diff options
Diffstat (limited to 'nss/lib/pki')
-rw-r--r-- | nss/lib/pki/asymmkey.c | 325 | ||||
-rw-r--r-- | nss/lib/pki/certdecode.c | 55 | ||||
-rw-r--r-- | nss/lib/pki/certificate.c | 1114 | ||||
-rw-r--r-- | nss/lib/pki/cryptocontext.c | 841 | ||||
-rw-r--r-- | nss/lib/pki/exports.gyp | 32 | ||||
-rw-r--r-- | nss/lib/pki/nsspki.h | 2291 | ||||
-rw-r--r-- | nss/lib/pki/nsspkit.h | 44 | ||||
-rw-r--r-- | nss/lib/pki/pki.gyp | 32 | ||||
-rw-r--r-- | nss/lib/pki/pki.h | 190 | ||||
-rw-r--r-- | nss/lib/pki/pki3hack.c | 1197 | ||||
-rw-r--r-- | nss/lib/pki/pki3hack.h | 91 | ||||
-rw-r--r-- | nss/lib/pki/pkibase.c | 1269 | ||||
-rw-r--r-- | nss/lib/pki/pkim.h | 534 | ||||
-rw-r--r-- | nss/lib/pki/pkistore.c | 522 | ||||
-rw-r--r-- | nss/lib/pki/pkistore.h | 150 | ||||
-rw-r--r-- | nss/lib/pki/pkit.h | 27 | ||||
-rw-r--r-- | nss/lib/pki/pkitm.h | 42 | ||||
-rw-r--r-- | nss/lib/pki/symmkey.c | 232 | ||||
-rw-r--r-- | nss/lib/pki/tdcache.c | 1003 | ||||
-rw-r--r-- | nss/lib/pki/trustdomain.c | 1127 |
20 files changed, 5081 insertions, 6037 deletions
diff --git a/nss/lib/pki/asymmkey.c b/nss/lib/pki/asymmkey.c index 4c8ac9d..ce1f503 100644 --- a/nss/lib/pki/asymmkey.c +++ b/nss/lib/pki/asymmkey.c @@ -13,386 +13,349 @@ extern const NSSError NSS_ERROR_NOT_FOUND; NSS_IMPLEMENT PRStatus -NSSPrivateKey_Destroy ( - NSSPrivateKey *vk -) +NSSPrivateKey_Destroy( + NSSPrivateKey *vk) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSPrivateKey_DeleteStoredObject ( - NSSPrivateKey *vk, - NSSCallback *uhh -) +NSSPrivateKey_DeleteStoredObject( + NSSPrivateKey *vk, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRUint32 -NSSPrivateKey_GetSignatureLength ( - NSSPrivateKey *vk -) +NSSPrivateKey_GetSignatureLength( + NSSPrivateKey *vk) { nss_SetError(NSS_ERROR_NOT_FOUND); return -1; } NSS_IMPLEMENT PRUint32 -NSSPrivateKey_GetPrivateModulusLength ( - NSSPrivateKey *vk -) +NSSPrivateKey_GetPrivateModulusLength( + NSSPrivateKey *vk) { nss_SetError(NSS_ERROR_NOT_FOUND); return -1; } NSS_IMPLEMENT PRBool -NSSPrivateKey_IsStillPresent ( - NSSPrivateKey *vk, - PRStatus *statusOpt -) +NSSPrivateKey_IsStillPresent( + NSSPrivateKey *vk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FALSE; } NSS_IMPLEMENT NSSItem * -NSSPrivateKey_Encode ( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *ap, - NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */ - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSPrivateKey_Encode( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *ap, + NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */ + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSTrustDomain * -NSSPrivateKey_GetTrustDomain ( - NSSPrivateKey *vk, - PRStatus *statusOpt -) +NSSPrivateKey_GetTrustDomain( + NSSPrivateKey *vk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSToken * -NSSPrivateKey_GetToken ( - NSSPrivateKey *vk -) +NSSPrivateKey_GetToken(NSSPrivateKey *vk) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSlot * -NSSPrivateKey_GetSlot ( - NSSPrivateKey *vk -) +NSSPrivateKey_GetSlot(NSSPrivateKey *vk) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSModule * -NSSPrivateKey_GetModule ( - NSSPrivateKey *vk -) +NSSPrivateKey_GetModule( + NSSPrivateKey *vk) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSPrivateKey_Decrypt ( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *encryptedData, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSPrivateKey_Decrypt( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *encryptedData, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSPrivateKey_Sign ( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSPrivateKey_Sign( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSPrivateKey_SignRecover ( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSPrivateKey_SignRecover( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSPrivateKey_UnwrapSymmetricKey ( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSCallback *uhh -) +NSSPrivateKey_UnwrapSymmetricKey( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSPrivateKey_DeriveSymmetricKey ( - NSSPrivateKey *vk, - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSOID *target, - PRUint32 keySizeOpt, /* zero for best allowed */ - NSSOperations operations, - NSSCallback *uhh -) +NSSPrivateKey_DeriveSymmetricKey( + NSSPrivateKey *vk, + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSOID *target, + PRUint32 keySizeOpt, /* zero for best allowed */ + NSSOperations operations, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSPublicKey * -NSSPrivateKey_FindPublicKey ( - NSSPrivateKey *vk - /* { don't need the callback here, right? } */ -) +NSSPrivateKey_FindPublicKey( + NSSPrivateKey *vk + /* { don't need the callback here, right? } */ + ) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCryptoContext * -NSSPrivateKey_CreateCryptoContext ( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhh -) +NSSPrivateKey_CreateCryptoContext( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSPrivateKey_FindCertificates ( - NSSPrivateKey *vk, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSPrivateKey_FindCertificates( + NSSPrivateKey *vk, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSPrivateKey_FindBestCertificate ( - NSSPrivateKey *vk, - NSSTime *timeOpt, - NSSUsage *usageOpt, - NSSPolicies *policiesOpt -) +NSSPrivateKey_FindBestCertificate( + NSSPrivateKey *vk, + NSSTime *timeOpt, + NSSUsage *usageOpt, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSPublicKey_Destroy ( - NSSPublicKey *bk -) +NSSPublicKey_Destroy(NSSPublicKey *bk) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSPublicKey_DeleteStoredObject ( - NSSPublicKey *bk, - NSSCallback *uhh -) +NSSPublicKey_DeleteStoredObject( + NSSPublicKey *bk, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSPublicKey_Encode ( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *ap, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSPublicKey_Encode( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *ap, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSTrustDomain * -NSSPublicKey_GetTrustDomain ( - NSSPublicKey *bk, - PRStatus *statusOpt -) +NSSPublicKey_GetTrustDomain( + NSSPublicKey *bk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSToken * -NSSPublicKey_GetToken ( - NSSPublicKey *bk, - PRStatus *statusOpt -) +NSSPublicKey_GetToken( + NSSPublicKey *bk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSlot * -NSSPublicKey_GetSlot ( - NSSPublicKey *bk, - PRStatus *statusOpt -) +NSSPublicKey_GetSlot( + NSSPublicKey *bk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSModule * -NSSPublicKey_GetModule ( - NSSPublicKey *bk, - PRStatus *statusOpt -) +NSSPublicKey_GetModule( + NSSPublicKey *bk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSPublicKey_Encrypt ( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSPublicKey_Encrypt( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSPublicKey_Verify ( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSItem *signature, - NSSCallback *uhh -) +NSSPublicKey_Verify( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSItem *signature, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSPublicKey_VerifyRecover ( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSPublicKey_VerifyRecover( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSPublicKey_WrapSymmetricKey ( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSSymmetricKey *keyToWrap, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSPublicKey_WrapSymmetricKey( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSSymmetricKey *keyToWrap, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCryptoContext * -NSSPublicKey_CreateCryptoContext ( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhh -) +NSSPublicKey_CreateCryptoContext( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSPublicKey_FindCertificates ( - NSSPublicKey *bk, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSPublicKey_FindCertificates( + NSSPublicKey *bk, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSPublicKey_FindBestCertificate ( - NSSPublicKey *bk, - NSSTime *timeOpt, - NSSUsage *usageOpt, - NSSPolicies *policiesOpt -) +NSSPublicKey_FindBestCertificate( + NSSPublicKey *bk, + NSSTime *timeOpt, + NSSUsage *usageOpt, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSPrivateKey * -NSSPublicKey_FindPrivateKey ( - NSSPublicKey *bk, - NSSCallback *uhh -) +NSSPublicKey_FindPrivateKey( + NSSPublicKey *bk, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } - diff --git a/nss/lib/pki/certdecode.c b/nss/lib/pki/certdecode.c index fa259cc..61c8033 100644 --- a/nss/lib/pki/certdecode.c +++ b/nss/lib/pki/certdecode.c @@ -12,54 +12,49 @@ /* This is defined in pki3hack.c */ NSS_EXTERN nssDecodedCert * -nssDecodedPKIXCertificate_Create ( - NSSArena *arenaOpt, - NSSDER *encoding -); +nssDecodedPKIXCertificate_Create( + NSSArena *arenaOpt, + NSSDER *encoding); NSS_IMPLEMENT PRStatus -nssDecodedPKIXCertificate_Destroy ( - nssDecodedCert *dc -); +nssDecodedPKIXCertificate_Destroy( + nssDecodedCert *dc); NSS_IMPLEMENT nssDecodedCert * -nssDecodedCert_Create ( - NSSArena *arenaOpt, - NSSDER *encoding, - NSSCertificateType type -) +nssDecodedCert_Create( + NSSArena *arenaOpt, + NSSDER *encoding, + NSSCertificateType type) { nssDecodedCert *rvDC = NULL; - switch(type) { - case NSSCertificateType_PKIX: - rvDC = nssDecodedPKIXCertificate_Create(arenaOpt, encoding); - break; - default: + switch (type) { + case NSSCertificateType_PKIX: + rvDC = nssDecodedPKIXCertificate_Create(arenaOpt, encoding); + break; + default: #if 0 - nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); #endif - return (nssDecodedCert *)NULL; + return (nssDecodedCert *)NULL; } return rvDC; } NSS_IMPLEMENT PRStatus -nssDecodedCert_Destroy ( - nssDecodedCert *dc -) +nssDecodedCert_Destroy( + nssDecodedCert *dc) { if (!dc) { - return PR_FAILURE; + return PR_FAILURE; } - switch(dc->type) { - case NSSCertificateType_PKIX: - return nssDecodedPKIXCertificate_Destroy(dc); - default: + switch (dc->type) { + case NSSCertificateType_PKIX: + return nssDecodedPKIXCertificate_Destroy(dc); + default: #if 0 - nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); #endif - break; + break; } return PR_FAILURE; } - diff --git a/nss/lib/pki/certificate.c b/nss/lib/pki/certificate.c index fdf147c..4d94bc8 100644 --- a/nss/lib/pki/certificate.c +++ b/nss/lib/pki/certificate.c @@ -32,25 +32,24 @@ extern const NSSError NSS_ERROR_NOT_FOUND; /* Creates a certificate from a base object */ NSS_IMPLEMENT NSSCertificate * -nssCertificate_Create ( - nssPKIObject *object -) +nssCertificate_Create( + nssPKIObject *object) { PRStatus status; NSSCertificate *rvCert; - nssArenaMark * mark; + nssArenaMark *mark; NSSArena *arena = object->arena; PR_ASSERT(object->instances != NULL && object->numInstances > 0); PR_ASSERT(object->lockType == nssPKIMonitor); mark = nssArena_Mark(arena); rvCert = nss_ZNEW(arena, NSSCertificate); if (!rvCert) { - return (NSSCertificate *)NULL; + return (NSSCertificate *)NULL; } rvCert->object = *object; /* XXX should choose instance based on some criteria */ status = nssCryptokiCertificate_GetAttributes(object->instances[0], - NULL, /* XXX sessionOpt */ + NULL, /* XXX sessionOpt */ arena, &rvCert->type, &rvCert->id, @@ -59,236 +58,217 @@ nssCertificate_Create ( &rvCert->serial, &rvCert->subject); if (status != PR_SUCCESS || - !rvCert->encoding.data || - !rvCert->encoding.size || - !rvCert->issuer.data || - !rvCert->issuer.size || - !rvCert->serial.data || - !rvCert->serial.size) { - if (mark) - nssArena_Release(arena, mark); - return (NSSCertificate *)NULL; + !rvCert->encoding.data || + !rvCert->encoding.size || + !rvCert->issuer.data || + !rvCert->issuer.size || + !rvCert->serial.data || + !rvCert->serial.size) { + if (mark) + nssArena_Release(arena, mark); + return (NSSCertificate *)NULL; } if (mark) - nssArena_Unmark(arena, mark); + nssArena_Unmark(arena, mark); return rvCert; } NSS_IMPLEMENT NSSCertificate * -nssCertificate_AddRef ( - NSSCertificate *c -) +nssCertificate_AddRef( + NSSCertificate *c) { if (c) { - nssPKIObject_AddRef(&c->object); + nssPKIObject_AddRef(&c->object); } return c; } NSS_IMPLEMENT PRStatus -nssCertificate_Destroy ( - NSSCertificate *c -) +nssCertificate_Destroy( + NSSCertificate *c) { - nssCertificateStoreTrace lockTrace = {NULL, NULL, PR_FALSE, PR_FALSE}; - nssCertificateStoreTrace unlockTrace = {NULL, NULL, PR_FALSE, PR_FALSE}; + nssCertificateStoreTrace lockTrace = { NULL, NULL, PR_FALSE, PR_FALSE }; + nssCertificateStoreTrace unlockTrace = { NULL, NULL, PR_FALSE, PR_FALSE }; if (c) { - PRUint32 i; - nssDecodedCert *dc = c->decoding; - NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); - NSSCryptoContext *cc = c->object.cryptoContext; - - PR_ASSERT(c->object.refCount > 0); - - /* --- LOCK storage --- */ - if (cc) { - nssCertificateStore_Lock(cc->certStore, &lockTrace); - } else { - nssTrustDomain_LockCertCache(td); - } - if (PR_ATOMIC_DECREMENT(&c->object.refCount) == 0) { - /* --- remove cert and UNLOCK storage --- */ - if (cc) { - nssCertificateStore_RemoveCertLOCKED(cc->certStore, c); - nssCertificateStore_Unlock(cc->certStore, &lockTrace, + PRUint32 i; + nssDecodedCert *dc = c->decoding; + NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); + NSSCryptoContext *cc = c->object.cryptoContext; + + PR_ASSERT(c->object.refCount > 0); + + /* --- LOCK storage --- */ + if (cc) { + nssCertificateStore_Lock(cc->certStore, &lockTrace); + } else { + nssTrustDomain_LockCertCache(td); + } + if (PR_ATOMIC_DECREMENT(&c->object.refCount) == 0) { + /* --- remove cert and UNLOCK storage --- */ + if (cc) { + nssCertificateStore_RemoveCertLOCKED(cc->certStore, c); + nssCertificateStore_Unlock(cc->certStore, &lockTrace, &unlockTrace); - } else { - nssTrustDomain_RemoveCertFromCacheLOCKED(td, c); - nssTrustDomain_UnlockCertCache(td); - } - /* free cert data */ - for (i=0; i<c->object.numInstances; i++) { - nssCryptokiObject_Destroy(c->object.instances[i]); - } - nssPKIObject_DestroyLock(&c->object); - nssArena_Destroy(c->object.arena); - nssDecodedCert_Destroy(dc); - } else { - /* --- UNLOCK storage --- */ - if (cc) { - nssCertificateStore_Unlock(cc->certStore, - &lockTrace, - &unlockTrace); - } else { - nssTrustDomain_UnlockCertCache(td); - } - } + } else { + nssTrustDomain_RemoveCertFromCacheLOCKED(td, c); + nssTrustDomain_UnlockCertCache(td); + } + /* free cert data */ + for (i = 0; i < c->object.numInstances; i++) { + nssCryptokiObject_Destroy(c->object.instances[i]); + } + nssPKIObject_DestroyLock(&c->object); + nssArena_Destroy(c->object.arena); + nssDecodedCert_Destroy(dc); + } else { + /* --- UNLOCK storage --- */ + if (cc) { + nssCertificateStore_Unlock(cc->certStore, + &lockTrace, + &unlockTrace); + } else { + nssTrustDomain_UnlockCertCache(td); + } + } } return PR_SUCCESS; } NSS_IMPLEMENT PRStatus -NSSCertificate_Destroy ( - NSSCertificate *c -) +NSSCertificate_Destroy(NSSCertificate *c) { return nssCertificate_Destroy(c); } NSS_IMPLEMENT NSSDER * -nssCertificate_GetEncoding ( - NSSCertificate *c -) +nssCertificate_GetEncoding(NSSCertificate *c) { if (c->encoding.size > 0 && c->encoding.data) { - return &c->encoding; + return &c->encoding; } else { - return (NSSDER *)NULL; + return (NSSDER *)NULL; } } NSS_IMPLEMENT NSSDER * -nssCertificate_GetIssuer ( - NSSCertificate *c -) +nssCertificate_GetIssuer(NSSCertificate *c) { if (c->issuer.size > 0 && c->issuer.data) { - return &c->issuer; + return &c->issuer; } else { - return (NSSDER *)NULL; + return (NSSDER *)NULL; } } NSS_IMPLEMENT NSSDER * -nssCertificate_GetSerialNumber ( - NSSCertificate *c -) +nssCertificate_GetSerialNumber(NSSCertificate *c) { if (c->serial.size > 0 && c->serial.data) { - return &c->serial; + return &c->serial; } else { - return (NSSDER *)NULL; + return (NSSDER *)NULL; } } NSS_IMPLEMENT NSSDER * -nssCertificate_GetSubject ( - NSSCertificate *c -) +nssCertificate_GetSubject(NSSCertificate *c) { if (c->subject.size > 0 && c->subject.data) { - return &c->subject; + return &c->subject; } else { - return (NSSDER *)NULL; + return (NSSDER *)NULL; } } /* Returns a copy, Caller must free using nss_ZFreeIf */ NSS_IMPLEMENT NSSUTF8 * -nssCertificate_GetNickname ( - NSSCertificate *c, - NSSToken *tokenOpt -) +nssCertificate_GetNickname( + NSSCertificate *c, + NSSToken *tokenOpt) { return nssPKIObject_GetNicknameForToken(&c->object, tokenOpt); } NSS_IMPLEMENT NSSASCII7 * -nssCertificate_GetEmailAddress ( - NSSCertificate *c -) +nssCertificate_GetEmailAddress(NSSCertificate *c) { return c->email; } NSS_IMPLEMENT PRStatus -NSSCertificate_DeleteStoredObject ( - NSSCertificate *c, - NSSCallback *uhh -) +NSSCertificate_DeleteStoredObject( + NSSCertificate *c, + NSSCallback *uhh) { return nssPKIObject_DeleteStoredObject(&c->object, uhh, PR_TRUE); } NSS_IMPLEMENT PRStatus -NSSCertificate_Validate ( - NSSCertificate *c, - NSSTime *timeOpt, /* NULL for "now" */ - NSSUsage *usage, - NSSPolicies *policiesOpt /* NULL for none */ -) +NSSCertificate_Validate( + NSSCertificate *c, + NSSTime *timeOpt, /* NULL for "now" */ + NSSUsage *usage, + NSSPolicies *policiesOpt /* NULL for none */ + ) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT void ** /* void *[] */ -NSSCertificate_ValidateCompletely ( - NSSCertificate *c, - NSSTime *timeOpt, /* NULL for "now" */ - NSSUsage *usage, - NSSPolicies *policiesOpt, /* NULL for none */ - void **rvOpt, /* NULL for allocate */ - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt /* NULL for heap */ -) + NSSCertificate_ValidateCompletely( + NSSCertificate *c, + NSSTime *timeOpt, /* NULL for "now" */ + NSSUsage *usage, + NSSPolicies *policiesOpt, /* NULL for none */ + void **rvOpt, /* NULL for allocate */ + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt /* NULL for heap */ + ) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCertificate_ValidateAndDiscoverUsagesAndPolicies ( - NSSCertificate *c, - NSSTime **notBeforeOutOpt, - NSSTime **notAfterOutOpt, - void *allowedUsages, - void *disallowedUsages, - void *allowedPolicies, - void *disallowedPolicies, - /* more args.. work on this fgmr */ - NSSArena *arenaOpt -) +NSSCertificate_ValidateAndDiscoverUsagesAndPolicies( + NSSCertificate *c, + NSSTime **notBeforeOutOpt, + NSSTime **notAfterOutOpt, + void *allowedUsages, + void *disallowedUsages, + void *allowedPolicies, + void *disallowedPolicies, + /* more args.. work on this fgmr */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSDER * -NSSCertificate_Encode ( - NSSCertificate *c, - NSSDER *rvOpt, - NSSArena *arenaOpt -) +NSSCertificate_Encode( + NSSCertificate *c, + NSSDER *rvOpt, + NSSArena *arenaOpt) { /* Item, DER, BER are all typedefs now... */ return nssItem_Duplicate((NSSItem *)&c->encoding, arenaOpt, rvOpt); } NSS_IMPLEMENT nssDecodedCert * -nssCertificate_GetDecoding ( - NSSCertificate *c -) +nssCertificate_GetDecoding( + NSSCertificate *c) { - nssDecodedCert* deco = NULL; + nssDecodedCert *deco = NULL; if (c->type == NSSCertificateType_PKIX) { (void)STAN_GetCERTCertificate(c); } nssPKIObject_Lock(&c->object); if (!c->decoding) { - deco = nssDecodedCert_Create(NULL, &c->encoding, c->type); - PORT_Assert(!c->decoding); + deco = nssDecodedCert_Create(NULL, &c->encoding, c->type); + PORT_Assert(!c->decoding); c->decoding = deco; } else { deco = c->decoding; @@ -298,10 +278,9 @@ nssCertificate_GetDecoding ( } static NSSCertificate ** -filter_subject_certs_for_id ( - NSSCertificate **subjectCerts, - void *id -) +filter_subject_certs_for_id( + NSSCertificate **subjectCerts, + void *id) { NSSCertificate **si; nssDecodedCert *dcp; @@ -312,74 +291,71 @@ filter_subject_certs_for_id ( /* walk the subject certs */ for (si = subjectCerts; *si; si++) { - dcp = nssCertificate_GetDecoding(*si); - if (!dcp) { - NSSCertificate_Destroy(*si); - continue; - } - match = dcp->matchIdentifier(dcp, id); - switch (match) { - case nssCertIDMatch_Yes: - if (matchLevel == nssCertIDMatch_Unknown) { - /* we have non-definitive matches, forget them */ - for (i = 0; i < nextOpenSlot; i++) { - NSSCertificate_Destroy(subjectCerts[i]); - subjectCerts[i] = NULL; - } - nextOpenSlot = 0; - /* only keep definitive matches from now on */ - matchLevel = nssCertIDMatch_Yes; - } - /* keep the cert */ - subjectCerts[nextOpenSlot++] = *si; - break; - case nssCertIDMatch_Unknown: - if (matchLevel == nssCertIDMatch_Unknown) { - /* only have non-definitive matches so far, keep it */ - subjectCerts[nextOpenSlot++] = *si; - break; - } - /* else fall through, we have a definitive match already */ - case nssCertIDMatch_No: - default: - NSSCertificate_Destroy(*si); - *si = NULL; - } + dcp = nssCertificate_GetDecoding(*si); + if (!dcp) { + NSSCertificate_Destroy(*si); + continue; + } + match = dcp->matchIdentifier(dcp, id); + switch (match) { + case nssCertIDMatch_Yes: + if (matchLevel == nssCertIDMatch_Unknown) { + /* we have non-definitive matches, forget them */ + for (i = 0; i < nextOpenSlot; i++) { + NSSCertificate_Destroy(subjectCerts[i]); + subjectCerts[i] = NULL; + } + nextOpenSlot = 0; + /* only keep definitive matches from now on */ + matchLevel = nssCertIDMatch_Yes; + } + /* keep the cert */ + subjectCerts[nextOpenSlot++] = *si; + break; + case nssCertIDMatch_Unknown: + if (matchLevel == nssCertIDMatch_Unknown) { + /* only have non-definitive matches so far, keep it */ + subjectCerts[nextOpenSlot++] = *si; + break; + } + /* else fall through, we have a definitive match already */ + case nssCertIDMatch_No: + default: + NSSCertificate_Destroy(*si); + *si = NULL; + } } subjectCerts[nextOpenSlot] = NULL; return subjectCerts; } static NSSCertificate ** -filter_certs_for_valid_issuers ( - NSSCertificate **certs -) +filter_certs_for_valid_issuers(NSSCertificate **certs) { NSSCertificate **cp; nssDecodedCert *dcp; int nextOpenSlot = 0; for (cp = certs; *cp; cp++) { - dcp = nssCertificate_GetDecoding(*cp); - if (dcp && dcp->isValidIssuer(dcp)) { - certs[nextOpenSlot++] = *cp; - } else { - NSSCertificate_Destroy(*cp); - } + dcp = nssCertificate_GetDecoding(*cp); + if (dcp && dcp->isValidIssuer(dcp)) { + certs[nextOpenSlot++] = *cp; + } else { + NSSCertificate_Destroy(*cp); + } } certs[nextOpenSlot] = NULL; return certs; } static NSSCertificate * -find_cert_issuer ( - NSSCertificate *c, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSTrustDomain *td, - NSSCryptoContext *cc -) +find_cert_issuer( + NSSCertificate *c, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSTrustDomain *td, + NSSCryptoContext *cc) { NSSArena *arena; NSSCertificate **certs = NULL; @@ -388,47 +364,47 @@ find_cert_issuer ( NSSCertificate *issuer = NULL; if (!cc) - cc = c->object.cryptoContext; + cc = c->object.cryptoContext; if (!td) - td = NSSCertificate_GetTrustDomain(c); + td = NSSCertificate_GetTrustDomain(c); arena = nssArena_Create(); if (!arena) { - return (NSSCertificate *)NULL; + return (NSSCertificate *)NULL; } if (cc) { - ccIssuers = nssCryptoContext_FindCertificatesBySubject(cc, - &c->issuer, - NULL, - 0, - arena); + ccIssuers = nssCryptoContext_FindCertificatesBySubject(cc, + &c->issuer, + NULL, + 0, + arena); } if (td) - tdIssuers = nssTrustDomain_FindCertificatesBySubject(td, - &c->issuer, - NULL, - 0, - arena); + tdIssuers = nssTrustDomain_FindCertificatesBySubject(td, + &c->issuer, + NULL, + 0, + arena); certs = nssCertificateArray_Join(ccIssuers, tdIssuers); if (certs) { - nssDecodedCert *dc = NULL; - void *issuerID = NULL; - dc = nssCertificate_GetDecoding(c); - if (dc) { - issuerID = dc->getIssuerIdentifier(dc); - } - /* XXX review based on CERT_FindCertIssuer - * this function is not using the authCertIssuer field as a fallback - * if authority key id does not exist - */ - if (issuerID) { - certs = filter_subject_certs_for_id(certs, issuerID); - } - certs = filter_certs_for_valid_issuers(certs); - issuer = nssCertificateArray_FindBestCertificate(certs, - timeOpt, - usage, - policiesOpt); - nssCertificateArray_Destroy(certs); + nssDecodedCert *dc = NULL; + void *issuerID = NULL; + dc = nssCertificate_GetDecoding(c); + if (dc) { + issuerID = dc->getIssuerIdentifier(dc); + } + /* XXX review based on CERT_FindCertIssuer + * this function is not using the authCertIssuer field as a fallback + * if authority key id does not exist + */ + if (issuerID) { + certs = filter_subject_certs_for_id(certs, issuerID); + } + certs = filter_certs_for_valid_issuers(certs); + issuer = nssCertificateArray_FindBestCertificate(certs, + timeOpt, + usage, + policiesOpt); + nssCertificateArray_Destroy(certs); } nssArena_Destroy(arena); return issuer; @@ -438,260 +414,243 @@ find_cert_issuer ( ** even if/when it fails to find an issuer, and returns PR_FAILURE */ NSS_IMPLEMENT NSSCertificate ** -nssCertificate_BuildChain ( - NSSCertificate *c, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, - NSSArena *arenaOpt, - PRStatus *statusOpt, - NSSTrustDomain *td, - NSSCryptoContext *cc -) +nssCertificate_BuildChain( + NSSCertificate *c, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, + NSSArena *arenaOpt, + PRStatus *statusOpt, + NSSTrustDomain *td, + NSSCryptoContext *cc) { NSSCertificate **rvChain = NULL; NSSUsage issuerUsage = *usage; nssPKIObjectCollection *collection = NULL; - PRUint32 rvCount = 0; - PRStatus st; - PRStatus ret = PR_SUCCESS; + PRUint32 rvCount = 0; + PRStatus st; + PRStatus ret = PR_SUCCESS; if (!c || !cc || (!td && (td = NSSCertificate_GetTrustDomain(c)) == NULL)) { - goto loser; + goto loser; } /* bump the usage up to CA level */ issuerUsage.nss3lookingForCA = PR_TRUE; collection = nssCertificateCollection_Create(td, NULL); if (!collection) - goto loser; + goto loser; st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c); if (st != PR_SUCCESS) - goto loser; + goto loser; for (rvCount = 1; (!rvLimit || rvCount < rvLimit); ++rvCount) { - CERTCertificate *cCert = STAN_GetCERTCertificate(c); - if (cCert->isRoot) { - /* not including the issuer of the self-signed cert, which is, - * of course, itself - */ - break; - } - c = find_cert_issuer(c, timeOpt, &issuerUsage, policiesOpt, td, cc); - if (!c) { - ret = PR_FAILURE; - break; - } - st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c); - nssCertificate_Destroy(c); /* collection has it */ - if (st != PR_SUCCESS) - goto loser; + CERTCertificate *cCert = STAN_GetCERTCertificate(c); + if (cCert->isRoot) { + /* not including the issuer of the self-signed cert, which is, + * of course, itself + */ + break; + } + c = find_cert_issuer(c, timeOpt, &issuerUsage, policiesOpt, td, cc); + if (!c) { + ret = PR_FAILURE; + break; + } + st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c); + nssCertificate_Destroy(c); /* collection has it */ + if (st != PR_SUCCESS) + goto loser; } - rvChain = nssPKIObjectCollection_GetCertificates(collection, - rvOpt, - rvLimit, + rvChain = nssPKIObjectCollection_GetCertificates(collection, + rvOpt, + rvLimit, arenaOpt); if (rvChain) { - nssPKIObjectCollection_Destroy(collection); - if (statusOpt) - *statusOpt = ret; - if (ret != PR_SUCCESS) - nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND); - return rvChain; + nssPKIObjectCollection_Destroy(collection); + if (statusOpt) + *statusOpt = ret; + if (ret != PR_SUCCESS) + nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND); + return rvChain; } loser: if (collection) - nssPKIObjectCollection_Destroy(collection); - if (statusOpt) - *statusOpt = PR_FAILURE; + nssPKIObjectCollection_Destroy(collection); + if (statusOpt) + *statusOpt = PR_FAILURE; nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND); return rvChain; } NSS_IMPLEMENT NSSCertificate ** -NSSCertificate_BuildChain ( - NSSCertificate *c, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt, - PRStatus *statusOpt, - NSSTrustDomain *td, - NSSCryptoContext *cc -) +NSSCertificate_BuildChain( + NSSCertificate *c, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt, + PRStatus *statusOpt, + NSSTrustDomain *td, + NSSCryptoContext *cc) { return nssCertificate_BuildChain(c, timeOpt, usage, policiesOpt, rvOpt, rvLimit, arenaOpt, statusOpt, - td, cc); + td, cc); } NSS_IMPLEMENT NSSCryptoContext * -nssCertificate_GetCryptoContext ( - NSSCertificate *c -) +nssCertificate_GetCryptoContext(NSSCertificate *c) { return c->object.cryptoContext; } NSS_IMPLEMENT NSSTrustDomain * -nssCertificate_GetTrustDomain ( - NSSCertificate *c -) +nssCertificate_GetTrustDomain(NSSCertificate *c) { return c->object.trustDomain; } NSS_IMPLEMENT NSSTrustDomain * -NSSCertificate_GetTrustDomain ( - NSSCertificate *c -) +NSSCertificate_GetTrustDomain(NSSCertificate *c) { return nssCertificate_GetTrustDomain(c); } NSS_IMPLEMENT NSSToken * -NSSCertificate_GetToken ( - NSSCertificate *c, - PRStatus *statusOpt -) +NSSCertificate_GetToken( + NSSCertificate *c, + PRStatus *statusOpt) { return (NSSToken *)NULL; } NSS_IMPLEMENT NSSSlot * -NSSCertificate_GetSlot ( - NSSCertificate *c, - PRStatus *statusOpt -) +NSSCertificate_GetSlot( + NSSCertificate *c, + PRStatus *statusOpt) { return (NSSSlot *)NULL; } NSS_IMPLEMENT NSSModule * -NSSCertificate_GetModule ( - NSSCertificate *c, - PRStatus *statusOpt -) +NSSCertificate_GetModule( + NSSCertificate *c, + PRStatus *statusOpt) { return (NSSModule *)NULL; } NSS_IMPLEMENT NSSItem * -NSSCertificate_Encrypt ( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCertificate_Encrypt( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCertificate_Verify ( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSItem *signature, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh -) +NSSCertificate_Verify( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSItem *signature, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSCertificate_VerifyRecover ( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCertificate_VerifyRecover( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCertificate_WrapSymmetricKey ( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSSymmetricKey *keyToWrap, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCertificate_WrapSymmetricKey( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSSymmetricKey *keyToWrap, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCryptoContext * -NSSCertificate_CreateCryptoContext ( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh -) +NSSCertificate_CreateCryptoContext( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSPublicKey * -NSSCertificate_GetPublicKey ( - NSSCertificate *c -) +NSSCertificate_GetPublicKey( + NSSCertificate *c) { #if 0 CK_ATTRIBUTE pubktemplate[] = { - { CKA_CLASS, NULL, 0 }, - { CKA_ID, NULL, 0 }, - { CKA_SUBJECT, NULL, 0 } + { CKA_CLASS, NULL, 0 }, + { CKA_ID, NULL, 0 }, + { CKA_SUBJECT, NULL, 0 } }; PRStatus nssrv; CK_ULONG count = sizeof(pubktemplate) / sizeof(pubktemplate[0]); NSS_CK_SET_ATTRIBUTE_ITEM(pubktemplate, 0, &g_ck_class_pubkey); if (c->id.size > 0) { - /* CKA_ID */ - NSS_CK_ITEM_TO_ATTRIBUTE(&c->id, &pubktemplate[1]); + /* CKA_ID */ + NSS_CK_ITEM_TO_ATTRIBUTE(&c->id, &pubktemplate[1]); } else { - /* failure, yes? */ - return (NSSPublicKey *)NULL; + /* failure, yes? */ + return (NSSPublicKey *)NULL; } if (c->subject.size > 0) { - /* CKA_SUBJECT */ - NSS_CK_ITEM_TO_ATTRIBUTE(&c->subject, &pubktemplate[2]); + /* CKA_SUBJECT */ + NSS_CK_ITEM_TO_ATTRIBUTE(&c->subject, &pubktemplate[2]); } else { - /* failure, yes? */ - return (NSSPublicKey *)NULL; + /* failure, yes? */ + return (NSSPublicKey *)NULL; } /* Try the cert's token first */ if (c->token) { - nssrv = nssToken_FindObjectByTemplate(c->token, pubktemplate, count); + nssrv = nssToken_FindObjectByTemplate(c->token, pubktemplate, count); } #endif /* Try all other key tokens */ @@ -699,33 +658,31 @@ NSSCertificate_GetPublicKey ( } NSS_IMPLEMENT NSSPrivateKey * -NSSCertificate_FindPrivateKey ( - NSSCertificate *c, - NSSCallback *uhh -) +NSSCertificate_FindPrivateKey( + NSSCertificate *c, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRBool -NSSCertificate_IsPrivateKeyAvailable ( - NSSCertificate *c, - NSSCallback *uhh, - PRStatus *statusOpt -) +NSSCertificate_IsPrivateKeyAvailable( + NSSCertificate *c, + NSSCallback *uhh, + PRStatus *statusOpt) { PRBool isUser = PR_FALSE; nssCryptokiObject **ip; nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); if (!instances) { - return PR_FALSE; + return PR_FALSE; } for (ip = instances; *ip; ip++) { - nssCryptokiObject *instance = *ip; - if (nssToken_IsPrivateKeyAvailable(instance->token, c, instance)) { - isUser = PR_TRUE; - } + nssCryptokiObject *instance = *ip; + if (nssToken_IsPrivateKeyAvailable(instance->token, c, instance)) { + isUser = PR_TRUE; + } } nssCryptokiObjectArray_Destroy(instances); return isUser; @@ -733,123 +690,115 @@ NSSCertificate_IsPrivateKeyAvailable ( /* sort the subject cert list from newest to oldest */ PRIntn -nssCertificate_SubjectListSort ( - void *v1, - void *v2 -) +nssCertificate_SubjectListSort( + void *v1, + void *v2) { NSSCertificate *c1 = (NSSCertificate *)v1; NSSCertificate *c2 = (NSSCertificate *)v2; nssDecodedCert *dc1 = nssCertificate_GetDecoding(c1); nssDecodedCert *dc2 = nssCertificate_GetDecoding(c2); if (!dc1) { - return dc2 ? 1 : 0; + return dc2 ? 