security/nss/lib/pki/trustdomain.c@6474c204b198 (annotated)
security/nss/lib/pki/trustdomain.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef DEV_H |
| michael@0 | 6 | #include "dev.h" |
| michael@0 | 7 | #endif /* DEV_H */ |
| michael@0 | 8 | |
| michael@0 | 9 | #ifndef PKIM_H |
| michael@0 | 10 | #include "pkim.h" |
| michael@0 | 11 | #endif /* PKIM_H */ |
| michael@0 | 12 | |
| michael@0 | 13 | #include "cert.h" |
| michael@0 | 14 | #include "pki3hack.h" |
| michael@0 | 15 | #include "pk11pub.h" |
| michael@0 | 16 | #include "nssrwlk.h" |
| michael@0 | 17 | |
| michael@0 | 18 | #define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32 |
| michael@0 | 19 | |
| michael@0 | 20 | extern const NSSError NSS_ERROR_NOT_FOUND; |
| michael@0 | 21 | |
| michael@0 | 22 | typedef PRUint32 nssUpdateLevel; |
| michael@0 | 23 | |
| michael@0 | 24 | NSS_IMPLEMENT NSSTrustDomain * |
| michael@0 | 25 | NSSTrustDomain_Create ( |
| michael@0 | 26 | NSSUTF8 *moduleOpt, |
| michael@0 | 27 | NSSUTF8 *uriOpt, |
| michael@0 | 28 | NSSUTF8 *opaqueOpt, |
| michael@0 | 29 | void *reserved |
| michael@0 | 30 | ) |
| michael@0 | 31 | { |
| michael@0 | 32 | NSSArena *arena; |
| michael@0 | 33 | NSSTrustDomain *rvTD; |
| michael@0 | 34 | arena = NSSArena_Create(); |
| michael@0 | 35 | if(!arena) { |
| michael@0 | 36 | return (NSSTrustDomain *)NULL; |
| michael@0 | 37 | } |
| michael@0 | 38 | rvTD = nss_ZNEW(arena, NSSTrustDomain); |
| michael@0 | 39 | if (!rvTD) { |
| michael@0 | 40 | goto loser; |
| michael@0 | 41 | } |
| michael@0 | 42 | /* protect the token list and the token iterator */ |
| michael@0 | 43 | rvTD->tokensLock = NSSRWLock_New(100, "tokens"); |
| michael@0 | 44 | if (!rvTD->tokensLock) { |
| michael@0 | 45 | goto loser; |
| michael@0 | 46 | } |
| michael@0 | 47 | nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE); |
| michael@0 | 48 | rvTD->arena = arena; |
| michael@0 | 49 | rvTD->refCount = 1; |
| michael@0 | 50 | rvTD->statusConfig = NULL; |
| michael@0 | 51 | return rvTD; |
| michael@0 | 52 | loser: |
| michael@0 | 53 | if (rvTD && rvTD->tokensLock) { |
| michael@0 | 54 | NSSRWLock_Destroy(rvTD->tokensLock); |
| michael@0 | 55 | } |
| michael@0 | 56 | nssArena_Destroy(arena); |
| michael@0 | 57 | return (NSSTrustDomain *)NULL; |
| michael@0 | 58 | } |
| michael@0 | 59 | |
| michael@0 | 60 | static void |
| michael@0 | 61 | token_destructor(void *t) |
| michael@0 | 62 | { |
| michael@0 | 63 | NSSToken *tok = (NSSToken *)t; |
| michael@0 | 64 | /* The token holds the first/last reference to the slot. |
| michael@0 | 65 | * When the token is actually destroyed (ref count == 0), |
| michael@0 | 66 | * the slot will also be destroyed. |
| michael@0 | 67 | */ |
| michael@0 | 68 | nssToken_Destroy(tok); |
| michael@0 | 69 | } |
| michael@0 | 70 | |
| michael@0 | 71 | NSS_IMPLEMENT PRStatus |
| michael@0 | 72 | NSSTrustDomain_Destroy ( |
| michael@0 | 73 | NSSTrustDomain *td |
| michael@0 | 74 | ) |
| michael@0 | 75 | { |
| michael@0 | 76 | PRStatus status = PR_SUCCESS; |
| michael@0 | 77 | if (--td->refCount == 0) { |
| michael@0 | 78 | /* Destroy each token in the list of tokens */ |
| michael@0 | 79 | if (td->tokens) { |
| michael@0 | 80 | nssListIterator_Destroy(td->tokens); |
| michael@0 | 81 | td->tokens = NULL; |
| michael@0 | 82 | } |
| michael@0 | 83 | if (td->tokenList) { |
| michael@0 | 84 | nssList_Clear(td->tokenList, token_destructor); |
| michael@0 | 85 | nssList_Destroy(td->tokenList); |
| michael@0 | 86 | td->tokenList = NULL; |
| michael@0 | 87 | } |
| michael@0 | 88 | NSSRWLock_Destroy(td->tokensLock); |
| michael@0 | 89 | td->tokensLock = NULL; |
| michael@0 | 90 | status = nssTrustDomain_DestroyCache(td); |
| michael@0 | 91 | if (status == PR_FAILURE) { |
| michael@0 | 92 | return status; |
| michael@0 | 93 | } |
| michael@0 | 94 | if (td->statusConfig) { |
| michael@0 | 95 | td->statusConfig->statusDestroy(td->statusConfig); |
| michael@0 | 96 | td->statusConfig = NULL; |
| michael@0 | 97 | } |
| michael@0 | 98 | /* Destroy the trust domain */ |
| michael@0 | 99 | nssArena_Destroy(td->arena); |
| michael@0 | 100 | } |
| michael@0 | 101 | return status; |
| michael@0 | 102 | } |
| michael@0 | 103 | |
| michael@0 | 104 | /* XXX uses tokens until slot list is in place */ |
| michael@0 | 105 | static NSSSlot ** |
| michael@0 | 106 | nssTrustDomain_GetActiveSlots ( |
| michael@0 | 107 | NSSTrustDomain *td, |
| michael@0 | 108 | nssUpdateLevel *updateLevel |
| michael@0 | 109 | ) |
| michael@0 | 110 | { |
| michael@0 | 111 | PRUint32 count; |
| michael@0 | 112 | NSSSlot **slots = NULL; |
| michael@0 | 113 | NSSToken **tp, **tokens; |
| michael@0 | 114 | *updateLevel = 1; |
| michael@0 | 115 | NSSRWLock_LockRead(td->tokensLock); |
| michael@0 | 116 | count = nssList_Count(td->tokenList); |
| michael@0 | 117 | tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1); |
| michael@0 | 118 | if (!tokens) { |
| michael@0 | 119 | NSSRWLock_UnlockRead(td->tokensLock); |
| michael@0 | 120 | return NULL; |
| michael@0 | 121 | } |
| michael@0 | 122 | slots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1); |
| michael@0 | 123 | if (!slots) { |
| michael@0 | 124 | NSSRWLock_UnlockRead(td->tokensLock); |
| michael@0 | 125 | nss_ZFreeIf(tokens); |
| michael@0 | 126 | return NULL; |
| michael@0 | 127 | } |
| michael@0 | 128 | nssList_GetArray(td->tokenList, (void **)tokens, count); |
| michael@0 | 129 | NSSRWLock_UnlockRead(td->tokensLock); |
| michael@0 | 130 | count = 0; |
| michael@0 | 131 | for (tp = tokens; *tp; tp++) { |
| michael@0 | 132 | NSSSlot * slot = nssToken_GetSlot(*tp); |
| michael@0 | 133 | if (!PK11_IsDisabled(slot->pk11slot)) { |
| michael@0 | 134 | slots[count++] = slot; |
| michael@0 | 135 | } else { |
| michael@0 | 136 | nssSlot_Destroy(slot); |
| michael@0 | 137 | } |
| michael@0 | 138 | } |
| michael@0 | 139 | nss_ZFreeIf(tokens); |
| michael@0 | 140 | if (!count) { |
| michael@0 | 141 | nss_ZFreeIf(slots); |
| michael@0 | 142 | slots = NULL; |
| michael@0 | 143 | } |
| michael@0 | 144 | return slots; |
| michael@0 | 145 | } |
| michael@0 | 146 | |
| michael@0 | 147 | /* XXX */ |
| michael@0 | 148 | static nssSession * |
| michael@0 | 149 | nssTrustDomain_GetSessionForToken ( |
| michael@0 | 150 | NSSTrustDomain *td, |
| michael@0 | 151 | NSSToken *token |
| michael@0 | 152 | ) |
| michael@0 | 153 | { |
| michael@0 | 154 | return nssToken_GetDefaultSession(token); |
| michael@0 | 155 | } |
| michael@0 | 156 | |
| michael@0 | 157 | NSS_IMPLEMENT PRStatus |
| michael@0 | 158 | NSSTrustDomain_SetDefaultCallback ( |
| michael@0 | 159 | NSSTrustDomain *td, |
| michael@0 | 160 | NSSCallback *newCallback, |
| michael@0 | 161 | NSSCallback **oldCallbackOpt |
