| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 #ifndef PKIM_H | 5 #ifndef PKIM_H |
| 6 #include "pkim.h" | 6 #include "pkim.h" |
| 7 #endif /* PKIM_H */ | 7 #endif /* PKIM_H */ |
| 8 | 8 |
| 9 #ifndef PKIT_H | 9 #ifndef PKIT_H |
| 10 #include "pkit.h" | 10 #include "pkit.h" |
| (...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 384 PRUint32 numCerts, arrSize; | 384 PRUint32 numCerts, arrSize; |
| 385 }; | 385 }; |
| 386 | 386 |
| 387 static void | 387 static void |
| 388 remove_token_certs(const void *k, void *v, void *a) | 388 remove_token_certs(const void *k, void *v, void *a) |
| 389 { | 389 { |
| 390 NSSCertificate *c = (NSSCertificate *)k; | 390 NSSCertificate *c = (NSSCertificate *)k; |
| 391 nssPKIObject *object = &c->object; | 391 nssPKIObject *object = &c->object; |
| 392 struct token_cert_dtor *dtor = a; | 392 struct token_cert_dtor *dtor = a; |
| 393 PRUint32 i; | 393 PRUint32 i; |
| 394 nssPKIObject_AddRef(object); |
| 394 nssPKIObject_Lock(object); | 395 nssPKIObject_Lock(object); |
| 395 for (i=0; i<object->numInstances; i++) { | 396 for (i=0; i<object->numInstances; i++) { |
| 396 if (object->instances[i]->token == dtor->token) { | 397 if (object->instances[i]->token == dtor->token) { |
| 397 nssCryptokiObject_Destroy(object->instances[i]); | 398 nssCryptokiObject_Destroy(object->instances[i]); |
| 398 object->instances[i] = object->instances[object->numInstances-1]; | 399 object->instances[i] = object->instances[object->numInstances-1]; |
| 399 object->instances[object->numInstances-1] = NULL; | 400 object->instances[object->numInstances-1] = NULL; |
| 400 object->numInstances--; | 401 object->numInstances--; |
| 401 dtor->certs[dtor->numCerts++] = c; | 402 dtor->certs[dtor->numCerts++] = c; |
| 402 if (dtor->numCerts == dtor->arrSize) { | 403 if (dtor->numCerts == dtor->arrSize) { |
| 403 dtor->arrSize *= 2; | 404 dtor->arrSize *= 2; |
| 404 dtor->certs = nss_ZREALLOCARRAY(dtor->certs, | 405 dtor->certs = nss_ZREALLOCARRAY(dtor->certs, |
| 405 NSSCertificate *, | 406 NSSCertificate *, |
| 406 dtor->arrSize); | 407 dtor->arrSize); |
| 407 } | 408 } |
| 408 break; | 409 break; |
| 409 } | 410 } |
| 410 } | 411 } |
| 411 nssPKIObject_Unlock(object); | 412 nssPKIObject_Unlock(object); |
| 413 nssPKIObject_Destroy(object); |
| 412 return; | 414 return; |
| 413 } | 415 } |
| 414 | 416 |
| 415 /* | 417 /* |
| 416 * Remove all certs for the given token from the cache. This is | 418 * Remove all certs for the given token from the cache. This is |
| 417 * needed if the token is removed. | 419 * needed if the token is removed. |
| 418 */ | 420 */ |
| 419 NSS_IMPLEMENT PRStatus | 421 NSS_IMPLEMENT PRStatus |
| 420 nssTrustDomain_RemoveTokenCertsFromCache ( | 422 nssTrustDomain_RemoveTokenCertsFromCache ( |
| 421 NSSTrustDomain *td, | 423 NSSTrustDomain *td, |
| 422 NSSToken *token | 424 NSSToken *token |
| 423 ) | 425 ) |
| 424 { | 426 { |
| 425 NSSCertificate **certs; | 427 NSSCertificate **certs; |
| 426 PRUint32 i, arrSize = 10; | 428 PRUint32 i, arrSize = 10; |
