Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Enumerations | Functions | Variables
pcertdb.c File Reference
#include "prtime.h"
#include "lowkeyti.h"
#include "pcert.h"
#include "mcom_db.h"
#include "secitem.h"
#include "secder.h"
#include "secasn1.h"
#include "secerr.h"
#include "nssilock.h"
#include "prmon.h"
#include "base64.h"
#include "sechash.h"
#include "plhash.h"
#include "cdbhdl.h"
#include "pkcs11i.h"

Go to the source code of this file.

Classes

struct  PermCertCallbackState

Defines

#define MAX_CERT_LIST_COUNT   10
#define MAX_TRUST_LIST_COUNT   10
#define MAX_ENTRY_LIST_COUNT   10
#define DB_NOT_FOUND   -30991 /* from DBM 3.2 */
#define NO_RDONLY   O_RDONLY
#define NO_RDWR   O_RDWR
#define NO_CREATE   (O_RDWR | O_CREAT | O_TRUNC)

Enumerations

enum  nsslowcertUpdateType { nsslowcert_remove, nsslowcert_add, nsslowcert_remove, nsslowcert_add }

Functions

NSSLOWCERTCertificate * nsslowcert_FindCertByDERCertNoLocking (NSSLOWCERTCertDBHandle *handle, SECItem *derCert)
static SECStatus nsslowcert_UpdateSMimeProfile (NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime)
static SECStatus nsslowcert_UpdatePermCert (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust)
static SECStatus nsslowcert_UpdateCrl (NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, SECItem *crlKey, char *url, PRBool isKRL)
void certdb_InitDBLock (NSSLOWCERTCertDBHandle *handle)
SECStatus nsslowcert_InitLocks (void)
static void nsslowcert_LockDB (NSSLOWCERTCertDBHandle *handle)
static void nsslowcert_UnlockDB (NSSLOWCERTCertDBHandle *handle)
static void nsslowcert_LockCertRefCount (NSSLOWCERTCertificate *cert)
static void nsslowcert_UnlockCertRefCount (NSSLOWCERTCertificate *cert)
void nsslowcert_LockCertTrust (NSSLOWCERTCertificate *cert)
void nsslowcert_UnlockCertTrust (NSSLOWCERTCertificate *cert)
static void nsslowcert_LockFreeList (void)
static void nsslowcert_UnlockFreeList (void)
NSSLOWCERTCertificate * nsslowcert_DupCertificate (NSSLOWCERTCertificate *c)
static int certdb_Get (DB *db, DBT *key, DBT *data, unsigned int flags)
static int certdb_Put (DB *db, DBT *key, DBT *data, unsigned int flags)
static int certdb_Sync (DB *db, unsigned int flags)
static int certdb_Del (DB *db, DBT *key, unsigned int flags)
static int certdb_Seq (DB *db, DBT *key, DBT *data, unsigned int flags)
static void certdb_Close (DB *db)
void pkcs11_freeNickname (char *nickname, char *space)
char * pkcs11_copyNickname (char *nickname, char *space, int spaceLen)
void pkcs11_freeStaticData (unsigned char *data, unsigned char *space)
unsigned char * pkcs11_allocStaticData (int len, unsigned char *space, int spaceLen)
unsigned char * pkcs11_copyStaticData (unsigned char *data, int len, unsigned char *space, int spaceLen)
static void DestroyDBEntry (certDBEntry *entry)
static void nsslowcert_DestroyCertificateNoLocking (NSSLOWCERTCertificate *cert)
static SECStatus DeleteDBEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryType type, SECItem *dbkey)
static SECStatus ReadDBEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryCommon *entry, SECItem *dbkey, SECItem *dbentry, PRArenaPool *arena)
static SECStatus WriteDBEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryCommon *entry, SECItem *dbkey, SECItem *dbentry)
 Implement low level database access.
static SECStatus EncodeDBCertEntry (certDBEntryCert *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus EncodeDBCertKey (SECItem *certKey, PRArenaPool *arena, SECItem *dbkey)
static SECStatus EncodeDBGenericKey (SECItem *certKey, PRArenaPool *arena, SECItem *dbkey, certDBEntryType entryType)
static SECStatus DecodeDBCertEntry (certDBEntryCert *entry, SECItem *dbentry)
static certDBEntryCert * NewDBCertEntry (SECItem *derCert, char *nickname, NSSLOWCERTCertTrust *trust, int flags)
static certDBEntryCert * DecodeV4DBCertEntry (unsigned char *buf, int len)
static SECStatus WriteDBCertEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry)
static SECStatus DeleteDBCertEntry (NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
static certDBEntryCert * CreateCertEntry (void)
static void DestroyCertEntryFreeList (void)
static certDBEntryCert * ReadDBCertEntry (NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
static SECStatus EncodeDBCrlEntry (certDBEntryRevocation *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus DecodeDBCrlEntry (certDBEntryRevocation *entry, SECItem *dbentry)
static certDBEntryRevocation * NewDBCrlEntry (SECItem *derCrl, char *url, certDBEntryType crlType, int flags)
static SECStatus WriteDBCrlEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryRevocation *entry, SECItem *crlKey)
static SECStatus DeleteDBCrlEntry (NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, certDBEntryType crlType)
static certDBEntryRevocation * ReadDBCrlEntry (NSSLOWCERTCertDBHandle *handle, SECItem *certKey, certDBEntryType crlType)
void nsslowcert_DestroyDBEntry (certDBEntry *entry)
static SECStatus EncodeDBNicknameEntry (certDBEntryNickname *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus EncodeDBNicknameKey (char *nickname, PRArenaPool *arena, SECItem *dbkey)
static SECStatus DecodeDBNicknameEntry (certDBEntryNickname *entry, SECItem *dbentry, char *nickname)
static certDBEntryNicknameNewDBNicknameEntry (char *nickname, SECItem *subjectName, unsigned int flags)
static SECStatus DeleteDBNicknameEntry (NSSLOWCERTCertDBHandle *handle, char *nickname)
static certDBEntryNicknameReadDBNicknameEntry (NSSLOWCERTCertDBHandle *handle, char *nickname)
static SECStatus WriteDBNicknameEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryNickname *entry)
SECStatus EncodeDBSMimeEntry (certDBEntrySMime *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus EncodeDBSMimeKey (char *emailAddr, PRArenaPool *arena, SECItem *dbkey)
static SECStatus DecodeDBSMimeEntry (certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
static certDBEntrySMimeNewDBSMimeEntry (char *emailAddr, SECItem *subjectName, SECItem *smimeOptions, SECItem *optionsDate, unsigned int flags)
static SECStatus DeleteDBSMimeEntry (NSSLOWCERTCertDBHandle *handle, char *emailAddr)
certDBEntrySMimensslowcert_ReadDBSMimeEntry (NSSLOWCERTCertDBHandle *handle, char *emailAddr)
static SECStatus WriteDBSMimeEntry (NSSLOWCERTCertDBHandle *handle, certDBEntrySMime *entry)
static SECStatus EncodeDBSubjectEntry (certDBEntrySubject *entry, PRArenaPool *arena, SECItem *dbitem)
static SECStatus EncodeDBSubjectKey (SECItem *derSubject, PRArenaPool *arena, SECItem *dbkey)
static SECStatus DecodeDBSubjectEntry (certDBEntrySubject *entry, SECItem *dbentry, SECItem *derSubject)
static certDBEntrySubjectNewDBSubjectEntry (SECItem *derSubject, SECItem *certKey, SECItem *keyID, char *nickname, char *emailAddr, unsigned int flags)
static SECStatus DeleteDBSubjectEntry (NSSLOWCERTCertDBHandle *handle, SECItem *derSubject)
static certDBEntrySubjectReadDBSubjectEntry (NSSLOWCERTCertDBHandle *handle, SECItem *derSubject)
static SECStatus WriteDBSubjectEntry (NSSLOWCERTCertDBHandle *handle, certDBEntrySubject *entry)
static SECStatus nsslowcert_UpdateSubjectEmailAddr (NSSLOWCERTCertDBHandle *dbhandle, SECItem *derSubject, char *emailAddr, nsslowcertUpdateType updateType)
static SECStatus AddNicknameToSubject (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname)
static certDBEntryVersionNewDBVersionEntry (unsigned int flags)
static certDBEntryVersionReadDBVersionEntry (NSSLOWCERTCertDBHandle *handle)
static SECStatus WriteDBVersionEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryVersion *entry)
static SECStatus RemovePermSubjectNode (NSSLOWCERTCertificate *cert)
static SECStatus AddPermSubjectNode (certDBEntrySubject *entry, NSSLOWCERTCertificate *cert, char *nickname)
SECStatus nsslowcert_TraversePermCertsForSubject (NSSLOWCERTCertDBHandle *handle, SECItem *derSubject, NSSLOWCERTCertCallback cb, void *cbarg)
int nsslowcert_NumPermCertsForSubject (NSSLOWCERTCertDBHandle *handle, SECItem *derSubject)
SECStatus nsslowcert_TraversePermCertsForNickname (NSSLOWCERTCertDBHandle *handle, char *nickname, NSSLOWCERTCertCallback cb, void *cbarg)
int nsslowcert_NumPermCertsForNickname (NSSLOWCERTCertDBHandle *handle, char *nickname)
static SECStatus AddNicknameToPermCert (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname)
SECStatus nsslowcert_AddPermNickname (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname)
static certDBEntryCert * AddCertToPermDB (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust)
static SECStatus UpdateV7DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
static SECStatus UpdateV8DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
static SECStatus UpdateV6DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
static SECStatus updateV5Callback (NSSLOWCERTCertificate *cert, SECItem *k, void *pdata)
static SECStatus UpdateV5DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
static PRBool isV4DB (DB *db)
static SECStatus UpdateV4DB (NSSLOWCERTCertDBHandle *handle, DB *updatedb)
PRBool nsslowcert_CertDBKeyConflict (SECItem *derCert, NSSLOWCERTCertDBHandle *handle)
static PRBool nsslowcert_CertNicknameConflict (char *nickname, SECItem *derSubject, NSSLOWCERTCertDBHandle *handle)
static DBnsslowcert_openolddb (NSSLOWCERTDBNameFunc namecb, void *cbarg, int version)
static SECStatus openNewCertDB (const char *appName, const char *prefix, const char *certdbname, NSSLOWCERTCertDBHandle *handle, NSSLOWCERTDBNameFunc namecb, void *cbarg)
static int nsslowcert_GetVersionNumber (NSSLOWCERTCertDBHandle *handle)
static SECStatus nsslowcert_OpenPermCertDB (NSSLOWCERTCertDBHandle *handle, PRBool readOnly, const char *appName, const char *prefix, NSSLOWCERTDBNameFunc namecb, void *cbarg)
static SECStatus DeletePermCert (NSSLOWCERTCertificate *cert)
SECStatus nsslowcert_DeletePermCertificate (NSSLOWCERTCertificate *cert)
SECStatus nsslowcert_TraverseDBEntries (NSSLOWCERTCertDBHandle *handle, certDBEntryType type, SECStatus(*callback)(SECItem *data, SECItem *key, certDBEntryType type, void *pdata), void *udata)
static NSSLOWCERTCertificate * DecodeACert (NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry)
static NSSLOWCERTTrust * CreateTrust (void)
static void DestroyTrustFreeList (void)
static NSSLOWCERTTrust * DecodeTrustEntry (NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry, SECItem *dbKey)
static SECStatus certcallback (SECItem *dbdata, SECItem *dbkey, certDBEntryType type, void *data)
static SECStatus TraversePermCertsNoLocking (NSSLOWCERTCertDBHandle *handle, SECStatus(*certfunc)(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata), void *udata)
SECStatus nsslowcert_TraversePermCerts (NSSLOWCERTCertDBHandle *handle, SECStatus(*certfunc)(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata), void *udata)
void nsslowcert_ClosePermCertDB (NSSLOWCERTCertDBHandle *handle)
SECStatus nsslowcert_GetCertTrust (NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust)
SECStatus nsslowcert_ChangeCertTrust (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust)
SECStatus nsslowcert_AddPermCert (NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust)
SECStatus nsslowcert_OpenCertDB (NSSLOWCERTCertDBHandle *handle, PRBool readOnly, const char *appName, const char *prefix, NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile)
PRBool nsslowcert_needDBVerify (NSSLOWCERTCertDBHandle *handle)
void nsslowcert_setDBVerify (NSSLOWCERTCertDBHandle *handle, PRBool value)
static NSSLOWCERTCertificate * FindCertByKey (NSSLOWCERTCertDBHandle *handle, SECItem *certKey, PRBool lockdb)
static NSSLOWCERTTrust * FindTrustByKey (NSSLOWCERTCertDBHandle *handle, SECItem *certKey, PRBool lockdb)
NSSLOWCERTCertificate * nsslowcert_FindCertByKey (NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
NSSLOWCERTTrust * nsslowcert_FindTrustByKey (NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
NSSLOWCERTCertificate * nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN)
NSSLOWCERTTrust * nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN)
NSSLOWCERTCertificate * nsslowcert_FindCertByDERCert (NSSLOWCERTCertDBHandle *handle, SECItem *derCert)
static void DestroyCertificate (NSSLOWCERTCertificate *cert, PRBool lockdb)
NSSLOWCERTCertificate * nsslowcert_CreateCert (void)
static void DestroyCertFreeList (void)
void nsslowcert_DestroyTrust (NSSLOWCERTTrust *trust)
void nsslowcert_DestroyCertificate (NSSLOWCERTCertificate *cert)
certDBEntryRevocation * nsslowcert_FindCrlByKey (NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, PRBool isKRL)
SECStatus nsslowcert_AddCrl (NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, SECItem *crlKey, char *url, PRBool isKRL)
SECStatus nsslowcert_DeletePermCRL (NSSLOWCERTCertDBHandle *handle, SECItem *derName, PRBool isKRL)
PRBool nsslowcert_hasTrust (NSSLOWCERTCertTrust *trust)
SECStatus nsslowcert_SaveSMimeProfile (NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime)
void nsslowcert_DestroyFreeLists (void)
void nsslowcert_DestroyGlobalLocks (void)
certDBEntrynsslowcert_DecodeAnyDBEntry (SECItem *dbData, SECItem *dbKey, certDBEntryType entryType, void *pdata)

Variables

static NSSLOWCERTCertificate * certListHead = NULL
static NSSLOWCERTTrust * trustListHead = NULL
static certDBEntryCert * entryListHead = NULL
static int certListCount = 0
static int trustListCount = 0
static int entryListCount = 0
static PZLockdbLock = NULL
static PZLockcertRefCountLock = NULL
static PZLockcertTrustLock = NULL
static PZLockfreeListLock = NULL

Class Documentation

struct PermCertCallbackState

Definition at line 4402 of file pcertdb.c.

Class Members
PermCertCallback certfunc
void * data
NSSLOWCERTCertDBHandle * handle

Define Documentation

#define DB_NOT_FOUND   -30991 /* from DBM 3.2 */

Definition at line 318 of file pcertdb.c.

Definition at line 84 of file pcertdb.c.

Definition at line 86 of file pcertdb.c.

Definition at line 85 of file pcertdb.c.

Definition at line 4026 of file pcertdb.c.

Definition at line 4024 of file pcertdb.c.

Definition at line 4025 of file pcertdb.c.


Enumeration Type Documentation

Enumerator:
nsslowcert_remove 
nsslowcert_add 
nsslowcert_remove 
nsslowcert_add 

Definition at line 2694 of file pcertdb.c.


Function Documentation

static certDBEntryCert* AddCertToPermDB ( NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTCertificate *  cert,
char *  nickname,
NSSLOWCERTCertTrust *  trust 
) [static]

Definition at line 3351 of file pcertdb.c.

{
    certDBEntryCert *certEntry = NULL;
    certDBEntryNickname *nicknameEntry = NULL;
    certDBEntrySubject *subjectEntry = NULL;
    int state = 0;
    SECStatus rv;
    PRBool donnentry = PR_FALSE;

    if ( nickname ) {
       donnentry = PR_TRUE;
    }

    subjectEntry = ReadDBSubjectEntry(handle, &cert->derSubject);
       
    if ( subjectEntry && subjectEntry->nickname ) {
       donnentry = PR_FALSE;
       nickname = subjectEntry->nickname;
    }
    
    certEntry = NewDBCertEntry(&cert->derCert, nickname, trust, 0);
    if ( certEntry == NULL ) {
       goto loser;
    }
    
    if ( donnentry ) {
       nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0);
       if ( nicknameEntry == NULL ) {
           goto loser;
       }
    }
    
    rv = WriteDBCertEntry(handle, certEntry);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    state = 1;
    
    if ( nicknameEntry ) {
       rv = WriteDBNicknameEntry(handle, nicknameEntry);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    }
    
    state = 2;

    /* "Change" handles if necessary */
    if (cert->dbhandle) {
       sftk_freeCertDB(cert->dbhandle);
    }
    cert->dbhandle = nsslowcert_reference(handle);
    
    /* add to or create new subject entry */
    if ( subjectEntry ) {
       /* REWRITE BASED ON SUBJECT ENTRY */
       rv = AddPermSubjectNode(subjectEntry, cert, nickname);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    } else {
       /* make a new subject entry - this case is only used when updating
        * an old version of the database.  This is OK because the oldnickname
        * db format didn't allow multiple certs with the same subject.
        */
       /* where does subjectKeyID and certKey come from? */
       subjectEntry = NewDBSubjectEntry(&cert->derSubject, &cert->certKey,
                                    &cert->subjectKeyID, nickname,
                                    NULL, 0);
       if ( subjectEntry == NULL ) {
           goto loser;
       }
       rv = WriteDBSubjectEntry(handle, subjectEntry);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    }
    
    state = 3;
    
    if ( nicknameEntry ) {
       DestroyDBEntry((certDBEntry *)nicknameEntry);
    }
    
    if ( subjectEntry ) {
       DestroyDBEntry((certDBEntry *)subjectEntry);
    }

    return(certEntry);

loser:
    /* don't leave partial entry in the database */
    if ( state > 0 ) {
       rv = DeleteDBCertEntry(handle, &cert->certKey);
    }
    if ( ( state > 1 ) && donnentry ) {
       rv = DeleteDBNicknameEntry(handle, nickname);
    }
    if ( state > 2 ) {
       rv = DeleteDBSubjectEntry(handle, &cert->derSubject);
    }
    if ( certEntry ) {
       DestroyDBEntry((certDBEntry *)certEntry);
    }
    if ( nicknameEntry ) {
       DestroyDBEntry((certDBEntry *)nicknameEntry);
    }
    if ( subjectEntry ) {
       DestroyDBEntry((certDBEntry *)subjectEntry);
    }

    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus AddNicknameToPermCert ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname 
) [static]

Definition at line 3245 of file pcertdb.c.

