Mercurial > trustbridge > nss-cmake-static
annotate nss/lib/pki/pki3hack.c @ 3:150b72113545
Add DBM and legacydb support
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 05 Aug 2014 18:32:02 +0200 |
| parents | 1e5118fa0cb1 |
| children |
| rev | line source |
|---|---|
|
0
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 /* This Source Code Form is subject to the terms of the Mozilla Public |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 * Hacks to integrate NSS 3.4 and NSS 4.0 certificates. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 #ifndef NSSPKI_H |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 #include "nsspki.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 #endif /* NSSPKI_H */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 #ifndef PKI_H |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 #include "pki.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 #endif /* PKI_H */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 #ifndef PKIM_H |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 #include "pkim.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 #endif /* PKIM_H */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 #ifndef DEV_H |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 #include "dev.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 #endif /* DEV_H */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 #ifndef DEVNSS3HACK_H |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 #include "dev3hack.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 #endif /* DEVNSS3HACK_H */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 #ifndef PKINSS3HACK_H |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 #include "pki3hack.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 #endif /* PKINSS3HACK_H */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 #include "secitem.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 #include "certdb.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 #include "certt.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 #include "cert.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 #include "certi.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 #include "pk11func.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 #include "pkistore.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 #include "secmod.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 #include "nssrwlk.h" |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 NSSTrustDomain *g_default_trust_domain = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 NSSCryptoContext *g_default_crypto_context = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 NSSTrustDomain * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 STAN_GetDefaultTrustDomain() |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 return g_default_trust_domain; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
52 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 NSSCryptoContext * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 STAN_GetDefaultCryptoContext() |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 return g_default_crypto_context; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 extern const NSSError NSS_ERROR_ALREADY_INITIALIZED; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 extern const NSSError NSS_ERROR_INTERNAL_ERROR; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 NSS_IMPLEMENT PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 NSSToken *token; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 if (!td) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 td = g_default_trust_domain; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 if (!td) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 /* we're called while still initting. slot will get added |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 * appropriately through normal init processes */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 token = nssToken_CreateFromPK11SlotInfo(td, slot); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 PK11Slot_SetNSSToken(slot, token); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 /* Don't add nonexistent token to TD's token list */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 if (token) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 NSSRWLock_LockWrite(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 nssList_Add(td->tokenList, token); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 NSSRWLock_UnlockWrite(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
83 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
84 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
85 NSS_IMPLEMENT PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
86 STAN_ResetTokenInterator(NSSTrustDomain *td) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
87 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
88 if (!td) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
89 td = g_default_trust_domain; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
90 if (!td) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
91 /* we're called while still initting. slot will get added |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
92 * appropriately through normal init processes */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
93 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
94 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
95 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
96 NSSRWLock_LockWrite(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
97 nssListIterator_Destroy(td->tokens); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
98 td->tokens = nssList_CreateIterator(td->tokenList); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
99 NSSRWLock_UnlockWrite(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
100 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
101 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
102 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
103 NSS_IMPLEMENT PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 STAN_LoadDefaultNSS3TrustDomain ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 void |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
106 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
107 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
108 NSSTrustDomain *td; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
109 SECMODModuleList *mlp; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
110 SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
111 int i; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
112 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
113 if (g_default_trust_domain || g_default_crypto_context) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
114 /* Stan is already initialized or a previous shutdown failed. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
115 nss_SetError(NSS_ERROR_ALREADY_INITIALIZED); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
116 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
117 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
118 td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
119 if (!td) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
120 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
121 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
122 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
123 * Deadlock warning: we should never acquire the moduleLock while |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
124 * we hold the tokensLock. We can use the NSSRWLock Rank feature to |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
125 * guarrentee this. tokensLock have a higher rank than module lock. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
126 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
127 td->tokenList = nssList_Create(td->arena, PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
128 if (!td->tokenList) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
129 goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
130 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
131 SECMOD_GetReadLock(moduleLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
132 NSSRWLock_LockWrite(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
133 for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp=mlp->next) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
134 for (i=0; i < mlp->module->slotCount; i++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
135 STAN_InitTokenForSlotInfo(td, mlp->module->slots[i]); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
136 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
137 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
138 td->tokens = nssList_CreateIterator(td->tokenList); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
139 NSSRWLock_UnlockWrite(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
140 SECMOD_ReleaseReadLock(moduleLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
141 if (!td->tokens) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
142 goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
143 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
144 g_default_crypto_context = NSSTrustDomain_CreateCryptoContext(td, NULL); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
145 if (!g_default_crypto_context) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
146 goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
147 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
148 g_default_trust_domain = td; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
149 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
150 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
151 loser: |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
152 NSSTrustDomain_Destroy(td); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
153 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
154 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
155 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
156 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
157 * must be called holding the ModuleListLock (either read or write). |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
158 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
159 NSS_IMPLEMENT SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
160 STAN_AddModuleToDefaultTrustDomain ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
161 SECMODModule *module |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
162 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
163 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
164 NSSTrustDomain *td; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
165 int i; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
166 td = STAN_GetDefaultTrustDomain(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
167 for (i=0; i<module->slotCount; i++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
168 STAN_InitTokenForSlotInfo(td, module->slots[i]); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
169 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
170 STAN_ResetTokenInterator(td); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
171 return SECSuccess; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
172 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
173 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
174 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
175 * must be called holding the ModuleListLock (either read or write). |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
176 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
177 NSS_IMPLEMENT SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
178 STAN_RemoveModuleFromDefaultTrustDomain ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
179 SECMODModule *module |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
180 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
181 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
182 NSSToken *token; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
183 NSSTrustDomain *td; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
184 int i; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
185 td = STAN_GetDefaultTrustDomain(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
186 NSSRWLock_LockWrite(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
187 for (i=0; i<module->slotCount; i++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
188 token = PK11Slot_GetNSSToken(module->slots[i]); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
189 if (token) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
190 nssToken_NotifyCertsNotVisible(token); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
191 nssList_Remove(td->tokenList, token); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
192 PK11Slot_SetNSSToken(module->slots[i], NULL); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
193 nssToken_Destroy(token); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
194 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
195 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
196 nssListIterator_Destroy(td->tokens); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
197 td->tokens = nssList_CreateIterator(td->tokenList); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
198 NSSRWLock_UnlockWrite(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
199 return SECSuccess; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
200 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
201 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
202 NSS_IMPLEMENT PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