| 427 struct token_cert_dtor dtor; | 429 struct token_cert_dtor dtor; |
| 428 certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize); | 430 certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize); |
| 429 if (!certs) { | 431 if (!certs) { |
| 430 return PR_FAILURE; | 432 return PR_FAILURE; |
| 431 } | 433 } |
| 432 dtor.cache = td->cache; | 434 dtor.cache = td->cache; |
| 433 dtor.token = token; | 435 dtor.token = token; |
| 434 dtor.certs = certs; | 436 dtor.certs = certs; |
| 435 dtor.numCerts = 0; | 437 dtor.numCerts = 0; |
| 436 dtor.arrSize = arrSize; | 438 dtor.arrSize = arrSize; |
| 437 PZ_Lock(td->cache->lock); | 439 PZ_Lock(td->cache->lock); |
| 438 nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, (void *)&dtor); | 440 nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, &dtor); |
| 439 for (i=0; i<dtor.numCerts; i++) { | 441 for (i=0; i<dtor.numCerts; i++) { |
| 440 if (dtor.certs[i]->object.numInstances == 0) { | 442 if (dtor.certs[i]->object.numInstances == 0) { |
| 441 nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]); | 443 nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]); |
| 442 dtor.certs[i] = NULL; /* skip this cert in the second for loop */ | 444 dtor.certs[i] = NULL; /* skip this cert in the second for loop */ |
| 445 } else { |
| 446 /* make sure it doesn't disappear on us before we finish */ |
| 447 nssCertificate_AddRef(dtor.certs[i]); |
| 443 } | 448 } |
| 444 } | 449 } |
| 445 PZ_Unlock(td->cache->lock); | 450 PZ_Unlock(td->cache->lock); |
| 446 for (i=0; i<dtor.numCerts; i++) { | 451 for (i=0; i<dtor.numCerts; i++) { |
| 447 if (dtor.certs[i]) { | 452 if (dtor.certs[i]) { |
| 448 STAN_ForceCERTCertificateUpdate(dtor.certs[i]); | 453 STAN_ForceCERTCertificateUpdate(dtor.certs[i]); |
| 454 nssCertificate_Destroy(dtor.certs[i]); |
| 449 } | 455 } |
| 450 } | 456 } |
| 451 nss_ZFreeIf(dtor.certs); | 457 nss_ZFreeIf(dtor.certs); |
| 452 return PR_SUCCESS; | 458 return PR_SUCCESS; |
| 453 } | 459 } |
| 454 | 460 |
| 455 NSS_IMPLEMENT PRStatus | 461 NSS_IMPLEMENT PRStatus |
| 456 nssTrustDomain_UpdateCachedTokenCerts ( | 462 nssTrustDomain_UpdateCachedTokenCerts ( |
| 457 NSSTrustDomain *td, | 463 NSSTrustDomain *td, |
| 458 NSSToken *token | 464 NSSToken *token |
| (...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1039 ce->lastHit = PR_Now(); | 1045 ce->lastHit = PR_Now(); |
| 1040 rvCert = nssCertificate_AddRef(ce->entry.cert); | 1046 rvCert = nssCertificate_AddRef(ce->entry.cert); |
| 1041 #ifdef DEBUG_CACHE | 1047 #ifdef DEBUG_CACHE |
| 1042 PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); | 1048 PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); |
| 1043 #endif | 1049 #endif |
| 1044 } | 1050 } |
| 1045 PZ_Unlock(td->cache->lock); | 1051 PZ_Unlock(td->cache->lock); |
| 1046 return rvCert; | 1052 return rvCert; |
| 1047 } | 1053 } |
| 1048 | 1054 |
| 1049 static PRStatus | |
| 1050 issuer_and_serial_from_encoding ( | |
| 1051 NSSBER *encoding, | |
| 1052 NSSDER *issuer, | |