{
    certDBEntryCert *entry;
    int rv;

    entry = cert->dbEntry;
    PORT_Assert(entry != NULL);
    if ( entry == NULL ) {
       goto loser;
    }

    pkcs11_freeNickname(entry->nickname,entry->nicknameSpace);
    entry->nickname = NULL;
    entry->nickname = pkcs11_copyNickname(nickname,entry->nicknameSpace,
                                   sizeof(entry->nicknameSpace));

    rv = WriteDBCertEntry(dbhandle, entry);
    if ( rv ) {
       goto loser;
    }

    pkcs11_freeNickname(cert->nickname,cert->nicknameSpace);
    cert->nickname = NULL;
    cert->nickname = pkcs11_copyNickname(nickname,cert->nicknameSpace,
                                   sizeof(cert->nicknameSpace));

    return(SECSuccess);
    
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus AddNicknameToSubject ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname 
) [static]

Definition at line 2777 of file pcertdb.c.

{
    certDBEntrySubject *entry;
    SECStatus rv;
    
    if ( nickname == NULL ) {
       return(SECFailure);
    }
    
    entry = ReadDBSubjectEntry(dbhandle,&cert->derSubject);
    PORT_Assert(entry != NULL);
    if ( entry == NULL ) {
       goto loser;
    }
    
    PORT_Assert(entry->nickname == NULL);
    if ( entry->nickname != NULL ) {
       goto loser;
    }
    
    entry->nickname = PORT_ArenaStrdup(entry->common.arena, nickname);
    
    if ( entry->nickname == NULL ) {
       goto loser;
    }
       
    /* delete the subject entry */
    DeleteDBSubjectEntry(dbhandle, &cert->derSubject);

    /* write the new one */
    rv = WriteDBSubjectEntry(dbhandle, entry);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus AddPermSubjectNode ( certDBEntrySubject entry,
NSSLOWCERTCertificate *  cert,
char *  nickname 
) [static]

Definition at line 3024 of file pcertdb.c.

{
    SECItem *newCertKeys, *newKeyIDs;
    unsigned int i, new_i;
    SECStatus rv;
    NSSLOWCERTCertificate *cmpcert;
    unsigned int nnlen;
    unsigned int ncerts;
    PRBool added = PR_FALSE;

    PORT_Assert(entry);    
    ncerts = entry->ncerts;
       
    if ( nickname && entry->nickname ) {
       /* nicknames must be the same */
       PORT_Assert(PORT_Strcmp(nickname, entry->nickname) == 0);
    }

    if ( ( entry->nickname == NULL ) && ( nickname != NULL ) ) {
       /* copy nickname into the entry */
       nnlen = PORT_Strlen(nickname) + 1;
       entry->nickname = (char *)PORT_ArenaAlloc(entry->common.arena,nnlen);
       if ( entry->nickname == NULL ) {
           return(SECFailure);
       }
       PORT_Memcpy(entry->nickname, nickname, nnlen);
    }
       
    /* a DB entry already exists, so add this cert */
    newCertKeys = (SECItem *)PORT_ArenaAlloc(entry->common.arena,
                                    sizeof(SECItem) * ( ncerts + 1 ) );
    newKeyIDs = (SECItem *)PORT_ArenaAlloc(entry->common.arena,
                                    sizeof(SECItem) * ( ncerts + 1 ) );

    if ( ( newCertKeys == NULL ) || ( newKeyIDs == NULL ) ) {
           return(SECFailure);
    }

    for ( i = 0, new_i=0; i < ncerts; i++ ) {
       cmpcert = nsslowcert_FindCertByKey(cert->dbhandle,
                                            &entry->certKeys[i]);
       /* The entry has been corrupted, remove it from the list */
       if (!cmpcert) {
           continue;
       }

       if ( nsslowcert_IsNewer(cert, cmpcert) ) {
           nsslowcert_DestroyCertificate(cmpcert);
           /* insert before cmpcert */
           rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i],
                                  &cert->certKey);
           if ( rv != SECSuccess ) {
              return(SECFailure);
           }
           rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i],
                                  &cert->subjectKeyID);
           if ( rv != SECSuccess ) {
              return(SECFailure);
           }
           new_i++;
           /* copy the rest of the entry */
           for ( ; i < ncerts; i++ ,new_i++) {
              newCertKeys[new_i] = entry->certKeys[i];
              newKeyIDs[new_i] = entry->keyIDs[i];
           }

           /* update certKeys and keyIDs */
           entry->certKeys = newCertKeys;
           entry->keyIDs = newKeyIDs;
              
           /* set new count value */
           entry->ncerts = new_i;
           added = PR_TRUE;
           break;
       }
       nsslowcert_DestroyCertificate(cmpcert);
       /* copy this cert entry */
       newCertKeys[new_i] = entry->certKeys[i];
       newKeyIDs[new_i] = entry->keyIDs[i];
       new_i++; /* only increment if we copied the entries */
    }

    if ( !added ) {
       /* insert new one at end */
       rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i],
                              &cert->certKey);
       if ( rv != SECSuccess ) {
           return(SECFailure);
       }
       rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i],
                              &cert->subjectKeyID);
       if ( rv != SECSuccess ) {
           return(SECFailure);
       }
       new_i++;

       /* update certKeys and keyIDs */
       entry->certKeys = newCertKeys;
       entry->keyIDs = newKeyIDs;
              
       /* increment count */
       entry->ncerts = new_i;
    }
    DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
    rv = WriteDBSubjectEntry(cert->dbhandle, entry);
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus certcallback ( SECItem *  dbdata,
SECItem *  dbkey,
certDBEntryType  type,
void data 
) [static]

Definition at line 4412 of file pcertdb.c.

{
    PermCertCallbackState *mystate;
    SECStatus rv;
    certDBEntryCert *entry;
    SECItem entryitem;
    NSSLOWCERTCertificate *cert;
    PRArenaPool *arena = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }
    
    entry = (certDBEntryCert *)PORT_ArenaAlloc(arena, sizeof(certDBEntryCert));
    mystate = (PermCertCallbackState *)data;
    entry->common.version = (unsigned int)dbdata->data[0];
    entry->common.type = (certDBEntryType)dbdata->data[1];
    entry->common.flags = (unsigned int)dbdata->data[2];
    entry->common.arena = arena;
    
    entryitem.len = dbdata->len - SEC_DB_ENTRY_HEADER_LEN;
    entryitem.data = &dbdata->data[SEC_DB_ENTRY_HEADER_LEN];
    
    rv = DecodeDBCertEntry(entry, &entryitem);
    if (rv != SECSuccess ) {
       goto loser;
    }
    entry->derCert.type = siBuffer;
   
    /* note: Entry is 'inheritted'.  */
    cert = DecodeACert(mystate->handle, entry);

    rv = (* mystate->certfunc)(cert, dbkey, mystate->data);

    /* arena stored in entry destroyed by nsslowcert_DestroyCertificate */
    nsslowcert_DestroyCertificateNoLocking(cert);

    return(rv);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void certdb_Close ( DB db) [static]

Definition at line 357 of file pcertdb.c.

{
    PRStatus prstat;

    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    (* db->close)(db);
    
    prstat = PZ_Unlock(dbLock);

    return;
}

Here is the caller graph for this function:

static int certdb_Del ( DB db,
DBT key,
unsigned int  flags 
) [static]

Definition at line 320 of file pcertdb.c.

{
    PRStatus prstat;
    int ret;

    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    ret = (* db->del)(db, key, flags);
    
    prstat = PZ_Unlock(dbLock);

    /* don't fail if the record is already deleted */
    if (ret == DB_NOT_FOUND) {
       ret = 0;
    }

    return(ret);
}

Here is the caller graph for this function:

static int certdb_Get ( DB db,
DBT key,
DBT data,
unsigned int  flags 
) [static]

Definition at line 271 of file pcertdb.c.

{
    PRStatus prstat;
    int ret;
    
    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    ret = (* db->get)(db, key, data, flags);

    prstat = PZ_Unlock(dbLock);

    return(ret);
}

Here is the caller graph for this function:

void certdb_InitDBLock ( NSSLOWCERTCertDBHandle *  handle)

Definition at line 98 of file pcertdb.c.

Here is the caller graph for this function:

static int certdb_Put ( DB db,
DBT key,
DBT data,
unsigned int  flags 
) [static]

Definition at line 287 of file pcertdb.c.

{
    PRStatus prstat;
    int ret = 0;

    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    ret = (* db->put)(db, key, data, flags);
    
    prstat = PZ_Unlock(dbLock);

    return(ret);
}

Here is the caller graph for this function:

static int certdb_Seq ( DB db,
DBT key,
DBT data,
unsigned int  flags 
) [static]

Definition at line 341 of file pcertdb.c.

{
    PRStatus prstat;
    int ret;
    
    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);
    
    ret = (* db->seq)(db, key, data, flags);

    prstat = PZ_Unlock(dbLock);

    return(ret);
}

Here is the caller graph for this function:

static int certdb_Sync ( DB db,
unsigned int  flags 
) [static]

Definition at line 303 of file pcertdb.c.

{
    PRStatus prstat;
    int ret;

    PORT_Assert(dbLock != NULL);
    PZ_Lock(dbLock);

    ret = (* db->sync)(db, flags);
    
    prstat = PZ_Unlock(dbLock);

    return(ret);
}

Here is the caller graph for this function:

static certDBEntryCert* CreateCertEntry ( void  ) [static]

Definition at line 1053 of file pcertdb.c.

{
    certDBEntryCert *entry;

    nsslowcert_LockFreeList();
    entry = entryListHead;
    if (entry) {
       entryListCount--;
       entryListHead = entry->next;
    }
    PORT_Assert(entryListCount >= 0);
    nsslowcert_UnlockFreeList();
    if (entry) {
       return entry;
    }

    return PORT_ZNew(certDBEntryCert);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTTrust* CreateTrust ( void  ) [static]

Definition at line 4343 of file pcertdb.c.

{
    NSSLOWCERTTrust *trust = NULL;

    nsslowcert_LockFreeList();
    trust = trustListHead;
    if (trust) {
       trustListCount--;
       trustListHead = trust->next;
    }
    PORT_Assert(trustListCount >= 0);
    nsslowcert_UnlockFreeList();
    if (trust) {
       return trust;
    }

    return PORT_ZNew(NSSLOWCERTTrust);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTCertificate* DecodeACert ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryCert *  entry 
) [static]

Definition at line 4322 of file pcertdb.c.

{
    NSSLOWCERTCertificate *cert = NULL;
    
    cert = nsslowcert_DecodeDERCertificate(&entry->derCert, entry->nickname );
    
    if ( cert == NULL ) {
       goto loser;
    }

    cert->dbhandle = nsslowcert_reference(handle);
    cert->dbEntry = entry;
    cert->trust = &entry->trust;

    return(cert);

loser:
    return(0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBCertEntry ( certDBEntryCert *  entry,
SECItem *  dbentry 
) [static]

Definition at line 735 of file pcertdb.c.

{
    unsigned int nnlen;
    unsigned int headerlen;
    int lenoff;

    /* allow updates of old versions of the database */
    switch ( entry->common.version ) {
      case 5:
       headerlen = DB_CERT_V5_ENTRY_HEADER_LEN;
       lenoff = 3;
       break;
      case 6:
       /* should not get here */
       PORT_Assert(0);
       headerlen = DB_CERT_V6_ENTRY_HEADER_LEN;
       lenoff = 3;
       break;
      case 7:
      case 8:
       headerlen = DB_CERT_ENTRY_HEADER_LEN;
       lenoff = 6;
       break;
      default:
       /* better not get here */
       PORT_Assert(0);
       headerlen = DB_CERT_V5_ENTRY_HEADER_LEN;
       lenoff = 3;
       break;
    }
    
    /* is record long enough for header? */
    if ( dbentry->len < headerlen ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* is database entry correct length? */
    entry->derCert.len = ( ( dbentry->data[lenoff] << 8 ) |
                       dbentry->data[lenoff+1] );
    nnlen = ( ( dbentry->data[lenoff+2] << 8 ) | dbentry->data[lenoff+3] );
    if ( ( entry->derCert.len + nnlen + headerlen )
       != dbentry->len) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* copy the dercert */

    entry->derCert.data = pkcs11_copyStaticData(&dbentry->data[headerlen],
       entry->derCert.len,entry->derCertSpace,sizeof(entry->derCertSpace));
    if ( entry->derCert.data == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    /* copy the nickname */
    if ( nnlen > 1 ) {
       entry->nickname = (char *)pkcs11_copyStaticData(
                     &dbentry->data[headerlen+entry->derCert.len], nnlen,
                     (unsigned char *)entry->nicknameSpace, 
                     sizeof(entry->nicknameSpace));
       if ( entry->nickname == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
    } else {
       entry->nickname = NULL;
    }
    
    if ( entry->common.version < 7 ) {
       /* allow updates of v5 db */
       entry->trust.sslFlags = dbentry->data[0];
       entry->trust.emailFlags = dbentry->data[1];
       entry->trust.objectSigningFlags = dbentry->data[2];
    } else {
       entry->trust.sslFlags = ( dbentry->data[0] << 8 ) | dbentry->data[1];
       entry->trust.emailFlags = ( dbentry->data[2] << 8 ) | dbentry->data[3];
       entry->trust.objectSigningFlags =
           ( dbentry->data[4] << 8 ) | dbentry->data[5];
    }
    
    return(SECSuccess);
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBCrlEntry ( certDBEntryRevocation *  entry,
SECItem *  dbentry 
) [static]

Definition at line 1188 of file pcertdb.c.

{
    unsigned int nnlen;
    
    /* is record long enough for header? */
    if ( dbentry->len < DB_CRL_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* is database entry correct length? */
    entry->derCrl.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
    nnlen = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
    if ( ( entry->derCrl.len + nnlen + DB_CRL_ENTRY_HEADER_LEN )
       != dbentry->len) {
      /* CRL entry is greater than 64 K. Hack to make this continue to work */
      if (dbentry->len >= (0xffff - DB_CRL_ENTRY_HEADER_LEN) - nnlen) {
          entry->derCrl.len = 
                      (dbentry->len - DB_CRL_ENTRY_HEADER_LEN) - nnlen;
      } else {
          PORT_SetError(SEC_ERROR_BAD_DATABASE);
          goto loser;
      }    
    }
    
    /* copy the dercert */
    entry->derCrl.data = (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                                  entry->derCrl.len);
    if ( entry->derCrl.data == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    PORT_Memcpy(entry->derCrl.data, &dbentry->data[DB_CRL_ENTRY_HEADER_LEN],
             entry->derCrl.len);

    /* copy the url */
    entry->url = NULL;
    if (nnlen != 0) {
       entry->url = (char *)PORT_ArenaAlloc(entry->common.arena, nnlen);
       if ( entry->url == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->url,
             &dbentry->data[DB_CRL_ENTRY_HEADER_LEN + entry->derCrl.len],
             nnlen);
    }
    
    return(SECSuccess);
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBNicknameEntry ( certDBEntryNickname entry,
SECItem *  dbentry,
char *  nickname 
) [static]

Definition at line 1512 of file pcertdb.c.

{
    /* is record long enough for header? */
    if ( dbentry->len < DB_NICKNAME_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* is database entry correct length? */
    entry->subjectName.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
    if (( entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN ) !=
       dbentry->len ){
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* copy the certkey */
    entry->subjectName.data =
       (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                    entry->subjectName.len);
    if ( entry->subjectName.data == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    PORT_Memcpy(entry->subjectName.data,
             &dbentry->data[DB_NICKNAME_ENTRY_HEADER_LEN],
             entry->subjectName.len);
    entry->subjectName.type = siBuffer;
    
    entry->nickname = (char *)PORT_ArenaAlloc(entry->common.arena, 
                                              PORT_Strlen(nickname)+1);
    if ( entry->nickname ) {
       PORT_Strcpy(entry->nickname, nickname);
    }
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBSMimeEntry ( certDBEntrySMime entry,
SECItem *  dbentry,
char *  emailAddr 
) [static]

Definition at line 1841 of file pcertdb.c.

