OLD | NEW |
1 /* | 1 /* |
2 * NSS utility functions | 2 * NSS utility functions |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #include <stdio.h> | 8 #include <stdio.h> |
9 #include <string.h> | 9 #include <string.h> |
10 #include "prerror.h" | 10 #include "prerror.h" |
11 #include "secitem.h" | 11 #include "secitem.h" |
12 #include "prnetdb.h" | 12 #include "prnetdb.h" |
13 #include "cert.h" | 13 #include "cert.h" |
14 #include "nspr.h" | 14 #include "nspr.h" |
15 #include "secder.h" | 15 #include "secder.h" |
16 #include "key.h" | 16 #include "key.h" |
17 #include "nss.h" | 17 #include "nss.h" |
18 #include "ssl.h" | 18 #include "ssl.h" |
19 #include "pk11func.h"» /* for PK11_ function calls */ | 19 #include "pk11func.h" /* for PK11_ function calls */ |
20 | 20 |
21 /* | 21 /* |
22 * This callback used by SSL to pull client sertificate upon | 22 * This callback used by SSL to pull client sertificate upon |
23 * server request | 23 * server request |
24 */ | 24 */ |
25 SECStatus | 25 SECStatus |
26 NSS_GetClientAuthData(void * arg, | 26 NSS_GetClientAuthData(void *arg, |
27 PRFileDesc * socket, | 27 PRFileDesc *socket, |
28 » » struct CERTDistNamesStr * caNames, | 28 struct CERTDistNamesStr *caNames, |
29 » » struct CERTCertificateStr ** pRetCert, | 29 struct CERTCertificateStr **pRetCert, |
30 » » struct SECKEYPrivateKeyStr **pRetKey) | 30 struct SECKEYPrivateKeyStr **pRetKey) |
31 { | 31 { |
32 CERTCertificate * cert = NULL; | 32 CERTCertificate *cert = NULL; |
33 SECKEYPrivateKey * privkey = NULL; | 33 SECKEYPrivateKey *privkey = NULL; |
34 char * chosenNickName = (char *)arg; /* CONST */ | 34 char *chosenNickName = (char *)arg; /* CONST */ |
35 void * proto_win = NULL; | 35 void *proto_win = NULL; |
36 SECStatus rv = SECFailure; | 36 SECStatus rv = SECFailure; |
37 | 37 |
38 proto_win = SSL_RevealPinArg(socket); | 38 proto_win = SSL_RevealPinArg(socket); |
39 | 39 |
40 if (chosenNickName) { | 40 if (chosenNickName) { |
41 cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), | 41 cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), |
42 chosenNickName, certUsageSSLClient, | 42 chosenNickName, certUsageSSLClient, |
43 PR_FALSE, proto_win);» | 43 PR_FALSE, proto_win); |
44 if ( cert ) { | 44 if (cert) { |
45 privkey = PK11_FindKeyByAnyCert(cert, proto_win); | 45 privkey = PK11_FindKeyByAnyCert(cert, proto_win); |
46 if ( privkey ) { | 46 if (privkey) { |
47 » rv = SECSuccess; | 47 rv = SECSuccess; |
48 } else { | 48 } else { |
49 » CERT_DestroyCertificate(cert); | 49 CERT_DestroyCertificate(cert); |
50 } | 50 } |
| 51 } |
| 52 } else { /* no name given, automatically find the right cert. */ |
| 53 CERTCertNicknames *names; |
| 54 int i; |
| 55 |
| 56 names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), |
| 57 SEC_CERT_NICKNAMES_USER, proto_win); |
| 58 if (names != NULL) { |
| 59 for (i = 0; i < names->numnicknames; i++) { |
| 60 cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), |
| 61 names->nicknames[i], certUsageSS
LClient, |
| 62 PR_FALSE, proto_win); |
| 63 if (!cert) |
| 64 continue; |
| 65 /* Only check unexpired certs */ |
| 66 if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != |
| 67 secCertTimeValid) { |
| 68 CERT_DestroyCertificate(cert); |
| 69 continue; |
| 70 } |
| 71 rv = NSS_CmpCertChainWCANames(cert, caNames); |
| 72 if (rv == SECSuccess) { |
| 73 privkey = |
| 74 PK11_FindKeyByAnyCert(cert, proto_win); |
| 75 if (privkey) |
| 76 break; |
| 77 } |
| 78 rv = SECFailure; |
| 79 CERT_DestroyCertificate(cert); |
| 80 } |
| 81 CERT_FreeNicknames(names); |
| 82 } |
51 } | 83 } |
52 } else { /* no name given, automatically find the right cert. */ | 84 if (rv == SECSuccess) { |
53 CERTCertNicknames * names; | 85 *pRetCert = cert; |
54 int i; | 86 *pRetKey = privkey; |
55 | |
56 names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), | |
57 » » » » SEC_CERT_NICKNAMES_USER, proto_win); | |
58 if (names != NULL) { | |
59 for (i = 0; i < names->numnicknames; i++) { | |
60 » cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), | |
61 names->nicknames[i], certUsageSSLClient, | |
62 PR_FALSE, proto_win);» | |
63 » if ( !cert ) | |
64 » continue; | |
65 » /* Only check unexpired certs */ | |
66 » if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != | |
67 » secCertTimeValid ) { | |
68 » CERT_DestroyCertificate(cert); | |
69 » continue; | |
70 » } | |
71 » rv = NSS_CmpCertChainWCANames(cert, caNames); | |
72 » if ( rv == SECSuccess ) { | |
73 » privkey = PK11_FindKeyByAnyCert(cert, proto_win); | |
74 » if ( privkey ) | |
75 » break; | |
76 » } | |
77 » rv = SECFailure; | |
78 » CERT_DestroyCertificate(cert); | |
79 } | |
80 CERT_FreeNicknames(names); | |
81 } | 87 } |
82 } | 88 return rv; |
83 if (rv == SECSuccess) { | |
84 *pRetCert = cert; | |
85 *pRetKey = privkey; | |
86 } | |
87 return rv; | |
88 } | 89 } |
89 | |
OLD | NEW |