
    NSSCertificate **rvArray = NULL;
    cache_entry *ce;
#ifdef DEBUG_CACHE
    log_item_dump("looking for cert by subject", subject);
#endif
    PZ_Lock(td->cache->lock);
    ce = (cache_entry *)nssHash_Lookup(td->cache->subject, subject);
    if (ce) {
       ce->hits++;
       ce->lastHit = PR_Now();
#ifdef DEBUG_CACHE
       PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
#endif
       rvArray = collect_subject_certs(ce->entry.list, certListOpt);
    }
    PZ_Unlock(td->cache->lock);
    return rvArray;
}

Here is the caller graph for this function:

NSS_EXTERN NSSCertificate** nssTrustDomain_GetCertsFromCache ( NSSTrustDomain *  td,
nssList *  certListOpt 
)

Definition at line 1134 of file tdcache.c.

{
    NSSCertificate **rvArray = NULL;
    nssList *certList;
    if (certListOpt) {
       certList = certListOpt;
    } else {
       certList = nssList_Create(NULL, PR_FALSE);
       if (!certList) {
           return NULL;
       }
    }
    PZ_Lock(td->cache->lock);
    nssHash_Iterate(td->cache->issuerAndSN, cert_iter, (void *)certList);
    PZ_Unlock(td->cache->lock);
    if (!certListOpt) {
       PRUint32 count = nssList_Count(certList);
       rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count);
       nssList_GetArray(certList, (void **)rvArray, count);
       /* array takes the references */
       nssList_Destroy(certList);
    }
    return rvArray;
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssTrustDomain_InitializeCache ( NSSTrustDomain *  td,
PRUint32  cacheSize 
)

Definition at line 155 of file tdcache.c.

{
    NSSArena *arena;
    nssTDCertificateCache *cache = td->cache;
#ifdef DEBUG_CACHE
    s_log = PR_NewLogModule("nss_cache");
    PR_ASSERT(s_log);
#endif
    PR_ASSERT(!cache);
    arena = nssArena_Create();
    if (!arena) {
       return PR_FAILURE;
    }
    cache = nss_ZNEW(arena, nssTDCertificateCache);
    if (!cache) {
       nssArena_Destroy(arena);
       return PR_FAILURE;
    }
    cache->lock = PZ_NewLock(nssILockCache);
    if (!cache->lock) {
       nssArena_Destroy(arena);
       return PR_FAILURE;
    }
    /* Create the issuer and serial DER --> certificate hash */
    cache->issuerAndSN = nssHash_CreateCertificate(arena, cacheSize);
    if (!cache->issuerAndSN) {
       goto loser;
    }
    /* Create the subject DER --> subject list hash */
    cache->subject = nssHash_CreateItem(arena, cacheSize);
    if (!cache->subject) {
       goto loser;
    }
    /* Create the nickname --> subject list hash */
    cache->nickname = nssHash_CreateString(arena, cacheSize);
    if (!cache->nickname) {
       goto loser;
    }
    /* Create the email --> list of subject lists hash */
    cache->email = nssHash_CreateString(arena, cacheSize);
    if (!cache->email) {
       goto loser;
    }
    cache->arena = arena;
    td->cache = cache;
#ifdef DEBUG_CACHE
    PR_LOG(s_log, PR_LOG_DEBUG, ("Cache initialized."));
#endif
    return PR_SUCCESS;
loser:
    PZ_DestroyLock(cache->lock);
    nssArena_Destroy(arena);
    td->cache = NULL;
#ifdef DEBUG_CACHE
    PR_LOG(s_log, PR_LOG_DEBUG, ("Cache initialization failed."));
#endif
    return PR_FAILURE;
}

Here is the caller graph for this function:

NSS_EXTERN void nssTrustDomain_LockCertCache ( NSSTrustDomain *  td)

Definition at line 401 of file tdcache.c.