203 STAN_Shutdown() |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
204 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
205 PRStatus status = PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
206 if (g_default_trust_domain) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
207 if (NSSTrustDomain_Destroy(g_default_trust_domain) == PR_SUCCESS) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
208 g_default_trust_domain = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
209 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
210 status = PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
211 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
212 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
213 if (g_default_crypto_context) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
214 if (NSSCryptoContext_Destroy(g_default_crypto_context) == PR_SUCCESS) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
215 g_default_crypto_context = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
216 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
217 status = PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
218 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
219 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
220 return status; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
221 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
222 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
223 /* this function should not be a hack; it will be needed in 4.0 (rename) */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
224 NSS_IMPLEMENT NSSItem * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
225 STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
226 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
227 NSSItem *rvKey; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
228 SECItem secDER; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
229 SECItem secKey = { 0 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
230 SECStatus secrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
231 PLArenaPool *arena; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
232 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
233 SECITEM_FROM_NSSITEM(&secDER, der); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
234 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
235 /* nss3 call uses nss3 arena's */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
236 arena = PORT_NewArena(256); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
237 if (!arena) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
238 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
239 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
240 secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
241 if (secrv != SECSuccess) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
242 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
243 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
244 rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
245 PORT_FreeArena(arena,PR_FALSE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
246 return rvKey; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
247 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
248 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
249 NSS_IMPLEMENT PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
250 nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
251 NSSDER *issuer, NSSDER *serial) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
252 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
253 SECStatus secrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
254 SECItem derCert; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
255 SECItem derIssuer = { 0 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
256 SECItem derSerial = { 0 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
257 SECITEM_FROM_NSSITEM(&derCert, der); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
258 secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
259 if (secrv != SECSuccess) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
260 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
261 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
262 (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
263 secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
264 if (secrv != SECSuccess) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
265 PORT_Free(derSerial.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
266 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
267 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
268 (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
269 PORT_Free(derSerial.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
270 PORT_Free(derIssuer.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
271 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
272 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
273 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
274 static NSSItem * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
275 nss3certificate_getIdentifier(nssDecodedCert *dc) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
276 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
277 NSSItem *rvID; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
278 CERTCertificate *c = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
279 rvID = nssItem_Create(NULL, NULL, c->certKey.len, c->certKey.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
280 return rvID; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
281 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
282 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
283 static void * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
284 nss3certificate_getIssuerIdentifier(nssDecodedCert *dc) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
285 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
286 CERTCertificate *c = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
287 return (void *)c->authKeyID; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
288 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
289 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
290 static nssCertIDMatch |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
291 nss3certificate_matchIdentifier(nssDecodedCert *dc, void *id) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
292 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
293 CERTCertificate *c = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
294 CERTAuthKeyID *authKeyID = (CERTAuthKeyID *)id; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
295 SECItem skid; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
296 nssCertIDMatch match = nssCertIDMatch_Unknown; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
297 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
298 /* keyIdentifier */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
299 if (authKeyID->keyID.len > 0 && |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
300 CERT_FindSubjectKeyIDExtension(c, &skid) == SECSuccess) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
301 PRBool skiEqual; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
302 skiEqual = SECITEM_ItemsAreEqual(&authKeyID->keyID, &skid); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
303 PORT_Free(skid.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
304 if (skiEqual) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
305 /* change the state to positive match, but keep going */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
306 match = nssCertIDMatch_Yes; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
307 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
308 /* exit immediately on failure */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
309 return nssCertIDMatch_No; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
310 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
311 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
312 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
313 /* issuer/serial (treated as pair) */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
314 if (authKeyID->authCertIssuer) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
315 SECItem *caName = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
316 SECItem *caSN = &authKeyID->authCertSerialNumber; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
317 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
318 caName = (SECItem *)CERT_GetGeneralNameByType( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
319 authKeyID->authCertIssuer, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
320 certDirectoryName, PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
321 if (caName != NULL && |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
322 SECITEM_ItemsAreEqual(&c->derIssuer, caName) && |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
323 SECITEM_ItemsAreEqual(&c->serialNumber, caSN)) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
324 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
325 match = nssCertIDMatch_Yes; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
326 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
327 match = nssCertIDMatch_Unknown; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
328 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
329 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
330 return match; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
331 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
332 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
333 static PRBool |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
334 nss3certificate_isValidIssuer(nssDecodedCert *dc) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
335 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
336 CERTCertificate *c = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
337 unsigned int ignore; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
338 return CERT_IsCACert(c, &ignore); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
339 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
340 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
341 static NSSUsage * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
342 nss3certificate_getUsage(nssDecodedCert *dc) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
343 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
344 /* CERTCertificate *c = (CERTCertificate *)dc->data; */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
345 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
346 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
347 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
348 static PRBool |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
349 nss3certificate_isValidAtTime(nssDecodedCert *dc, NSSTime *time) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
350 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
351 SECCertTimeValidity validity; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
352 CERTCertificate *c = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
353 validity = CERT_CheckCertValidTimes(c, NSSTime_GetPRTime(time), PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
354 if (validity == secCertTimeValid) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
355 return PR_TRUE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
356 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
357 return PR_FALSE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
358 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
359 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
360 static PRBool |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
361 nss3certificate_isNewerThan(nssDecodedCert *dc, nssDecodedCert *cmpdc) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
362 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
363 /* I know this isn't right, but this is glue code anyway */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
364 if (cmpdc->type == dc->type) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
365 CERTCertificate *certa = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
366 CERTCertificate *certb = (CERTCertificate *)cmpdc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
367 return CERT_IsNewer(certa, certb); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
368 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
369 return PR_FALSE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
370 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
371 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
372 /* CERT_FilterCertListByUsage */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
373 static PRBool |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
374 nss3certificate_matchUsage(nssDecodedCert *dc, const NSSUsage *usage) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
375 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
376 CERTCertificate *cc; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
377 unsigned int requiredKeyUsage = 0; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
378 unsigned int requiredCertType = 0; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
379 SECStatus secrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
380 PRBool match; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
381 PRBool ca; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
382 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
383 /* This is for NSS 3.3 functions that do not specify a usage */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
384 if (usage->anyUsage) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