{
    /* is record long enough for header? */
    if ( dbentry->len < DB_SMIME_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* is database entry correct length? */
    entry->subjectName.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
    entry->smimeOptions.len = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
    entry->optionsDate.len = ( ( dbentry->data[4] << 8 ) | dbentry->data[5] );
    if (( entry->subjectName.len + entry->smimeOptions.len +
        entry->optionsDate.len + DB_SMIME_ENTRY_HEADER_LEN ) != dbentry->len){
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* copy the subject name */
    entry->subjectName.data =
       (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                    entry->subjectName.len);
    if ( entry->subjectName.data == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    PORT_Memcpy(entry->subjectName.data,
             &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN],
             entry->subjectName.len);

    /* copy the smime options */
    if ( entry->smimeOptions.len ) {
       entry->smimeOptions.data =
           (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                        entry->smimeOptions.len);
       if ( entry->smimeOptions.data == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->smimeOptions.data,
                  &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
                               entry->subjectName.len],
                  entry->smimeOptions.len);
    }
    if ( entry->optionsDate.len ) {
       entry->optionsDate.data =
           (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
                                        entry->optionsDate.len);
       if ( entry->optionsDate.data == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->optionsDate.data,
                  &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
                               entry->subjectName.len +
                               entry->smimeOptions.len],
                  entry->optionsDate.len);
    }

    /* both options and options date must either exist or not exist */
    if ( ( ( entry->optionsDate.len == 0 ) ||
         ( entry->smimeOptions.len == 0 ) ) &&
       entry->smimeOptions.len != entry->optionsDate.len ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    entry->emailAddr = (char *)PORT_ArenaAlloc(entry->common.arena,
                                          PORT_Strlen(emailAddr)+1);
    if ( entry->emailAddr ) {
       PORT_Strcpy(entry->emailAddr, emailAddr);
    }
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DecodeDBSubjectEntry ( certDBEntrySubject entry,
SECItem *  dbentry,
SECItem *  derSubject 
) [static]

Definition at line 2281 of file pcertdb.c.

{
    unsigned int ncerts;
    PRArenaPool *arena;
    unsigned int len, itemlen;
    unsigned char *tmpbuf;
    unsigned char *end;
    unsigned int i;
    SECStatus rv;
    unsigned int keyidoff;
    unsigned int nnlen, eaddrlen;
    unsigned int stdlen;
    
    arena = entry->common.arena;

    rv = SECITEM_CopyItem(arena, &entry->derSubject, derSubject);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* is record long enough for header? */
    if ( dbentry->len < DB_SUBJECT_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    entry->ncerts = ncerts = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] );
    nnlen = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] );
    eaddrlen = ( ( dbentry->data[4] << 8 ) | dbentry->data[5] );
    stdlen = ncerts * 4 + DB_SUBJECT_ENTRY_HEADER_LEN + nnlen + eaddrlen;
    if ( dbentry->len < stdlen) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    entry->certKeys = (SECItem *)PORT_ArenaAlloc(arena,
                                           sizeof(SECItem) * ncerts);
    entry->keyIDs = (SECItem *)PORT_ArenaAlloc(arena,
                                          sizeof(SECItem) * ncerts);

    if ( ( entry->certKeys == NULL ) || ( entry->keyIDs == NULL ) ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    if ( nnlen > 1 ) { /* null terminator is stored */
       entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
       if ( entry->nickname == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->nickname,
                  &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN],
                  nnlen);
    } else {
       entry->nickname = NULL;
    }

    /* if we have an old style email entry, there is only one */    
    entry->nemailAddrs = 0;
    if ( eaddrlen > 1 ) { /* null terminator is stored */
       entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *));
       if ( entry->emailAddrs == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       entry->emailAddrs[0] = (char *)PORT_ArenaAlloc(arena, eaddrlen);
       if ( entry->emailAddrs[0] == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->emailAddrs[0],
                  &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN+nnlen],
                  eaddrlen);
        entry->nemailAddrs = 1;
    } else {
       entry->emailAddrs = NULL;
    }
    
    /* collect the lengths of the certKeys and keyIDs, and total the
     * overall length.
     */
    keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN + nnlen + eaddrlen;
    len = keyidoff + 4 * ncerts;

    tmpbuf = &dbentry->data[0];
    
    for ( i = 0; i < ncerts; i++ ) {

       itemlen = ( tmpbuf[keyidoff + 2*i] << 8 ) | tmpbuf[keyidoff + 1 + 2*i] ;
       len += itemlen;
       entry->certKeys[i].len = itemlen;

       itemlen = ( tmpbuf[keyidoff + 2*ncerts + 2*i] << 8 ) |
           tmpbuf[keyidoff + 1 + 2*ncerts + 2*i] ;
       len += itemlen;
       entry->keyIDs[i].len = itemlen;
    }
    
    /* is database entry correct length? */
    if ( len > dbentry->len ){
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    tmpbuf = &tmpbuf[keyidoff + 4*ncerts];
    for ( i = 0; i < ncerts; i++ ) {
       entry->certKeys[i].data =
           (unsigned char *)PORT_ArenaAlloc(arena, entry->certKeys[i].len);
       if ( entry->certKeys[i].data == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->certKeys[i].data, tmpbuf, entry->certKeys[i].len);
       tmpbuf = &tmpbuf[entry->certKeys[i].len];
    }

    for ( i = 0; i < ncerts; i++ ) {
       entry->keyIDs[i].data =
           (unsigned char *)PORT_ArenaAlloc(arena, entry->keyIDs[i].len);
       if ( entry->keyIDs[i].data == NULL ) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       PORT_Memcpy(entry->keyIDs[i].data, tmpbuf, entry->keyIDs[i].len);
       tmpbuf = &tmpbuf[entry->keyIDs[i].len];
    }

    end = &dbentry->data[dbentry->len];
    if ((eaddrlen == 0) && (tmpbuf+1 < end)) {
       /* read in the additional email addresses */
       entry->nemailAddrs = tmpbuf[0] << 8 | tmpbuf[1];
       tmpbuf += 2;
       entry->emailAddrs = (char **)
              PORT_ArenaAlloc(arena, entry->nemailAddrs * sizeof(char *));
       if (entry->emailAddrs == NULL) {
           PORT_SetError(SEC_ERROR_NO_MEMORY);
           goto loser;
       }
       for (i=0; i < entry->nemailAddrs; i++) {
           int nameLen;
           if (tmpbuf + 2 > end) {
              goto loser;
           }

           nameLen = tmpbuf[0] << 8 | tmpbuf[1];
           entry->emailAddrs[i] = PORT_ArenaAlloc(arena,nameLen);
           if (entry->emailAddrs == NULL) {
               PORT_SetError(SEC_ERROR_NO_MEMORY);
               goto loser;
           }
           if (tmpbuf + (nameLen+2) > end) {
              goto loser;
           }
           PORT_Memcpy(entry->emailAddrs[i],&tmpbuf[2],nameLen);
           tmpbuf += 2 + nameLen;
       }
    }
    
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTTrust* DecodeTrustEntry ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryCert *  entry,
SECItem *  dbKey 
) [static]

Definition at line 4379 of file pcertdb.c.

{
    NSSLOWCERTTrust *trust = CreateTrust();
    if (trust == NULL) {
       return trust;
    }
    trust->dbhandle = nsslowcert_reference(handle);
    trust->dbEntry = entry;
    trust->dbKey.data = pkcs11_copyStaticData(dbKey->data,dbKey->len,
                            trust->dbKeySpace, sizeof(trust->dbKeySpace));
    if (!trust->dbKey.data) {
       PORT_Free(trust);
       return NULL;
    }
    trust->dbKey.len = dbKey->len;
 
    trust->trust = &entry->trust;
    trust->derCert = &entry->derCert;

    return(trust);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryCert* DecodeV4DBCertEntry ( unsigned char *  buf,
int  len 
) [static]

Definition at line 893 of file pcertdb.c.

{
    certDBEntryCert *entry;
    int certlen;
    int nnlen;
    PRArenaPool *arena;
    
    /* make sure length is at least long enough for the header */
    if ( len < DBCERT_V4_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return(0);
    }

    /* get other lengths */
    certlen = buf[3] << 8 | buf[4];
    nnlen = buf[5] << 8 | buf[6];
    
    /* make sure DB entry is the right size */
    if ( ( certlen + nnlen + DBCERT_V4_HEADER_LEN ) != len ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return(0);
    }

    /* allocate arena */
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );

    if ( !arena ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       return(0);
    }
       
    /* allocate structure and members */
    entry = (certDBEntryCert *)  PORT_ArenaAlloc(arena, sizeof(certDBEntryCert));

    if ( !entry ) {
       goto loser;
    }

    entry->common.arena = arena;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.type = certDBEntryTypeCert;
    entry->common.flags = 0;
    entry->trust.sslFlags = buf[0];
    entry->trust.emailFlags = buf[1];
    entry->trust.objectSigningFlags = buf[2];

    entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(arena, certlen);
    if ( !entry->derCert.data ) {
       goto loser;
    }
    entry->derCert.len = certlen;
    PORT_Memcpy(entry->derCert.data, &buf[DBCERT_V4_HEADER_LEN], certlen);

    if ( nnlen ) {
        entry->nickname = (char *) PORT_ArenaAlloc(arena, nnlen);
        if ( !entry->nickname ) {
            goto loser;
        }
        PORT_Memcpy(entry->nickname, &buf[DBCERT_V4_HEADER_LEN + certlen], nnlen);
        
        if (PORT_Strcmp(entry->nickname, "Server-Cert") == 0) {
            entry->trust.sslFlags |= CERTDB_USER;
        }
    } else {
        entry->nickname = 0;
    }

    return(entry);
    
loser:
    PORT_FreeArena(arena, PR_FALSE);
    PORT_SetError(SEC_ERROR_NO_MEMORY);
    return(0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBCertEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey 
) [static]

Definition at line 1022 of file pcertdb.c.

{
    SECItem dbkey;
    SECStatus rv;

    dbkey.data= NULL;
    dbkey.len = 0;

    rv = EncodeDBCertKey(certKey, NULL, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = DeleteDBEntry(handle, certDBEntryTypeCert, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    if (dbkey.data) {
       PORT_Free(dbkey.data);
    }
    return(SECSuccess);

loser:
    if (dbkey.data) {
       PORT_Free(dbkey.data);
    }
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBCrlEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  crlKey,
certDBEntryType  crlType 
) [static]

Definition at line 1346 of file pcertdb.c.

{
    SECItem dbkey;
    PRArenaPool *arena = NULL;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }

    rv = EncodeDBGenericKey(crlKey, arena, &dbkey, crlType);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = DeleteDBEntry(handle, crlType, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    return(SECSuccess);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBEntry ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryType  type,
SECItem *  dbkey 
) [static]

Definition at line 475 of file pcertdb.c.

{
    DBT key;
    int ret;

    /* init the database key */
    key.data = dbkey->data;
    key.size = dbkey->len;
    
    dbkey->data[0] = (unsigned char)type;

    /* delete entry from database */
    ret = certdb_Del(handle->permCertDB, &key, 0 );
    if ( ret != 0 ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    ret = certdb_Sync(handle->permCertDB, 0);
    if ( ret ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    return(SECSuccess);
    
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBNicknameEntry ( NSSLOWCERTCertDBHandle *  handle,
char *  nickname 
) [static]

Definition at line 1612 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    SECStatus rv;
    SECItem dbkey;
    
    if ( nickname == NULL ) {
       return(SECSuccess);
    }
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }

    rv = EncodeDBNicknameKey(nickname, arena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    rv = DeleteDBEntry(handle, certDBEntryTypeNickname, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    return(SECSuccess);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBSMimeEntry ( NSSLOWCERTCertDBHandle *  handle,
char *  emailAddr 
) [static]

Definition at line 2004 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    SECStatus rv;
    SECItem dbkey;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }

    rv = EncodeDBSMimeKey(emailAddr, arena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    rv = DeleteDBEntry(handle, certDBEntryTypeSMimeProfile, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    return(SECSuccess);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeleteDBSubjectEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derSubject 
) [static]

Definition at line 2556 of file pcertdb.c.

{
    SECItem dbkey;
    PRArenaPool *arena = NULL;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }
    
    rv = EncodeDBSubjectKey(derSubject, arena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = DeleteDBEntry(handle, certDBEntryTypeSubject, &dbkey);
    if ( rv == SECFailure ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    return(SECSuccess);

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus DeletePermCert ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 4220 of file pcertdb.c.

{
    SECStatus rv;
    SECStatus ret;

    ret = SECSuccess;
    
    rv = DeleteDBCertEntry(cert->dbhandle, &cert->certKey);
    if ( rv != SECSuccess ) {
       ret = SECFailure;
    }
    
    rv = RemovePermSubjectNode(cert);


    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyCertEntryFreeList ( void  ) [static]

Definition at line 1073 of file pcertdb.c.

{
    certDBEntryCert *entry;

    nsslowcert_LockFreeList();
    while (NULL != (entry = entryListHead)) {
       entryListCount--;
       entryListHead = entry->next;
       PORT_Free(entry);
    }
    PORT_Assert(!entryListCount);
    entryListCount = 0;
    nsslowcert_UnlockFreeList();
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyCertFreeList ( void  ) [static]

Definition at line 5090 of file pcertdb.c.

{
    NSSLOWCERTCertificate *cert;

    nsslowcert_LockFreeList();
    while (NULL != (cert = certListHead)) {
       certListCount--;
       certListHead = cert->next;
       PORT_Free(cert);
    }
    PORT_Assert(!certListCount);
    certListCount = 0;
    nsslowcert_UnlockFreeList();
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyCertificate ( NSSLOWCERTCertificate *  cert,
PRBool  lockdb 
) [static]

Definition at line 5005 of file pcertdb.c.

{
    int refCount;
    NSSLOWCERTCertDBHandle *handle;
    
    if ( cert ) {

       handle = cert->dbhandle;

       /*
        * handle may be NULL, for example if the cert was created with
        * nsslowcert_DecodeDERCertificate.
        */
       if ( lockdb && handle ) {
           nsslowcert_LockDB(handle);
           /* keep a reference until we unlock, so handle won't disappear
            * before we are through with it */
           nsslowcert_reference(handle);
       }

        nsslowcert_LockCertRefCount(cert);
       PORT_Assert(cert->referenceCount > 0);
       refCount = --cert->referenceCount;
        nsslowcert_UnlockCertRefCount(cert);

       if ( ( refCount == 0 ) ) {
           certDBEntryCert *entry  = cert->dbEntry;

           if ( entry ) {
              DestroyDBEntry((certDBEntry *)entry);
            }

           pkcs11_freeNickname(cert->nickname,cert->nicknameSpace);
           pkcs11_freeStaticData(cert->certKey.data,cert->certKeySpace);
           cert->certKey.data = NULL;
           cert->nickname = NULL;

           /* zero cert before freeing. Any stale references to this cert
            * after this point will probably cause an exception.  */
           PORT_Memset(cert, 0, sizeof *cert);

           /* use reflock to protect the free list */
           nsslowcert_LockFreeList();
           if (certListCount > MAX_CERT_LIST_COUNT) {
              PORT_Free(cert);
           } else {
              certListCount++;
              cert->next = certListHead;
              certListHead = cert;
           }
           nsslowcert_UnlockFreeList();
           if (handle) {
               sftk_freeCertDB(handle);
           }
              
           cert = NULL;
        }
       if ( lockdb && handle ) {
           nsslowcert_UnlockDB(handle);
           sftk_freeCertDB(handle);
       }
    }

    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyDBEntry ( certDBEntry entry) [static]

Definition at line 434 of file pcertdb.c.

{
    PRArenaPool *arena = entry->common.arena;

    /* must be one of our certDBEntry from the free list */
    if (arena == NULL) {
       certDBEntryCert *certEntry;
       if ( entry->common.type != certDBEntryTypeCert) {
           return;
       }
       certEntry = (certDBEntryCert *)entry;

       pkcs11_freeStaticData(certEntry->derCert.data, certEntry->derCertSpace);
       pkcs11_freeNickname(certEntry->nickname, certEntry->nicknameSpace);

       nsslowcert_LockFreeList();
       if (entryListCount > MAX_ENTRY_LIST_COUNT) {
           PORT_Free(certEntry);
       } else {
           entryListCount++;
           PORT_Memset(certEntry, 0, sizeof( *certEntry));
           certEntry->next = entryListHead;
           entryListHead = certEntry;
       }
       nsslowcert_UnlockFreeList();
       return;
    }


    /* Zero out the entry struct, so that any further attempts to use it
     * will cause an exception (e.g. null pointer reference). */
    PORT_Memset(&entry->common, 0, sizeof entry->common);
    PORT_FreeArena(arena, PR_FALSE);

    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void DestroyTrustFreeList ( void  ) [static]

Definition at line 4363 of file pcertdb.c.

{
    NSSLOWCERTTrust *trust;

    nsslowcert_LockFreeList();
    while (NULL != (trust = trustListHead)) {
       trustListCount--;
       trustListHead = trust->next;
       PORT_Free(trust);
    }
    PORT_Assert(!trustListCount);
    trustListCount = 0;
    nsslowcert_UnlockFreeList();
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBCertEntry ( certDBEntryCert *  entry,
PRArenaPool arena,
SECItem *  dbitem 
) [static]

Definition at line 623 of file pcertdb.c.

