| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Certificate handling code | 6 * Certificate handling code |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "nssilock.h" | 9 #include "nssilock.h" |
| 10 #include "prmon.h" | 10 #include "prmon.h" |
| (...skipping 2425 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2436 } | 2436 } |
| 2437 | 2437 |
| 2438 SECStatus | 2438 SECStatus |
| 2439 CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, | 2439 CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, |
| 2440 unsigned int ncerts, SECItem **derCerts, | 2440 unsigned int ncerts, SECItem **derCerts, |
| 2441 CERTCertificate ***retCerts, PRBool keepCerts, | 2441 CERTCertificate ***retCerts, PRBool keepCerts, |
| 2442 PRBool caOnly, char *nickname) | 2442 PRBool caOnly, char *nickname) |
| 2443 { | 2443 { |
| 2444 unsigned int i; | 2444 unsigned int i; |
| 2445 CERTCertificate **certs = NULL; | 2445 CERTCertificate **certs = NULL; |
| 2446 SECStatus rv; | |
| 2447 unsigned int fcerts = 0; | 2446 unsigned int fcerts = 0; |
| 2448 | 2447 |
| 2449 if ( ncerts ) { | 2448 if ( ncerts ) { |
| 2450 certs = PORT_ZNewArray(CERTCertificate*, ncerts); | 2449 certs = PORT_ZNewArray(CERTCertificate*, ncerts); |
| 2451 if ( certs == NULL ) { | 2450 if ( certs == NULL ) { |
| 2452 return(SECFailure); | 2451 return(SECFailure); |
| 2453 } | 2452 } |
| 2454 | 2453 |
| 2455 /* decode all of the certs into the temporary DB */ | 2454 /* decode all of the certs into the temporary DB */ |
| 2456 for ( i = 0, fcerts= 0; i < ncerts; i++) { | 2455 for ( i = 0, fcerts= 0; i < ncerts; i++) { |
| (...skipping 27 matching lines...) Expand all Loading... |
| 2484 canickname = CERT_MakeCANickname(certs[i]); | 2483 canickname = CERT_MakeCANickname(certs[i]); |
| 2485 } | 2484 } |
| 2486 | 2485 |
| 2487 if(isCA && (fcerts > 1)) { | 2486 if(isCA && (fcerts > 1)) { |
| 2488 /* if we are importing only a single cert and specifying | 2487 /* if we are importing only a single cert and specifying |
| 2489 * a nickname, we want to use that nickname if it a CA, | 2488 * a nickname, we want to use that nickname if it a CA, |
| 2490 * otherwise if there are more than one cert, we don't | 2489 * otherwise if there are more than one cert, we don't |
| 2491 * know which cert it belongs to. But we still may try | 2490 * know which cert it belongs to. But we still may try |
| 2492 * the individual canickname from the cert itself. | 2491 * the individual canickname from the cert itself. |
| 2493 */ | 2492 */ |
| 2494 » » rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL); | 2493 /* Bug 1192442 - propagate errors from these calls. */ |
| 2494 » » (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); |
| 2495 } else { | 2495 } else { |
| 2496 » » rv = CERT_AddTempCertToPerm(certs[i], | 2496 » » (void)CERT_AddTempCertToPerm(certs[i], |
| 2497 nickname?nickname:canickname, NU
LL); | 2497 nickname?nickname:canickname, N
ULL); |
| 2498 } | 2498 } |
| 2499 | 2499 |
| 2500 PORT_Free(canickname); | 2500 PORT_Free(canickname); |
| 2501 /* don't care if it fails - keep going */ | 2501 /* don't care if it fails - keep going */ |
| 2502 } | 2502 } |
| 2503 } | 2503 } |
| 2504 } | 2504 } |
| 2505 | 2505 |
| 2506 if ( retCerts ) { | 2506 if ( retCerts ) { |
| 2507 *retCerts = certs; | 2507 *retCerts = certs; |
| 2508 } else { | 2508 } else { |
| 2509 if (certs) { | 2509 if (certs) { |
| 2510 CERT_DestroyCertArray(certs, fcerts); | 2510 CERT_DestroyCertArray(certs, fcerts); |
| 2511 } | 2511 } |
| 2512 } | 2512 } |
| 2513 | 2513 |
| 2514 return ((fcerts || !ncerts) ? SECSuccess : SECFailure); | 2514 return (fcerts || !ncerts) ? SECSuccess : SECFailure; |
| 2515 } | 2515 } |
| 2516 | 2516 |
| 2517 /* | 2517 /* |
| 2518 * a real list of certificates - need to convert CERTCertificateList | 2518 * a real list of certificates - need to convert CERTCertificateList |
| 2519 * stuff and ASN 1 encoder/decoder over to using this... | 2519 * stuff and ASN 1 encoder/decoder over to using this... |