| michael@0 | 162 | ) |
| michael@0 | 163 | { |
| michael@0 | 164 | if (oldCallbackOpt) { |
| michael@0 | 165 | *oldCallbackOpt = td->defaultCallback; |
| michael@0 | 166 | } |
| michael@0 | 167 | td->defaultCallback = newCallback; |
| michael@0 | 168 | return PR_SUCCESS; |
| michael@0 | 169 | } |
| michael@0 | 170 | |
| michael@0 | 171 | NSS_IMPLEMENT NSSCallback * |
| michael@0 | 172 | nssTrustDomain_GetDefaultCallback ( |
| michael@0 | 173 | NSSTrustDomain *td, |
| michael@0 | 174 | PRStatus *statusOpt |
| michael@0 | 175 | ) |
| michael@0 | 176 | { |
| michael@0 | 177 | if (statusOpt) { |
| michael@0 | 178 | *statusOpt = PR_SUCCESS; |
| michael@0 | 179 | } |
| michael@0 | 180 | return td->defaultCallback; |
| michael@0 | 181 | } |
| michael@0 | 182 | |
| michael@0 | 183 | NSS_IMPLEMENT NSSCallback * |
| michael@0 | 184 | NSSTrustDomain_GetDefaultCallback ( |
| michael@0 | 185 | NSSTrustDomain *td, |
| michael@0 | 186 | PRStatus *statusOpt |
| michael@0 | 187 | ) |
| michael@0 | 188 | { |
| michael@0 | 189 | return nssTrustDomain_GetDefaultCallback(td, statusOpt); |
| michael@0 | 190 | } |
| michael@0 | 191 | |
| michael@0 | 192 | NSS_IMPLEMENT PRStatus |
| michael@0 | 193 | NSSTrustDomain_LoadModule ( |
| michael@0 | 194 | NSSTrustDomain *td, |
| michael@0 | 195 | NSSUTF8 *moduleOpt, |
| michael@0 | 196 | NSSUTF8 *uriOpt, |
| michael@0 | 197 | NSSUTF8 *opaqueOpt, |
| michael@0 | 198 | void *reserved |
| michael@0 | 199 | ) |
| michael@0 | 200 | { |
| michael@0 | 201 | return PR_FAILURE; |
| michael@0 | 202 | } |
| michael@0 | 203 | |
| michael@0 | 204 | NSS_IMPLEMENT PRStatus |
| michael@0 | 205 | NSSTrustDomain_DisableToken ( |
| michael@0 | 206 | NSSTrustDomain *td, |
| michael@0 | 207 | NSSToken *token, |
| michael@0 | 208 | NSSError why |
| michael@0 | 209 | ) |
| michael@0 | 210 | { |
| michael@0 | 211 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 212 | return PR_FAILURE; |
| michael@0 | 213 | } |
| michael@0 | 214 | |
| michael@0 | 215 | NSS_IMPLEMENT PRStatus |
| michael@0 | 216 | NSSTrustDomain_EnableToken ( |
| michael@0 | 217 | NSSTrustDomain *td, |
| michael@0 | 218 | NSSToken *token |
| michael@0 | 219 | ) |
| michael@0 | 220 | { |
| michael@0 | 221 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 222 | return PR_FAILURE; |
| michael@0 | 223 | } |
| michael@0 | 224 | |
| michael@0 | 225 | NSS_IMPLEMENT PRStatus |
| michael@0 | 226 | NSSTrustDomain_IsTokenEnabled ( |
| michael@0 | 227 | NSSTrustDomain *td, |
| michael@0 | 228 | NSSToken *token, |
| michael@0 | 229 | NSSError *whyOpt |
| michael@0 | 230 | ) |
| michael@0 | 231 | { |
| michael@0 | 232 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 233 | return PR_FAILURE; |
| michael@0 | 234 | } |
| michael@0 | 235 | |
| michael@0 | 236 | NSS_IMPLEMENT NSSSlot * |
| michael@0 | 237 | NSSTrustDomain_FindSlotByName ( |
| michael@0 | 238 | NSSTrustDomain *td, |
| michael@0 | 239 | NSSUTF8 *slotName |
| michael@0 | 240 | ) |
| michael@0 | 241 | { |
| michael@0 | 242 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 243 | return NULL; |
| michael@0 | 244 | } |
| michael@0 | 245 | |
| michael@0 | 246 | NSS_IMPLEMENT NSSToken * |
| michael@0 | 247 | NSSTrustDomain_FindTokenByName ( |
| michael@0 | 248 | NSSTrustDomain *td, |
| michael@0 | 249 | NSSUTF8 *tokenName |
| michael@0 | 250 | ) |
| michael@0 | 251 | { |
| michael@0 | 252 | PRStatus nssrv; |
| michael@0 | 253 | NSSUTF8 *myName; |
| michael@0 | 254 | NSSToken *tok = NULL; |
| michael@0 | 255 | NSSRWLock_LockRead(td->tokensLock); |
| michael@0 | 256 | for (tok = (NSSToken *)nssListIterator_Start(td->tokens); |
| michael@0 | 257 | tok != (NSSToken *)NULL; |
| michael@0 | 258 | tok = (NSSToken *)nssListIterator_Next(td->tokens)) |
| michael@0 | 259 | { |
| michael@0 | 260 | if (nssToken_IsPresent(tok)) { |
| michael@0 | 261 | myName = nssToken_GetName(tok); |
| michael@0 | 262 | if (nssUTF8_Equal(tokenName, myName, &nssrv)) break; |
| michael@0 | 263 | } |
| michael@0 | 264 | } |
| michael@0 | 265 | nssListIterator_Finish(td->tokens); |
| michael@0 | 266 | NSSRWLock_UnlockRead(td->tokensLock); |
| michael@0 | 267 | return tok; |
| michael@0 | 268 | } |
| michael@0 | 269 | |
| michael@0 | 270 | NSS_IMPLEMENT NSSToken * |
| michael@0 | 271 | NSSTrustDomain_FindTokenBySlotName ( |
| michael@0 | 272 | NSSTrustDomain *td, |
| michael@0 | 273 | NSSUTF8 *slotName |
| michael@0 | 274 | ) |
| michael@0 | 275 | { |
| michael@0 | 276 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 277 | return NULL; |
| michael@0 | 278 | } |
| michael@0 | 279 | |
| michael@0 | 280 | NSS_IMPLEMENT NSSToken * |
| michael@0 | 281 | NSSTrustDomain_FindTokenForAlgorithm ( |
| michael@0 | 282 | NSSTrustDomain *td, |
| michael@0 | 283 | NSSOID *algorithm |
| michael@0 | 284 | ) |
| michael@0 | 285 | { |
| michael@0 | 286 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 287 | return NULL; |
| michael@0 | 288 | } |
| michael@0 | 289 | |
| michael@0 | 290 | NSS_IMPLEMENT NSSToken * |
| michael@0 | 291 | NSSTrustDomain_FindBestTokenForAlgorithms ( |
| michael@0 | 292 | NSSTrustDomain *td, |
| michael@0 | 293 | NSSOID *algorithms[], /* may be null-terminated */ |
| michael@0 | 294 | PRUint32 nAlgorithmsOpt /* limits the array if nonzero */ |
| michael@0 | 295 | ) |
| michael@0 | 296 | { |
| michael@0 | 297 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 298 | return NULL; |
| michael@0 | 299 | } |
| michael@0 | 300 | |
| michael@0 | 301 | NSS_IMPLEMENT PRStatus |
| michael@0 | 302 | NSSTrustDomain_Login ( |
| michael@0 | 303 | NSSTrustDomain *td, |
| michael@0 | 304 | NSSCallback *uhhOpt |
| michael@0 | 305 | ) |
| michael@0 | 306 | { |
| michael@0 | 307 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 308 | return PR_FAILURE; |
| michael@0 | 309 | } |
| michael@0 | 310 | |
| michael@0 | 311 | NSS_IMPLEMENT PRStatus |
| michael@0 | 312 | NSSTrustDomain_Logout ( |
| michael@0 | 313 | NSSTrustDomain *td |
| michael@0 | 314 | ) |
| michael@0 | 315 | { |
| michael@0 | 316 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 317 | return PR_FAILURE; |
| michael@0 | 318 | } |
| michael@0 | 319 | |
| michael@0 | 320 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 321 | NSSTrustDomain_ImportCertificate ( |
| michael@0 | 322 | NSSTrustDomain *td, |
| michael@0 | 323 | NSSCertificate *c |
| michael@0 | 324 | ) |
| michael@0 | 325 | { |
| michael@0 | 326 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 327 | return NULL; |
| michael@0 | 328 | } |
| michael@0 | 329 | |
| michael@0 | 330 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 331 | NSSTrustDomain_ImportPKIXCertificate ( |
| michael@0 | 332 | NSSTrustDomain *td, |
| michael@0 | 333 | /* declared as a struct until these "data types" are defined */ |
| michael@0 | 334 | struct NSSPKIXCertificateStr *pc |
| michael@0 | 335 | ) |
| michael@0 | 336 | { |
| michael@0 | 337 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 338 | return NULL; |
| michael@0 | 339 | } |
| michael@0 | 340 | |
| michael@0 | 341 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 342 | NSSTrustDomain_ImportEncodedCertificate ( |
| michael@0 | 343 | NSSTrustDomain *td, |
| michael@0 | 344 | NSSBER *ber |
| michael@0 | 345 | ) |
| michael@0 | 346 | { |
| michael@0 | 347 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 348 | return NULL; |
| michael@0 | 349 | } |
| michael@0 | 350 | |
| michael@0 | 351 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 352 | NSSTrustDomain_ImportEncodedCertificateChain ( |
| michael@0 | 353 | NSSTrustDomain *td, |
| michael@0 | 354 | NSSBER *ber, |
| michael@0 | 355 | NSSCertificate *rvOpt[], |
| michael@0 | 356 | PRUint32 maximumOpt, /* 0 for no max */ |
| michael@0 | 357 | NSSArena *arenaOpt |
| michael@0 | 358 | ) |
| michael@0 | 359 | { |
| michael@0 | 360 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 361 | return NULL; |
| michael@0 | 362 | } |
| michael@0 | 363 | |
| michael@0 | 364 | NSS_IMPLEMENT NSSPrivateKey * |
| michael@0 | 365 | NSSTrustDomain_ImportEncodedPrivateKey ( |
| michael@0 | 366 | NSSTrustDomain *td, |
| michael@0 | 367 | NSSBER *ber, |
| michael@0 | 368 | NSSItem *passwordOpt, /* NULL will cause a callback */ |
| michael@0 | 369 | NSSCallback *uhhOpt, |
| michael@0 | 370 | NSSToken *destination |
| michael@0 | 371 | ) |
| michael@0 | 372 | { |
| michael@0 | 373 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 374 | return NULL; |
| michael@0 | 375 | } |
| michael@0 | 376 | |
| michael@0 | 377 | NSS_IMPLEMENT NSSPublicKey * |
| michael@0 | 378 | NSSTrustDomain_ImportEncodedPublicKey ( |
| michael@0 | 379 | NSSTrustDomain *td, |
| michael@0 | 380 | NSSBER *ber |
| michael@0 | 381 | ) |
| michael@0 | 382 | { |
| michael@0 | 383 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 384 | return NULL; |
| michael@0 | 385 | } |
| michael@0 | 386 | |
| michael@0 | 387 | static NSSCertificate ** |
| michael@0 | 388 | get_certs_from_list(nssList *list) |
| michael@0 | 389 | { |
| michael@0 | 390 | PRUint32 count = nssList_Count(list); |
| michael@0 | 391 | NSSCertificate **certs = NULL; |
| michael@0 | 392 | if (count > 0) { |
| michael@0 | 393 | certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); |
| michael@0 | 394 | if (certs) { |
| michael@0 | 395 | nssList_GetArray(list, (void **)certs, count); |
| michael@0 | 396 | } |
| michael@0 | 397 | } |
| michael@0 | 398 | return certs; |
| michael@0 | 399 | } |
| michael@0 | 400 | |
| michael@0 | 401 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 402 | nssTrustDomain_FindCertificatesByNickname ( |
| michael@0 | 403 | NSSTrustDomain *td, |
| michael@0 | 404 | const NSSUTF8 *name, |
| michael@0 | 405 | NSSCertificate *rvOpt[], |
| michael@0 | 406 | PRUint32 maximumOpt, /* 0 for no max */ |
| michael@0 | 407 | NSSArena *arenaOpt |
| michael@0 | 408 | ) |
| michael@0 | 409 | { |
| michael@0 | 410 | NSSToken *token = NULL; |
| michael@0 | 411 | NSSSlot **slots = NULL; |
| michael@0 | 412 | NSSSlot **slotp; |
| michael@0 | 413 | NSSCertificate **rvCerts = NULL; |
| michael@0 | 414 | nssPKIObjectCollection *collection = NULL; |
| michael@0 | 415 | nssUpdateLevel updateLevel; |
| michael@0 | 416 | nssList *nameList; |
| michael@0 | 417 | PRUint32 numRemaining = maximumOpt; |
| michael@0 | 418 | PRUint32 collectionCount = 0; |
| michael@0 | 419 | PRUint32 errors = 0; |
| michael@0 | 420 | |
| michael@0 | 421 | /* First, grab from the cache */ |
| michael@0 | 422 | nameList = nssList_Create(NULL, PR_FALSE); |
| michael@0 | 423 | if (!nameList) { |
| michael@0 | 424 | return NULL; |
| michael@0 | 425 | } |
| michael@0 | 426 | (void)nssTrustDomain_GetCertsForNicknameFromCache(td, name, nameList); |
| michael@0 | 427 | rvCerts = get_certs_from_list(nameList); |
| michael@0 | 428 | /* initialize the collection of token certificates with the set of |
| michael@0 | 429 | * cached certs (if any). |
| michael@0 | 430 | */ |
| michael@0 | 431 | collection = nssCertificateCollection_Create(td, rvCerts); |
| michael@0 | 432 | nssCertificateArray_Destroy(rvCerts); |
| michael@0 | 433 | nssList_Destroy(nameList); |
| michael@0 | 434 | if (!collection) { |
| michael@0 | 435 | return (NSSCertificate **)NULL; |
| michael@0 | 436 | } |
| michael@0 | 437 | /* obtain the current set of active slots in the trust domain */ |
| michael@0 | 438 | slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); |
| michael@0 | 439 | if (!slots) { |
| michael@0 | 440 | goto loser; |
| michael@0 | 441 | } |
| michael@0 | 442 | /* iterate over the slots */ |
| michael@0 | 443 | for (slotp = slots; *slotp; slotp++) { |
| michael@0 | 444 | token = nssSlot_GetToken(*slotp); |
| michael@0 | 445 | if (token) { |
| michael@0 | 446 | nssSession *session; |
| michael@0 | 447 | nssCryptokiObject **instances = NULL; |
| michael@0 | 448 | nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; |
| michael@0 | 449 | PRStatus status = PR_FAILURE; |
| michael@0 | 450 | |
| michael@0 | 451 | session = nssTrustDomain_GetSessionForToken(td, token); |
| michael@0 | 452 | if (session) { |
| michael@0 | 453 | instances = nssToken_FindCertificatesByNickname(token, |
| michael@0 | 454 | session, |
| michael@0 | 455 | name, |
| michael@0 | 456 | tokenOnly, |
| michael@0 | 457 | numRemaining, |
| michael@0 | 458 | &status); |
| michael@0 | 459 | } |
| michael@0 | 460 | nssToken_Destroy(token); |
| michael@0 | 461 | if (status != PR_SUCCESS) { |
| michael@0 | 462 | errors++; |
| michael@0 | 463 | continue; |
| michael@0 | 464 | } |
| michael@0 | 465 | if (instances) { |
| michael@0 | 466 | status = nssPKIObjectCollection_AddInstances(collection, |
| michael@0 | 467 | instances, 0); |
| michael@0 | 468 | nss_ZFreeIf(instances); |
| michael@0 | 469 | if (status != PR_SUCCESS) { |
| michael@0 | 470 | errors++; |
| michael@0 | 471 | continue; |
| michael@0 | 472 | } |
| michael@0 | 473 | collectionCount = nssPKIObjectCollection_Count(collection); |
| michael@0 | 474 | if (maximumOpt > 0) { |
| michael@0 | 475 | if (collectionCount >= maximumOpt) |
| michael@0 | 476 | break; |
| michael@0 | 477 | numRemaining = maximumOpt - collectionCount; |
| michael@0 | 478 | } |
| michael@0 | 479 | } |
| michael@0 | 480 | } |
| michael@0 | 481 | } |
| michael@0 | 482 | if (!collectionCount && errors) |
| michael@0 | 483 | goto loser; |
| michael@0 | 484 | /* Grab the certs collected in the search. */ |