{
    unsigned int nnlen;
    unsigned char *buf;
    char *nn;
    char zbuf = 0;
    
    if ( entry->nickname ) {
       nn = entry->nickname;
    } else {
       nn = &zbuf;
    }
    nnlen = PORT_Strlen(nn) + 1;
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = entry->derCert.len + nnlen + DB_CERT_ENTRY_HEADER_LEN +
       SEC_DB_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( entry->trust.sslFlags >> 8 ) & 0xff;
    buf[1] = entry->trust.sslFlags & 0xff;
    buf[2] = ( entry->trust.emailFlags >> 8 ) & 0xff;
    buf[3] = entry->trust.emailFlags & 0xff;
    buf[4] = ( entry->trust.objectSigningFlags >> 8 ) & 0xff;
    buf[5] = entry->trust.objectSigningFlags & 0xff;
    buf[6] = ( entry->derCert.len >> 8 ) & 0xff;
    buf[7] = entry->derCert.len & 0xff;
    buf[8] = ( nnlen >> 8 ) & 0xff;
    buf[9] = nnlen & 0xff;
    
    PORT_Memcpy(&buf[DB_CERT_ENTRY_HEADER_LEN], entry->derCert.data,
             entry->derCert.len);

    PORT_Memcpy(&buf[DB_CERT_ENTRY_HEADER_LEN + entry->derCert.len],
             nn, nnlen);

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBCertKey ( SECItem *  certKey,
PRArenaPool arena,
SECItem *  dbkey 
) [static]

Definition at line 679 of file pcertdb.c.

{
    unsigned int len = certKey->len + SEC_DB_KEY_HEADER_LEN;
    if (arena) {
       dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
    } else {
       if (dbkey->len < len) {
           dbkey->data = (unsigned char *)PORT_Alloc(len);
       }
    }
    dbkey->len = len;
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN],
             certKey->data, certKey->len);
    dbkey->data[0] = certDBEntryTypeCert;

    return(SECSuccess);
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBCrlEntry ( certDBEntryRevocation *  entry,
PRArenaPool arena,
SECItem *  dbitem 
) [static]

Definition at line 1144 of file pcertdb.c.

{
    unsigned int nnlen = 0;
    unsigned char *buf;
  
    if (entry->url) {  
       nnlen = PORT_Strlen(entry->url) + 1;
    }
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = entry->derCrl.len + nnlen 
              + SEC_DB_ENTRY_HEADER_LEN + DB_CRL_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( entry->derCrl.len >> 8 ) & 0xff;
    buf[1] = entry->derCrl.len & 0xff;
    buf[2] = ( nnlen >> 8 ) & 0xff;
    buf[3] = nnlen & 0xff;
    
    PORT_Memcpy(&buf[DB_CRL_ENTRY_HEADER_LEN], entry->derCrl.data,
             entry->derCrl.len);

    if (nnlen != 0) {
       PORT_Memcpy(&buf[DB_CRL_ENTRY_HEADER_LEN + entry->derCrl.len],
             entry->url, nnlen);
    }

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBGenericKey ( SECItem *  certKey,
PRArenaPool arena,
SECItem *  dbkey,
certDBEntryType  entryType 
) [static]

Definition at line 703 of file pcertdb.c.

{
    /*
     * we only allow _one_ KRL key!
     */
    if (entryType == certDBEntryTypeKeyRevocation) {
       dbkey->len = SEC_DB_KEY_HEADER_LEN;
       dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
       if ( dbkey->data == NULL ) {
           goto loser;
       }
        dbkey->data[0] = (unsigned char) entryType;
        return(SECSuccess);
    }
    

    dbkey->len = certKey->len + SEC_DB_KEY_HEADER_LEN;
    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN],
             certKey->data, certKey->len);
    dbkey->data[0] = (unsigned char) entryType;

    return(SECSuccess);
loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBNicknameEntry ( certDBEntryNickname entry,
PRArenaPool arena,
SECItem *  dbitem 
) [static]

Definition at line 1454 of file pcertdb.c.

{
    unsigned char *buf;
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN +
       SEC_DB_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( entry->subjectName.len >> 8 ) & 0xff;
    buf[1] = entry->subjectName.len & 0xff;
    
    PORT_Memcpy(&buf[DB_NICKNAME_ENTRY_HEADER_LEN], entry->subjectName.data,
             entry->subjectName.len);

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBNicknameKey ( char *  nickname,
PRArenaPool arena,
SECItem *  dbkey 
) [static]

Definition at line 1489 of file pcertdb.c.

{
    unsigned int nnlen;
    
    nnlen = PORT_Strlen(nickname) + 1; /* includes null */

    /* now get the database key and format it */
    dbkey->len = nnlen + SEC_DB_KEY_HEADER_LEN;
    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], nickname, nnlen);
    dbkey->data[0] = certDBEntryTypeNickname;

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus EncodeDBSMimeEntry ( certDBEntrySMime entry,
PRArenaPool arena,
SECItem *  dbitem 
)

Definition at line 1761 of file pcertdb.c.

{
    unsigned char *buf;
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = entry->subjectName.len + entry->smimeOptions.len +
       entry->optionsDate.len +
       DB_SMIME_ENTRY_HEADER_LEN + SEC_DB_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( entry->subjectName.len >> 8 ) & 0xff;
    buf[1] = entry->subjectName.len & 0xff;
    buf[2] = ( entry->smimeOptions.len >> 8 ) & 0xff;
    buf[3] = entry->smimeOptions.len & 0xff;
    buf[4] = ( entry->optionsDate.len >> 8 ) & 0xff;
    buf[5] = entry->optionsDate.len & 0xff;

    /* if no smime options, then there should not be an options date either */
    PORT_Assert( ! ( ( entry->smimeOptions.len == 0 ) &&
                  ( entry->optionsDate.len != 0 ) ) );
    
    PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN], entry->subjectName.data,
             entry->subjectName.len);
    if ( entry->smimeOptions.len ) {
       PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN+entry->subjectName.len],
                  entry->smimeOptions.data,
                  entry->smimeOptions.len);
       PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN + entry->subjectName.len +
                      entry->smimeOptions.len],
                  entry->optionsDate.data,
                  entry->optionsDate.len);
    }

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBSMimeKey ( char *  emailAddr,
PRArenaPool arena,
SECItem *  dbkey 
) [static]

Definition at line 1815 of file pcertdb.c.

{
    unsigned int addrlen;
    
    addrlen = PORT_Strlen(emailAddr) + 1; /* includes null */

    /* now get the database key and format it */
    dbkey->len = addrlen + SEC_DB_KEY_HEADER_LEN;
    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], emailAddr, addrlen);
    dbkey->data[0] = certDBEntryTypeSMimeProfile;

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBSubjectEntry ( certDBEntrySubject entry,
PRArenaPool arena,
SECItem *  dbitem 
) [static]

Definition at line 2152 of file pcertdb.c.

{
    unsigned char *buf;
    int len;
    unsigned int ncerts;
    unsigned int i;
    unsigned char *tmpbuf;
    unsigned int nnlen = 0;
    unsigned int eaddrslen = 0;
    int keyidoff;
    SECItem *certKeys;
    SECItem *keyIDs;
    
    if ( entry->nickname ) {
       nnlen = PORT_Strlen(entry->nickname) + 1;
    }
    if ( entry->emailAddrs ) {
       eaddrslen = 2;
       for (i=0; i < entry->nemailAddrs; i++) {
           eaddrslen += PORT_Strlen(entry->emailAddrs[i]) + 1 + 2;
       }
    }

    ncerts = entry->ncerts;
    
    /* compute the length of the entry */
    keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN + nnlen ;
    len = keyidoff + 4 * ncerts + eaddrslen;
    for ( i = 0; i < ncerts; i++ ) {
       len += entry->certKeys[i].len;
       len += entry->keyIDs[i].len;
    }
    
    /* allocate space for encoded database record, including space
     * for low level header
     */
    dbitem->len = len + SEC_DB_ENTRY_HEADER_LEN;
    
    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
    if ( dbitem->data == NULL) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    /* fill in database record */
    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
    
    buf[0] = ( ncerts >> 8 ) & 0xff;
    buf[1] = ncerts & 0xff;
    buf[2] = ( nnlen >> 8 ) & 0xff;
    buf[3] = nnlen & 0xff;
    /* v7 email field is NULL in v8 */
    buf[4] = 0;
    buf[5] = 0;

    PORT_Memcpy(&buf[DB_SUBJECT_ENTRY_HEADER_LEN], entry->nickname, nnlen);
    
    for ( i = 0; i < ncerts; i++ ) {

       certKeys = entry->certKeys;
       keyIDs = entry->keyIDs;

       buf[keyidoff+i*2] = ( certKeys[i].len >> 8 ) & 0xff;
       buf[keyidoff+1+i*2] = certKeys[i].len & 0xff;
       buf[keyidoff+ncerts*2+i*2] = ( keyIDs[i].len >> 8 ) & 0xff;
       buf[keyidoff+1+ncerts*2+i*2] = keyIDs[i].len & 0xff;
    }
    
    /* temp pointer used to stuff certkeys and keyids into the buffer */
    tmpbuf = &buf[keyidoff+ncerts*4];

    for ( i = 0; i < ncerts; i++ ) {
       certKeys = entry->certKeys;
       PORT_Memcpy(tmpbuf, certKeys[i].data, certKeys[i].len);
       tmpbuf = tmpbuf + certKeys[i].len;
    }
    
    for ( i = 0; i < ncerts; i++ ) {
       keyIDs = entry->keyIDs;
       PORT_Memcpy(tmpbuf, keyIDs[i].data, keyIDs[i].len);
       tmpbuf = tmpbuf + keyIDs[i].len;
    }

    if (entry->emailAddrs) {
       tmpbuf[0] =  (entry->nemailAddrs >> 8) & 0xff;
       tmpbuf[1] =  entry->nemailAddrs  & 0xff;
       tmpbuf += 2;
       for (i=0; i < entry->nemailAddrs; i++) {
           int nameLen = PORT_Strlen(entry->emailAddrs[i]) + 1;
           tmpbuf[0] =  (nameLen >> 8) & 0xff;
           tmpbuf[1] =  nameLen & 0xff;
           tmpbuf += 2;
           PORT_Memcpy(tmpbuf,entry->emailAddrs[i],nameLen);
           tmpbuf +=nameLen;
       }
    }

    PORT_Assert(tmpbuf == &buf[len]);
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus EncodeDBSubjectKey ( SECItem *  derSubject,
PRArenaPool arena,
SECItem *  dbkey 
) [static]

Definition at line 2262 of file pcertdb.c.

{
    dbkey->len = derSubject->len + SEC_DB_KEY_HEADER_LEN;
    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
    if ( dbkey->data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], derSubject->data,
             derSubject->len);
    dbkey->data[0] = certDBEntryTypeSubject;

    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTCertificate* FindCertByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey,
PRBool  lockdb 
) [static]

Definition at line 4698 of file pcertdb.c.

{
    NSSLOWCERTCertificate *cert = NULL;
    certDBEntryCert *entry;
    PRBool locked = PR_FALSE;
    
    if ( lockdb ) {
       locked = PR_TRUE;
       nsslowcert_LockDB(handle);
    }
       
    /* find in perm database */
    entry = ReadDBCertEntry(handle, certKey);
       
    if ( entry == NULL ) {
       goto loser;
    }
  
    /* inherit entry */  
    cert = DecodeACert(handle, entry);

loser:
    if (cert == NULL) {
       if (entry) {
           DestroyDBEntry((certDBEntry *)entry);
       }
    }

    if ( locked ) {
       nsslowcert_UnlockDB(handle);
    }
    
    return(cert);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWCERTTrust* FindTrustByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey,
PRBool  lockdb 
) [static]

Definition at line 4737 of file pcertdb.c.

{
    NSSLOWCERTTrust *trust = NULL;
    certDBEntryCert *entry;
    PRBool locked = PR_FALSE;
    
    if ( lockdb ) {
       locked = PR_TRUE;
       nsslowcert_LockDB(handle);
    }
       
    /* find in perm database */
    entry = ReadDBCertEntry(handle, certKey);
       
    if ( entry == NULL ) {
       goto loser;
    }

    if (!nsslowcert_hasTrust(&entry->trust)) {
       goto loser;
    }
  
    /* inherit entry */  
    trust = DecodeTrustEntry(handle, entry, certKey);

loser:
    if (trust == NULL) {
       if (entry) {
           DestroyDBEntry((certDBEntry *)entry);
       }
    }

    if ( locked ) {
       nsslowcert_UnlockDB(handle);
    }
    
    return(trust);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRBool isV4DB ( DB db) [static]

Definition at line 3866 of file pcertdb.c.

               {
    DBT key,data;
    int ret;

    key.data = "Version";
    key.size = 7;

    ret = (*db->get)(db, &key, &data, 0);
    if (ret) {
       return PR_FALSE;
    }

    if ((data.size == 1) && (*(unsigned char *)data.data <= 4))  {
       return PR_TRUE;
    }

    return PR_FALSE;
}

Here is the caller graph for this function:

static certDBEntryCert* NewDBCertEntry ( SECItem *  derCert,
char *  nickname,
NSSLOWCERTCertTrust *  trust,
int  flags 
) [static]

Definition at line 827 of file pcertdb.c.

{
    certDBEntryCert *entry;
    PRArenaPool *arena = NULL;
    int nnlen;
    
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );

    if ( !arena ) {
       goto loser;
    }
       
    entry = PORT_ArenaZNew(arena, certDBEntryCert);
    if ( entry == NULL ) {
       goto loser;
    }
    
    /* fill in the dbCert */
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeCert;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;
    
    if ( trust ) {
       entry->trust = *trust;
    }

    entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(arena, derCert->len);
    if ( !entry->derCert.data ) {
       goto loser;
    }
    entry->derCert.len = derCert->len;
    PORT_Memcpy(entry->derCert.data, derCert->data, derCert->len);
    
    nnlen = ( nickname ? strlen(nickname) + 1 : 0 );
    
    if ( nnlen ) {
       entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
       if ( !entry->nickname ) {
           goto loser;
       }
       PORT_Memcpy(entry->nickname, nickname, nnlen);
       
    } else {
       entry->nickname = 0;
    }

    return(entry);

loser:
    
    /* allocation error, free arena and return */
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    PORT_SetError(SEC_ERROR_NO_MEMORY);
    return(0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryRevocation* NewDBCrlEntry ( SECItem *  derCrl,
char *  url,
certDBEntryType  crlType,
int  flags 
) [static]

Definition at line 1245 of file pcertdb.c.

{
    certDBEntryRevocation *entry;
    PRArenaPool *arena = NULL;
    int nnlen;
    
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE );

    if ( !arena ) {
       goto loser;
    }
       
    entry = PORT_ArenaZNew(arena, certDBEntryRevocation);
    if ( entry == NULL ) {
       goto loser;
    }
    
    /* fill in the dbRevolcation */
    entry->common.arena = arena;
    entry->common.type = crlType;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;
    

    entry->derCrl.data = (unsigned char *)PORT_ArenaAlloc(arena, derCrl->len);
    if ( !entry->derCrl.data ) {
       goto loser;
    }

    if (url) {
       nnlen = PORT_Strlen(url) + 1;
       entry->url  = (char *)PORT_ArenaAlloc(arena, nnlen);
       if ( !entry->url ) {
           goto loser;
       }
       PORT_Memcpy(entry->url, url, nnlen);
    } else {
       entry->url = NULL;
    }

       
    entry->derCrl.len = derCrl->len;
    PORT_Memcpy(entry->derCrl.data, derCrl->data, derCrl->len);

    return(entry);

loser:
    
    /* allocation error, free arena and return */
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    PORT_SetError(SEC_ERROR_NO_MEMORY);
    return(0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryNickname* NewDBNicknameEntry ( char *  nickname,
SECItem *  subjectName,
unsigned int  flags 
) [static]

Definition at line 1558 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    certDBEntryNickname *entry;
    int nnlen;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    entry = (certDBEntryNickname *)PORT_ArenaAlloc(arena,
                                           sizeof(certDBEntryNickname));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    /* init common fields */
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeNickname;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;

    /* copy the nickname */
    nnlen = PORT_Strlen(nickname) + 1;
    
    entry->nickname = (char*)PORT_ArenaAlloc(arena, nnlen);
    if ( entry->nickname == NULL ) {
       goto loser;
    }
    
    PORT_Memcpy(entry->nickname, nickname, nnlen);
    
    rv = SECITEM_CopyItem(arena, &entry->subjectName, subjectName);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    return(entry);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntrySMime* NewDBSMimeEntry ( char *  emailAddr,
SECItem *  subjectName,
SECItem *  smimeOptions,
SECItem *  optionsDate,
unsigned int  flags 
) [static]

Definition at line 1924 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    certDBEntrySMime *entry;
    int addrlen;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
                                          sizeof(certDBEntrySMime));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    /* init common fields */
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeSMimeProfile;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;

    /* copy the email addr */
    addrlen = PORT_Strlen(emailAddr) + 1;
    
    entry->emailAddr = (char*)PORT_ArenaAlloc(arena, addrlen);
    if ( entry->emailAddr == NULL ) {
       goto loser;
    }
    
    PORT_Memcpy(entry->emailAddr, emailAddr, addrlen);
    
    /* copy the subject name */
    rv = SECITEM_CopyItem(arena, &entry->subjectName, subjectName);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* copy the smime options */
    if ( smimeOptions ) {
       rv = SECITEM_CopyItem(arena, &entry->smimeOptions, smimeOptions);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    } else {
       PORT_Assert(optionsDate == NULL);
       entry->smimeOptions.data = NULL;
       entry->smimeOptions.len = 0;
    }

    /* copy the options date */
    if ( optionsDate ) {
       rv = SECITEM_CopyItem(arena, &entry->optionsDate, optionsDate);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    } else {
       PORT_Assert(smimeOptions == NULL);
       entry->optionsDate.data = NULL;
       entry->optionsDate.len = 0;
    }
    
    return(entry);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntrySubject* NewDBSubjectEntry ( SECItem *  derSubject,
SECItem *  certKey,
SECItem *  keyID,
char *  nickname,
char *  emailAddr,
unsigned int  flags 
) [static]

Definition at line 2452 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    certDBEntrySubject *entry;
    SECStatus rv;
    unsigned int nnlen;
    unsigned int eaddrlen;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    entry = (certDBEntrySubject *)PORT_ArenaAlloc(arena,
                                            sizeof(certDBEntrySubject));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    /* init common fields */
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeSubject;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;

    /* copy the subject */
    rv = SECITEM_CopyItem(arena, &entry->derSubject, derSubject);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    entry->ncerts = 1;
    entry->nemailAddrs = 0;
    /* copy nickname */
    if ( nickname && ( *nickname != '\0' ) ) {
       nnlen = PORT_Strlen(nickname) + 1;
       entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
       if ( entry->nickname == NULL ) {
           goto loser;
       }
                                            
       PORT_Memcpy(entry->nickname, nickname, nnlen);
    } else {
       entry->nickname = NULL;
    }
    
    /* copy email addr */
    if ( emailAddr && ( *emailAddr != '\0' ) ) {
       emailAddr = nsslowcert_FixupEmailAddr(emailAddr);
       if ( emailAddr == NULL ) {
           entry->emailAddrs = NULL;
           goto loser;
       }
       
       eaddrlen = PORT_Strlen(emailAddr) + 1;
       entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *));
       if ( entry->emailAddrs == NULL ) {
           PORT_Free(emailAddr);
           goto loser;
       }
       entry->emailAddrs[0] = PORT_ArenaStrdup(arena,emailAddr);
       if (entry->emailAddrs[0]) {
           entry->nemailAddrs = 1;
       } 
       
       PORT_Free(emailAddr);
    } else {
       entry->emailAddrs = NULL;
    }
    
    /* allocate space for certKeys and keyIDs */
    entry->certKeys = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
    entry->keyIDs = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
    if ( ( entry->certKeys == NULL ) || ( entry->keyIDs == NULL ) ) {
       goto loser;
    }

    /* copy the certKey and keyID */
    rv = SECITEM_CopyItem(arena, &entry->certKeys[0], certKey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    rv = SECITEM_CopyItem(arena, &entry->keyIDs[0], keyID);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    return(entry);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryVersion* NewDBVersionEntry ( unsigned int  flags) [static]

Definition at line 2823 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    certDBEntryVersion *entry;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    entry = (certDBEntryVersion *)PORT_ArenaAlloc(arena,
                                          sizeof(certDBEntryVersion));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeVersion;
    entry->common.version = CERT_DB_FILE_VERSION;
    entry->common.flags = flags;

    return(entry);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_AddCrl ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derCrl,
SECItem *  crlKey,
char *  url,
PRBool  isKRL 
)

Definition at line 5218 of file pcertdb.c.

{
    SECStatus rv;

    rv = db_BeginTransaction(handle->permCertDB);
    if (rv != SECSuccess) {
       return SECFailure;
    }
    rv = nsslowcert_UpdateCrl(handle, derCrl, crlKey, url, isKRL);

    db_FinishTransaction(handle->permCertDB, rv != SECSuccess);
    return rv;
}
SECStatus nsslowcert_AddPermCert ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname,
NSSLOWCERTCertTrust *  trust 
)

Definition at line 4629 of file pcertdb.c.

{
    SECStatus ret;
    SECStatus rv;

    nsslowcert_LockDB(dbhandle);
    rv = db_BeginTransaction(dbhandle->permCertDB);
    if (rv != SECSuccess) {
       nsslowcert_UnlockDB(dbhandle);
       return SECFailure;
    }

    ret = nsslowcert_UpdatePermCert(dbhandle, cert, nickname, trust);
    
    db_FinishTransaction(dbhandle->permCertDB, ret != SECSuccess);
    nsslowcert_UnlockDB(dbhandle);
    return(ret);
}
SECStatus nsslowcert_AddPermNickname ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname 
)

Definition at line 3283 of file pcertdb.c.

{
    SECStatus rv = SECFailure;
    certDBEntrySubject *entry = NULL;
    certDBEntryNickname *nicknameEntry = NULL;
    
    nsslowcert_LockDB(dbhandle);

    entry = ReadDBSubjectEntry(dbhandle, &cert->derSubject);
    if (entry == NULL) goto loser;

    if ( entry->nickname == NULL ) {

       /* no nickname for subject */
       rv = AddNicknameToSubject(dbhandle, cert, nickname);
       if ( rv != SECSuccess ) {
           goto loser;
       }
       rv = AddNicknameToPermCert(dbhandle, cert, nickname);
       if ( rv != SECSuccess ) {
           goto loser;
       }
       nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0);
       if ( nicknameEntry == NULL ) {
           goto loser;
       }
    
       rv = WriteDBNicknameEntry(dbhandle, nicknameEntry);
       if ( rv != SECSuccess ) {
           goto loser;
       }
    } else {
       /* subject already has a nickname */
       rv = AddNicknameToPermCert(dbhandle, cert, entry->nickname);
       if ( rv != SECSuccess ) {
           goto loser;
       }
       /* make sure nickname entry exists. If the database was corrupted,
        * we may have lost the nickname entry. Add it back now  */
       nicknameEntry = ReadDBNicknameEntry(dbhandle, entry->nickname);
       if (nicknameEntry == NULL ) {
           nicknameEntry = NewDBNicknameEntry(entry->nickname, 
                                                 &cert->derSubject, 0);
           if ( nicknameEntry == NULL ) {
              goto loser;
           }
    
           rv = WriteDBNicknameEntry(dbhandle, nicknameEntry);
           if ( rv != SECSuccess ) {
              goto loser;
           }
       }
    }
    rv = SECSuccess;

loser:
    if (entry) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    if (nicknameEntry) {
       DestroyDBEntry((certDBEntry *)nicknameEntry);
    }
    nsslowcert_UnlockDB(dbhandle);
    return(rv);
}
PRBool nsslowcert_CertDBKeyConflict ( SECItem *  derCert,
NSSLOWCERTCertDBHandle *  handle 
)

Definition at line 3941 of file pcertdb.c.

{
    SECStatus rv;
    DBT tmpdata;
    DBT namekey;
    int ret;
    SECItem keyitem;
    PRArenaPool *arena = NULL;
    SECItem derKey;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }

    /* get the db key of the cert */
    rv = nsslowcert_KeyFromDERCert(arena, derCert, &derKey);
    if ( rv != SECSuccess ) {
        goto loser;
    }

    rv = EncodeDBCertKey(&derKey, arena, &keyitem);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    namekey.data = keyitem.data;
    namekey.size = keyitem.len;
    
    ret = certdb_Get(handle->permCertDB, &namekey, &tmpdata, 0);
    if ( ret == 0 ) {
       goto loser;
    }

    PORT_FreeArena(arena, PR_FALSE);
    
    return(PR_FALSE);
loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(PR_TRUE);
}
static PRBool nsslowcert_CertNicknameConflict ( char *  nickname,
SECItem *  derSubject,
NSSLOWCERTCertDBHandle *  handle 
) [static]

Definition at line 3992 of file pcertdb.c.

{
    PRBool rv;
    certDBEntryNickname *entry;
    
    if ( nickname == NULL ) {
       return(PR_FALSE);
    }
    
    entry = ReadDBNicknameEntry(handle, nickname);

    if ( entry == NULL ) {
       /* no entry for this nickname, so no conflict */
       return(PR_FALSE);
    }

    rv = PR_TRUE;
    if ( SECITEM_CompareItem(derSubject, &entry->subjectName) == SECEqual ) {
       /* if subject names are the same, then no conflict */
       rv = PR_FALSE;
    }

    DestroyDBEntry((certDBEntry *)entry);
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus nsslowcert_ChangeCertTrust ( NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTCertificate *  cert,
NSSLOWCERTCertTrust *  trust 
)

Definition at line 4548 of file pcertdb.c.

{
    certDBEntryCert *entry;
    int rv;
    SECStatus ret;
    
    nsslowcert_LockDB(handle);
    nsslowcert_LockCertTrust(cert);
    /* only set the trust on permanent certs */
    if ( cert->trust == NULL ) {
       ret = SECFailure;
       goto done;
    }

    *cert->trust = *trust;
    if ( cert->dbEntry == NULL ) {
       ret = SECSuccess; /* not in permanent database */
       goto done;
    }
    
    entry = cert->dbEntry;
    entry->trust = *trust;
    
    rv = WriteDBCertEntry(handle, entry);
    if ( rv ) {
       ret = SECFailure;
       goto done;
    }

    ret = SECSuccess;
    
done:
    nsslowcert_UnlockCertTrust(cert);
    nsslowcert_UnlockDB(handle);
    return(ret);
}
void nsslowcert_ClosePermCertDB ( NSSLOWCERTCertDBHandle *  handle)

Definition at line 4507 of file pcertdb.c.

{
    if ( handle ) {
       if ( handle->permCertDB ) {
           certdb_Close( handle->permCertDB );
           handle->permCertDB = NULL;
       }
       if (handle->dbMon) {
           PZ_DestroyMonitor(handle->dbMon);
           handle->dbMon = NULL;
       }
    }
    return;
}
NSSLOWCERTCertificate* nsslowcert_CreateCert ( void  )

Definition at line 5072 of file pcertdb.c.

{
    NSSLOWCERTCertificate *cert;
    nsslowcert_LockFreeList();
    cert = certListHead;
    if (cert) {
       certListHead = cert->next;
       certListCount--;
    }
    PORT_Assert(certListCount >= 0);
    nsslowcert_UnlockFreeList();
    if (cert) {
       return cert;
    }
    return PORT_ZNew(NSSLOWCERTCertificate);
}
certDBEntry* nsslowcert_DecodeAnyDBEntry ( SECItem *  dbData,
SECItem *  dbKey,
certDBEntryType  entryType,
void pdata 
)

Definition at line 5376 of file pcertdb.c.

{
    PLArenaPool *arena = NULL;
    certDBEntry *entry;
    SECStatus rv;
    SECItem dbEntry;


    if ((dbData->len < SEC_DB_ENTRY_HEADER_LEN) || (dbKey->len == 0)) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       goto loser;
    }
    dbEntry.data = &dbData->data[SEC_DB_ENTRY_HEADER_LEN];
    dbEntry.len  = dbData->len - SEC_DB_ENTRY_HEADER_LEN;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       goto loser;
    }
    entry = PORT_ArenaZNew(arena, certDBEntry);
    if (!entry)
       goto loser;

    entry->common.version = (unsigned int)dbData->data[0];
    entry->common.flags   = (unsigned int)dbData->data[2];
    entry->common.type    = entryType;
    entry->common.arena   = arena;

    switch (entryType) {
    case certDBEntryTypeContentVersion: /* This type appears to be unused */
    case certDBEntryTypeVersion:        /* This type has only the common hdr */
       rv = SECSuccess;
       break;

    case certDBEntryTypeSubject:
       rv = DecodeDBSubjectEntry(&entry->subject, &dbEntry, dbKey);
       break;

    case certDBEntryTypeNickname:
       rv = DecodeDBNicknameEntry(&entry->nickname, &dbEntry,
                                   (char *)dbKey->data);
       break;

    /* smime profiles need entries created after the certs have
     * been imported, loop over them in a second run */
    case certDBEntryTypeSMimeProfile:
       rv = DecodeDBSMimeEntry(&entry->smime, &dbEntry, (char *)dbKey->data);
       break;

    case certDBEntryTypeCert:
       rv = DecodeDBCertEntry(&entry->cert, &dbEntry);
       break;

    case certDBEntryTypeKeyRevocation:
    case certDBEntryTypeRevocation:
       rv = DecodeDBCrlEntry(&entry->revocation, &dbEntry);
       break;

    default:
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       rv = SECFailure;
    }

    if (rv == SECSuccess)
       return entry;

loser:
    if (arena)
       PORT_FreeArena(arena, PR_FALSE);
    return NULL;
}
SECStatus nsslowcert_DeletePermCertificate ( NSSLOWCERTCertificate *  cert)

Definition at line 4242 of file pcertdb.c.

{
    SECStatus rv;
    
    nsslowcert_LockDB(cert->dbhandle);

    rv = db_BeginTransaction(cert->dbhandle->permCertDB);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    /* delete the records from the permanent database */
    rv = DeletePermCert(cert);

    /* get rid of dbcert and stuff pointing to it */
    DestroyDBEntry((certDBEntry *)cert->dbEntry);
    cert->dbEntry = NULL;
    cert->trust = NULL;

    db_FinishTransaction(cert->dbhandle->permCertDB,rv != SECSuccess);
loser:
       
    nsslowcert_UnlockDB(cert->dbhandle);
    return(rv);
}
SECStatus nsslowcert_DeletePermCRL ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derName,
PRBool  isKRL 
)

Definition at line 5234 of file pcertdb.c.

{
    SECStatus rv;
    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation  
                                   : certDBEntryTypeRevocation;
    rv = db_BeginTransaction(handle->permCertDB);
    if (rv != SECSuccess) {
       return SECFailure;
    }
    
    rv = DeleteDBCrlEntry(handle, derName, crlType);
    if (rv != SECSuccess) goto done;
  
done:
    db_FinishTransaction(handle->permCertDB, rv != SECSuccess);
    return rv;
}
void nsslowcert_DestroyCertificate ( NSSLOWCERTCertificate *  cert)

Definition at line 5133 of file pcertdb.c.

static void nsslowcert_DestroyCertificateNoLocking ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 5140 of file pcertdb.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1444 of file pcertdb.c.

{
    DestroyDBEntry(entry);
    return;
}
void nsslowcert_DestroyTrust ( NSSLOWCERTTrust *  trust)

Definition at line 5106 of file pcertdb.c.

{
    certDBEntryCert *entry  = trust->dbEntry;

    if ( entry ) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    if (trust->dbhandle) {
       sftk_freeCertDB(trust->dbhandle);
    }
    pkcs11_freeStaticData(trust->dbKey.data,trust->dbKeySpace);
    PORT_Memset(trust, 0, sizeof(*trust));

    nsslowcert_LockFreeList();
    if (trustListCount > MAX_TRUST_LIST_COUNT) {
       PORT_Free(trust);
    } else {
       trustListCount++;
       trust->next = trustListHead;
       trustListHead = trust;
    }
    nsslowcert_UnlockFreeList();

    return;
}
NSSLOWCERTCertificate* nsslowcert_DupCertificate ( NSSLOWCERTCertificate *  c)

Definition at line 260 of file pcertdb.c.

{
    if (c) {
       nsslowcert_LockCertRefCount(c);
       ++c->referenceCount;
       nsslowcert_UnlockCertRefCount(c);
    }
    return c;
}
NSSLOWCERTCertificate* nsslowcert_FindCertByDERCert ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derCert 
)

Definition at line 4977 of file pcertdb.c.

{
    PRArenaPool *arena;
    SECItem certKey;
    SECStatus rv;
    NSSLOWCERTCertificate *cert = NULL;
    
    /* create a scratch arena */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       return(NULL);
    }
    
    /* extract the database key from the cert */
    rv = nsslowcert_KeyFromDERCert(arena, derCert, &certKey);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* find the certificate */
    cert = nsslowcert_FindCertByKey(handle, &certKey);
    
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return(cert);
}
NSSLOWCERTCertificate* nsslowcert_FindCertByDERCertNoLocking ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derCert 
)
NSSLOWCERTCertificate* nsslowcert_FindCertByIssuerAndSN ( NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTIssuerAndSN *  issuerAndSN 
)

Definition at line 4799 of file pcertdb.c.

{
    SECItem certKey;
    SECItem *sn = &issuerAndSN->serialNumber;
    SECItem *issuer = &issuerAndSN->derIssuer;
    NSSLOWCERTCertificate *cert;
    int data_left = sn->len-1;
    int data_len = sn->len;
    int index = 0;

    /* automatically detect DER encoded serial numbers and remove the der
     * encoding since the database expects unencoded data. 
     * if it's DER encoded, there must be at least 3 bytes, tag, len, data */
    if ((sn->len >= 3) && (sn->data[0] == 0x2)) {
       /* remove the der encoding of the serial number before generating the
        * key.. */
       data_left = sn->len-2;
       data_len = sn->data[1];
       index = 2;

       /* extended length ? (not very likely for a serial number) */
       if (data_len & 0x80) {
           int len_count = data_len & 0x7f;

           data_len = 0;
           data_left -= len_count;
           if (data_left > 0) {
              while (len_count --) {
                  data_len = (data_len << 8) | sn->data[index++];
              }
           } 
       }
       /* XXX leaving any leading zeros on the serial number for backwards
        * compatibility
        */
       /* not a valid der, must be just an unlucky serial number value */
       if (data_len != data_left) {
           data_len = sn->len;
           index = 0;
       }
    }

    certKey.type = 0;
    certKey.data = (unsigned char*)PORT_Alloc(sn->len + issuer->len);
    certKey.len = data_len + issuer->len;
    
    if ( certKey.data == NULL ) {
       return(0);
    }

    /* first try the serial number as hand-decoded above*/
    /* copy the serialNumber */
    PORT_Memcpy(certKey.data, &sn->data[index], data_len);

    /* copy the issuer */
    PORT_Memcpy( &certKey.data[data_len],issuer->data,issuer->len);

    cert = nsslowcert_FindCertByKey(handle, &certKey);
    if (cert) {
       PORT_Free(certKey.data);
       return (cert);
    }

    /* didn't find it, try by der encoded serial number */
    /* copy the serialNumber */
    PORT_Memcpy(certKey.data, sn->data, sn->len);

    /* copy the issuer */
    PORT_Memcpy( &certKey.data[sn->len], issuer->data, issuer->len);
    certKey.len = sn->len + issuer->len;

    cert = nsslowcert_FindCertByKey(handle, &certKey);
    
    PORT_Free(certKey.data);
    
    return(cert);
}
NSSLOWCERTCertificate* nsslowcert_FindCertByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey 
)

Definition at line 4780 of file pcertdb.c.

{
    return(FindCertByKey(handle, certKey, PR_FALSE));
}
certDBEntryRevocation* nsslowcert_FindCrlByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  crlKey,
PRBool  isKRL 
)

Definition at line 5151 of file pcertdb.c.

{
    SECItem keyitem;
    DBT key;
    SECStatus rv;
    PRArenaPool *arena = NULL;
    certDBEntryRevocation *entry = NULL;
    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation  
                                   : certDBEntryTypeRevocation;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       goto loser;
    }
    
    rv = EncodeDBGenericKey(crlKey, arena, &keyitem, crlType);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    key.data = keyitem.data;
    key.size = keyitem.len;

    /* find in perm database */
    entry = ReadDBCrlEntry(handle, crlKey, crlType);
       
    if ( entry == NULL ) {
       goto loser;
    }

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return entry;
}
NSSLOWCERTTrust* nsslowcert_FindTrustByIssuerAndSN ( NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTIssuerAndSN *  issuerAndSN 
)

Definition at line 4882 of file pcertdb.c.

{
    SECItem certKey;
    SECItem *sn = &issuerAndSN->serialNumber;
    SECItem *issuer = &issuerAndSN->derIssuer;
    NSSLOWCERTTrust *trust;
    unsigned char keyBuf[512];
    int data_left = sn->len-1;
    int data_len = sn->len;
    int index = 0;
    int len;

    /* automatically detect DER encoded serial numbers and remove the der
     * encoding since the database expects unencoded data. 
     * if it's DER encoded, there must be at least 3 bytes, tag, len, data */
    if ((sn->len >= 3) && (sn->data[0] == 0x2)) {
       /* remove the der encoding of the serial number before generating the
        * key.. */
       data_left = sn->len-2;
       data_len = sn->data[1];
       index = 2;

       /* extended length ? (not very likely for a serial number) */
       if (data_len & 0x80) {
           int len_count = data_len & 0x7f;

           data_len = 0;
           data_left -= len_count;
           if (data_left > 0) {
              while (len_count --) {
                  data_len = (data_len << 8) | sn->data[index++];
              }
           } 
       }
       /* XXX leaving any leading zeros on the serial number for backwards
        * compatibility
        */
       /* not a valid der, must be just an unlucky serial number value */
       if (data_len != data_left) {
           data_len = sn->len;
           index = 0;
       }
    }

    certKey.type = 0;
    certKey.len = data_len + issuer->len;
    len = sn->len + issuer->len;
    if (len > sizeof (keyBuf)) {
       certKey.data = (unsigned char*)PORT_Alloc(len);
    } else {
       certKey.data = keyBuf;
    }
    
    if ( certKey.data == NULL ) {
       return(0);
    }

    /* first try the serial number as hand-decoded above*/
    /* copy the serialNumber */
    PORT_Memcpy(certKey.data, &sn->data[index], data_len);

    /* copy the issuer */
    PORT_Memcpy( &certKey.data[data_len],issuer->data,issuer->len);

    trust = nsslowcert_FindTrustByKey(handle, &certKey);
    if (trust) {
       pkcs11_freeStaticData(certKey.data, keyBuf);
       return (trust);
    }

    if (index == 0) {
       pkcs11_freeStaticData(certKey.data, keyBuf);
       return NULL;
    }

    /* didn't find it, try by der encoded serial number */
    /* copy the serialNumber */
    PORT_Memcpy(certKey.data, sn->data, sn->len);

    /* copy the issuer */
    PORT_Memcpy( &certKey.data[sn->len], issuer->data, issuer->len);
    certKey.len = sn->len + issuer->len;

    trust = nsslowcert_FindTrustByKey(handle, &certKey);
    
    pkcs11_freeStaticData(certKey.data, keyBuf);
    
    return(trust);
}
NSSLOWCERTTrust* nsslowcert_FindTrustByKey ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey 
)

Definition at line 4789 of file pcertdb.c.

{
    return(FindTrustByKey(handle, certKey, PR_FALSE));
}
SECStatus nsslowcert_GetCertTrust ( NSSLOWCERTCertificate *  cert,
NSSLOWCERTCertTrust *  trust 
)

Definition at line 4526 of file pcertdb.c.

{
    SECStatus rv;
    
    nsslowcert_LockCertTrust(cert);
    
    if ( cert->trust == NULL ) {
       rv = SECFailure;
    } else {
       *trust = *cert->trust;
       rv = SECSuccess;
    }
    
    nsslowcert_UnlockCertTrust(cert);
    return(rv);
}
static int nsslowcert_GetVersionNumber ( NSSLOWCERTCertDBHandle *  handle) [static]

Definition at line 4115 of file pcertdb.c.

{
    certDBEntryVersion *versionEntry = NULL;
    int version = 0;

    versionEntry = ReadDBVersionEntry(handle); 
    if ( versionEntry == NULL ) {
       return 0;
    }
    version = versionEntry->common.version;
    DestroyDBEntry((certDBEntry *)versionEntry);
    return version;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool nsslowcert_hasTrust ( NSSLOWCERTCertTrust *  trust)

Definition at line 5255 of file pcertdb.c.

{
    if (trust == NULL) {
       return PR_FALSE;
    }
    return !((trust->sslFlags & CERTDB_TRUSTED_UNKNOWN) && 
              (trust->emailFlags & CERTDB_TRUSTED_UNKNOWN) && 
                     (trust->objectSigningFlags & CERTDB_TRUSTED_UNKNOWN));
}
static void nsslowcert_LockCertRefCount ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 169 of file pcertdb.c.

Here is the caller graph for this function:

void nsslowcert_LockCertTrust ( NSSLOWCERTCertificate *  cert)

Definition at line 201 of file pcertdb.c.

Here is the caller graph for this function:

static void nsslowcert_LockDB ( NSSLOWCERTCertDBHandle *  handle) [static]

Definition at line 140 of file pcertdb.c.

{
    PZ_EnterMonitor(handle->dbMon);
    return;
}

Here is the caller graph for this function:

static void nsslowcert_LockFreeList ( void  ) [static]

Definition at line 234 of file pcertdb.c.

Here is the caller graph for this function:

PRBool nsslowcert_needDBVerify ( NSSLOWCERTCertDBHandle *  handle)

Definition at line 4681 of file pcertdb.c.

{
    if (!handle) return PR_FALSE;
    return handle->dbVerify;
}
int nsslowcert_NumPermCertsForNickname ( NSSLOWCERTCertDBHandle *  handle,
char *  nickname 
)

Definition at line 3224 of file pcertdb.c.

{
    certDBEntryNickname *entry;
    int ret;
    
    entry = ReadDBNicknameEntry(handle, nickname);
    
    if ( entry ) {
       ret = nsslowcert_NumPermCertsForSubject(handle, &entry->subjectName);
       DestroyDBEntry((certDBEntry *)entry);
    } else {
       ret = 0;
    }
    return(ret);
}
int nsslowcert_NumPermCertsForSubject ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derSubject 
)

Definition at line 3168 of file pcertdb.c.

{
    certDBEntrySubject *entry;
    int ret;
    
    entry = ReadDBSubjectEntry(handle, derSubject);

    if ( entry == NULL ) {
       return(SECFailure);
    }

    ret = entry->ncerts;
    
    DestroyDBEntry((certDBEntry *)entry);
    
    return(ret);
}
SECStatus nsslowcert_OpenCertDB ( NSSLOWCERTCertDBHandle *  handle,
PRBool  readOnly,
const char *  appName,
const char *  prefix,
NSSLOWCERTDBNameFunc  namecb,
void cbarg,
PRBool  openVolatile 
)

Definition at line 4654 of file pcertdb.c.

{
    int rv;

    certdb_InitDBLock(handle);
    
    handle->dbMon = PZ_NewMonitor(nssILockCertDB);
    PORT_Assert(handle->dbMon != NULL);
    handle->dbVerify = PR_FALSE;

    rv = nsslowcert_OpenPermCertDB(handle, readOnly, appName, prefix, 
                                                 namecb, cbarg);
    if ( rv ) {
       goto loser;
    }

    return (SECSuccess);
    
loser:

    PORT_SetError(SEC_ERROR_BAD_DATABASE);
    return(SECFailure);
}
static DB* nsslowcert_openolddb ( NSSLOWCERTDBNameFunc  namecb,
void cbarg,
int  version 
) [static]

Definition at line 4033 of file pcertdb.c.

{
    char * tmpname;
    DB *updatedb = NULL;

    tmpname = (* namecb)(cbarg, version); /* get v6 db name */
    if ( tmpname ) {
       updatedb = dbopen( tmpname, NO_RDONLY, 0600, DB_HASH, 0 );
       PORT_Free(tmpname);
    }
    return updatedb;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nsslowcert_OpenPermCertDB ( NSSLOWCERTCertDBHandle *  handle,
PRBool  readOnly,
const char *  appName,
const char *  prefix,
NSSLOWCERTDBNameFunc  namecb,
void cbarg 
) [static]

Definition at line 4134 of file pcertdb.c.

{
    SECStatus rv;
    int openflags;
    char *certdbname;
    int version = 0;
    
    certdbname = (* namecb)(cbarg, CERT_DB_FILE_VERSION);
    if ( certdbname == NULL ) {
       return(SECFailure);
    }

    openflags = readOnly ? NO_RDONLY : NO_RDWR;

    /*
     * first open the permanent file based database.
     */
    if (appName) {
       handle->permCertDB = rdbopen( appName, prefix, "cert", openflags, NULL);
    } else {
       handle->permCertDB = dbsopen( certdbname, openflags, 0600, DB_HASH, 0 );
    }

    /* check for correct version number */
    if ( handle->permCertDB ) {
       version = nsslowcert_GetVersionNumber(handle);
       if ((version != CERT_DB_FILE_VERSION) &&
              !(appName && version == CERT_DB_V7_FILE_VERSION)) {
           goto loser;
       }
    } else if ( readOnly ) {
       /* don't create if readonly */
           /* Try openning a version 7 database */
           handle->permCertDB = nsslowcert_openolddb(namecb,cbarg, 7);
           if (!handle->permCertDB) {
              goto loser;
           }
           if (nsslowcert_GetVersionNumber(handle) != 7) {
              goto loser;
           }
    } else {
        /* if first open fails, try to create a new DB */
       rv = openNewCertDB(appName,prefix,certdbname,handle,namecb,cbarg);
       if (rv == SECWouldBlock) {
           /* only the rdb version can fail with wouldblock */
           handle->permCertDB = 
                     rdbopen( appName, prefix, "cert", openflags, NULL);

           /* check for correct version number */
           if ( !handle->permCertDB ) {
              goto loser;
           }
           version = nsslowcert_GetVersionNumber(handle);
           if ((version != CERT_DB_FILE_VERSION) &&
              !(appName && version == CERT_DB_V7_FILE_VERSION)) {
              goto loser;
           }
       } else if (rv != SECSuccess) {
           goto loser;
       }
    }

    PORT_Free(certdbname);
    
    return (SECSuccess);
    
loser:

    PORT_SetError(SEC_ERROR_BAD_DATABASE);
    
    if ( handle->permCertDB ) {
       certdb_Close(handle->permCertDB);
       handle->permCertDB = 0;
    }

    PORT_Free(certdbname);

    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

certDBEntrySMime* nsslowcert_ReadDBSMimeEntry ( NSSLOWCERTCertDBHandle *  handle,
char *  emailAddr 
)

Definition at line 2040 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    PRArenaPool *tmparena = NULL;
    certDBEntrySMime *entry;
    SECItem dbkey;
    SECItem dbentry;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( tmparena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
                                          sizeof(certDBEntrySMime));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeSMimeProfile;

    rv = EncodeDBSMimeKey(emailAddr, tmparena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
    if ( rv == SECFailure ) {
       goto loser;
    }

    /* is record long enough for header? */
    if ( dbentry.len < DB_SMIME_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    rv = DecodeDBSMimeEntry(entry, &dbentry, emailAddr);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    PORT_FreeArena(tmparena, PR_FALSE);
    return(entry);
    
loser:
    if ( tmparena ) {
       PORT_FreeArena(tmparena, PR_FALSE);
    }
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}
SECStatus nsslowcert_SaveSMimeProfile ( NSSLOWCERTCertDBHandle *  dbhandle,
char *  emailAddr,
SECItem *  derSubject,
SECItem *  emailProfile,
SECItem *  profileTime 
)

Definition at line 5331 of file pcertdb.c.

{
    SECStatus rv = SECFailure;;

    rv = db_BeginTransaction(dbhandle->permCertDB);
    if (rv != SECSuccess) {
       return SECFailure;
    }

    rv = nsslowcert_UpdateSMimeProfile(dbhandle, emailAddr, 
        derSubject, emailProfile, profileTime);
    
    db_FinishTransaction(dbhandle->permCertDB, rv != SECSuccess);
    return(rv);
}
void nsslowcert_setDBVerify ( NSSLOWCERTCertDBHandle *  handle,
PRBool  value 
)

Definition at line 4688 of file pcertdb.c.

{
    handle->dbVerify = value;
}
SECStatus nsslowcert_TraverseDBEntries ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryType  type,
SECStatus(*)(SECItem *data, SECItem *key, certDBEntryType type, void *pdata)  callback,
void udata 
)

Definition at line 4272 of file pcertdb.c.

{
    DBT data;
    DBT key;
    SECStatus rv;
    int ret;
    SECItem dataitem;
    SECItem keyitem;
    unsigned char *buf;
    unsigned char *keybuf;
    
    ret = certdb_Seq(handle->permCertDB, &key, &data, R_FIRST);

    if ( ret ) {
       return(SECFailure);
    }
    
    do {
       buf = (unsigned char *)data.data;
       
       if ( buf[1] == (unsigned char)type ) {
           dataitem.len = data.size;
           dataitem.data = buf;
            dataitem.type = siBuffer;
           keyitem.len = key.size - SEC_DB_KEY_HEADER_LEN;
           keybuf = (unsigned char *)key.data;
           keyitem.data = &keybuf[SEC_DB_KEY_HEADER_LEN];
            keyitem.type = siBuffer;
           /* type should equal keybuf[0].  */

           rv = (* callback)(&dataitem, &keyitem, type, udata);
           if ( rv != SECSuccess ) {
              return(rv);
           }
       }
    } while ( certdb_Seq(handle->permCertDB, &key, &data, R_NEXT) == 0 );

    return(SECSuccess);
}
SECStatus nsslowcert_TraversePermCerts ( NSSLOWCERTCertDBHandle *  handle,
SECStatus(*)(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata)  certfunc,
void udata 
)

Definition at line 4487 of file pcertdb.c.

Here is the call graph for this function:

SECStatus nsslowcert_TraversePermCertsForNickname ( NSSLOWCERTCertDBHandle *  handle,
char *  nickname,
NSSLOWCERTCertCallback  cb,
void cbarg 
)

Definition at line 3188 of file pcertdb.c.

{
    certDBEntryNickname *nnentry = NULL;
    certDBEntrySMime *smentry = NULL;
    SECStatus rv;
    SECItem *derSubject = NULL;
    
    nnentry = ReadDBNicknameEntry(handle, nickname);
    if ( nnentry ) {
       derSubject = &nnentry->subjectName;
    } else {
       smentry = nsslowcert_ReadDBSMimeEntry(handle, nickname);
       if ( smentry ) {
           derSubject = &smentry->subjectName;
       }
    }
    
    if ( derSubject ) {
       rv = nsslowcert_TraversePermCertsForSubject(handle, derSubject,
                                         cb, cbarg);
    } else {
       rv = SECFailure;
    }

    if ( nnentry ) {
       DestroyDBEntry((certDBEntry *)nnentry);
    }
    if ( smentry ) {
       DestroyDBEntry((certDBEntry *)smentry);
    }
    
    return(rv);
}
SECStatus nsslowcert_TraversePermCertsForSubject ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derSubject,
NSSLOWCERTCertCallback  cb,
void cbarg 
)

Definition at line 3135 of file pcertdb.c.

{
    certDBEntrySubject *entry;
    unsigned int i;
    NSSLOWCERTCertificate *cert;
    SECStatus rv = SECSuccess;
    
    entry = ReadDBSubjectEntry(handle, derSubject);

    if ( entry == NULL ) {
       return(SECFailure);
    }
    
    for( i = 0; i < entry->ncerts; i++ ) {
       cert = nsslowcert_FindCertByKey(handle, &entry->certKeys[i]);
       if (!cert) {
           continue;
       }
       rv = (* cb)(cert, cbarg);
       nsslowcert_DestroyCertificate(cert);
       if ( rv == SECFailure ) {
           break;
       }
    }

    DestroyDBEntry((certDBEntry *)entry);

    return(rv);
}
static void nsslowcert_UnlockCertRefCount ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 181 of file pcertdb.c.