385 return PR_TRUE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
386 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
387 ca = usage->nss3lookingForCA; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
388 secrv = CERT_KeyUsageAndTypeForCertUsage(usage->nss3usage, ca, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
389 &requiredKeyUsage, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
390 &requiredCertType); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
391 if (secrv != SECSuccess) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
392 return PR_FALSE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
393 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
394 cc = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
395 secrv = CERT_CheckKeyUsage(cc, requiredKeyUsage); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
396 match = (PRBool)(secrv == SECSuccess); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
397 if (match) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
398 unsigned int certType = 0; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
399 if (ca) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
400 (void)CERT_IsCACert(cc, &certType); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
401 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
402 certType = cc->nsCertType; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
403 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
404 if (!(certType & requiredCertType)) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
405 match = PR_FALSE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
406 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
407 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
408 return match; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
409 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
410 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
411 static PRBool |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
412 nss3certificate_isTrustedForUsage(nssDecodedCert *dc, const NSSUsage *usage) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
413 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
414 CERTCertificate *cc; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
415 PRBool ca; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
416 SECStatus secrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
417 unsigned int requiredFlags; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
418 unsigned int trustFlags; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
419 SECTrustType trustType; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
420 CERTCertTrust trust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
421 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
422 /* This is for NSS 3.3 functions that do not specify a usage */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
423 if (usage->anyUsage) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
424 return PR_FALSE; /* XXX is this right? */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
425 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
426 cc = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
427 ca = usage->nss3lookingForCA; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
428 if (!ca) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
429 PRBool trusted; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
430 unsigned int failedFlags; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
431 secrv = cert_CheckLeafTrust(cc, usage->nss3usage, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
432 &failedFlags, &trusted); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
433 return secrv == SECSuccess && trusted; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
434 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
435 secrv = CERT_TrustFlagsForCACertUsage(usage->nss3usage, &requiredFlags, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
436 &trustType); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
437 if (secrv != SECSuccess) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
438 return PR_FALSE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
439 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
440 secrv = CERT_GetCertTrust(cc, &trust); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
441 if (secrv != SECSuccess) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
442 return PR_FALSE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
443 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
444 if (trustType == trustTypeNone) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
445 /* normally trustTypeNone usages accept any of the given trust bits |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
446 * being on as acceptable. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
447 trustFlags = trust.sslFlags | trust.emailFlags | |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
448 trust.objectSigningFlags; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
449 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
450 trustFlags = SEC_GET_TRUST_FLAGS(&trust, trustType); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
451 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
452 return (trustFlags & requiredFlags) == requiredFlags; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
453 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
454 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
455 static NSSASCII7 * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
456 nss3certificate_getEmailAddress(nssDecodedCert *dc) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
457 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
458 CERTCertificate *cc = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
459 return (cc && cc->emailAddr && cc->emailAddr[0]) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
460 ? (NSSASCII7 *)cc->emailAddr : NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
461 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
462 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
463 static PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
464 nss3certificate_getDERSerialNumber(nssDecodedCert *dc, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
465 NSSDER *serial, NSSArena *arena) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
466 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
467 CERTCertificate *cc = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
468 SECItem derSerial = { 0 }; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
469 SECStatus secrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
470 secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
471 if (secrv == SECSuccess) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
472 (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
473 PORT_Free(derSerial.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
474 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
475 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
476 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
477 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
478 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
479 /* Returns NULL if "encoding" cannot be decoded. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
480 NSS_IMPLEMENT nssDecodedCert * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
481 nssDecodedPKIXCertificate_Create ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
482 NSSArena *arenaOpt, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
483 NSSDER *encoding |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
484 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
485 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
486 nssDecodedCert *rvDC = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
487 CERTCertificate *cert; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
488 SECItem secDER; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
489 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
490 SECITEM_FROM_NSSITEM(&secDER, encoding); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
491 cert = CERT_DecodeDERCertificate(&secDER, PR_TRUE, NULL); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
492 if (cert) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
493 rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
494 if (rvDC) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
495 rvDC->type = NSSCertificateType_PKIX; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
496 rvDC->data = (void *)cert; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
497 rvDC->getIdentifier = nss3certificate_getIdentifier; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
498 rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
499 rvDC->matchIdentifier = nss3certificate_matchIdentifier; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
500 rvDC->isValidIssuer = nss3certificate_isValidIssuer; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
501 rvDC->getUsage = nss3certificate_getUsage; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
502 rvDC->isValidAtTime = nss3certificate_isValidAtTime; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
503 rvDC->isNewerThan = nss3certificate_isNewerThan; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
504 rvDC->matchUsage = nss3certificate_matchUsage; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
505 rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
506 rvDC->getEmailAddress = nss3certificate_getEmailAddress; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
507 rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
508 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
509 CERT_DestroyCertificate(cert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
510 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
511 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
512 return rvDC; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
513 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
514 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
515 static nssDecodedCert * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
516 create_decoded_pkix_cert_from_nss3cert ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
517 NSSArena *arenaOpt, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
518 CERTCertificate *cc |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
519 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
520 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
521 nssDecodedCert *rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
522 if (rvDC) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
523 rvDC->type = NSSCertificateType_PKIX; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
524 rvDC->data = (void *)cc; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
525 rvDC->getIdentifier = nss3certificate_getIdentifier; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
526 rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
527 rvDC->matchIdentifier = nss3certificate_matchIdentifier; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
528 rvDC->isValidIssuer = nss3certificate_isValidIssuer; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
529 rvDC->getUsage = nss3certificate_getUsage; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
530 rvDC->isValidAtTime = nss3certificate_isValidAtTime; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
531 rvDC->isNewerThan = nss3certificate_isNewerThan; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
532 rvDC->matchUsage = nss3certificate_matchUsage; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
533 rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
534 rvDC->getEmailAddress = nss3certificate_getEmailAddress; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
535 rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
536 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
537 return rvDC; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
538 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
539 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
540 NSS_IMPLEMENT PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
541 nssDecodedPKIXCertificate_Destroy ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
542 nssDecodedCert *dc |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
543 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
544 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
545 CERTCertificate *cert = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
546 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
547 /* The decoder may only be half initialized (the case where we find we |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
548 * could not decode the certificate). In this case, there is not cert to |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
549 * free, just free the dc structure. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
550 if (cert) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
551 PRBool freeSlot = cert->ownSlot; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
552 PK11SlotInfo *slot = cert->slot; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
553 PLArenaPool *arena = cert->arena; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
554 /* zero cert before freeing. Any stale references to this cert |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
555 * after this point will probably cause an exception. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
556 PORT_Memset(cert, 0, sizeof *cert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
