OLD | NEW |
| (Empty) |
1 /* | |
2 * NSS utility functions | |
3 * | |
4 * This Source Code Form is subject to the terms of the Mozilla Public | |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
7 | |
8 #include <stdio.h> | |
9 #include <string.h> | |
10 #include "prerror.h" | |
11 #include "secitem.h" | |
12 #include "prnetdb.h" | |
13 #include "cert.h" | |
14 #include "nspr.h" | |
15 #include "secder.h" | |
16 #include "key.h" | |
17 #include "nss.h" | |
18 #include "ssl.h" | |
19 #include "pk11func.h" /* for PK11_ function calls */ | |
20 | |
21 /* | |
22 * This callback used by SSL to pull client sertificate upon | |
23 * server request | |
24 */ | |
25 SECStatus | |
26 NSS_GetClientAuthData(void *arg, | |
27 PRFileDesc *socket, | |
28 struct CERTDistNamesStr *caNames, | |
29 struct CERTCertificateStr **pRetCert, | |
30 struct SECKEYPrivateKeyStr **pRetKey) | |
31 { | |
32 CERTCertificate *cert = NULL; | |
33 SECKEYPrivateKey *privkey = NULL; | |
34 char *chosenNickName = (char *)arg; /* CONST */ | |
35 void *proto_win = NULL; | |
36 SECStatus rv = SECFailure; | |
37 | |
38 proto_win = SSL_RevealPinArg(socket); | |
39 | |
40 if (chosenNickName) { | |
41 cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), | |
42 chosenNickName, certUsageSSLClient, | |
43 PR_FALSE, proto_win); | |
44 if (cert) { | |
45 privkey = PK11_FindKeyByAnyCert(cert, proto_win); | |
46 if (privkey) { | |
47 rv = SECSuccess; | |
48 } else { | |
49 CERT_DestroyCertificate(cert); | |
50 } | |
51 } | |
52 } else { /* no name given, automatically find the right cert. */ | |
53 CERTCertNicknames *names; | |
54 int i; | |
55 | |
56 names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), | |
57 SEC_CERT_NICKNAMES_USER, proto_win); | |
58 if (names != NULL) { | |
59 for (i = 0; i < names->numnicknames; i++) { | |
60 cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), | |
61 names->nicknames[i], certUsageSS
LClient, | |
62 PR_FALSE, proto_win); | |
63 if (!cert) | |
64 continue; | |
65 /* Only check unexpired certs */ | |
66 if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != | |
67 secCertTimeValid) { | |
68 CERT_DestroyCertificate(cert); | |
69 continue; | |
70 } | |
71 rv = NSS_CmpCertChainWCANames(cert, caNames); | |
72 if (rv == SECSuccess) { | |
73 privkey = | |
74 PK11_FindKeyByAnyCert(cert, proto_win); | |
75 if (privkey) | |
76 break; | |
77 } | |
78 rv = SECFailure; | |
79 CERT_DestroyCertificate(cert); | |
80 } | |
81 CERT_FreeNicknames(names); | |
82 } | |
83 } | |
84 if (rv == SECSuccess) { | |
85 *pRetCert = cert; | |
86 *pRetKey = privkey; | |
87 } | |
88 return rv; | |
89 } | |
OLD | NEW |