| 2520 */ | 2520 */ |
| 2521 CERTCertList * | 2521 CERTCertList * |
| 2522 CERT_NewCertList(void) | 2522 CERT_NewCertList(void) |
| 2523 { | 2523 { |
| 2524 PLArenaPool *arena = NULL; | 2524 PLArenaPool *arena = NULL; |
| (...skipping 361 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2886 PZ_Lock(certRefCountLock); | 2886 PZ_Lock(certRefCountLock); |
| 2887 return; | 2887 return; |
| 2888 } | 2888 } |
| 2889 | 2889 |
| 2890 /* | 2890 /* |
| 2891 * Free the cert reference count lock | 2891 * Free the cert reference count lock |
| 2892 */ | 2892 */ |
| 2893 void | 2893 void |
| 2894 CERT_UnlockCertRefCount(CERTCertificate *cert) | 2894 CERT_UnlockCertRefCount(CERTCertificate *cert) |
| 2895 { | 2895 { |
| 2896 PRStatus prstat; | |
| 2897 | |
| 2898 PORT_Assert(certRefCountLock != NULL); | 2896 PORT_Assert(certRefCountLock != NULL); |
| 2899 | 2897 |
| 2900 prstat = PZ_Unlock(certRefCountLock); | 2898 #ifdef DEBUG |
| 2901 | 2899 { |
| 2902 PORT_Assert(prstat == PR_SUCCESS); | 2900 PRStatus prstat = PZ_Unlock(certRefCountLock); |
| 2903 | 2901 PORT_Assert(prstat == PR_SUCCESS); |
| 2904 return; | 2902 } |
| 2903 #else |
| 2904 PZ_Unlock(certRefCountLock); |
| 2905 #endif |
| 2905 } | 2906 } |
| 2906 | 2907 |
| 2907 static PZLock *certTrustLock = NULL; | 2908 static PZLock *certTrustLock = NULL; |
| 2908 | 2909 |
| 2909 /* | 2910 /* |
| 2910 * Acquire the cert trust lock | 2911 * Acquire the cert trust lock |
| 2911 * There is currently one global lock for all certs, but I'm putting a cert | 2912 * There is currently one global lock for all certs, but I'm putting a cert |
| 2912 * arg here so that it will be easy to make it per-cert in the future if | 2913 * arg here so that it will be easy to make it per-cert in the future if |
| 2913 * that turns out to be necessary. | 2914 * that turns out to be necessary. |
| 2914 */ | 2915 */ |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2966 } | 2967 } |
| 2967 return rv; | 2968 return rv; |
| 2968 } | 2969 } |
| 2969 | 2970 |
| 2970 /* | 2971 /* |
| 2971 * Free the cert trust lock | 2972 * Free the cert trust lock |
| 2972 */ | 2973 */ |
| 2973 void | 2974 void |
| 2974 CERT_UnlockCertTrust(const CERTCertificate *cert) | 2975 CERT_UnlockCertTrust(const CERTCertificate *cert) |
| 2975 { | 2976 { |
| 2976 PRStatus prstat; | |
| 2977 | |
| 2978 PORT_Assert(certTrustLock != NULL); | 2977 PORT_Assert(certTrustLock != NULL); |
| 2979 | 2978 |
| 2980 prstat = PZ_Unlock(certTrustLock); | 2979 #ifdef DEBUG |
| 2981 | 2980 { |
| 2982 PORT_Assert(prstat == PR_SUCCESS); | 2981 PRStatus prstat = PZ_Unlock(certTrustLock); |
| 2983 | 2982 PORT_Assert(prstat == PR_SUCCESS); |
| 2984 return; | 2983 } |
| 2984 #else |
| 2985 PZ_Unlock(certTrustLock); |
| 2986 #endif |
| 2985 } | 2987 } |
| 2986 | 2988 |
| 2987 | 2989 |
| 2988 /* | 2990 /* |
| 2989 * Get the StatusConfig data for this handle | 2991 * Get the StatusConfig data for this handle |
| 2990 */ | 2992 */ |
| 2991 CERTStatusConfig * | 2993 CERTStatusConfig * |
| 2992 CERT_GetStatusConfig(CERTCertDBHandle *handle) | 2994 CERT_GetStatusConfig(CERTCertDBHandle *handle) |
| 2993 { | 2995 { |
| 2994 return handle->statusConfig; | 2996 return handle->statusConfig; |
| (...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3272 CERTCertificate *cert = NULL; | 3274 CERTCertificate *cert = NULL; |
| 3273 SECItem *derCert; | 3275 SECItem *derCert; |
| 3274 | 3276 |
| 3275 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); | 3277 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); |
| 3276 if (derCert) { | 3278 if (derCert) { |
| 3277 cert = CERT_FindCertByDERCert(handle, derCert); | 3279 cert = CERT_FindCertByDERCert(handle, derCert); |
| 3278 SECITEM_FreeItem(derCert, PR_TRUE); | 3280 SECITEM_FreeItem(derCert, PR_TRUE); |
| 3279 } | 3281 } |
| 3280 return cert; | 3282 return cert; |
| 3281 } | 3283 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1504923011:
Update NSS to 3.21 RTM and NSPR to 4.11 RTM (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/nss