Here is the caller graph for this function:

void nsslowcert_UnlockCertTrust ( NSSLOWCERTCertificate *  cert)

Definition at line 213 of file pcertdb.c.

{
    PRStatus prstat;

    PORT_Assert(certTrustLock != NULL);
    
    prstat = PZ_Unlock(certTrustLock);
    
    PORT_Assert(prstat == PR_SUCCESS);

    return;
}

Here is the caller graph for this function:

static void nsslowcert_UnlockDB ( NSSLOWCERTCertDBHandle *  handle) [static]

Definition at line 150 of file pcertdb.c.

{
    PRStatus prstat;
    
    prstat = PZ_ExitMonitor(handle->dbMon);
    
    PORT_Assert(prstat == PR_SUCCESS);
    
    return;
}

Here is the caller graph for this function:

static void nsslowcert_UnlockFreeList ( void  ) [static]

Definition at line 246 of file pcertdb.c.

{
    PRStatus prstat;

    PORT_Assert(freeListLock != NULL);
    
    prstat = PZ_Unlock(freeListLock);
    
    PORT_Assert(prstat == PR_SUCCESS);

    return;
}

Here is the caller graph for this function:

static SECStatus nsslowcert_UpdateCrl ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derCrl,
SECItem *  crlKey,
char *  url,
PRBool  isKRL 
) [static]

Definition at line 5194 of file pcertdb.c.

{
    SECStatus rv = SECFailure;
    certDBEntryRevocation *entry = NULL;
    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation  
                                   : certDBEntryTypeRevocation;
    DeleteDBCrlEntry(handle, crlKey, crlType);

    /* Write the new entry into the data base */
    entry = NewDBCrlEntry(derCrl, url, crlType, 0);
    if (entry == NULL) goto done;

    rv = WriteDBCrlEntry(handle, entry, crlKey);
    if (rv != SECSuccess) goto done;

done:
    if (entry) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nsslowcert_UpdatePermCert ( NSSLOWCERTCertDBHandle *  dbhandle,
NSSLOWCERTCertificate *  cert,
char *  nickname,
NSSLOWCERTCertTrust *  trust 
) [static]

Definition at line 4588 of file pcertdb.c.

{
    char *oldnn;
    certDBEntryCert *entry;
    PRBool conflict;
    SECStatus ret;

    PORT_Assert(!cert->dbEntry);

    /* don't add a conflicting nickname */
    conflict = nsslowcert_CertNicknameConflict(nickname, &cert->derSubject,
                                   dbhandle);
    if ( conflict ) {
       ret = SECFailure;
       goto done;
    }
    
    /* save old nickname so that we can delete it */
    oldnn = cert->nickname;

    entry = AddCertToPermDB(dbhandle, cert, nickname, trust);
    
    if ( entry == NULL ) {
       ret = SECFailure;
       goto done;
    }

    pkcs11_freeNickname(oldnn,cert->nicknameSpace);
    
    cert->nickname = (entry->nickname) ? pkcs11_copyNickname(entry->nickname,
              cert->nicknameSpace, sizeof(cert->nicknameSpace)) : NULL;
    cert->trust = &entry->trust;
    cert->dbEntry = entry;
    
    ret = SECSuccess;
done:
    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nsslowcert_UpdateSMimeProfile ( NSSLOWCERTCertDBHandle *  dbhandle,
char *  emailAddr,
SECItem *  derSubject,
SECItem *  emailProfile,
SECItem *  profileTime 
) [static]

Definition at line 5271 of file pcertdb.c.

{
    certDBEntrySMime *entry = NULL;
    SECStatus rv = SECFailure;;


    /* find our existing entry */
    entry = nsslowcert_ReadDBSMimeEntry(dbhandle, emailAddr);

    if ( entry ) {
       /* keep our old db entry consistant for old applications. */
       if (!SECITEM_ItemsAreEqual(derSubject, &entry->subjectName)) {
           nsslowcert_UpdateSubjectEmailAddr(dbhandle, &entry->subjectName, 
                            emailAddr, nsslowcert_remove);
       } 
       DestroyDBEntry((certDBEntry *)entry);
       entry = NULL;
    }

    /* now save the entry */
    entry = NewDBSMimeEntry(emailAddr, derSubject, emailProfile,
                            profileTime, 0);
    if ( entry == NULL ) {
       rv = SECFailure;
       goto loser;
    }

    nsslowcert_LockDB(dbhandle);

    rv = DeleteDBSMimeEntry(dbhandle, emailAddr);
    /* if delete fails, try to write new entry anyway... */

    /* link subject entry back here */
    rv = nsslowcert_UpdateSubjectEmailAddr(dbhandle, derSubject, emailAddr,
                                   nsslowcert_add);
    if ( rv != SECSuccess ) {
           nsslowcert_UnlockDB(dbhandle);
           goto loser;
    }
       
    rv = WriteDBSMimeEntry(dbhandle, entry);
    if ( rv != SECSuccess ) {
           nsslowcert_UnlockDB(dbhandle);
           goto loser;
    }

    nsslowcert_UnlockDB(dbhandle);

    rv = SECSuccess;
    
loser:
    if ( entry ) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nsslowcert_UpdateSubjectEmailAddr ( NSSLOWCERTCertDBHandle *  dbhandle,
SECItem *  derSubject,
char *  emailAddr,
nsslowcertUpdateType  updateType 
) [static]

Definition at line 2697 of file pcertdb.c.

{
    certDBEntrySubject *entry = NULL;
    int index = -1, i;
    SECStatus rv;
   
    if (emailAddr) { 
       emailAddr = nsslowcert_FixupEmailAddr(emailAddr);
       if (emailAddr == NULL) {
           return SECFailure;
       }
    } else {
       return SECSuccess;
    }

    entry = ReadDBSubjectEntry(dbhandle,derSubject);    
    if (entry == NULL) {
       rv = SECFailure;
       goto done;
    } 

    for (i=0; i < (int)(entry->nemailAddrs); i++) {
        if (PORT_Strcmp(entry->emailAddrs[i],emailAddr) == 0) {
           index = i;
       }
    }

    if (updateType == nsslowcert_remove) {
       if (index == -1) {
           rv = SECSuccess;
           goto done;
       }
       entry->nemailAddrs--;
       for (i=index; i < (int)(entry->nemailAddrs); i++) {
          entry->emailAddrs[i] = entry->emailAddrs[i+1];
       }
    } else {
       char **newAddrs = NULL;

       if (index != -1) {
           rv = SECSuccess;
           goto done;
       }
       newAddrs = (char **)PORT_ArenaAlloc(entry->common.arena,
              (entry->nemailAddrs+1)* sizeof(char *));
       if (!newAddrs) {
           rv = SECFailure;
           goto done;
       }
       for (i=0; i < (int)(entry->nemailAddrs); i++) {
          newAddrs[i] = entry->emailAddrs[i];
       }
       newAddrs[entry->nemailAddrs] = 
                     PORT_ArenaStrdup(entry->common.arena,emailAddr);
       if (!newAddrs[entry->nemailAddrs]) {
          rv = SECFailure;
          goto done;
       }
       entry->emailAddrs = newAddrs;
       entry->nemailAddrs++;
    }
       
    /* delete the subject entry */
    DeleteDBSubjectEntry(dbhandle, derSubject);

    /* write the new one */
    rv = WriteDBSubjectEntry(dbhandle, entry);

  done:
    if (entry) DestroyDBEntry((certDBEntry *)entry);
    if (emailAddr) PORT_Free(emailAddr);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus openNewCertDB ( const char *  appName,
const char *  prefix,
const char *  certdbname,
NSSLOWCERTCertDBHandle *  handle,
NSSLOWCERTDBNameFunc  namecb,
void cbarg 
) [static]

Definition at line 4047 of file pcertdb.c.

{
    SECStatus rv;
    certDBEntryVersion *versionEntry = NULL;
    DB *updatedb = NULL;
    int status = RDB_FAIL;

    if (appName) {
       handle->permCertDB=rdbopen( appName, prefix, "cert", NO_CREATE, &status);
    } else {
       handle->permCertDB=dbsopen(certdbname, NO_CREATE, 0600, DB_HASH, 0);
    }

    /* if create fails then we lose */
    if ( handle->permCertDB == 0 ) {
       return status == RDB_RETRY ? SECWouldBlock : SECFailure;
    }

    rv = db_BeginTransaction(handle->permCertDB);
    if (rv != SECSuccess) {
       db_InitComplete(handle->permCertDB);
       return SECFailure;
    }

    /* Verify version number; */
    versionEntry = NewDBVersionEntry(0);
    if ( versionEntry == NULL ) {
       rv = SECFailure;
       goto loser;
    }
       
    rv = WriteDBVersionEntry(handle, versionEntry);

    DestroyDBEntry((certDBEntry *)versionEntry);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    /* rv must already be Success here because of previous if statement */
    /* try to upgrade old db here */
    if (appName &&
       (updatedb = dbsopen(certdbname, NO_RDONLY, 0600, DB_HASH, 0)) != NULL) {
       rv = UpdateV8DB(handle, updatedb);
    } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,7)) != NULL) {
       rv = UpdateV7DB(handle, updatedb);
    } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,6)) != NULL) {
       rv = UpdateV6DB(handle, updatedb);
    } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,5)) != NULL) {
       rv = UpdateV5DB(handle, updatedb);
    } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,4)) != NULL) {
       /* NES has v5 format db's with v4 db names! */
       if (isV4DB(updatedb)) {
           rv = UpdateV4DB(handle,updatedb);
       } else {
           rv = UpdateV5DB(handle,updatedb);
       }
    }


loser:
    db_FinishTransaction(handle->permCertDB,rv != SECSuccess);
    db_InitComplete(handle->permCertDB);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned char* pkcs11_allocStaticData ( int  len,
unsigned char *  space,
int  spaceLen 
)

Definition at line 405 of file pcertdb.c.

{
    unsigned char *data = NULL;

    if (len <= spaceLen) {
       data = space;
    } else {
       data = (unsigned char *) PORT_Alloc(len);
    }

    return data;
}
char* pkcs11_copyNickname ( char *  nickname,
char *  space,
int  spaceLen 
)

Definition at line 380 of file pcertdb.c.

{
    int len;
    char *copy = NULL;

    len = PORT_Strlen(nickname)+1;
    if (len <= spaceLen) {
       copy = space;
       PORT_Memcpy(copy,nickname,len);
    } else {
       copy = PORT_Strdup(nickname);
    }

    return copy;
}
unsigned char* pkcs11_copyStaticData ( unsigned char *  data,
int  len,
unsigned char *  space,
int  spaceLen 
)

Definition at line 419 of file pcertdb.c.

{
    unsigned char *copy = pkcs11_allocStaticData(len, space, spaceLen);
    if (copy) {
       PORT_Memcpy(copy,data,len);
    }

    return copy;
}
void pkcs11_freeNickname ( char *  nickname,
char *  space 
)

Definition at line 372 of file pcertdb.c.

{
    if (nickname && nickname != space) {
       PORT_Free(nickname);
    }
}
void pkcs11_freeStaticData ( unsigned char *  data,
unsigned char *  space 
)

Definition at line 397 of file pcertdb.c.

{
    if (data && data != space) {
       PORT_Free(data);
    }
}
static certDBEntryCert* ReadDBCertEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey 
) [static]

Definition at line 1092 of file pcertdb.c.

{
    certDBEntryCert *entry;
    SECItem dbkey;
    SECItem dbentry;
    SECStatus rv;
    unsigned char buf[512];

    dbkey.data = buf;
    dbkey.len = sizeof(buf);

    entry = CreateCertEntry();
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = NULL;
    entry->common.type = certDBEntryTypeCert;

    rv = EncodeDBCertKey(certKey, NULL, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, NULL);
    if ( rv == SECFailure ) {
       goto loser;
    }

    rv = DecodeDBCertEntry(entry, &dbentry);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    pkcs11_freeStaticData(dbkey.data,buf);    
    dbkey.data = NULL;
    return(entry);
    
loser:
    pkcs11_freeStaticData(dbkey.data,buf);    
    dbkey.data = NULL;
    if ( entry ) {
        DestroyDBEntry((certDBEntry *)entry);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryRevocation* ReadDBCrlEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  certKey,
certDBEntryType  crlType 
) [static]

Definition at line 1383 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    PRArenaPool *tmparena = NULL;
    certDBEntryRevocation *entry;
    SECItem dbkey;
    SECItem dbentry;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( tmparena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    entry = (certDBEntryRevocation *)
                     PORT_ArenaAlloc(arena, sizeof(certDBEntryRevocation));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = arena;
    entry->common.type = crlType;

    rv = EncodeDBGenericKey(certKey, tmparena, &dbkey, crlType);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, NULL);
    if ( rv == SECFailure ) {
       goto loser;
    }

    rv = DecodeDBCrlEntry(entry, &dbentry);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    PORT_FreeArena(tmparena, PR_FALSE);
    return(entry);
    
loser:
    if ( tmparena ) {
       PORT_FreeArena(tmparena, PR_FALSE);
    }
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus ReadDBEntry ( NSSLOWCERTCertDBHandle *  handle,
certDBEntryCommon entry,
SECItem *  dbkey,
SECItem *  dbentry,
PRArenaPool arena 
) [static]

Definition at line 506 of file pcertdb.c.

{
    DBT data, key;
    int ret;
    unsigned char *buf;
    
    /* init the database key */
    key.data = dbkey->data;
    key.size = dbkey->len;
    
    dbkey->data[0] = (unsigned char)entry->type;

    /* read entry from database */
    ret = certdb_Get(handle->permCertDB, &key, &data, 0 );
    if ( ret != 0 ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    
    /* validate the entry */
    if ( data.size < SEC_DB_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    buf = (unsigned char *)data.data;
    /* version 7 has the same schema, we may be using a v7 db if we openned
     * the databases readonly. */
    if (!((buf[0] == (unsigned char)CERT_DB_FILE_VERSION) 
              || (buf[0] == (unsigned char) CERT_DB_V7_FILE_VERSION))) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }
    if ( buf[1] != (unsigned char)entry->type ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    /* copy out header information */
    entry->version = (unsigned int)buf[0];
    entry->type = (certDBEntryType)buf[1];
    entry->flags = (unsigned int)buf[2];
    
    /* format body of entry for return to caller */
    dbentry->len = data.size - SEC_DB_ENTRY_HEADER_LEN;
    if ( dbentry->len ) {
       if (arena) {
           dbentry->data = (unsigned char *)
                            PORT_ArenaAlloc(arena, dbentry->len);
           if ( dbentry->data == NULL ) {
              PORT_SetError(SEC_ERROR_NO_MEMORY);
              goto loser;
           }
    
           PORT_Memcpy(dbentry->data, &buf[SEC_DB_ENTRY_HEADER_LEN],
                dbentry->len);
       } else {
           dbentry->data = &buf[SEC_DB_ENTRY_HEADER_LEN];
       }
    } else {
       dbentry->data = NULL;
    }
    
    return(SECSuccess);

loser:
    return(SECFailure);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryNickname* ReadDBNicknameEntry ( NSSLOWCERTCertDBHandle *  handle,
char *  nickname 
) [static]

Definition at line 1652 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    PRArenaPool *tmparena = NULL;
    certDBEntryNickname *entry;
    SECItem dbkey;
    SECItem dbentry;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( tmparena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    entry = (certDBEntryNickname *)PORT_ArenaAlloc(arena,
                                           sizeof(certDBEntryNickname));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeNickname;

    rv = EncodeDBNicknameKey(nickname, tmparena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
    if ( rv == SECFailure ) {
       goto loser;
    }

    /* is record long enough for header? */
    if ( dbentry.len < DB_NICKNAME_ENTRY_HEADER_LEN ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       goto loser;
    }

    rv = DecodeDBNicknameEntry(entry, &dbentry, nickname);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    PORT_FreeArena(tmparena, PR_FALSE);
    return(entry);
    
loser:
    if ( tmparena ) {
       PORT_FreeArena(tmparena, PR_FALSE);
    }
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntrySubject* ReadDBSubjectEntry ( NSSLOWCERTCertDBHandle *  handle,
SECItem *  derSubject 
) [static]

Definition at line 2592 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    PRArenaPool *tmparena = NULL;
    certDBEntrySubject *entry;
    SECItem dbkey;
    SECItem dbentry;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( tmparena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    entry = (certDBEntrySubject *)PORT_ArenaAlloc(arena,
                                          sizeof(certDBEntrySubject));
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeSubject;

    rv = EncodeDBSubjectKey(derSubject, tmparena, &dbkey);
    if ( rv != SECSuccess ) {
       goto loser;
    }
    
    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
    if ( rv == SECFailure ) {
       goto loser;
    }

    rv = DecodeDBSubjectEntry(entry, &dbentry, derSubject);
    if ( rv == SECFailure ) {
       goto loser;
    }
    
    PORT_FreeArena(tmparena, PR_FALSE);
    return(entry);
    
loser:
    if ( tmparena ) {
       PORT_FreeArena(tmparena, PR_FALSE);
    }
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static certDBEntryVersion* ReadDBVersionEntry ( NSSLOWCERTCertDBHandle *  handle) [static]

Definition at line 2858 of file pcertdb.c.