| michael@0 | 485 | rvCerts = nssPKIObjectCollection_GetCertificates(collection, |
| michael@0 | 486 | rvOpt, maximumOpt, |
| michael@0 | 487 | arenaOpt); |
| michael@0 | 488 | /* clean up */ |
| michael@0 | 489 | nssPKIObjectCollection_Destroy(collection); |
| michael@0 | 490 | nssSlotArray_Destroy(slots); |
| michael@0 | 491 | return rvCerts; |
| michael@0 | 492 | loser: |
| michael@0 | 493 | if (slots) { |
| michael@0 | 494 | nssSlotArray_Destroy(slots); |
| michael@0 | 495 | } |
| michael@0 | 496 | if (collection) { |
| michael@0 | 497 | nssPKIObjectCollection_Destroy(collection); |
| michael@0 | 498 | } |
| michael@0 | 499 | return (NSSCertificate **)NULL; |
| michael@0 | 500 | } |
| michael@0 | 501 | |
| michael@0 | 502 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 503 | NSSTrustDomain_FindCertificatesByNickname ( |
| michael@0 | 504 | NSSTrustDomain *td, |
| michael@0 | 505 | NSSUTF8 *name, |
| michael@0 | 506 | NSSCertificate *rvOpt[], |
| michael@0 | 507 | PRUint32 maximumOpt, /* 0 for no max */ |
| michael@0 | 508 | NSSArena *arenaOpt |
| michael@0 | 509 | ) |
| michael@0 | 510 | { |
| michael@0 | 511 | return nssTrustDomain_FindCertificatesByNickname(td, |
| michael@0 | 512 | name, |
| michael@0 | 513 | rvOpt, |
| michael@0 | 514 | maximumOpt, |
| michael@0 | 515 | arenaOpt); |
| michael@0 | 516 | } |
| michael@0 | 517 | |
| michael@0 | 518 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 519 | nssTrustDomain_FindBestCertificateByNickname ( |
| michael@0 | 520 | NSSTrustDomain *td, |
| michael@0 | 521 | const NSSUTF8 *name, |
| michael@0 | 522 | NSSTime *timeOpt, |
| michael@0 | 523 | NSSUsage *usage, |
| michael@0 | 524 | NSSPolicies *policiesOpt |
| michael@0 | 525 | ) |
| michael@0 | 526 | { |
| michael@0 | 527 | NSSCertificate **nicknameCerts; |
| michael@0 | 528 | NSSCertificate *rvCert = NULL; |
| michael@0 | 529 | nicknameCerts = nssTrustDomain_FindCertificatesByNickname(td, name, |
| michael@0 | 530 | NULL, |
| michael@0 | 531 | 0, |
| michael@0 | 532 | NULL); |
| michael@0 | 533 | if (nicknameCerts) { |
| michael@0 | 534 | rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts, |
| michael@0 | 535 | timeOpt, |
| michael@0 | 536 | usage, |
| michael@0 | 537 | policiesOpt); |
| michael@0 | 538 | nssCertificateArray_Destroy(nicknameCerts); |
| michael@0 | 539 | } |
| michael@0 | 540 | return rvCert; |
| michael@0 | 541 | } |
| michael@0 | 542 | |
| michael@0 | 543 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 544 | NSSTrustDomain_FindBestCertificateByNickname ( |
| michael@0 | 545 | NSSTrustDomain *td, |
| michael@0 | 546 | const NSSUTF8 *name, |
| michael@0 | 547 | NSSTime *timeOpt, |
| michael@0 | 548 | NSSUsage *usage, |
| michael@0 | 549 | NSSPolicies *policiesOpt |
| michael@0 | 550 | ) |
| michael@0 | 551 | { |
| michael@0 | 552 | return nssTrustDomain_FindBestCertificateByNickname(td, |
| michael@0 | 553 | name, |
| michael@0 | 554 | timeOpt, |
| michael@0 | 555 | usage, |
| michael@0 | 556 | policiesOpt); |
| michael@0 | 557 | } |
| michael@0 | 558 | |
| michael@0 | 559 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 560 | nssTrustDomain_FindCertificatesBySubject ( |
| michael@0 | 561 | NSSTrustDomain *td, |
| michael@0 | 562 | NSSDER *subject, |
| michael@0 | 563 | NSSCertificate *rvOpt[], |
| michael@0 | 564 | PRUint32 maximumOpt, /* 0 for no max */ |
| michael@0 | 565 | NSSArena *arenaOpt |
| michael@0 | 566 | ) |
| michael@0 | 567 | { |
| michael@0 | 568 | NSSToken *token = NULL; |
| michael@0 | 569 | NSSSlot **slots = NULL; |
| michael@0 | 570 | NSSSlot **slotp; |
| michael@0 | 571 | NSSCertificate **rvCerts = NULL; |
| michael@0 | 572 | nssPKIObjectCollection *collection = NULL; |
| michael@0 | 573 | nssUpdateLevel updateLevel; |
| michael@0 | 574 | nssList *subjectList; |
| michael@0 | 575 | PRUint32 numRemaining = maximumOpt; |
| michael@0 | 576 | PRUint32 collectionCount = 0; |
| michael@0 | 577 | PRUint32 errors = 0; |
| michael@0 | 578 | |
| michael@0 | 579 | /* look in cache */ |
| michael@0 | 580 | subjectList = nssList_Create(NULL, PR_FALSE); |
| michael@0 | 581 | if (!subjectList) { |
| michael@0 | 582 | return NULL; |
| michael@0 | 583 | } |
| michael@0 | 584 | (void)nssTrustDomain_GetCertsForSubjectFromCache(td, subject, subjectList); |
| michael@0 | 585 | rvCerts = get_certs_from_list(subjectList); |
| michael@0 | 586 | collection = nssCertificateCollection_Create(td, rvCerts); |
| michael@0 | 587 | nssCertificateArray_Destroy(rvCerts); |
| michael@0 | 588 | nssList_Destroy(subjectList); |
| michael@0 | 589 | if (!collection) { |
| michael@0 | 590 | return (NSSCertificate **)NULL; |
| michael@0 | 591 | } |
| michael@0 | 592 | slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); |
| michael@0 | 593 | if (!slots) { |
| michael@0 | 594 | goto loser; |
| michael@0 | 595 | } |
| michael@0 | 596 | for (slotp = slots; *slotp; slotp++) { |
| michael@0 | 597 | token = nssSlot_GetToken(*slotp); |
| michael@0 | 598 | if (token) { |
| michael@0 | 599 | nssSession *session; |
| michael@0 | 600 | nssCryptokiObject **instances = NULL; |
| michael@0 | 601 | nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; |
| michael@0 | 602 | PRStatus status = PR_FAILURE; |
| michael@0 | 603 | |
| michael@0 | 604 | session = nssTrustDomain_GetSessionForToken(td, token); |
| michael@0 | 605 | if (session) { |
| michael@0 | 606 | instances = nssToken_FindCertificatesBySubject(token, |
| michael@0 | 607 | session, |
| michael@0 | 608 | subject, |
| michael@0 | 609 | tokenOnly, |
| michael@0 | 610 | numRemaining, |
| michael@0 | 611 | &status); |
| michael@0 | 612 | } |
| michael@0 | 613 | nssToken_Destroy(token); |
| michael@0 | 614 | if (status != PR_SUCCESS) { |
| michael@0 | 615 | errors++; |
| michael@0 | 616 | continue; |
| michael@0 | 617 | } |
| michael@0 | 618 | if (instances) { |
| michael@0 | 619 | status = nssPKIObjectCollection_AddInstances(collection, |
| michael@0 | 620 | instances, 0); |
| michael@0 | 621 | nss_ZFreeIf(instances); |
| michael@0 | 622 | if (status != PR_SUCCESS) { |
| michael@0 | 623 | errors++; |
| michael@0 | 624 | continue; |
| michael@0 | 625 | } |
| michael@0 | 626 | collectionCount = nssPKIObjectCollection_Count(collection); |
| michael@0 | 627 | if (maximumOpt > 0) { |
| michael@0 | 628 | if (collectionCount >= maximumOpt) |
| michael@0 | 629 | break; |
| michael@0 | 630 | numRemaining = maximumOpt - collectionCount; |
| michael@0 | 631 | } |
| michael@0 | 632 | } |
| michael@0 | 633 | } |
| michael@0 | 634 | } |
| michael@0 | 635 | if (!collectionCount && errors) |
| michael@0 | 636 | goto loser; |
| michael@0 | 637 | rvCerts = nssPKIObjectCollection_GetCertificates(collection, |
| michael@0 | 638 | rvOpt, maximumOpt, |