| 1053 NSSDER *serial | |
| 1054 ) | |
| 1055 { | |
| 1056 SECItem derCert, derIssuer, derSerial; | |
| 1057 SECStatus secrv; | |
| 1058 derCert.data = (unsigned char *)encoding->data; | |
| 1059 derCert.len = encoding->size; | |
| 1060 secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); | |
| 1061 if (secrv != SECSuccess) { | |
| 1062 return PR_FAILURE; | |
| 1063 } | |
| 1064 secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); | |
| 1065 if (secrv != SECSuccess) { | |
| 1066 return PR_FAILURE; | |
| 1067 } | |
| 1068 issuer->data = derIssuer.data; | |
| 1069 issuer->size = derIssuer.len; | |
| 1070 serial->data = derSerial.data; | |
| 1071 serial->size = derSerial.len; | |
| 1072 return PR_SUCCESS; | |
| 1073 } | |
| 1074 | |
| 1075 /* | 1055 /* |
| 1076 * Look for a specific cert in the cache | 1056 * Look for a specific cert in the cache |
| 1077 */ | 1057 */ |
| 1078 NSS_IMPLEMENT NSSCertificate * | 1058 NSS_IMPLEMENT NSSCertificate * |
| 1079 nssTrustDomain_GetCertByDERFromCache ( | 1059 nssTrustDomain_GetCertByDERFromCache ( |
| 1080 NSSTrustDomain *td, | 1060 NSSTrustDomain *td, |
| 1081 NSSDER *der | 1061 NSSDER *der |
| 1082 ) | 1062 ) |
| 1083 { | 1063 { |
| 1084 PRStatus nssrv = PR_FAILURE; | 1064 PRStatus nssrv = PR_FAILURE; |
| 1085 NSSDER issuer, serial; | 1065 NSSDER issuer, serial; |
| 1086 NSSCertificate *rvCert; | 1066 NSSCertificate *rvCert; |
| 1087 nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial); | 1067 nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial); |
| 1088 if (nssrv != PR_SUCCESS) { | 1068 if (nssrv != PR_SUCCESS) { |
| 1089 return NULL; | 1069 return NULL; |
| 1090 } | 1070 } |
| 1091 #ifdef DEBUG_CACHE | 1071 #ifdef DEBUG_CACHE |
| 1092 log_item_dump("looking for cert by DER", der); | 1072 log_item_dump("looking for cert by DER", der); |
| 1093 #endif | 1073 #endif |
| 1094 rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, | 1074 rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, |
| 1095 &issuer, &serial); | 1075 &issuer, &serial); |
| 1096 PORT_Free(issuer.data); | 1076 PORT_Free(issuer.data); |
| 1097 PORT_Free(serial.data); | 1077 PORT_Free(serial.data); |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1138 nssTrustDomain_DumpCacheInfo ( | 1118 nssTrustDomain_DumpCacheInfo ( |
| 1139 NSSTrustDomain *td, | 1119 NSSTrustDomain *td, |
| 1140 void (* cert_dump_iter)(const void *, void *, void *), | 1120 void (* cert_dump_iter)(const void *, void *, void *), |
| 1141 void *arg | 1121 void *arg |
| 1142 ) | 1122 ) |
| 1143 { | 1123 { |
| 1144 PZ_Lock(td->cache->lock); | 1124 PZ_Lock(td->cache->lock); |
| 1145 nssHash_Iterate(td->cache->issuerAndSN, cert_dump_iter, arg); | 1125 nssHash_Iterate(td->cache->issuerAndSN, cert_dump_iter, arg); |
| 1146 PZ_Unlock(td->cache->lock); | 1126 PZ_Unlock(td->cache->lock); |
| 1147 } | 1127 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1017413002:
Uprev NSS to 3.18 RTM (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@nspr_uprev