| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Hacks to integrate NSS 3.4 and NSS 4.0 certificates. | 6 * Hacks to integrate NSS 3.4 and NSS 4.0 certificates. |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #ifndef NSSPKI_H | 9 #ifndef NSSPKI_H |
| 10 #include "nsspki.h" | 10 #include "nsspki.h" |
| (...skipping 229 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 240 secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey); | 240 secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey); |
| 241 if (secrv != SECSuccess) { | 241 if (secrv != SECSuccess) { |
| 242 return NULL; | 242 return NULL; |
| 243 } | 243 } |
| 244 rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); | 244 rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); |
| 245 PORT_FreeArena(arena,PR_FALSE); | 245 PORT_FreeArena(arena,PR_FALSE); |
| 246 return rvKey; | 246 return rvKey; |
| 247 } | 247 } |
| 248 | 248 |
| 249 NSS_IMPLEMENT PRStatus | 249 NSS_IMPLEMENT PRStatus |
| 250 nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, | 250 nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, |
| 251 NSSDER *issuer, NSSDER *serial) | 251 NSSDER *issuer, NSSDER *serial) |
| 252 { | 252 { |
| 253 SECStatus secrv; | 253 SECItem derCert = { 0 }; |
| 254 SECItem derCert; | |
| 255 SECItem derIssuer = { 0 }; | 254 SECItem derIssuer = { 0 }; |
| 256 SECItem derSerial = { 0 }; | 255 SECItem derSerial = { 0 }; |
| 257 SECITEM_FROM_NSSITEM(&derCert, der); | 256 SECStatus secrv; |
| 258 secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); | 257 derCert.data = (unsigned char *)der->data; |
| 258 derCert.len = der->size; |
| 259 secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); |
| 259 if (secrv != SECSuccess) { | 260 if (secrv != SECSuccess) { |
| 260 return PR_FAILURE; | 261 return PR_FAILURE; |
| 261 } | 262 } |
| 262 (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); | 263 secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); |
| 263 secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); | |
| 264 if (secrv != SECSuccess) { | 264 if (secrv != SECSuccess) { |
| 265 PORT_Free(derSerial.data); | 265 PORT_Free(derSerial.data); |
| 266 return PR_FAILURE; | 266 return PR_FAILURE; |
| 267 } | 267 } |
| 268 (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data); | 268 issuer->data = derIssuer.data; |
| 269 PORT_Free(derSerial.data); | 269 issuer->size = derIssuer.len; |
| 270 PORT_Free(derIssuer.data); | 270 serial->data = derSerial.data; |
| 271 serial->size = derSerial.len; |
| 271 return PR_SUCCESS; | 272 return PR_SUCCESS; |
| 272 } | 273 } |
| 273 | 274 |
| 274 static NSSItem * | 275 static NSSItem * |
| 275 nss3certificate_getIdentifier(nssDecodedCert *dc) | 276 nss3certificate_getIdentifier(nssDecodedCert *dc) |
| 276 { | 277 { |
| 277 NSSItem *rvID; | 278 NSSItem *rvID; |
| 278 CERTCertificate *c = (CERTCertificate *)dc->data; | 279 CERTCertificate *c = (CERTCertificate *)dc->data; |
| 279 rvID = nssItem_Create(NULL, NULL, c->certKey.len, c->certKey.data); | 280 rvID = nssItem_Create(NULL, NULL, c->certKey.len, c->certKey.data); |
| 280 return rvID; | 281 return rvID; |
| (...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 848 } | 849 } |
| 849 } | 850 } |
| 850 | 851 |
| 851 static CERTCertificate * | 852 static CERTCertificate * |
| 852 stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) | 853 stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) |
| 853 { | 854 { |
| 854 nssDecodedCert *dc = NULL; | 855 nssDecodedCert *dc = NULL; |
| 855 CERTCertificate *cc = NULL; | 856 CERTCertificate *cc = NULL; |
| 856 CERTCertTrust certTrust; | 857 CERTCertTrust certTrust; |
| 857 | 858 |
| 859 /* make sure object does not go away until we finish */ |
| 860 nssPKIObject_AddRef(&c->object); |
| 858 nssPKIObject_Lock(&c->object); | 861 nssPKIObject_Lock(&c->object); |
| 859 | 862 |
| 860 dc = c->decoding; | 863 dc = c->decoding; |
| 861 if (!dc) { | 864 if (!dc) { |
| 862 dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); | 865 dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); |
| 863 if (!dc) { | 866 if (!dc) { |
| 864 goto loser; | 867 goto loser; |
| 865 } | 868 } |