| michael@0 | 639 | arenaOpt); |
| michael@0 | 640 | nssPKIObjectCollection_Destroy(collection); |
| michael@0 | 641 | nssSlotArray_Destroy(slots); |
| michael@0 | 642 | return rvCerts; |
| michael@0 | 643 | loser: |
| michael@0 | 644 | if (slots) { |
| michael@0 | 645 | nssSlotArray_Destroy(slots); |
| michael@0 | 646 | } |
| michael@0 | 647 | if (collection) { |
| michael@0 | 648 | nssPKIObjectCollection_Destroy(collection); |
| michael@0 | 649 | } |
| michael@0 | 650 | return (NSSCertificate **)NULL; |
| michael@0 | 651 | } |
| michael@0 | 652 | |
| michael@0 | 653 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 654 | NSSTrustDomain_FindCertificatesBySubject ( |
| michael@0 | 655 | NSSTrustDomain *td, |
| michael@0 | 656 | NSSDER *subject, |
| michael@0 | 657 | NSSCertificate *rvOpt[], |
| michael@0 | 658 | PRUint32 maximumOpt, |
| michael@0 | 659 | NSSArena *arenaOpt |
| michael@0 | 660 | ) |
| michael@0 | 661 | { |
| michael@0 | 662 | return nssTrustDomain_FindCertificatesBySubject(td, |
| michael@0 | 663 | subject, |
| michael@0 | 664 | rvOpt, |
| michael@0 | 665 | maximumOpt, |
| michael@0 | 666 | arenaOpt); |
| michael@0 | 667 | } |
| michael@0 | 668 | |
| michael@0 | 669 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 670 | nssTrustDomain_FindBestCertificateBySubject ( |
| michael@0 | 671 | NSSTrustDomain *td, |
| michael@0 | 672 | NSSDER *subject, |
| michael@0 | 673 | NSSTime *timeOpt, |
| michael@0 | 674 | NSSUsage *usage, |
| michael@0 | 675 | NSSPolicies *policiesOpt |
| michael@0 | 676 | ) |
| michael@0 | 677 | { |
| michael@0 | 678 | NSSCertificate **subjectCerts; |
| michael@0 | 679 | NSSCertificate *rvCert = NULL; |
| michael@0 | 680 | subjectCerts = nssTrustDomain_FindCertificatesBySubject(td, subject, |
| michael@0 | 681 | NULL, |
| michael@0 | 682 | 0, |
| michael@0 | 683 | NULL); |
| michael@0 | 684 | if (subjectCerts) { |
| michael@0 | 685 | rvCert = nssCertificateArray_FindBestCertificate(subjectCerts, |
| michael@0 | 686 | timeOpt, |
| michael@0 | 687 | usage, |
| michael@0 | 688 | policiesOpt); |
| michael@0 | 689 | nssCertificateArray_Destroy(subjectCerts); |
| michael@0 | 690 | } |
| michael@0 | 691 | return rvCert; |
| michael@0 | 692 | } |
| michael@0 | 693 | |
| michael@0 | 694 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 695 | NSSTrustDomain_FindBestCertificateBySubject ( |
| michael@0 | 696 | NSSTrustDomain *td, |
| michael@0 | 697 | NSSDER *subject, |
| michael@0 | 698 | NSSTime *timeOpt, |
| michael@0 | 699 | NSSUsage *usage, |
| michael@0 | 700 | NSSPolicies *policiesOpt |
| michael@0 | 701 | ) |
| michael@0 | 702 | { |
| michael@0 | 703 | return nssTrustDomain_FindBestCertificateBySubject(td, |
| michael@0 | 704 | subject, |
| michael@0 | 705 | timeOpt, |
| michael@0 | 706 | usage, |
| michael@0 | 707 | policiesOpt); |
| michael@0 | 708 | } |
| michael@0 | 709 | |
| michael@0 | 710 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 711 | NSSTrustDomain_FindBestCertificateByNameComponents ( |
| michael@0 | 712 | NSSTrustDomain *td, |
| michael@0 | 713 | NSSUTF8 *nameComponents, |
| michael@0 | 714 | NSSTime *timeOpt, |
| michael@0 | 715 | NSSUsage *usage, |
| michael@0 | 716 | NSSPolicies *policiesOpt |
| michael@0 | 717 | ) |
| michael@0 | 718 | { |
| michael@0 | 719 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 720 | return NULL; |
| michael@0 | 721 | } |
| michael@0 | 722 | |
| michael@0 | 723 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 724 | NSSTrustDomain_FindCertificatesByNameComponents ( |
| michael@0 | 725 | NSSTrustDomain *td, |
| michael@0 | 726 | NSSUTF8 *nameComponents, |
| michael@0 | 727 | NSSCertificate *rvOpt[], |
| michael@0 | 728 | PRUint32 maximumOpt, /* 0 for no max */ |
| michael@0 | 729 | NSSArena *arenaOpt |
| michael@0 | 730 | ) |
| michael@0 | 731 | { |
| michael@0 | 732 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 733 | return NULL; |
| michael@0 | 734 | } |
| michael@0 | 735 | |
| michael@0 | 736 | /* This returns at most a single certificate, so it can stop the loop |
| michael@0 | 737 | * when one is found. |
| michael@0 | 738 | */ |
| michael@0 | 739 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 740 | nssTrustDomain_FindCertificateByIssuerAndSerialNumber ( |
| michael@0 | 741 | NSSTrustDomain *td, |
| michael@0 | 742 | NSSDER *issuer, |
| michael@0 | 743 | NSSDER *serial |
| michael@0 | 744 | ) |
| michael@0 | 745 | { |
| michael@0 | 746 | NSSSlot **slots = NULL; |
| michael@0 | 747 | NSSSlot **slotp; |
| michael@0 | 748 | NSSCertificate *rvCert = NULL; |
| michael@0 | 749 | nssPKIObjectCollection *collection = NULL; |
| michael@0 | 750 | nssUpdateLevel updateLevel; |
| michael@0 | 751 | |
| michael@0 | 752 | /* see if this search is already cached */ |
| michael@0 | 753 | rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, |
| michael@0 | 754 | issuer, |
| michael@0 | 755 | serial); |
| michael@0 | 756 | if (rvCert) { |
| michael@0 | 757 | return rvCert; |
| michael@0 | 758 | } |
| michael@0 | 759 | slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); |
| michael@0 | 760 | if (slots) { |
| michael@0 | 761 | for (slotp = slots; *slotp; slotp++) { |
| michael@0 | 762 | NSSToken *token = nssSlot_GetToken(*slotp); |
| michael@0 | 763 | nssSession *session; |
| michael@0 | 764 | nssCryptokiObject *instance; |
| michael@0 | 765 | nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; |
| michael@0 | 766 | PRStatus status = PR_FAILURE; |
| michael@0 | 767 | |
| michael@0 | 768 | if (!token) |
| michael@0 | 769 | continue; |
| michael@0 | 770 | session = nssTrustDomain_GetSessionForToken(td, token); |
| michael@0 | 771 | if (session) { |
| michael@0 | 772 | instance = nssToken_FindCertificateByIssuerAndSerialNumber( |
| michael@0 | 773 | token, |
| michael@0 | 774 | session, |
| michael@0 | 775 | issuer, |
| michael@0 | 776 | serial, |
| michael@0 | 777 | tokenOnly, |
| michael@0 | 778 | &status); |
| michael@0 | 779 | } |
| michael@0 | 780 | nssToken_Destroy(token); |
| michael@0 | 781 | if (status != PR_SUCCESS) { |
| michael@0 | 782 | continue; |
| michael@0 | 783 | } |
| michael@0 | 784 | if (instance) { |
| michael@0 | 785 | if (!collection) { |
| michael@0 | 786 | collection = nssCertificateCollection_Create(td, NULL); |
| michael@0 | 787 | if (!collection) { |
| michael@0 | 788 | break; /* don't keep looping if out if memory */ |
| michael@0 | 789 | } |
| michael@0 | 790 | } |
| michael@0 | 791 | status = nssPKIObjectCollection_AddInstances(collection, |
| michael@0 | 792 | &instance, 1); |
| michael@0 | 793 | if (status == PR_SUCCESS) { |
| michael@0 | 794 | (void)nssPKIObjectCollection_GetCertificates( |