557 /* free the arena that contains the cert. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
558 PORT_FreeArena(arena, PR_FALSE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
559 if (slot && freeSlot) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
560 PK11_FreeSlot(slot); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
561 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
562 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
563 nss_ZFreeIf(dc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
564 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
565 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
566 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
567 /* see pk11cert.c:pk11_HandleTrustObject */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
568 static unsigned int |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
569 get_nss3trust_from_nss4trust(nssTrustLevel t) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
570 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
571 unsigned int rt = 0; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
572 if (t == nssTrustLevel_Trusted) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
573 rt |= CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
574 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
575 if (t == nssTrustLevel_TrustedDelegator) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
576 rt |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
577 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
578 if (t == nssTrustLevel_NotTrusted) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
579 rt |= CERTDB_TERMINAL_RECORD; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
580 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
581 if (t == nssTrustLevel_ValidDelegator) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
582 rt |= CERTDB_VALID_CA; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
583 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
584 return rt; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
585 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
586 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
587 static CERTCertTrust * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
588 cert_trust_from_stan_trust(NSSTrust *t, PLArenaPool *arena) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
589 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
590 CERTCertTrust *rvTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
591 unsigned int client; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
592 if (!t) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
593 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
594 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
595 rvTrust = PORT_ArenaAlloc(arena, sizeof(CERTCertTrust)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
596 if (!rvTrust) return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
597 rvTrust->sslFlags = get_nss3trust_from_nss4trust(t->serverAuth); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
598 client = get_nss3trust_from_nss4trust(t->clientAuth); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
599 if (client & (CERTDB_TRUSTED_CA|CERTDB_NS_TRUSTED_CA)) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
600 client &= ~(CERTDB_TRUSTED_CA|CERTDB_NS_TRUSTED_CA); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
601 rvTrust->sslFlags |= CERTDB_TRUSTED_CLIENT_CA; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
602 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
603 rvTrust->sslFlags |= client; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
604 rvTrust->emailFlags = get_nss3trust_from_nss4trust(t->emailProtection); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
605 rvTrust->objectSigningFlags = get_nss3trust_from_nss4trust(t->codeSigning); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
606 return rvTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
607 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
608 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
609 CERTCertTrust * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
610 nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
611 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
612 CERTCertTrust *rvTrust = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
613 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
614 NSSTrust *t; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
615 t = nssTrustDomain_FindTrustForCertificate(td, c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
616 if (t) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
617 rvTrust = cert_trust_from_stan_trust(t, cc->arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
618 if (!rvTrust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
619 nssTrust_Destroy(t); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
620 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
621 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
622 nssTrust_Destroy(t); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
623 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
624 rvTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
625 if (!rvTrust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
626 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
627 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
628 memset(rvTrust, 0, sizeof(*rvTrust)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
629 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
630 if (NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL)) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
631 rvTrust->sslFlags |= CERTDB_USER; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
632 rvTrust->emailFlags |= CERTDB_USER; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
633 rvTrust->objectSigningFlags |= CERTDB_USER; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
634 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
635 return rvTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
636 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
637 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
638 static nssCryptokiInstance * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
639 get_cert_instance(NSSCertificate *c) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
640 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
641 nssCryptokiObject *instance, **ci; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
642 nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
643 if (!instances) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
644 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
645 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
646 instance = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
647 for (ci = instances; *ci; ci++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
648 if (!instance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
649 instance = nssCryptokiObject_Clone(*ci); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
650 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
651 /* This only really works for two instances... But 3.4 can't |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
652 * handle more anyway. The logic is, if there are multiple |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
653 * instances, prefer the one that is not internal (e.g., on |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
654 * a hardware device. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
655 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
656 if (PK11_IsInternal(instance->token->pk11slot)) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
657 nssCryptokiObject_Destroy(instance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
658 instance = nssCryptokiObject_Clone(*ci); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
659 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
660 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
661 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
662 nssCryptokiObjectArray_Destroy(instances); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
663 return instance; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
664 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
665 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
666 char * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
667 STAN_GetCERTCertificateNameForInstance ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
668 PLArenaPool *arenaOpt, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
669 NSSCertificate *c, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
670 nssCryptokiInstance *instance |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
671 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
672 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
673 NSSCryptoContext *context = c->object.cryptoContext; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
674 PRStatus nssrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
675 int nicklen, tokenlen, len; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
676 NSSUTF8 *tokenName = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
677 NSSUTF8 *stanNick = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
678 char *nickname = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
679 char *nick; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
680 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
681 if (instance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
682 stanNick = instance->label; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
683 } else if (context) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
684 stanNick = c->object.tempName; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
685 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
686 if (stanNick) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
687 /* fill other fields needed by NSS3 functions using CERTCertificate */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
688 if (instance && (!PK11_IsInternalKeySlot(instance->token->pk11slot) || |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
689 PORT_Strchr(stanNick, ':') != NULL) ) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
690 tokenName = nssToken_GetName(instance->token); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
691 tokenlen = nssUTF8_Size(tokenName, &nssrv); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
692 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
693 /* don't use token name for internal slot; 3.3 didn't */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
694 tokenlen = 0; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
695 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
696 nicklen = nssUTF8_Size(stanNick, &nssrv); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
697 len = tokenlen + nicklen; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
698 if (arenaOpt) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
699 nickname = PORT_ArenaAlloc(arenaOpt, len); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
700 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
701 nickname = PORT_Alloc(len); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
702 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
703 nick = nickname; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
704 if (tokenName) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
705 memcpy(nick, tokenName, tokenlen-1); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
706 nick += tokenlen-1; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
707 *nick++ = ':'; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
708 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
709 memcpy(nick, stanNick, nicklen-1); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
710 nickname[len-1] = '\0'; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
711 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
712 return nickname; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
713 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
714 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
715 char * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
716 STAN_GetCERTCertificateName(PLArenaPool *arenaOpt, NSSCertificate *c) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
717 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
718 char * result; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
719 nssCryptokiInstance *instance = get_cert_instance(c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
720 /* It's OK to call this function, even if instance is NULL */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
721 result = STAN_GetCERTCertificateNameForInstance(arenaOpt, c, instance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
722 if (instance) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
723 nssCryptokiObject_Destroy(instance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
724 return result; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
725 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
726 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
727 static void |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
728 fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
729 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
730 CERTCertTrust* trust = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
731 NSSTrust *nssTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
732 NSSCryptoContext *context = c->object.cryptoContext; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
733 nssCryptokiInstance *instance; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
734 NSSUTF8 *stanNick = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
735 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
736 /* We are holding the base class object's lock on entry of this function |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
737 * This lock protects writes to fields of the CERTCertificate . |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
738 * It is also needed by some functions to compute values such as trust. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
739 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
740 instance = get_cert_instance(c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
741 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
742 if (instance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
743 stanNick = instance->label; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
744 } else if (context) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
745 stanNick = c->object.tempName; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
746 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
747 /* fill other fields needed by NSS3 functions using CERTCertificate */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
748 if ((!cc->nickname && stanNick) || forced) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
749 PRStatus nssrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
750 int nicklen, tokenlen, len; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
751 NSSUTF8 *tokenName = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
752 char *nick; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
753 if (instance && |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
754 (!PK11_IsInternalKeySlot(instance->token->pk11slot) || |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
755 (stanNick && PORT_Strchr(stanNick, ':') != NULL))) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
756 tokenName = nssToken_GetName(instance->token); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
757 tokenlen = nssUTF8_Size(tokenName, &nssrv); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
758 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
759 /* don't use token name for internal slot; 3.3 didn't */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
760 tokenlen = 0; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
761 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
762 if (stanNick) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
763 nicklen = nssUTF8_Size(stanNick, &nssrv); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
764 len = tokenlen + nicklen; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
765 nick = PORT_ArenaAlloc(cc->arena, len); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
766 if (tokenName) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
767 memcpy(nick, tokenName, tokenlen-1); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
768 nick[tokenlen-1] = ':'; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
769 memcpy(nick+tokenlen, stanNick, nicklen-1); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
770 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
771 memcpy(nick, stanNick, nicklen-1); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
772 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
773 nick[len-1] = '\0'; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
774 cc->nickname = nick; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
775 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
776 cc->nickname = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
777 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
778 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
779 if (context) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
780 /* trust */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
781 nssTrust = nssCryptoContext_FindTrustForCertificate(context, c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
782 if (!nssTrust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
783 /* chicken and egg issue: |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
784 * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
785 * c->issuer and c->serial are empty at this point, but |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
786 * nssTrustDomain_FindTrustForCertificate use them to look up |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
787 * up the trust object, so we point them to cc->derIssuer and |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
788 * cc->serialNumber. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
789 * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
790 * Our caller will fill these in with proper arena copies when we |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
791 * return. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
792 c->issuer.data = cc->derIssuer.data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
793 c->issuer.size = cc->derIssuer.len; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
794 c->serial.data = cc->serialNumber.data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
795 c->serial.size = cc->serialNumber.len; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
796 nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
797 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
798 if (nssTrust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
799 trust = cert_trust_from_stan_trust(nssTrust, cc->arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
800 if (trust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
801 /* we should destroy cc->trust before replacing it, but it's |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
802 allocated in cc->arena, so memory growth will occur on each |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
803 refresh */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
804 CERT_LockCertTrust(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
805 cc->trust = trust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
806 CERT_UnlockCertTrust(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
807 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
808 nssTrust_Destroy(nssTrust); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
809 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
810 } else if (instance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
811 /* slot */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
812 if (cc->slot != instance->token->pk11slot) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
813 if (cc->slot) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
814 PK11_FreeSlot(cc->slot); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
815 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
816 cc->slot = PK11_ReferenceSlot(instance->token->pk11slot); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
817 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
818 cc->ownSlot = PR_TRUE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
819 /* pkcs11ID */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
820 cc->pkcs11ID = instance->handle; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
821 /* trust */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
822 trust = nssTrust_GetCERTCertTrustForCert(c, cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
823 if (trust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
824 /* we should destroy cc->trust before replacing it, but it's |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
825 allocated in cc->arena, so memory growth will occur on each |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
826 refresh */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
827 CERT_LockCertTrust(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
828 cc->trust = trust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
829 CERT_UnlockCertTrust(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
830 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
831 nssCryptokiObject_Destroy(instance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
832 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
833 /* database handle is now the trust domain */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
834 cc->dbhandle = c->object.trustDomain; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
835 /* subjectList ? */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
836 /* istemp and isperm are supported in NSS 3.4 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
837 cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
838 cc->isperm = PR_TRUE; /* by default */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
839 /* pointer back */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
840 cc->nssCertificate = c; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
841 if (trust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
842 /* force the cert type to be recomputed to include trust info */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
843 PRUint32 nsCertType = cert_ComputeCertType(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
844 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
845 /* Assert that it is safe to cast &cc->nsCertType to "PRInt32 *" */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
846 PORT_Assert(sizeof(cc->nsCertType) == sizeof(PRInt32)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
847 PR_ATOMIC_SET((PRInt32 *)&cc->nsCertType, nsCertType); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
848 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
849 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
850 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
851 static CERTCertificate * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
852 stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
853 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
854 nssDecodedCert *dc = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
855 CERTCertificate *cc = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
856 CERTCertTrust certTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
857 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
858 nssPKIObject_Lock(&c->object); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
859 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
860 dc = c->decoding; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
861 if (!dc) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
862 dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
863 if (!dc) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
864 goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
865 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
866 cc = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
867 PORT_Assert(cc); /* software error */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
868 if (!cc) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
869 nssDecodedPKIXCertificate_Destroy(dc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
870 nss_SetError(NSS_ERROR_INTERNAL_ERROR); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
871 goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
872 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
873 PORT_Assert(!c->decoding); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
874 if (!c->decoding) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
875 c->decoding = dc; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
876 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
877 /* this should never happen. Fail. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
878 nssDecodedPKIXCertificate_Destroy(dc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
879 nss_SetError(NSS_ERROR_INTERNAL_ERROR); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
880 goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
881 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
882 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
883 cc = (CERTCertificate *)dc->data; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
884 PORT_Assert(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
885 if (!cc) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
886 nss_SetError(NSS_ERROR_INTERNAL_ERROR); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
887 goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
888 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
889 if (!cc->nssCertificate || forceUpdate) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
890 fill_CERTCertificateFields(c, cc, forceUpdate); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
891 } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess && |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
892 !c->object.cryptoContext) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
893 /* if it's a perm cert, it might have been stored before the |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
894 * trust, so look for the trust again. But a temp cert can be |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
895 * ignored. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
896 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
897 CERTCertTrust* trust = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
898 trust = nssTrust_GetCERTCertTrustForCert(c, cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
899 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
900 CERT_LockCertTrust(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
901 cc->trust = trust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
902 CERT_UnlockCertTrust(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
903 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