| 866 cc = (CERTCertificate *)dc->data; | 869 cc = (CERTCertificate *)dc->data; |
| 867 PORT_Assert(cc); /* software error */ | 870 PORT_Assert(cc); /* software error */ |
| (...skipping 29 matching lines...) Expand all Loading... |
| 897 CERTCertTrust* trust = NULL; | 900 CERTCertTrust* trust = NULL; |
| 898 trust = nssTrust_GetCERTCertTrustForCert(c, cc); | 901 trust = nssTrust_GetCERTCertTrustForCert(c, cc); |
| 899 | 902 |
| 900 CERT_LockCertTrust(cc); | 903 CERT_LockCertTrust(cc); |
| 901 cc->trust = trust; | 904 cc->trust = trust; |
| 902 CERT_UnlockCertTrust(cc); | 905 CERT_UnlockCertTrust(cc); |
| 903 } | 906 } |
| 904 | 907 |
| 905 loser: | 908 loser: |
| 906 nssPKIObject_Unlock(&c->object); | 909 nssPKIObject_Unlock(&c->object); |
| 910 nssPKIObject_Destroy(&c->object); |
| 907 return cc; | 911 return cc; |
| 908 } | 912 } |
| 909 | 913 |
| 910 NSS_IMPLEMENT CERTCertificate * | 914 NSS_IMPLEMENT CERTCertificate * |
| 911 STAN_ForceCERTCertificateUpdate(NSSCertificate *c) | 915 STAN_ForceCERTCertificateUpdate(NSSCertificate *c) |
| 912 { | 916 { |
| 913 if (c->decoding) { | 917 if (c->decoding) { |
| 914 return stan_GetCERTCertificate(c, PR_TRUE); | 918 return stan_GetCERTCertificate(c, PR_TRUE); |
| 915 } | 919 } |
| 916 return NULL; | 920 return NULL; |
| (...skipping 346 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1263 ** surviving entries to the front of the object list | 1267 ** surviving entries to the front of the object list |
| 1264 ** and nullifying the rest. | 1268 ** and nullifying the rest. |
| 1265 */ | 1269 */ |
| 1266 static PRStatus | 1270 static PRStatus |
| 1267 DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) | 1271 DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) |
| 1268 { | 1272 { |
| 1269 int numNotDestroyed = 0; /* the ones skipped plus the failures */ | 1273 int numNotDestroyed = 0; /* the ones skipped plus the failures */ |
| 1270 int failureCount = 0; /* actual deletion failures by devices */ | 1274 int failureCount = 0; /* actual deletion failures by devices */ |
| 1271 int index; | 1275 int index; |
| 1272 | 1276 |
| 1277 nssPKIObject_AddRef(tObject); |
| 1273 nssPKIObject_Lock(tObject); | 1278 nssPKIObject_Lock(tObject); |
| 1274 /* Keep going even if a module fails to delete. */ | 1279 /* Keep going even if a module fails to delete. */ |
| 1275 for (index = 0; index < tObject->numInstances; index++) { | 1280 for (index = 0; index < tObject->numInstances; index++) { |
| 1276 nssCryptokiObject *instance = tObject->instances[index]; | 1281 nssCryptokiObject *instance = tObject->instances[index]; |
| 1277 if (!instance) { | 1282 if (!instance) { |
| 1278 continue; | 1283 continue; |
| 1279 } | 1284 } |
| 1280 | 1285 |
| 1281 /* ReadOnly and not matched treated the same */ | 1286 /* ReadOnly and not matched treated the same */ |
| 1282 if (PK11_IsReadOnly(instance->token->pk11slot) || | 1287 if (PK11_IsReadOnly(instance->token->pk11slot) || |
| (...skipping 13 matching lines...) Expand all Loading... |
| 1296 | 1301 |
| 1297 } | 1302 } |
| 1298 if (numNotDestroyed == 0) { | 1303 if (numNotDestroyed == 0) { |
| 1299 nss_ZFreeIf(tObject->instances); | 1304 nss_ZFreeIf(tObject->instances); |
| 1300 tObject->numInstances = 0; | 1305 tObject->numInstances = 0; |
| 1301 } else { | 1306 } else { |
| 1302 tObject->numInstances = numNotDestroyed; | 1307 tObject->numInstances = numNotDestroyed; |
| 1303 } | 1308 } |
| 1304 | 1309 |
| 1305 nssPKIObject_Unlock(tObject); | 1310 nssPKIObject_Unlock(tObject); |
| 1311 nssPKIObject_Destroy(tObject); |
| 1306 | 1312 |
| 1307 return failureCount == 0 ? PR_SUCCESS : PR_FAILURE; | 1313 return failureCount == 0 ? PR_SUCCESS : PR_FAILURE; |
| 1308 } | 1314 } |
| 1309 | 1315 |
| 1310 /* | 1316 /* |
| 1311 ** Delete trust objects matching the slot of the given certificate. | 1317 ** Delete trust objects matching the slot of the given certificate. |
| 1312 ** Returns an error if any device fails to delete. | 1318 ** Returns an error if any device fails to delete. |
| 1313 */ | 1319 */ |
| 1314 NSS_EXTERN PRStatus | 1320 NSS_EXTERN PRStatus |
| 1315 STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) | 1321 STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) |
| 1316 { | 1322 { |
| 1317 PRStatus nssrv = PR_SUCCESS; | 1323 PRStatus nssrv = PR_SUCCESS; |
| 1318 | 1324 |
| 1319 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); | 1325 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); |
| 1320 NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c); | 1326 NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c); |
| 1321 /* caller made sure nssTrust isn't NULL */ | 1327 /* caller made sure nssTrust isn't NULL */ |
| 1322 nssPKIObject *tobject = &nssTrust->object; | 1328 nssPKIObject *tobject = &nssTrust->object; |
| 1323 nssPKIObject *cobject = &c->object; | 1329 nssPKIObject *cobject = &c->object; |
| 1324 int i; | 1330 int i; |
| 1325 | 1331 |
| 1326 /* Iterate through the cert and trust object instances looking for | 1332 /* Iterate through the cert and trust object instances looking for |
| 1327 * those with matching pk11 slots to delete. Even if some device | 1333 * those with matching pk11 slots to delete. Even if some device |
| 1328 * can't delete we keep going. Keeping a status variable for the | 1334 * can't delete we keep going. Keeping a status variable for the |
| 1329 * loop so that once it's failed the other gets set. | 1335 * loop so that once it's failed the other gets set. |
| 1330 */ | 1336 */ |
| 1331 NSSRWLock_LockRead(td->tokensLock); | 1337 NSSRWLock_LockRead(td->tokensLock); |
| 1338 nssPKIObject_AddRef(cobject); |
| 1332 nssPKIObject_Lock(cobject); | 1339 nssPKIObject_Lock(cobject); |
| 1333 for (i = 0; i < cobject->numInstances; i++) { | 1340 for (i = 0; i < cobject->numInstances; i++) { |
| 1334 nssCryptokiObject *cInstance = cobject->instances[i]; | 1341 nssCryptokiObject *cInstance = cobject->instances[i]; |
| 1335 if (cInstance && !PK11_IsReadOnly(cInstance->token->pk11slot)) { | 1342 if (cInstance && !PK11_IsReadOnly(cInstance->token->pk11slot)) { |
| 1336 PRStatus status; | 1343 PRStatus status; |
| 1337 if (!tobject->numInstances || !tobject->instances) continue; | 1344 if (!tobject->numInstances || !tobject->instances) continue; |
| 1338 status = DeleteCertTrustMatchingSlot(cInstance->token->pk11slot, tob
ject); | 1345 status = DeleteCertTrustMatchingSlot(cInstance->token->pk11slot, tob
ject); |
| 1339 if (status == PR_FAILURE) { | 1346 if (status == PR_FAILURE) { |
| 1340 /* set the outer one but keep going */ | 1347 /* set the outer one but keep going */ |
| 1341 nssrv = PR_FAILURE; | 1348 nssrv = PR_FAILURE; |
| 1342 } | 1349 } |
| 1343 } | 1350 } |
| 1344 } | 1351 } |
| 1345 nssPKIObject_Unlock(cobject); | 1352 nssPKIObject_Unlock(cobject); |
| 1353 nssPKIObject_Destroy(cobject); |
| 1346 NSSRWLock_UnlockRead(td->tokensLock); | 1354 NSSRWLock_UnlockRead(td->tokensLock); |
| 1347 return nssrv; | 1355 return nssrv; |
| 1348 } | 1356 } |
| 1349 | 1357 |
| 1350 /* CERT_TraversePermCertsForSubject */ | 1358 /* CERT_TraversePermCertsForSubject */ |
| 1351 NSS_IMPLEMENT PRStatus | 1359 NSS_IMPLEMENT PRStatus |
| 1352 nssTrustDomain_TraverseCertificatesBySubject ( | 1360 nssTrustDomain_TraverseCertificatesBySubject ( |
| 1353 NSSTrustDomain *td, | 1361 NSSTrustDomain *td, |
| 1354 NSSDER *subject, | 1362 NSSDER *subject, |
| 1355 PRStatus (*callback)(NSSCertificate *c, void *arg), | 1363 PRStatus (*callback)(NSSCertificate *c, void *arg), |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1422 td = STAN_GetDefaultTrustDomain(); | 1430 td = STAN_GetDefaultTrustDomain(); |
| 1423 cc = STAN_GetDefaultCryptoContext(); | 1431 cc = STAN_GetDefaultCryptoContext(); |
| 1424 printf("\n\nCertificates in the cache:\n"); | 1432 printf("\n\nCertificates in the cache:\n"); |
| 1425 nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL); | 1433 nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL); |
| 1426 printf("\n\nCertificates in the temporary store:\n"); | 1434 printf("\n\nCertificates in the temporary store:\n"); |
| 1427 if (cc->certStore) { | 1435 if (cc->certStore) { |
| 1428 nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); | 1436 nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); |
| 1429 } | 1437 } |
| 1430 } | 1438 } |
| 1431 | 1439 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1017413002:
Uprev NSS to 3.18 RTM (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@nspr_uprev