{
    PZ_Lock(td->cache->lock);
}

Here is the caller graph for this function:

NSS_EXTERN void nssTrustDomain_RemoveCertFromCacheLOCKED ( NSSTrustDomain *  td,
NSSCertificate *  cert 
)

Definition at line 360 of file tdcache.c.

{
    nssList *subjectList;
    cache_entry *ce;
    NSSArena *arena;
    NSSUTF8 *nickname;

#ifdef DEBUG_CACHE
    log_cert_ref("attempt to remove cert", cert);
#endif
    ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, cert);
    if (!ce || ce->entry.cert != cert) {
       /* If it's not in the cache, or a different cert is (this is really
        * for safety reasons, though it shouldn't happen), do nothing 
        */
#ifdef DEBUG_CACHE
       PR_LOG(s_log, PR_LOG_DEBUG, ("but it wasn't in the cache"));
#endif
       return;
    }
    (void)remove_issuer_and_serial_entry(td->cache, cert);
    (void)remove_subject_entry(td->cache, cert, &subjectList, 
                               &nickname, &arena);
    if (nssList_Count(subjectList) == 0) {
       (void)remove_nickname_entry(td->cache, nickname, subjectList);
       (void)remove_email_entry(td->cache, cert, subjectList);
       (void)nssList_Destroy(subjectList);
       nssHash_Remove(td->cache->subject, &cert->subject);
       /* there are no entries left for this subject, free the space used
        * for both the nickname and subject entries
        */
       if (arena) {
           nssArena_Destroy(arena);
       }
    }
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssTrustDomain_RemoveTokenCertsFromCache ( NSSTrustDomain *  td,
NSSToken *  token 
)

Definition at line 456 of file tdcache.c.

{
    NSSCertificate **certs;
    PRUint32 i, arrSize = 10;
    struct token_cert_dtor dtor;
    certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize);
    if (!certs) {
       return PR_FAILURE;
    }
    dtor.cache = td->cache;
    dtor.token = token;
    dtor.certs = certs;
    dtor.numCerts = 0;
    dtor.arrSize = arrSize;
    PZ_Lock(td->cache->lock);
    nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, (void *)&dtor);
    for (i=0; i<dtor.numCerts; i++) {
       if (dtor.certs[i]->object.numInstances == 0) {
           nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]);
           dtor.certs[i] = NULL;  /* skip this cert in the second for loop */
       }
    }
    PZ_Unlock(td->cache->lock);
    for (i=0; i<dtor.numCerts; i++) {
       if (dtor.certs[i]) {
           STAN_ForceCERTCertificateUpdate(dtor.certs[i]);
       }
    }
    nss_ZFreeIf(dtor.certs);
    return PR_SUCCESS;
}

Definition at line 409 of file tdcache.c.

{
    PZ_Unlock(td->cache->lock);
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssTrustDomain_UpdateCachedTokenCerts ( NSSTrustDomain *  td,
NSSToken *  token 
)

Definition at line 492 of file tdcache.c.

{
    NSSCertificate **cp, **cached = NULL;
    nssList *certList;
    PRUint32 count;
    certList = nssList_Create(NULL, PR_FALSE);
    if (!certList) return PR_FAILURE;
    (void *)nssTrustDomain_GetCertsFromCache(td, certList);
    count = nssList_Count(certList);
    if (count > 0) {
       cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
       if (!cached) {
           return PR_FAILURE;
       }
       nssList_GetArray(certList, (void **)cached, count);
       nssList_Destroy(certList);
       for (cp = cached; *cp; cp++) {
           nssCryptokiObject *instance;
           NSSCertificate *c = *cp;
           nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
           instance = nssToken_FindCertificateByIssuerAndSerialNumber(
                                                              token,
                                                               NULL,
                                                               &c->issuer,
                                                               &c->serial,
                                                               tokenOnly,
                                                               NULL);
           if (instance) {
              nssPKIObject_AddInstance(&c->object, instance);
              STAN_ForceCERTCertificateUpdate(c);
           }
       }
       nssCertificateArray_Destroy(cached);
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function: