1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ssl/authcert.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,89 @@
1.4 +/*
1.5 + * NSS utility functions
1.6 + *
1.7 + * This Source Code Form is subject to the terms of the Mozilla Public
1.8 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.9 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.10 +
1.11 +#include <stdio.h>
1.12 +#include <string.h>
1.13 +#include "prerror.h"
1.14 +#include "secitem.h"
1.15 +#include "prnetdb.h"
1.16 +#include "cert.h"
1.17 +#include "nspr.h"
1.18 +#include "secder.h"
1.19 +#include "key.h"
1.20 +#include "nss.h"
1.21 +#include "ssl.h"
1.22 +#include "pk11func.h" /* for PK11_ function calls */
1.23 +
1.24 +/*
1.25 + * This callback used by SSL to pull client sertificate upon
1.26 + * server request
1.27 + */
1.28 +SECStatus
1.29 +NSS_GetClientAuthData(void * arg,
1.30 + PRFileDesc * socket,
1.31 + struct CERTDistNamesStr * caNames,
1.32 + struct CERTCertificateStr ** pRetCert,
1.33 + struct SECKEYPrivateKeyStr **pRetKey)
1.34 +{
1.35 + CERTCertificate * cert = NULL;
1.36 + SECKEYPrivateKey * privkey = NULL;
1.37 + char * chosenNickName = (char *)arg; /* CONST */
1.38 + void * proto_win = NULL;
1.39 + SECStatus rv = SECFailure;
1.40 +
1.41 + proto_win = SSL_RevealPinArg(socket);
1.42 +
1.43 + if (chosenNickName) {
1.44 + cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
1.45 + chosenNickName, certUsageSSLClient,
1.46 + PR_FALSE, proto_win);
1.47 + if ( cert ) {
1.48 + privkey = PK11_FindKeyByAnyCert(cert, proto_win);
1.49 + if ( privkey ) {
1.50 + rv = SECSuccess;
1.51 + } else {
1.52 + CERT_DestroyCertificate(cert);
1.53 + }
1.54 + }
1.55 + } else { /* no name given, automatically find the right cert. */
1.56 + CERTCertNicknames * names;
1.57 + int i;
1.58 +
1.59 + names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
1.60 + SEC_CERT_NICKNAMES_USER, proto_win);
1.61 + if (names != NULL) {
1.62 + for (i = 0; i < names->numnicknames; i++) {
1.63 + cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
1.64 + names->nicknames[i], certUsageSSLClient,
1.65 + PR_FALSE, proto_win);
1.66 + if ( !cert )
1.67 + continue;
1.68 + /* Only check unexpired certs */
1.69 + if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
1.70 + secCertTimeValid ) {
1.71 + CERT_DestroyCertificate(cert);
1.72 + continue;
1.73 + }
1.74 + rv = NSS_CmpCertChainWCANames(cert, caNames);
1.75 + if ( rv == SECSuccess ) {
1.76 + privkey = PK11_FindKeyByAnyCert(cert, proto_win);
1.77 + if ( privkey )
1.78 + break;
1.79 + }
1.80 + rv = SECFailure;
1.81 + CERT_DestroyCertificate(cert);
1.82 + }
1.83 + CERT_FreeNicknames(names);
1.84 + }
1.85 + }
1.86 + if (rv == SECSuccess) {
1.87 + *pRetCert = cert;
1.88 + *pRetKey = privkey;
1.89 + }
1.90 + return rv;
1.91 +}
1.92 +