| michael@0 | 795 | collection, &rvCert, 1, NULL); |
| michael@0 | 796 | } |
| michael@0 | 797 | if (rvCert) { |
| michael@0 | 798 | break; /* found one cert, all done */ |
| michael@0 | 799 | } |
| michael@0 | 800 | } |
| michael@0 | 801 | } |
| michael@0 | 802 | } |
| michael@0 | 803 | if (collection) { |
| michael@0 | 804 | nssPKIObjectCollection_Destroy(collection); |
| michael@0 | 805 | } |
| michael@0 | 806 | if (slots) { |
| michael@0 | 807 | nssSlotArray_Destroy(slots); |
| michael@0 | 808 | } |
| michael@0 | 809 | return rvCert; |
| michael@0 | 810 | } |
| michael@0 | 811 | |
| michael@0 | 812 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 813 | NSSTrustDomain_FindCertificateByIssuerAndSerialNumber ( |
| michael@0 | 814 | NSSTrustDomain *td, |
| michael@0 | 815 | NSSDER *issuer, |
| michael@0 | 816 | NSSDER *serial |
| michael@0 | 817 | ) |
| michael@0 | 818 | { |
| michael@0 | 819 | return nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td, |
| michael@0 | 820 | issuer, |
| michael@0 | 821 | serial); |
| michael@0 | 822 | } |
| michael@0 | 823 | |
| michael@0 | 824 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 825 | nssTrustDomain_FindCertificateByEncodedCertificate ( |
| michael@0 | 826 | NSSTrustDomain *td, |
| michael@0 | 827 | NSSBER *ber |
| michael@0 | 828 | ) |
| michael@0 | 829 | { |
| michael@0 | 830 | PRStatus status; |
| michael@0 | 831 | NSSCertificate *rvCert = NULL; |
| michael@0 | 832 | NSSDER issuer = { 0 }; |
| michael@0 | 833 | NSSDER serial = { 0 }; |
| michael@0 | 834 | NSSArena *arena = nssArena_Create(); |
| michael@0 | 835 | if (!arena) { |
| michael@0 | 836 | return (NSSCertificate *)NULL; |
| michael@0 | 837 | } |
| michael@0 | 838 | /* XXX this is not generic... will any cert crack into issuer/serial? */ |
| michael@0 | 839 | status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial); |
| michael@0 | 840 | if (status != PR_SUCCESS) { |
| michael@0 | 841 | goto finish; |
| michael@0 | 842 | } |
| michael@0 | 843 | rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td, |
| michael@0 | 844 | &issuer, |
| michael@0 | 845 | &serial); |
| michael@0 | 846 | finish: |
| michael@0 | 847 | nssArena_Destroy(arena); |
| michael@0 | 848 | return rvCert; |
| michael@0 | 849 | } |
| michael@0 | 850 | |
| michael@0 | 851 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 852 | NSSTrustDomain_FindCertificateByEncodedCertificate ( |
| michael@0 | 853 | NSSTrustDomain *td, |
| michael@0 | 854 | NSSBER *ber |
| michael@0 | 855 | ) |
| michael@0 | 856 | { |
| michael@0 | 857 | return nssTrustDomain_FindCertificateByEncodedCertificate(td, ber); |
| michael@0 | 858 | } |
| michael@0 | 859 | |
| michael@0 | 860 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 861 | NSSTrustDomain_FindBestCertificateByEmail ( |
| michael@0 | 862 | NSSTrustDomain *td, |
| michael@0 | 863 | NSSASCII7 *email, |
| michael@0 | 864 | NSSTime *timeOpt, |
| michael@0 | 865 | NSSUsage *usage, |
| michael@0 | 866 | NSSPolicies *policiesOpt |
| michael@0 | 867 | ) |
| michael@0 | 868 | { |
| michael@0 | 869 | return 0; |
| michael@0 | 870 | } |
| michael@0 | 871 | |
| michael@0 | 872 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 873 | NSSTrustDomain_FindCertificatesByEmail ( |
| michael@0 | 874 | NSSTrustDomain *td, |
| michael@0 | 875 | NSSASCII7 *email, |
| michael@0 | 876 | NSSCertificate *rvOpt[], |
| michael@0 | 877 | PRUint32 maximumOpt, /* 0 for no max */ |
| michael@0 | 878 | NSSArena *arenaOpt |
| michael@0 | 879 | ) |
| michael@0 | 880 | { |
| michael@0 | 881 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 882 | return NULL; |
| michael@0 | 883 | } |
| michael@0 | 884 | |
| michael@0 | 885 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 886 | NSSTrustDomain_FindCertificateByOCSPHash ( |
| michael@0 | 887 | NSSTrustDomain *td, |
| michael@0 | 888 | NSSItem *hash |
| michael@0 | 889 | ) |
| michael@0 | 890 | { |
| michael@0 | 891 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 892 | return NULL; |
| michael@0 | 893 | } |
| michael@0 | 894 | |
| michael@0 | 895 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 896 | NSSTrustDomain_FindBestUserCertificate ( |
| michael@0 | 897 | NSSTrustDomain *td, |
| michael@0 | 898 | NSSTime *timeOpt, |
| michael@0 | 899 | NSSUsage *usage, |
| michael@0 | 900 | NSSPolicies *policiesOpt |
| michael@0 | 901 | ) |
| michael@0 | 902 | { |
| michael@0 | 903 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 904 | return NULL; |
| michael@0 | 905 | } |
| michael@0 | 906 | |
| michael@0 | 907 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 908 | NSSTrustDomain_FindUserCertificates ( |
| michael@0 | 909 | NSSTrustDomain *td, |
| michael@0 | 910 | NSSTime *timeOpt, |
| michael@0 | 911 | NSSUsage *usageOpt, |
| michael@0 | 912 | NSSPolicies *policiesOpt, |
| michael@0 | 913 | NSSCertificate **rvOpt, |
| michael@0 | 914 | PRUint32 rvLimit, /* zero for no limit */ |
| michael@0 | 915 | NSSArena *arenaOpt |
| michael@0 | 916 | ) |
| michael@0 | 917 | { |
| michael@0 | 918 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 919 | return NULL; |
| michael@0 | 920 | } |
| michael@0 | 921 | |
| michael@0 | 922 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 923 | NSSTrustDomain_FindBestUserCertificateForSSLClientAuth ( |
| michael@0 | 924 | NSSTrustDomain *td, |
| michael@0 | 925 | NSSUTF8 *sslHostOpt, |
| michael@0 | 926 | NSSDER *rootCAsOpt[], /* null pointer for none */ |
| michael@0 | 927 | PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ |
| michael@0 | 928 | NSSAlgorithmAndParameters *apOpt, |
| michael@0 | 929 | NSSPolicies *policiesOpt |
| michael@0 | 930 | ) |
| michael@0 | 931 | { |
| michael@0 | 932 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 933 | return NULL; |
| michael@0 | 934 | } |
| michael@0 | 935 | |
| michael@0 | 936 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 937 | NSSTrustDomain_FindUserCertificatesForSSLClientAuth ( |
| michael@0 | 938 | NSSTrustDomain *td, |
| michael@0 | 939 | NSSUTF8 *sslHostOpt, |
| michael@0 | 940 | NSSDER *rootCAsOpt[], /* null pointer for none */ |
| michael@0 | 941 | PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ |
| michael@0 | 942 | NSSAlgorithmAndParameters *apOpt, |
| michael@0 | 943 | NSSPolicies *policiesOpt, |
| michael@0 | 944 | NSSCertificate **rvOpt, |
| michael@0 | 945 | PRUint32 rvLimit, /* zero for no limit */ |
| michael@0 | 946 | NSSArena *arenaOpt |
| michael@0 | 947 | ) |
| michael@0 | 948 | { |
| michael@0 | 949 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 950 | return NULL; |
| michael@0 | 951 | } |
| michael@0 | 952 | |
| michael@0 | 953 | NSS_IMPLEMENT NSSCertificate * |