{
    PRArenaPool *arena = NULL;
    PRArenaPool *tmparena = NULL;
    certDBEntryVersion *entry;
    SECItem dbkey;
    SECItem dbentry;
    SECStatus rv;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }

    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( tmparena == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    
    entry = PORT_ArenaZNew(arena, certDBEntryVersion);
    if ( entry == NULL ) {
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       goto loser;
    }
    entry->common.arena = arena;
    entry->common.type = certDBEntryTypeVersion;

    /* now get the database key and format it */
    dbkey.len = SEC_DB_VERSION_KEY_LEN + SEC_DB_KEY_HEADER_LEN;
    dbkey.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbkey.len);
    if ( dbkey.data == NULL ) {
       goto loser;
    }
    PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_VERSION_KEY,
             SEC_DB_VERSION_KEY_LEN);

    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
    if (rv != SECSuccess) {
       goto loser;
    }

    PORT_FreeArena(tmparena, PR_FALSE);
    return(entry);
    
loser:
    if ( tmparena ) {
       PORT_FreeArena(tmparena, PR_FALSE);
    }
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    return(NULL);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus RemovePermSubjectNode ( NSSLOWCERTCertificate *  cert) [static]

Definition at line 2972 of file pcertdb.c.

{
    certDBEntrySubject *entry;
    unsigned int i;
    SECStatus rv;
    
    entry = ReadDBSubjectEntry(cert->dbhandle,&cert->derSubject);
    if ( entry == NULL ) {
       return(SECFailure);
    }

    PORT_Assert(entry->ncerts);
    rv = SECFailure;
    
    if ( entry->ncerts > 1 ) {
       for ( i = 0; i < entry->ncerts; i++ ) {
           if ( SECITEM_CompareItem(&entry->certKeys[i], &cert->certKey) ==
              SECEqual ) {
              /* copy rest of list forward one entry */
              for ( i = i + 1; i < entry->ncerts; i++ ) {
                  entry->certKeys[i-1] = entry->certKeys[i];
                  entry->keyIDs[i-1] = entry->keyIDs[i];
              }
              entry->ncerts--;
              DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
              rv = WriteDBSubjectEntry(cert->dbhandle, entry);
              break;
           }
       }
    } else {
       /* no entries left, delete the perm entry in the DB */
       if ( entry->emailAddrs ) {
           /* if the subject had an email record, then delete it too */
           for (i=0; i < entry->nemailAddrs; i++) {
              DeleteDBSMimeEntry(cert->dbhandle, entry->emailAddrs[i]);
           }
       }
       if ( entry->nickname ) {
           DeleteDBNicknameEntry(cert->dbhandle, entry->nickname);
       }
       
       DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
    }
    DestroyDBEntry((certDBEntry *)entry);

    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus TraversePermCertsNoLocking ( NSSLOWCERTCertDBHandle *  handle,
SECStatus(*)(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata)  certfunc,
void udata 
) [static]

Definition at line 4464 of file pcertdb.c.

{
    SECStatus rv;
    PermCertCallbackState mystate;

    mystate.certfunc = certfunc;
    mystate.handle = handle;
    mystate.data = udata;
    rv = nsslowcert_TraverseDBEntries(handle, certDBEntryTypeCert, certcallback,
                            (void *)&mystate);
    
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus UpdateV4DB ( NSSLOWCERTCertDBHandle *  handle,
DB updatedb 
) [static]

Definition at line 3886 of file pcertdb.c.

{
    DBT key, data;
    certDBEntryCert *entry, *entry2;
    int ret;
    PRArenaPool *arena = NULL;
    NSSLOWCERTCertificate *cert;

    ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);

    if ( ret ) {
       return(SECFailure);
    }

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       return(SECFailure);
    }
    
    do {
       if ( data.size != 1 ) { /* skip version number */

           /* decode the old DB entry */
           entry = (certDBEntryCert *)
              DecodeV4DBCertEntry((unsigned char*)data.data, data.size);
           
           if ( entry ) {
              cert = nsslowcert_DecodeDERCertificate(&entry->derCert, 
                                           entry->nickname);

              if ( cert != NULL ) {
                  /* add to new database */
                  entry2 = AddCertToPermDB(handle, cert, entry->nickname,
                                        &entry->trust);
                  
                  nsslowcert_DestroyCertificate(cert);
                  if ( entry2 ) {
                     DestroyDBEntry((certDBEntry *)entry2);
                  }
              }
              DestroyDBEntry((certDBEntry *)entry);
           }
       }
    } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );

    PORT_FreeArena(arena, PR_FALSE);
    (* updatedb->close)(updatedb);
    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus updateV5Callback ( NSSLOWCERTCertificate *  cert,
SECItem *  k,
void pdata 
) [static]

Definition at line 3817 of file pcertdb.c.

{
    NSSLOWCERTCertDBHandle *handle;
    certDBEntryCert *entry;
    NSSLOWCERTCertTrust *trust;
    
    handle = (NSSLOWCERTCertDBHandle *)pdata;
    trust = &cert->dbEntry->trust;

    /* SSL user certs can be used for email if they have an email addr */
    if ( cert->emailAddr && ( trust->sslFlags & CERTDB_USER ) &&
       ( trust->emailFlags == 0 ) ) {
       trust->emailFlags = CERTDB_USER;
    }
    /* servers didn't set the user flags on the server cert.. */
    if (PORT_Strcmp(cert->dbEntry->nickname,"Server-Cert") == 0) {
       trust->sslFlags |= CERTDB_USER;
    }
    
    entry = AddCertToPermDB(handle, cert, cert->dbEntry->nickname,
                         &cert->dbEntry->trust);
    if ( entry ) {
       DestroyDBEntry((certDBEntry *)entry);
    }
    
    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus UpdateV5DB ( NSSLOWCERTCertDBHandle *  handle,
DB updatedb 
) [static]

Definition at line 3846 of file pcertdb.c.

{
    NSSLOWCERTCertDBHandle updatehandle;
    SECStatus rv;
    
    updatehandle.permCertDB = updatedb;
    updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB);
    updatehandle.dbVerify = 0;
    updatehandle.ref      = 1; /* prevent premature close */
    
    rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback,
                            (void *)handle);
    
    PZ_DestroyMonitor(updatehandle.dbMon);

    (* updatedb->close)(updatedb);
    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus UpdateV6DB ( NSSLOWCERTCertDBHandle *  handle,
DB updatedb 
) [static]

Definition at line 3633 of file pcertdb.c.

{
    int ret;
    DBT key, data;
    unsigned char *buf, *tmpbuf = NULL;
    certDBEntryType type;
    certDBEntryNickname *nnEntry = NULL;
    certDBEntrySubject *subjectEntry = NULL;
    certDBEntrySMime *emailEntry = NULL;
    char *nickname;
    char *emailAddr;
    SECStatus rv;
    
    /*
     * Sequence through the old database and copy all of the entries
     * to the new database.  Subject name entries will have the new
     * fields inserted into them (with zero length).
     */
    ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);
    if ( ret ) {
       return(SECFailure);
    }

    do {
       buf = (unsigned char *)data.data;
       
       if ( data.size >= 3 ) {
           if ( buf[0] == 6 ) { /* version number */
              type = (certDBEntryType)buf[1];
              if ( type == certDBEntryTypeSubject ) {
                  /* expando subjecto entrieo */
                  tmpbuf = (unsigned char *)PORT_Alloc(data.size + 4);
                  if ( tmpbuf ) {
                     /* copy header stuff */
                     PORT_Memcpy(tmpbuf, buf, SEC_DB_ENTRY_HEADER_LEN + 2);
                     /* insert 4 more bytes of zero'd header */
                     PORT_Memset(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 2],
                                0, 4);
                     /* copy rest of the data */
                     PORT_Memcpy(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 6],
                                &buf[SEC_DB_ENTRY_HEADER_LEN + 2],
                                data.size - (SEC_DB_ENTRY_HEADER_LEN + 2));

                     data.data = (void *)tmpbuf;
                     data.size += 4;
                     buf = tmpbuf;
                  }
              } else if ( type == certDBEntryTypeCert ) {
                  /* expando certo entrieo */
                  tmpbuf = (unsigned char *)PORT_Alloc(data.size + 3);
                  if ( tmpbuf ) {
                     /* copy header stuff */
                     PORT_Memcpy(tmpbuf, buf, SEC_DB_ENTRY_HEADER_LEN);

                     /* copy trust flage, setting msb's to 0 */
                     tmpbuf[SEC_DB_ENTRY_HEADER_LEN] = 0;
                     tmpbuf[SEC_DB_ENTRY_HEADER_LEN+1] =
                         buf[SEC_DB_ENTRY_HEADER_LEN];
                     tmpbuf[SEC_DB_ENTRY_HEADER_LEN+2] = 0;
                     tmpbuf[SEC_DB_ENTRY_HEADER_LEN+3] =
                         buf[SEC_DB_ENTRY_HEADER_LEN+1];
                     tmpbuf[SEC_DB_ENTRY_HEADER_LEN+4] = 0;
                     tmpbuf[SEC_DB_ENTRY_HEADER_LEN+5] =
                         buf[SEC_DB_ENTRY_HEADER_LEN+2];
                     
                     /* copy rest of the data */
                     PORT_Memcpy(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 6],
                                &buf[SEC_DB_ENTRY_HEADER_LEN + 3],
                                data.size - (SEC_DB_ENTRY_HEADER_LEN + 3));

                     data.data = (void *)tmpbuf;
                     data.size += 3;
                     buf = tmpbuf;
                  }

              }

              /* update the record version number */
              buf[0] = CERT_DB_FILE_VERSION;

              /* copy to the new database */
              ret = certdb_Put(handle->permCertDB, &key, &data, 0);
              if ( tmpbuf ) {
                  PORT_Free(tmpbuf);
                  tmpbuf = NULL;
              }
           }
       }
    } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );

    ret = certdb_Sync(handle->permCertDB, 0);

    ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);
    if ( ret ) {
       return(SECFailure);
    }

    do {
       buf = (unsigned char *)data.data;
       
       if ( data.size >= 3 ) {
           if ( buf[0] == CERT_DB_FILE_VERSION ) { /* version number */
              type = (certDBEntryType)buf[1];
              if ( type == certDBEntryTypeNickname ) {
                  nickname = &((char *)key.data)[1];

                  /* get the matching nickname entry in the new DB */
                  nnEntry = ReadDBNicknameEntry(handle, nickname);
                  if ( nnEntry == NULL ) {
                     goto endloop;
                  }
                  
                  /* find the subject entry pointed to by nickname */
                  subjectEntry = ReadDBSubjectEntry(handle,
                                                &nnEntry->subjectName);
                  if ( subjectEntry == NULL ) {
                     goto endloop;
                  }
                  
                  subjectEntry->nickname =
                     (char *)PORT_ArenaAlloc(subjectEntry->common.arena,
                                          key.size - 1);
                  if ( subjectEntry->nickname ) {
                     PORT_Memcpy(subjectEntry->nickname, nickname,
                                key.size - 1);
                     rv = WriteDBSubjectEntry(handle, subjectEntry);
                  }
              } else if ( type == certDBEntryTypeSMimeProfile ) {
                  emailAddr = &((char *)key.data)[1];

                  /* get the matching smime entry in the new DB */
                  emailEntry = nsslowcert_ReadDBSMimeEntry(handle, emailAddr);
                  if ( emailEntry == NULL ) {
                     goto endloop;
                  }
                  
                  /* find the subject entry pointed to by nickname */
                  subjectEntry = ReadDBSubjectEntry(handle,
                                                &emailEntry->subjectName);
                  if ( subjectEntry == NULL ) {
                     goto endloop;
                  }
                  
                  subjectEntry->emailAddrs = (char **)
                            PORT_ArenaAlloc(subjectEntry->common.arena,
                                          sizeof(char *));
                  if ( subjectEntry->emailAddrs ) {
                     subjectEntry->emailAddrs[0] =
                          (char *)PORT_ArenaAlloc(subjectEntry->common.arena,
                                          key.size - 1);
                     if ( subjectEntry->emailAddrs[0] ) {
                         PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr,
                                key.size - 1);
                         subjectEntry->nemailAddrs = 1;
                         rv = WriteDBSubjectEntry(handle, subjectEntry);
                     }
                  }
              }
              
endloop:
              if ( subjectEntry ) {
                  DestroyDBEntry((certDBEntry *)subjectEntry);
                  subjectEntry = NULL;
              }
              if ( nnEntry ) {
                  DestroyDBEntry((certDBEntry *)nnEntry);
                  nnEntry = NULL;
              }
              if ( emailEntry ) {
                  DestroyDBEntry((certDBEntry *)emailEntry);
                  emailEntry = NULL;
              }
           }
       }
    } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );

    ret = certdb_Sync(handle->permCertDB, 0);

    (* updatedb->close)(updatedb);
    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus UpdateV7DB ( NSSLOWCERTCertDBHandle *  handle,
DB updatedb 
) [static]

Definition at line 3491 of file pcertdb.c.

{
    DBT key, data;
    int ret;
    NSSLOWCERTCertificate *cert;
    PRBool isKRL = PR_FALSE;
    certDBEntryType entryType;
    SECItem dbEntry, dbKey;
    certDBEntryRevocation crlEntry;
    certDBEntryCert certEntry;
    certDBEntrySMime smimeEntry;
    SECStatus rv;

    ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);

    if ( ret ) {
       return(SECFailure);
    }
    
    do {
       unsigned char *dataBuf = (unsigned char *)data.data;
       unsigned char *keyBuf = (unsigned char *)key.data;
       dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN];
       dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN;
       entryType = (certDBEntryType) keyBuf[0];
       dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN];
       dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN;
       if ((dbEntry.len <= 0) || (dbKey.len <= 0)) {
           continue;
       }

       switch (entryType) {
       /* these entries will get regenerated as we read the 
        * rest of the data from the database */
       case certDBEntryTypeVersion:
       case certDBEntryTypeSubject:
       case certDBEntryTypeContentVersion:
       case certDBEntryTypeNickname:
       /* smime profiles need entries created after the certs have
         * been imported, loop over them in a second run */
       case certDBEntryTypeSMimeProfile:
           break;

       case certDBEntryTypeCert:
           /* decode Entry */
           certEntry.common.version = (unsigned int)dataBuf[0];
           certEntry.common.type = entryType;
           certEntry.common.flags = (unsigned int)dataBuf[2];
           rv = DecodeDBCertEntry(&certEntry,&dbEntry);
           if (rv != SECSuccess) {
              break;
           }
           /* should we check for existing duplicates? */
           cert = nsslowcert_DecodeDERCertificate(&certEntry.derCert, 
                                          certEntry.nickname);
           if (cert) {
              nsslowcert_UpdatePermCert(handle, cert, certEntry.nickname,
                                                 &certEntry.trust);
              nsslowcert_DestroyCertificate(cert);
           }
           /* free any data the decode may have allocated. */
           pkcs11_freeStaticData(certEntry.derCert.data, 
                                          certEntry.derCertSpace);
           pkcs11_freeNickname(certEntry.nickname, certEntry.nicknameSpace);
           break;

       case certDBEntryTypeKeyRevocation:
           isKRL = PR_TRUE;
           /* fall through */
       case certDBEntryTypeRevocation:
           crlEntry.common.version = (unsigned int)dataBuf[0];
           crlEntry.common.type = entryType;
           crlEntry.common.flags = (unsigned int)dataBuf[2];
           crlEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
           if (crlEntry.common.arena == NULL) {
              break;
           }
           rv = DecodeDBCrlEntry(&crlEntry,&dbEntry);
           if (rv != SECSuccess) {
              break;
           }
           nsslowcert_UpdateCrl(handle, &crlEntry.derCrl, &dbKey, 
                                          crlEntry.url, isKRL);
           /* free data allocated by the decode */
           PORT_FreeArena(crlEntry.common.arena, PR_FALSE);
           crlEntry.common.arena = NULL;
           break;

       default:
           break;
       }
    } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );

    /* now loop again updating just the SMimeProfile. */
    ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);

    if ( ret ) {
       return(SECFailure);
    }
    
    do {
       unsigned char *dataBuf = (unsigned char *)data.data;
       unsigned char *keyBuf = (unsigned char *)key.data;
       dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN];
       dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN;
       entryType = (certDBEntryType) keyBuf[0];
       if (entryType != certDBEntryTypeSMimeProfile) {
           continue;
       }
       dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN];
       dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN;
       if ((dbEntry.len <= 0) || (dbKey.len <= 0)) {
           continue;
       }
        smimeEntry.common.version = (unsigned int)dataBuf[0];
       smimeEntry.common.type = entryType;
       smimeEntry.common.flags = (unsigned int)dataBuf[2];
       smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
       /* decode entry */
       rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data);
       if (rv == SECSuccess) {
           nsslowcert_UpdateSMimeProfile(handle, smimeEntry.emailAddr,
              &smimeEntry.subjectName, &smimeEntry.smimeOptions,
                                           &smimeEntry.optionsDate);
       }
       PORT_FreeArena(smimeEntry.common.arena, PR_FALSE);
       smimeEntry.common.arena = NULL;
    } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );

    (* updatedb->close)(updatedb);

    /* a database update is a good time to go back and verify the integrity of
     * the keys and certs */
    handle->dbVerify = PR_TRUE; 
    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus UpdateV8DB ( NSSLOWCERTCertDBHandle *  handle,
DB updatedb 
) [static]

Definition at line 3478 of file pcertdb.c.

{
    return UpdateV7DB(handle,updatedb);
}

Here is the call graph for this function: