OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 /* | 5 /* |
6 * Certificate handling code | 6 * Certificate handling code |
7 */ | 7 */ |
8 | 8 |
9 #include "nssilock.h" | 9 #include "nssilock.h" |
10 #include "prmon.h" | 10 #include "prmon.h" |
(...skipping 2425 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2436 } | 2436 } |
2437 | 2437 |
2438 SECStatus | 2438 SECStatus |
2439 CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, | 2439 CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, |
2440 unsigned int ncerts, SECItem **derCerts, | 2440 unsigned int ncerts, SECItem **derCerts, |
2441 CERTCertificate ***retCerts, PRBool keepCerts, | 2441 CERTCertificate ***retCerts, PRBool keepCerts, |
2442 PRBool caOnly, char *nickname) | 2442 PRBool caOnly, char *nickname) |
2443 { | 2443 { |
2444 unsigned int i; | 2444 unsigned int i; |
2445 CERTCertificate **certs = NULL; | 2445 CERTCertificate **certs = NULL; |
2446 SECStatus rv; | |
2447 unsigned int fcerts = 0; | 2446 unsigned int fcerts = 0; |
2448 | 2447 |
2449 if ( ncerts ) { | 2448 if ( ncerts ) { |
2450 certs = PORT_ZNewArray(CERTCertificate*, ncerts); | 2449 certs = PORT_ZNewArray(CERTCertificate*, ncerts); |
2451 if ( certs == NULL ) { | 2450 if ( certs == NULL ) { |
2452 return(SECFailure); | 2451 return(SECFailure); |
2453 } | 2452 } |
2454 | 2453 |
2455 /* decode all of the certs into the temporary DB */ | 2454 /* decode all of the certs into the temporary DB */ |
2456 for ( i = 0, fcerts= 0; i < ncerts; i++) { | 2455 for ( i = 0, fcerts= 0; i < ncerts; i++) { |
(...skipping 27 matching lines...) Expand all Loading... |
2484 canickname = CERT_MakeCANickname(certs[i]); | 2483 canickname = CERT_MakeCANickname(certs[i]); |
2485 } | 2484 } |
2486 | 2485 |
2487 if(isCA && (fcerts > 1)) { | 2486 if(isCA && (fcerts > 1)) { |
2488 /* if we are importing only a single cert and specifying | 2487 /* if we are importing only a single cert and specifying |
2489 * a nickname, we want to use that nickname if it a CA, | 2488 * a nickname, we want to use that nickname if it a CA, |
2490 * otherwise if there are more than one cert, we don't | 2489 * otherwise if there are more than one cert, we don't |
2491 * know which cert it belongs to. But we still may try | 2490 * know which cert it belongs to. But we still may try |
2492 * the individual canickname from the cert itself. | 2491 * the individual canickname from the cert itself. |
2493 */ | 2492 */ |
2494 » » rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL); | 2493 /* Bug 1192442 - propagate errors from these calls. */ |
| 2494 » » (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); |
2495 } else { | 2495 } else { |
2496 » » rv = CERT_AddTempCertToPerm(certs[i], | 2496 » » (void)CERT_AddTempCertToPerm(certs[i], |
2497 nickname?nickname:canickname, NU
LL); | 2497 nickname?nickname:canickname, N
ULL); |
2498 } | 2498 } |
2499 | 2499 |
2500 PORT_Free(canickname); | 2500 PORT_Free(canickname); |
2501 /* don't care if it fails - keep going */ | 2501 /* don't care if it fails - keep going */ |
2502 } | 2502 } |
2503 } | 2503 } |
2504 } | 2504 } |
2505 | 2505 |
2506 if ( retCerts ) { | 2506 if ( retCerts ) { |
2507 *retCerts = certs; | 2507 *retCerts = certs; |
2508 } else { | 2508 } else { |
2509 if (certs) { | 2509 if (certs) { |
2510 CERT_DestroyCertArray(certs, fcerts); | 2510 CERT_DestroyCertArray(certs, fcerts); |
2511 } | 2511 } |
2512 } | 2512 } |
2513 | 2513 |
2514 return ((fcerts || !ncerts) ? SECSuccess : SECFailure); | 2514 return (fcerts || !ncerts) ? SECSuccess : SECFailure; |
2515 } | 2515 } |
2516 | 2516 |
2517 /* | 2517 /* |
2518 * a real list of certificates - need to convert CERTCertificateList | 2518 * a real list of certificates - need to convert CERTCertificateList |
2519 * stuff and ASN 1 encoder/decoder over to using this... | 2519 * stuff and ASN 1 encoder/decoder over to using this... |
2520 */ | 2520 */ |
2521 CERTCertList * | 2521 CERTCertList * |
2522 CERT_NewCertList(void) | 2522 CERT_NewCertList(void) |
2523 { | 2523 { |
2524 PLArenaPool *arena = NULL; | 2524 PLArenaPool *arena = NULL; |
(...skipping 361 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2886 PZ_Lock(certRefCountLock); | 2886 PZ_Lock(certRefCountLock); |
2887 return; | 2887 return; |
2888 } | 2888 } |
2889 | 2889 |
2890 /* | 2890 /* |
2891 * Free the cert reference count lock | 2891 * Free the cert reference count lock |
2892 */ | 2892 */ |
2893 void | 2893 void |
2894 CERT_UnlockCertRefCount(CERTCertificate *cert) | 2894 CERT_UnlockCertRefCount(CERTCertificate *cert) |
2895 { | 2895 { |
2896 PRStatus prstat; | |
2897 | |
2898 PORT_Assert(certRefCountLock != NULL); | 2896 PORT_Assert(certRefCountLock != NULL); |
2899 | 2897 |
2900 prstat = PZ_Unlock(certRefCountLock); | 2898 #ifdef DEBUG |
2901 | 2899 { |
2902 PORT_Assert(prstat == PR_SUCCESS); | 2900 PRStatus prstat = PZ_Unlock(certRefCountLock); |
2903 | 2901 PORT_Assert(prstat == PR_SUCCESS); |
2904 return; | 2902 } |
| 2903 #else |
| 2904 PZ_Unlock(certRefCountLock); |
| 2905 #endif |
2905 } | 2906 } |
2906 | 2907 |
2907 static PZLock *certTrustLock = NULL; | 2908 static PZLock *certTrustLock = NULL; |
2908 | 2909 |
2909 /* | 2910 /* |
2910 * Acquire the cert trust lock | 2911 * Acquire the cert trust lock |
2911 * There is currently one global lock for all certs, but I'm putting a cert | 2912 * There is currently one global lock for all certs, but I'm putting a cert |
2912 * arg here so that it will be easy to make it per-cert in the future if | 2913 * arg here so that it will be easy to make it per-cert in the future if |
2913 * that turns out to be necessary. | 2914 * that turns out to be necessary. |
2914 */ | 2915 */ |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2966 } | 2967 } |
2967 return rv; | 2968 return rv; |
2968 } | 2969 } |
2969 | 2970 |
2970 /* | 2971 /* |
2971 * Free the cert trust lock | 2972 * Free the cert trust lock |
2972 */ | 2973 */ |
2973 void | 2974 void |
2974 CERT_UnlockCertTrust(const CERTCertificate *cert) | 2975 CERT_UnlockCertTrust(const CERTCertificate *cert) |
2975 { | 2976 { |
2976 PRStatus prstat; | |
2977 | |
2978 PORT_Assert(certTrustLock != NULL); | 2977 PORT_Assert(certTrustLock != NULL); |
2979 | 2978 |
2980 prstat = PZ_Unlock(certTrustLock); | 2979 #ifdef DEBUG |
2981 | 2980 { |
2982 PORT_Assert(prstat == PR_SUCCESS); | 2981 PRStatus prstat = PZ_Unlock(certTrustLock); |
2983 | 2982 PORT_Assert(prstat == PR_SUCCESS); |
2984 return; | 2983 } |
| 2984 #else |
| 2985 PZ_Unlock(certTrustLock); |
| 2986 #endif |
2985 } | 2987 } |
2986 | 2988 |
2987 | 2989 |
2988 /* | 2990 /* |
2989 * Get the StatusConfig data for this handle | 2991 * Get the StatusConfig data for this handle |
2990 */ | 2992 */ |
2991 CERTStatusConfig * | 2993 CERTStatusConfig * |
2992 CERT_GetStatusConfig(CERTCertDBHandle *handle) | 2994 CERT_GetStatusConfig(CERTCertDBHandle *handle) |
2993 { | 2995 { |
2994 return handle->statusConfig; | 2996 return handle->statusConfig; |
(...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3272 CERTCertificate *cert = NULL; | 3274 CERTCertificate *cert = NULL; |
3273 SECItem *derCert; | 3275 SECItem *derCert; |
3274 | 3276 |
3275 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); | 3277 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); |
3276 if (derCert) { | 3278 if (derCert) { |
3277 cert = CERT_FindCertByDERCert(handle, derCert); | 3279 cert = CERT_FindCertByDERCert(handle, derCert); |
3278 SECITEM_FreeItem(derCert, PR_TRUE); | 3280 SECITEM_FreeItem(derCert, PR_TRUE); |
3279 } | 3281 } |
3280 return cert; | 3282 return cert; |
3281 } | 3283 } |
OLD | NEW |