904 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
905 loser: |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
906 nssPKIObject_Unlock(&c->object); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
907 return cc; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
908 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
909 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
910 NSS_IMPLEMENT CERTCertificate * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
911 STAN_ForceCERTCertificateUpdate(NSSCertificate *c) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
912 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
913 if (c->decoding) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
914 return stan_GetCERTCertificate(c, PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
915 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
916 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
917 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
918 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
919 NSS_IMPLEMENT CERTCertificate * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
920 STAN_GetCERTCertificate(NSSCertificate *c) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
921 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
922 return stan_GetCERTCertificate(c, PR_FALSE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
923 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
924 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
925 * many callers of STAN_GetCERTCertificate() intend that |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
926 * the CERTCertificate returned inherits the reference to the |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
927 * NSSCertificate. For these callers it's convenient to have |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
928 * this function 'own' the reference and either return a valid |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
929 * CERTCertificate structure which inherits the reference or |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
930 * destroy the reference to NSSCertificate and returns NULL. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
931 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
932 NSS_IMPLEMENT CERTCertificate * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
933 STAN_GetCERTCertificateOrRelease(NSSCertificate *c) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
934 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
935 CERTCertificate *nss3cert = stan_GetCERTCertificate(c, PR_FALSE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
936 if (!nss3cert) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
937 nssCertificate_Destroy(c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
938 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
939 return nss3cert; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
940 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
941 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
942 static nssTrustLevel |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
943 get_stan_trust(unsigned int t, PRBool isClientAuth) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
944 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
945 if (isClientAuth) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
946 if (t & CERTDB_TRUSTED_CLIENT_CA) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
947 return nssTrustLevel_TrustedDelegator; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
948 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
949 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
950 if (t & CERTDB_TRUSTED_CA || t & CERTDB_NS_TRUSTED_CA) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
951 return nssTrustLevel_TrustedDelegator; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
952 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
953 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
954 if (t & CERTDB_TRUSTED) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
955 return nssTrustLevel_Trusted; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
956 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
957 if (t & CERTDB_TERMINAL_RECORD) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
958 return nssTrustLevel_NotTrusted; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
959 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
960 if (t & CERTDB_VALID_CA) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
961 return nssTrustLevel_ValidDelegator; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
962 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
963 return nssTrustLevel_MustVerify; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
964 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
965 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
966 NSS_EXTERN NSSCertificate * |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
967 STAN_GetNSSCertificate(CERTCertificate *cc) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
968 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
969 NSSCertificate *c; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
970 nssCryptokiInstance *instance; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
971 nssPKIObject *pkiob; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
972 NSSArena *arena; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
973 c = cc->nssCertificate; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
974 if (c) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
975 return c; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
976 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
977 /* i don't think this should happen. but if it can, need to create |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
978 * NSSCertificate from CERTCertificate values here. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
979 /* Yup, it can happen. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
980 arena = NSSArena_Create(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
981 if (!arena) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
982 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
983 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
984 c = nss_ZNEW(arena, NSSCertificate); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
985 if (!c) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
986 nssArena_Destroy(arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
987 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
988 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
989 NSSITEM_FROM_SECITEM(&c->encoding, &cc->derCert); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
990 c->type = NSSCertificateType_PKIX; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
991 pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKIMonitor); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
992 if (!pkiob) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
993 nssArena_Destroy(arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
994 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
995 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
996 c->object = *pkiob; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
997 nssItem_Create(arena, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
998 &c->issuer, cc->derIssuer.len, cc->derIssuer.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
999 nssItem_Create(arena, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1000 &c->subject, cc->derSubject.len, cc->derSubject.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1001 if (PR_TRUE) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1002 /* CERTCertificate stores serial numbers decoded. I need the DER |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1003 * here. sigh. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1004 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1005 SECItem derSerial; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1006 SECStatus secrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1007 secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1008 if (secrv == SECFailure) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1009 nssArena_Destroy(arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1010 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1011 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1012 nssItem_Create(arena, &c->serial, derSerial.len, derSerial.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1013 PORT_Free(derSerial.data); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1014 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1015 if (cc->emailAddr && cc->emailAddr[0]) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1016 c->email = nssUTF8_Create(arena, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1017 nssStringType_PrintableString, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1018 (NSSUTF8 *)cc->emailAddr, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1019 PORT_Strlen(cc->emailAddr)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1020 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1021 if (cc->slot) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1022 instance = nss_ZNEW(arena, nssCryptokiInstance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1023 if (!instance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1024 nssArena_Destroy(arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1025 return NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1026 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1027 instance->token = nssToken_AddRef(PK11Slot_GetNSSToken(cc->slot)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1028 instance->handle = cc->pkcs11ID; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1029 instance->isTokenObject = PR_TRUE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1030 if (cc->nickname) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1031 instance->label = nssUTF8_Create(arena, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1032 nssStringType_UTF8String, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1033 (NSSUTF8 *)cc->nickname, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1034 PORT_Strlen(cc->nickname)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1035 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1036 nssPKIObject_AddInstance(&c->object, instance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1037 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1038 c->decoding = create_decoded_pkix_cert_from_nss3cert(NULL, cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1039 cc->nssCertificate = c; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1040 return c; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1041 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1042 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1043 static NSSToken* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1044 stan_GetTrustToken ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1045 NSSCertificate *c |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1046 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1047 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1048 NSSToken *ttok = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1049 NSSToken *rtok = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1050 NSSToken *tok = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1051 nssCryptokiObject **ip; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1052 nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1053 if (!instances) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1054 return PR_FALSE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1055 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1056 for (ip = instances; *ip; ip++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1057 nssCryptokiObject *instance = *ip; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1058 nssCryptokiObject *to = |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1059 nssToken_FindTrustForCertificate(instance->token, NULL, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1060 &c->encoding, &c->issuer, &c->serial, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1061 nssTokenSearchType_TokenOnly); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1062 NSSToken *ctok = instance->token; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1063 PRBool ro = PK11_IsReadOnly(ctok->pk11slot); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1064 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1065 if (to) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1066 nssCryptokiObject_Destroy(to); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1067 ttok = ctok; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1068 if (!ro) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1069 break; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1070 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1071 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1072 if (!rtok && ro) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1073 rtok = ctok; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1074 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1075 if (!tok && !ro) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1076 tok = ctok; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1077 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1078 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1079 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1080 nssCryptokiObjectArray_Destroy(instances); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1081 return ttok ? ttok : (tok ? tok : rtok); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1082 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1083 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1084 NSS_EXTERN PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1085 STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1086 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1087 PRStatus nssrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1088 NSSCertificate *c = STAN_GetNSSCertificate(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1089 NSSToken *tok; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1090 NSSTrustDomain *td; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1091 NSSTrust *nssTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1092 NSSArena *arena; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1093 CERTCertTrust *oldTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1094 CERTCertTrust *newTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1095 nssListIterator *tokens; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1096 PRBool moving_object; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1097 nssCryptokiObject *newInstance; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1098 nssPKIObject *pkiob; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1099 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1100 if (c == NULL) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1101 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1102 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1103 oldTrust = nssTrust_GetCERTCertTrustForCert(c, cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1104 if (oldTrust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1105 if (memcmp(oldTrust, trust, sizeof (CERTCertTrust)) == 0) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1106 /* ... and the new trust is no different, done) */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1107 return PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1108 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1109 /* take over memory already allocated in cc's arena */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1110 newTrust = oldTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1111 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1112 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1113 newTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1114 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1115 memcpy(newTrust, trust, sizeof(CERTCertTrust)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1116 CERT_LockCertTrust(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1117 cc->trust = newTrust; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1118 CERT_UnlockCertTrust(cc); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1119 /* Set the NSSCerticate's trust */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1120 arena = nssArena_Create(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1121 if (!arena) return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1122 nssTrust = nss_ZNEW(arena, NSSTrust); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1123 if (!nssTrust) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1124 nssArena_Destroy(arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1125 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1126 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1127 pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKILock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1128 if (!pkiob) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1129 nssArena_Destroy(arena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1130 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1131 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1132 nssTrust->object = *pkiob; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1133 nssTrust->certificate = c; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1134 nssTrust->serverAuth = get_stan_trust(trust->sslFlags, PR_FALSE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1135 nssTrust->clientAuth = get_stan_trust(trust->sslFlags, PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1136 nssTrust->emailProtection = get_stan_trust(trust->emailFlags, PR_FALSE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1137 nssTrust->codeSigning = get_stan_trust(trust->objectSigningFlags, PR_FALSE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1138 nssTrust->stepUpApproved = |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1139 (PRBool)(trust->sslFlags & CERTDB_GOVT_APPROVED_CA); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1140 if (c->object.cryptoContext != NULL) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1141 /* The cert is in a context, set the trust there */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1142 NSSCryptoContext *cc = c->object.cryptoContext; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1143 nssrv = nssCryptoContext_ImportTrust(cc, nssTrust); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1144 if (nssrv != PR_SUCCESS) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1145 goto done; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1146 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1147 if (c->object.numInstances == 0) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1148 /* The context is the only instance, finished */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1149 goto done; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1150 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1151 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1152 td = STAN_GetDefaultTrustDomain(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1153 tok = stan_GetTrustToken(c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1154 moving_object = PR_FALSE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1155 if (tok && PK11_IsReadOnly(tok->pk11slot)) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1156 NSSRWLock_LockRead(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1157 tokens = nssList_CreateIterator(td->tokenList); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1158 if (!tokens) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1159 nssrv = PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1160 NSSRWLock_UnlockRead(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1161 goto done; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1162 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1163 for (tok = (NSSToken *)nssListIterator_Start(tokens); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1164 tok != (NSSToken *)NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1165 tok = (NSSToken *)nssListIterator_Next(tokens)) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1166 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1167 if (!PK11_IsReadOnly(tok->pk11slot)) break; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1168 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1169 nssListIterator_Finish(tokens); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1170 nssListIterator_Destroy(tokens); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1171 NSSRWLock_UnlockRead(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1172 moving_object = PR_TRUE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1173 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1174 if (tok) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1175 if (moving_object) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1176 /* this is kind of hacky. the softoken needs the cert |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1177 * object in order to store trust. forcing it to be perm |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1178 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1179 NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1180 NSSASCII7 *email = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1181 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1182 if (PK11_IsInternal(tok->pk11slot)) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1183 email = c->email; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1184 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1185 newInstance = nssToken_ImportCertificate(tok, NULL, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1186 NSSCertificateType_PKIX, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1187 &c->id, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1188 nickname, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1189 &c->encoding, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1190 &c->issuer, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1191 &c->subject, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1192 &c->serial, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1193 email, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1194 PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1195 nss_ZFreeIf(nickname); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1196 nickname = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1197 if (!newInstance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1198 nssrv = PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1199 goto done; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1200 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1201 nssPKIObject_AddInstance(&c->object, newInstance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1202 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1203 newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1204 &c->issuer, &c->serial, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1205 nssTrust->serverAuth, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1206 nssTrust->clientAuth, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1207 nssTrust->codeSigning, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1208 nssTrust->emailProtection, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1209 nssTrust->stepUpApproved, PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1210 /* If the selected token can't handle trust, dump the trust on |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1211 * the internal token */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1212 if (!newInstance && !PK11_IsInternalKeySlot(tok->pk11slot)) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1213 PK11SlotInfo *slot = PK11_GetInternalKeySlot(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1214 NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1215 NSSASCII7 *email = c->email; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1216 tok = PK11Slot_GetNSSToken(slot); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1217 PK11_FreeSlot(slot); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1218 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1219 newInstance = nssToken_ImportCertificate(tok, NULL, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1220 NSSCertificateType_PKIX, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1221 &c->id, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1222 nickname, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1223 &c->encoding, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1224 &c->issuer, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1225 &c->subject, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1226 &c->serial, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1227 email, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1228 PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1229 nss_ZFreeIf(nickname); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1230 nickname = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1231 if (!newInstance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1232 nssrv = PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1233 goto done; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1234 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1235 nssPKIObject_AddInstance(&c->object, newInstance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1236 newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1237 &c->issuer, &c->serial, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1238 nssTrust->serverAuth, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1239 nssTrust->clientAuth, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1240 nssTrust->codeSigning, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1241 nssTrust->emailProtection, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1242 nssTrust->stepUpApproved, PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1243 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1244 if (newInstance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1245 nssCryptokiObject_Destroy(newInstance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1246 nssrv = PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1247 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1248 nssrv = PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1249 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1250 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1251 nssrv = PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1252 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1253 done: |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1254 (void)nssTrust_Destroy(nssTrust); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1255 return nssrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1256 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1257 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1258 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1259 ** Delete trust objects matching the given slot. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1260 ** Returns error if a device fails to delete. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1261 ** |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1262 ** This function has the side effect of moving the |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1263 ** surviving entries to the front of the object list |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1264 ** and nullifying the rest. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1265 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1266 static PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1267 DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1268 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1269 int numNotDestroyed = 0; /* the ones skipped plus the failures */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1270 int failureCount = 0; /* actual deletion failures by devices */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1271 int index; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1272 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1273 nssPKIObject_Lock(tObject); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1274 /* Keep going even if a module fails to delete. */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1275 for (index = 0; index < tObject->numInstances; index++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1276 nssCryptokiObject *instance = tObject->instances[index]; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1277 if (!instance) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1278 continue; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1279 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1280 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1281 /* ReadOnly and not matched treated the same */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1282 if (PK11_IsReadOnly(instance->token->pk11slot) || |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1283 pk11slot != instance->token->pk11slot) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1284 tObject->instances[numNotDestroyed++] = instance; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1285 continue; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1286 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1287 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1288 /* Here we have found a matching one */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1289 tObject->instances[index] = NULL; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1290 if (nssToken_DeleteStoredObject(instance) == PR_SUCCESS) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1291 nssCryptokiObject_Destroy(instance); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1292 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1293 tObject->instances[numNotDestroyed++] = instance; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1294 failureCount++; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1295 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1296 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1297 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1298 if (numNotDestroyed == 0) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1299 nss_ZFreeIf(tObject->instances); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1300 tObject->numInstances = 0; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1301 } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1302 tObject->numInstances = numNotDestroyed; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1303 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1304 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1305 nssPKIObject_Unlock(tObject); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1306 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1307 return failureCount == 0 ? PR_SUCCESS : PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1308 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1309 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1310 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1311 ** Delete trust objects matching the slot of the given certificate. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1312 ** Returns an error if any device fails to delete. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1313 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1314 NSS_EXTERN PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1315 STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1316 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1317 PRStatus nssrv = PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1318 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1319 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1320 NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1321 /* caller made sure nssTrust isn't NULL */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1322 nssPKIObject *tobject = &nssTrust->object; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1323 nssPKIObject *cobject = &c->object; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1324 int i; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1325 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1326 /* Iterate through the cert and trust object instances looking for |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1327 * those with matching pk11 slots to delete. Even if some device |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1328 * can't delete we keep going. Keeping a status variable for the |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1329 * loop so that once it's failed the other gets set. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1330 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1331 NSSRWLock_LockRead(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1332 nssPKIObject_Lock(cobject); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1333 for (i = 0; i < cobject->numInstances; i++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1334 nssCryptokiObject *cInstance = cobject->instances[i]; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1335 if (cInstance && !PK11_IsReadOnly(cInstance->token->pk11slot)) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1336 PRStatus status; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1337 if (!tobject->numInstances || !tobject->instances) continue; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1338 status = DeleteCertTrustMatchingSlot(cInstance->token->pk11slot, tobject); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1339 if (status == PR_FAILURE) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1340 /* set the outer one but keep going */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1341 nssrv = PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1342 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1343 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1344 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1345 nssPKIObject_Unlock(cobject); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1346 NSSRWLock_UnlockRead(td->tokensLock); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1347 return nssrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1348 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1349 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1350 /* CERT_TraversePermCertsForSubject */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1351 NSS_IMPLEMENT PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1352 nssTrustDomain_TraverseCertificatesBySubject ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1353 NSSTrustDomain *td, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1354 NSSDER *subject, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1355 PRStatus (*callback)(NSSCertificate *c, void *arg), |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1356 void *arg |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1357 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1358 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1359 PRStatus nssrv = PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1360 NSSArena *tmpArena; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1361 NSSCertificate **subjectCerts; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1362 NSSCertificate *c; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1363 PRIntn i; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1364 tmpArena = NSSArena_Create(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1365 if (!tmpArena) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1366 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1367 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1368 subjectCerts = NSSTrustDomain_FindCertificatesBySubject(td, subject, NULL, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1369 0, tmpArena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1370 if (subjectCerts) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1371 for (i=0, c = subjectCerts[i]; c; i++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1372 nssrv = callback(c, arg); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1373 if (nssrv != PR_SUCCESS) break; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1374 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1375 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1376 nssArena_Destroy(tmpArena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1377 return nssrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1378 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1379 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1380 /* CERT_TraversePermCertsForNickname */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1381 NSS_IMPLEMENT PRStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1382 nssTrustDomain_TraverseCertificatesByNickname ( |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1383 NSSTrustDomain *td, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1384 NSSUTF8 *nickname, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1385 PRStatus (*callback)(NSSCertificate *c, void *arg), |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1386 void *arg |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1387 ) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1388 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1389 PRStatus nssrv = PR_SUCCESS; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1390 NSSArena *tmpArena; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1391 NSSCertificate **nickCerts; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1392 NSSCertificate *c; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1393 PRIntn i; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1394 tmpArena = NSSArena_Create(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1395 if (!tmpArena) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1396 return PR_FAILURE; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1397 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1398 nickCerts = NSSTrustDomain_FindCertificatesByNickname(td, nickname, NULL, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1399 0, tmpArena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1400 if (nickCerts) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1401 for (i=0, c = nickCerts[i]; c; i++) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1402 nssrv = callback(c, arg); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1403 if (nssrv != PR_SUCCESS) break; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1404 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1405 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1406 nssArena_Destroy(tmpArena); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1407 return nssrv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1408 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1409 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1410 static void cert_dump_iter(const void *k, void *v, void *a) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1411 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1412 NSSCertificate *c = (NSSCertificate *)k; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1413 CERTCertificate *cert = STAN_GetCERTCertificate(c); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1414 printf("[%2d] \"%s\"\n", c->object.refCount, cert->subjectName); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1415 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1416 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1417 void |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1418 nss_DumpCertificateCacheInfo() |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1419 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1420 NSSTrustDomain *td; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1421 NSSCryptoContext *cc; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1422 td = STAN_GetDefaultTrustDomain(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1423 cc = STAN_GetDefaultCryptoContext(); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1424 printf("\n\nCertificates in the cache:\n"); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1425 nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1426 printf("\n\nCertificates in the temporary store:\n"); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1427 if (cc->certStore) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1428 nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1429 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1430 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1431 |