diff options
Diffstat (limited to 'nss/lib/certdb/stanpcertdb.c')
-rw-r--r-- | nss/lib/certdb/stanpcertdb.c | 835 |
1 files changed, 401 insertions, 434 deletions
diff --git a/nss/lib/certdb/stanpcertdb.c b/nss/lib/certdb/stanpcertdb.c index 1e1e06c..2b1aa97 100644 --- a/nss/lib/certdb/stanpcertdb.c +++ b/nss/lib/certdb/stanpcertdb.c @@ -33,18 +33,18 @@ PRBool SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject, - CERTCertDBHandle *handle) + CERTCertDBHandle *handle) { CERTCertificate *cert; PRBool conflict = PR_FALSE; - cert=CERT_FindCertByNickname(handle, nickname); + cert = CERT_FindCertByNickname(handle, nickname); if (!cert) { - return conflict; + return conflict; } - conflict = !SECITEM_ItemsAreEqual(derSubject,&cert->derSubject); + conflict = !SECITEM_ItemsAreEqual(derSubject, &cert->derSubject); CERT_DestroyCertificate(cert); return conflict; } @@ -64,15 +64,15 @@ SEC_DeletePermCertificate(CERTCertificate *cert) certTrust = nssTrust_GetCERTCertTrustForCert(c, cert); if (certTrust) { - NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c); - if (nssTrust) { - nssrv = STAN_DeleteCertTrustMatchingSlot(c); - if (nssrv != PR_SUCCESS) { - CERT_MapStanError(); - } - /* This call always returns PR_SUCCESS! */ - (void) nssTrust_Destroy(nssTrust); - } + NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c); + if (nssTrust) { + nssrv = STAN_DeleteCertTrustMatchingSlot(c); + if (nssrv != PR_SUCCESS) { + CERT_MapStanError(); + } + /* This call always returns PR_SUCCESS! */ + (void)nssTrust_Destroy(nssTrust); + } } /* get rid of the token instances */ @@ -91,14 +91,14 @@ CERT_GetCertTrust(const CERTCertificate *cert, CERTCertTrust *trust) { SECStatus rv; CERT_LockCertTrust(cert); - if ( cert->trust == NULL ) { - rv = SECFailure; + if (cert->trust == NULL) { + rv = SECFailure; } else { - *trust = *cert->trust; - rv = SECSuccess; + *trust = *cert->trust; + rv = SECSuccess; } CERT_UnlockCertTrust(cert); - return(rv); + return (rv); } extern const NSSError NSS_ERROR_NO_ERROR; @@ -141,14 +141,11 @@ extern const NSSError NSS_ERROR_BUSY; extern const NSSError NSS_ERROR_ALREADY_INITIALIZED; extern const NSSError NSS_ERROR_PKCS11; - /* Look at the stan error stack and map it to NSS 3 errors */ -#define STAN_MAP_ERROR(x,y) \ - else if (error == (x)) { \ - secError = y; \ - } \ +#define STAN_MAP_ERROR(x, y) \ + else if (error == (x)) { secError = y; } -/* +/* * map Stan errors into NSS errors * This function examines the stan error stack and automatically sets * PORT_SetError(); to the appropriate SEC_ERROR value. @@ -161,89 +158,81 @@ CERT_MapStanError() int secError; int i; - error = 0; - errorStack = NSS_GetErrorStack(); if (errorStack == 0) { - PORT_SetError(0); - return; - } + PORT_SetError(0); + return; + } error = prevError = CKR_GENERAL_ERROR; /* get the 'top 2' error codes from the stack */ - for (i=0; errorStack[i]; i++) { - prevError = error; - error = errorStack[i]; + for (i = 0; errorStack[i]; i++) { + prevError = error; + error = errorStack[i]; } if (error == NSS_ERROR_PKCS11) { - /* map it */ - secError = PK11_MapError(prevError); - } - STAN_MAP_ERROR(NSS_ERROR_NO_ERROR, 0) - STAN_MAP_ERROR(NSS_ERROR_NO_MEMORY, SEC_ERROR_NO_MEMORY) - STAN_MAP_ERROR(NSS_ERROR_INVALID_BASE64, SEC_ERROR_BAD_DATA) - STAN_MAP_ERROR(NSS_ERROR_INVALID_BER, SEC_ERROR_BAD_DER) - STAN_MAP_ERROR(NSS_ERROR_INVALID_ATAV, SEC_ERROR_INVALID_AVA) - STAN_MAP_ERROR(NSS_ERROR_INVALID_PASSWORD,SEC_ERROR_BAD_PASSWORD) - STAN_MAP_ERROR(NSS_ERROR_BUSY, SEC_ERROR_BUSY) - STAN_MAP_ERROR(NSS_ERROR_DEVICE_ERROR, SEC_ERROR_IO) - STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND, - SEC_ERROR_UNKNOWN_ISSUER) - STAN_MAP_ERROR(NSS_ERROR_INVALID_CERTIFICATE, SEC_ERROR_CERT_NOT_VALID) - STAN_MAP_ERROR(NSS_ERROR_INVALID_UTF8, SEC_ERROR_BAD_DATA) - STAN_MAP_ERROR(NSS_ERROR_INVALID_NSSOID, SEC_ERROR_BAD_DATA) - - /* these are library failure for lack of a better error code */ - STAN_MAP_ERROR(NSS_ERROR_NOT_FOUND, SEC_ERROR_LIBRARY_FAILURE) - STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_IN_CACHE, - SEC_ERROR_LIBRARY_FAILURE) - STAN_MAP_ERROR(NSS_ERROR_MAXIMUM_FOUND, SEC_ERROR_LIBRARY_FAILURE) - STAN_MAP_ERROR(NSS_ERROR_USER_CANCELED, SEC_ERROR_LIBRARY_FAILURE) - STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_INITIALIZED, - SEC_ERROR_LIBRARY_FAILURE) - STAN_MAP_ERROR(NSS_ERROR_ALREADY_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE) - STAN_MAP_ERROR(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD, - SEC_ERROR_LIBRARY_FAILURE) - STAN_MAP_ERROR(NSS_ERROR_HASH_COLLISION, SEC_ERROR_LIBRARY_FAILURE) - - STAN_MAP_ERROR(NSS_ERROR_INTERNAL_ERROR, SEC_ERROR_LIBRARY_FAILURE) - - /* these are all invalid arguments */ - STAN_MAP_ERROR(NSS_ERROR_INVALID_ARGUMENT, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_POINTER, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA_MARK, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_DUPLICATE_POINTER, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_POINTER_NOT_REGISTERED, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_EMPTY, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_VALUE_TOO_LARGE, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_UNSUPPORTED_TYPE, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_BUFFER_TOO_SHORT, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_ATOB_CONTEXT, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_BTOA_CONTEXT, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_ITEM, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_STRING, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1ENCODER, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1DECODER, SEC_ERROR_INVALID_ARGS) - STAN_MAP_ERROR(NSS_ERROR_UNKNOWN_ATTRIBUTE, SEC_ERROR_INVALID_ARGS) - else { - secError = SEC_ERROR_LIBRARY_FAILURE; + /* map it */ + secError = PK11_MapError(prevError); } + STAN_MAP_ERROR(NSS_ERROR_NO_ERROR, 0) + STAN_MAP_ERROR(NSS_ERROR_NO_MEMORY, SEC_ERROR_NO_MEMORY) + STAN_MAP_ERROR(NSS_ERROR_INVALID_BASE64, SEC_ERROR_BAD_DATA) + STAN_MAP_ERROR(NSS_ERROR_INVALID_BER, SEC_ERROR_BAD_DER) + STAN_MAP_ERROR(NSS_ERROR_INVALID_ATAV, SEC_ERROR_INVALID_AVA) + STAN_MAP_ERROR(NSS_ERROR_INVALID_PASSWORD, SEC_ERROR_BAD_PASSWORD) + STAN_MAP_ERROR(NSS_ERROR_BUSY, SEC_ERROR_BUSY) + STAN_MAP_ERROR(NSS_ERROR_DEVICE_ERROR, SEC_ERROR_IO) + STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND, + SEC_ERROR_UNKNOWN_ISSUER) + STAN_MAP_ERROR(NSS_ERROR_INVALID_CERTIFICATE, SEC_ERROR_CERT_NOT_VALID) + STAN_MAP_ERROR(NSS_ERROR_INVALID_UTF8, SEC_ERROR_BAD_DATA) + STAN_MAP_ERROR(NSS_ERROR_INVALID_NSSOID, SEC_ERROR_BAD_DATA) + + /* these are library failure for lack of a better error code */ + STAN_MAP_ERROR(NSS_ERROR_NOT_FOUND, SEC_ERROR_LIBRARY_FAILURE) + STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_IN_CACHE, SEC_ERROR_LIBRARY_FAILURE) + STAN_MAP_ERROR(NSS_ERROR_MAXIMUM_FOUND, SEC_ERROR_LIBRARY_FAILURE) + STAN_MAP_ERROR(NSS_ERROR_USER_CANCELED, SEC_ERROR_LIBRARY_FAILURE) + STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE) + STAN_MAP_ERROR(NSS_ERROR_ALREADY_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE) + STAN_MAP_ERROR(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD, + SEC_ERROR_LIBRARY_FAILURE) + STAN_MAP_ERROR(NSS_ERROR_HASH_COLLISION, SEC_ERROR_LIBRARY_FAILURE) + + STAN_MAP_ERROR(NSS_ERROR_INTERNAL_ERROR, SEC_ERROR_LIBRARY_FAILURE) + + /* these are all invalid arguments */ + STAN_MAP_ERROR(NSS_ERROR_INVALID_ARGUMENT, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_POINTER, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA_MARK, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_DUPLICATE_POINTER, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_POINTER_NOT_REGISTERED, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_EMPTY, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_VALUE_TOO_LARGE, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_UNSUPPORTED_TYPE, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_BUFFER_TOO_SHORT, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_ATOB_CONTEXT, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_BTOA_CONTEXT, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_ITEM, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_STRING, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1ENCODER, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1DECODER, SEC_ERROR_INVALID_ARGS) + STAN_MAP_ERROR(NSS_ERROR_UNKNOWN_ATTRIBUTE, SEC_ERROR_INVALID_ARGS) + else { secError = SEC_ERROR_LIBRARY_FAILURE; } PORT_SetError(secError); } - - SECStatus CERT_ChangeCertTrust(CERTCertDBHandle *handle, CERTCertificate *cert, - CERTCertTrust *trust) + CERTCertTrust *trust) { SECStatus rv = SECSuccess; PRStatus ret; ret = STAN_ChangeCertTrust(cert, trust); if (ret != PR_SUCCESS) { - rv = SECFailure; - CERT_MapStanError(); + rv = SECFailure; + CERT_MapStanError(); } return rv; } @@ -252,7 +241,7 @@ extern const NSSError NSS_ERROR_INVALID_CERTIFICATE; SECStatus __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, - CERTCertTrust *trust) + CERTCertTrust *trust) { NSSUTF8 *stanNick; PK11SlotInfo *slot; @@ -260,31 +249,31 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, NSSCryptoContext *context; nssCryptokiObject *permInstance; NSSCertificate *c = STAN_GetNSSCertificate(cert); - nssCertificateStoreTrace lockTrace = {NULL, NULL, PR_FALSE, PR_FALSE}; - nssCertificateStoreTrace unlockTrace = {NULL, NULL, PR_FALSE, PR_FALSE}; + nssCertificateStoreTrace lockTrace = { NULL, NULL, PR_FALSE, PR_FALSE }; + nssCertificateStoreTrace unlockTrace = { NULL, NULL, PR_FALSE, PR_FALSE }; SECStatus rv; PRStatus ret; if (c == NULL) { - CERT_MapStanError(); + CERT_MapStanError(); return SECFailure; } context = c->object.cryptoContext; if (!context) { - PORT_SetError(SEC_ERROR_ADDING_CERT); - return SECFailure; /* wasn't a temp cert */ + PORT_SetError(SEC_ERROR_ADDING_CERT); + return SECFailure; /* wasn't a temp cert */ } stanNick = nssCertificate_GetNickname(c, NULL); if (stanNick && nickname && strcmp(nickname, stanNick) != 0) { - /* different: take the new nickname */ - cert->nickname = NULL; + /* different: take the new nickname */ + cert->nickname = NULL; nss_ZFreeIf(stanNick); - stanNick = NULL; + stanNick = NULL; } if (!stanNick && nickname) { /* Either there was no nickname yet, or we have a new nickname */ - stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, NULL); + stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, NULL); } /* else: old stanNick is identical to new nickname */ /* Delete the temp instance */ nssCertificateStore_Lock(context->certStore, &lockTrace); @@ -294,24 +283,17 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, /* Import the perm instance onto the internal token */ slot = PK11_GetInternalKeySlot(); internal = PK11Slot_GetNSSToken(slot); - permInstance = nssToken_ImportCertificate(internal, NULL, - NSSCertificateType_PKIX, - &c->id, - stanNick, - &c->encoding, - &c->issuer, - &c->subject, - &c->serial, - cert->emailAddr, - PR_TRUE); + permInstance = nssToken_ImportCertificate( + internal, NULL, NSSCertificateType_PKIX, &c->id, stanNick, &c->encoding, + &c->issuer, &c->subject, &c->serial, cert->emailAddr, PR_TRUE); nss_ZFreeIf(stanNick); stanNick = NULL; PK11_FreeSlot(slot); if (!permInstance) { - if (NSS_GetError() == NSS_ERROR_INVALID_CERTIFICATE) { - PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL); - } - return SECFailure; + if (NSS_GetError() == NSS_ERROR_INVALID_CERTIFICATE) { + PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL); + } + return SECFailure; } nssPKIObject_AddInstance(&c->object, permInstance); nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); @@ -319,33 +301,33 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, cert->nssCertificate = NULL; cert = STAN_GetCERTCertificateOrRelease(c); /* should return same pointer */ if (!cert) { - CERT_MapStanError(); + CERT_MapStanError(); return SECFailure; } cert->istemp = PR_FALSE; cert->isperm = PR_TRUE; if (!trust) { - return SECSuccess; + return SECSuccess; } ret = STAN_ChangeCertTrust(cert, trust); rv = SECSuccess; if (ret != PR_SUCCESS) { - rv = SECFailure; - CERT_MapStanError(); + rv = SECFailure; + CERT_MapStanError(); } return rv; } SECStatus CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, - CERTCertTrust *trust) + CERTCertTrust *trust) { return __CERT_AddTempCertToPerm(cert, nickname, trust); } CERTCertificate * CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, - char *nickname, PRBool isperm, PRBool copyDER) + char *nickname, PRBool isperm, PRBool copyDER) { NSSCertificate *c; CERTCertificate *cc; @@ -354,52 +336,52 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, NSSCryptoContext *gCC = STAN_GetDefaultCryptoContext(); NSSTrustDomain *gTD = STAN_GetDefaultTrustDomain(); if (!isperm) { - NSSDER encoding; - NSSITEM_FROM_SECITEM(&encoding, derCert); - /* First, see if it is already a temp cert */ - c = NSSCryptoContext_FindCertificateByEncodedCertificate(gCC, - &encoding); - if (!c) { - /* Then, see if it is already a perm cert */ - c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle, - &encoding); - } - if (c) { - /* actually, that search ends up going by issuer/serial, - * so it is still possible to return a cert with the same - * issuer/serial but a different encoding, and we're - * going to reject that - */ - if (!nssItem_Equal(&c->encoding, &encoding, NULL)) { - nssCertificate_Destroy(c); - PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL); - cc = NULL; - } else { - cc = STAN_GetCERTCertificateOrRelease(c); - if (cc == NULL) { - CERT_MapStanError(); - } - } - return cc; - } + NSSDER encoding; + NSSITEM_FROM_SECITEM(&encoding, derCert); + /* First, see if it is already a temp cert */ + c = NSSCryptoContext_FindCertificateByEncodedCertificate(gCC, + &encoding); + if (!c) { + /* Then, see if it is already a perm cert */ + c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle, + &encoding); + } + if (c) { + /* actually, that search ends up going by issuer/serial, + * so it is still possible to return a cert with the same + * issuer/serial but a different encoding, and we're + * going to reject that + */ + if (!nssItem_Equal(&c->encoding, &encoding, NULL)) { + nssCertificate_Destroy(c); + PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL); + cc = NULL; + } else { + cc = STAN_GetCERTCertificateOrRelease(c); + if (cc == NULL) { + CERT_MapStanError(); + } + } + return cc; + } } pkio = nssPKIObject_Create(NULL, NULL, gTD, gCC, nssPKIMonitor); if (!pkio) { - CERT_MapStanError(); - return NULL; + CERT_MapStanError(); + return NULL; } c = nss_ZNEW(pkio->arena, NSSCertificate); if (!c) { - CERT_MapStanError(); - nssPKIObject_Destroy(pkio); - return NULL; + CERT_MapStanError(); + nssPKIObject_Destroy(pkio); + return NULL; } c->object = *pkio; if (copyDER) { - nssItem_Create(c->object.arena, &c->encoding, - derCert->len, derCert->data); + nssItem_Create(c->object.arena, &c->encoding, derCert->len, + derCert->data); } else { - NSSITEM_FROM_SECITEM(&c->encoding, derCert); + NSSITEM_FROM_SECITEM(&c->encoding, derCert); } /* Forces a decoding of the cert in order to obtain the parts used * below @@ -408,40 +390,40 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, * allocated so far for 'c' */ cc = STAN_GetCERTCertificate(c); if (!cc) { - CERT_MapStanError(); + CERT_MapStanError(); goto loser; } - nssItem_Create(c->object.arena, - &c->issuer, cc->derIssuer.len, cc->derIssuer.data); - nssItem_Create(c->object.arena, - &c->subject, cc->derSubject.len, cc->derSubject.data); + nssItem_Create(c->object.arena, &c->issuer, cc->derIssuer.len, + cc->derIssuer.data); + nssItem_Create(c->object.arena, &c->subject, cc->derSubject.len, + cc->derSubject.data); if (PR_TRUE) { - /* CERTCertificate stores serial numbers decoded. I need the DER - * here. sigh. - */ - SECItem derSerial = { 0 }; - CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial); - if (!derSerial.data) goto loser; - nssItem_Create(c->object.arena, &c->serial, derSerial.len, derSerial.data); - PORT_Free(derSerial.data); + /* CERTCertificate stores serial numbers decoded. I need the DER + * here. sigh. + */ + SECItem derSerial = { 0 }; + CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial); + if (!derSerial.data) + goto loser; + nssItem_Create(c->object.arena, &c->serial, derSerial.len, + derSerial.data); + PORT_Free(derSerial.data); } if (nickname) { - c->object.tempName = nssUTF8_Create(c->object.arena, - nssStringType_UTF8String, - (NSSUTF8 *)nickname, - PORT_Strlen(nickname)); + c->object.tempName = + nssUTF8_Create(c->object.arena, nssStringType_UTF8String, + (NSSUTF8 *)nickname, PORT_Strlen(nickname)); } if (cc->emailAddr && cc->emailAddr[0]) { - c->email = nssUTF8_Create(c->object.arena, - nssStringType_PrintableString, - (NSSUTF8 *)cc->emailAddr, - PORT_Strlen(cc->emailAddr)); + c->email = nssUTF8_Create( + c->object.arena, nssStringType_PrintableString, + (NSSUTF8 *)cc->emailAddr, PORT_Strlen(cc->emailAddr)); } tempCert = NSSCryptoContext_FindOrImportCertificate(gCC, c); if (!tempCert) { - CERT_MapStanError(); - goto loser; + CERT_MapStanError(); + goto loser; } /* destroy our copy */ NSSCertificate_Destroy(c); @@ -449,9 +431,9 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, c = tempCert; cc = STAN_GetCERTCertificateOrRelease(c); if (!cc) { - /* STAN_GetCERTCertificateOrRelease destroys c on failure. */ - CERT_MapStanError(); - return NULL; + /* STAN_GetCERTCertificateOrRelease destroys c on failure. */ + CERT_MapStanError(); + return NULL; } cc->istemp = PR_TRUE; @@ -466,20 +448,20 @@ loser: /* This symbol is exported for backward compatibility. */ CERTCertificate * __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, - char *nickname, PRBool isperm, PRBool copyDER) + char *nickname, PRBool isperm, PRBool copyDER) { - return CERT_NewTempCertificate(handle, derCert, nickname, - isperm, copyDER); + return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER); } /* maybe all the wincx's should be some const for internal token login? */ CERTCertificate * -CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN) +CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle, + CERTIssuerAndSN *issuerAndSN) { PK11SlotInfo *slot; CERTCertificate *cert; - cert = PK11_FindCertByIssuerAndSN(&slot,issuerAndSN,NULL); + cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL); if (cert && slot) { PK11_FreeSlot(slot); } @@ -493,9 +475,9 @@ get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp) NSSUsage usage; NSSCertificate *arr[3]; if (!ct) { - return nssCertificate_AddRef(cp); + return nssCertificate_AddRef(cp); } else if (!cp) { - return nssCertificate_AddRef(ct); + return nssCertificate_AddRef(ct); } arr[0] = ct; arr[1] = cp; @@ -514,16 +496,16 @@ CERT_FindCertByName(CERTCertDBHandle *handle, SECItem *name) NSSITEM_FROM_SECITEM(&subject, name); usage.anyUsage = PR_TRUE; cc = STAN_GetDefaultCryptoContext(); - ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject, - NULL, &usage, NULL); - cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject, - NULL, &usage, NULL); + ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject, NULL, + &usage, NULL); + cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject, NULL, + &usage, NULL); c = get_best_temp_or_perm(ct, cp); if (ct) { - CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); + CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); } if (cp) { - CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(cp)); + CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(cp)); } return c ? STAN_GetCERTCertificateOrRelease(c) : NULL; } @@ -535,19 +517,20 @@ CERT_FindCertByKeyID(CERTCertDBHandle *handle, SECItem *name, SECItem *keyID) CERTCertificate *cert = NULL; CERTCertListNode *node, *head; - list = CERT_CreateSubjectCertList(NULL,handle,name,0,PR_FALSE); - if (list == NULL) return NULL; + list = CERT_CreateSubjectCertList(NULL, handle, name, 0, PR_FALSE); + if (list == NULL) + return NULL; node = head = CERT_LIST_HEAD(list); if (head) { - do { - if (node->cert && - SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID) ) { - cert = CERT_DupCertificate(node->cert); - goto done; - } - node = CERT_LIST_NEXT(node); - } while (node && head != node); + do { + if (node->cert && + SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID)) { + cert = CERT_DupCertificate(node->cert); + goto done; + } + node = CERT_LIST_NEXT(node); + } while (node && head != node); } PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); done: @@ -566,18 +549,18 @@ CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname) NSSUsage usage; usage.anyUsage = PR_TRUE; cc = STAN_GetDefaultCryptoContext(); - ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, - NULL, &usage, NULL); + ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, NULL, + &usage, NULL); cert = PK11_FindCertFromNickname(nickname, NULL); c = NULL; if (cert) { - c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert)); - CERT_DestroyCertificate(cert); - if (ct) { - CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); - } + c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert)); + CERT_DestroyCertificate(cert); + if (ct) { + CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); + } } else { - c = ct; + c = ct; } return c ? STAN_GetCERTCertificateOrRelease(c) : NULL; } @@ -592,17 +575,17 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert) cc = STAN_GetDefaultCryptoContext(); c = NSSCryptoContext_FindCertificateByEncodedCertificate(cc, &encoding); if (!c) { - c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle, - &encoding); - if (!c) return NULL; + c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle, + &encoding); + if (!c) + return NULL; } return STAN_GetCERTCertificateOrRelease(c); } static CERTCertificate * -common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, - const char *name, - PRBool anyUsage, +common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, + const char *name, PRBool anyUsage, SECCertUsage lookingForUsage) { NSSCryptoContext *cc; @@ -613,63 +596,61 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, if (NULL == name) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + return NULL; } usage.anyUsage = anyUsage; if (!anyUsage) { - usage.nss3lookingForCA = PR_FALSE; - usage.nss3usage = lookingForUsage; + usage.nss3lookingForCA = PR_FALSE; + usage.nss3usage = lookingForUsage; } cc = STAN_GetDefaultCryptoContext(); - ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, - NULL, &usage, NULL); + ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, NULL, &usage, + NULL); if (!ct && PORT_Strchr(name, '@') != NULL) { - char* lowercaseName = CERT_FixupEmailAddr(name); + char *lowercaseName = CERT_FixupEmailAddr(name); if (lowercaseName) { - ct = NSSCryptoContext_FindBestCertificateByEmail(cc, lowercaseName, - NULL, &usage, NULL); + ct = NSSCryptoContext_FindBestCertificateByEmail( + cc, lowercaseName, NULL, &usage, NULL); PORT_Free(lowercaseName); } } if (anyUsage) { - cert = PK11_FindCertFromNickname(name, NULL); - } - else { - if (ct) { - /* Does ct really have the required usage? */ - nssDecodedCert *dc; - dc = nssCertificate_GetDecoding(ct); - if (!dc->matchUsage(dc, &usage)) { - CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); - ct = NULL; - } - } - - certlist = PK11_FindCertsFromNickname(name, NULL); - if (certlist) { - SECStatus rv = CERT_FilterCertListByUsage(certlist, - lookingForUsage, - PR_FALSE); - if (SECSuccess == rv && - !CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) { - cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert); + cert = PK11_FindCertFromNickname(name, NULL); + } else { + if (ct) { + /* Does ct really have the required usage? */ + nssDecodedCert *dc; + dc = nssCertificate_GetDecoding(ct); + if (!dc->matchUsage(dc, &usage)) { + CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); + ct = NULL; + } + } + + certlist = PK11_FindCertsFromNickname(name, NULL); + if (certlist) { + SECStatus rv = + CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE); + if (SECSuccess == rv && + !CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) { + cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert); + } + CERT_DestroyCertList(certlist); } - CERT_DestroyCertList(certlist); - } } if (cert) { - c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert)); - CERT_DestroyCertificate(cert); - if (ct) { - CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); - } + c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert)); + CERT_DestroyCertificate(cert); + if (ct) { + CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); + } } else { - c = ct; + c = ct; } return c ? STAN_GetCERTCertificateOrRelease(c) : NULL; } @@ -677,43 +658,41 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, CERTCertificate * CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name) { - return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, - PR_TRUE, 0); + return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE, + 0); } CERTCertificate * -CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, - const char *name, +CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, + const char *name, SECCertUsage lookingForUsage) { - return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, - PR_FALSE, - lookingForUsage); + return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE, + lookingForUsage); } -static void +static void add_to_subject_list(CERTCertList *certList, CERTCertificate *cert, PRBool validOnly, PRTime sorttime) { SECStatus secrv; if (!validOnly || - CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE) - == secCertTimeValid) { - secrv = CERT_AddCertToListSorted(certList, cert, - CERT_SortCBValidity, - (void *)&sorttime); - if (secrv != SECSuccess) { - CERT_DestroyCertificate(cert); - } + CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE) == + secCertTimeValid) { + secrv = CERT_AddCertToListSorted(certList, cert, CERT_SortCBValidity, + (void *)&sorttime); + if (secrv != SECSuccess) { + CERT_DestroyCertificate(cert); + } } else { - CERT_DestroyCertificate(cert); + CERT_DestroyCertificate(cert); } } CERTCertList * CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle, - const SECItem *name, PRTime sorttime, - PRBool validOnly) + const SECItem *name, PRTime sorttime, + PRBool validOnly) { NSSCryptoContext *cc; NSSCertificate **tSubjectCerts, **pSubjectCerts; @@ -724,45 +703,40 @@ CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle, cc = STAN_GetDefaultCryptoContext(); NSSITEM_FROM_SECITEM(&subject, name); /* Collect both temp and perm certs for the subject */ - tSubjectCerts = NSSCryptoContext_FindCertificatesBySubject(cc, - &subject, - NULL, - 0, - NULL); - pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle, - &subject, - NULL, - 0, - NULL); + tSubjectCerts = + NSSCryptoContext_FindCertificatesBySubject(cc, &subject, NULL, 0, NULL); + pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle, &subject, + NULL, 0, NULL); if (!tSubjectCerts && !pSubjectCerts) { - return NULL; + return NULL; } if (certList == NULL) { - certList = CERT_NewCertList(); - myList = PR_TRUE; - if (!certList) goto loser; + certList = CERT_NewCertList(); + myList = PR_TRUE; + if (!certList) + goto loser; } /* Iterate over the matching temp certs. Add them to the list */ ci = tSubjectCerts; while (ci && *ci) { - cert = STAN_GetCERTCertificateOrRelease(*ci); - /* *ci may be invalid at this point, don't reference it again */ + cert = STAN_GetCERTCertificateOrRelease(*ci); + /* *ci may be invalid at this point, don't reference it again */ if (cert) { - /* NOTE: add_to_subject_list adopts the incoming cert. */ - add_to_subject_list(certList, cert, validOnly, sorttime); + /* NOTE: add_to_subject_list adopts the incoming cert. */ + add_to_subject_list(certList, cert, validOnly, sorttime); } - ci++; + ci++; } /* Iterate over the matching perm certs. Add them to the list */ ci = pSubjectCerts; while (ci && *ci) { - cert = STAN_GetCERTCertificateOrRelease(*ci); - /* *ci may be invalid at this point, don't reference it again */ + cert = STAN_GetCERTCertificateOrRelease(*ci); + /* *ci may be invalid at this point, don't reference it again */ if (cert) { - /* NOTE: add_to_subject_list adopts the incoming cert. */ - add_to_subject_list(certList, cert, validOnly, sorttime); + /* NOTE: add_to_subject_list adopts the incoming cert. */ + add_to_subject_list(certList, cert, validOnly, sorttime); } - ci++; + ci++; } /* all the references have been adopted or freed at this point, just * free the arrays now */ @@ -774,7 +748,7 @@ loser: nssCertificateArray_Destroy(tSubjectCerts); nssCertificateArray_Destroy(pSubjectCerts); if (myList && certList != NULL) { - CERT_DestroyCertList(certList); + CERT_DestroyCertList(certList); } return NULL; } @@ -782,19 +756,19 @@ loser: void CERT_DestroyCertificate(CERTCertificate *cert) { - if ( cert ) { - /* don't use STAN_GetNSSCertificate because we don't want to - * go to the trouble of translating the CERTCertificate into - * an NSSCertificate just to destroy it. If it hasn't been done - * yet, don't do it at all. - */ - NSSCertificate *tmp = cert->nssCertificate; - if (tmp) { - /* delete the NSSCertificate */ - NSSCertificate_Destroy(tmp); - } else if (cert->arena) { - PORT_FreeArena(cert->arena, PR_FALSE); - } + if (cert) { + /* don't use STAN_GetNSSCertificate because we don't want to + * go to the trouble of translating the CERTCertificate into + * an NSSCertificate just to destroy it. If it hasn't been done + * yet, don't do it at all. + */ + NSSCertificate *tmp = cert->nssCertificate; + if (tmp) { + /* delete the NSSCertificate */ + NSSCertificate_Destroy(tmp); + } else if (cert->arena) { + PORT_FreeArena(cert->arena, PR_FALSE); + } } return; } @@ -807,8 +781,8 @@ CERT_GetDBContentVersion(CERTCertDBHandle *handle) } SECStatus -certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, - SECItem *emailProfile, SECItem *profileTime) +certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, + SECItem *emailProfile, SECItem *profileTime) { PRTime oldtime; PRTime newtime; @@ -824,111 +798,109 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, PRBool freeOldProfile = PR_FALSE; c = STAN_GetNSSCertificate(cert); - if (!c) return SECFailure; + if (!c) + return SECFailure; cc = c->object.cryptoContext; if (cc != NULL) { - stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c); - if (stanProfile) { - PORT_Assert(stanProfile->profileData); - SECITEM_FROM_NSSITEM(&oldprof, stanProfile->profileData); - oldProfile = &oldprof; - SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime); - oldProfileTime = &oldproftime; - } + stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c); + if (stanProfile) { + PORT_Assert(stanProfile->profileData); + SECITEM_FROM_NSSITEM(&oldprof, stanProfile->profileData); + oldProfile = &oldprof; + SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime); + oldProfileTime = &oldproftime; + } } else { - oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr, - &cert->derSubject, &oldProfileTime); - freeOldProfile = PR_TRUE; + oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr, + &cert->derSubject, &oldProfileTime); + freeOldProfile = PR_TRUE; } saveit = PR_FALSE; - + /* both profileTime and emailProfile have to exist or not exist */ - if ( emailProfile == NULL ) { - profileTime = NULL; - } else if ( profileTime == NULL ) { - emailProfile = NULL; + if (emailProfile == NULL) { + profileTime = NULL; + } else if (profileTime == NULL) { + emailProfile = NULL; } - - if ( oldProfileTime == NULL ) { - saveit = PR_TRUE; + + if (oldProfileTime == NULL) { + saveit = PR_TRUE; } else { - /* there was already a profile for this email addr */ - if ( profileTime ) { - /* we have an old and new profile - save whichever is more recent*/ - if ( oldProfileTime->len == 0 ) { - /* always replace if old entry doesn't have a time */ - oldtime = LL_MININT; - } else { - rv = DER_UTCTimeToTime(&oldtime, oldProfileTime); - if ( rv != SECSuccess ) { - goto loser; - } - } - - rv = DER_UTCTimeToTime(&newtime, profileTime); - if ( rv != SECSuccess ) { - goto loser; - } - - if ( LL_CMP(newtime, >, oldtime ) ) { - /* this is a newer profile, save it and cert */ - saveit = PR_TRUE; - } - } else { - saveit = PR_TRUE; - } + /* there was already a profile for this email addr */ + if (profileTime) { + /* we have an old and new profile - save whichever is more recent*/ + if (oldProfileTime->len == 0) { + /* always replace if old entry doesn't have a time */ + oldtime = LL_MININT; + } else { + rv = DER_UTCTimeToTime(&oldtime, oldProfileTime); + if (rv != SECSuccess) { + goto loser; + } + } + + rv = DER_UTCTimeToTime(&newtime, profileTime); + if (rv != SECSuccess) { + goto loser; + } + + if (LL_CMP(newtime, >, oldtime)) { + /* this is a newer profile, save it and cert */ + saveit = PR_TRUE; + } + } else { + saveit = PR_TRUE; + } } - if (saveit) { - if (cc) { - if (stanProfile) { - /* stanProfile is already stored in the crypto context, - * overwrite the data - */ - NSSArena *arena = stanProfile->object.arena; - stanProfile->profileTime = nssItem_Create(arena, - NULL, - profileTime->len, - profileTime->data); - stanProfile->profileData = nssItem_Create(arena, - NULL, - emailProfile->len, - emailProfile->data); - } else if (profileTime && emailProfile) { - PRStatus nssrv; - NSSItem profTime, profData; - NSSITEM_FROM_SECITEM(&profTime, profileTime); - NSSITEM_FROM_SECITEM(&profData, emailProfile); - stanProfile = nssSMIMEProfile_Create(c, &profTime, &profData); - if (!stanProfile) goto loser; - nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile); - rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure; - } - } else { - rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr, - &cert->derSubject, emailProfile, profileTime); - } + if (cc) { + if (stanProfile && profileTime && emailProfile) { + /* stanProfile is already stored in the crypto context, + * overwrite the data + */ + NSSArena *arena = stanProfile->object.arena; + stanProfile->profileTime = nssItem_Create( + arena, NULL, profileTime->len, profileTime->data); + stanProfile->profileData = nssItem_Create( + arena, NULL, emailProfile->len, emailProfile->data); + } else if (profileTime && emailProfile) { + PRStatus nssrv; + NSSItem profTime, profData; + NSSITEM_FROM_SECITEM(&profTime, profileTime); + NSSITEM_FROM_SECITEM(&profData, emailProfile); + stanProfile = nssSMIMEProfile_Create(c, &profTime, &profData); + if (!stanProfile) + goto loser; + nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile); + rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure; + } + } else { + rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr, + &cert->derSubject, emailProfile, + profileTime); + } } else { - rv = SECSuccess; + rv = SECSuccess; } loser: if (oldProfile && freeOldProfile) { - SECITEM_FreeItem(oldProfile,PR_TRUE); + SECITEM_FreeItem(oldProfile, PR_TRUE); } if (oldProfileTime && freeOldProfile) { - SECITEM_FreeItem(oldProfileTime,PR_TRUE); + SECITEM_FreeItem(oldProfileTime, PR_TRUE); } if (stanProfile) { - nssSMIMEProfile_Destroy(stanProfile); + nssSMIMEProfile_Destroy(stanProfile); } if (slot) { - PK11_FreeSlot(slot); + PK11_FreeSlot(slot); } - - return(rv); + + return (rv); } /* @@ -939,7 +911,7 @@ loser: SECStatus CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile, - SECItem *profileTime) + SECItem *profileTime) { const char *emailAddr; SECStatus rv; @@ -948,40 +920,39 @@ CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile, return SECFailure; } - if (cert->slot && !PK11_IsInternal(cert->slot)) { + if (cert->slot && !PK11_IsInternal(cert->slot)) { /* this cert comes from an external source, we need to add it to the cert db before creating an S/MIME profile */ - PK11SlotInfo* internalslot = PK11_GetInternalKeySlot(); + PK11SlotInfo *internalslot = PK11_GetInternalKeySlot(); if (!internalslot) { return SECFailure; } - rv = PK11_ImportCert(internalslot, cert, - CK_INVALID_HANDLE, NULL, PR_FALSE); + rv = PK11_ImportCert(internalslot, cert, CK_INVALID_HANDLE, NULL, + PR_FALSE); PK11_FreeSlot(internalslot); - if (rv != SECSuccess ) { + if (rv != SECSuccess) { return SECFailure; } } if (cert->slot && cert->isperm && CERT_IsUserCert(cert) && - (!emailProfile || !emailProfile->len)) { - /* Don't clobber emailProfile for user certs. */ - return SECSuccess; + (!emailProfile || !emailProfile->len)) { + /* Don't clobber emailProfile for user certs. */ + return SECSuccess; } for (emailAddr = CERT_GetFirstEmailAddress(cert); emailAddr != NULL; - emailAddr = CERT_GetNextEmailAddress(cert,emailAddr)) { - rv = certdb_SaveSingleProfile(cert,emailAddr,emailProfile,profileTime); - if (rv != SECSuccess) { - return SECFailure; - } + emailAddr = CERT_GetNextEmailAddress(cert, emailAddr)) { + rv = certdb_SaveSingleProfile(cert, emailAddr, emailProfile, + profileTime); + if (rv != SECSuccess) { + return SECFailure; + } } return SECSuccess; - } - SECItem * CERT_FindSMimeProfile(CERTCertificate *cert) { @@ -991,29 +962,30 @@ CERT_FindSMimeProfile(CERTCertificate *cert) SECItem *rvItem = NULL; if (!cert || !cert->emailAddr || !cert->emailAddr[0]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; } c = STAN_GetNSSCertificate(cert); - if (!c) return NULL; + if (!c) + return NULL; cc = c->object.cryptoContext; if (cc != NULL) { - nssSMIMEProfile *stanProfile; - stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c); - if (stanProfile) { - rvItem = SECITEM_AllocItem(NULL, NULL, - stanProfile->profileData->size); - if (rvItem) { - rvItem->data = stanProfile->profileData->data; - } - nssSMIMEProfile_Destroy(stanProfile); - } - return rvItem; + nssSMIMEProfile *stanProfile; + stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c); + if (stanProfile) { + rvItem = + SECITEM_AllocItem(NULL, NULL, stanProfile->profileData->size); + if (rvItem) { + rvItem->data = stanProfile->profileData->data; + } + nssSMIMEProfile_Destroy(stanProfile); + } + return rvItem; } rvItem = - PK11_FindSMimeProfile(&slot, cert->emailAddr, &cert->derSubject, NULL); + PK11_FindSMimeProfile(&slot, cert->emailAddr, &cert->derSubject, NULL); if (slot) { - PK11_FreeSlot(slot); + PK11_FreeSlot(slot); } return rvItem; } @@ -1050,23 +1022,18 @@ SECKEY_HashPassword(char *pw, SECItem *salt) SECStatus __CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle, - SECItem *derSubject, - void *cb, void *cbarg) + SECItem *derSubject, void *cb, void *cbarg) { PORT_Assert("CERT_TraversePermCertsForSubject is Deprecated" == NULL); PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); return SECFailure; } - SECStatus __CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname, - void *cb, void *cbarg) + void *cb, void *cbarg) { PORT_Assert("CERT_TraversePermCertsForNickname is Deprecated" == NULL); PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); return SECFailure; } - - - |