OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 /* | 5 /* |
6 * Hacks to integrate NSS 3.4 and NSS 4.0 certificates. | 6 * Hacks to integrate NSS 3.4 and NSS 4.0 certificates. |
7 */ | 7 */ |
8 | 8 |
9 #ifndef NSSPKI_H | 9 #ifndef NSSPKI_H |
10 #include "nsspki.h" | 10 #include "nsspki.h" |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
232 | 232 |
233 SECITEM_FROM_NSSITEM(&secDER, der); | 233 SECITEM_FROM_NSSITEM(&secDER, der); |
234 | 234 |
235 /* nss3 call uses nss3 arena's */ | 235 /* nss3 call uses nss3 arena's */ |
236 arena = PORT_NewArena(256); | 236 arena = PORT_NewArena(256); |
237 if (!arena) { | 237 if (!arena) { |
238 return NULL; | 238 return NULL; |
239 } | 239 } |
240 secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey); | 240 secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey); |
241 if (secrv != SECSuccess) { | 241 if (secrv != SECSuccess) { |
| 242 PORT_FreeArena(arena, PR_FALSE); |
242 return NULL; | 243 return NULL; |
243 } | 244 } |
244 rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); | 245 rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); |
245 PORT_FreeArena(arena,PR_FALSE); | 246 PORT_FreeArena(arena,PR_FALSE); |
246 return rvKey; | 247 return rvKey; |
247 } | 248 } |
248 | 249 |
249 NSS_IMPLEMENT PRStatus | 250 NSS_IMPLEMENT PRStatus |
250 nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, | 251 nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, |
251 NSSDER *issuer, NSSDER *serial) | 252 NSSDER *issuer, NSSDER *serial) |
(...skipping 1013 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1265 ** | 1266 ** |
1266 ** This function has the side effect of moving the | 1267 ** This function has the side effect of moving the |
1267 ** surviving entries to the front of the object list | 1268 ** surviving entries to the front of the object list |
1268 ** and nullifying the rest. | 1269 ** and nullifying the rest. |
1269 */ | 1270 */ |
1270 static PRStatus | 1271 static PRStatus |
1271 DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) | 1272 DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) |
1272 { | 1273 { |
1273 int numNotDestroyed = 0; /* the ones skipped plus the failures */ | 1274 int numNotDestroyed = 0; /* the ones skipped plus the failures */ |
1274 int failureCount = 0; /* actual deletion failures by devices */ | 1275 int failureCount = 0; /* actual deletion failures by devices */ |
1275 int index; | 1276 unsigned int index; |
1276 | 1277 |
1277 nssPKIObject_AddRef(tObject); | 1278 nssPKIObject_AddRef(tObject); |
1278 nssPKIObject_Lock(tObject); | 1279 nssPKIObject_Lock(tObject); |
1279 /* Keep going even if a module fails to delete. */ | 1280 /* Keep going even if a module fails to delete. */ |
1280 for (index = 0; index < tObject->numInstances; index++) { | 1281 for (index = 0; index < tObject->numInstances; index++) { |
1281 nssCryptokiObject *instance = tObject->instances[index]; | 1282 nssCryptokiObject *instance = tObject->instances[index]; |
1282 if (!instance) { | 1283 if (!instance) { |
1283 continue; | 1284 continue; |
1284 } | 1285 } |
1285 | 1286 |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1320 NSS_EXTERN PRStatus | 1321 NSS_EXTERN PRStatus |
1321 STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) | 1322 STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) |
1322 { | 1323 { |
1323 PRStatus nssrv = PR_SUCCESS; | 1324 PRStatus nssrv = PR_SUCCESS; |
1324 | 1325 |
1325 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); | 1326 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); |
1326 NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c); | 1327 NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c); |
1327 /* caller made sure nssTrust isn't NULL */ | 1328 /* caller made sure nssTrust isn't NULL */ |
1328 nssPKIObject *tobject = &nssTrust->object; | 1329 nssPKIObject *tobject = &nssTrust->object; |
1329 nssPKIObject *cobject = &c->object; | 1330 nssPKIObject *cobject = &c->object; |
1330 int i; | 1331 unsigned int i; |
1331 | 1332 |
1332 /* Iterate through the cert and trust object instances looking for | 1333 /* Iterate through the cert and trust object instances looking for |
1333 * those with matching pk11 slots to delete. Even if some device | 1334 * those with matching pk11 slots to delete. Even if some device |
1334 * can't delete we keep going. Keeping a status variable for the | 1335 * can't delete we keep going. Keeping a status variable for the |
1335 * loop so that once it's failed the other gets set. | 1336 * loop so that once it's failed the other gets set. |
1336 */ | 1337 */ |
1337 NSSRWLock_LockRead(td->tokensLock); | 1338 NSSRWLock_LockRead(td->tokensLock); |
1338 nssPKIObject_AddRef(cobject); | 1339 nssPKIObject_AddRef(cobject); |
1339 nssPKIObject_Lock(cobject); | 1340 nssPKIObject_Lock(cobject); |
1340 for (i = 0; i < cobject->numInstances; i++) { | 1341 for (i = 0; i < cobject->numInstances; i++) { |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1430 td = STAN_GetDefaultTrustDomain(); | 1431 td = STAN_GetDefaultTrustDomain(); |
1431 cc = STAN_GetDefaultCryptoContext(); | 1432 cc = STAN_GetDefaultCryptoContext(); |
1432 printf("\n\nCertificates in the cache:\n"); | 1433 printf("\n\nCertificates in the cache:\n"); |
1433 nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL); | 1434 nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL); |
1434 printf("\n\nCertificates in the temporary store:\n"); | 1435 printf("\n\nCertificates in the temporary store:\n"); |
1435 if (cc->certStore) { | 1436 if (cc->certStore) { |
1436 nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); | 1437 nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); |
1437 } | 1438 } |
1438 } | 1439 } |
1439 | 1440 |
OLD | NEW |