| michael@0 | 954 | NSSTrustDomain_FindBestUserCertificateForEmailSigning ( |
| michael@0 | 955 | NSSTrustDomain *td, |
| michael@0 | 956 | NSSASCII7 *signerOpt, |
| michael@0 | 957 | NSSASCII7 *recipientOpt, |
| michael@0 | 958 | /* anything more here? */ |
| michael@0 | 959 | NSSAlgorithmAndParameters *apOpt, |
| michael@0 | 960 | NSSPolicies *policiesOpt |
| michael@0 | 961 | ) |
| michael@0 | 962 | { |
| michael@0 | 963 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 964 | return NULL; |
| michael@0 | 965 | } |
| michael@0 | 966 | |
| michael@0 | 967 | NSS_IMPLEMENT NSSCertificate ** |
| michael@0 | 968 | NSSTrustDomain_FindUserCertificatesForEmailSigning ( |
| michael@0 | 969 | NSSTrustDomain *td, |
| michael@0 | 970 | NSSASCII7 *signerOpt, |
| michael@0 | 971 | NSSASCII7 *recipientOpt, |
| michael@0 | 972 | /* anything more here? */ |
| michael@0 | 973 | NSSAlgorithmAndParameters *apOpt, |
| michael@0 | 974 | NSSPolicies *policiesOpt, |
| michael@0 | 975 | NSSCertificate **rvOpt, |
| michael@0 | 976 | PRUint32 rvLimit, /* zero for no limit */ |
| michael@0 | 977 | NSSArena *arenaOpt |
| michael@0 | 978 | ) |
| michael@0 | 979 | { |
| michael@0 | 980 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 981 | return NULL; |
| michael@0 | 982 | } |
| michael@0 | 983 | |
| michael@0 | 984 | static PRStatus |
| michael@0 | 985 | collector(nssCryptokiObject *instance, void *arg) |
| michael@0 | 986 | { |
| michael@0 | 987 | nssPKIObjectCollection *collection = (nssPKIObjectCollection *)arg; |
| michael@0 | 988 | return nssPKIObjectCollection_AddInstanceAsObject(collection, instance); |
| michael@0 | 989 | } |
| michael@0 | 990 | |
| michael@0 | 991 | NSS_IMPLEMENT PRStatus * |
| michael@0 | 992 | NSSTrustDomain_TraverseCertificates ( |
| michael@0 | 993 | NSSTrustDomain *td, |
| michael@0 | 994 | PRStatus (*callback)(NSSCertificate *c, void *arg), |
| michael@0 | 995 | void *arg |
| michael@0 | 996 | ) |
| michael@0 | 997 | { |
| michael@0 | 998 | PRStatus status = PR_FAILURE; |
| michael@0 | 999 | NSSToken *token = NULL; |
| michael@0 | 1000 | NSSSlot **slots = NULL; |
| michael@0 | 1001 | NSSSlot **slotp; |
| michael@0 | 1002 | nssPKIObjectCollection *collection = NULL; |
| michael@0 | 1003 | nssPKIObjectCallback pkiCallback; |
| michael@0 | 1004 | nssUpdateLevel updateLevel; |
| michael@0 | 1005 | NSSCertificate **cached = NULL; |
| michael@0 | 1006 | nssList *certList; |
| michael@0 | 1007 | |
| michael@0 | 1008 | certList = nssList_Create(NULL, PR_FALSE); |
| michael@0 | 1009 | if (!certList) |
| michael@0 | 1010 | return NULL; |
| michael@0 | 1011 | (void)nssTrustDomain_GetCertsFromCache(td, certList); |
| michael@0 | 1012 | cached = get_certs_from_list(certList); |
| michael@0 | 1013 | collection = nssCertificateCollection_Create(td, cached); |
| michael@0 | 1014 | nssCertificateArray_Destroy(cached); |
| michael@0 | 1015 | nssList_Destroy(certList); |
| michael@0 | 1016 | if (!collection) { |
| michael@0 | 1017 | return (PRStatus *)NULL; |
| michael@0 | 1018 | } |
| michael@0 | 1019 | /* obtain the current set of active slots in the trust domain */ |
| michael@0 | 1020 | slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); |
| michael@0 | 1021 | if (!slots) { |
| michael@0 | 1022 | goto loser; |
| michael@0 | 1023 | } |
| michael@0 | 1024 | /* iterate over the slots */ |
| michael@0 | 1025 | for (slotp = slots; *slotp; slotp++) { |
| michael@0 | 1026 | /* get the token for the slot, if present */ |
| michael@0 | 1027 | token = nssSlot_GetToken(*slotp); |
| michael@0 | 1028 | if (token) { |
| michael@0 | 1029 | nssSession *session; |
| michael@0 | 1030 | nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; |
| michael@0 | 1031 | /* get a session for the token */ |
| michael@0 | 1032 | session = nssTrustDomain_GetSessionForToken(td, token); |
| michael@0 | 1033 | if (session) { |
| michael@0 | 1034 | /* perform the traversal */ |
| michael@0 | 1035 | status = nssToken_TraverseCertificates(token, |
| michael@0 | 1036 | session, |
| michael@0 | 1037 | tokenOnly, |
| michael@0 | 1038 | collector, |
| michael@0 | 1039 | collection); |
| michael@0 | 1040 | } |
| michael@0 | 1041 | nssToken_Destroy(token); |
| michael@0 | 1042 | } |
| michael@0 | 1043 | } |
| michael@0 | 1044 | |
| michael@0 | 1045 | /* Traverse the collection */ |
| michael@0 | 1046 | pkiCallback.func.cert = callback; |
| michael@0 | 1047 | pkiCallback.arg = arg; |
| michael@0 | 1048 | status = nssPKIObjectCollection_Traverse(collection, &pkiCallback); |
| michael@0 | 1049 | loser: |
| michael@0 | 1050 | if (slots) { |
| michael@0 | 1051 | nssSlotArray_Destroy(slots); |
| michael@0 | 1052 | } |
| michael@0 | 1053 | if (collection) { |
| michael@0 | 1054 | nssPKIObjectCollection_Destroy(collection); |
| michael@0 | 1055 | } |
| michael@0 | 1056 | return NULL; |
| michael@0 | 1057 | } |
| michael@0 | 1058 | |
| michael@0 | 1059 | |
| michael@0 | 1060 | NSS_IMPLEMENT NSSTrust * |
| michael@0 | 1061 | nssTrustDomain_FindTrustForCertificate ( |
| michael@0 | 1062 | NSSTrustDomain *td, |
| michael@0 | 1063 | NSSCertificate *c |
| michael@0 | 1064 | ) |
| michael@0 | 1065 | { |
| michael@0 | 1066 | NSSSlot **slots; |
| michael@0 | 1067 | NSSSlot **slotp; |
| michael@0 | 1068 | nssCryptokiObject *to = NULL; |
| michael@0 | 1069 | nssPKIObject *pkio = NULL; |
| michael@0 | 1070 | NSSTrust *rvt = NULL; |
| michael@0 | 1071 | nssUpdateLevel updateLevel; |
| michael@0 | 1072 | slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); |
| michael@0 | 1073 | if (!slots) { |
| michael@0 | 1074 | return (NSSTrust *)NULL; |
| michael@0 | 1075 | } |
| michael@0 | 1076 | for (slotp = slots; *slotp; slotp++) { |
| michael@0 | 1077 | NSSToken *token = nssSlot_GetToken(*slotp); |
| michael@0 | 1078 | |
| michael@0 | 1079 | if (token) { |
| michael@0 | 1080 | to = nssToken_FindTrustForCertificate(token, NULL, |
| michael@0 | 1081 | &c->encoding, |
| michael@0 | 1082 | &c->issuer, |
| michael@0 | 1083 | &c->serial, |
| michael@0 | 1084 | nssTokenSearchType_TokenOnly); |
| michael@0 | 1085 | if (to) { |
| michael@0 | 1086 | PRStatus status; |
| michael@0 | 1087 | if (!pkio) { |
| michael@0 | 1088 | pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock); |
| michael@0 | 1089 | status = pkio ? PR_SUCCESS : PR_FAILURE; |
| michael@0 | 1090 | } else { |
| michael@0 | 1091 | status = nssPKIObject_AddInstance(pkio, to); |
| michael@0 | 1092 | } |
| michael@0 | 1093 | if (status != PR_SUCCESS) { |
| michael@0 | 1094 | nssCryptokiObject_Destroy(to); |
| michael@0 | 1095 | } |
| michael@0 | 1096 | } |
| michael@0 | 1097 | nssToken_Destroy(token); |
| michael@0 | 1098 | } |
| michael@0 | 1099 | } |
| michael@0 | 1100 | if (pkio) { |
| michael@0 | 1101 | rvt = nssTrust_Create(pkio, &c->encoding); |
| michael@0 | 1102 | if (rvt) { |
| michael@0 | 1103 | pkio = NULL; /* rvt object now owns the pkio reference */ |
| michael@0 | 1104 | } |
| michael@0 | 1105 | } |
| michael@0 | 1106 | nssSlotArray_Destroy(slots); |
| michael@0 | 1107 | if (pkio) { |
| michael@0 | 1108 | nssPKIObject_Destroy(pkio); |
| michael@0 | 1109 | } |
| michael@0 | 1110 | return rvt; |
| michael@0 | 1111 | } |
| michael@0 | 1112 | |
| michael@0 | 1113 | NSS_IMPLEMENT NSSCRL ** |
| michael@0 | 1114 | nssTrustDomain_FindCRLsBySubject ( |
| michael@0 | 1115 | NSSTrustDomain *td, |
| michael@0 | 1116 | NSSDER *subject |
| michael@0 | 1117 | ) |
| michael@0 | 1118 | { |
| michael@0 | 1119 | NSSSlot **slots; |
| michael@0 | 1120 | NSSSlot **slotp; |
| michael@0 | 1121 | NSSToken *token; |
| michael@0 | 1122 | nssUpdateLevel updateLevel; |
| michael@0 | 1123 | nssPKIObjectCollection *collection; |
| michael@0 | 1124 | NSSCRL **rvCRLs = NULL; |
| michael@0 | 1125 | collection = nssCRLCollection_Create(td, NULL); |
| michael@0 | 1126 | if (!collection) { |
| michael@0 | 1127 | return (NSSCRL **)NULL; |
| michael@0 | 1128 | } |
| michael@0 | 1129 | slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); |
| michael@0 | 1130 | if (!slots) { |
| michael@0 | 1131 | goto loser; |
| michael@0 | 1132 | } |
| michael@0 | 1133 | for (slotp = slots; *slotp; slotp++) { |
| michael@0 | 1134 | token = nssSlot_GetToken(*slotp); |
| michael@0 | 1135 | if (token) { |
| michael@0 | 1136 | PRStatus status = PR_FAILURE; |
| michael@0 | 1137 | nssSession *session; |
| michael@0 | 1138 | nssCryptokiObject **instances = NULL; |
| michael@0 | 1139 | nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; |
| michael@0 | 1140 | |
| michael@0 | 1141 | /* get a session for the token */ |
| michael@0 | 1142 | session = nssTrustDomain_GetSessionForToken(td, token); |
| michael@0 | 1143 | if (session) { |
| michael@0 | 1144 | /* perform the traversal */ |
| michael@0 | 1145 | instances = nssToken_FindCRLsBySubject(token, session, subject, |
| michael@0 | 1146 | tokenOnly, 0, &status); |
| michael@0 | 1147 | } |
| michael@0 | 1148 | nssToken_Destroy(token); |
| michael@0 | 1149 | if (status == PR_SUCCESS) { |
| michael@0 | 1150 | /* add the found CRL's to the collection */ |
| michael@0 | 1151 | status = nssPKIObjectCollection_AddInstances(collection, |
| michael@0 | 1152 | instances, 0); |
| michael@0 | 1153 | } |
| michael@0 | 1154 | nss_ZFreeIf(instances); |
| michael@0 | 1155 | } |
| michael@0 | 1156 | } |
| michael@0 | 1157 | rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL); |
| michael@0 | 1158 | loser: |
| michael@0 | 1159 | nssPKIObjectCollection_Destroy(collection); |
| michael@0 | 1160 | nssSlotArray_Destroy(slots); |
| michael@0 | 1161 | return rvCRLs; |
| michael@0 | 1162 | } |
| michael@0 | 1163 | |
| michael@0 | 1164 | NSS_IMPLEMENT PRStatus |
| michael@0 | 1165 | NSSTrustDomain_GenerateKeyPair ( |
| michael@0 | 1166 | NSSTrustDomain *td, |
| michael@0 | 1167 | NSSAlgorithmAndParameters *ap, |
| michael@0 | 1168 | NSSPrivateKey **pvkOpt, |
| michael@0 | 1169 | NSSPublicKey **pbkOpt, |
| michael@0 | 1170 | PRBool privateKeyIsSensitive, |
| michael@0 | 1171 | NSSToken *destination, |
| michael@0 | 1172 | NSSCallback *uhhOpt |
| michael@0 | 1173 | ) |
| michael@0 | 1174 | { |
| michael@0 | 1175 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 1176 | return PR_FAILURE; |
| michael@0 | 1177 | } |
| michael@0 | 1178 | |
| michael@0 | 1179 | NSS_IMPLEMENT NSSSymmetricKey * |
| michael@0 | 1180 | NSSTrustDomain_GenerateSymmetricKey ( |
| michael@0 | 1181 | NSSTrustDomain *td, |
| michael@0 | 1182 | NSSAlgorithmAndParameters *ap, |
| michael@0 | 1183 | PRUint32 keysize, |
| michael@0 | 1184 | NSSToken *destination, |
| michael@0 | 1185 | NSSCallback *uhhOpt |
| michael@0 | 1186 | ) |
| michael@0 | 1187 | { |
| michael@0 | 1188 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 1189 | return NULL; |
| michael@0 | 1190 | } |
| michael@0 | 1191 | |
| michael@0 | 1192 | NSS_IMPLEMENT NSSSymmetricKey * |
| michael@0 | 1193 | NSSTrustDomain_GenerateSymmetricKeyFromPassword ( |
| michael@0 | 1194 | NSSTrustDomain *td, |
| michael@0 | 1195 | NSSAlgorithmAndParameters *ap, |
| michael@0 | 1196 | NSSUTF8 *passwordOpt, /* if null, prompt */ |
| michael@0 | 1197 | NSSToken *destinationOpt, |
| michael@0 | 1198 | NSSCallback *uhhOpt |
| michael@0 | 1199 | ) |
| michael@0 | 1200 | { |
| michael@0 | 1201 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 1202 | return NULL; |
| michael@0 | 1203 | } |
| michael@0 | 1204 | |
| michael@0 | 1205 | NSS_IMPLEMENT NSSSymmetricKey * |
| michael@0 | 1206 | NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID ( |
| michael@0 | 1207 | NSSTrustDomain *td, |
| michael@0 | 1208 | NSSOID *algorithm, |
| michael@0 | 1209 | NSSItem *keyID, |
| michael@0 | 1210 | NSSCallback *uhhOpt |
| michael@0 | 1211 | ) |
| michael@0 | 1212 | { |
| michael@0 | 1213 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 1214 | return NULL; |
| michael@0 | 1215 | } |
| michael@0 | 1216 | |
| michael@0 | 1217 | NSS_IMPLEMENT NSSCryptoContext * |
| michael@0 | 1218 | nssTrustDomain_CreateCryptoContext ( |
| michael@0 | 1219 | NSSTrustDomain *td, |
| michael@0 | 1220 | NSSCallback *uhhOpt |
| michael@0 | 1221 | ) |
| michael@0 | 1222 | { |
| michael@0 | 1223 | return nssCryptoContext_Create(td, uhhOpt); |
| michael@0 | 1224 | } |
| michael@0 | 1225 | |
| michael@0 | 1226 | NSS_IMPLEMENT NSSCryptoContext * |
| michael@0 | 1227 | NSSTrustDomain_CreateCryptoContext ( |
| michael@0 | 1228 | NSSTrustDomain *td, |
| michael@0 | 1229 | NSSCallback *uhhOpt |
| michael@0 | 1230 | ) |
| michael@0 | 1231 | { |
| michael@0 | 1232 | return nssTrustDomain_CreateCryptoContext(td, uhhOpt); |
| michael@0 | 1233 | } |
| michael@0 | 1234 | |
| michael@0 | 1235 | NSS_IMPLEMENT NSSCryptoContext * |
| michael@0 | 1236 | NSSTrustDomain_CreateCryptoContextForAlgorithm ( |
| michael@0 | 1237 | NSSTrustDomain *td, |
| michael@0 | 1238 | NSSOID *algorithm |
| michael@0 | 1239 | ) |
| michael@0 | 1240 | { |
| michael@0 | 1241 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 1242 | return NULL; |
| michael@0 | 1243 | } |
| michael@0 | 1244 | |
| michael@0 | 1245 | NSS_IMPLEMENT NSSCryptoContext * |
| michael@0 | 1246 | NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters ( |
| michael@0 | 1247 | NSSTrustDomain *td, |
| michael@0 | 1248 | NSSAlgorithmAndParameters *ap |
| michael@0 | 1249 | ) |
| michael@0 | 1250 | { |
| michael@0 | 1251 | nss_SetError(NSS_ERROR_NOT_FOUND); |
| michael@0 | 1252 | return NULL; |
| michael@0 | 1253 | } |
| michael@0 | 1254 |