1 : 0; } else if (!dc2) { - return -1; + return -1; } else { - return dc1->isNewerThan(dc1, dc2) ? -1 : 1; + return dc1->isNewerThan(dc1, dc2) ? -1 : 1; } } NSS_IMPLEMENT PRBool -NSSUserCertificate_IsStillPresent ( - NSSUserCertificate *uc, - PRStatus *statusOpt -) +NSSUserCertificate_IsStillPresent( + NSSUserCertificate *uc, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FALSE; } NSS_IMPLEMENT NSSItem * -NSSUserCertificate_Decrypt ( - NSSUserCertificate *uc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSUserCertificate_Decrypt( + NSSUserCertificate *uc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSUserCertificate_Sign ( - NSSUserCertificate *uc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSUserCertificate_Sign( + NSSUserCertificate *uc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSUserCertificate_SignRecover ( - NSSUserCertificate *uc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSUserCertificate_SignRecover( + NSSUserCertificate *uc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSUserCertificate_UnwrapSymmetricKey ( - NSSUserCertificate *uc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSUserCertificate_UnwrapSymmetricKey( + NSSUserCertificate *uc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSUserCertificate_DeriveSymmetricKey ( - NSSUserCertificate *uc, /* provides private key */ - NSSCertificate *c, /* provides public key */ - NSSAlgorithmAndParameters *apOpt, - NSSOID *target, - PRUint32 keySizeOpt, /* zero for best allowed */ - NSSOperations operations, - NSSCallback *uhh -) +NSSUserCertificate_DeriveSymmetricKey( + NSSUserCertificate *uc, /* provides private key */ + NSSCertificate *c, /* provides public key */ + NSSAlgorithmAndParameters *apOpt, + NSSOID *target, + PRUint32 keySizeOpt, /* zero for best allowed */ + NSSOperations operations, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT nssSMIMEProfile * -nssSMIMEProfile_Create ( - NSSCertificate *cert, - NSSItem *profileTime, - NSSItem *profileData -) +nssSMIMEProfile_Create( + NSSCertificate *cert, + NSSItem *profileTime, + NSSItem *profileData) { NSSArena *arena; nssSMIMEProfile *rvProfile; @@ -858,40 +807,41 @@ nssSMIMEProfile_Create ( NSSCryptoContext *cc = nssCertificate_GetCryptoContext(cert); arena = nssArena_Create(); if (!arena) { - return NULL; + return NULL; } object = nssPKIObject_Create(arena, NULL, td, cc, nssPKILock); if (!object) { - goto loser; + goto loser; } rvProfile = nss_ZNEW(arena, nssSMIMEProfile); if (!rvProfile) { - goto loser; + goto loser; } rvProfile->object = *object; rvProfile->certificate = cert; rvProfile->email = nssUTF8_Duplicate(cert->email, arena); rvProfile->subject = nssItem_Duplicate(&cert->subject, arena, NULL); if (profileTime) { - rvProfile->profileTime = nssItem_Duplicate(profileTime, arena, NULL); + rvProfile->profileTime = nssItem_Duplicate(profileTime, arena, NULL); } if (profileData) { - rvProfile->profileData = nssItem_Duplicate(profileData, arena, NULL); + rvProfile->profileData = nssItem_Duplicate(profileData, arena, NULL); } return rvProfile; loser: - if (object) nssPKIObject_Destroy(object); - else if (arena) nssArena_Destroy(arena); + if (object) + nssPKIObject_Destroy(object); + else if (arena) + nssArena_Destroy(arena); return (nssSMIMEProfile *)NULL; } /* execute a callback function on all members of a cert list */ NSS_EXTERN PRStatus -nssCertificateList_DoCallback ( - nssList *certList, - PRStatus (* callback)(NSSCertificate *c, void *arg), - void *arg -) +nssCertificateList_DoCallback( + nssList *certList, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg) { nssListIterator *certs; NSSCertificate *cert; @@ -899,74 +849,71 @@ nssCertificateList_DoCallback ( if (!certs) { return PR_FAILURE; } - for (cert = (NSSCertificate *)nssListIterator_Start(certs); + for (cert = (NSSCertificate *)nssListIterator_Start(certs); cert != (NSSCertificate *)NULL; - cert = (NSSCertificate *)nssListIterator_Next(certs)) - { - (void)(*callback)(cert, arg); + cert = (NSSCertificate *)nssListIterator_Next(certs)) { + (void)(*callback)(cert, arg); } nssListIterator_Finish(certs); nssListIterator_Destroy(certs); return PR_SUCCESS; } -static PRStatus add_ref_callback(NSSCertificate *c, void *a) +static PRStatus +add_ref_callback(NSSCertificate *c, void *a) { nssCertificate_AddRef(c); return PR_SUCCESS; } NSS_IMPLEMENT void -nssCertificateList_AddReferences ( - nssList *certList -) +nssCertificateList_AddReferences( + nssList *certList) { (void)nssCertificateList_DoCallback(certList, add_ref_callback, NULL); } - /* - * Is this trust record safe to apply to all certs of the same issuer/SN - * independent of the cert matching the hash. This is only true is the trust - * is unknown or distrusted. In general this feature is only useful to - * explicitly distrusting certs. It is not safe to use to trust certs, so + * Is this trust record safe to apply to all certs of the same issuer/SN + * independent of the cert matching the hash. This is only true is the trust + * is unknown or distrusted. In general this feature is only useful to + * explicitly distrusting certs. It is not safe to use to trust certs, so * only allow unknown and untrusted trust types. */ PRBool -nssTrust_IsSafeToIgnoreCertHash(nssTrustLevel serverAuth, - nssTrustLevel clientAuth, nssTrustLevel codeSigning, - nssTrustLevel email, PRBool stepup) +nssTrust_IsSafeToIgnoreCertHash(nssTrustLevel serverAuth, + nssTrustLevel clientAuth, nssTrustLevel codeSigning, + nssTrustLevel email, PRBool stepup) { /* step up is a trust type, if it's on, we must have a hash for the cert */ if (stepup) { - return PR_FALSE; + return PR_FALSE; } - if ((serverAuth != nssTrustLevel_Unknown) && - (serverAuth != nssTrustLevel_NotTrusted)) { - return PR_FALSE; + if ((serverAuth != nssTrustLevel_Unknown) && + (serverAuth != nssTrustLevel_NotTrusted)) { + return PR_FALSE; } - if ((clientAuth != nssTrustLevel_Unknown) && - (clientAuth != nssTrustLevel_NotTrusted)) { - return PR_FALSE; + if ((clientAuth != nssTrustLevel_Unknown) && + (clientAuth != nssTrustLevel_NotTrusted)) { + return PR_FALSE; } - if ((codeSigning != nssTrustLevel_Unknown) && - (codeSigning != nssTrustLevel_NotTrusted)) { - return PR_FALSE; + if ((codeSigning != nssTrustLevel_Unknown) && + (codeSigning != nssTrustLevel_NotTrusted)) { + return PR_FALSE; } - if ((email != nssTrustLevel_Unknown) && - (email != nssTrustLevel_NotTrusted)) { - return PR_FALSE; + if ((email != nssTrustLevel_Unknown) && + (email != nssTrustLevel_NotTrusted)) { + return PR_FALSE; } - /* record only has Unknown and Untrusted entries, ok to accept without a + /* record only has Unknown and Untrusted entries, ok to accept without a * hash */ return PR_TRUE; } NSS_IMPLEMENT NSSTrust * -nssTrust_Create ( - nssPKIObject *object, - NSSItem *certData -) +nssTrust_Create( + nssPKIObject *object, + NSSItem *certData) { PRStatus status; PRUint32 i; @@ -980,128 +927,115 @@ nssTrust_Create ( SECStatus rv; /* Should be stan flavor */ PRBool stepUp; - lastTrustOrder = 1<<16; /* just make it big */ + lastTrustOrder = 1 << 16; /* just make it big */ PR_ASSERT(object->instances != NULL && object->numInstances > 0); rvt = nss_ZNEW(object->arena, NSSTrust); if (!rvt) { - return (NSSTrust *)NULL; + return (NSSTrust *)NULL; } rvt->object = *object; /* should be stan flavor of Hashbuf */ - rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size); + rv = PK11_HashBuf(SEC_OID_SHA1, sha1_hashcmp, certData->data, certData->size); if (rv != SECSuccess) { - return (NSSTrust *)NULL; + return (NSSTrust *)NULL; } sha1_hash.data = sha1_hashin; - sha1_hash.size = sizeof (sha1_hashin); + sha1_hash.size = sizeof(sha1_hashin); /* trust has to peek into the base object members */ nssPKIObject_Lock(object); - for (i=0; i<object->numInstances; i++) { - instance = object->instances[i]; - myTrustOrder = nssToken_GetTrustOrder(instance->token); - status = nssCryptokiTrust_GetAttributes(instance, NULL, - &sha1_hash, - &serverAuth, - &clientAuth, - &codeSigning, - &emailProtection, - &stepUp); - if (status != PR_SUCCESS) { - nssPKIObject_Unlock(object); - return (NSSTrust *)NULL; - } - /* if no hash is specified, then trust applies to all certs with - * this issuer/SN. NOTE: This is only true for entries that - * have distrust and unknown record */ - if (!( - /* we continue if there is no hash, and the trust type is - * safe to accept without a hash ... or ... */ - ((sha1_hash.size == 0) && - nssTrust_IsSafeToIgnoreCertHash(serverAuth,clientAuth, - codeSigning, emailProtection,stepUp)) - || - /* we have a hash of the correct size, and it matches */ - ((sha1_hash.size == SHA1_LENGTH) && (PORT_Memcmp(sha1_hashin, - sha1_hashcmp,SHA1_LENGTH) == 0)) )) { - nssPKIObject_Unlock(object); - return (NSSTrust *)NULL; - } - if (rvt->serverAuth == nssTrustLevel_Unknown || - myTrustOrder < lastTrustOrder) - { - rvt->serverAuth = serverAuth; - } - if (rvt->clientAuth == nssTrustLevel_Unknown || - myTrustOrder < lastTrustOrder) - { - rvt->clientAuth = clientAuth; - } - if (rvt->emailProtection == nssTrustLevel_Unknown || - myTrustOrder < lastTrustOrder) - { - rvt->emailProtection = emailProtection; - } - if (rvt->codeSigning == nssTrustLevel_Unknown || - myTrustOrder < lastTrustOrder) - { - rvt->codeSigning = codeSigning; - } - rvt->stepUpApproved = stepUp; - lastTrustOrder = myTrustOrder; + for (i = 0; i < object->numInstances; i++) { + instance = object->instances[i]; + myTrustOrder = nssToken_GetTrustOrder(instance->token); + status = nssCryptokiTrust_GetAttributes(instance, NULL, + &sha1_hash, + &serverAuth, + &clientAuth, + &codeSigning, + &emailProtection, + &stepUp); + if (status != PR_SUCCESS) { + nssPKIObject_Unlock(object); + return (NSSTrust *)NULL; + } + /* if no hash is specified, then trust applies to all certs with + * this issuer/SN. NOTE: This is only true for entries that + * have distrust and unknown record */ + if (!( + /* we continue if there is no hash, and the trust type is + * safe to accept without a hash ... or ... */ + ((sha1_hash.size == 0) && + nssTrust_IsSafeToIgnoreCertHash(serverAuth, clientAuth, + codeSigning, emailProtection, + stepUp)) || + /* we have a hash of the correct size, and it matches */ + ((sha1_hash.size == SHA1_LENGTH) && (PORT_Memcmp(sha1_hashin, + sha1_hashcmp, + SHA1_LENGTH) == 0)))) { + nssPKIObject_Unlock(object); + return (NSSTrust *)NULL; + } + if (rvt->serverAuth == nssTrustLevel_Unknown || + myTrustOrder < lastTrustOrder) { + rvt->serverAuth = serverAuth; + } + if (rvt->clientAuth == nssTrustLevel_Unknown || + myTrustOrder < lastTrustOrder) { + rvt->clientAuth = clientAuth; + } + if (rvt->emailProtection == nssTrustLevel_Unknown || + myTrustOrder < lastTrustOrder) { + rvt->emailProtection = emailProtection; + } + if (rvt->codeSigning == nssTrustLevel_Unknown || + myTrustOrder < lastTrustOrder) { + rvt->codeSigning = codeSigning; + } + rvt->stepUpApproved = stepUp; + lastTrustOrder = myTrustOrder; } nssPKIObject_Unlock(object); return rvt; } NSS_IMPLEMENT NSSTrust * -nssTrust_AddRef ( - NSSTrust *trust -) +nssTrust_AddRef(NSSTrust *trust) { if (trust) { - nssPKIObject_AddRef(&trust->object); + nssPKIObject_AddRef(&trust->object); } return trust; } NSS_IMPLEMENT PRStatus -nssTrust_Destroy ( - NSSTrust *trust -) +nssTrust_Destroy(NSSTrust *trust) { if (trust) { - (void)nssPKIObject_Destroy(&trust->object); + (void)nssPKIObject_Destroy(&trust->object); } return PR_SUCCESS; } NSS_IMPLEMENT nssSMIMEProfile * -nssSMIMEProfile_AddRef ( - nssSMIMEProfile *profile -) +nssSMIMEProfile_AddRef(nssSMIMEProfile *profile) { if (profile) { - nssPKIObject_AddRef(&profile->object); + nssPKIObject_AddRef(&profile->object); } return profile; } NSS_IMPLEMENT PRStatus -nssSMIMEProfile_Destroy ( - nssSMIMEProfile *profile -) +nssSMIMEProfile_Destroy(nssSMIMEProfile *profile) { if (profile) { - (void)nssPKIObject_Destroy(&profile->object); + (void)nssPKIObject_Destroy(&profile->object); } return PR_SUCCESS; } NSS_IMPLEMENT NSSCRL * -nssCRL_Create ( - nssPKIObject *object -) +nssCRL_Create(nssPKIObject *object) { PRStatus status; NSSCRL *rvCRL; @@ -1109,12 +1043,12 @@ nssCRL_Create ( PR_ASSERT(object->instances != NULL && object->numInstances > 0); rvCRL = nss_ZNEW(arena, NSSCRL); if (!rvCRL) { - return (NSSCRL *)NULL; + return (NSSCRL *)NULL; } rvCRL->object = *object; /* XXX should choose instance based on some criteria */ status = nssCryptokiCRL_GetAttributes(object->instances[0], - NULL, /* XXX sessionOpt */ + NULL, /* XXX sessionOpt */ arena, &rvCRL->encoding, NULL, /* subject */ @@ -1122,50 +1056,46 @@ nssCRL_Create ( &rvCRL->url, &rvCRL->isKRL); if (status != PR_SUCCESS) { - return (NSSCRL *)NULL; + if (!arena) { + nssPKIObject_Destroy((nssPKIObject *)rvCRL); + } + return (NSSCRL *)NULL; } return rvCRL; } NSS_IMPLEMENT NSSCRL * -nssCRL_AddRef ( - NSSCRL *crl -) +nssCRL_AddRef(NSSCRL *crl) { if (crl) { - nssPKIObject_AddRef(&crl->object); + nssPKIObject_AddRef(&crl->object); } return crl; } NSS_IMPLEMENT PRStatus -nssCRL_Destroy ( - NSSCRL *crl -) +nssCRL_Destroy(NSSCRL *crl) { if (crl) { - (void)nssPKIObject_Destroy(&crl->object); + (void)nssPKIObject_Destroy(&crl->object); } return PR_SUCCESS; } NSS_IMPLEMENT PRStatus -nssCRL_DeleteStoredObject ( - NSSCRL *crl, - NSSCallback *uhh -) +nssCRL_DeleteStoredObject( + NSSCRL *crl, + NSSCallback *uhh) { return nssPKIObject_DeleteStoredObject(&crl->object, uhh, PR_TRUE); } NSS_IMPLEMENT NSSDER * -nssCRL_GetEncoding ( - NSSCRL *crl -) +nssCRL_GetEncoding(NSSCRL *crl) { if (crl && crl->encoding.data != NULL && crl->encoding.size > 0) { - return &crl->encoding; + return &crl->encoding; } else { - return (NSSDER *)NULL; + return (NSSDER *)NULL; } } diff --git a/nss/lib/pki/cryptocontext.c b/nss/lib/pki/cryptocontext.c index 28d4e7b..074eb74 100644 --- a/nss/lib/pki/cryptocontext.c +++ b/nss/lib/pki/cryptocontext.c @@ -18,221 +18,206 @@ extern const NSSError NSS_ERROR_NOT_FOUND; extern const NSSError NSS_ERROR_INVALID_ARGUMENT; NSS_IMPLEMENT NSSCryptoContext * -nssCryptoContext_Create ( - NSSTrustDomain *td, - NSSCallback *uhhOpt -) +nssCryptoContext_Create( + NSSTrustDomain *td, + NSSCallback *uhhOpt) { NSSArena *arena; NSSCryptoContext *rvCC; arena = NSSArena_Create(); if (!arena) { - return NULL; + return NULL; } rvCC = nss_ZNEW(arena, NSSCryptoContext); if (!rvCC) { - return NULL; + return NULL; } rvCC->td = td; rvCC->arena = arena; rvCC->certStore = nssCertificateStore_Create(rvCC->arena); if (!rvCC->certStore) { - nssArena_Destroy(arena); - return NULL; + nssArena_Destroy(arena); + return NULL; } return rvCC; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_Destroy ( - NSSCryptoContext *cc -) +NSSCryptoContext_Destroy(NSSCryptoContext *cc) { PRStatus status = PR_SUCCESS; PORT_Assert(cc->certStore); if (cc->certStore) { - status = nssCertificateStore_Destroy(cc->certStore); - if (status == PR_FAILURE) { - return status; - } + status = nssCertificateStore_Destroy(cc->certStore); + if (status == PR_FAILURE) { + return status; + } } else { - status = PR_FAILURE; + status = PR_FAILURE; } nssArena_Destroy(cc->arena); return status; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_SetDefaultCallback ( - NSSCryptoContext *td, - NSSCallback *newCallback, - NSSCallback **oldCallbackOpt -) +NSSCryptoContext_SetDefaultCallback( + NSSCryptoContext *td, + NSSCallback *newCallback, + NSSCallback **oldCallbackOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSCallback * -NSSCryptoContext_GetDefaultCallback ( - NSSCryptoContext *td, - PRStatus *statusOpt -) +NSSCryptoContext_GetDefaultCallback( + NSSCryptoContext *td, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSTrustDomain * -NSSCryptoContext_GetTrustDomain ( - NSSCryptoContext *td -) +NSSCryptoContext_GetTrustDomain(NSSCryptoContext *td) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } - NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindOrImportCertificate ( - NSSCryptoContext *cc, - NSSCertificate *c -) +NSSCryptoContext_FindOrImportCertificate( + NSSCryptoContext *cc, + NSSCertificate *c) { NSSCertificate *rvCert = NULL; PORT_Assert(cc->certStore); if (!cc->certStore) { - nss_SetError(NSS_ERROR_INVALID_ARGUMENT); - return rvCert; + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return rvCert; } rvCert = nssCertificateStore_FindOrAdd(cc->certStore, c); if (rvCert == c && c->object.cryptoContext != cc) { - PORT_Assert(!c->object.cryptoContext); - c->object.cryptoContext = cc; - } + PORT_Assert(!c->object.cryptoContext); + c->object.cryptoContext = cc; + } if (rvCert) { - /* an NSSCertificate cannot be part of two crypto contexts - ** simultaneously. If this assertion fails, then there is - ** a serious Stan design flaw. - */ - PORT_Assert(cc == c->object.cryptoContext); + /* an NSSCertificate cannot be part of two crypto contexts + ** simultaneously. If this assertion fails, then there is + ** a serious Stan design flaw. + */ + PORT_Assert(cc == c->object.cryptoContext); } return rvCert; } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_ImportPKIXCertificate ( - NSSCryptoContext *cc, - struct NSSPKIXCertificateStr *pc -) +NSSCryptoContext_ImportPKIXCertificate( + NSSCryptoContext *cc, + struct NSSPKIXCertificateStr *pc) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_ImportEncodedCertificate ( - NSSCryptoContext *cc, - NSSBER *ber -) +NSSCryptoContext_ImportEncodedCertificate( + NSSCryptoContext *cc, + NSSBER *ber) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_ImportEncodedPKIXCertificateChain ( - NSSCryptoContext *cc, - NSSBER *ber -) +NSSCryptoContext_ImportEncodedPKIXCertificateChain( + NSSCryptoContext *cc, + NSSBER *ber) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -nssCryptoContext_ImportTrust ( - NSSCryptoContext *cc, - NSSTrust *trust -) +nssCryptoContext_ImportTrust( + NSSCryptoContext *cc, + NSSTrust *trust) { PRStatus nssrv; PORT_Assert(cc->certStore); if (!cc->certStore) { - return PR_FAILURE; + return PR_FAILURE; } nssrv = nssCertificateStore_AddTrust(cc->certStore, trust); #if 0 if (nssrv == PR_SUCCESS) { - trust->object.cryptoContext = cc; + trust->object.cryptoContext = cc; } #endif return nssrv; } NSS_IMPLEMENT PRStatus -nssCryptoContext_ImportSMIMEProfile ( - NSSCryptoContext *cc, - nssSMIMEProfile *profile -) +nssCryptoContext_ImportSMIMEProfile( + NSSCryptoContext *cc, + nssSMIMEProfile *profile) { PRStatus nssrv; PORT_Assert(cc->certStore); if (!cc->certStore) { - return PR_FAILURE; + return PR_FAILURE; } nssrv = nssCertificateStore_AddSMIMEProfile(cc->certStore, profile); #if 0 if (nssrv == PR_SUCCESS) { - profile->object.cryptoContext = cc; + profile->object.cryptoContext = cc; } #endif return nssrv; } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindBestCertificateByNickname ( - NSSCryptoContext *cc, - const NSSUTF8 *name, - NSSTime *timeOpt, /* NULL for "now" */ - NSSUsage *usage, - NSSPolicies *policiesOpt /* NULL for none */ -) +NSSCryptoContext_FindBestCertificateByNickname( + NSSCryptoContext *cc, + const NSSUTF8 *name, + NSSTime *timeOpt, /* NULL for "now" */ + NSSUsage *usage, + NSSPolicies *policiesOpt /* NULL for none */ + ) { NSSCertificate **certs; NSSCertificate *rvCert = NULL; PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } certs = nssCertificateStore_FindCertificatesByNickname(cc->certStore, name, NULL, 0, NULL); if (certs) { - rvCert = nssCertificateArray_FindBestCertificate(certs, - timeOpt, - usage, - policiesOpt); - nssCertificateArray_Destroy(certs); + rvCert = nssCertificateArray_FindBestCertificate(certs, + timeOpt, + usage, + policiesOpt); + nssCertificateArray_Destroy(certs); } return rvCert; } NSS_IMPLEMENT NSSCertificate ** -NSSCryptoContext_FindCertificatesByNickname ( - NSSCryptoContext *cc, - NSSUTF8 *name, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSCryptoContext_FindCertificatesByNickname( + NSSCryptoContext *cc, + NSSUTF8 *name, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { NSSCertificate **rvCerts; PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } rvCerts = nssCertificateStore_FindCertificatesByNickname(cc->certStore, name, @@ -243,63 +228,60 @@ NSSCryptoContext_FindCertificatesByNickname ( } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindCertificateByIssuerAndSerialNumber ( - NSSCryptoContext *cc, - NSSDER *issuer, - NSSDER *serialNumber -) +NSSCryptoContext_FindCertificateByIssuerAndSerialNumber( + NSSCryptoContext *cc, + NSSDER *issuer, + NSSDER *serialNumber) { PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } return nssCertificateStore_FindCertificateByIssuerAndSerialNumber( - cc->certStore, - issuer, - serialNumber); + cc->certStore, + issuer, + serialNumber); } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindBestCertificateBySubject ( - NSSCryptoContext *cc, - NSSDER *subject, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSCryptoContext_FindBestCertificateBySubject( + NSSCryptoContext *cc, + NSSDER *subject, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { NSSCertificate **certs; NSSCertificate *rvCert = NULL; PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } certs = nssCertificateStore_FindCertificatesBySubject(cc->certStore, subject, NULL, 0, NULL); if (certs) { - rvCert = nssCertificateArray_FindBestCertificate(certs, - timeOpt, - usage, - policiesOpt); - nssCertificateArray_Destroy(certs); + rvCert = nssCertificateArray_FindBestCertificate(certs, + timeOpt, + usage, + policiesOpt); + nssCertificateArray_Destroy(certs); } return rvCert; } NSS_IMPLEMENT NSSCertificate ** -nssCryptoContext_FindCertificatesBySubject ( - NSSCryptoContext *cc, - NSSDER *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +nssCryptoContext_FindCertificatesBySubject( + NSSCryptoContext *cc, + NSSDER *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { NSSCertificate **rvCerts; PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } rvCerts = nssCertificateStore_FindCertificatesBySubject(cc->certStore, subject, @@ -310,13 +292,12 @@ nssCryptoContext_FindCertificatesBySubject ( } NSS_IMPLEMENT NSSCertificate ** -NSSCryptoContext_FindCertificatesBySubject ( - NSSCryptoContext *cc, - NSSDER *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSCryptoContext_FindCertificatesBySubject( + NSSCryptoContext *cc, + NSSDER *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { return nssCryptoContext_FindCertificatesBySubject(cc, subject, rvOpt, maximumOpt, @@ -324,88 +305,83 @@ NSSCryptoContext_FindCertificatesBySubject ( } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindBestCertificateByNameComponents ( - NSSCryptoContext *cc, - NSSUTF8 *nameComponents, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSCryptoContext_FindBestCertificateByNameComponents( + NSSCryptoContext *cc, + NSSUTF8 *nameComponents, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSCryptoContext_FindCertificatesByNameComponents ( - NSSCryptoContext *cc, - NSSUTF8 *nameComponents, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSCryptoContext_FindCertificatesByNameComponents( + NSSCryptoContext *cc, + NSSUTF8 *nameComponents, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindCertificateByEncodedCertificate ( - NSSCryptoContext *cc, - NSSBER *encodedCertificate -) +NSSCryptoContext_FindCertificateByEncodedCertificate( + NSSCryptoContext *cc, + NSSBER *encodedCertificate) { PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } return nssCertificateStore_FindCertificateByEncodedCertificate( - cc->certStore, - encodedCertificate); + cc->certStore, + encodedCertificate); } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindBestCertificateByEmail ( - NSSCryptoContext *cc, - NSSASCII7 *email, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSCryptoContext_FindBestCertificateByEmail( + NSSCryptoContext *cc, + NSSASCII7 *email, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { NSSCertificate **certs; NSSCertificate *rvCert = NULL; PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } certs = nssCertificateStore_FindCertificatesByEmail(cc->certStore, email, NULL, 0, NULL); if (certs) { - rvCert = nssCertificateArray_FindBestCertificate(certs, - timeOpt, - usage, - policiesOpt); - nssCertificateArray_Destroy(certs); + rvCert = nssCertificateArray_FindBestCertificate(certs, + timeOpt, + usage, + policiesOpt); + nssCertificateArray_Destroy(certs); } return rvCert; } NSS_IMPLEMENT NSSCertificate ** -NSSCryptoContext_FindCertificatesByEmail ( - NSSCryptoContext *cc, - NSSASCII7 *email, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSCryptoContext_FindCertificatesByEmail( + NSSCryptoContext *cc, + NSSASCII7 *email, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { NSSCertificate **rvCerts; PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } rvCerts = nssCertificateStore_FindCertificatesByEmail(cc->certStore, email, @@ -416,179 +392,166 @@ NSSCryptoContext_FindCertificatesByEmail ( } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindCertificateByOCSPHash ( - NSSCryptoContext *cc, - NSSItem *hash -) +NSSCryptoContext_FindCertificateByOCSPHash( + NSSCryptoContext *cc, + NSSItem *hash) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindBestUserCertificate ( - NSSCryptoContext *cc, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSCryptoContext_FindBestUserCertificate( + NSSCryptoContext *cc, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSCryptoContext_FindUserCertificates ( - NSSCryptoContext *cc, - NSSTime *timeOpt, - NSSUsage *usageOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -) +NSSCryptoContext_FindUserCertificates( + NSSCryptoContext *cc, + NSSTime *timeOpt, + NSSUsage *usageOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindBestUserCertificateForSSLClientAuth ( - NSSCryptoContext *cc, - NSSUTF8 *sslHostOpt, - NSSDER *rootCAsOpt[], /* null pointer for none */ - PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt -) +NSSCryptoContext_FindBestUserCertificateForSSLClientAuth( + NSSCryptoContext *cc, + NSSUTF8 *sslHostOpt, + NSSDER *rootCAsOpt[], /* null pointer for none */ + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSCryptoContext_FindUserCertificatesForSSLClientAuth ( - NSSCryptoContext *cc, - NSSUTF8 *sslHostOpt, - NSSDER *rootCAsOpt[], /* null pointer for none */ - PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -) +NSSCryptoContext_FindUserCertificatesForSSLClientAuth( + NSSCryptoContext *cc, + NSSUTF8 *sslHostOpt, + NSSDER *rootCAsOpt[], /* null pointer for none */ + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindBestUserCertificateForEmailSigning ( - NSSCryptoContext *cc, - NSSASCII7 *signerOpt, - NSSASCII7 *recipientOpt, - /* anything more here? */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt -) +NSSCryptoContext_FindBestUserCertificateForEmailSigning( + NSSCryptoContext *cc, + NSSASCII7 *signerOpt, + NSSASCII7 *recipientOpt, + /* anything more here? */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSCryptoContext_FindUserCertificatesForEmailSigning ( - NSSCryptoContext *cc, - NSSASCII7 *signerOpt, /* fgmr or a more general name? */ - NSSASCII7 *recipientOpt, - /* anything more here? */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -) +NSSCryptoContext_FindUserCertificatesForEmailSigning( + NSSCryptoContext *cc, + NSSASCII7 *signerOpt, /* fgmr or a more general name? */ + NSSASCII7 *recipientOpt, + /* anything more here? */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSTrust * -nssCryptoContext_FindTrustForCertificate ( - NSSCryptoContext *cc, - NSSCertificate *cert -) +nssCryptoContext_FindTrustForCertificate( + NSSCryptoContext *cc, + NSSCertificate *cert) { PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } return nssCertificateStore_FindTrustForCertificate(cc->certStore, cert); } NSS_IMPLEMENT nssSMIMEProfile * -nssCryptoContext_FindSMIMEProfileForCertificate ( - NSSCryptoContext *cc, - NSSCertificate *cert -) +nssCryptoContext_FindSMIMEProfileForCertificate( + NSSCryptoContext *cc, + NSSCertificate *cert) { PORT_Assert(cc->certStore); if (!cc->certStore) { - return NULL; + return NULL; } - return nssCertificateStore_FindSMIMEProfileForCertificate(cc->certStore, + return nssCertificateStore_FindSMIMEProfileForCertificate(cc->certStore, cert); } NSS_IMPLEMENT PRStatus -NSSCryptoContext_GenerateKeyPair ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *ap, - NSSPrivateKey **pvkOpt, - NSSPublicKey **pbkOpt, - PRBool privateKeyIsSensitive, - NSSToken *destination, - NSSCallback *uhhOpt -) +NSSCryptoContext_GenerateKeyPair( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *ap, + NSSPrivateKey **pvkOpt, + NSSPublicKey **pbkOpt, + PRBool privateKeyIsSensitive, + NSSToken *destination, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSSymmetricKey * -NSSCryptoContext_GenerateSymmetricKey ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *ap, - PRUint32 keysize, - NSSToken *destination, - NSSCallback *uhhOpt -) +NSSCryptoContext_GenerateSymmetricKey( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *ap, + PRUint32 keysize, + NSSToken *destination, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSCryptoContext_GenerateSymmetricKeyFromPassword ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *ap, - NSSUTF8 *passwordOpt, /* if null, prompt */ - NSSToken *destinationOpt, - NSSCallback *uhhOpt -) +NSSCryptoContext_GenerateSymmetricKeyFromPassword( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *ap, + NSSUTF8 *passwordOpt, /* if null, prompt */ + NSSToken *destinationOpt, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID ( - NSSCryptoContext *cc, - NSSOID *algorithm, - NSSItem *keyID, - NSSCallback *uhhOpt -) +NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID( + NSSCryptoContext *cc, + NSSOID *algorithm, + NSSItem *keyID, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; @@ -600,383 +563,349 @@ struct token_session_str { }; NSS_IMPLEMENT NSSItem * -NSSCryptoContext_Decrypt ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *encryptedData, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_Decrypt( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *encryptedData, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_BeginDecrypt ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -) +NSSCryptoContext_BeginDecrypt( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_ContinueDecrypt ( - NSSCryptoContext *cc, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_ContinueDecrypt( + NSSCryptoContext *cc, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_FinishDecrypt ( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_FinishDecrypt( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_Sign ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_Sign( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_BeginSign ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -) +NSSCryptoContext_BeginSign( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_ContinueSign ( - NSSCryptoContext *cc, - NSSItem *data -) +NSSCryptoContext_ContinueSign( + NSSCryptoContext *cc, + NSSItem *data) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_FinishSign ( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_FinishSign( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_SignRecover ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_SignRecover( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_BeginSignRecover ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -) +NSSCryptoContext_BeginSignRecover( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_ContinueSignRecover ( - NSSCryptoContext *cc, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_ContinueSignRecover( + NSSCryptoContext *cc, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_FinishSignRecover ( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_FinishSignRecover( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSCryptoContext_UnwrapSymmetricKey ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSCallback *uhhOpt -) +NSSCryptoContext_UnwrapSymmetricKey( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSCryptoContext_DeriveSymmetricKey ( - NSSCryptoContext *cc, - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSOID *target, - PRUint32 keySizeOpt, /* zero for best allowed */ - NSSOperations operations, - NSSCallback *uhhOpt -) +NSSCryptoContext_DeriveSymmetricKey( + NSSCryptoContext *cc, + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSOID *target, + PRUint32 keySizeOpt, /* zero for best allowed */ + NSSOperations operations, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_Encrypt ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_Encrypt( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_BeginEncrypt ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -) +NSSCryptoContext_BeginEncrypt( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_ContinueEncrypt ( - NSSCryptoContext *cc, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_ContinueEncrypt( + NSSCryptoContext *cc, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_FinishEncrypt ( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_FinishEncrypt( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_Verify ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSItem *signature, - NSSCallback *uhhOpt -) +NSSCryptoContext_Verify( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSItem *signature, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_BeginVerify ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSCallback *uhhOpt -) +NSSCryptoContext_BeginVerify( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_ContinueVerify ( - NSSCryptoContext *cc, - NSSItem *data -) +NSSCryptoContext_ContinueVerify( + NSSCryptoContext *cc, + NSSItem *data) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_FinishVerify ( - NSSCryptoContext *cc -) +NSSCryptoContext_FinishVerify( + NSSCryptoContext *cc) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_VerifyRecover ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_VerifyRecover( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSCryptoContext_BeginVerifyRecover ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -) +NSSCryptoContext_BeginVerifyRecover( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_ContinueVerifyRecover ( - NSSCryptoContext *cc, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_ContinueVerifyRecover( + NSSCryptoContext *cc, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_FinishVerifyRecover ( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_FinishVerifyRecover( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_WrapSymmetricKey ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSSymmetricKey *keyToWrap, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_WrapSymmetricKey( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSSymmetricKey *keyToWrap, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_Digest ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) -{ - return nssToken_Digest(cc->token, cc->session, apOpt, +NSSCryptoContext_Digest( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) +{ + return nssToken_Digest(cc->token, cc->session, apOpt, data, rvOpt, arenaOpt); } NSS_IMPLEMENT PRStatus -NSSCryptoContext_BeginDigest ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -) +NSSCryptoContext_BeginDigest( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt) { return nssToken_BeginDigest(cc->token, cc->session, apOpt); } NSS_IMPLEMENT PRStatus -NSSCryptoContext_ContinueDigest ( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *item -) +NSSCryptoContext_ContinueDigest( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *item) { - /* + /* NSSAlgorithmAndParameters *ap; ap = (apOpt) ? apOpt : cc->ap; */ - /* why apOpt? can't change it at this point... */ + /* why apOpt? can't change it at this point... */ return nssToken_ContinueDigest(cc->token, cc->session, item); } NSS_IMPLEMENT NSSItem * -NSSCryptoContext_FinishDigest ( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSCryptoContext_FinishDigest( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt) { return nssToken_FinishDigest(cc->token, cc->session, rvOpt, arenaOpt); } NSS_IMPLEMENT NSSCryptoContext * -NSSCryptoContext_Clone ( - NSSCryptoContext *cc -) +NSSCryptoContext_Clone(NSSCryptoContext *cc) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } - diff --git a/nss/lib/pki/exports.gyp b/nss/lib/pki/exports.gyp new file mode 100644 index 0000000..a9707ae --- /dev/null +++ b/nss/lib/pki/exports.gyp @@ -0,0 +1,32 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'lib_pki_exports', + 'type': 'none', + 'copies': [ + { + 'files': [ + 'nsspki.h', + 'nsspkit.h', + 'pki.h', + 'pki3hack.h', + 'pkim.h', + 'pkistore.h', + 'pkit.h', + 'pkitm.h' + ], + 'destination': '<(nss_private_dist_dir)/<(module)' + } + ] + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/nss/lib/pki/nsspki.h b/nss/lib/pki/nsspki.h index a2da997..28780c3 100644 --- a/nss/lib/pki/nsspki.h +++ b/nss/lib/pki/nsspki.h @@ -70,7 +70,7 @@ PR_BEGIN_EXTERN_C /* * NSSCertificate * - * These things can do crypto ops like public keys, except that the trust, + * These things can do crypto ops like public keys, except that the trust, * usage, and other constraints are checked. These objects are "high-level," * so trust, usages, etc. are in the form we throw around (client auth, * email signing, etc.). Remember that theoretically another implementation @@ -84,42 +84,36 @@ PR_BEGIN_EXTERN_C */ NSS_EXTERN PRStatus -NSSCertificate_Destroy -( - NSSCertificate *c -); +NSSCertificate_Destroy(NSSCertificate *c); /* * NSSCertificate_DeleteStoredObject * * Permanently remove this certificate from storage. If this is the - * only (remaining) certificate corresponding to a private key, + * only (remaining) certificate corresponding to a private key, * public key, and/or other object; then that object (those objects) * are deleted too. */ NSS_EXTERN PRStatus -NSSCertificate_DeleteStoredObject -( - NSSCertificate *c, - NSSCallback *uhh -); +NSSCertificate_DeleteStoredObject( + NSSCertificate *c, + NSSCallback *uhh); /* * NSSCertificate_Validate * - * Verify that this certificate is trusted, for the specified usage(s), + * Verify that this certificate is trusted, for the specified usage(s), * at the specified time, {word word} the specified policies. */ NSS_EXTERN PRStatus -NSSCertificate_Validate -( - NSSCertificate *c, - NSSTime *timeOpt, /* NULL for "now" */ - NSSUsage *usage, - NSSPolicies *policiesOpt /* NULL for none */ -); +NSSCertificate_Validate( + NSSCertificate *c, + NSSTime *timeOpt, /* NULL for "now" */ + NSSUsage *usage, + NSSPolicies *policiesOpt /* NULL for none */ + ); /* * NSSCertificate_ValidateCompletely @@ -132,23 +126,22 @@ NSSCertificate_Validate * every problem. */ -/* +/* * Return value must be an array of objects, each of which has * an NSSError, and any corresponding certificate (in the chain) * and/or policy. */ NSS_EXTERN void ** /* void *[] */ -NSSCertificate_ValidateCompletely -( - NSSCertificate *c, - NSSTime *timeOpt, /* NULL for "now" */ - NSSUsage *usage, - NSSPolicies *policiesOpt, /* NULL for none */ - void **rvOpt, /* NULL for allocate */ - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt /* NULL for heap */ -); + NSSCertificate_ValidateCompletely( + NSSCertificate *c, + NSSTime *timeOpt, /* NULL for "now" */ + NSSUsage *usage, + NSSPolicies *policiesOpt, /* NULL for none */ + void **rvOpt, /* NULL for allocate */ + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt /* NULL for heap */ + ); /* * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies @@ -157,18 +150,16 @@ NSSCertificate_ValidateCompletely */ NSS_EXTERN PRStatus -NSSCertificate_ValidateAndDiscoverUsagesAndPolicies -( - NSSCertificate *c, - NSSTime **notBeforeOutOpt, - NSSTime **notAfterOutOpt, - void *allowedUsages, - void *disallowedUsages, - void *allowedPolicies, - void *disallowedPolicies, - /* more args.. work on this fgmr */ - NSSArena *arenaOpt -); +NSSCertificate_ValidateAndDiscoverUsagesAndPolicies( + NSSCertificate *c, + NSSTime **notBeforeOutOpt, + NSSTime **notAfterOutOpt, + void *allowedUsages, + void *disallowedUsages, + void *allowedPolicies, + void *disallowedPolicies, + /* more args.. work on this fgmr */ + NSSArena *arenaOpt); /* * NSSCertificate_Encode @@ -176,12 +167,10 @@ NSSCertificate_ValidateAndDiscoverUsagesAndPolicies */ NSS_EXTERN NSSDER * -NSSCertificate_Encode -( - NSSCertificate *c, - NSSDER *rvOpt, - NSSArena *arenaOpt -); +NSSCertificate_Encode( + NSSCertificate *c, + NSSDER *rvOpt, + NSSArena *arenaOpt); /* * NSSCertificate_BuildChain @@ -201,19 +190,17 @@ NSSCertificate_Encode extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND; NSS_EXTERN NSSCertificate ** -NSSCertificate_BuildChain -( - NSSCertificate *c, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt, - PRStatus *statusOpt, - NSSTrustDomain *td, - NSSCryptoContext *cc -); +NSSCertificate_BuildChain( + NSSCertificate *c, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt, + PRStatus *statusOpt, + NSSTrustDomain *td, + NSSCryptoContext *cc); /* * NSSCertificate_GetTrustDomain @@ -221,10 +208,7 @@ NSSCertificate_BuildChain */ NSS_EXTERN NSSTrustDomain * -NSSCertificate_GetTrustDomain -( - NSSCertificate *c -); +NSSCertificate_GetTrustDomain(NSSCertificate *c); /* * NSSCertificate_GetToken @@ -233,11 +217,9 @@ NSSCertificate_GetTrustDomain */ NSS_EXTERN NSSToken * -NSSCertificate_GetToken -( - NSSCertificate *c, - PRStatus *statusOpt -); +NSSCertificate_GetToken( + NSSCertificate *c, + PRStatus *statusOpt); /* * NSSCertificate_GetSlot @@ -246,11 +228,9 @@ NSSCertificate_GetToken */ NSS_EXTERN NSSSlot * -NSSCertificate_GetSlot -( - NSSCertificate *c, - PRStatus *statusOpt -); +NSSCertificate_GetSlot( + NSSCertificate *c, + PRStatus *statusOpt); /* * NSSCertificate_GetModule @@ -259,11 +239,9 @@ NSSCertificate_GetSlot */ NSS_EXTERN NSSModule * -NSSCertificate_GetModule -( - NSSCertificate *c, - PRStatus *statusOpt -); +NSSCertificate_GetModule( + NSSCertificate *c, + PRStatus *statusOpt); /* * NSSCertificate_Encrypt @@ -273,18 +251,16 @@ NSSCertificate_GetModule */ NSS_EXTERN NSSItem * -NSSCertificate_Encrypt -( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCertificate_Encrypt( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCertificate_Verify @@ -292,17 +268,15 @@ NSSCertificate_Encrypt */ NSS_EXTERN PRStatus -NSSCertificate_Verify -( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSItem *signature, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh -); +NSSCertificate_Verify( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSItem *signature, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh); /* * NSSCertificate_VerifyRecover @@ -310,40 +284,36 @@ NSSCertificate_Verify */ NSS_EXTERN NSSItem * -NSSCertificate_VerifyRecover -( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCertificate_VerifyRecover( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCertificate_WrapSymmetricKey * - * This method tries very hard to to succeed, even in situations + * This method tries very hard to to succeed, even in situations * involving sensitive keys and multiple modules. * { relyea: want to add verbiage? } */ NSS_EXTERN NSSItem * -NSSCertificate_WrapSymmetricKey -( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSSymmetricKey *keyToWrap, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCertificate_WrapSymmetricKey( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSSymmetricKey *keyToWrap, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCertificate_CreateCryptoContext @@ -353,15 +323,13 @@ NSSCertificate_WrapSymmetricKey */ NSS_EXTERN NSSCryptoContext * -NSSCertificate_CreateCryptoContext -( - NSSCertificate *c, - NSSAlgorithmAndParameters *apOpt, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh -); +NSSCertificate_CreateCryptoContext( + NSSCertificate *c, + NSSAlgorithmAndParameters *apOpt, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh); /* * NSSCertificate_GetPublicKey @@ -370,10 +338,7 @@ NSSCertificate_CreateCryptoContext */ NSS_EXTERN NSSPublicKey * -NSSCertificate_GetPublicKey -( - NSSCertificate *c -); +NSSCertificate_GetPublicKey(NSSCertificate *c); /* * NSSCertificate_FindPrivateKey @@ -385,11 +350,9 @@ NSSCertificate_GetPublicKey */ NSS_EXTERN NSSPrivateKey * -NSSCertificate_FindPrivateKey -( - NSSCertificate *c, - NSSCallback *uhh -); +NSSCertificate_FindPrivateKey( + NSSCertificate *c, + NSSCallback *uhh); /* * NSSCertificate_IsPrivateKeyAvailable @@ -401,15 +364,13 @@ NSSCertificate_FindPrivateKey */ NSS_EXTERN PRBool -NSSCertificate_IsPrivateKeyAvailable -( - NSSCertificate *c, - NSSCallback *uhh, - PRStatus *statusOpt -); +NSSCertificate_IsPrivateKeyAvailable( + NSSCertificate *c, + NSSCallback *uhh, + PRStatus *statusOpt); /* - * If we make NSSUserCertificate not a typedef of NSSCertificate, + * If we make NSSUserCertificate not a typedef of NSSCertificate, * then we'll need implementations of the following: * * NSSUserCertificate_Destroy @@ -438,11 +399,9 @@ NSSCertificate_IsPrivateKeyAvailable */ NSS_EXTERN PRBool -NSSUserCertificate_IsStillPresent -( - NSSUserCertificate *uc, - PRStatus *statusOpt -); +NSSUserCertificate_IsStillPresent( + NSSUserCertificate *uc, + PRStatus *statusOpt); /* * NSSUserCertificate_Decrypt @@ -452,18 +411,16 @@ NSSUserCertificate_IsStillPresent */ NSS_EXTERN NSSItem * -NSSUserCertificate_Decrypt -( - NSSUserCertificate *uc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSUserCertificate_Decrypt( + NSSUserCertificate *uc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSUserCertificate_Sign @@ -471,18 +428,16 @@ NSSUserCertificate_Decrypt */ NSS_EXTERN NSSItem * -NSSUserCertificate_Sign -( - NSSUserCertificate *uc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSUserCertificate_Sign( + NSSUserCertificate *uc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSUserCertificate_SignRecover @@ -490,18 +445,16 @@ NSSUserCertificate_Sign */ NSS_EXTERN NSSItem * -NSSUserCertificate_SignRecover -( - NSSUserCertificate *uc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSUserCertificate_SignRecover( + NSSUserCertificate *uc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSUserCertificate_UnwrapSymmetricKey @@ -509,18 +462,16 @@ NSSUserCertificate_SignRecover */ NSS_EXTERN NSSSymmetricKey * -NSSUserCertificate_UnwrapSymmetricKey -( - NSSUserCertificate *uc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSUserCertificate_UnwrapSymmetricKey( + NSSUserCertificate *uc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSUserCertificate_DeriveSymmetricKey @@ -528,16 +479,14 @@ NSSUserCertificate_UnwrapSymmetricKey */ NSS_EXTERN NSSSymmetricKey * -NSSUserCertificate_DeriveSymmetricKey -( - NSSUserCertificate *uc, /* provides private key */ - NSSCertificate *c, /* provides public key */ - NSSAlgorithmAndParameters *apOpt, - NSSOID *target, - PRUint32 keySizeOpt, /* zero for best allowed */ - NSSOperations operations, - NSSCallback *uhh -); +NSSUserCertificate_DeriveSymmetricKey( + NSSUserCertificate *uc, /* provides private key */ + NSSCertificate *c, /* provides public key */ + NSSAlgorithmAndParameters *apOpt, + NSSOID *target, + PRUint32 keySizeOpt, /* zero for best allowed */ + NSSOperations operations, + NSSCallback *uhh); /* filter-certs function(s) */ @@ -557,10 +506,7 @@ NSSUserCertificate_DeriveSymmetricKey */ NSS_EXTERN PRStatus -NSSPrivateKey_Destroy -( - NSSPrivateKey *vk -); +NSSPrivateKey_Destroy(NSSPrivateKey *vk); /* * NSSPrivateKey_DeleteStoredObject @@ -570,11 +516,9 @@ NSSPrivateKey_Destroy */ NSS_EXTERN PRStatus -NSSPrivateKey_DeleteStoredObject -( - NSSPrivateKey *vk, - NSSCallback *uhh -); +NSSPrivateKey_DeleteStoredObject( + NSSPrivateKey *vk, + NSSCallback *uhh); /* * NSSPrivateKey_GetSignatureLength @@ -582,10 +526,7 @@ NSSPrivateKey_DeleteStoredObject */ NSS_EXTERN PRUint32 -NSSPrivateKey_GetSignatureLength -( - NSSPrivateKey *vk -); +NSSPrivateKey_GetSignatureLength(NSSPrivateKey *vk); /* * NSSPrivateKey_GetPrivateModulusLength @@ -593,10 +534,7 @@ NSSPrivateKey_GetSignatureLength */ NSS_EXTERN PRUint32 -NSSPrivateKey_GetPrivateModulusLength -( - NSSPrivateKey *vk -); +NSSPrivateKey_GetPrivateModulusLength(NSSPrivateKey *vk); /* * NSSPrivateKey_IsStillPresent @@ -604,11 +542,9 @@ NSSPrivateKey_GetPrivateModulusLength */ NSS_EXTERN PRBool -NSSPrivateKey_IsStillPresent -( - NSSPrivateKey *vk, - PRStatus *statusOpt -); +NSSPrivateKey_IsStillPresent( + NSSPrivateKey *vk, + PRStatus *statusOpt); /* * NSSPrivateKey_Encode @@ -616,15 +552,13 @@ NSSPrivateKey_IsStillPresent */ NSS_EXTERN NSSItem * -NSSPrivateKey_Encode -( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *ap, - NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */ - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSPrivateKey_Encode( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *ap, + NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */ + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSPrivateKey_GetTrustDomain @@ -633,11 +567,9 @@ NSSPrivateKey_Encode */ NSS_EXTERN NSSTrustDomain * -NSSPrivateKey_GetTrustDomain -( - NSSPrivateKey *vk, - PRStatus *statusOpt -); +NSSPrivateKey_GetTrustDomain( + NSSPrivateKey *vk, + PRStatus *statusOpt); /* * NSSPrivateKey_GetToken @@ -645,10 +577,7 @@ NSSPrivateKey_GetTrustDomain */ NSS_EXTERN NSSToken * -NSSPrivateKey_GetToken -( - NSSPrivateKey *vk -); +NSSPrivateKey_GetToken(NSSPrivateKey *vk); /* * NSSPrivateKey_GetSlot @@ -656,10 +585,7 @@ NSSPrivateKey_GetToken */ NSS_EXTERN NSSSlot * -NSSPrivateKey_GetSlot -( - NSSPrivateKey *vk -); +NSSPrivateKey_GetSlot(NSSPrivateKey *vk); /* * NSSPrivateKey_GetModule @@ -667,10 +593,7 @@ NSSPrivateKey_GetSlot */ NSS_EXTERN NSSModule * -NSSPrivateKey_GetModule -( - NSSPrivateKey *vk -); +NSSPrivateKey_GetModule(NSSPrivateKey *vk); /* * NSSPrivateKey_Decrypt @@ -678,15 +601,13 @@ NSSPrivateKey_GetModule */ NSS_EXTERN NSSItem * -NSSPrivateKey_Decrypt -( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *encryptedData, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSPrivateKey_Decrypt( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *encryptedData, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSPrivateKey_Sign @@ -694,15 +615,13 @@ NSSPrivateKey_Decrypt */ NSS_EXTERN NSSItem * -NSSPrivateKey_Sign -( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSPrivateKey_Sign( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSPrivateKey_SignRecover @@ -710,15 +629,13 @@ NSSPrivateKey_Sign */ NSS_EXTERN NSSItem * -NSSPrivateKey_SignRecover -( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSPrivateKey_SignRecover( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSPrivateKey_UnwrapSymmetricKey @@ -726,13 +643,11 @@ NSSPrivateKey_SignRecover */ NSS_EXTERN NSSSymmetricKey * -NSSPrivateKey_UnwrapSymmetricKey -( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSCallback *uhh -); +NSSPrivateKey_UnwrapSymmetricKey( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSCallback *uhh); /* * NSSPrivateKey_DeriveSymmetricKey @@ -740,16 +655,14 @@ NSSPrivateKey_UnwrapSymmetricKey */ NSS_EXTERN NSSSymmetricKey * -NSSPrivateKey_DeriveSymmetricKey -( - NSSPrivateKey *vk, - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSOID *target, - PRUint32 keySizeOpt, /* zero for best allowed */ - NSSOperations operations, - NSSCallback *uhh -); +NSSPrivateKey_DeriveSymmetricKey( + NSSPrivateKey *vk, + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSOID *target, + PRUint32 keySizeOpt, /* zero for best allowed */ + NSSOperations operations, + NSSCallback *uhh); /* * NSSPrivateKey_FindPublicKey @@ -757,11 +670,10 @@ NSSPrivateKey_DeriveSymmetricKey */ NSS_EXTERN NSSPublicKey * -NSSPrivateKey_FindPublicKey -( - NSSPrivateKey *vk - /* { don't need the callback here, right? } */ -); +NSSPrivateKey_FindPublicKey( + NSSPrivateKey *vk + /* { don't need the callback here, right? } */ + ); /* * NSSPrivateKey_CreateCryptoContext @@ -771,12 +683,10 @@ NSSPrivateKey_FindPublicKey */ NSS_EXTERN NSSCryptoContext * -NSSPrivateKey_CreateCryptoContext -( - NSSPrivateKey *vk, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhh -); +NSSPrivateKey_CreateCryptoContext( + NSSPrivateKey *vk, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhh); /* * NSSPrivateKey_FindCertificates @@ -787,13 +697,11 @@ NSSPrivateKey_CreateCryptoContext */ NSS_EXTERN NSSCertificate ** -NSSPrivateKey_FindCertificates -( - NSSPrivateKey *vk, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSPrivateKey_FindCertificates( + NSSPrivateKey *vk, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSPrivateKey_FindBestCertificate @@ -803,13 +711,11 @@ NSSPrivateKey_FindCertificates */ NSS_EXTERN NSSCertificate * -NSSPrivateKey_FindBestCertificate -( - NSSPrivateKey *vk, - NSSTime *timeOpt, - NSSUsage *usageOpt, - NSSPolicies *policiesOpt -); +NSSPrivateKey_FindBestCertificate( + NSSPrivateKey *vk, + NSSTime *timeOpt, + NSSUsage *usageOpt, + NSSPolicies *policiesOpt); /* * NSSPublicKey @@ -827,10 +733,7 @@ NSSPrivateKey_FindBestCertificate */ NSS_EXTERN PRStatus -NSSPublicKey_Destroy -( - NSSPublicKey *bk -); +NSSPublicKey_Destroy(NSSPublicKey *bk); /* * NSSPublicKey_DeleteStoredObject @@ -840,11 +743,9 @@ NSSPublicKey_Destroy */ NSS_EXTERN PRStatus -NSSPublicKey_DeleteStoredObject -( - NSSPublicKey *bk, - NSSCallback *uhh -); +NSSPublicKey_DeleteStoredObject( + NSSPublicKey *bk, + NSSCallback *uhh); /* * NSSPublicKey_Encode @@ -852,14 +753,12 @@ NSSPublicKey_DeleteStoredObject */ NSS_EXTERN NSSItem * -NSSPublicKey_Encode -( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *ap, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSPublicKey_Encode( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *ap, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSPublicKey_GetTrustDomain @@ -868,11 +767,9 @@ NSSPublicKey_Encode */ NSS_EXTERN NSSTrustDomain * -NSSPublicKey_GetTrustDomain -( - NSSPublicKey *bk, - PRStatus *statusOpt -); +NSSPublicKey_GetTrustDomain( + NSSPublicKey *bk, + PRStatus *statusOpt); /* * NSSPublicKey_GetToken @@ -881,11 +778,9 @@ NSSPublicKey_GetTrustDomain */ NSS_EXTERN NSSToken * -NSSPublicKey_GetToken -( - NSSPublicKey *bk, - PRStatus *statusOpt -); +NSSPublicKey_GetToken( + NSSPublicKey *bk, + PRStatus *statusOpt); /* * NSSPublicKey_GetSlot @@ -894,11 +789,9 @@ NSSPublicKey_GetToken */ NSS_EXTERN NSSSlot * -NSSPublicKey_GetSlot -( - NSSPublicKey *bk, - PRStatus *statusOpt -); +NSSPublicKey_GetSlot( + NSSPublicKey *bk, + PRStatus *statusOpt); /* * NSSPublicKey_GetModule @@ -907,11 +800,9 @@ NSSPublicKey_GetSlot */ NSS_EXTERN NSSModule * -NSSPublicKey_GetModule -( - NSSPublicKey *bk, - PRStatus *statusOpt -); +NSSPublicKey_GetModule( + NSSPublicKey *bk, + PRStatus *statusOpt); /* * NSSPublicKey_Encrypt @@ -921,15 +812,13 @@ NSSPublicKey_GetModule */ NSS_EXTERN NSSItem * -NSSPublicKey_Encrypt -( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSPublicKey_Encrypt( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSPublicKey_Verify @@ -937,14 +826,12 @@ NSSPublicKey_Encrypt */ NSS_EXTERN PRStatus -NSSPublicKey_Verify -( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSItem *signature, - NSSCallback *uhh -); +NSSPublicKey_Verify( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSItem *signature, + NSSCallback *uhh); /* * NSSPublicKey_VerifyRecover @@ -952,15 +839,13 @@ NSSPublicKey_Verify */ NSS_EXTERN NSSItem * -NSSPublicKey_VerifyRecover -( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSPublicKey_VerifyRecover( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSPublicKey_WrapSymmetricKey @@ -968,15 +853,13 @@ NSSPublicKey_VerifyRecover */ NSS_EXTERN NSSItem * -NSSPublicKey_WrapSymmetricKey -( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSSymmetricKey *keyToWrap, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSPublicKey_WrapSymmetricKey( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSSymmetricKey *keyToWrap, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSPublicKey_CreateCryptoContext @@ -986,12 +869,10 @@ NSSPublicKey_WrapSymmetricKey */ NSS_EXTERN NSSCryptoContext * -NSSPublicKey_CreateCryptoContext -( - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhh -); +NSSPublicKey_CreateCryptoContext( + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhh); /* * NSSPublicKey_FindCertificates @@ -1005,13 +886,11 @@ NSSPublicKey_CreateCryptoContext */ NSS_EXTERN NSSCertificate ** -NSSPublicKey_FindCertificates -( - NSSPublicKey *bk, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSPublicKey_FindCertificates( + NSSPublicKey *bk, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSPrivateKey_FindBestCertificate @@ -1021,13 +900,11 @@ NSSPublicKey_FindCertificates */ NSS_EXTERN NSSCertificate * -NSSPublicKey_FindBestCertificate -( - NSSPublicKey *bk, - NSSTime *timeOpt, - NSSUsage *usageOpt, - NSSPolicies *policiesOpt -); +NSSPublicKey_FindBestCertificate( + NSSPublicKey *bk, + NSSTime *timeOpt, + NSSUsage *usageOpt, + NSSPolicies *policiesOpt); /* * NSSPublicKey_FindPrivateKey @@ -1035,11 +912,9 @@ NSSPublicKey_FindBestCertificate */ NSS_EXTERN NSSPrivateKey * -NSSPublicKey_FindPrivateKey -( - NSSPublicKey *bk, - NSSCallback *uhh -); +NSSPublicKey_FindPrivateKey( + NSSPublicKey *bk, + NSSCallback *uhh); /* * NSSSymmetricKey @@ -1053,10 +928,7 @@ NSSPublicKey_FindPrivateKey */ NSS_EXTERN PRStatus -NSSSymmetricKey_Destroy -( - NSSSymmetricKey *mk -); +NSSSymmetricKey_Destroy(NSSSymmetricKey *mk); /* * NSSSymmetricKey_DeleteStoredObject @@ -1065,11 +937,9 @@ NSSSymmetricKey_Destroy */ NSS_EXTERN PRStatus -NSSSymmetricKey_DeleteStoredObject -( - NSSSymmetricKey *mk, - NSSCallback *uhh -); +NSSSymmetricKey_DeleteStoredObject( + NSSSymmetricKey *mk, + NSSCallback *uhh); /* * NSSSymmetricKey_GetKeyLength @@ -1077,10 +947,7 @@ NSSSymmetricKey_DeleteStoredObject */ NSS_EXTERN PRUint32 -NSSSymmetricKey_GetKeyLength -( - NSSSymmetricKey *mk -); +NSSSymmetricKey_GetKeyLength(NSSSymmetricKey *mk); /* * NSSSymmetricKey_GetKeyStrength @@ -1088,10 +955,7 @@ NSSSymmetricKey_GetKeyLength */ NSS_EXTERN PRUint32 -NSSSymmetricKey_GetKeyStrength -( - NSSSymmetricKey *mk -); +NSSSymmetricKey_GetKeyStrength(NSSSymmetricKey *mk); /* * NSSSymmetricKey_IsStillPresent @@ -1099,10 +963,7 @@ NSSSymmetricKey_GetKeyStrength */ NSS_EXTERN PRStatus -NSSSymmetricKey_IsStillPresent -( - NSSSymmetricKey *mk -); +NSSSymmetricKey_IsStillPresent(NSSSymmetricKey *mk); /* * NSSSymmetricKey_GetTrustDomain @@ -1111,11 +972,9 @@ NSSSymmetricKey_IsStillPresent */ NSS_EXTERN NSSTrustDomain * -NSSSymmetricKey_GetTrustDomain -( - NSSSymmetricKey *mk, - PRStatus *statusOpt -); +NSSSymmetricKey_GetTrustDomain( + NSSSymmetricKey *mk, + PRStatus *statusOpt); /* * NSSSymmetricKey_GetToken @@ -1124,11 +983,9 @@ NSSSymmetricKey_GetTrustDomain */ NSS_EXTERN NSSToken * -NSSSymmetricKey_GetToken -( - NSSSymmetricKey *mk, - PRStatus *statusOpt -); +NSSSymmetricKey_GetToken( + NSSSymmetricKey *mk, + PRStatus *statusOpt); /* * NSSSymmetricKey_GetSlot @@ -1137,11 +994,9 @@ NSSSymmetricKey_GetToken */ NSS_EXTERN NSSSlot * -NSSSymmetricKey_GetSlot -( - NSSSymmetricKey *mk, - PRStatus *statusOpt -); +NSSSymmetricKey_GetSlot( + NSSSymmetricKey *mk, + PRStatus *statusOpt); /* * NSSSymmetricKey_GetModule @@ -1150,11 +1005,9 @@ NSSSymmetricKey_GetSlot */ NSS_EXTERN NSSModule * -NSSSymmetricKey_GetModule -( - NSSSymmetricKey *mk, - PRStatus *statusOpt -); +NSSSymmetricKey_GetModule( + NSSSymmetricKey *mk, + PRStatus *statusOpt); /* * NSSSymmetricKey_Encrypt @@ -1162,15 +1015,13 @@ NSSSymmetricKey_GetModule */ NSS_EXTERN NSSItem * -NSSSymmetricKey_Encrypt -( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSSymmetricKey_Encrypt( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSSymmetricKey_Decrypt @@ -1178,15 +1029,13 @@ NSSSymmetricKey_Encrypt */ NSS_EXTERN NSSItem * -NSSSymmetricKey_Decrypt -( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *encryptedData, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSSymmetricKey_Decrypt( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *encryptedData, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSSymmetricKey_Sign @@ -1194,15 +1043,13 @@ NSSSymmetricKey_Decrypt */ NSS_EXTERN NSSItem * -NSSSymmetricKey_Sign -( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSSymmetricKey_Sign( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSSymmetricKey_SignRecover @@ -1210,15 +1057,13 @@ NSSSymmetricKey_Sign */ NSS_EXTERN NSSItem * -NSSSymmetricKey_SignRecover -( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSSymmetricKey_SignRecover( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSSymmetricKey_Verify @@ -1226,14 +1071,12 @@ NSSSymmetricKey_SignRecover */ NSS_EXTERN PRStatus -NSSSymmetricKey_Verify -( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSItem *signature, - NSSCallback *uhh -); +NSSSymmetricKey_Verify( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSItem *signature, + NSSCallback *uhh); /* * NSSSymmetricKey_VerifyRecover @@ -1241,15 +1084,13 @@ NSSSymmetricKey_Verify */ NSS_EXTERN NSSItem * -NSSSymmetricKey_VerifyRecover -( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSSymmetricKey_VerifyRecover( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSSymmetricKey_WrapSymmetricKey @@ -1257,15 +1098,13 @@ NSSSymmetricKey_VerifyRecover */ NSS_EXTERN NSSItem * -NSSSymmetricKey_WrapSymmetricKey -( - NSSSymmetricKey *wrappingKey, - NSSAlgorithmAndParameters *apOpt, - NSSSymmetricKey *keyToWrap, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSSymmetricKey_WrapSymmetricKey( + NSSSymmetricKey *wrappingKey, + NSSAlgorithmAndParameters *apOpt, + NSSSymmetricKey *keyToWrap, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSSymmetricKey_WrapPrivateKey @@ -1273,15 +1112,13 @@ NSSSymmetricKey_WrapSymmetricKey */ NSS_EXTERN NSSItem * -NSSSymmetricKey_WrapPrivateKey -( - NSSSymmetricKey *wrappingKey, - NSSAlgorithmAndParameters *apOpt, - NSSPrivateKey *keyToWrap, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSSymmetricKey_WrapPrivateKey( + NSSSymmetricKey *wrappingKey, + NSSAlgorithmAndParameters *apOpt, + NSSPrivateKey *keyToWrap, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSSymmetricKey_UnwrapSymmetricKey @@ -1289,16 +1126,14 @@ NSSSymmetricKey_WrapPrivateKey */ NSS_EXTERN NSSSymmetricKey * -NSSSymmetricKey_UnwrapSymmetricKey -( - NSSSymmetricKey *wrappingKey, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSOID *target, - PRUint32 keySizeOpt, - NSSOperations operations, - NSSCallback *uhh -); +NSSSymmetricKey_UnwrapSymmetricKey( + NSSSymmetricKey *wrappingKey, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSOID *target, + PRUint32 keySizeOpt, + NSSOperations operations, + NSSCallback *uhh); /* * NSSSymmetricKey_UnwrapPrivateKey @@ -1306,18 +1141,16 @@ NSSSymmetricKey_UnwrapSymmetricKey */ NSS_EXTERN NSSPrivateKey * -NSSSymmetricKey_UnwrapPrivateKey -( - NSSSymmetricKey *wrappingKey, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSUTF8 *labelOpt, - NSSItem *keyIDOpt, - PRBool persistant, - PRBool sensitive, - NSSToken *destinationOpt, - NSSCallback *uhh -); +NSSSymmetricKey_UnwrapPrivateKey( + NSSSymmetricKey *wrappingKey, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSUTF8 *labelOpt, + NSSItem *keyIDOpt, + PRBool persistant, + PRBool sensitive, + NSSToken *destinationOpt, + NSSCallback *uhh); /* * NSSSymmetricKey_DeriveSymmetricKey @@ -1325,15 +1158,13 @@ NSSSymmetricKey_UnwrapPrivateKey */ NSS_EXTERN NSSSymmetricKey * -NSSSymmetricKey_DeriveSymmetricKey -( - NSSSymmetricKey *originalKey, - NSSAlgorithmAndParameters *apOpt, - NSSOID *target, - PRUint32 keySizeOpt, - NSSOperations operations, - NSSCallback *uhh -); +NSSSymmetricKey_DeriveSymmetricKey( + NSSSymmetricKey *originalKey, + NSSAlgorithmAndParameters *apOpt, + NSSOID *target, + PRUint32 keySizeOpt, + NSSOperations operations, + NSSCallback *uhh); /* * NSSSymmetricKey_CreateCryptoContext @@ -1343,12 +1174,10 @@ NSSSymmetricKey_DeriveSymmetricKey */ NSS_EXTERN NSSCryptoContext * -NSSSymmetricKey_CreateCryptoContext -( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhh -); +NSSSymmetricKey_CreateCryptoContext( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhh); /* * NSSTrustDomain @@ -1367,7 +1196,7 @@ NSSSymmetricKey_CreateCryptoContext * * The uriOpt is defined to take a URI. At present, we only * support file: URLs pointing to platform-native shared libraries. - * However, by specifying this as a URI, this keeps open the + * However, by specifying this as a URI, this keeps open the * possibility of supporting other, possibly remote, resources. * * The "reserved" arguments is held for when we figure out the @@ -1375,13 +1204,11 @@ NSSSymmetricKey_CreateCryptoContext */ NSS_EXTERN NSSTrustDomain * -NSSTrustDomain_Create -( - NSSUTF8 *moduleOpt, - NSSUTF8 *uriOpt, - NSSUTF8 *opaqueOpt, - void *reserved -); +NSSTrustDomain_Create( + NSSUTF8 *moduleOpt, + NSSUTF8 *uriOpt, + NSSUTF8 *opaqueOpt, + void *reserved); /* * NSSTrustDomain_Destroy @@ -1389,10 +1216,7 @@ NSSTrustDomain_Create */ NSS_EXTERN PRStatus -NSSTrustDomain_Destroy -( - NSSTrustDomain *td -); +NSSTrustDomain_Destroy(NSSTrustDomain *td); /* * NSSTrustDomain_SetDefaultCallback @@ -1400,12 +1224,10 @@ NSSTrustDomain_Destroy */ NSS_EXTERN PRStatus -NSSTrustDomain_SetDefaultCallback -( - NSSTrustDomain *td, - NSSCallback *newCallback, - NSSCallback **oldCallbackOpt -); +NSSTrustDomain_SetDefaultCallback( + NSSTrustDomain *td, + NSSCallback *newCallback, + NSSCallback **oldCallbackOpt); /* * NSSTrustDomain_GetDefaultCallback @@ -1413,11 +1235,9 @@ NSSTrustDomain_SetDefaultCallback */ NSS_EXTERN NSSCallback * -NSSTrustDomain_GetDefaultCallback -( - NSSTrustDomain *td, - PRStatus *statusOpt -); +NSSTrustDomain_GetDefaultCallback( + NSSTrustDomain *td, + PRStatus *statusOpt); /* * Default policies? @@ -1431,14 +1251,12 @@ NSSTrustDomain_GetDefaultCallback */ NSS_EXTERN PRStatus -NSSTrustDomain_LoadModule -( - NSSTrustDomain *td, - NSSUTF8 *moduleOpt, - NSSUTF8 *uriOpt, - NSSUTF8 *opaqueOpt, - void *reserved -); +NSSTrustDomain_LoadModule( + NSSTrustDomain *td, + NSSUTF8 *moduleOpt, + NSSUTF8 *uriOpt, + NSSUTF8 *opaqueOpt, + void *reserved); /* * NSSTrustDomain_AddModule @@ -1455,12 +1273,10 @@ NSSTrustDomain_LoadModule */ NSS_EXTERN PRStatus -NSSTrustDomain_DisableToken -( - NSSTrustDomain *td, - NSSToken *token, - NSSError why -); +NSSTrustDomain_DisableToken( + NSSTrustDomain *td, + NSSToken *token, + NSSError why); /* * NSSTrustDomain_EnableToken @@ -1468,11 +1284,9 @@ NSSTrustDomain_DisableToken */ NSS_EXTERN PRStatus -NSSTrustDomain_EnableToken -( - NSSTrustDomain *td, - NSSToken *token -); +NSSTrustDomain_EnableToken( + NSSTrustDomain *td, + NSSToken *token); /* * NSSTrustDomain_IsTokenEnabled @@ -1482,12 +1296,10 @@ NSSTrustDomain_EnableToken */ NSS_EXTERN PRStatus -NSSTrustDomain_IsTokenEnabled -( - NSSTrustDomain *td, - NSSToken *token, - NSSError *whyOpt -); +NSSTrustDomain_IsTokenEnabled( + NSSTrustDomain *td, + NSSToken *token, + NSSError *whyOpt); /* * NSSTrustDomain_FindSlotByName @@ -1495,11 +1307,9 @@ NSSTrustDomain_IsTokenEnabled */ NSS_EXTERN NSSSlot * -NSSTrustDomain_FindSlotByName -( - NSSTrustDomain *td, - NSSUTF8 *slotName -); +NSSTrustDomain_FindSlotByName( + NSSTrustDomain *td, + NSSUTF8 *slotName); /* * NSSTrustDomain_FindTokenByName @@ -1507,11 +1317,9 @@ NSSTrustDomain_FindSlotByName */ NSS_EXTERN NSSToken * -NSSTrustDomain_FindTokenByName -( - NSSTrustDomain *td, - NSSUTF8 *tokenName -); +NSSTrustDomain_FindTokenByName( + NSSTrustDomain *td, + NSSUTF8 *tokenName); /* * NSSTrustDomain_FindTokenBySlotName @@ -1519,11 +1327,9 @@ NSSTrustDomain_FindTokenByName */ NSS_EXTERN NSSToken * -NSSTrustDomain_FindTokenBySlotName -( - NSSTrustDomain *td, - NSSUTF8 *slotName -); +NSSTrustDomain_FindTokenBySlotName( + NSSTrustDomain *td, + NSSUTF8 *slotName); /* * NSSTrustDomain_FindBestTokenForAlgorithm @@ -1531,11 +1337,9 @@ NSSTrustDomain_FindTokenBySlotName */ NSS_EXTERN NSSToken * -NSSTrustDomain_FindTokenForAlgorithm -( - NSSTrustDomain *td, - NSSOID *algorithm -); +NSSTrustDomain_FindTokenForAlgorithm( + NSSTrustDomain *td, + NSSOID *algorithm); /* * NSSTrustDomain_FindBestTokenForAlgorithms @@ -1543,12 +1347,11 @@ NSSTrustDomain_FindTokenForAlgorithm */ NSS_EXTERN NSSToken * -NSSTrustDomain_FindBestTokenForAlgorithms -( - NSSTrustDomain *td, - NSSOID *algorithms[], /* may be null-terminated */ - PRUint32 nAlgorithmsOpt /* limits the array if nonzero */ -); +NSSTrustDomain_FindBestTokenForAlgorithms( + NSSTrustDomain *td, + NSSOID *algorithms[], /* may be null-terminated */ + PRUint32 nAlgorithmsOpt /* limits the array if nonzero */ + ); /* * NSSTrustDomain_Login @@ -1556,11 +1359,9 @@ NSSTrustDomain_FindBestTokenForAlgorithms */ NSS_EXTERN PRStatus -NSSTrustDomain_Login -( - NSSTrustDomain *td, - NSSCallback *uhhOpt -); +NSSTrustDomain_Login( + NSSTrustDomain *td, + NSSCallback *uhhOpt); /* * NSSTrustDomain_Logout @@ -1568,10 +1369,7 @@ NSSTrustDomain_Login */ NSS_EXTERN PRStatus -NSSTrustDomain_Logout -( - NSSTrustDomain *td -); +NSSTrustDomain_Logout(NSSTrustDomain *td); /* Importing things */ @@ -1583,11 +1381,9 @@ NSSTrustDomain_Logout */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_ImportCertificate -( - NSSTrustDomain *td, - NSSCertificate *c -); +NSSTrustDomain_ImportCertificate( + NSSTrustDomain *td, + NSSCertificate *c); /* * NSSTrustDomain_ImportPKIXCertificate @@ -1595,12 +1391,10 @@ NSSTrustDomain_ImportCertificate */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_ImportPKIXCertificate -( - NSSTrustDomain *td, - /* declared as a struct until these "data types" are defined */ - struct NSSPKIXCertificateStr *pc -); +NSSTrustDomain_ImportPKIXCertificate( + NSSTrustDomain *td, + /* declared as a struct until these "data types" are defined */ + struct NSSPKIXCertificateStr *pc); /* * NSSTrustDomain_ImportEncodedCertificate @@ -1609,11 +1403,9 @@ NSSTrustDomain_ImportPKIXCertificate */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_ImportEncodedCertificate -( - NSSTrustDomain *td, - NSSBER *ber -); +NSSTrustDomain_ImportEncodedCertificate( + NSSTrustDomain *td, + NSSBER *ber); /* * NSSTrustDomain_ImportEncodedCertificateChain @@ -1622,14 +1414,12 @@ NSSTrustDomain_ImportEncodedCertificate */ NSS_EXTERN NSSCertificate ** -NSSTrustDomain_ImportEncodedCertificateChain -( - NSSTrustDomain *td, - NSSBER *ber, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSTrustDomain_ImportEncodedCertificateChain( + NSSTrustDomain *td, + NSSBER *ber, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSTrustDomain_ImportEncodedPrivateKey @@ -1637,14 +1427,12 @@ NSSTrustDomain_ImportEncodedCertificateChain */ NSS_EXTERN NSSPrivateKey * -NSSTrustDomain_ImportEncodedPrivateKey -( - NSSTrustDomain *td, - NSSBER *ber, - NSSItem *passwordOpt, /* NULL will cause a callback */ - NSSCallback *uhhOpt, - NSSToken *destination -); +NSSTrustDomain_ImportEncodedPrivateKey( + NSSTrustDomain *td, + NSSBER *ber, + NSSItem *passwordOpt, /* NULL will cause a callback */ + NSSCallback *uhhOpt, + NSSToken *destination); /* * NSSTrustDomain_ImportEncodedPublicKey @@ -1652,11 +1440,9 @@ NSSTrustDomain_ImportEncodedPrivateKey */ NSS_EXTERN NSSPublicKey * -NSSTrustDomain_ImportEncodedPublicKey -( - NSSTrustDomain *td, - NSSBER *ber -); +NSSTrustDomain_ImportEncodedPublicKey( + NSSTrustDomain *td, + NSSBER *ber); /* Other importations: S/MIME capabilities */ @@ -1666,14 +1452,13 @@ NSSTrustDomain_ImportEncodedPublicKey */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindBestCertificateByNickname -( - NSSTrustDomain *td, - const NSSUTF8 *name, - NSSTime *timeOpt, /* NULL for "now" */ - NSSUsage *usage, - NSSPolicies *policiesOpt /* NULL for none */ -); +NSSTrustDomain_FindBestCertificateByNickname( + NSSTrustDomain *td, + const NSSUTF8 *name, + NSSTime *timeOpt, /* NULL for "now" */ + NSSUsage *usage, + NSSPolicies *policiesOpt /* NULL for none */ + ); /* * NSSTrustDomain_FindCertificatesByNickname @@ -1681,14 +1466,12 @@ NSSTrustDomain_FindBestCertificateByNickname */ NSS_EXTERN NSSCertificate ** -NSSTrustDomain_FindCertificatesByNickname -( - NSSTrustDomain *td, - NSSUTF8 *name, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSTrustDomain_FindCertificatesByNickname( + NSSTrustDomain *td, + NSSUTF8 *name, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber @@ -1696,12 +1479,10 @@ NSSTrustDomain_FindCertificatesByNickname */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindCertificateByIssuerAndSerialNumber -( - NSSTrustDomain *td, - NSSDER *issuer, - NSSDER *serialNumber -); +NSSTrustDomain_FindCertificateByIssuerAndSerialNumber( + NSSTrustDomain *td, + NSSDER *issuer, + NSSDER *serialNumber); /* * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber @@ -1718,14 +1499,12 @@ NSSTrustDomain_FindCertificateByIssuerAndSerialNumber */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindBestCertificateBySubject -( - NSSTrustDomain *td, - NSSDER /*NSSUTF8*/ *subject, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSSTrustDomain_FindBestCertificateBySubject( + NSSTrustDomain *td, + NSSDER /*NSSUTF8*/ *subject, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt); /* * NSSTrustDomain_FindCertificatesBySubject @@ -1734,33 +1513,29 @@ NSSTrustDomain_FindBestCertificateBySubject */ NSS_EXTERN NSSCertificate ** -NSSTrustDomain_FindCertificatesBySubject -( - NSSTrustDomain *td, - NSSDER /*NSSUTF8*/ *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSTrustDomain_FindCertificatesBySubject( + NSSTrustDomain *td, + NSSDER /*NSSUTF8*/ *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSTrustDomain_FindBestCertificateByNameComponents * - * This call does try several tricks, including a pseudo pkcs#11 + * This call does try several tricks, including a pseudo pkcs#11 * attribute for the ldap module to try as a query. Eventually * this call falls back to a traversal if that's what's required. * It will search through alternate names hidden in extensions. */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindBestCertificateByNameComponents -( - NSSTrustDomain *td, - NSSUTF8 *nameComponents, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSSTrustDomain_FindBestCertificateByNameComponents( + NSSTrustDomain *td, + NSSUTF8 *nameComponents, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt); /* * NSSTrustDomain_FindCertificatesByNameComponents @@ -1771,14 +1546,12 @@ NSSTrustDomain_FindBestCertificateByNameComponents */ NSS_EXTERN NSSCertificate ** -NSSTrustDomain_FindCertificatesByNameComponents -( - NSSTrustDomain *td, - NSSUTF8 *nameComponents, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSTrustDomain_FindCertificatesByNameComponents( + NSSTrustDomain *td, + NSSUTF8 *nameComponents, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSTrustDomain_FindCertificateByEncodedCertificate @@ -1786,11 +1559,9 @@ NSSTrustDomain_FindCertificatesByNameComponents */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindCertificateByEncodedCertificate -( - NSSTrustDomain *td, - NSSBER *encodedCertificate -); +NSSTrustDomain_FindCertificateByEncodedCertificate( + NSSTrustDomain *td, + NSSBER *encodedCertificate); /* * NSSTrustDomain_FindBestCertificateByEmail @@ -1798,14 +1569,12 @@ NSSTrustDomain_FindCertificateByEncodedCertificate */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindCertificateByEmail -( - NSSTrustDomain *td, - NSSASCII7 *email, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSSTrustDomain_FindCertificateByEmail( + NSSTrustDomain *td, + NSSASCII7 *email, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt); /* * NSSTrustDomain_FindCertificatesByEmail @@ -1813,14 +1582,12 @@ NSSTrustDomain_FindCertificateByEmail */ NSS_EXTERN NSSCertificate ** -NSSTrustDomain_FindCertificatesByEmail -( - NSSTrustDomain *td, - NSSASCII7 *email, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSTrustDomain_FindCertificatesByEmail( + NSSTrustDomain *td, + NSSASCII7 *email, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSTrustDomain_FindCertificateByOCSPHash @@ -1829,11 +1596,9 @@ NSSTrustDomain_FindCertificatesByEmail */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindCertificateByOCSPHash -( - NSSTrustDomain *td, - NSSItem *hash -); +NSSTrustDomain_FindCertificateByOCSPHash( + NSSTrustDomain *td, + NSSItem *hash); /* * NSSTrustDomain_TraverseCertificates @@ -1847,19 +1612,17 @@ NSSTrustDomain_FindCertificateByOCSPHash * If it's needed, let's look at the situation more closely to * find out what the actual requirements are. */ - + /* For now, adding this function. This may only be for debugging * purposes. * Perhaps some equivalent function, on a specified token, will be * needed in a "friend" header file? */ NSS_EXTERN PRStatus * -NSSTrustDomain_TraverseCertificates -( - NSSTrustDomain *td, - PRStatus (*callback)(NSSCertificate *c, void *arg), - void *arg -); +NSSTrustDomain_TraverseCertificates( + NSSTrustDomain *td, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg); /* * NSSTrustDomain_FindBestUserCertificate @@ -1867,13 +1630,11 @@ NSSTrustDomain_TraverseCertificates */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindBestUserCertificate -( - NSSTrustDomain *td, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSSTrustDomain_FindBestUserCertificate( + NSSTrustDomain *td, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt); /* * NSSTrustDomain_FindUserCertificates @@ -1881,16 +1642,14 @@ NSSTrustDomain_FindBestUserCertificate */ NSS_EXTERN NSSCertificate ** -NSSTrustDomain_FindUserCertificates -( - NSSTrustDomain *td, - NSSTime *timeOpt, - NSSUsage *usageOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -); +NSSTrustDomain_FindUserCertificates( + NSSTrustDomain *td, + NSSTime *timeOpt, + NSSUsage *usageOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt); /* * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth @@ -1898,15 +1657,13 @@ NSSTrustDomain_FindUserCertificates */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindBestUserCertificateForSSLClientAuth -( - NSSTrustDomain *td, - NSSUTF8 *sslHostOpt, - NSSDER *rootCAsOpt[], /* null pointer for none */ - PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt -); +NSSTrustDomain_FindBestUserCertificateForSSLClientAuth( + NSSTrustDomain *td, + NSSUTF8 *sslHostOpt, + NSSDER *rootCAsOpt[], /* null pointer for none */ + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt); /* * NSSTrustDomain_FindUserCertificatesForSSLClientAuth @@ -1914,18 +1671,16 @@ NSSTrustDomain_FindBestUserCertificateForSSLClientAuth */ NSS_EXTERN NSSCertificate ** -NSSTrustDomain_FindUserCertificatesForSSLClientAuth -( - NSSTrustDomain *td, - NSSUTF8 *sslHostOpt, - NSSDER *rootCAsOpt[], /* null pointer for none */ - PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -); +NSSTrustDomain_FindUserCertificatesForSSLClientAuth( + NSSTrustDomain *td, + NSSUTF8 *sslHostOpt, + NSSDER *rootCAsOpt[], /* null pointer for none */ + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt); /* * NSSTrustDomain_FindBestUserCertificateForEmailSigning @@ -1933,15 +1688,13 @@ NSSTrustDomain_FindUserCertificatesForSSLClientAuth */ NSS_EXTERN NSSCertificate * -NSSTrustDomain_FindBestUserCertificateForEmailSigning -( - NSSTrustDomain *td, - NSSASCII7 *signerOpt, - NSSASCII7 *recipientOpt, - /* anything more here? */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt -); +NSSTrustDomain_FindBestUserCertificateForEmailSigning( + NSSTrustDomain *td, + NSSASCII7 *signerOpt, + NSSASCII7 *recipientOpt, + /* anything more here? */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt); /* * NSSTrustDomain_FindUserCertificatesForEmailSigning @@ -1949,18 +1702,16 @@ NSSTrustDomain_FindBestUserCertificateForEmailSigning */ NSS_EXTERN NSSCertificate ** -NSSTrustDomain_FindUserCertificatesForEmailSigning -( - NSSTrustDomain *td, - NSSASCII7 *signerOpt, - NSSASCII7 *recipientOpt, - /* anything more here? */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -); +NSSTrustDomain_FindUserCertificatesForEmailSigning( + NSSTrustDomain *td, + NSSASCII7 *signerOpt, + NSSASCII7 *recipientOpt, + /* anything more here? */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt); /* * Here is where we'd add more Find[Best]UserCertificate[s]For<usage> @@ -1980,21 +1731,19 @@ NSSTrustDomain_FindUserCertificatesForEmailSigning */ NSS_EXTERN PRStatus -NSSTrustDomain_GenerateKeyPair -( - NSSTrustDomain *td, - NSSAlgorithmAndParameters *ap, - NSSPrivateKey **pvkOpt, - NSSPublicKey **pbkOpt, - PRBool privateKeyIsSensitive, - NSSToken *destination, - NSSCallback *uhhOpt -); +NSSTrustDomain_GenerateKeyPair( + NSSTrustDomain *td, + NSSAlgorithmAndParameters *ap, + NSSPrivateKey **pvkOpt, + NSSPublicKey **pbkOpt, + PRBool privateKeyIsSensitive, + NSSToken *destination, + NSSCallback *uhhOpt); /* * NSSTrustDomain_TraversePrivateKeys * - * + * * NSS_EXTERN PRStatus * * NSSTrustDomain_TraversePrivateKeys * ( @@ -2012,14 +1761,12 @@ NSSTrustDomain_GenerateKeyPair */ NSS_EXTERN NSSSymmetricKey * -NSSTrustDomain_GenerateSymmetricKey -( - NSSTrustDomain *td, - NSSAlgorithmAndParameters *ap, - PRUint32 keysize, - NSSToken *destination, - NSSCallback *uhhOpt -); +NSSTrustDomain_GenerateSymmetricKey( + NSSTrustDomain *td, + NSSAlgorithmAndParameters *ap, + PRUint32 keysize, + NSSToken *destination, + NSSCallback *uhhOpt); /* * NSSTrustDomain_GenerateSymmetricKeyFromPassword @@ -2027,20 +1774,18 @@ NSSTrustDomain_GenerateSymmetricKey */ NSS_EXTERN NSSSymmetricKey * -NSSTrustDomain_GenerateSymmetricKeyFromPassword -( - NSSTrustDomain *td, - NSSAlgorithmAndParameters *ap, - NSSUTF8 *passwordOpt, /* if null, prompt */ - NSSToken *destinationOpt, - NSSCallback *uhhOpt -); +NSSTrustDomain_GenerateSymmetricKeyFromPassword( + NSSTrustDomain *td, + NSSAlgorithmAndParameters *ap, + NSSUTF8 *passwordOpt, /* if null, prompt */ + NSSToken *destinationOpt, + NSSCallback *uhhOpt); /* * NSSTrustDomain_FindSymmetricKeyByAlgorithm * * Is this still needed? - * + * * NSS_EXTERN NSSSymmetricKey * * NSSTrustDomain_FindSymmetricKeyByAlgorithm * ( @@ -2056,18 +1801,16 @@ NSSTrustDomain_GenerateSymmetricKeyFromPassword */ NSS_EXTERN NSSSymmetricKey * -NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID -( - NSSTrustDomain *td, - NSSOID *algorithm, - NSSItem *keyID, - NSSCallback *uhhOpt -); +NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID( + NSSTrustDomain *td, + NSSOID *algorithm, + NSSItem *keyID, + NSSCallback *uhhOpt); /* * NSSTrustDomain_TraverseSymmetricKeys * - * + * * NSS_EXTERN PRStatus * * NSSTrustDomain_TraverseSymmetricKeys * ( @@ -2086,11 +1829,9 @@ NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID */ NSS_EXTERN NSSCryptoContext * -NSSTrustDomain_CreateCryptoContext -( - NSSTrustDomain *td, - NSSCallback *uhhOpt -); +NSSTrustDomain_CreateCryptoContext( + NSSTrustDomain *td, + NSSCallback *uhhOpt); /* * NSSTrustDomain_CreateCryptoContextForAlgorithm @@ -2098,11 +1839,9 @@ NSSTrustDomain_CreateCryptoContext */ NSS_EXTERN NSSCryptoContext * -NSSTrustDomain_CreateCryptoContextForAlgorithm -( - NSSTrustDomain *td, - NSSOID *algorithm -); +NSSTrustDomain_CreateCryptoContextForAlgorithm( + NSSTrustDomain *td, + NSSOID *algorithm); /* * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters @@ -2110,11 +1849,9 @@ NSSTrustDomain_CreateCryptoContextForAlgorithm */ NSS_EXTERN NSSCryptoContext * -NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters -( - NSSTrustDomain *td, - NSSAlgorithmAndParameters *ap -); +NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters( + NSSTrustDomain *td, + NSSAlgorithmAndParameters *ap); /* find/traverse other objects, e.g. s/mime profiles */ @@ -2124,15 +1861,15 @@ NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters * A crypto context is sort of a short-term snapshot of a trust domain, * used for the life of "one crypto operation." You can also think of * it as a "temporary database." - * + * * Just about all of the things you can do with a trust domain -- importing * or creating certs, keys, etc. -- can be done with a crypto context. * The difference is that the objects will be temporary ("session") objects. - * + * * Also, if the context was created for a key, cert, and/or algorithm; or * if such objects have been "associated" with the context, then the context * can do everything the keys can, like crypto operations. - * + * * And finally, because it keeps the state of the crypto operations, it * can do streaming crypto ops. */ @@ -2143,10 +1880,7 @@ NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters */ NSS_EXTERN PRStatus -NSSCryptoContext_Destroy -( - NSSCryptoContext *cc -); +NSSCryptoContext_Destroy(NSSCryptoContext *cc); /* establishing a default callback */ @@ -2156,12 +1890,10 @@ NSSCryptoContext_Destroy */ NSS_EXTERN PRStatus -NSSCryptoContext_SetDefaultCallback -( - NSSCryptoContext *cc, - NSSCallback *newCallback, - NSSCallback **oldCallbackOpt -); +NSSCryptoContext_SetDefaultCallback( + NSSCryptoContext *cc, + NSSCallback *newCallback, + NSSCallback **oldCallbackOpt); /* * NSSCryptoContext_GetDefaultCallback @@ -2169,11 +1901,9 @@ NSSCryptoContext_SetDefaultCallback */ NSS_EXTERN NSSCallback * -NSSCryptoContext_GetDefaultCallback -( - NSSCryptoContext *cc, - PRStatus *statusOpt -); +NSSCryptoContext_GetDefaultCallback( + NSSCryptoContext *cc, + PRStatus *statusOpt); /* * NSSCryptoContext_GetTrustDomain @@ -2181,10 +1911,8 @@ NSSCryptoContext_GetDefaultCallback */ NSS_EXTERN NSSTrustDomain * -NSSCryptoContext_GetTrustDomain -( - NSSCryptoContext *cc -); +NSSCryptoContext_GetTrustDomain( + NSSCryptoContext *cc); /* AddModule, etc: should we allow "temporary" changes here? */ /* DisableToken, etc: ditto */ @@ -2197,25 +1925,24 @@ NSSCryptoContext_GetTrustDomain /* * NSSCryptoContext_FindOrImportCertificate * - * If the certificate store already contains this DER cert, return the + * If the certificate store already contains this DER cert, return the * address of the matching NSSCertificate that is already in the store, * and bump its reference count. * * If this DER cert is NOT already in the store, then add the new - * NSSCertificate to the store and bump its reference count, - * then return its address. + * NSSCertificate to the store and bump its reference count, + * then return its address. * - * if this DER cert is not in the store and cannot be added to it, + * if this DER cert is not in the store and cannot be added to it, * return NULL; * * Record the associated crypto context in the certificate. */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindOrImportCertificate ( - NSSCryptoContext *cc, - NSSCertificate *c -); +NSSCryptoContext_FindOrImportCertificate( + NSSCryptoContext *cc, + NSSCertificate *c); /* * NSSCryptoContext_ImportPKIXCertificate @@ -2223,11 +1950,9 @@ NSSCryptoContext_FindOrImportCertificate ( */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_ImportPKIXCertificate -( - NSSCryptoContext *cc, - struct NSSPKIXCertificateStr *pc -); +NSSCryptoContext_ImportPKIXCertificate( + NSSCryptoContext *cc, + struct NSSPKIXCertificateStr *pc); /* * NSSCryptoContext_ImportEncodedCertificate @@ -2235,11 +1960,9 @@ NSSCryptoContext_ImportPKIXCertificate */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_ImportEncodedCertificate -( - NSSCryptoContext *cc, - NSSBER *ber -); +NSSCryptoContext_ImportEncodedCertificate( + NSSCryptoContext *cc, + NSSBER *ber); /* * NSSCryptoContext_ImportEncodedPKIXCertificateChain @@ -2247,11 +1970,9 @@ NSSCryptoContext_ImportEncodedCertificate */ NSS_EXTERN PRStatus -NSSCryptoContext_ImportEncodedPKIXCertificateChain -( - NSSCryptoContext *cc, - NSSBER *ber -); +NSSCryptoContext_ImportEncodedPKIXCertificateChain( + NSSCryptoContext *cc, + NSSBER *ber); /* Other importations: S/MIME capabilities */ @@ -2262,14 +1983,13 @@ NSSCryptoContext_ImportEncodedPKIXCertificateChain */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindBestCertificateByNickname -( - NSSCryptoContext *cc, - const NSSUTF8 *name, - NSSTime *timeOpt, /* NULL for "now" */ - NSSUsage *usage, - NSSPolicies *policiesOpt /* NULL for none */ -); +NSSCryptoContext_FindBestCertificateByNickname( + NSSCryptoContext *cc, + const NSSUTF8 *name, + NSSTime *timeOpt, /* NULL for "now" */ + NSSUsage *usage, + NSSPolicies *policiesOpt /* NULL for none */ + ); /* * NSSCryptoContext_FindCertificatesByNickname @@ -2277,14 +1997,12 @@ NSSCryptoContext_FindBestCertificateByNickname */ NSS_EXTERN NSSCertificate ** -NSSCryptoContext_FindCertificatesByNickname -( - NSSCryptoContext *cc, - NSSUTF8 *name, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSCryptoContext_FindCertificatesByNickname( + NSSCryptoContext *cc, + NSSUTF8 *name, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber @@ -2292,12 +2010,10 @@ NSSCryptoContext_FindCertificatesByNickname */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindCertificateByIssuerAndSerialNumber -( - NSSCryptoContext *cc, - NSSDER *issuer, - NSSDER *serialNumber -); +NSSCryptoContext_FindCertificateByIssuerAndSerialNumber( + NSSCryptoContext *cc, + NSSDER *issuer, + NSSDER *serialNumber); /* * NSSCryptoContext_FindBestCertificateBySubject @@ -2306,14 +2022,12 @@ NSSCryptoContext_FindCertificateByIssuerAndSerialNumber */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindBestCertificateBySubject -( - NSSCryptoContext *cc, - NSSDER /*NSSUTF8*/ *subject, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSSCryptoContext_FindBestCertificateBySubject( + NSSCryptoContext *cc, + NSSDER /*NSSUTF8*/ *subject, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt); /* * NSSCryptoContext_FindCertificatesBySubject @@ -2322,33 +2036,29 @@ NSSCryptoContext_FindBestCertificateBySubject */ NSS_EXTERN NSSCertificate ** -NSSCryptoContext_FindCertificatesBySubject -( - NSSCryptoContext *cc, - NSSDER /*NSSUTF8*/ *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSCryptoContext_FindCertificatesBySubject( + NSSCryptoContext *cc, + NSSDER /*NSSUTF8*/ *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSCryptoContext_FindBestCertificateByNameComponents * - * This call does try several tricks, including a pseudo pkcs#11 + * This call does try several tricks, including a pseudo pkcs#11 * attribute for the ldap module to try as a query. Eventually * this call falls back to a traversal if that's what's required. * It will search through alternate names hidden in extensions. */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindBestCertificateByNameComponents -( - NSSCryptoContext *cc, - NSSUTF8 *nameComponents, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSSCryptoContext_FindBestCertificateByNameComponents( + NSSCryptoContext *cc, + NSSUTF8 *nameComponents, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt); /* * NSSCryptoContext_FindCertificatesByNameComponents @@ -2359,14 +2069,12 @@ NSSCryptoContext_FindBestCertificateByNameComponents */ NSS_EXTERN NSSCertificate ** -NSSCryptoContext_FindCertificatesByNameComponents -( - NSSCryptoContext *cc, - NSSUTF8 *nameComponents, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSCryptoContext_FindCertificatesByNameComponents( + NSSCryptoContext *cc, + NSSUTF8 *nameComponents, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSCryptoContext_FindCertificateByEncodedCertificate @@ -2374,11 +2082,9 @@ NSSCryptoContext_FindCertificatesByNameComponents */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindCertificateByEncodedCertificate -( - NSSCryptoContext *cc, - NSSBER *encodedCertificate -); +NSSCryptoContext_FindCertificateByEncodedCertificate( + NSSCryptoContext *cc, + NSSBER *encodedCertificate); /* * NSSCryptoContext_FindBestCertificateByEmail @@ -2386,14 +2092,12 @@ NSSCryptoContext_FindCertificateByEncodedCertificate */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindBestCertificateByEmail -( - NSSCryptoContext *cc, - NSSASCII7 *email, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSSCryptoContext_FindBestCertificateByEmail( + NSSCryptoContext *cc, + NSSASCII7 *email, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt); /* * NSSCryptoContext_FindCertificatesByEmail @@ -2401,14 +2105,12 @@ NSSCryptoContext_FindBestCertificateByEmail */ NSS_EXTERN NSSCertificate ** -NSSCryptoContext_FindCertificatesByEmail -( - NSSCryptoContext *cc, - NSSASCII7 *email, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +NSSCryptoContext_FindCertificatesByEmail( + NSSCryptoContext *cc, + NSSASCII7 *email, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* * NSSCryptoContext_FindCertificateByOCSPHash @@ -2416,16 +2118,14 @@ NSSCryptoContext_FindCertificatesByEmail */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindCertificateByOCSPHash -( - NSSCryptoContext *cc, - NSSItem *hash -); +NSSCryptoContext_FindCertificateByOCSPHash( + NSSCryptoContext *cc, + NSSItem *hash); /* * NSSCryptoContext_TraverseCertificates * - * + * * NSS_EXTERN PRStatus * * NSSCryptoContext_TraverseCertificates * ( @@ -2441,13 +2141,11 @@ NSSCryptoContext_FindCertificateByOCSPHash */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindBestUserCertificate -( - NSSCryptoContext *cc, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSSCryptoContext_FindBestUserCertificate( + NSSCryptoContext *cc, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt); /* * NSSCryptoContext_FindUserCertificates @@ -2455,16 +2153,14 @@ NSSCryptoContext_FindBestUserCertificate */ NSS_EXTERN NSSCertificate ** -NSSCryptoContext_FindUserCertificates -( - NSSCryptoContext *cc, - NSSTime *timeOpt, - NSSUsage *usageOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -); +NSSCryptoContext_FindUserCertificates( + NSSCryptoContext *cc, + NSSTime *timeOpt, + NSSUsage *usageOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt); /* * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth @@ -2472,15 +2168,13 @@ NSSCryptoContext_FindUserCertificates */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindBestUserCertificateForSSLClientAuth -( - NSSCryptoContext *cc, - NSSUTF8 *sslHostOpt, - NSSDER *rootCAsOpt[], /* null pointer for none */ - PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt -); +NSSCryptoContext_FindBestUserCertificateForSSLClientAuth( + NSSCryptoContext *cc, + NSSUTF8 *sslHostOpt, + NSSDER *rootCAsOpt[], /* null pointer for none */ + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt); /* * NSSCryptoContext_FindUserCertificatesForSSLClientAuth @@ -2488,18 +2182,16 @@ NSSCryptoContext_FindBestUserCertificateForSSLClientAuth */ NSS_EXTERN NSSCertificate ** -NSSCryptoContext_FindUserCertificatesForSSLClientAuth -( - NSSCryptoContext *cc, - NSSUTF8 *sslHostOpt, - NSSDER *rootCAsOpt[], /* null pointer for none */ - PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -); +NSSCryptoContext_FindUserCertificatesForSSLClientAuth( + NSSCryptoContext *cc, + NSSUTF8 *sslHostOpt, + NSSDER *rootCAsOpt[], /* null pointer for none */ + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt); /* * NSSCryptoContext_FindBestUserCertificateForEmailSigning @@ -2507,15 +2199,13 @@ NSSCryptoContext_FindUserCertificatesForSSLClientAuth */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindBestUserCertificateForEmailSigning -( - NSSCryptoContext *cc, - NSSASCII7 *signerOpt, - NSSASCII7 *recipientOpt, - /* anything more here? */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt -); +NSSCryptoContext_FindBestUserCertificateForEmailSigning( + NSSCryptoContext *cc, + NSSASCII7 *signerOpt, + NSSASCII7 *recipientOpt, + /* anything more here? */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt); /* * NSSCryptoContext_FindUserCertificatesForEmailSigning @@ -2523,18 +2213,16 @@ NSSCryptoContext_FindBestUserCertificateForEmailSigning */ NSS_EXTERN NSSCertificate * -NSSCryptoContext_FindUserCertificatesForEmailSigning -( - NSSCryptoContext *cc, - NSSASCII7 *signerOpt, /* fgmr or a more general name? */ - NSSASCII7 *recipientOpt, - /* anything more here? */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -); +NSSCryptoContext_FindUserCertificatesForEmailSigning( + NSSCryptoContext *cc, + NSSASCII7 *signerOpt, /* fgmr or a more general name? */ + NSSASCII7 *recipientOpt, + /* anything more here? */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt); /* Private Keys */ @@ -2549,21 +2237,19 @@ NSSCryptoContext_FindUserCertificatesForEmailSigning */ NSS_EXTERN PRStatus -NSSCryptoContext_GenerateKeyPair -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *ap, - NSSPrivateKey **pvkOpt, - NSSPublicKey **pbkOpt, - PRBool privateKeyIsSensitive, - NSSToken *destination, - NSSCallback *uhhOpt -); +NSSCryptoContext_GenerateKeyPair( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *ap, + NSSPrivateKey **pvkOpt, + NSSPublicKey **pbkOpt, + PRBool privateKeyIsSensitive, + NSSToken *destination, + NSSCallback *uhhOpt); /* * NSSCryptoContext_TraversePrivateKeys * - * + * * NSS_EXTERN PRStatus * * NSSCryptoContext_TraversePrivateKeys * ( @@ -2581,14 +2267,12 @@ NSSCryptoContext_GenerateKeyPair */ NSS_EXTERN NSSSymmetricKey * -NSSCryptoContext_GenerateSymmetricKey -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *ap, - PRUint32 keysize, - NSSToken *destination, - NSSCallback *uhhOpt -); +NSSCryptoContext_GenerateSymmetricKey( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *ap, + PRUint32 keysize, + NSSToken *destination, + NSSCallback *uhhOpt); /* * NSSCryptoContext_GenerateSymmetricKeyFromPassword @@ -2596,19 +2280,17 @@ NSSCryptoContext_GenerateSymmetricKey */ NSS_EXTERN NSSSymmetricKey * -NSSCryptoContext_GenerateSymmetricKeyFromPassword -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *ap, - NSSUTF8 *passwordOpt, /* if null, prompt */ - NSSToken *destinationOpt, - NSSCallback *uhhOpt -); +NSSCryptoContext_GenerateSymmetricKeyFromPassword( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *ap, + NSSUTF8 *passwordOpt, /* if null, prompt */ + NSSToken *destinationOpt, + NSSCallback *uhhOpt); /* * NSSCryptoContext_FindSymmetricKeyByAlgorithm * - * + * * NSS_EXTERN NSSSymmetricKey * * NSSCryptoContext_FindSymmetricKeyByType * ( @@ -2624,18 +2306,16 @@ NSSCryptoContext_GenerateSymmetricKeyFromPassword */ NSS_EXTERN NSSSymmetricKey * -NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID -( - NSSCryptoContext *cc, - NSSOID *algorithm, - NSSItem *keyID, - NSSCallback *uhhOpt -); +NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID( + NSSCryptoContext *cc, + NSSOID *algorithm, + NSSItem *keyID, + NSSCallback *uhhOpt); /* * NSSCryptoContext_TraverseSymmetricKeys * - * + * * NSS_EXTERN PRStatus * * NSSCryptoContext_TraverseSymmetricKeys * ( @@ -2653,15 +2333,13 @@ NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID */ NSS_EXTERN NSSItem * -NSSCryptoContext_Decrypt -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *encryptedData, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_Decrypt( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *encryptedData, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_BeginDecrypt @@ -2669,12 +2347,10 @@ NSSCryptoContext_Decrypt */ NSS_EXTERN PRStatus -NSSCryptoContext_BeginDecrypt -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -); +NSSCryptoContext_BeginDecrypt( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt); /* * NSSCryptoContext_ContinueDecrypt @@ -2703,13 +2379,11 @@ NSSCryptoContext_BeginDecrypt */ NSS_EXTERN NSSItem * -NSSCryptoContext_ContinueDecrypt -( - NSSCryptoContext *cc, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_ContinueDecrypt( + NSSCryptoContext *cc, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_FinishDecrypt @@ -2717,12 +2391,10 @@ NSSCryptoContext_ContinueDecrypt */ NSS_EXTERN NSSItem * -NSSCryptoContext_FinishDecrypt -( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_FinishDecrypt( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_Sign @@ -2730,15 +2402,13 @@ NSSCryptoContext_FinishDecrypt */ NSS_EXTERN NSSItem * -NSSCryptoContext_Sign -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_Sign( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_BeginSign @@ -2746,12 +2416,10 @@ NSSCryptoContext_Sign */ NSS_EXTERN PRStatus -NSSCryptoContext_BeginSign -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -); +NSSCryptoContext_BeginSign( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt); /* * NSSCryptoContext_ContinueSign @@ -2759,11 +2427,9 @@ NSSCryptoContext_BeginSign */ NSS_EXTERN PRStatus -NSSCryptoContext_ContinueSign -( - NSSCryptoContext *cc, - NSSItem *data -); +NSSCryptoContext_ContinueSign( + NSSCryptoContext *cc, + NSSItem *data); /* * NSSCryptoContext_FinishSign @@ -2771,12 +2437,10 @@ NSSCryptoContext_ContinueSign */ NSS_EXTERN NSSItem * -NSSCryptoContext_FinishSign -( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_FinishSign( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_SignRecover @@ -2784,15 +2448,13 @@ NSSCryptoContext_FinishSign */ NSS_EXTERN NSSItem * -NSSCryptoContext_SignRecover -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_SignRecover( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_BeginSignRecover @@ -2800,12 +2462,10 @@ NSSCryptoContext_SignRecover */ NSS_EXTERN PRStatus -NSSCryptoContext_BeginSignRecover -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -); +NSSCryptoContext_BeginSignRecover( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt); /* * NSSCryptoContext_ContinueSignRecover @@ -2813,13 +2473,11 @@ NSSCryptoContext_BeginSignRecover */ NSS_EXTERN NSSItem * -NSSCryptoContext_ContinueSignRecover -( - NSSCryptoContext *cc, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_ContinueSignRecover( + NSSCryptoContext *cc, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_FinishSignRecover @@ -2827,12 +2485,10 @@ NSSCryptoContext_ContinueSignRecover */ NSS_EXTERN NSSItem * -NSSCryptoContext_FinishSignRecover -( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_FinishSignRecover( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_UnwrapSymmetricKey @@ -2840,13 +2496,11 @@ NSSCryptoContext_FinishSignRecover */ NSS_EXTERN NSSSymmetricKey * -NSSCryptoContext_UnwrapSymmetricKey -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSCallback *uhhOpt -); +NSSCryptoContext_UnwrapSymmetricKey( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSCallback *uhhOpt); /* * NSSCryptoContext_DeriveSymmetricKey @@ -2854,16 +2508,14 @@ NSSCryptoContext_UnwrapSymmetricKey */ NSS_EXTERN NSSSymmetricKey * -NSSCryptoContext_DeriveSymmetricKey -( - NSSCryptoContext *cc, - NSSPublicKey *bk, - NSSAlgorithmAndParameters *apOpt, - NSSOID *target, - PRUint32 keySizeOpt, /* zero for best allowed */ - NSSOperations operations, - NSSCallback *uhhOpt -); +NSSCryptoContext_DeriveSymmetricKey( + NSSCryptoContext *cc, + NSSPublicKey *bk, + NSSAlgorithmAndParameters *apOpt, + NSSOID *target, + PRUint32 keySizeOpt, /* zero for best allowed */ + NSSOperations operations, + NSSCallback *uhhOpt); /* * NSSCryptoContext_Encrypt @@ -2873,15 +2525,13 @@ NSSCryptoContext_DeriveSymmetricKey */ NSS_EXTERN NSSItem * -NSSCryptoContext_Encrypt -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_Encrypt( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_BeginEncrypt @@ -2889,12 +2539,10 @@ NSSCryptoContext_Encrypt */ NSS_EXTERN PRStatus -NSSCryptoContext_BeginEncrypt -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -); +NSSCryptoContext_BeginEncrypt( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt); /* * NSSCryptoContext_ContinueEncrypt @@ -2902,13 +2550,11 @@ NSSCryptoContext_BeginEncrypt */ NSS_EXTERN NSSItem * -NSSCryptoContext_ContinueEncrypt -( - NSSCryptoContext *cc, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_ContinueEncrypt( + NSSCryptoContext *cc, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_FinishEncrypt @@ -2916,12 +2562,10 @@ NSSCryptoContext_ContinueEncrypt */ NSS_EXTERN NSSItem * -NSSCryptoContext_FinishEncrypt -( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_FinishEncrypt( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_Verify @@ -2929,14 +2573,12 @@ NSSCryptoContext_FinishEncrypt */ NSS_EXTERN PRStatus -NSSCryptoContext_Verify -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSItem *signature, - NSSCallback *uhhOpt -); +NSSCryptoContext_Verify( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSItem *signature, + NSSCallback *uhhOpt); /* * NSSCryptoContext_BeginVerify @@ -2944,13 +2586,11 @@ NSSCryptoContext_Verify */ NSS_EXTERN PRStatus -NSSCryptoContext_BeginVerify -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSCallback *uhhOpt -); +NSSCryptoContext_BeginVerify( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSCallback *uhhOpt); /* * NSSCryptoContext_ContinueVerify @@ -2958,11 +2598,9 @@ NSSCryptoContext_BeginVerify */ NSS_EXTERN PRStatus -NSSCryptoContext_ContinueVerify -( - NSSCryptoContext *cc, - NSSItem *data -); +NSSCryptoContext_ContinueVerify( + NSSCryptoContext *cc, + NSSItem *data); /* * NSSCryptoContext_FinishVerify @@ -2970,10 +2608,8 @@ NSSCryptoContext_ContinueVerify */ NSS_EXTERN PRStatus -NSSCryptoContext_FinishVerify -( - NSSCryptoContext *cc -); +NSSCryptoContext_FinishVerify( + NSSCryptoContext *cc); /* * NSSCryptoContext_VerifyRecover @@ -2981,15 +2617,13 @@ NSSCryptoContext_FinishVerify */ NSS_EXTERN NSSItem * -NSSCryptoContext_VerifyRecover -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_VerifyRecover( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_BeginVerifyRecover @@ -2997,12 +2631,10 @@ NSSCryptoContext_VerifyRecover */ NSS_EXTERN PRStatus -NSSCryptoContext_BeginVerifyRecover -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -); +NSSCryptoContext_BeginVerifyRecover( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt); /* * NSSCryptoContext_ContinueVerifyRecover @@ -3010,13 +2642,11 @@ NSSCryptoContext_BeginVerifyRecover */ NSS_EXTERN NSSItem * -NSSCryptoContext_ContinueVerifyRecover -( - NSSCryptoContext *cc, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_ContinueVerifyRecover( + NSSCryptoContext *cc, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_FinishVerifyRecover @@ -3024,12 +2654,10 @@ NSSCryptoContext_ContinueVerifyRecover */ NSS_EXTERN NSSItem * -NSSCryptoContext_FinishVerifyRecover -( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_FinishVerifyRecover( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_WrapSymmetricKey @@ -3037,15 +2665,13 @@ NSSCryptoContext_FinishVerifyRecover */ NSS_EXTERN NSSItem * -NSSCryptoContext_WrapSymmetricKey -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSSymmetricKey *keyToWrap, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_WrapSymmetricKey( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSSymmetricKey *keyToWrap, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_Digest @@ -3055,15 +2681,13 @@ NSSCryptoContext_WrapSymmetricKey */ NSS_EXTERN NSSItem * -NSSCryptoContext_Digest -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhhOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_Digest( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhhOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * NSSCryptoContext_BeginDigest @@ -3071,12 +2695,10 @@ NSSCryptoContext_Digest */ NSS_EXTERN PRStatus -NSSCryptoContext_BeginDigest -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhhOpt -); +NSSCryptoContext_BeginDigest( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhhOpt); /* * NSSCryptoContext_ContinueDigest @@ -3084,12 +2706,10 @@ NSSCryptoContext_BeginDigest */ NSS_EXTERN PRStatus -NSSCryptoContext_ContinueDigest -( - NSSCryptoContext *cc, - NSSAlgorithmAndParameters *apOpt, - NSSItem *item -); +NSSCryptoContext_ContinueDigest( + NSSCryptoContext *cc, + NSSAlgorithmAndParameters *apOpt, + NSSItem *item); /* * NSSCryptoContext_FinishDigest @@ -3097,12 +2717,10 @@ NSSCryptoContext_ContinueDigest */ NSS_EXTERN NSSItem * -NSSCryptoContext_FinishDigest -( - NSSCryptoContext *cc, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +NSSCryptoContext_FinishDigest( + NSSCryptoContext *cc, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* * tbd: Combination ops @@ -3114,10 +2732,7 @@ NSSCryptoContext_FinishDigest */ NSS_EXTERN NSSCryptoContext * -NSSCryptoContext_Clone -( - NSSCryptoContext *cc -); +NSSCryptoContext_Clone(NSSCryptoContext *cc); /* * NSSCryptoContext_Save diff --git a/nss/lib/pki/nsspkit.h b/nss/lib/pki/nsspkit.h index 726b0df..1d6bc71 100644 --- a/nss/lib/pki/nsspkit.h +++ b/nss/lib/pki/nsspkit.h @@ -27,7 +27,7 @@ PR_BEGIN_EXTERN_C * it can be verified only within a trust domain. The underlying type * of certificate may be of any supported standard, e.g. PKIX, PGP, etc. * - * People speak of "verifying (with) the server's, or correspondant's, + * People speak of "verifying (with) the server's, or correspondant's, * certificate"; for simple operations we support that simplification * by implementing public-key crypto operations as methods on this type. */ @@ -45,7 +45,7 @@ typedef struct NSSCertificateStr NSSCertificate; * private-key crypto operations as methods on this type. * * The current design only weakly distinguishes between certificates - * and user certificates: as far as the compiler goes they're + * and user certificates: as far as the compiler goes they're * interchangeable; debug libraries only have one common pointer-tracker; * etc. However, attempts to do private-key operations on a certificate * for which the private key is not available will fail. @@ -87,7 +87,7 @@ typedef struct NSSSymmetricKeyStr NSSSymmetricKey; * * A Trust Domain is the field in which certificates may be validated. * A trust domain will generally have one or more cryptographic modules - * open; these modules perform the cryptographic operations, and + * open; these modules perform the cryptographic operations, and * provide the basic "root" trust information from which the trust in * a specific certificate or key depends. * @@ -123,7 +123,7 @@ typedef struct NSSTrustDomainStr NSSTrustDomain; * streaming crypto operations. * * This object descends from the "temporary database" concept in the - * old code, but it has changed a lot as a result of what we've + * old code, but it has changed a lot as a result of what we've * learned. */ @@ -139,10 +139,10 @@ typedef struct NSSCryptoContextStr NSSCryptoContext; * This is the basic OID that crops up everywhere. */ -struct NSSOIDStr; /* unused opaque structure */ +struct NSSOIDStr; /* unused opaque structure */ typedef struct NSSOIDStr NSSOID; -/* +/* * NSSTime * * Unfortunately, we need an "exceptional" value to indicate @@ -212,16 +212,16 @@ typedef struct NSSCallbackStr NSSCallback; struct NSSCallbackStr { /* Prompt for a password to initialize a slot. */ - PRStatus (* getInitPW)(NSSUTF8 *slotName, void *arg, - NSSUTF8 **ssoPW, NSSUTF8 **userPW); - /* Prompt for oldPW and newPW in order to change the - * password on a slot. + PRStatus (*getInitPW)(NSSUTF8 *slotName, void *arg, + NSSUTF8 **ssoPW, NSSUTF8 **userPW); + /* Prompt for oldPW and newPW in order to change the + * password on a slot. */ - PRStatus (* getNewPW)(NSSUTF8 *slotName, PRUint32 *retries, void *arg, - NSSUTF8 **oldPW, NSSUTF8 **newPW); + PRStatus (*getNewPW)(NSSUTF8 *slotName, PRUint32 *retries, void *arg, + NSSUTF8 **oldPW, NSSUTF8 **newPW); /* Prompt for slot password. */ - PRStatus (* getPW)(NSSUTF8 *slotName, PRUint32 *retries, void *arg, - NSSUTF8 **password); + PRStatus (*getPW)(NSSUTF8 *slotName, PRUint32 *retries, void *arg, + NSSUTF8 **password); void *arg; }; @@ -231,14 +231,14 @@ typedef PRUint32 NSSOperations; /* 1) Do we want these to be preprocessor definitions or constants? */ /* 2) What is the correct and complete list? */ -#define NSSOperations_ENCRYPT 0x0001 -#define NSSOperations_DECRYPT 0x0002 -#define NSSOperations_WRAP 0x0004 -#define NSSOperations_UNWRAP 0x0008 -#define NSSOperations_SIGN 0x0010 -#define NSSOperations_SIGN_RECOVER 0x0020 -#define NSSOperations_VERIFY 0x0040 -#define NSSOperations_VERIFY_RECOVER 0x0080 +#define NSSOperations_ENCRYPT 0x0001 +#define NSSOperations_DECRYPT 0x0002 +#define NSSOperations_WRAP 0x0004 +#define NSSOperations_UNWRAP 0x0008 +#define NSSOperations_SIGN 0x0010 +#define NSSOperations_SIGN_RECOVER 0x0020 +#define NSSOperations_VERIFY 0x0040 +#define NSSOperations_VERIFY_RECOVER 0x0080 struct NSSPKIXCertificateStr; diff --git a/nss/lib/pki/pki.gyp b/nss/lib/pki/pki.gyp new file mode 100644 index 0000000..c3475df --- /dev/null +++ b/nss/lib/pki/pki.gyp @@ -0,0 +1,32 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'nsspki', + 'type': 'static_library', + 'sources': [ + 'asymmkey.c', + 'certdecode.c', + 'certificate.c', + 'cryptocontext.c', + 'pki3hack.c', + 'pkibase.c', + 'pkistore.c', + 'symmkey.c', + 'tdcache.c', + 'trustdomain.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports' + ] + } + ], + 'variables': { + 'module': 'nss' + } +}
\ No newline at end of file diff --git a/nss/lib/pki/pki.h b/nss/lib/pki/pki.h index 959a2fd..00cebe7 100644 --- a/nss/lib/pki/pki.h +++ b/nss/lib/pki/pki.h @@ -20,193 +20,121 @@ PR_BEGIN_EXTERN_C NSS_EXTERN NSSCallback * -nssTrustDomain_GetDefaultCallback -( - NSSTrustDomain *td, - PRStatus *statusOpt -); +nssTrustDomain_GetDefaultCallback( + NSSTrustDomain *td, + PRStatus *statusOpt); NSS_EXTERN NSSCertificate ** -nssTrustDomain_FindCertificatesBySubject -( - NSSTrustDomain *td, - NSSDER *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssTrustDomain_FindCertificatesBySubject( + NSSTrustDomain *td, + NSSDER *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSTrust * -nssTrustDomain_FindTrustForCertificate -( - NSSTrustDomain *td, - NSSCertificate *c -); +nssTrustDomain_FindTrustForCertificate( + NSSTrustDomain *td, + NSSCertificate *c); NSS_EXTERN NSSCertificate * -nssCertificate_AddRef -( - NSSCertificate *c -); +nssCertificate_AddRef(NSSCertificate *c); NSS_EXTERN PRStatus -nssCertificate_Destroy -( - NSSCertificate *c -); +nssCertificate_Destroy(NSSCertificate *c); NSS_EXTERN NSSDER * -nssCertificate_GetEncoding -( - NSSCertificate *c -); +nssCertificate_GetEncoding(NSSCertificate *c); NSS_EXTERN NSSDER * -nssCertificate_GetIssuer -( - NSSCertificate *c -); +nssCertificate_GetIssuer(NSSCertificate *c); NSS_EXTERN NSSDER * -nssCertificate_GetSerialNumber -( - NSSCertificate *c -); +nssCertificate_GetSerialNumber(NSSCertificate *c); NSS_EXTERN NSSDER * -nssCertificate_GetSubject -( - NSSCertificate *c -); +nssCertificate_GetSubject(NSSCertificate *c); /* Returns a copy, Caller must free using nss_ZFreeIf */ NSS_EXTERN NSSUTF8 * -nssCertificate_GetNickname -( - NSSCertificate *c, - NSSToken *tokenOpt -); +nssCertificate_GetNickname( + NSSCertificate *c, + NSSToken *tokenOpt); NSS_EXTERN NSSASCII7 * -nssCertificate_GetEmailAddress -( - NSSCertificate *c -); +nssCertificate_GetEmailAddress(NSSCertificate *c); NSS_EXTERN PRBool -nssCertificate_IssuerAndSerialEqual -( - NSSCertificate *c1, - NSSCertificate *c2 -); +nssCertificate_IssuerAndSerialEqual( + NSSCertificate *c1, + NSSCertificate *c2); NSS_EXTERN NSSPrivateKey * -nssPrivateKey_AddRef -( - NSSPrivateKey *vk -); +nssPrivateKey_AddRef(NSSPrivateKey *vk); NSS_EXTERN PRStatus -nssPrivateKey_Destroy -( - NSSPrivateKey *vk -); +nssPrivateKey_Destroy(NSSPrivateKey *vk); NSS_EXTERN NSSItem * -nssPrivateKey_GetID -( - NSSPrivateKey *vk -); +nssPrivateKey_GetID(NSSPrivateKey *vk); NSS_EXTERN NSSUTF8 * -nssPrivateKey_GetNickname -( - NSSPrivateKey *vk, - NSSToken *tokenOpt -); +nssPrivateKey_GetNickname( + NSSPrivateKey *vk, + NSSToken *tokenOpt); NSS_EXTERN PRStatus -nssPublicKey_Destroy -( - NSSPublicKey *bk -); +nssPublicKey_Destroy(NSSPublicKey *bk); NSS_EXTERN NSSItem * -nssPublicKey_GetID -( - NSSPublicKey *vk -); +nssPublicKey_GetID(NSSPublicKey *vk); NSS_EXTERN NSSCertificate ** -nssCryptoContext_FindCertificatesBySubject -( - NSSCryptoContext *cc, - NSSDER *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +nssCryptoContext_FindCertificatesBySubject( + NSSCryptoContext *cc, + NSSDER *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* putting here for now, needs more thought */ NSS_EXTERN PRStatus -nssCryptoContext_ImportTrust -( - NSSCryptoContext *cc, - NSSTrust *trust -); +nssCryptoContext_ImportTrust( + NSSCryptoContext *cc, + NSSTrust *trust); NSS_EXTERN NSSTrust * -nssCryptoContext_FindTrustForCertificate -( - NSSCryptoContext *cc, - NSSCertificate *cert -); +nssCryptoContext_FindTrustForCertificate( + NSSCryptoContext *cc, + NSSCertificate *cert); NSS_EXTERN PRStatus -nssCryptoContext_ImportSMIMEProfile -( - NSSCryptoContext *cc, - nssSMIMEProfile *profile -); +nssCryptoContext_ImportSMIMEProfile( + NSSCryptoContext *cc, + nssSMIMEProfile *profile); NSS_EXTERN nssSMIMEProfile * -nssCryptoContext_FindSMIMEProfileForCertificate -( - NSSCryptoContext *cc, - NSSCertificate *cert -); +nssCryptoContext_FindSMIMEProfileForCertificate( + NSSCryptoContext *cc, + NSSCertificate *cert); NSS_EXTERN NSSTrust * -nssTrust_AddRef -( - NSSTrust *trust -); +nssTrust_AddRef(NSSTrust *trust); NSS_EXTERN PRStatus -nssTrust_Destroy -( - NSSTrust *trust -); +nssTrust_Destroy(NSSTrust *trust); NSS_EXTERN nssSMIMEProfile * -nssSMIMEProfile_AddRef -( - nssSMIMEProfile *profile -); +nssSMIMEProfile_AddRef(nssSMIMEProfile *profile); NSS_EXTERN PRStatus -nssSMIMEProfile_Destroy -( - nssSMIMEProfile *profile -); +nssSMIMEProfile_Destroy(nssSMIMEProfile *profile); NSS_EXTERN nssSMIMEProfile * -nssSMIMEProfile_Create -( - NSSCertificate *cert, - NSSItem *profileTime, - NSSItem *profileData -); +nssSMIMEProfile_Create( + NSSCertificate *cert, + NSSItem *profileTime, + NSSItem *profileData); PR_END_EXTERN_C diff --git a/nss/lib/pki/pki3hack.c b/nss/lib/pki/pki3hack.c index b145092..0826b7f 100644 --- a/nss/lib/pki/pki3hack.c +++ b/nss/lib/pki/pki3hack.c @@ -64,20 +64,20 @@ STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot) { NSSToken *token; if (!td) { - td = g_default_trust_domain; - if (!td) { - /* we're called while still initting. slot will get added - * appropriately through normal init processes */ - return PR_SUCCESS; - } + td = g_default_trust_domain; + if (!td) { + /* we're called while still initting. slot will get added + * appropriately through normal init processes */ + return PR_SUCCESS; + } } token = nssToken_CreateFromPK11SlotInfo(td, slot); PK11Slot_SetNSSToken(slot, token); /* Don't add nonexistent token to TD's token list */ if (token) { - NSSRWLock_LockWrite(td->tokensLock); - nssList_Add(td->tokenList, token); - NSSRWLock_UnlockWrite(td->tokensLock); + NSSRWLock_LockWrite(td->tokensLock); + nssList_Add(td->tokenList, token); + NSSRWLock_UnlockWrite(td->tokensLock); } return PR_SUCCESS; } @@ -86,12 +86,12 @@ NSS_IMPLEMENT PRStatus STAN_ResetTokenInterator(NSSTrustDomain *td) { if (!td) { - td = g_default_trust_domain; - if (!td) { - /* we're called while still initting. slot will get added - * appropriately through normal init processes */ - return PR_SUCCESS; - } + td = g_default_trust_domain; + if (!td) { + /* we're called while still initting. slot will get added + * appropriately through normal init processes */ + return PR_SUCCESS; + } } NSSRWLock_LockWrite(td->tokensLock); nssListIterator_Destroy(td->tokens); @@ -101,9 +101,8 @@ STAN_ResetTokenInterator(NSSTrustDomain *td) } NSS_IMPLEMENT PRStatus -STAN_LoadDefaultNSS3TrustDomain ( - void -) +STAN_LoadDefaultNSS3TrustDomain( + void) { NSSTrustDomain *td; SECMODModuleList *mlp; @@ -111,13 +110,13 @@ STAN_LoadDefaultNSS3TrustDomain ( int i; if (g_default_trust_domain || g_default_crypto_context) { - /* Stan is already initialized or a previous shutdown failed. */ - nss_SetError(NSS_ERROR_ALREADY_INITIALIZED); - return PR_FAILURE; + /* Stan is already initialized or a previous shutdown failed. */ + nss_SetError(NSS_ERROR_ALREADY_INITIALIZED); + return PR_FAILURE; } td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL); if (!td) { - return PR_FAILURE; + return PR_FAILURE; } /* * Deadlock warning: we should never acquire the moduleLock while @@ -126,29 +125,29 @@ STAN_LoadDefaultNSS3TrustDomain ( */ td->tokenList = nssList_Create(td->arena, PR_TRUE); if (!td->tokenList) { - goto loser; + goto loser; } SECMOD_GetReadLock(moduleLock); NSSRWLock_LockWrite(td->tokensLock); - for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp=mlp->next) { - for (i=0; i < mlp->module->slotCount; i++) { - STAN_InitTokenForSlotInfo(td, mlp->module->slots[i]); - } + for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp = mlp->next) { + for (i = 0; i < mlp->module->slotCount; i++) { + STAN_InitTokenForSlotInfo(td, mlp->module->slots[i]); + } } td->tokens = nssList_CreateIterator(td->tokenList); NSSRWLock_UnlockWrite(td->tokensLock); SECMOD_ReleaseReadLock(moduleLock); if (!td->tokens) { - goto loser; + goto loser; } g_default_crypto_context = NSSTrustDomain_CreateCryptoContext(td, NULL); if (!g_default_crypto_context) { - goto loser; + goto loser; } g_default_trust_domain = td; return PR_SUCCESS; - loser: +loser: NSSTrustDomain_Destroy(td); return PR_FAILURE; } @@ -157,15 +156,14 @@ STAN_LoadDefaultNSS3TrustDomain ( * must be called holding the ModuleListLock (either read or write). */ NSS_IMPLEMENT SECStatus -STAN_AddModuleToDefaultTrustDomain ( - SECMODModule *module -) +STAN_AddModuleToDefaultTrustDomain( + SECMODModule *module) { NSSTrustDomain *td; int i; td = STAN_GetDefaultTrustDomain(); - for (i=0; i<module->slotCount; i++) { - STAN_InitTokenForSlotInfo(td, module->slots[i]); + for (i = 0; i < module->slotCount; i++) { + STAN_InitTokenForSlotInfo(td, module->slots[i]); } STAN_ResetTokenInterator(td); return SECSuccess; @@ -175,23 +173,22 @@ STAN_AddModuleToDefaultTrustDomain ( * must be called holding the ModuleListLock (either read or write). */ NSS_IMPLEMENT SECStatus -STAN_RemoveModuleFromDefaultTrustDomain ( - SECMODModule *module -) +STAN_RemoveModuleFromDefaultTrustDomain( + SECMODModule *module) { NSSToken *token; NSSTrustDomain *td; int i; td = STAN_GetDefaultTrustDomain(); NSSRWLock_LockWrite(td->tokensLock); - for (i=0; i<module->slotCount; i++) { - token = PK11Slot_GetNSSToken(module->slots[i]); - if (token) { - nssToken_NotifyCertsNotVisible(token); - nssList_Remove(td->tokenList, token); - PK11Slot_SetNSSToken(module->slots[i], NULL); - nssToken_Destroy(token); - } + for (i = 0; i < module->slotCount; i++) { + token = PK11Slot_GetNSSToken(module->slots[i]); + if (token) { + nssToken_NotifyCertsNotVisible(token); + nssList_Remove(td->tokenList, token); + PK11Slot_SetNSSToken(module->slots[i], NULL); + nssToken_Destroy(token); + } } nssListIterator_Destroy(td->tokens); td->tokens = nssList_CreateIterator(td->tokenList); @@ -204,18 +201,18 @@ STAN_Shutdown() { PRStatus status = PR_SUCCESS; if (g_default_trust_domain) { - if (NSSTrustDomain_Destroy(g_default_trust_domain) == PR_SUCCESS) { - g_default_trust_domain = NULL; - } else { - status = PR_FAILURE; - } + if (NSSTrustDomain_Destroy(g_default_trust_domain) == PR_SUCCESS) { + g_default_trust_domain = NULL; + } else { + status = PR_FAILURE; + } } if (g_default_crypto_context) { - if (NSSCryptoContext_Destroy(g_default_crypto_context) == PR_SUCCESS) { - g_default_crypto_context = NULL; - } else { - status = PR_FAILURE; - } + if (NSSCryptoContext_Destroy(g_default_crypto_context) == PR_SUCCESS) { + g_default_crypto_context = NULL; + } else { + status = PR_FAILURE; + } } return status; } @@ -235,15 +232,15 @@ STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der) /* nss3 call uses nss3 arena's */ arena = PORT_NewArena(256); if (!arena) { - return NULL; + return NULL; } secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey); if (secrv != SECSuccess) { - PORT_FreeArena(arena, PR_FALSE); - return NULL; + PORT_FreeArena(arena, PR_FALSE); + return NULL; } rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); - PORT_FreeArena(arena,PR_FALSE); + PORT_FreeArena(arena, PR_FALSE); return rvKey; } @@ -251,7 +248,7 @@ NSS_IMPLEMENT PRStatus nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial) { - SECItem derCert = { 0 }; + SECItem derCert = { 0 }; SECItem derIssuer = { 0 }; SECItem derSerial = { 0 }; SECStatus secrv; @@ -259,12 +256,12 @@ nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, derCert.len = der->size; secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); if (secrv != SECSuccess) { - return PR_FAILURE; + return PR_FAILURE; } secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); if (secrv != SECSuccess) { - PORT_Free(derSerial.data); - return PR_FAILURE; + PORT_Free(derSerial.data); + return PR_FAILURE; } issuer->data = derIssuer.data; issuer->size = derIssuer.len; @@ -299,35 +296,34 @@ nss3certificate_matchIdentifier(nssDecodedCert *dc, void *id) /* keyIdentifier */ if (authKeyID->keyID.len > 0 && - CERT_FindSubjectKeyIDExtension(c, &skid) == SECSuccess) { - PRBool skiEqual; - skiEqual = SECITEM_ItemsAreEqual(&authKeyID->keyID, &skid); - PORT_Free(skid.data); - if (skiEqual) { - /* change the state to positive match, but keep going */ - match = nssCertIDMatch_Yes; - } else { - /* exit immediately on failure */ - return nssCertIDMatch_No; - } + CERT_FindSubjectKeyIDExtension(c, &skid) == SECSuccess) { + PRBool skiEqual; + skiEqual = SECITEM_ItemsAreEqual(&authKeyID->keyID, &skid); + PORT_Free(skid.data); + if (skiEqual) { + /* change the state to positive match, but keep going */ + match = nssCertIDMatch_Yes; + } else { + /* exit immediately on failure */ + return nssCertIDMatch_No; + } } /* issuer/serial (treated as pair) */ if (authKeyID->authCertIssuer) { - SECItem *caName = NULL; - SECItem *caSN = &authKeyID->authCertSerialNumber; - - caName = (SECItem *)CERT_GetGeneralNameByType( - authKeyID->authCertIssuer, - certDirectoryName, PR_TRUE); - if (caName != NULL && - SECITEM_ItemsAreEqual(&c->derIssuer, caName) && - SECITEM_ItemsAreEqual(&c->serialNumber, caSN)) - { - match = nssCertIDMatch_Yes; - } else { - match = nssCertIDMatch_Unknown; - } + SECItem *caName = NULL; + SECItem *caSN = &authKeyID->authCertSerialNumber; + + caName = (SECItem *)CERT_GetGeneralNameByType( + authKeyID->authCertIssuer, + certDirectoryName, PR_TRUE); + if (caName != NULL && + SECITEM_ItemsAreEqual(&c->derIssuer, caName) && + SECITEM_ItemsAreEqual(&c->serialNumber, caSN)) { + match = nssCertIDMatch_Yes; + } else { + match = nssCertIDMatch_Unknown; + } } return match; } @@ -347,26 +343,26 @@ nss3certificate_getUsage(nssDecodedCert *dc) return NULL; } -static PRBool +static PRBool nss3certificate_isValidAtTime(nssDecodedCert *dc, NSSTime *time) { SECCertTimeValidity validity; CERTCertificate *c = (CERTCertificate *)dc->data; validity = CERT_CheckCertValidTimes(c, NSSTime_GetPRTime(time), PR_TRUE); if (validity == secCertTimeValid) { - return PR_TRUE; + return PR_TRUE; } return PR_FALSE; } -static PRBool +static PRBool nss3certificate_isNewerThan(nssDecodedCert *dc, nssDecodedCert *cmpdc) { /* I know this isn't right, but this is glue code anyway */ if (cmpdc->type == dc->type) { - CERTCertificate *certa = (CERTCertificate *)dc->data; - CERTCertificate *certb = (CERTCertificate *)cmpdc->data; - return CERT_IsNewer(certa, certb); + CERTCertificate *certa = (CERTCertificate *)dc->data; + CERTCertificate *certb = (CERTCertificate *)cmpdc->data; + return CERT_IsNewer(certa, certb); } return PR_FALSE; } @@ -384,28 +380,28 @@ nss3certificate_matchUsage(nssDecodedCert *dc, const NSSUsage *usage) /* This is for NSS 3.3 functions that do not specify a usage */ if (usage->anyUsage) { - return PR_TRUE; + return PR_TRUE; } ca = usage->nss3lookingForCA; secrv = CERT_KeyUsageAndTypeForCertUsage(usage->nss3usage, ca, &requiredKeyUsage, &requiredCertType); if (secrv != SECSuccess) { - return PR_FALSE; + return PR_FALSE; } cc = (CERTCertificate *)dc->data; secrv = CERT_CheckKeyUsage(cc, requiredKeyUsage); match = (PRBool)(secrv == SECSuccess); if (match) { - unsigned int certType = 0; - if (ca) { - (void)CERT_IsCACert(cc, &certType); - } else { - certType = cc->nsCertType; - } - if (!(certType & requiredCertType)) { - match = PR_FALSE; - } + unsigned int certType = 0; + if (ca) { + (void)CERT_IsCACert(cc, &certType); + } else { + certType = cc->nsCertType; + } + if (!(certType & requiredCertType)) { + match = PR_FALSE; + } } return match; } @@ -423,33 +419,33 @@ nss3certificate_isTrustedForUsage(nssDecodedCert *dc, const NSSUsage *usage) /* This is for NSS 3.3 functions that do not specify a usage */ if (usage->anyUsage) { - return PR_FALSE; /* XXX is this right? */ + return PR_FALSE; /* XXX is this right? */ } cc = (CERTCertificate *)dc->data; ca = usage->nss3lookingForCA; if (!ca) { - PRBool trusted; - unsigned int failedFlags; - secrv = cert_CheckLeafTrust(cc, usage->nss3usage, - &failedFlags, &trusted); - return secrv == SECSuccess && trusted; + PRBool trusted; + unsigned int failedFlags; + secrv = cert_CheckLeafTrust(cc, usage->nss3usage, + &failedFlags, &trusted); + return secrv == SECSuccess && trusted; } secrv = CERT_TrustFlagsForCACertUsage(usage->nss3usage, &requiredFlags, - &trustType); + &trustType); if (secrv != SECSuccess) { - return PR_FALSE; + return PR_FALSE; } secrv = CERT_GetCertTrust(cc, &trust); if (secrv != SECSuccess) { - return PR_FALSE; + return PR_FALSE; } if (trustType == trustTypeNone) { - /* normally trustTypeNone usages accept any of the given trust bits - * being on as acceptable. */ - trustFlags = trust.sslFlags | trust.emailFlags | - trust.objectSigningFlags; + /* normally trustTypeNone usages accept any of the given trust bits + * being on as acceptable. */ + trustFlags = trust.sslFlags | trust.emailFlags | + trust.objectSigningFlags; } else { - trustFlags = SEC_GET_TRUST_FLAGS(&trust, trustType); + trustFlags = SEC_GET_TRUST_FLAGS(&trust, trustType); } return (trustFlags & requiredFlags) == requiredFlags; } @@ -459,11 +455,12 @@ nss3certificate_getEmailAddress(nssDecodedCert *dc) { CERTCertificate *cc = (CERTCertificate *)dc->data; return (cc && cc->emailAddr && cc->emailAddr[0]) - ? (NSSASCII7 *)cc->emailAddr : NULL; + ? (NSSASCII7 *)cc->emailAddr + : NULL; } static PRStatus -nss3certificate_getDERSerialNumber(nssDecodedCert *dc, +nss3certificate_getDERSerialNumber(nssDecodedCert *dc, NSSDER *serial, NSSArena *arena) { CERTCertificate *cc = (CERTCertificate *)dc->data; @@ -471,96 +468,92 @@ nss3certificate_getDERSerialNumber(nssDecodedCert *dc, SECStatus secrv; secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial); if (secrv == SECSuccess) { - (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); - PORT_Free(derSerial.data); - return PR_SUCCESS; + (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); + PORT_Free(derSerial.data); + return PR_SUCCESS; } return PR_FAILURE; } /* Returns NULL if "encoding" cannot be decoded. */ NSS_IMPLEMENT nssDecodedCert * -nssDecodedPKIXCertificate_Create ( - NSSArena *arenaOpt, - NSSDER *encoding -) +nssDecodedPKIXCertificate_Create( + NSSArena *arenaOpt, + NSSDER *encoding) { - nssDecodedCert *rvDC = NULL; + nssDecodedCert *rvDC = NULL; CERTCertificate *cert; - SECItem secDER; + SECItem secDER; SECITEM_FROM_NSSITEM(&secDER, encoding); cert = CERT_DecodeDERCertificate(&secDER, PR_TRUE, NULL); if (cert) { - rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); - if (rvDC) { - rvDC->type = NSSCertificateType_PKIX; - rvDC->data = (void *)cert; - rvDC->getIdentifier = nss3certificate_getIdentifier; - rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; - rvDC->matchIdentifier = nss3certificate_matchIdentifier; - rvDC->isValidIssuer = nss3certificate_isValidIssuer; - rvDC->getUsage = nss3certificate_getUsage; - rvDC->isValidAtTime = nss3certificate_isValidAtTime; - rvDC->isNewerThan = nss3certificate_isNewerThan; - rvDC->matchUsage = nss3certificate_matchUsage; - rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage; - rvDC->getEmailAddress = nss3certificate_getEmailAddress; - rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber; - } else { - CERT_DestroyCertificate(cert); - } + rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); + if (rvDC) { + rvDC->type = NSSCertificateType_PKIX; + rvDC->data = (void *)cert; + rvDC->getIdentifier = nss3certificate_getIdentifier; + rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; + rvDC->matchIdentifier = nss3certificate_matchIdentifier; + rvDC->isValidIssuer = nss3certificate_isValidIssuer; + rvDC->getUsage = nss3certificate_getUsage; + rvDC->isValidAtTime = nss3certificate_isValidAtTime; + rvDC->isNewerThan = nss3certificate_isNewerThan; + rvDC->matchUsage = nss3certificate_matchUsage; + rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage; + rvDC->getEmailAddress = nss3certificate_getEmailAddress; + rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber; + } else { + CERT_DestroyCertificate(cert); + } } return rvDC; } static nssDecodedCert * -create_decoded_pkix_cert_from_nss3cert ( - NSSArena *arenaOpt, - CERTCertificate *cc -) +create_decoded_pkix_cert_from_nss3cert( + NSSArena *arenaOpt, + CERTCertificate *cc) { nssDecodedCert *rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); if (rvDC) { - rvDC->type = NSSCertificateType_PKIX; - rvDC->data = (void *)cc; - rvDC->getIdentifier = nss3certificate_getIdentifier; - rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; - rvDC->matchIdentifier = nss3certificate_matchIdentifier; - rvDC->isValidIssuer = nss3certificate_isValidIssuer; - rvDC->getUsage = nss3certificate_getUsage; - rvDC->isValidAtTime = nss3certificate_isValidAtTime; - rvDC->isNewerThan = nss3certificate_isNewerThan; - rvDC->matchUsage = nss3certificate_matchUsage; - rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage; - rvDC->getEmailAddress = nss3certificate_getEmailAddress; - rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber; + rvDC->type = NSSCertificateType_PKIX; + rvDC->data = (void *)cc; + rvDC->getIdentifier = nss3certificate_getIdentifier; + rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; + rvDC->matchIdentifier = nss3certificate_matchIdentifier; + rvDC->isValidIssuer = nss3certificate_isValidIssuer; + rvDC->getUsage = nss3certificate_getUsage; + rvDC->isValidAtTime = nss3certificate_isValidAtTime; + rvDC->isNewerThan = nss3certificate_isNewerThan; + rvDC->matchUsage = nss3certificate_matchUsage; + rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage; + rvDC->getEmailAddress = nss3certificate_getEmailAddress; + rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber; } return rvDC; } NSS_IMPLEMENT PRStatus -nssDecodedPKIXCertificate_Destroy ( - nssDecodedCert *dc -) +nssDecodedPKIXCertificate_Destroy(nssDecodedCert *dc) { CERTCertificate *cert = (CERTCertificate *)dc->data; - /* The decoder may only be half initialized (the case where we find we + /* The decoder may only be half initialized (the case where we find we * could not decode the certificate). In this case, there is not cert to * free, just free the dc structure. */ if (cert) { - PRBool freeSlot = cert->ownSlot; - PK11SlotInfo *slot = cert->slot; - PLArenaPool *arena = cert->arena; - /* zero cert before freeing. Any stale references to this cert - * after this point will probably cause an exception. */ - PORT_Memset(cert, 0, sizeof *cert); - /* free the arena that contains the cert. */ - PORT_FreeArena(arena, PR_FALSE); - if (slot && freeSlot) { - PK11_FreeSlot(slot); - } + PRBool freeSlot = cert->ownSlot; + PK11SlotInfo *slot = cert->slot; + PLArenaPool *arena = cert->arena; + /* zero cert before freeing. Any stale references to this cert + * after this point will probably cause an exception. */ + PORT_Memset(cert, 0, sizeof *cert); + /* free the arena that contains the cert. */ + PORT_FreeArena(arena, PR_FALSE); + if (slot && freeSlot) { + PK11_FreeSlot(slot); + } } nss_ZFreeIf(dc); return PR_SUCCESS; @@ -572,16 +565,16 @@ get_nss3trust_from_nss4trust(nssTrustLevel t) { unsigned int rt = 0; if (t == nssTrustLevel_Trusted) { - rt |= CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED; + rt |= CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED; } if (t == nssTrustLevel_TrustedDelegator) { - rt |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA; + rt |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA; } if (t == nssTrustLevel_NotTrusted) { - rt |= CERTDB_TERMINAL_RECORD; + rt |= CERTDB_TERMINAL_RECORD; } if (t == nssTrustLevel_ValidDelegator) { - rt |= CERTDB_VALID_CA; + rt |= CERTDB_VALID_CA; } return rt; } @@ -592,15 +585,16 @@ cert_trust_from_stan_trust(NSSTrust *t, PLArenaPool *arena) CERTCertTrust *rvTrust; unsigned int client; if (!t) { - return NULL; + return NULL; } rvTrust = PORT_ArenaAlloc(arena, sizeof(CERTCertTrust)); - if (!rvTrust) return NULL; + if (!rvTrust) + return NULL; rvTrust->sslFlags = get_nss3trust_from_nss4trust(t->serverAuth); client = get_nss3trust_from_nss4trust(t->clientAuth); - if (client & (CERTDB_TRUSTED_CA|CERTDB_NS_TRUSTED_CA)) { - client &= ~(CERTDB_TRUSTED_CA|CERTDB_NS_TRUSTED_CA); - rvTrust->sslFlags |= CERTDB_TRUSTED_CLIENT_CA; + if (client & (CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA)) { + client &= ~(CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA); + rvTrust->sslFlags |= CERTDB_TRUSTED_CLIENT_CA; } rvTrust->sslFlags |= client; rvTrust->emailFlags = get_nss3trust_from_nss4trust(t->emailProtection); @@ -608,7 +602,7 @@ cert_trust_from_stan_trust(NSSTrust *t, PLArenaPool *arena) return rvTrust; } -CERTCertTrust * +CERTCertTrust * nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc) { CERTCertTrust *rvTrust = NULL; @@ -616,23 +610,23 @@ nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc) NSSTrust *t; t = nssTrustDomain_FindTrustForCertificate(td, c); if (t) { - rvTrust = cert_trust_from_stan_trust(t, cc->arena); - if (!rvTrust) { - nssTrust_Destroy(t); - return NULL; - } - nssTrust_Destroy(t); + rvTrust = cert_trust_from_stan_trust(t, cc->arena); + if (!rvTrust) { + nssTrust_Destroy(t); + return NULL; + } + nssTrust_Destroy(t); } else { - rvTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); - if (!rvTrust) { - return NULL; - } - memset(rvTrust, 0, sizeof(*rvTrust)); + rvTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); + if (!rvTrust) { + return NULL; + } + memset(rvTrust, 0, sizeof(*rvTrust)); } if (NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL)) { - rvTrust->sslFlags |= CERTDB_USER; - rvTrust->emailFlags |= CERTDB_USER; - rvTrust->objectSigningFlags |= CERTDB_USER; + rvTrust->sslFlags |= CERTDB_USER; + rvTrust->emailFlags |= CERTDB_USER; + rvTrust->objectSigningFlags |= CERTDB_USER; } return rvTrust; } @@ -643,34 +637,33 @@ get_cert_instance(NSSCertificate *c) nssCryptokiObject *instance, **ci; nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); if (!instances) { - return NULL; + return NULL; } instance = NULL; for (ci = instances; *ci; ci++) { - if (!instance) { - instance = nssCryptokiObject_Clone(*ci); - } else { - /* This only really works for two instances... But 3.4 can't - * handle more anyway. The logic is, if there are multiple - * instances, prefer the one that is not internal (e.g., on - * a hardware device. - */ - if (PK11_IsInternal(instance->token->pk11slot)) { - nssCryptokiObject_Destroy(instance); - instance = nssCryptokiObject_Clone(*ci); - } - } + if (!instance) { + instance = nssCryptokiObject_Clone(*ci); + } else { + /* This only really works for two instances... But 3.4 can't + * handle more anyway. The logic is, if there are multiple + * instances, prefer the one that is not internal (e.g., on + * a hardware device. + */ + if (PK11_IsInternal(instance->token->pk11slot)) { + nssCryptokiObject_Destroy(instance); + instance = nssCryptokiObject_Clone(*ci); + } + } } nssCryptokiObjectArray_Destroy(instances); return instance; } -char * -STAN_GetCERTCertificateNameForInstance ( - PLArenaPool *arenaOpt, - NSSCertificate *c, - nssCryptokiInstance *instance -) +char * +STAN_GetCERTCertificateNameForInstance( + PLArenaPool *arenaOpt, + NSSCertificate *c, + nssCryptokiInstance *instance) { NSSCryptoContext *context = c->object.cryptoContext; PRStatus nssrv; @@ -681,55 +674,55 @@ STAN_GetCERTCertificateNameForInstance ( char *nick; if (instance) { - stanNick = instance->label; + stanNick = instance->label; } else if (context) { - stanNick = c->object.tempName; + stanNick = c->object.tempName; } if (stanNick) { - /* fill other fields needed by NSS3 functions using CERTCertificate */ - if (instance && (!PK11_IsInternalKeySlot(instance->token->pk11slot) || - PORT_Strchr(stanNick, ':') != NULL) ) { - tokenName = nssToken_GetName(instance->token); - tokenlen = nssUTF8_Size(tokenName, &nssrv); - } else { - /* don't use token name for internal slot; 3.3 didn't */ - tokenlen = 0; - } - nicklen = nssUTF8_Size(stanNick, &nssrv); - len = tokenlen + nicklen; - if (arenaOpt) { - nickname = PORT_ArenaAlloc(arenaOpt, len); - } else { - nickname = PORT_Alloc(len); - } - nick = nickname; - if (tokenName) { - memcpy(nick, tokenName, tokenlen-1); - nick += tokenlen-1; - *nick++ = ':'; - } - memcpy(nick, stanNick, nicklen-1); - nickname[len-1] = '\0'; + /* fill other fields needed by NSS3 functions using CERTCertificate */ + if (instance && (!PK11_IsInternalKeySlot(instance->token->pk11slot) || + PORT_Strchr(stanNick, ':') != NULL)) { + tokenName = nssToken_GetName(instance->token); + tokenlen = nssUTF8_Size(tokenName, &nssrv); + } else { + /* don't use token name for internal slot; 3.3 didn't */ + tokenlen = 0; + } + nicklen = nssUTF8_Size(stanNick, &nssrv); + len = tokenlen + nicklen; + if (arenaOpt) { + nickname = PORT_ArenaAlloc(arenaOpt, len); + } else { + nickname = PORT_Alloc(len); + } + nick = nickname; + if (tokenName) { + memcpy(nick, tokenName, tokenlen - 1); + nick += tokenlen - 1; + *nick++ = ':'; + } + memcpy(nick, stanNick, nicklen - 1); + nickname[len - 1] = '\0'; } return nickname; } -char * +char * STAN_GetCERTCertificateName(PLArenaPool *arenaOpt, NSSCertificate *c) { - char * result; + char *result; nssCryptokiInstance *instance = get_cert_instance(c); /* It's OK to call this function, even if instance is NULL */ result = STAN_GetCERTCertificateNameForInstance(arenaOpt, c, instance); if (instance) - nssCryptokiObject_Destroy(instance); + nssCryptokiObject_Destroy(instance); return result; } static void fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced) { - CERTCertTrust* trust = NULL; + CERTCertTrust *trust = NULL; NSSTrust *nssTrust; NSSCryptoContext *context = c->object.cryptoContext; nssCryptokiInstance *instance; @@ -742,62 +735,62 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced instance = get_cert_instance(c); if (instance) { - stanNick = instance->label; + stanNick = instance->label; } else if (context) { - stanNick = c->object.tempName; + stanNick = c->object.tempName; } /* fill other fields needed by NSS3 functions using CERTCertificate */ if ((!cc->nickname && stanNick) || forced) { - PRStatus nssrv; - int nicklen, tokenlen, len; - NSSUTF8 *tokenName = NULL; - char *nick; - if (instance && - (!PK11_IsInternalKeySlot(instance->token->pk11slot) || - (stanNick && PORT_Strchr(stanNick, ':') != NULL))) { - tokenName = nssToken_GetName(instance->token); - tokenlen = nssUTF8_Size(tokenName, &nssrv); - } else { - /* don't use token name for internal slot; 3.3 didn't */ - tokenlen = 0; - } - if (stanNick) { - nicklen = nssUTF8_Size(stanNick, &nssrv); - len = tokenlen + nicklen; - nick = PORT_ArenaAlloc(cc->arena, len); - if (tokenName) { - memcpy(nick, tokenName, tokenlen-1); - nick[tokenlen-1] = ':'; - memcpy(nick+tokenlen, stanNick, nicklen-1); - } else { - memcpy(nick, stanNick, nicklen-1); - } - nick[len-1] = '\0'; + PRStatus nssrv; + int nicklen, tokenlen, len; + NSSUTF8 *tokenName = NULL; + char *nick; + if (instance && + (!PK11_IsInternalKeySlot(instance->token->pk11slot) || + (stanNick && PORT_Strchr(stanNick, ':') != NULL))) { + tokenName = nssToken_GetName(instance->token); + tokenlen = nssUTF8_Size(tokenName, &nssrv); + } else { + /* don't use token name for internal slot; 3.3 didn't */ + tokenlen = 0; + } + if (stanNick) { + nicklen = nssUTF8_Size(stanNick, &nssrv); + len = tokenlen + nicklen; + nick = PORT_ArenaAlloc(cc->arena, len); + if (tokenName) { + memcpy(nick, tokenName, tokenlen - 1); + nick[tokenlen - 1] = ':'; + memcpy(nick + tokenlen, stanNick, nicklen - 1); + } else { + memcpy(nick, stanNick, nicklen - 1); + } + nick[len - 1] = '\0'; cc->nickname = nick; - } else { - cc->nickname = NULL; - } + } else { + cc->nickname = NULL; + } } if (context) { - /* trust */ - nssTrust = nssCryptoContext_FindTrustForCertificate(context, c); - if (!nssTrust) { - /* chicken and egg issue: - * - * c->issuer and c->serial are empty at this point, but - * nssTrustDomain_FindTrustForCertificate use them to look up - * up the trust object, so we point them to cc->derIssuer and - * cc->serialNumber. - * - * Our caller will fill these in with proper arena copies when we - * return. */ - c->issuer.data = cc->derIssuer.data; - c->issuer.size = cc->derIssuer.len; - c->serial.data = cc->serialNumber.data; - c->serial.size = cc->serialNumber.len; - nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c); - } - if (nssTrust) { + /* trust */ + nssTrust = nssCryptoContext_FindTrustForCertificate(context, c); + if (!nssTrust) { + /* chicken and egg issue: + * + * c->issuer and c->serial are empty at this point, but + * nssTrustDomain_FindTrustForCertificate use them to look up + * up the trust object, so we point them to cc->derIssuer and + * cc->serialNumber. + * + * Our caller will fill these in with proper arena copies when we + * return. */ + c->issuer.data = cc->derIssuer.data; + c->issuer.size = cc->derIssuer.len; + c->serial.data = cc->serialNumber.data; + c->serial.size = cc->serialNumber.len; + nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c); + } + if (nssTrust) { trust = cert_trust_from_stan_trust(nssTrust, cc->arena); if (trust) { /* we should destroy cc->trust before replacing it, but it's @@ -807,21 +800,21 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced cc->trust = trust; CERT_UnlockCertTrust(cc); } - nssTrust_Destroy(nssTrust); - } + nssTrust_Destroy(nssTrust); + } } else if (instance) { - /* slot */ - if (cc->slot != instance->token->pk11slot) { - if (cc->slot) { - PK11_FreeSlot(cc->slot); - } - cc->slot = PK11_ReferenceSlot(instance->token->pk11slot); - } - cc->ownSlot = PR_TRUE; - /* pkcs11ID */ - cc->pkcs11ID = instance->handle; - /* trust */ - trust = nssTrust_GetCERTCertTrustForCert(c, cc); + /* slot */ + if (cc->slot != instance->token->pk11slot) { + if (cc->slot) { + PK11_FreeSlot(cc->slot); + } + cc->slot = PK11_ReferenceSlot(instance->token->pk11slot); + } + cc->ownSlot = PR_TRUE; + /* pkcs11ID */ + cc->pkcs11ID = instance->handle; + /* trust */ + trust = nssTrust_GetCERTCertTrustForCert(c, cc); if (trust) { /* we should destroy cc->trust before replacing it, but it's allocated in cc->arena, so memory growth will occur on each @@ -830,8 +823,10 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced cc->trust = trust; CERT_UnlockCertTrust(cc); } - nssCryptokiObject_Destroy(instance); - } + } + if (instance) { + nssCryptokiObject_Destroy(instance); + } /* database handle is now the trust domain */ cc->dbhandle = c->object.trustDomain; /* subjectList ? */ @@ -841,12 +836,12 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced /* pointer back */ cc->nssCertificate = c; if (trust) { - /* force the cert type to be recomputed to include trust info */ - PRUint32 nsCertType = cert_ComputeCertType(cc); + /* force the cert type to be recomputed to include trust info */ + PRUint32 nsCertType = cert_ComputeCertType(cc); - /* Assert that it is safe to cast &cc->nsCertType to "PRInt32 *" */ - PORT_Assert(sizeof(cc->nsCertType) == sizeof(PRInt32)); - PR_ATOMIC_SET((PRInt32 *)&cc->nsCertType, nsCertType); + /* Assert that it is safe to cast &cc->nsCertType to "PRInt32 *" */ + PORT_Assert(sizeof(cc->nsCertType) == sizeof(PRInt32)); + PR_ATOMIC_SET((PRInt32 *)&cc->nsCertType, nsCertType); } } @@ -863,26 +858,26 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) dc = c->decoding; if (!dc) { - dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); - if (!dc) { + dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); + if (!dc) { goto loser; } - cc = (CERTCertificate *)dc->data; - PORT_Assert(cc); /* software error */ - if (!cc) { - nssDecodedPKIXCertificate_Destroy(dc); - nss_SetError(NSS_ERROR_INTERNAL_ERROR); - goto loser; - } - PORT_Assert(!c->decoding); - if (!c->decoding) { - c->decoding = dc; - } else { + cc = (CERTCertificate *)dc->data; + PORT_Assert(cc); /* software error */ + if (!cc) { + nssDecodedPKIXCertificate_Destroy(dc); + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + goto loser; + } + PORT_Assert(!c->decoding); + if (!c->decoding) { + c->decoding = dc; + } else { /* this should never happen. Fail. */ - nssDecodedPKIXCertificate_Destroy(dc); - nss_SetError(NSS_ERROR_INTERNAL_ERROR); + nssDecodedPKIXCertificate_Destroy(dc); + nss_SetError(NSS_ERROR_INTERNAL_ERROR); goto loser; - } + } } cc = (CERTCertificate *)dc->data; PORT_Assert(cc); @@ -898,7 +893,7 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) * trust, so look for the trust again. But a temp cert can be * ignored. */ - CERTCertTrust* trust = NULL; + CERTCertTrust *trust = NULL; trust = nssTrust_GetCERTCertTrustForCert(c, cc); CERT_LockCertTrust(cc); @@ -906,7 +901,7 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) CERT_UnlockCertTrust(cc); } - loser: +loser: nssPKIObject_Unlock(&c->object); nssPKIObject_Destroy(&c->object); return cc; @@ -916,7 +911,7 @@ NSS_IMPLEMENT CERTCertificate * STAN_ForceCERTCertificateUpdate(NSSCertificate *c) { if (c->decoding) { - return stan_GetCERTCertificate(c, PR_TRUE); + return stan_GetCERTCertificate(c, PR_TRUE); } return NULL; } @@ -928,10 +923,10 @@ STAN_GetCERTCertificate(NSSCertificate *c) } /* * many callers of STAN_GetCERTCertificate() intend that - * the CERTCertificate returned inherits the reference to the - * NSSCertificate. For these callers it's convenient to have - * this function 'own' the reference and either return a valid - * CERTCertificate structure which inherits the reference or + * the CERTCertificate returned inherits the reference to the + * NSSCertificate. For these callers it's convenient to have + * this function 'own' the reference and either return a valid + * CERTCertificate structure which inherits the reference or * destroy the reference to NSSCertificate and returns NULL. */ NSS_IMPLEMENT CERTCertificate * @@ -939,31 +934,31 @@ STAN_GetCERTCertificateOrRelease(NSSCertificate *c) { CERTCertificate *nss3cert = stan_GetCERTCertificate(c, PR_FALSE); if (!nss3cert) { - nssCertificate_Destroy(c); + nssCertificate_Destroy(c); } return nss3cert; } static nssTrustLevel -get_stan_trust(unsigned int t, PRBool isClientAuth) +get_stan_trust(unsigned int t, PRBool isClientAuth) { if (isClientAuth) { - if (t & CERTDB_TRUSTED_CLIENT_CA) { - return nssTrustLevel_TrustedDelegator; - } + if (t & CERTDB_TRUSTED_CLIENT_CA) { + return nssTrustLevel_TrustedDelegator; + } } else { - if (t & CERTDB_TRUSTED_CA || t & CERTDB_NS_TRUSTED_CA) { - return nssTrustLevel_TrustedDelegator; - } + if (t & CERTDB_TRUSTED_CA || t & CERTDB_NS_TRUSTED_CA) { + return nssTrustLevel_TrustedDelegator; + } } if (t & CERTDB_TRUSTED) { - return nssTrustLevel_Trusted; + return nssTrustLevel_Trusted; } if (t & CERTDB_TERMINAL_RECORD) { - return nssTrustLevel_NotTrusted; + return nssTrustLevel_NotTrusted; } if (t & CERTDB_VALID_CA) { - return nssTrustLevel_ValidDelegator; + return nssTrustLevel_ValidDelegator; } return nssTrustLevel_MustVerify; } @@ -977,26 +972,26 @@ STAN_GetNSSCertificate(CERTCertificate *cc) NSSArena *arena; c = cc->nssCertificate; if (c) { - return c; + return c; } /* i don't think this should happen. but if it can, need to create * NSSCertificate from CERTCertificate values here. */ /* Yup, it can happen. */ arena = NSSArena_Create(); if (!arena) { - return NULL; + return NULL; } c = nss_ZNEW(arena, NSSCertificate); if (!c) { - nssArena_Destroy(arena); - return NULL; + nssArena_Destroy(arena); + return NULL; } NSSITEM_FROM_SECITEM(&c->encoding, &cc->derCert); c->type = NSSCertificateType_PKIX; pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKIMonitor); if (!pkiob) { - nssArena_Destroy(arena); - return NULL; + nssArena_Destroy(arena); + return NULL; } c->object = *pkiob; nssItem_Create(arena, @@ -1004,18 +999,18 @@ STAN_GetNSSCertificate(CERTCertificate *cc) nssItem_Create(arena, &c->subject, cc->derSubject.len, cc->derSubject.data); if (PR_TRUE) { - /* CERTCertificate stores serial numbers decoded. I need the DER - * here. sigh. - */ - SECItem derSerial; - SECStatus secrv; - secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial); - if (secrv == SECFailure) { - nssArena_Destroy(arena); - return NULL; - } - nssItem_Create(arena, &c->serial, derSerial.len, derSerial.data); - PORT_Free(derSerial.data); + /* CERTCertificate stores serial numbers decoded. I need the DER + * here. sigh. + */ + SECItem derSerial; + SECStatus secrv; + secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial); + if (secrv == SECFailure) { + nssArena_Destroy(arena); + return NULL; + } + nssItem_Create(arena, &c->serial, derSerial.len, derSerial.data); + PORT_Free(derSerial.data); } if (cc->emailAddr && cc->emailAddr[0]) { c->email = nssUTF8_Create(arena, @@ -1024,31 +1019,30 @@ STAN_GetNSSCertificate(CERTCertificate *cc) PORT_Strlen(cc->emailAddr)); } if (cc->slot) { - instance = nss_ZNEW(arena, nssCryptokiInstance); - if (!instance) { - nssArena_Destroy(arena); - return NULL; - } - instance->token = nssToken_AddRef(PK11Slot_GetNSSToken(cc->slot)); - instance->handle = cc->pkcs11ID; - instance->isTokenObject = PR_TRUE; - if (cc->nickname) { - instance->label = nssUTF8_Create(arena, - nssStringType_UTF8String, - (NSSUTF8 *)cc->nickname, - PORT_Strlen(cc->nickname)); - } - nssPKIObject_AddInstance(&c->object, instance); + instance = nss_ZNEW(arena, nssCryptokiInstance); + if (!instance) { + nssArena_Destroy(arena); + return NULL; + } + instance->token = nssToken_AddRef(PK11Slot_GetNSSToken(cc->slot)); + instance->handle = cc->pkcs11ID; + instance->isTokenObject = PR_TRUE; + if (cc->nickname) { + instance->label = nssUTF8_Create(arena, + nssStringType_UTF8String, + (NSSUTF8 *)cc->nickname, + PORT_Strlen(cc->nickname)); + } + nssPKIObject_AddInstance(&c->object, instance); } c->decoding = create_decoded_pkix_cert_from_nss3cert(NULL, cc); cc->nssCertificate = c; return c; } -static NSSToken* -stan_GetTrustToken ( - NSSCertificate *c -) +static NSSToken * +stan_GetTrustToken( + NSSCertificate *c) { NSSToken *ttok = NULL; NSSToken *rtok = NULL; @@ -1056,31 +1050,31 @@ stan_GetTrustToken ( nssCryptokiObject **ip; nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); if (!instances) { - return PR_FALSE; + return PR_FALSE; } for (ip = instances; *ip; ip++) { - nssCryptokiObject *instance = *ip; - nssCryptokiObject *to = - nssToken_FindTrustForCertificate(instance->token, NULL, - &c->encoding, &c->issuer, &c->serial, - nssTokenSearchType_TokenOnly); - NSSToken *ctok = instance->token; - PRBool ro = PK11_IsReadOnly(ctok->pk11slot); - - if (to) { - nssCryptokiObject_Destroy(to); - ttok = ctok; - if (!ro) { - break; - } - } else { - if (!rtok && ro) { - rtok = ctok; - } - if (!tok && !ro) { - tok = ctok; - } - } + nssCryptokiObject *instance = *ip; + nssCryptokiObject *to = + nssToken_FindTrustForCertificate(instance->token, NULL, + &c->encoding, &c->issuer, &c->serial, + nssTokenSearchType_TokenOnly); + NSSToken *ctok = instance->token; + PRBool ro = PK11_IsReadOnly(ctok->pk11slot); + + if (to) { + nssCryptokiObject_Destroy(to); + ttok = ctok; + if (!ro) { + break; + } + } else { + if (!rtok && ro) { + rtok = ctok; + } + if (!tok && !ro) { + tok = ctok; + } + } } nssCryptokiObjectArray_Destroy(instances); return ttok ? ttok : (tok ? tok : rtok); @@ -1107,15 +1101,15 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) } oldTrust = nssTrust_GetCERTCertTrustForCert(c, cc); if (oldTrust) { - if (memcmp(oldTrust, trust, sizeof (CERTCertTrust)) == 0) { - /* ... and the new trust is no different, done) */ - return PR_SUCCESS; - } else { - /* take over memory already allocated in cc's arena */ - newTrust = oldTrust; - } + if (memcmp(oldTrust, trust, sizeof(CERTCertTrust)) == 0) { + /* ... and the new trust is no different, done) */ + return PR_SUCCESS; + } else { + /* take over memory already allocated in cc's arena */ + newTrust = oldTrust; + } } else { - newTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); + newTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); } memcpy(newTrust, trust, sizeof(CERTCertTrust)); CERT_LockCertTrust(cc); @@ -1123,16 +1117,17 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) CERT_UnlockCertTrust(cc); /* Set the NSSCerticate's trust */ arena = nssArena_Create(); - if (!arena) return PR_FAILURE; + if (!arena) + return PR_FAILURE; nssTrust = nss_ZNEW(arena, NSSTrust); if (!nssTrust) { - nssArena_Destroy(arena); - return PR_FAILURE; + nssArena_Destroy(arena); + return PR_FAILURE; } pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKILock); if (!pkiob) { - nssArena_Destroy(arena); - return PR_FAILURE; + nssArena_Destroy(arena); + return PR_FAILURE; } nssTrust->object = *pkiob; nssTrust->certificate = c; @@ -1140,120 +1135,120 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) nssTrust->clientAuth = get_stan_trust(trust->sslFlags, PR_TRUE); nssTrust->emailProtection = get_stan_trust(trust->emailFlags, PR_FALSE); nssTrust->codeSigning = get_stan_trust(trust->objectSigningFlags, PR_FALSE); - nssTrust->stepUpApproved = - (PRBool)(trust->sslFlags & CERTDB_GOVT_APPROVED_CA); + nssTrust->stepUpApproved = + (PRBool)(trust->sslFlags & CERTDB_GOVT_APPROVED_CA); if (c->object.cryptoContext != NULL) { - /* The cert is in a context, set the trust there */ - NSSCryptoContext *cc = c->object.cryptoContext; - nssrv = nssCryptoContext_ImportTrust(cc, nssTrust); - if (nssrv != PR_SUCCESS) { - goto done; - } - if (c->object.numInstances == 0) { - /* The context is the only instance, finished */ - goto done; - } + /* The cert is in a context, set the trust there */ + NSSCryptoContext *cc = c->object.cryptoContext; + nssrv = nssCryptoContext_ImportTrust(cc, nssTrust); + if (nssrv != PR_SUCCESS) { + goto done; + } + if (c->object.numInstances == 0) { + /* The context is the only instance, finished */ + goto done; + } } td = STAN_GetDefaultTrustDomain(); tok = stan_GetTrustToken(c); moving_object = PR_FALSE; - if (tok && PK11_IsReadOnly(tok->pk11slot)) { - NSSRWLock_LockRead(td->tokensLock); - tokens = nssList_CreateIterator(td->tokenList); - if (!tokens) { - nssrv = PR_FAILURE; - NSSRWLock_UnlockRead(td->tokensLock); - goto done; - } - for (tok = (NSSToken *)nssListIterator_Start(tokens); - tok != (NSSToken *)NULL; - tok = (NSSToken *)nssListIterator_Next(tokens)) - { - if (!PK11_IsReadOnly(tok->pk11slot)) break; - } - nssListIterator_Finish(tokens); - nssListIterator_Destroy(tokens); - NSSRWLock_UnlockRead(td->tokensLock); - moving_object = PR_TRUE; - } + if (tok && PK11_IsReadOnly(tok->pk11slot)) { + NSSRWLock_LockRead(td->tokensLock); + tokens = nssList_CreateIterator(td->tokenList); + if (!tokens) { + nssrv = PR_FAILURE; + NSSRWLock_UnlockRead(td->tokensLock); + goto done; + } + for (tok = (NSSToken *)nssListIterator_Start(tokens); + tok != (NSSToken *)NULL; + tok = (NSSToken *)nssListIterator_Next(tokens)) { + if (!PK11_IsReadOnly(tok->pk11slot)) + break; + } + nssListIterator_Finish(tokens); + nssListIterator_Destroy(tokens); + NSSRWLock_UnlockRead(td->tokensLock); + moving_object = PR_TRUE; + } if (tok) { - if (moving_object) { - /* this is kind of hacky. the softoken needs the cert - * object in order to store trust. forcing it to be perm - */ - NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); - NSSASCII7 *email = NULL; - - if (PK11_IsInternal(tok->pk11slot)) { - email = c->email; - } - newInstance = nssToken_ImportCertificate(tok, NULL, - NSSCertificateType_PKIX, - &c->id, - nickname, - &c->encoding, - &c->issuer, - &c->subject, - &c->serial, - email, - PR_TRUE); + if (moving_object) { + /* this is kind of hacky. the softoken needs the cert + * object in order to store trust. forcing it to be perm + */ + NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); + NSSASCII7 *email = NULL; + + if (PK11_IsInternal(tok->pk11slot)) { + email = c->email; + } + newInstance = nssToken_ImportCertificate(tok, NULL, + NSSCertificateType_PKIX, + &c->id, + nickname, + &c->encoding, + &c->issuer, + &c->subject, + &c->serial, + email, + PR_TRUE); nss_ZFreeIf(nickname); nickname = NULL; - if (!newInstance) { - nssrv = PR_FAILURE; - goto done; - } - nssPKIObject_AddInstance(&c->object, newInstance); - } - newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding, - &c->issuer, &c->serial, - nssTrust->serverAuth, - nssTrust->clientAuth, - nssTrust->codeSigning, - nssTrust->emailProtection, - nssTrust->stepUpApproved, PR_TRUE); - /* If the selected token can't handle trust, dump the trust on - * the internal token */ - if (!newInstance && !PK11_IsInternalKeySlot(tok->pk11slot)) { - PK11SlotInfo *slot = PK11_GetInternalKeySlot(); - NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); - NSSASCII7 *email = c->email; - tok = PK11Slot_GetNSSToken(slot); - PK11_FreeSlot(slot); - - newInstance = nssToken_ImportCertificate(tok, NULL, - NSSCertificateType_PKIX, - &c->id, - nickname, - &c->encoding, - &c->issuer, - &c->subject, - &c->serial, - email, - PR_TRUE); + if (!newInstance) { + nssrv = PR_FAILURE; + goto done; + } + nssPKIObject_AddInstance(&c->object, newInstance); + } + newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding, + &c->issuer, &c->serial, + nssTrust->serverAuth, + nssTrust->clientAuth, + nssTrust->codeSigning, + nssTrust->emailProtection, + nssTrust->stepUpApproved, PR_TRUE); + /* If the selected token can't handle trust, dump the trust on + * the internal token */ + if (!newInstance && !PK11_IsInternalKeySlot(tok->pk11slot)) { + PK11SlotInfo *slot = PK11_GetInternalKeySlot(); + NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); + NSSASCII7 *email = c->email; + tok = PK11Slot_GetNSSToken(slot); + PK11_FreeSlot(slot); + + newInstance = nssToken_ImportCertificate(tok, NULL, + NSSCertificateType_PKIX, + &c->id, + nickname, + &c->encoding, + &c->issuer, + &c->subject, + &c->serial, + email, + PR_TRUE); nss_ZFreeIf(nickname); nickname = NULL; - if (!newInstance) { - nssrv = PR_FAILURE; - goto done; - } - nssPKIObject_AddInstance(&c->object, newInstance); - newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding, - &c->issuer, &c->serial, - nssTrust->serverAuth, - nssTrust->clientAuth, - nssTrust->codeSigning, - nssTrust->emailProtection, - nssTrust->stepUpApproved, PR_TRUE); - } - if (newInstance) { - nssCryptokiObject_Destroy(newInstance); - nssrv = PR_SUCCESS; - } else { - nssrv = PR_FAILURE; - } + if (!newInstance) { + nssrv = PR_FAILURE; + goto done; + } + nssPKIObject_AddInstance(&c->object, newInstance); + newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding, + &c->issuer, &c->serial, + nssTrust->serverAuth, + nssTrust->clientAuth, + nssTrust->codeSigning, + nssTrust->emailProtection, + nssTrust->stepUpApproved, PR_TRUE); + } + if (newInstance) { + nssCryptokiObject_Destroy(newInstance); + nssrv = PR_SUCCESS; + } else { + nssrv = PR_FAILURE; + } } else { - nssrv = PR_FAILURE; + nssrv = PR_FAILURE; } done: (void)nssTrust_Destroy(nssTrust); @@ -1271,41 +1266,40 @@ done: static PRStatus DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) { - int numNotDestroyed = 0; /* the ones skipped plus the failures */ - int failureCount = 0; /* actual deletion failures by devices */ + int numNotDestroyed = 0; /* the ones skipped plus the failures */ + int failureCount = 0; /* actual deletion failures by devices */ unsigned int index; nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); /* Keep going even if a module fails to delete. */ for (index = 0; index < tObject->numInstances; index++) { - nssCryptokiObject *instance = tObject->instances[index]; - if (!instance) { - continue; - } - - /* ReadOnly and not matched treated the same */ - if (PK11_IsReadOnly(instance->token->pk11slot) || - pk11slot != instance->token->pk11slot) { - tObject->instances[numNotDestroyed++] = instance; - continue; - } - - /* Here we have found a matching one */ - tObject->instances[index] = NULL; - if (nssToken_DeleteStoredObject(instance) == PR_SUCCESS) { - nssCryptokiObject_Destroy(instance); - } else { - tObject->instances[numNotDestroyed++] = instance; - failureCount++; - } + nssCryptokiObject *instance = tObject->instances[index]; + if (!instance) { + continue; + } + /* ReadOnly and not matched treated the same */ + if (PK11_IsReadOnly(instance->token->pk11slot) || + pk11slot != instance->token->pk11slot) { + tObject->instances[numNotDestroyed++] = instance; + continue; + } + + /* Here we have found a matching one */ + tObject->instances[index] = NULL; + if (nssToken_DeleteStoredObject(instance) == PR_SUCCESS) { + nssCryptokiObject_Destroy(instance); + } else { + tObject->instances[numNotDestroyed++] = instance; + failureCount++; + } } if (numNotDestroyed == 0) { - nss_ZFreeIf(tObject->instances); - tObject->numInstances = 0; + nss_ZFreeIf(tObject->instances); + tObject->numInstances = 0; } else { - tObject->numInstances = numNotDestroyed; + tObject->numInstances = numNotDestroyed; } nssPKIObject_Unlock(tObject); @@ -1316,19 +1310,24 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) /* ** Delete trust objects matching the slot of the given certificate. -** Returns an error if any device fails to delete. +** Returns an error if any device fails to delete. */ NSS_EXTERN PRStatus STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) { PRStatus nssrv = PR_SUCCESS; + unsigned int i; + nssPKIObject *tobject = NULL; + nssPKIObject *cobject = &c->object; + NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c); - /* caller made sure nssTrust isn't NULL */ - nssPKIObject *tobject = &nssTrust->object; - nssPKIObject *cobject = &c->object; - unsigned int i; + if (!nssTrust) { + return PR_FAILURE; + } + + tobject = &nssTrust->object; /* Iterate through the cert and trust object instances looking for * those with matching pk11 slots to delete. Even if some device @@ -1339,17 +1338,19 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) nssPKIObject_AddRef(cobject); nssPKIObject_Lock(cobject); for (i = 0; i < cobject->numInstances; i++) { - nssCryptokiObject *cInstance = cobject->instances[i]; - if (cInstance && !PK11_IsReadOnly(cInstance->token->pk11slot)) { - PRStatus status; - if (!tobject->numInstances || !tobject->instances) continue; - status = DeleteCertTrustMatchingSlot(cInstance->token->pk11slot, tobject); - if (status == PR_FAILURE) { - /* set the outer one but keep going */ - nssrv = PR_FAILURE; - } - } + nssCryptokiObject *cInstance = cobject->instances[i]; + if (cInstance && !PK11_IsReadOnly(cInstance->token->pk11slot)) { + PRStatus status; + if (!tobject->numInstances || !tobject->instances) + continue; + status = DeleteCertTrustMatchingSlot(cInstance->token->pk11slot, tobject); + if (status == PR_FAILURE) { + /* set the outer one but keep going */ + nssrv = PR_FAILURE; + } + } } + nssTrust_Destroy(nssTrust); nssPKIObject_Unlock(cobject); nssPKIObject_Destroy(cobject); NSSRWLock_UnlockRead(td->tokensLock); @@ -1358,12 +1359,11 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) /* CERT_TraversePermCertsForSubject */ NSS_IMPLEMENT PRStatus -nssTrustDomain_TraverseCertificatesBySubject ( - NSSTrustDomain *td, - NSSDER *subject, - PRStatus (*callback)(NSSCertificate *c, void *arg), - void *arg -) +nssTrustDomain_TraverseCertificatesBySubject( + NSSTrustDomain *td, + NSSDER *subject, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg) { PRStatus nssrv = PR_SUCCESS; NSSArena *tmpArena; @@ -1377,10 +1377,11 @@ nssTrustDomain_TraverseCertificatesBySubject ( subjectCerts = NSSTrustDomain_FindCertificatesBySubject(td, subject, NULL, 0, tmpArena); if (subjectCerts) { - for (i=0, c = subjectCerts[i]; c; i++) { - nssrv = callback(c, arg); - if (nssrv != PR_SUCCESS) break; - } + for (i = 0, c = subjectCerts[i]; c; i++) { + nssrv = callback(c, arg); + if (nssrv != PR_SUCCESS) + break; + } } nssArena_Destroy(tmpArena); return nssrv; @@ -1388,12 +1389,11 @@ nssTrustDomain_TraverseCertificatesBySubject ( /* CERT_TraversePermCertsForNickname */ NSS_IMPLEMENT PRStatus -nssTrustDomain_TraverseCertificatesByNickname ( - NSSTrustDomain *td, - NSSUTF8 *nickname, - PRStatus (*callback)(NSSCertificate *c, void *arg), - void *arg -) +nssTrustDomain_TraverseCertificatesByNickname( + NSSTrustDomain *td, + NSSUTF8 *nickname, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg) { PRStatus nssrv = PR_SUCCESS; NSSArena *tmpArena; @@ -1407,16 +1407,18 @@ nssTrustDomain_TraverseCertificatesByNickname ( nickCerts = NSSTrustDomain_FindCertificatesByNickname(td, nickname, NULL, 0, tmpArena); if (nickCerts) { - for (i=0, c = nickCerts[i]; c; i++) { - nssrv = callback(c, arg); - if (nssrv != PR_SUCCESS) break; - } + for (i = 0, c = nickCerts[i]; c; i++) { + nssrv = callback(c, arg); + if (nssrv != PR_SUCCESS) + break; + } } nssArena_Destroy(tmpArena); return nssrv; } -static void cert_dump_iter(const void *k, void *v, void *a) +static void +cert_dump_iter(const void *k, void *v, void *a) { NSSCertificate *c = (NSSCertificate *)k; CERTCertificate *cert = STAN_GetCERTCertificate(c); @@ -1434,7 +1436,6 @@ nss_DumpCertificateCacheInfo() nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL); printf("\n\nCertificates in the temporary store:\n"); if (cc->certStore) { - nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); + nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); } } - diff --git a/nss/lib/pki/pki3hack.h b/nss/lib/pki/pki3hack.h index 39fab75..818872a 100644 --- a/nss/lib/pki/pki3hack.h +++ b/nss/lib/pki/pki3hack.h @@ -23,13 +23,13 @@ PR_BEGIN_EXTERN_C -#define NSSITEM_FROM_SECITEM(nssit, secit) \ - (nssit)->data = (void *)(secit)->data; \ +#define NSSITEM_FROM_SECITEM(nssit, secit) \ + (nssit)->data = (void *)(secit)->data; \ (nssit)->size = (PRUint32)(secit)->len; #define SECITEM_FROM_NSSITEM(secit, nssit) \ (secit)->data = (unsigned char *)(nssit)->data; \ - (secit)->len = (unsigned int)(nssit)->size; + (secit)->len = (unsigned int)(nssit)->size; NSS_EXTERN NSSTrustDomain * STAN_GetDefaultTrustDomain(); @@ -67,7 +67,7 @@ STAN_GetCERTCertificateOrRelease(NSSCertificate *c); NSS_EXTERN NSSCertificate * STAN_GetNSSCertificate(CERTCertificate *c); -NSS_EXTERN CERTCertTrust * +NSS_EXTERN CERTCertTrust * nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc); NSS_EXTERN PRStatus @@ -90,74 +90,59 @@ STAN_GetCERTCertificateNameForInstance(PLArenaPool *arenaOpt, /* exposing this */ NSS_EXTERN NSSCertificate * -NSSCertificate_Create -( - NSSArena *arenaOpt -); +NSSCertificate_Create(NSSArena *arenaOpt); -/* This function is being put here because it is a hack for +/* This function is being put here because it is a hack for * PK11_FindCertFromNickname. */ NSS_EXTERN NSSCertificate * -nssTrustDomain_FindBestCertificateByNicknameForToken -( - NSSTrustDomain *td, - NSSToken *token, - NSSUTF8 *name, - NSSTime *timeOpt, /* NULL for "now" */ - NSSUsage *usage, - NSSPolicies *policiesOpt /* NULL for none */ -); - -/* This function is being put here because it is a hack for +nssTrustDomain_FindBestCertificateByNicknameForToken( + NSSTrustDomain *td, + NSSToken *token, + NSSUTF8 *name, + NSSTime *timeOpt, /* NULL for "now" */ + NSSUsage *usage, + NSSPolicies *policiesOpt /* NULL for none */ + ); + +/* This function is being put here because it is a hack for * PK11_FindCertsFromNickname. */ NSS_EXTERN NSSCertificate ** -nssTrustDomain_FindCertificatesByNicknameForToken -( - NSSTrustDomain *td, - NSSToken *token, - NSSUTF8 *name, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -); +nssTrustDomain_FindCertificatesByNicknameForToken( + NSSTrustDomain *td, + NSSToken *token, + NSSUTF8 *name, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt); /* CERT_TraversePermCertsForSubject */ NSS_EXTERN PRStatus -nssTrustDomain_TraverseCertificatesBySubject -( - NSSTrustDomain *td, - NSSDER *subject, - PRStatus (*callback)(NSSCertificate *c, void *arg), - void *arg -); +nssTrustDomain_TraverseCertificatesBySubject( + NSSTrustDomain *td, + NSSDER *subject, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg); /* CERT_TraversePermCertsForNickname */ NSS_EXTERN PRStatus -nssTrustDomain_TraverseCertificatesByNickname -( - NSSTrustDomain *td, - NSSUTF8 *nickname, - PRStatus (*callback)(NSSCertificate *c, void *arg), - void *arg -); +nssTrustDomain_TraverseCertificatesByNickname( + NSSTrustDomain *td, + NSSUTF8 *nickname, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg); /* SEC_TraversePermCerts */ NSS_EXTERN PRStatus -nssTrustDomain_TraverseCertificates -( - NSSTrustDomain *td, - PRStatus (*callback)(NSSCertificate *c, void *arg), - void *arg -); +nssTrustDomain_TraverseCertificates( + NSSTrustDomain *td, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg); /* CERT_AddTempCertToPerm */ NSS_EXTERN PRStatus -nssTrustDomain_AddTempCertToPerm -( - NSSCertificate *c -); +nssTrustDomain_AddTempCertToPerm(NSSCertificate *c); PR_END_EXTERN_C diff --git a/nss/lib/pki/pkibase.c b/nss/lib/pki/pkibase.c index 0e39e8b..4082a37 100644 --- a/nss/lib/pki/pkibase.c +++ b/nss/lib/pki/pkibase.c @@ -15,244 +15,237 @@ extern const NSSError NSS_ERROR_NOT_FOUND; NSS_IMPLEMENT void -nssPKIObject_Lock(nssPKIObject * object) +nssPKIObject_Lock(nssPKIObject *object) { switch (object->lockType) { - case nssPKIMonitor: - PZ_EnterMonitor(object->sync.mlock); - break; - case nssPKILock: - PZ_Lock(object->sync.lock); - break; - default: - PORT_Assert(0); + case nssPKIMonitor: + PZ_EnterMonitor(object->sync.mlock); + break; + case nssPKILock: + PZ_Lock(object->sync.lock); + break; + default: + PORT_Assert(0); } } NSS_IMPLEMENT void -nssPKIObject_Unlock(nssPKIObject * object) +nssPKIObject_Unlock(nssPKIObject *object) { switch (object->lockType) { - case nssPKIMonitor: - PZ_ExitMonitor(object->sync.mlock); - break; - case nssPKILock: - PZ_Unlock(object->sync.lock); - break; - default: - PORT_Assert(0); + case nssPKIMonitor: + PZ_ExitMonitor(object->sync.mlock); + break; + case nssPKILock: + PZ_Unlock(object->sync.lock); + break; + default: + PORT_Assert(0); } } NSS_IMPLEMENT PRStatus -nssPKIObject_NewLock(nssPKIObject * object, nssPKILockType lockType) +nssPKIObject_NewLock(nssPKIObject *object, nssPKILockType lockType) { object->lockType = lockType; switch (lockType) { - case nssPKIMonitor: - object->sync.mlock = PZ_NewMonitor(nssILockSSL); - return (object->sync.mlock ? PR_SUCCESS : PR_FAILURE); - case nssPKILock: - object->sync.lock = PZ_NewLock(nssILockSSL); - return (object->sync.lock ? PR_SUCCESS : PR_FAILURE); - default: - PORT_Assert(0); - return PR_FAILURE; + case nssPKIMonitor: + object->sync.mlock = PZ_NewMonitor(nssILockSSL); + return (object->sync.mlock ? PR_SUCCESS : PR_FAILURE); + case nssPKILock: + object->sync.lock = PZ_NewLock(nssILockSSL); + return (object->sync.lock ? PR_SUCCESS : PR_FAILURE); + default: + PORT_Assert(0); + return PR_FAILURE; } } NSS_IMPLEMENT void -nssPKIObject_DestroyLock(nssPKIObject * object) +nssPKIObject_DestroyLock(nssPKIObject *object) { switch (object->lockType) { - case nssPKIMonitor: - PZ_DestroyMonitor(object->sync.mlock); - object->sync.mlock = NULL; - break; - case nssPKILock: - PZ_DestroyLock(object->sync.lock); - object->sync.lock = NULL; - break; - default: - PORT_Assert(0); + case nssPKIMonitor: + PZ_DestroyMonitor(object->sync.mlock); + object->sync.mlock = NULL; + break; + case nssPKILock: + PZ_DestroyLock(object->sync.lock); + object->sync.lock = NULL; + break; + default: + PORT_Assert(0); } } - - NSS_IMPLEMENT nssPKIObject * -nssPKIObject_Create ( - NSSArena *arenaOpt, - nssCryptokiObject *instanceOpt, - NSSTrustDomain *td, - NSSCryptoContext *cc, - nssPKILockType lockType -) +nssPKIObject_Create( + NSSArena *arenaOpt, + nssCryptokiObject *instanceOpt, + NSSTrustDomain *td, + NSSCryptoContext *cc, + nssPKILockType lockType) { NSSArena *arena; nssArenaMark *mark = NULL; nssPKIObject *object; if (arenaOpt) { - arena = arenaOpt; - mark = nssArena_Mark(arena); + arena = arenaOpt; + mark = nssArena_Mark(arena); } else { - arena = nssArena_Create(); - if (!arena) { - return (nssPKIObject *)NULL; - } + arena = nssArena_Create(); + if (!arena) { + return (nssPKIObject *)NULL; + } } object = nss_ZNEW(arena, nssPKIObject); if (!object) { - goto loser; + goto loser; } object->arena = arena; object->trustDomain = td; /* XXX */ object->cryptoContext = cc; if (PR_SUCCESS != nssPKIObject_NewLock(object, lockType)) { - goto loser; + goto loser; } if (instanceOpt) { - if (nssPKIObject_AddInstance(object, instanceOpt) != PR_SUCCESS) { - goto loser; - } + if (nssPKIObject_AddInstance(object, instanceOpt) != PR_SUCCESS) { + goto loser; + } } PR_ATOMIC_INCREMENT(&object->refCount); if (mark) { - nssArena_Unmark(arena, mark); + nssArena_Unmark(arena, mark); } return object; loser: if (mark) { - nssArena_Release(arena, mark); + nssArena_Release(arena, mark); } else { - nssArena_Destroy(arena); + nssArena_Destroy(arena); } return (nssPKIObject *)NULL; } NSS_IMPLEMENT PRBool -nssPKIObject_Destroy ( - nssPKIObject *object -) +nssPKIObject_Destroy( + nssPKIObject *object) { PRUint32 i; PR_ASSERT(object->refCount > 0); if (PR_ATOMIC_DECREMENT(&object->refCount) == 0) { - for (i=0; i<object->numInstances; i++) { - nssCryptokiObject_Destroy(object->instances[i]); - } - nssPKIObject_DestroyLock(object); - nssArena_Destroy(object->arena); - return PR_TRUE; + for (i = 0; i < object->numInstances; i++) { + nssCryptokiObject_Destroy(object->instances[i]); + } + nssPKIObject_DestroyLock(object); + nssArena_Destroy(object->arena); + return PR_TRUE; } return PR_FALSE; } NSS_IMPLEMENT nssPKIObject * -nssPKIObject_AddRef ( - nssPKIObject *object -) +nssPKIObject_AddRef( + nssPKIObject *object) { PR_ATOMIC_INCREMENT(&object->refCount); return object; } NSS_IMPLEMENT PRStatus -nssPKIObject_AddInstance ( - nssPKIObject *object, - nssCryptokiObject *instance -) +nssPKIObject_AddInstance( + nssPKIObject *object, + nssCryptokiObject *instance) { nssCryptokiObject **newInstances = NULL; nssPKIObject_Lock(object); if (object->numInstances == 0) { - newInstances = nss_ZNEWARRAY(object->arena, - nssCryptokiObject *, - object->numInstances + 1); + newInstances = nss_ZNEWARRAY(object->arena, + nssCryptokiObject *, + object->numInstances + 1); } else { - PRBool found = PR_FALSE; - PRUint32 i; - for (i=0; i<object->numInstances; i++) { - if (nssCryptokiObject_Equal(object->instances[i], instance)) { - found = PR_TRUE; - break; - } - } - if (found) { - /* The new instance is identical to one in the array, except - * perhaps that the label may be different. So replace - * the label in the array instance with the label from the - * new instance, and discard the new instance. - */ - nss_ZFreeIf(object->instances[i]->label); - object->instances[i]->label = instance->label; - nssPKIObject_Unlock(object); - instance->label = NULL; - nssCryptokiObject_Destroy(instance); - return PR_SUCCESS; - } - newInstances = nss_ZREALLOCARRAY(object->instances, - nssCryptokiObject *, - object->numInstances + 1); + PRBool found = PR_FALSE; + PRUint32 i; + for (i = 0; i < object->numInstances; i++) { + if (nssCryptokiObject_Equal(object->instances[i], instance)) { + found = PR_TRUE; + break; + } + } + if (found) { + /* The new instance is identical to one in the array, except + * perhaps that the label may be different. So replace + * the label in the array instance with the label from the + * new instance, and discard the new instance. + */ + nss_ZFreeIf(object->instances[i]->label); + object->instances[i]->label = instance->label; + nssPKIObject_Unlock(object); + instance->label = NULL; + nssCryptokiObject_Destroy(instance); + return PR_SUCCESS; + } + newInstances = nss_ZREALLOCARRAY(object->instances, + nssCryptokiObject *, + object->numInstances + 1); } if (newInstances) { - object->instances = newInstances; - newInstances[object->numInstances++] = instance; + object->instances = newInstances; + newInstances[object->numInstances++] = instance; } nssPKIObject_Unlock(object); return (newInstances ? PR_SUCCESS : PR_FAILURE); } NSS_IMPLEMENT PRBool -nssPKIObject_HasInstance ( - nssPKIObject *object, - nssCryptokiObject *instance -) +nssPKIObject_HasInstance( + nssPKIObject *object, + nssCryptokiObject *instance) { PRUint32 i; - PRBool hasIt = PR_FALSE;; + PRBool hasIt = PR_FALSE; + ; nssPKIObject_Lock(object); - for (i=0; i<object->numInstances; i++) { - if (nssCryptokiObject_Equal(object->instances[i], instance)) { - hasIt = PR_TRUE; - break; - } + for (i = 0; i < object->numInstances; i++) { + if (nssCryptokiObject_Equal(object->instances[i], instance)) { + hasIt = PR_TRUE; + break; + } } nssPKIObject_Unlock(object); return hasIt; } NSS_IMPLEMENT PRStatus -nssPKIObject_RemoveInstanceForToken ( - nssPKIObject *object, - NSSToken *token -) +nssPKIObject_RemoveInstanceForToken( + nssPKIObject *object, + NSSToken *token) { PRUint32 i; nssCryptokiObject *instanceToRemove = NULL; nssPKIObject_Lock(object); if (object->numInstances == 0) { - nssPKIObject_Unlock(object); - return PR_SUCCESS; + nssPKIObject_Unlock(object); + return PR_SUCCESS; } - for (i=0; i<object->numInstances; i++) { - if (object->instances[i]->token == token) { - instanceToRemove = object->instances[i]; - object->instances[i] = object->instances[object->numInstances-1]; - object->instances[object->numInstances-1] = NULL; - break; - } + for (i = 0; i < object->numInstances; i++) { + if (object->instances[i]->token == token) { + instanceToRemove = object->instances[i]; + object->instances[i] = object->instances[object->numInstances - 1]; + object->instances[object->numInstances - 1] = NULL; + break; + } } if (--object->numInstances > 0) { - nssCryptokiObject **instances = nss_ZREALLOCARRAY(object->instances, - nssCryptokiObject *, - object->numInstances); - if (instances) { - object->instances = instances; - } + nssCryptokiObject **instances = nss_ZREALLOCARRAY(object->instances, + nssCryptokiObject *, + object->numInstances); + if (instances) { + object->instances = instances; + } } else { - nss_ZFreeIf(object->instances); + nss_ZFreeIf(object->instances); } nssCryptokiObject_Destroy(instanceToRemove); nssPKIObject_Unlock(object); @@ -263,171 +256,165 @@ nssPKIObject_RemoveInstanceForToken ( * instances */ NSS_IMPLEMENT PRStatus -nssPKIObject_DeleteStoredObject ( - nssPKIObject *object, - NSSCallback *uhh, - PRBool isFriendly -) +nssPKIObject_DeleteStoredObject( + nssPKIObject *object, + NSSCallback *uhh, + PRBool isFriendly) { PRUint32 i, numNotDestroyed; PRStatus status = PR_SUCCESS; numNotDestroyed = 0; nssPKIObject_Lock(object); - for (i=0; i<object->numInstances; i++) { - nssCryptokiObject *instance = object->instances[i]; - status = nssToken_DeleteStoredObject(instance); - object->instances[i] = NULL; - if (status == PR_SUCCESS) { - nssCryptokiObject_Destroy(instance); - } else { - object->instances[numNotDestroyed++] = instance; - } + for (i = 0; i < object->numInstances; i++) { + nssCryptokiObject *instance = object->instances[i]; + status = nssToken_DeleteStoredObject(instance); + object->instances[i] = NULL; + if (status == PR_SUCCESS) { + nssCryptokiObject_Destroy(instance); + } else { + object->instances[numNotDestroyed++] = instance; + } } if (numNotDestroyed == 0) { - nss_ZFreeIf(object->instances); - object->numInstances = 0; + nss_ZFreeIf(object->instances); + object->numInstances = 0; } else { - object->numInstances = numNotDestroyed; + object->numInstances = numNotDestroyed; } nssPKIObject_Unlock(object); return status; } NSS_IMPLEMENT NSSToken ** -nssPKIObject_GetTokens ( - nssPKIObject *object, - PRStatus *statusOpt -) +nssPKIObject_GetTokens( + nssPKIObject *object, + PRStatus *statusOpt) { NSSToken **tokens = NULL; nssPKIObject_Lock(object); if (object->numInstances > 0) { - tokens = nss_ZNEWARRAY(NULL, NSSToken *, object->numInstances + 1); - if (tokens) { - PRUint32 i; - for (i=0; i<object->numInstances; i++) { - tokens[i] = nssToken_AddRef(object->instances[i]->token); - } - } + tokens = nss_ZNEWARRAY(NULL, NSSToken *, object->numInstances + 1); + if (tokens) { + PRUint32 i; + for (i = 0; i < object->numInstances; i++) { + tokens[i] = nssToken_AddRef(object->instances[i]->token); + } + } } nssPKIObject_Unlock(object); - if (statusOpt) *statusOpt = PR_SUCCESS; /* until more logic here */ + if (statusOpt) + *statusOpt = PR_SUCCESS; /* until more logic here */ return tokens; } NSS_IMPLEMENT NSSUTF8 * -nssPKIObject_GetNicknameForToken ( - nssPKIObject *object, - NSSToken *tokenOpt -) +nssPKIObject_GetNicknameForToken( + nssPKIObject *object, + NSSToken *tokenOpt) { PRUint32 i; NSSUTF8 *nickname = NULL; nssPKIObject_Lock(object); - for (i=0; i<object->numInstances; i++) { - if ((!tokenOpt && object->instances[i]->label) || - (object->instances[i]->token == tokenOpt)) - { + for (i = 0; i < object->numInstances; i++) { + if ((!tokenOpt && object->instances[i]->label) || + (object->instances[i]->token == tokenOpt)) { /* Must copy, see bug 745548 */ - nickname = nssUTF8_Duplicate(object->instances[i]->label, NULL); - break; - } + nickname = nssUTF8_Duplicate(object->instances[i]->label, NULL); + break; + } } nssPKIObject_Unlock(object); return nickname; } NSS_IMPLEMENT nssCryptokiObject ** -nssPKIObject_GetInstances ( - nssPKIObject *object -) +nssPKIObject_GetInstances( + nssPKIObject *object) { nssCryptokiObject **instances = NULL; PRUint32 i; if (object->numInstances == 0) { - return (nssCryptokiObject **)NULL; + return (nssCryptokiObject **)NULL; } nssPKIObject_Lock(object); - instances = nss_ZNEWARRAY(NULL, nssCryptokiObject *, + instances = nss_ZNEWARRAY(NULL, nssCryptokiObject *, object->numInstances + 1); if (instances) { - for (i=0; i<object->numInstances; i++) { - instances[i] = nssCryptokiObject_Clone(object->instances[i]); - } + for (i = 0; i < object->numInstances; i++) { + instances[i] = nssCryptokiObject_Clone(object->instances[i]); + } } nssPKIObject_Unlock(object); return instances; } NSS_IMPLEMENT void -nssCertificateArray_Destroy ( - NSSCertificate **certs -) +nssCertificateArray_Destroy( + NSSCertificate **certs) { if (certs) { - NSSCertificate **certp; - for (certp = certs; *certp; certp++) { - if ((*certp)->decoding) { - CERTCertificate *cc = STAN_GetCERTCertificate(*certp); - if (cc) { - CERT_DestroyCertificate(cc); - } - continue; - } - nssCertificate_Destroy(*certp); - } - nss_ZFreeIf(certs); + NSSCertificate **certp; + for (certp = certs; *certp; certp++) { + if ((*certp)->decoding) { + CERTCertificate *cc = STAN_GetCERTCertificate(*certp); + if (cc) { + CERT_DestroyCertificate(cc); + } + continue; + } + nssCertificate_Destroy(*certp); + } + nss_ZFreeIf(certs); } } NSS_IMPLEMENT void -NSSCertificateArray_Destroy ( - NSSCertificate **certs -) +NSSCertificateArray_Destroy( + NSSCertificate **certs) { nssCertificateArray_Destroy(certs); } NSS_IMPLEMENT NSSCertificate ** -nssCertificateArray_Join ( - NSSCertificate **certs1, - NSSCertificate **certs2 -) +nssCertificateArray_Join( + NSSCertificate **certs1, + NSSCertificate **certs2) { if (certs1 && certs2) { - NSSCertificate **certs, **cp; - PRUint32 count = 0; - PRUint32 count1 = 0; - cp = certs1; - while (*cp++) count1++; - count = count1; - cp = certs2; - while (*cp++) count++; - certs = nss_ZREALLOCARRAY(certs1, NSSCertificate *, count + 1); - if (!certs) { - nss_ZFreeIf(certs1); - nss_ZFreeIf(certs2); - return (NSSCertificate **)NULL; - } - for (cp = certs2; *cp; cp++, count1++) { - certs[count1] = *cp; - } - nss_ZFreeIf(certs2); - return certs; + NSSCertificate **certs, **cp; + PRUint32 count = 0; + PRUint32 count1 = 0; + cp = certs1; + while (*cp++) + count1++; + count = count1; + cp = certs2; + while (*cp++) + count++; + certs = nss_ZREALLOCARRAY(certs1, NSSCertificate *, count + 1); + if (!certs) { + nss_ZFreeIf(certs1); + nss_ZFreeIf(certs2); + return (NSSCertificate **)NULL; + } + for (cp = certs2; *cp; cp++, count1++) { + certs[count1] = *cp; + } + nss_ZFreeIf(certs2); + return certs; } else if (certs1) { - return certs1; + return certs1; } else { - return certs2; + return certs2; } } -NSS_IMPLEMENT NSSCertificate * -nssCertificateArray_FindBestCertificate ( - NSSCertificate **certs, - NSSTime *timeOpt, - const NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSS_IMPLEMENT NSSCertificate * +nssCertificateArray_FindBestCertificate( + NSSCertificate **certs, + NSSTime *timeOpt, + const NSSUsage *usage, + NSSPolicies *policiesOpt) { NSSCertificate *bestCert = NULL; nssDecodedCert *bestdc = NULL; @@ -438,129 +425,127 @@ nssCertificateArray_FindBestCertificate ( PRBool bestCertIsTrusted = PR_FALSE; if (timeOpt) { - time = timeOpt; + time = timeOpt; } else { - NSSTime_Now(&sTime); - time = &sTime; + NSSTime_Now(&sTime); + time = &sTime; } if (!certs) { - return (NSSCertificate *)NULL; + return (NSSCertificate *)NULL; } for (; *certs; certs++) { - nssDecodedCert *dc; - NSSCertificate *c = *certs; - dc = nssCertificate_GetDecoding(c); - if (!dc) continue; - thisCertMatches = dc->matchUsage(dc, usage); - if (!bestCert) { - /* always take the first cert, but remember whether or not - * the usage matched - */ - bestCert = nssCertificate_AddRef(c); - bestCertMatches = thisCertMatches; - bestdc = dc; - continue; - } else { - if (bestCertMatches && !thisCertMatches) { - /* if already have a cert for this usage, and if this cert - * doesn't have the correct usage, continue - */ - continue; - } else if (!bestCertMatches && thisCertMatches) { - /* this one does match usage, replace the other */ - nssCertificate_Destroy(bestCert); - bestCert = nssCertificate_AddRef(c); - bestCertMatches = thisCertMatches; - bestdc = dc; - continue; - } - /* this cert match as well as any cert we've found so far, - * defer to time/policies - * */ - } - /* time */ - if (bestCertIsValidAtTime || bestdc->isValidAtTime(bestdc, time)) { - /* The current best cert is valid at time */ - bestCertIsValidAtTime = PR_TRUE; - if (!dc->isValidAtTime(dc, time)) { - /* If the new cert isn't valid at time, it's not better */ - continue; - } - } else { - /* The current best cert is not valid at time */ - if (dc->isValidAtTime(dc, time)) { - /* If the new cert is valid at time, it's better */ - nssCertificate_Destroy(bestCert); - bestCert = nssCertificate_AddRef(c); - bestdc = dc; - bestCertIsValidAtTime = PR_TRUE; - continue; - } - } - /* Either they are both valid at time, or neither valid. - * If only one is trusted for this usage, take it. - */ - if (bestCertIsTrusted || bestdc->isTrustedForUsage(bestdc, usage)) { - bestCertIsTrusted = PR_TRUE; - if (!dc->isTrustedForUsage(dc, usage)) { - continue; - } - } else { - /* The current best cert is not trusted */ - if (dc->isTrustedForUsage(dc, usage)) { - /* If the new cert is trusted, it's better */ - nssCertificate_Destroy(bestCert); - bestCert = nssCertificate_AddRef(c); - bestdc = dc; - bestCertIsTrusted = PR_TRUE; - continue; - } - } - /* Otherwise, take the newer one. */ - if (!bestdc->isNewerThan(bestdc, dc)) { - nssCertificate_Destroy(bestCert); - bestCert = nssCertificate_AddRef(c); - bestdc = dc; - continue; - } - /* policies */ - /* XXX later -- defer to policies */ + nssDecodedCert *dc; + NSSCertificate *c = *certs; + dc = nssCertificate_GetDecoding(c); + if (!dc) + continue; + thisCertMatches = dc->matchUsage(dc, usage); + if (!bestCert) { + /* always take the first cert, but remember whether or not + * the usage matched + */ + bestCert = nssCertificate_AddRef(c); + bestCertMatches = thisCertMatches; + bestdc = dc; + continue; + } else { + if (bestCertMatches && !thisCertMatches) { + /* if already have a cert for this usage, and if this cert + * doesn't have the correct usage, continue + */ + continue; + } else if (!bestCertMatches && thisCertMatches) { + /* this one does match usage, replace the other */ + nssCertificate_Destroy(bestCert); + bestCert = nssCertificate_AddRef(c); + bestCertMatches = thisCertMatches; + bestdc = dc; + continue; + } + /* this cert match as well as any cert we've found so far, + * defer to time/policies + * */ + } + /* time */ + if (bestCertIsValidAtTime || bestdc->isValidAtTime(bestdc, time)) { + /* The current best cert is valid at time */ + bestCertIsValidAtTime = PR_TRUE; + if (!dc->isValidAtTime(dc, time)) { + /* If the new cert isn't valid at time, it's not better */ + continue; + } + } else { + /* The current best cert is not valid at time */ + if (dc->isValidAtTime(dc, time)) { + /* If the new cert is valid at time, it's better */ + nssCertificate_Destroy(bestCert); + bestCert = nssCertificate_AddRef(c); + bestdc = dc; + bestCertIsValidAtTime = PR_TRUE; + continue; + } + } + /* Either they are both valid at time, or neither valid. + * If only one is trusted for this usage, take it. + */ + if (bestCertIsTrusted || bestdc->isTrustedForUsage(bestdc, usage)) { + bestCertIsTrusted = PR_TRUE; + if (!dc->isTrustedForUsage(dc, usage)) { + continue; + } + } else { + /* The current best cert is not trusted */ + if (dc->isTrustedForUsage(dc, usage)) { + /* If the new cert is trusted, it's better */ + nssCertificate_Destroy(bestCert); + bestCert = nssCertificate_AddRef(c); + bestdc = dc; + bestCertIsTrusted = PR_TRUE; + continue; + } + } + /* Otherwise, take the newer one. */ + if (!bestdc->isNewerThan(bestdc, dc)) { + nssCertificate_Destroy(bestCert); + bestCert = nssCertificate_AddRef(c); + bestdc = dc; + continue; + } + /* policies */ + /* XXX later -- defer to policies */ } return bestCert; } NSS_IMPLEMENT PRStatus -nssCertificateArray_Traverse ( - NSSCertificate **certs, - PRStatus (* callback)(NSSCertificate *c, void *arg), - void *arg -) +nssCertificateArray_Traverse( + NSSCertificate **certs, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg) { PRStatus status = PR_SUCCESS; if (certs) { - NSSCertificate **certp; - for (certp = certs; *certp; certp++) { - status = (*callback)(*certp, arg); - if (status != PR_SUCCESS) { - break; - } - } + NSSCertificate **certp; + for (certp = certs; *certp; certp++) { + status = (*callback)(*certp, arg); + if (status != PR_SUCCESS) { + break; + } + } } return status; } - NSS_IMPLEMENT void -nssCRLArray_Destroy ( - NSSCRL **crls -) +nssCRLArray_Destroy( + NSSCRL **crls) { if (crls) { - NSSCRL **crlp; - for (crlp = crls; *crlp; crlp++) { - nssCRL_Destroy(*crlp); - } - nss_ZFreeIf(crls); + NSSCRL **crlp; + for (crlp = crls; *crlp; crlp++) { + nssCRL_Destroy(*crlp); + } + nss_ZFreeIf(crls); } } @@ -568,12 +553,11 @@ nssCRLArray_Destroy ( * Object collections */ -typedef enum -{ - pkiObjectType_Certificate = 0, - pkiObjectType_CRL = 1, - pkiObjectType_PrivateKey = 2, - pkiObjectType_PublicKey = 3 +typedef enum { + pkiObjectType_Certificate = 0, + pkiObjectType_CRL = 1, + pkiObjectType_PrivateKey = 2, + pkiObjectType_PublicKey = 3 } pkiObjectType; /* Each object is defined by a set of items that uniquely identify it. @@ -593,12 +577,11 @@ typedef enum */ typedef struct { - PRCList link; - PRBool haveObject; - nssPKIObject *object; - NSSItem uid[MAX_ITEMS_FOR_UID]; -} -pkiObjectCollectionNode; + PRCList link; + PRBool haveObject; + nssPKIObject *object; + NSSItem uid[MAX_ITEMS_FOR_UID]; +} pkiObjectCollectionNode; /* nssPKIObjectCollection * @@ -606,38 +589,36 @@ pkiObjectCollectionNode; * to manage the objects. * */ -struct nssPKIObjectCollectionStr -{ - NSSArena *arena; - NSSTrustDomain *td; - NSSCryptoContext *cc; - PRCList head; /* list of pkiObjectCollectionNode's */ - PRUint32 size; - pkiObjectType objectType; - void (* destroyObject)(nssPKIObject *o); - PRStatus (* getUIDFromObject)(nssPKIObject *o, NSSItem *uid); - PRStatus (* getUIDFromInstance)(nssCryptokiObject *co, NSSItem *uid, - NSSArena *arena); - nssPKIObject * (* createObject)(nssPKIObject *o); - nssPKILockType lockType; /* type of lock to use for new proto-objects */ +struct nssPKIObjectCollectionStr { + NSSArena *arena; + NSSTrustDomain *td; + NSSCryptoContext *cc; + PRCList head; /* list of pkiObjectCollectionNode's */ + PRUint32 size; + pkiObjectType objectType; + void (*destroyObject)(nssPKIObject *o); + PRStatus (*getUIDFromObject)(nssPKIObject *o, NSSItem *uid); + PRStatus (*getUIDFromInstance)(nssCryptokiObject *co, NSSItem *uid, + NSSArena *arena); + nssPKIObject *(*createObject)(nssPKIObject *o); + nssPKILockType lockType; /* type of lock to use for new proto-objects */ }; static nssPKIObjectCollection * -nssPKIObjectCollection_Create ( - NSSTrustDomain *td, - NSSCryptoContext *ccOpt, - nssPKILockType lockType -) +nssPKIObjectCollection_Create( + NSSTrustDomain *td, + NSSCryptoContext *ccOpt, + nssPKILockType lockType) { NSSArena *arena; nssPKIObjectCollection *rvCollection = NULL; arena = nssArena_Create(); if (!arena) { - return (nssPKIObjectCollection *)NULL; + return (nssPKIObjectCollection *)NULL; } rvCollection = nss_ZNEW(arena, nssPKIObjectCollection); if (!rvCollection) { - goto loser; + goto loser; } PR_INIT_CLIST(&rvCollection->head); rvCollection->arena = arena; @@ -651,47 +632,44 @@ loser: } NSS_IMPLEMENT void -nssPKIObjectCollection_Destroy ( - nssPKIObjectCollection *collection -) +nssPKIObjectCollection_Destroy( + nssPKIObjectCollection *collection) { if (collection) { - PRCList *link; - pkiObjectCollectionNode *node; - /* first destroy any objects in the collection */ - link = PR_NEXT_LINK(&collection->head); - while (link != &collection->head) { - node = (pkiObjectCollectionNode *)link; - if (node->haveObject) { - (*collection->destroyObject)(node->object); - } else { - nssPKIObject_Destroy(node->object); - } - link = PR_NEXT_LINK(link); - } - /* then destroy it */ - nssArena_Destroy(collection->arena); + PRCList *link; + pkiObjectCollectionNode *node; + /* first destroy any objects in the collection */ + link = PR_NEXT_LINK(&collection->head); + while (link != &collection->head) { + node = (pkiObjectCollectionNode *)link; + if (node->haveObject) { + (*collection->destroyObject)(node->object); + } else { + nssPKIObject_Destroy(node->object); + } + link = PR_NEXT_LINK(link); + } + /* then destroy it */ + nssArena_Destroy(collection->arena); } } NSS_IMPLEMENT PRUint32 -nssPKIObjectCollection_Count ( - nssPKIObjectCollection *collection -) +nssPKIObjectCollection_Count( + nssPKIObjectCollection *collection) { return collection->size; } NSS_IMPLEMENT PRStatus -nssPKIObjectCollection_AddObject ( - nssPKIObjectCollection *collection, - nssPKIObject *object -) +nssPKIObjectCollection_AddObject( + nssPKIObjectCollection *collection, + nssPKIObject *object) { pkiObjectCollectionNode *node; node = nss_ZNEW(collection->arena, pkiObjectCollectionNode); if (!node) { - return PR_FAILURE; + return PR_FAILURE; } node->haveObject = PR_TRUE; node->object = nssPKIObject_AddRef(object); @@ -703,29 +681,27 @@ nssPKIObjectCollection_AddObject ( } static pkiObjectCollectionNode * -find_instance_in_collection ( - nssPKIObjectCollection *collection, - nssCryptokiObject *instance -) +find_instance_in_collection( + nssPKIObjectCollection *collection, + nssCryptokiObject *instance) { PRCList *link; pkiObjectCollectionNode *node; link = PR_NEXT_LINK(&collection->head); while (link != &collection->head) { - node = (pkiObjectCollectionNode *)link; - if (nssPKIObject_HasInstance(node->object, instance)) { - return node; - } - link = PR_NEXT_LINK(link); + node = (pkiObjectCollectionNode *)link; + if (nssPKIObject_HasInstance(node->object, instance)) { + return node; + } + link = PR_NEXT_LINK(link); } return (pkiObjectCollectionNode *)NULL; } static pkiObjectCollectionNode * -find_object_in_collection ( - nssPKIObjectCollection *collection, - NSSItem *uid -) +find_object_in_collection( + nssPKIObjectCollection *collection, + NSSItem *uid) { PRUint32 i; PRStatus status; @@ -733,26 +709,25 @@ find_object_in_collection ( pkiObjectCollectionNode *node; link = PR_NEXT_LINK(&collection->head); while (link != &collection->head) { - node = (pkiObjectCollectionNode *)link; - for (i=0; i<MAX_ITEMS_FOR_UID; i++) { - if (!nssItem_Equal(&node->uid[i], &uid[i], &status)) { - break; - } - } - if (i == MAX_ITEMS_FOR_UID) { - return node; - } - link = PR_NEXT_LINK(link); + node = (pkiObjectCollectionNode *)link; + for (i = 0; i < MAX_ITEMS_FOR_UID; i++) { + if (!nssItem_Equal(&node->uid[i], &uid[i], &status)) { + break; + } + } + if (i == MAX_ITEMS_FOR_UID) { + return node; + } + link = PR_NEXT_LINK(link); } return (pkiObjectCollectionNode *)NULL; } static pkiObjectCollectionNode * -add_object_instance ( - nssPKIObjectCollection *collection, - nssCryptokiObject *instance, - PRBool *foundIt -) +add_object_instance( + nssPKIObjectCollection *collection, + nssCryptokiObject *instance, + PRBool *foundIt) { PRUint32 i; PRStatus status; @@ -768,208 +743,203 @@ add_object_instance ( *foundIt = PR_FALSE; node = find_instance_in_collection(collection, instance); if (node) { - /* The collection is assumed to take over the instance. Since we - * are not using it, it must be destroyed. - */ - nssCryptokiObject_Destroy(instance); - *foundIt = PR_TRUE; - return node; + /* The collection is assumed to take over the instance. Since we + * are not using it, it must be destroyed. + */ + nssCryptokiObject_Destroy(instance); + *foundIt = PR_TRUE; + return node; } mark = nssArena_Mark(collection->arena); if (!mark) { - goto loser; + goto loser; } - status = (*collection->getUIDFromInstance)(instance, uid, + status = (*collection->getUIDFromInstance)(instance, uid, collection->arena); if (status != PR_SUCCESS) { - goto loser; + goto loser; } - /* Search for unique identifier. A match here means the object exists - * in the collection, but does not have this instance, so the instance + /* Search for unique identifier. A match here means the object exists + * in the collection, but does not have this instance, so the instance * needs to be added. */ node = find_object_in_collection(collection, uid); if (node) { - /* This is an object with multiple instances */ - status = nssPKIObject_AddInstance(node->object, instance); + /* This is an object with multiple instances */ + status = nssPKIObject_AddInstance(node->object, instance); } else { - /* This is a completely new object. Create a node for it. */ - node = nss_ZNEW(collection->arena, pkiObjectCollectionNode); - if (!node) { - goto loser; - } - node->object = nssPKIObject_Create(NULL, instance, - collection->td, collection->cc, + /* This is a completely new object. Create a node for it. */ + node = nss_ZNEW(collection->arena, pkiObjectCollectionNode); + if (!node) { + goto loser; + } + node->object = nssPKIObject_Create(NULL, instance, + collection->td, collection->cc, collection->lockType); - if (!node->object) { - goto loser; - } - for (i=0; i<MAX_ITEMS_FOR_UID; i++) { - node->uid[i] = uid[i]; - } - node->haveObject = PR_FALSE; - PR_INIT_CLIST(&node->link); - PR_INSERT_BEFORE(&node->link, &collection->head); - collection->size++; - status = PR_SUCCESS; + if (!node->object) { + goto loser; + } + for (i = 0; i < MAX_ITEMS_FOR_UID; i++) { + node->uid[i] = uid[i]; + } + node->haveObject = PR_FALSE; + PR_INIT_CLIST(&node->link); + PR_INSERT_BEFORE(&node->link, &collection->head); + collection->size++; + status = PR_SUCCESS; } nssArena_Unmark(collection->arena, mark); return node; loser: if (mark) { - nssArena_Release(collection->arena, mark); + nssArena_Release(collection->arena, mark); } nssCryptokiObject_Destroy(instance); return (pkiObjectCollectionNode *)NULL; } NSS_IMPLEMENT PRStatus -nssPKIObjectCollection_AddInstances ( - nssPKIObjectCollection *collection, - nssCryptokiObject **instances, - PRUint32 numInstances -) +nssPKIObjectCollection_AddInstances( + nssPKIObjectCollection *collection, + nssCryptokiObject **instances, + PRUint32 numInstances) { PRStatus status = PR_SUCCESS; PRUint32 i = 0; PRBool foundIt; pkiObjectCollectionNode *node; if (instances) { - while ((!numInstances || i < numInstances) && *instances) { - if (status == PR_SUCCESS) { - node = add_object_instance(collection, *instances, &foundIt); - if (node == NULL) { - /* add_object_instance freed the current instance */ - /* free the remaining instances */ - status = PR_FAILURE; - } - } else { - nssCryptokiObject_Destroy(*instances); - } - instances++; - i++; - } + while ((!numInstances || i < numInstances) && *instances) { + if (status == PR_SUCCESS) { + node = add_object_instance(collection, *instances, &foundIt); + if (node == NULL) { + /* add_object_instance freed the current instance */ + /* free the remaining instances */ + status = PR_FAILURE; + } + } else { + nssCryptokiObject_Destroy(*instances); + } + instances++; + i++; + } } return status; } static void -nssPKIObjectCollection_RemoveNode ( - nssPKIObjectCollection *collection, - pkiObjectCollectionNode *node -) +nssPKIObjectCollection_RemoveNode( + nssPKIObjectCollection *collection, + pkiObjectCollectionNode *node) { - PR_REMOVE_LINK(&node->link); + PR_REMOVE_LINK(&node->link); collection->size--; } static PRStatus -nssPKIObjectCollection_GetObjects ( - nssPKIObjectCollection *collection, - nssPKIObject **rvObjects, - PRUint32 rvSize -) +nssPKIObjectCollection_GetObjects( + nssPKIObjectCollection *collection, + nssPKIObject **rvObjects, + PRUint32 rvSize) { PRUint32 i = 0; PRCList *link = PR_NEXT_LINK(&collection->head); pkiObjectCollectionNode *node; - int error=0; + int error = 0; while ((i < rvSize) && (link != &collection->head)) { - node = (pkiObjectCollectionNode *)link; - if (!node->haveObject) { - /* Convert the proto-object to an object */ - node->object = (*collection->createObject)(node->object); - if (!node->object) { - link = PR_NEXT_LINK(link); - /*remove bogus object from list*/ - nssPKIObjectCollection_RemoveNode(collection,node); - error++; - continue; - } - node->haveObject = PR_TRUE; - } - rvObjects[i++] = nssPKIObject_AddRef(node->object); - link = PR_NEXT_LINK(link); + node = (pkiObjectCollectionNode *)link; + if (!node->haveObject) { + /* Convert the proto-object to an object */ + node->object = (*collection->createObject)(node->object); + if (!node->object) { + link = PR_NEXT_LINK(link); + /*remove bogus object from list*/ + nssPKIObjectCollection_RemoveNode(collection, node); + error++; + continue; + } + node->haveObject = PR_TRUE; + } + rvObjects[i++] = nssPKIObject_AddRef(node->object); + link = PR_NEXT_LINK(link); } if (!error && *rvObjects == NULL) { - nss_SetError(NSS_ERROR_NOT_FOUND); + nss_SetError(NSS_ERROR_NOT_FOUND); } return PR_SUCCESS; } NSS_IMPLEMENT PRStatus -nssPKIObjectCollection_Traverse ( - nssPKIObjectCollection *collection, - nssPKIObjectCallback *callback -) +nssPKIObjectCollection_Traverse( + nssPKIObjectCollection *collection, + nssPKIObjectCallback *callback) { PRCList *link = PR_NEXT_LINK(&collection->head); pkiObjectCollectionNode *node; while (link != &collection->head) { - node = (pkiObjectCollectionNode *)link; - if (!node->haveObject) { - node->object = (*collection->createObject)(node->object); - if (!node->object) { - link = PR_NEXT_LINK(link); - /*remove bogus object from list*/ - nssPKIObjectCollection_RemoveNode(collection,node); - continue; - } - node->haveObject = PR_TRUE; - } - switch (collection->objectType) { - case pkiObjectType_Certificate: - (void)(*callback->func.cert)((NSSCertificate *)node->object, - callback->arg); - break; - case pkiObjectType_CRL: - (void)(*callback->func.crl)((NSSCRL *)node->object, - callback->arg); - break; - case pkiObjectType_PrivateKey: - (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object, - callback->arg); - break; - case pkiObjectType_PublicKey: - (void)(*callback->func.pbkey)((NSSPublicKey *)node->object, - callback->arg); - break; - } - link = PR_NEXT_LINK(link); + node = (pkiObjectCollectionNode *)link; + if (!node->haveObject) { + node->object = (*collection->createObject)(node->object); + if (!node->object) { + link = PR_NEXT_LINK(link); + /*remove bogus object from list*/ + nssPKIObjectCollection_RemoveNode(collection, node); + continue; + } + node->haveObject = PR_TRUE; + } + switch (collection->objectType) { + case pkiObjectType_Certificate: + (void)(*callback->func.cert)((NSSCertificate *)node->object, + callback->arg); + break; + case pkiObjectType_CRL: + (void)(*callback->func.crl)((NSSCRL *)node->object, + callback->arg); + break; + case pkiObjectType_PrivateKey: + (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object, + callback->arg); + break; + case pkiObjectType_PublicKey: + (void)(*callback->func.pbkey)((NSSPublicKey *)node->object, + callback->arg); + break; + } + link = PR_NEXT_LINK(link); } return PR_SUCCESS; } NSS_IMPLEMENT PRStatus -nssPKIObjectCollection_AddInstanceAsObject ( - nssPKIObjectCollection *collection, - nssCryptokiObject *instance -) +nssPKIObjectCollection_AddInstanceAsObject( + nssPKIObjectCollection *collection, + nssCryptokiObject *instance) { pkiObjectCollectionNode *node; PRBool foundIt; node = add_object_instance(collection, instance, &foundIt); if (node == NULL) { - return PR_FAILURE; + return PR_FAILURE; } if (!node->haveObject) { - node->object = (*collection->createObject)(node->object); - if (!node->object) { - /*remove bogus object from list*/ - nssPKIObjectCollection_RemoveNode(collection,node); - return PR_FAILURE; - } - node->haveObject = PR_TRUE; + node->object = (*collection->createObject)(node->object); + if (!node->object) { + /*remove bogus object from list*/ + nssPKIObjectCollection_RemoveNode(collection, node); + return PR_FAILURE; + } + node->haveObject = PR_TRUE; } else if (!foundIt) { - /* The instance was added to a pre-existing node. This - * function is *only* being used for certificates, and having - * multiple instances of certs in 3.X requires updating the - * CERTCertificate. - * But only do it if it was a new instance!!! If the same instance - * is encountered, we set *foundIt to true. Detect that here and - * ignore it. - */ - STAN_ForceCERTCertificateUpdate((NSSCertificate *)node->object); + /* The instance was added to a pre-existing node. This + * function is *only* being used for certificates, and having + * multiple instances of certs in 3.X requires updating the + * CERTCertificate. + * But only do it if it was a new instance!!! If the same instance + * is encountered, we set *foundIt to true. Detect that here and + * ignore it. + */ + STAN_ForceCERTCertificateUpdate((NSSCertificate *)node->object); } return PR_SUCCESS; } @@ -983,11 +953,11 @@ cert_destroyObject(nssPKIObject *o) { NSSCertificate *c = (NSSCertificate *)o; if (c->decoding) { - CERTCertificate *cc = STAN_GetCERTCertificate(c); - if (cc) { - CERT_DestroyCertificate(cc); - return; - } /* else destroy it as NSSCertificate below */ + CERTCertificate *cc = STAN_GetCERTCertificate(c); + if (cc) { + CERT_DestroyCertificate(cc); + return; + } /* else destroy it as NSSCertificate below */ } nssCertificate_Destroy(c); } @@ -1002,32 +972,35 @@ cert_getUIDFromObject(nssPKIObject *o, NSSItem *uid) */ NSSDER *derCert; derCert = nssCertificate_GetEncoding(c); - uid[0].data = NULL; uid[0].size = 0; - uid[1].data = NULL; uid[1].size = 0; + uid[0].data = NULL; + uid[0].size = 0; + uid[1].data = NULL; + uid[1].size = 0; if (derCert != NULL) { - uid[0] = *derCert; + uid[0] = *derCert; } return PR_SUCCESS; } static PRStatus -cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid, +cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid, NSSArena *arena) { /* The builtins are still returning decoded serial numbers. Until * this compatibility issue is resolved, use the full DER of the * cert to uniquely identify it. */ - uid[1].data = NULL; uid[1].size = 0; + uid[1].data = NULL; + uid[1].size = 0; return nssCryptokiCertificate_GetAttributes(instance, - NULL, /* XXX sessionOpt */ - arena, /* arena */ - NULL, /* type */ - NULL, /* id */ + NULL, /* XXX sessionOpt */ + arena, /* arena */ + NULL, /* type */ + NULL, /* id */ &uid[0], /* encoding */ - NULL, /* issuer */ - NULL, /* serial */ - NULL); /* subject */ + NULL, /* issuer */ + NULL, /* serial */ + NULL); /* subject */ } static nssPKIObject * @@ -1035,26 +1008,25 @@ cert_createObject(nssPKIObject *o) { NSSCertificate *cert; cert = nssCertificate_Create(o); -/* if (STAN_GetCERTCertificate(cert) == NULL) { - nssCertificate_Destroy(cert); - return (nssPKIObject *)NULL; + /* if (STAN_GetCERTCertificate(cert) == NULL) { + nssCertificate_Destroy(cert); + return (nssPKIObject *)NULL; } */ /* In 3.4, have to maintain uniqueness of cert pointers by caching all * certs. Cache the cert here, before returning. If it is already * cached, take the cached entry. */ { - NSSTrustDomain *td = o->trustDomain; - nssTrustDomain_AddCertsToCache(td, &cert, 1); + NSSTrustDomain *td = o->trustDomain; + nssTrustDomain_AddCertsToCache(td, &cert, 1); } return (nssPKIObject *)cert; } NSS_IMPLEMENT nssPKIObjectCollection * -nssCertificateCollection_Create ( - NSSTrustDomain *td, - NSSCertificate **certsOpt -) +nssCertificateCollection_Create( + NSSTrustDomain *td, + NSSCertificate **certsOpt) { nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor); @@ -1067,48 +1039,47 @@ nssCertificateCollection_Create ( collection->getUIDFromInstance = cert_getUIDFromInstance; collection->createObject = cert_createObject; if (certsOpt) { - for (; *certsOpt; certsOpt++) { - nssPKIObject *object = (nssPKIObject *)(*certsOpt); - (void)nssPKIObjectCollection_AddObject(collection, object); - } + for (; *certsOpt; certsOpt++) { + nssPKIObject *object = (nssPKIObject *)(*certsOpt); + (void)nssPKIObjectCollection_AddObject(collection, object); + } } return collection; } NSS_IMPLEMENT NSSCertificate ** -nssPKIObjectCollection_GetCertificates ( - nssPKIObjectCollection *collection, - NSSCertificate **rvOpt, - PRUint32 maximumOpt, - NSSArena *arenaOpt -) +nssPKIObjectCollection_GetCertificates( + nssPKIObjectCollection *collection, + NSSCertificate **rvOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt) { PRStatus status; PRUint32 rvSize; PRBool allocated = PR_FALSE; if (collection->size == 0) { - return (NSSCertificate **)NULL; + return (NSSCertificate **)NULL; } if (maximumOpt == 0) { - rvSize = collection->size; + rvSize = collection->size; } else { - rvSize = PR_MIN(collection->size, maximumOpt); + rvSize = PR_MIN(collection->size, maximumOpt); } if (!rvOpt) { - rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, rvSize + 1); - if (!rvOpt) { - return (NSSCertificate **)NULL; - } - allocated = PR_TRUE; - } - status = nssPKIObjectCollection_GetObjects(collection, - (nssPKIObject **)rvOpt, + rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, rvSize + 1); + if (!rvOpt) { + return (NSSCertificate **)NULL; + } + allocated = PR_TRUE; + } + status = nssPKIObjectCollection_GetObjects(collection, + (nssPKIObject **)rvOpt, rvSize); if (status != PR_SUCCESS) { - if (allocated) { - nss_ZFreeIf(rvOpt); - } - return (NSSCertificate **)NULL; + if (allocated) { + nss_ZFreeIf(rvOpt); + } + return (NSSCertificate **)NULL; } return rvOpt; } @@ -1135,12 +1106,13 @@ crl_getUIDFromObject(nssPKIObject *o, NSSItem *uid) return PR_FALSE; } uid[0] = *encoding; - uid[1].data = NULL; uid[1].size = 0; + uid[1].data = NULL; + uid[1].size = 0; return PR_SUCCESS; } static PRStatus -crl_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid, +crl_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid, NSSArena *arena) { return nssCryptokiCRL_GetAttributes(instance, @@ -1160,10 +1132,9 @@ crl_createObject(nssPKIObject *o) } NSS_IMPLEMENT nssPKIObjectCollection * -nssCRLCollection_Create ( - NSSTrustDomain *td, - NSSCRL **crlsOpt -) +nssCRLCollection_Create( + NSSTrustDomain *td, + NSSCRL **crlsOpt) { nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock); @@ -1176,48 +1147,47 @@ nssCRLCollection_Create ( collection->getUIDFromInstance = crl_getUIDFromInstance; collection->createObject = crl_createObject; if (crlsOpt) { - for (; *crlsOpt; crlsOpt++) { - nssPKIObject *object = (nssPKIObject *)(*crlsOpt); - (void)nssPKIObjectCollection_AddObject(collection, object); - } + for (; *crlsOpt; crlsOpt++) { + nssPKIObject *object = (nssPKIObject *)(*crlsOpt); + (void)nssPKIObjectCollection_AddObject(collection, object); + } } return collection; } NSS_IMPLEMENT NSSCRL ** -nssPKIObjectCollection_GetCRLs ( - nssPKIObjectCollection *collection, - NSSCRL **rvOpt, - PRUint32 maximumOpt, - NSSArena *arenaOpt -) +nssPKIObjectCollection_GetCRLs( + nssPKIObjectCollection *collection, + NSSCRL **rvOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt) { PRStatus status; PRUint32 rvSize; PRBool allocated = PR_FALSE; if (collection->size == 0) { - return (NSSCRL **)NULL; + return (NSSCRL **)NULL; } if (maximumOpt == 0) { - rvSize = collection->size; + rvSize = collection->size; } else { - rvSize = PR_MIN(collection->size, maximumOpt); + rvSize = PR_MIN(collection->size, maximumOpt); } if (!rvOpt) { - rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCRL *, rvSize + 1); - if (!rvOpt) { - return (NSSCRL **)NULL; - } - allocated = PR_TRUE; - } - status = nssPKIObjectCollection_GetObjects(collection, - (nssPKIObject **)rvOpt, + rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCRL *, rvSize + 1); + if (!rvOpt) { + return (NSSCRL **)NULL; + } + allocated = PR_TRUE; + } + status = nssPKIObjectCollection_GetObjects(collection, + (nssPKIObject **)rvOpt, rvSize); if (status != PR_SUCCESS) { - if (allocated) { - nss_ZFreeIf(rvOpt); - } - return (NSSCRL **)NULL; + if (allocated) { + nss_ZFreeIf(rvOpt); + } + return (NSSCRL **)NULL; } return rvOpt; } @@ -1226,18 +1196,15 @@ nssPKIObjectCollection_GetCRLs ( * this was called? would avoid repeated allocs... */ NSS_IMPLEMENT NSSTime * -NSSTime_Now ( - NSSTime *timeOpt -) +NSSTime_Now(NSSTime *timeOpt) { return NSSTime_SetPRTime(timeOpt, PR_Now()); } NSS_IMPLEMENT NSSTime * -NSSTime_SetPRTime ( - NSSTime *timeOpt, - PRTime prTime -) +NSSTime_SetPRTime( + NSSTime *timeOpt, + PRTime prTime) { NSSTime *rvTime; rvTime = (timeOpt) ? timeOpt : nss_ZNEW(NULL, NSSTime); @@ -1248,10 +1215,8 @@ NSSTime_SetPRTime ( } NSS_IMPLEMENT PRTime -NSSTime_GetPRTime ( - NSSTime *time -) +NSSTime_GetPRTime( + NSSTime *time) { - return time->prTime; + return time->prTime; } - diff --git a/nss/lib/pki/pkim.h b/nss/lib/pki/pkim.h index b1158eb..3be3337 100644 --- a/nss/lib/pki/pkim.h +++ b/nss/lib/pki/pkim.h @@ -36,11 +36,11 @@ PR_BEGIN_EXTERN_C * nssPKIObject_DeleteStoredObject */ -NSS_EXTERN void nssPKIObject_Lock (nssPKIObject * object); -NSS_EXTERN void nssPKIObject_Unlock (nssPKIObject * object); -NSS_EXTERN PRStatus nssPKIObject_NewLock (nssPKIObject * object, - nssPKILockType lockType); -NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject * object); +NSS_EXTERN void nssPKIObject_Lock(nssPKIObject *object); +NSS_EXTERN void nssPKIObject_Unlock(nssPKIObject *object); +NSS_EXTERN PRStatus nssPKIObject_NewLock(nssPKIObject *object, + nssPKILockType lockType); +NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject *object); /* nssPKIObject_Create * @@ -48,22 +48,17 @@ NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject * object); * initialized with a token instance, or alternatively in a crypto context. */ NSS_EXTERN nssPKIObject * -nssPKIObject_Create -( - NSSArena *arenaOpt, - nssCryptokiObject *instanceOpt, - NSSTrustDomain *td, - NSSCryptoContext *ccOpt, - nssPKILockType lockType -); +nssPKIObject_Create( + NSSArena *arenaOpt, + nssCryptokiObject *instanceOpt, + NSSTrustDomain *td, + NSSCryptoContext *ccOpt, + nssPKILockType lockType); /* nssPKIObject_AddRef */ NSS_EXTERN nssPKIObject * -nssPKIObject_AddRef -( - nssPKIObject *object -); +nssPKIObject_AddRef(nssPKIObject *object); /* nssPKIObject_Destroy * @@ -71,43 +66,34 @@ nssPKIObject_AddRef * all references are gone and it should delete any members it owns. */ NSS_EXTERN PRBool -nssPKIObject_Destroy -( - nssPKIObject *object -); +nssPKIObject_Destroy(nssPKIObject *object); /* nssPKIObject_AddInstance * * Add a token instance to the object, if it does not have it already. */ NSS_EXTERN PRStatus -nssPKIObject_AddInstance -( - nssPKIObject *object, - nssCryptokiObject *instance -); +nssPKIObject_AddInstance( + nssPKIObject *object, + nssCryptokiObject *instance); /* nssPKIObject_HasInstance * * Query the object for a token instance. */ NSS_EXTERN PRBool -nssPKIObject_HasInstance -( - nssPKIObject *object, - nssCryptokiObject *instance -); +nssPKIObject_HasInstance( + nssPKIObject *object, + nssCryptokiObject *instance); /* nssPKIObject_GetTokens * * Get all tokens which have an instance of the object. */ NSS_EXTERN NSSToken ** -nssPKIObject_GetTokens -( - nssPKIObject *object, - PRStatus *statusOpt -); +nssPKIObject_GetTokens( + nssPKIObject *object, + PRStatus *statusOpt); /* nssPKIObject_GetNicknameForToken * @@ -115,22 +101,18 @@ nssPKIObject_GetTokens * nickname for the specified token. */ NSS_EXTERN NSSUTF8 * -nssPKIObject_GetNicknameForToken -( - nssPKIObject *object, - NSSToken *tokenOpt -); +nssPKIObject_GetNicknameForToken( + nssPKIObject *object, + NSSToken *tokenOpt); /* nssPKIObject_RemoveInstanceForToken * * Remove the instance of the object on the specified token. */ NSS_EXTERN PRStatus -nssPKIObject_RemoveInstanceForToken -( - nssPKIObject *object, - NSSToken *token -); +nssPKIObject_RemoveInstanceForToken( + nssPKIObject *object, + NSSToken *token); /* nssPKIObject_DeleteStoredObject * @@ -143,135 +125,88 @@ nssPKIObject_RemoveInstanceForToken * regardless of the value of 'isFriendly'. */ NSS_EXTERN PRStatus -nssPKIObject_DeleteStoredObject -( - nssPKIObject *object, - NSSCallback *uhh, - PRBool isFriendly -); +nssPKIObject_DeleteStoredObject( + nssPKIObject *object, + NSSCallback *uhh, + PRBool isFriendly); NSS_EXTERN nssCryptokiObject ** -nssPKIObject_GetInstances -( - nssPKIObject *object -); +nssPKIObject_GetInstances( + nssPKIObject *object); NSS_EXTERN NSSCertificate ** -nssTrustDomain_FindCertificatesByID -( - NSSTrustDomain *td, - NSSItem *id, - NSSCertificate **rvOpt, - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssTrustDomain_FindCertificatesByID( + NSSTrustDomain *td, + NSSItem *id, + NSSCertificate **rvOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSCRL ** -nssTrustDomain_FindCRLsBySubject -( - NSSTrustDomain *td, - NSSDER *subject -); +nssTrustDomain_FindCRLsBySubject( + NSSTrustDomain *td, + NSSDER *subject); /* module-private nsspki methods */ NSS_EXTERN NSSCryptoContext * -nssCryptoContext_Create -( - NSSTrustDomain *td, - NSSCallback *uhhOpt -); +nssCryptoContext_Create( + NSSTrustDomain *td, + NSSCallback *uhhOpt); /* XXX for the collection */ NSS_EXTERN NSSCertificate * -nssCertificate_Create -( - nssPKIObject *object -); +nssCertificate_Create(nssPKIObject *object); NSS_EXTERN PRStatus -nssCertificate_SetCertTrust -( - NSSCertificate *c, - NSSTrust *trust -); +nssCertificate_SetCertTrust( + NSSCertificate *c, + NSSTrust *trust); NSS_EXTERN nssDecodedCert * -nssCertificate_GetDecoding -( - NSSCertificate *c -); +nssCertificate_GetDecoding(NSSCertificate *c); extern PRIntn -nssCertificate_SubjectListSort -( - void *v1, - void *v2 -); +nssCertificate_SubjectListSort( + void *v1, + void *v2); NSS_EXTERN nssDecodedCert * -nssDecodedCert_Create -( - NSSArena *arenaOpt, - NSSDER *encoding, - NSSCertificateType type -); +nssDecodedCert_Create( + NSSArena *arenaOpt, + NSSDER *encoding, + NSSCertificateType type); NSS_EXTERN PRStatus -nssDecodedCert_Destroy -( - nssDecodedCert *dc -); +nssDecodedCert_Destroy(nssDecodedCert *dc); NSS_EXTERN NSSTrust * -nssTrust_Create -( - nssPKIObject *object, - NSSItem *certData -); +nssTrust_Create( + nssPKIObject *object, + NSSItem *certData); NSS_EXTERN NSSCRL * -nssCRL_Create -( - nssPKIObject *object -); +nssCRL_Create(nssPKIObject *object); NSS_EXTERN NSSCRL * -nssCRL_AddRef -( - NSSCRL *crl -); +nssCRL_AddRef(NSSCRL *crl); NSS_EXTERN PRStatus -nssCRL_Destroy -( - NSSCRL *crl -); +nssCRL_Destroy(NSSCRL *crl); NSS_EXTERN PRStatus -nssCRL_DeleteStoredObject -( - NSSCRL *crl, - NSSCallback *uhh -); +nssCRL_DeleteStoredObject( + NSSCRL *crl, + NSSCallback *uhh); NSS_EXTERN NSSPrivateKey * -nssPrivateKey_Create -( - nssPKIObject *o -); +nssPrivateKey_Create(nssPKIObject *o); NSS_EXTERN NSSDER * -nssCRL_GetEncoding -( - NSSCRL *crl -); +nssCRL_GetEncoding(NSSCRL *crl); NSS_EXTERN NSSPublicKey * -nssPublicKey_Create -( - nssPKIObject *object -); +nssPublicKey_Create(nssPKIObject *object); /* nssCertificateArray * @@ -291,10 +226,7 @@ nssPublicKey_Create * to call this method on an arena-allocated array. */ NSS_EXTERN void -nssCertificateArray_Destroy -( - NSSCertificate **certs -); +nssCertificateArray_Destroy(NSSCertificate **certs); /* nssCertificateArray_Join * @@ -305,25 +237,21 @@ nssCertificateArray_Destroy * arena. */ NSS_EXTERN NSSCertificate ** -nssCertificateArray_Join -( - NSSCertificate **certs1, - NSSCertificate **certs2 -); +nssCertificateArray_Join( + NSSCertificate **certs1, + NSSCertificate **certs2); /* nssCertificateArray_FindBestCertificate * * Use the usual { time, usage, policies } to find the best cert in the * array. */ -NSS_EXTERN NSSCertificate * -nssCertificateArray_FindBestCertificate -( - NSSCertificate **certs, - NSSTime *timeOpt, - const NSSUsage *usage, - NSSPolicies *policiesOpt -); +NSS_EXTERN NSSCertificate * +nssCertificateArray_FindBestCertificate( + NSSCertificate **certs, + NSSTime *timeOpt, + const NSSUsage *usage, + NSSPolicies *policiesOpt); /* nssCertificateArray_Traverse * @@ -331,24 +259,19 @@ nssCertificateArray_FindBestCertificate * fails. */ NSS_EXTERN PRStatus -nssCertificateArray_Traverse -( - NSSCertificate **certs, - PRStatus (* callback)(NSSCertificate *c, void *arg), - void *arg -); +nssCertificateArray_Traverse( + NSSCertificate **certs, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg); NSS_EXTERN void -nssCRLArray_Destroy -( - NSSCRL **crls -); +nssCRLArray_Destroy(NSSCRL **crls); /* nssPKIObjectCollection * * This is a handy way to group objects together and perform operations * on them. It can also handle "proto-objects"-- references to - * objects instances on tokens, where the actual object hasn't + * objects instances on tokens, where the actual object hasn't * been formed yet. * * nssCertificateCollection_Create @@ -360,7 +283,7 @@ nssCRLArray_Destroy * type (nssPKIObjectCollection), shared among all. This may cause * confusion; an alternative would be to define all of the methods * for each subtype (nssCertificateCollection_Destroy, ...), but that doesn't - * seem worth the code bloat.. It is left up to the caller to remember + * seem worth the code bloat.. It is left up to the caller to remember * what type of collection he/she is dealing with. * * nssPKIObjectCollection_Destroy @@ -383,11 +306,9 @@ nssCRLArray_Destroy * Optionally provide a starting set of certs. */ NSS_EXTERN nssPKIObjectCollection * -nssCertificateCollection_Create -( - NSSTrustDomain *td, - NSSCertificate **certsOpt -); +nssCertificateCollection_Create( + NSSTrustDomain *td, + NSSCertificate **certsOpt); /* nssCRLCollection_Create * @@ -395,11 +316,9 @@ nssCertificateCollection_Create * Optionally provide a starting set of CRLs. */ NSS_EXTERN nssPKIObjectCollection * -nssCRLCollection_Create -( - NSSTrustDomain *td, - NSSCRL **crlsOpt -); +nssCRLCollection_Create( + NSSTrustDomain *td, + NSSCRL **crlsOpt); /* nssPrivateKeyCollection_Create * @@ -407,11 +326,9 @@ nssCRLCollection_Create * Optionally provide a starting set of keys. */ NSS_EXTERN nssPKIObjectCollection * -nssPrivateKeyCollection_Create -( - NSSTrustDomain *td, - NSSPrivateKey **pvkOpt -); +nssPrivateKeyCollection_Create( + NSSTrustDomain *td, + NSSPrivateKey **pvkOpt); /* nssPublicKeyCollection_Create * @@ -419,34 +336,24 @@ nssPrivateKeyCollection_Create * Optionally provide a starting set of keys. */ NSS_EXTERN nssPKIObjectCollection * -nssPublicKeyCollection_Create -( - NSSTrustDomain *td, - NSSPublicKey **pvkOpt -); +nssPublicKeyCollection_Create( + NSSTrustDomain *td, + NSSPublicKey **pvkOpt); /* nssPKIObjectCollection_Destroy */ NSS_EXTERN void -nssPKIObjectCollection_Destroy -( - nssPKIObjectCollection *collection -); +nssPKIObjectCollection_Destroy(nssPKIObjectCollection *collection); /* nssPKIObjectCollection_Count */ NSS_EXTERN PRUint32 -nssPKIObjectCollection_Count -( - nssPKIObjectCollection *collection -); +nssPKIObjectCollection_Count(nssPKIObjectCollection *collection); NSS_EXTERN PRStatus -nssPKIObjectCollection_AddObject -( - nssPKIObjectCollection *collection, - nssPKIObject *object -); +nssPKIObjectCollection_AddObject( + nssPKIObjectCollection *collection, + nssPKIObject *object); /* nssPKIObjectCollection_AddInstances * @@ -460,21 +367,17 @@ nssPKIObjectCollection_AddObject * numInstances = 0 means the array is NULL-terminated */ NSS_EXTERN PRStatus -nssPKIObjectCollection_AddInstances -( - nssPKIObjectCollection *collection, - nssCryptokiObject **instances, - PRUint32 numInstances -); +nssPKIObjectCollection_AddInstances( + nssPKIObjectCollection *collection, + nssCryptokiObject **instances, + PRUint32 numInstances); /* nssPKIObjectCollection_Traverse */ NSS_EXTERN PRStatus -nssPKIObjectCollection_Traverse -( - nssPKIObjectCollection *collection, - nssPKIObjectCallback *callback -); +nssPKIObjectCollection_Traverse( + nssPKIObjectCollection *collection, + nssPKIObjectCallback *callback); /* This function is being added for NSS 3.5. It corresponds to the function * nssToken_TraverseCertificates. The idea is to use the collection during @@ -482,213 +385,162 @@ nssPKIObjectCollection_Traverse * a cert does not already exist. */ NSS_EXTERN PRStatus -nssPKIObjectCollection_AddInstanceAsObject -( - nssPKIObjectCollection *collection, - nssCryptokiObject *instance -); +nssPKIObjectCollection_AddInstanceAsObject( + nssPKIObjectCollection *collection, + nssCryptokiObject *instance); /* nssPKIObjectCollection_GetCertificates * - * Get all of the certificates in the collection. + * Get all of the certificates in the collection. */ NSS_EXTERN NSSCertificate ** -nssPKIObjectCollection_GetCertificates -( - nssPKIObjectCollection *collection, - NSSCertificate **rvOpt, - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssPKIObjectCollection_GetCertificates( + nssPKIObjectCollection *collection, + NSSCertificate **rvOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSCRL ** -nssPKIObjectCollection_GetCRLs -( - nssPKIObjectCollection *collection, - NSSCRL **rvOpt, - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssPKIObjectCollection_GetCRLs( + nssPKIObjectCollection *collection, + NSSCRL **rvOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSPrivateKey ** -nssPKIObjectCollection_GetPrivateKeys -( - nssPKIObjectCollection *collection, - NSSPrivateKey **rvOpt, - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssPKIObjectCollection_GetPrivateKeys( + nssPKIObjectCollection *collection, + NSSPrivateKey **rvOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSPublicKey ** -nssPKIObjectCollection_GetPublicKeys -( - nssPKIObjectCollection *collection, - NSSPublicKey **rvOpt, - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssPKIObjectCollection_GetPublicKeys( + nssPKIObjectCollection *collection, + NSSPublicKey **rvOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSTime * -NSSTime_Now -( - NSSTime *timeOpt -); +NSSTime_Now(NSSTime *timeOpt); NSS_EXTERN NSSTime * -NSSTime_SetPRTime -( - NSSTime *timeOpt, - PRTime prTime -); +NSSTime_SetPRTime( + NSSTime *timeOpt, + PRTime prTime); NSS_EXTERN PRTime -NSSTime_GetPRTime -( - NSSTime *time -); +NSSTime_GetPRTime( + NSSTime *time); NSS_EXTERN nssHash * -nssHash_CreateCertificate -( - NSSArena *arenaOpt, - PRUint32 numBuckets -); +nssHash_CreateCertificate( + NSSArena *arenaOpt, + PRUint32 numBuckets); /* 3.4 Certificate cache routines */ NSS_EXTERN PRStatus -nssTrustDomain_InitializeCache -( - NSSTrustDomain *td, - PRUint32 cacheSize -); +nssTrustDomain_InitializeCache( + NSSTrustDomain *td, + PRUint32 cacheSize); NSS_EXTERN PRStatus -nssTrustDomain_AddCertsToCache -( - NSSTrustDomain *td, - NSSCertificate **certs, - PRUint32 numCerts -); +nssTrustDomain_AddCertsToCache( + NSSTrustDomain *td, + NSSCertificate **certs, + PRUint32 numCerts); NSS_EXTERN void -nssTrustDomain_RemoveCertFromCacheLOCKED ( - NSSTrustDomain *td, - NSSCertificate *cert -); +nssTrustDomain_RemoveCertFromCacheLOCKED( + NSSTrustDomain *td, + NSSCertificate *cert); NSS_EXTERN void -nssTrustDomain_LockCertCache ( - NSSTrustDomain *td -); +nssTrustDomain_LockCertCache(NSSTrustDomain *td); NSS_EXTERN void -nssTrustDomain_UnlockCertCache ( - NSSTrustDomain *td -); +nssTrustDomain_UnlockCertCache(NSSTrustDomain *td); NSS_IMPLEMENT PRStatus -nssTrustDomain_DestroyCache -( - NSSTrustDomain *td -); +nssTrustDomain_DestroyCache(NSSTrustDomain *td); -/* +/* * Remove all certs for the given token from the cache. This is * needed if the token is removed. */ NSS_EXTERN PRStatus -nssTrustDomain_RemoveTokenCertsFromCache -( - NSSTrustDomain *td, - NSSToken *token -); +nssTrustDomain_RemoveTokenCertsFromCache( + NSSTrustDomain *td, + NSSToken *token); NSS_EXTERN PRStatus -nssTrustDomain_UpdateCachedTokenCerts -( - NSSTrustDomain *td, - NSSToken *token -); +nssTrustDomain_UpdateCachedTokenCerts( + NSSTrustDomain *td, + NSSToken *token); /* * Find all cached certs with this nickname (label). */ NSS_EXTERN NSSCertificate ** -nssTrustDomain_GetCertsForNicknameFromCache -( - NSSTrustDomain *td, - const NSSUTF8 *nickname, - nssList *certListOpt -); +nssTrustDomain_GetCertsForNicknameFromCache( + NSSTrustDomain *td, + const NSSUTF8 *nickname, + nssList *certListOpt); /* * Find all cached certs with this email address. */ NSS_EXTERN NSSCertificate ** -nssTrustDomain_GetCertsForEmailAddressFromCache -( - NSSTrustDomain *td, - NSSASCII7 *email, - nssList *certListOpt -); +nssTrustDomain_GetCertsForEmailAddressFromCache( + NSSTrustDomain *td, + NSSASCII7 *email, + nssList *certListOpt); /* * Find all cached certs with this subject. */ NSS_EXTERN NSSCertificate ** -nssTrustDomain_GetCertsForSubjectFromCache -( - NSSTrustDomain *td, - NSSDER *subject, - nssList *certListOpt -); +nssTrustDomain_GetCertsForSubjectFromCache( + NSSTrustDomain *td, + NSSDER *subject, + nssList *certListOpt); /* * Look for a specific cert in the cache. */ NSS_EXTERN NSSCertificate * -nssTrustDomain_GetCertForIssuerAndSNFromCache -( - NSSTrustDomain *td, - NSSDER *issuer, - NSSDER *serialNum -); +nssTrustDomain_GetCertForIssuerAndSNFromCache( + NSSTrustDomain *td, + NSSDER *issuer, + NSSDER *serialNum); /* * Look for a specific cert in the cache. */ NSS_EXTERN NSSCertificate * -nssTrustDomain_GetCertByDERFromCache -( - NSSTrustDomain *td, - NSSDER *der -); +nssTrustDomain_GetCertByDERFromCache( + NSSTrustDomain *td, + NSSDER *der); /* Get all certs from the cache */ /* XXX this is being included to make some old-style calls word, not to * say we should keep it */ NSS_EXTERN NSSCertificate ** -nssTrustDomain_GetCertsFromCache -( - NSSTrustDomain *td, - nssList *certListOpt -); +nssTrustDomain_GetCertsFromCache( + NSSTrustDomain *td, + nssList *certListOpt); NSS_EXTERN void -nssTrustDomain_DumpCacheInfo -( - NSSTrustDomain *td, - void (* cert_dump_iter)(const void *, void *, void *), - void *arg -); +nssTrustDomain_DumpCacheInfo( + NSSTrustDomain *td, + void (*cert_dump_iter)(const void *, void *, void *), + void *arg); NSS_EXTERN void -nssCertificateList_AddReferences -( - nssList *certList -); +nssCertificateList_AddReferences( + nssList *certList); PR_END_EXTERN_C diff --git a/nss/lib/pki/pkistore.c b/nss/lib/pki/pkistore.c index 15bb658..6113442 100644 --- a/nss/lib/pki/pkistore.c +++ b/nss/lib/pki/pkistore.c @@ -27,7 +27,7 @@ #include "prbit.h" -/* +/* * Certificate Store * * This differs from the cache in that it is a true storage facility. Items @@ -36,8 +36,7 @@ * */ -struct nssCertificateStoreStr -{ +struct nssCertificateStoreStr { PRBool i_alloced_arena; NSSArena *arena; PZLock *lock; @@ -47,8 +46,7 @@ struct nssCertificateStoreStr typedef struct certificate_hash_entry_str certificate_hash_entry; -struct certificate_hash_entry_str -{ +struct certificate_hash_entry_str { NSSCertificate *cert; NSSTrust *trust; nssSMIMEProfile *profile; @@ -56,65 +54,62 @@ struct certificate_hash_entry_str /* forward static declarations */ static NSSCertificate * -nssCertStore_FindCertByIssuerAndSerialNumberLocked ( - nssCertificateStore *store, - NSSDER *issuer, - NSSDER *serial -); +nssCertStore_FindCertByIssuerAndSerialNumberLocked( + nssCertificateStore *store, + NSSDER *issuer, + NSSDER *serial); NSS_IMPLEMENT nssCertificateStore * -nssCertificateStore_Create ( - NSSArena *arenaOpt -) +nssCertificateStore_Create(NSSArena *arenaOpt) { NSSArena *arena; nssCertificateStore *store; PRBool i_alloced_arena; if (arenaOpt) { - arena = arenaOpt; - i_alloced_arena = PR_FALSE; + arena = arenaOpt; + i_alloced_arena = PR_FALSE; } else { - arena = nssArena_Create(); - if (!arena) { - return NULL; - } - i_alloced_arena = PR_TRUE; + arena = nssArena_Create(); + if (!arena) { + return NULL; + } + i_alloced_arena = PR_TRUE; } store = nss_ZNEW(arena, nssCertificateStore); if (!store) { - goto loser; + goto loser; } store->lock = PZ_NewLock(nssILockOther); if (!store->lock) { - goto loser; + goto loser; } /* Create the issuer/serial --> {cert, trust, S/MIME profile } hash */ store->issuer_and_serial = nssHash_CreateCertificate(arena, 0); if (!store->issuer_and_serial) { - goto loser; + goto loser; } /* Create the subject DER --> subject list hash */ store->subject = nssHash_CreateItem(arena, 0); if (!store->subject) { - goto loser; + goto loser; } store->arena = arena; store->i_alloced_arena = i_alloced_arena; return store; loser: if (store) { - if (store->lock) { - PZ_DestroyLock(store->lock); - } - if (store->issuer_and_serial) { - nssHash_Destroy(store->issuer_and_serial); - } - if (store->subject) { - nssHash_Destroy(store->subject); - } + if (store->lock) { + PZ_DestroyLock(store->lock); + } + if (store->issuer_and_serial) { + nssHash_Destroy(store->issuer_and_serial); + } + if (store->subject) { + nssHash_Destroy(store->subject); + } } if (i_alloced_arena) { - nssArena_Destroy(arena); + nssArena_Destroy(arena); } return NULL; } @@ -122,189 +117,176 @@ loser: extern const NSSError NSS_ERROR_BUSY; NSS_IMPLEMENT PRStatus -nssCertificateStore_Destroy ( - nssCertificateStore *store -) +nssCertificateStore_Destroy(nssCertificateStore *store) { if (nssHash_Count(store->issuer_and_serial) > 0) { - nss_SetError(NSS_ERROR_BUSY); - return PR_FAILURE; + nss_SetError(NSS_ERROR_BUSY); + return PR_FAILURE; } PZ_DestroyLock(store->lock); nssHash_Destroy(store->issuer_and_serial); nssHash_Destroy(store->subject); if (store->i_alloced_arena) { - nssArena_Destroy(store->arena); + nssArena_Destroy(store->arena); } else { - nss_ZFreeIf(store); + nss_ZFreeIf(store); } return PR_SUCCESS; } static PRStatus -add_certificate_entry ( - nssCertificateStore *store, - NSSCertificate *cert -) +add_certificate_entry( + nssCertificateStore *store, + NSSCertificate *cert) { PRStatus nssrv; certificate_hash_entry *entry; entry = nss_ZNEW(cert->object.arena, certificate_hash_entry); if (!entry) { - return PR_FAILURE; + return PR_FAILURE; } entry->cert = cert; nssrv = nssHash_Add(store->issuer_and_serial, cert, entry); if (nssrv != PR_SUCCESS) { - nss_ZFreeIf(entry); + nss_ZFreeIf(entry); } return nssrv; } static PRStatus -add_subject_entry ( - nssCertificateStore *store, - NSSCertificate *cert -) +add_subject_entry( + nssCertificateStore *store, + NSSCertificate *cert) { PRStatus nssrv; nssList *subjectList; subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject); if (subjectList) { - /* The subject is already in, add this cert to the list */ - nssrv = nssList_AddUnique(subjectList, cert); + /* The subject is already in, add this cert to the list */ + nssrv = nssList_AddUnique(subjectList, cert); } else { - /* Create a new subject list for the subject */ - subjectList = nssList_Create(NULL, PR_FALSE); - if (!subjectList) { - return PR_FAILURE; - } - nssList_SetSortFunction(subjectList, nssCertificate_SubjectListSort); - /* Add the cert entry to this list of subjects */ - nssrv = nssList_Add(subjectList, cert); - if (nssrv != PR_SUCCESS) { - return nssrv; - } - /* Add the subject list to the cache */ - nssrv = nssHash_Add(store->subject, &cert->subject, subjectList); + /* Create a new subject list for the subject */ + subjectList = nssList_Create(NULL, PR_FALSE); + if (!subjectList) { + return PR_FAILURE; + } + nssList_SetSortFunction(subjectList, nssCertificate_SubjectListSort); + /* Add the cert entry to this list of subjects */ + nssrv = nssList_Add(subjectList, cert); + if (nssrv != PR_SUCCESS) { + return nssrv; + } + /* Add the subject list to the cache */ + nssrv = nssHash_Add(store->subject, &cert->subject, subjectList); } return nssrv; } /* declared below */ static void -remove_certificate_entry ( - nssCertificateStore *store, - NSSCertificate *cert -); +remove_certificate_entry( + nssCertificateStore *store, + NSSCertificate *cert); /* Caller must hold store->lock */ static PRStatus -nssCertificateStore_AddLocked ( - nssCertificateStore *store, - NSSCertificate *cert -) +nssCertificateStore_AddLocked( + nssCertificateStore *store, + NSSCertificate *cert) { PRStatus nssrv = add_certificate_entry(store, cert); if (nssrv == PR_SUCCESS) { - nssrv = add_subject_entry(store, cert); - if (nssrv == PR_FAILURE) { - remove_certificate_entry(store, cert); - } + nssrv = add_subject_entry(store, cert); + if (nssrv == PR_FAILURE) { + remove_certificate_entry(store, cert); + } } return nssrv; } - NSS_IMPLEMENT NSSCertificate * -nssCertificateStore_FindOrAdd ( - nssCertificateStore *store, - NSSCertificate *c -) +nssCertificateStore_FindOrAdd( + nssCertificateStore *store, + NSSCertificate *c) { PRStatus nssrv; NSSCertificate *rvCert = NULL; PZ_Lock(store->lock); rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked( - store, &c->issuer, &c->serial); + store, &c->issuer, &c->serial); if (!rvCert) { - nssrv = nssCertificateStore_AddLocked(store, c); - if (PR_SUCCESS == nssrv) { - rvCert = nssCertificate_AddRef(c); - } + nssrv = nssCertificateStore_AddLocked(store, c); + if (PR_SUCCESS == nssrv) { + rvCert = nssCertificate_AddRef(c); + } } PZ_Unlock(store->lock); return rvCert; } static void -remove_certificate_entry ( - nssCertificateStore *store, - NSSCertificate *cert -) +remove_certificate_entry( + nssCertificateStore *store, + NSSCertificate *cert) { certificate_hash_entry *entry; entry = (certificate_hash_entry *) - nssHash_Lookup(store->issuer_and_serial, cert); + nssHash_Lookup(store->issuer_and_serial, cert); if (entry) { - nssHash_Remove(store->issuer_and_serial, cert); - if (entry->trust) { - nssTrust_Destroy(entry->trust); - } - if (entry->profile) { - nssSMIMEProfile_Destroy(entry->profile); - } - nss_ZFreeIf(entry); + nssHash_Remove(store->issuer_and_serial, cert); + if (entry->trust) { + nssTrust_Destroy(entry->trust); + } + if (entry->profile) { + nssSMIMEProfile_Destroy(entry->profile); + } + nss_ZFreeIf(entry); } } static void -remove_subject_entry ( - nssCertificateStore *store, - NSSCertificate *cert -) +remove_subject_entry( + nssCertificateStore *store, + NSSCertificate *cert) { nssList *subjectList; /* Get the subject list for the cert's subject */ subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject); if (subjectList) { - /* Remove the cert from the subject hash */ - nssList_Remove(subjectList, cert); - nssHash_Remove(store->subject, &cert->subject); - if (nssList_Count(subjectList) == 0) { - nssList_Destroy(subjectList); - } else { - /* The cert being released may have keyed the subject entry. - * Since there are still subject certs around, get another and - * rekey the entry just in case. - */ - NSSCertificate *subjectCert; - (void)nssList_GetArray(subjectList, (void **)&subjectCert, 1); - nssHash_Add(store->subject, &subjectCert->subject, subjectList); - } + /* Remove the cert from the subject hash */ + nssList_Remove(subjectList, cert); + nssHash_Remove(store->subject, &cert->subject); + if (nssList_Count(subjectList) == 0) { + nssList_Destroy(subjectList); + } else { + /* The cert being released may have keyed the subject entry. + * Since there are still subject certs around, get another and + * rekey the entry just in case. + */ + NSSCertificate *subjectCert; + (void)nssList_GetArray(subjectList, (void **)&subjectCert, 1); + nssHash_Add(store->subject, &subjectCert->subject, subjectList); + } } } NSS_IMPLEMENT void -nssCertificateStore_RemoveCertLOCKED ( - nssCertificateStore *store, - NSSCertificate *cert -) +nssCertificateStore_RemoveCertLOCKED( + nssCertificateStore *store, + NSSCertificate *cert) { certificate_hash_entry *entry; entry = (certificate_hash_entry *) - nssHash_Lookup(store->issuer_and_serial, cert); + nssHash_Lookup(store->issuer_and_serial, cert); if (entry && entry->cert == cert) { - remove_certificate_entry(store, cert); - remove_subject_entry(store, cert); + remove_certificate_entry(store, cert); + remove_subject_entry(store, cert); } } NSS_IMPLEMENT void -nssCertificateStore_Lock ( - nssCertificateStore *store, nssCertificateStoreTrace* out -) +nssCertificateStore_Lock(nssCertificateStore *store, nssCertificateStoreTrace *out) { #ifdef DEBUG PORT_Assert(out); @@ -318,10 +300,9 @@ nssCertificateStore_Lock ( } NSS_IMPLEMENT void -nssCertificateStore_Unlock ( - nssCertificateStore *store, const nssCertificateStoreTrace* in, - nssCertificateStoreTrace* out -) +nssCertificateStore_Unlock( + nssCertificateStore *store, const nssCertificateStoreTrace *in, + nssCertificateStoreTrace *out) { #ifdef DEBUG PORT_Assert(in); @@ -343,50 +324,48 @@ nssCertificateStore_Unlock ( } static NSSCertificate ** -get_array_from_list ( - nssList *certList, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -) +get_array_from_list( + nssList *certList, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt) { PRUint32 count; NSSCertificate **rvArray = NULL; count = nssList_Count(certList); if (count == 0) { - return NULL; + return NULL; } if (maximumOpt > 0) { - count = PR_MIN(maximumOpt, count); + count = PR_MIN(maximumOpt, count); } if (rvOpt) { - nssList_GetArray(certList, (void **)rvOpt, count); + nssList_GetArray(certList, (void **)rvOpt, count); } else { - rvArray = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, count + 1); - if (rvArray) { - nssList_GetArray(certList, (void **)rvArray, count); - } + rvArray = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, count + 1); + if (rvArray) { + nssList_GetArray(certList, (void **)rvArray, count); + } } return rvArray; } NSS_IMPLEMENT NSSCertificate ** -nssCertificateStore_FindCertificatesBySubject ( - nssCertificateStore *store, - NSSDER *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -) +nssCertificateStore_FindCertificatesBySubject( + nssCertificateStore *store, + NSSDER *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt) { NSSCertificate **rvArray = NULL; nssList *subjectList; PZ_Lock(store->lock); subjectList = (nssList *)nssHash_Lookup(store->subject, subject); if (subjectList) { - nssCertificateList_AddReferences(subjectList); - rvArray = get_array_from_list(subjectList, - rvOpt, maximumOpt, arenaOpt); + nssCertificateList_AddReferences(subjectList); + rvArray = get_array_from_list(subjectList, + rvOpt, maximumOpt, arenaOpt); } PZ_Unlock(store->lock); return rvArray; @@ -394,7 +373,7 @@ nssCertificateStore_FindCertificatesBySubject ( /* Because only subject indexing is implemented, all other lookups require * full traversal (unfortunately, PLHashTable doesn't allow you to exit - * early from the enumeration). The assumptions are that 1) lookups by + * early from the enumeration). The assumptions are that 1) lookups by * fields other than subject will be rare, and 2) the hash will not have * a large number of entries. These assumptions will be tested. * @@ -403,13 +382,13 @@ nssCertificateStore_FindCertificatesBySubject ( * because the only crypto context is global and persistent. */ -struct nickname_template_str -{ +struct nickname_template_str { NSSUTF8 *nickname; nssList *subjectList; }; -static void match_nickname(const void *k, void *v, void *a) +static void +match_nickname(const void *k, void *v, void *a) { PRStatus nssrv; NSSCertificate *c; @@ -419,9 +398,8 @@ static void match_nickname(const void *k, void *v, void *a) nssrv = nssList_GetArray(subjectList, (void **)&c, 1); nickname = nssCertificate_GetNickname(c, NULL); if (nssrv == PR_SUCCESS && nickname && - nssUTF8_Equal(nickname, nt->nickname, &nssrv)) - { - nt->subjectList = subjectList; + nssUTF8_Equal(nickname, nt->nickname, &nssrv)) { + nt->subjectList = subjectList; } nss_ZFreeIf(nickname); } @@ -430,56 +408,53 @@ static void match_nickname(const void *k, void *v, void *a) * Find all cached certs with this label. */ NSS_IMPLEMENT NSSCertificate ** -nssCertificateStore_FindCertificatesByNickname ( - nssCertificateStore *store, - const NSSUTF8 *nickname, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -) +nssCertificateStore_FindCertificatesByNickname( + nssCertificateStore *store, + const NSSUTF8 *nickname, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt) { NSSCertificate **rvArray = NULL; struct nickname_template_str nt; - nt.nickname = (char*) nickname; + nt.nickname = (char *)nickname; nt.subjectList = NULL; PZ_Lock(store->lock); nssHash_Iterate(store->subject, match_nickname, &nt); if (nt.subjectList) { - nssCertificateList_AddReferences(nt.subjectList); - rvArray = get_array_from_list(nt.subjectList, - rvOpt, maximumOpt, arenaOpt); + nssCertificateList_AddReferences(nt.subjectList); + rvArray = get_array_from_list(nt.subjectList, + rvOpt, maximumOpt, arenaOpt); } PZ_Unlock(store->lock); return rvArray; } -struct email_template_str -{ +struct email_template_str { NSSASCII7 *email; nssList *emailList; }; -static void match_email(const void *k, void *v, void *a) +static void +match_email(const void *k, void *v, void *a) { PRStatus nssrv; NSSCertificate *c; nssList *subjectList = (nssList *)v; struct email_template_str *et = (struct email_template_str *)a; nssrv = nssList_GetArray(subjectList, (void **)&c, 1); - if (nssrv == PR_SUCCESS && - nssUTF8_Equal(c->email, et->email, &nssrv)) - { - nssListIterator *iter = nssList_CreateIterator(subjectList); - if (iter) { - for (c = (NSSCertificate *)nssListIterator_Start(iter); - c != (NSSCertificate *)NULL; - c = (NSSCertificate *)nssListIterator_Next(iter)) - { - nssList_Add(et->emailList, c); - } - nssListIterator_Finish(iter); - nssListIterator_Destroy(iter); - } + if (nssrv == PR_SUCCESS && + nssUTF8_Equal(c->email, et->email, &nssrv)) { + nssListIterator *iter = nssList_CreateIterator(subjectList); + if (iter) { + for (c = (NSSCertificate *)nssListIterator_Start(iter); + c != (NSSCertificate *)NULL; + c = (NSSCertificate *)nssListIterator_Next(iter)) { + nssList_Add(et->emailList, c); + } + nssListIterator_Finish(iter); + nssListIterator_Destroy(iter); + } } } @@ -487,43 +462,41 @@ static void match_email(const void *k, void *v, void *a) * Find all cached certs with this email address. */ NSS_IMPLEMENT NSSCertificate ** -nssCertificateStore_FindCertificatesByEmail ( - nssCertificateStore *store, - NSSASCII7 *email, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -) +nssCertificateStore_FindCertificatesByEmail( + nssCertificateStore *store, + NSSASCII7 *email, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt) { NSSCertificate **rvArray = NULL; struct email_template_str et; et.email = email; et.emailList = nssList_Create(NULL, PR_FALSE); if (!et.emailList) { - return NULL; + return NULL; } PZ_Lock(store->lock); nssHash_Iterate(store->subject, match_email, &et); if (et.emailList) { - /* get references before leaving the store's lock protection */ - nssCertificateList_AddReferences(et.emailList); + /* get references before leaving the store's lock protection */ + nssCertificateList_AddReferences(et.emailList); } PZ_Unlock(store->lock); if (et.emailList) { - rvArray = get_array_from_list(et.emailList, - rvOpt, maximumOpt, arenaOpt); - nssList_Destroy(et.emailList); + rvArray = get_array_from_list(et.emailList, + rvOpt, maximumOpt, arenaOpt); + nssList_Destroy(et.emailList); } return rvArray; } /* Caller holds store->lock */ static NSSCertificate * -nssCertStore_FindCertByIssuerAndSerialNumberLocked ( - nssCertificateStore *store, - NSSDER *issuer, - NSSDER *serial -) +nssCertStore_FindCertByIssuerAndSerialNumberLocked( + nssCertificateStore *store, + NSSDER *issuer, + NSSDER *serial) { certificate_hash_entry *entry; NSSCertificate *rvCert = NULL; @@ -532,127 +505,121 @@ nssCertStore_FindCertByIssuerAndSerialNumberLocked ( index.issuer = *issuer; index.serial = *serial; entry = (certificate_hash_entry *) - nssHash_Lookup(store->issuer_and_serial, &index); + nssHash_Lookup(store->issuer_and_serial, &index); if (entry) { - rvCert = nssCertificate_AddRef(entry->cert); + rvCert = nssCertificate_AddRef(entry->cert); } return rvCert; } NSS_IMPLEMENT NSSCertificate * -nssCertificateStore_FindCertificateByIssuerAndSerialNumber ( - nssCertificateStore *store, - NSSDER *issuer, - NSSDER *serial -) +nssCertificateStore_FindCertificateByIssuerAndSerialNumber( + nssCertificateStore *store, + NSSDER *issuer, + NSSDER *serial) { NSSCertificate *rvCert = NULL; PZ_Lock(store->lock); - rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked ( - store, issuer, serial); + rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked( + store, issuer, serial); PZ_Unlock(store->lock); return rvCert; } NSS_IMPLEMENT NSSCertificate * -nssCertificateStore_FindCertificateByEncodedCertificate ( - nssCertificateStore *store, - NSSDER *encoding -) +nssCertificateStore_FindCertificateByEncodedCertificate( + nssCertificateStore *store, + NSSDER *encoding) { PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert = NULL; nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial); if (nssrv != PR_SUCCESS) { - return NULL; + return NULL; } - rvCert = nssCertificateStore_FindCertificateByIssuerAndSerialNumber(store, - &issuer, - &serial); + rvCert = nssCertificateStore_FindCertificateByIssuerAndSerialNumber(store, + &issuer, + &serial); PORT_Free(issuer.data); PORT_Free(serial.data); return rvCert; } NSS_EXTERN PRStatus -nssCertificateStore_AddTrust ( - nssCertificateStore *store, - NSSTrust *trust -) +nssCertificateStore_AddTrust( + nssCertificateStore *store, + NSSTrust *trust) { NSSCertificate *cert; certificate_hash_entry *entry; cert = trust->certificate; PZ_Lock(store->lock); entry = (certificate_hash_entry *) - nssHash_Lookup(store->issuer_and_serial, cert); + nssHash_Lookup(store->issuer_and_serial, cert); if (entry) { - NSSTrust* newTrust = nssTrust_AddRef(trust); - if (entry->trust) { - nssTrust_Destroy(entry->trust); - } - entry->trust = newTrust; + NSSTrust *newTrust = nssTrust_AddRef(trust); + if (entry->trust) { + nssTrust_Destroy(entry->trust); + } + entry->trust = newTrust; } PZ_Unlock(store->lock); return (entry) ? PR_SUCCESS : PR_FAILURE; } NSS_IMPLEMENT NSSTrust * -nssCertificateStore_FindTrustForCertificate ( - nssCertificateStore *store, - NSSCertificate *cert -) +nssCertificateStore_FindTrustForCertificate( + nssCertificateStore *store, + NSSCertificate *cert) { certificate_hash_entry *entry; NSSTrust *rvTrust = NULL; PZ_Lock(store->lock); entry = (certificate_hash_entry *) - nssHash_Lookup(store->issuer_and_serial, cert); + nssHash_Lookup(store->issuer_and_serial, cert); if (entry && entry->trust) { - rvTrust = nssTrust_AddRef(entry->trust); + rvTrust = nssTrust_AddRef(entry->trust); } PZ_Unlock(store->lock); return rvTrust; } NSS_EXTERN PRStatus -nssCertificateStore_AddSMIMEProfile ( - nssCertificateStore *store, - nssSMIMEProfile *profile -) +nssCertificateStore_AddSMIMEProfile( + nssCertificateStore *store, + nssSMIMEProfile *profile) { NSSCertificate *cert; certificate_hash_entry *entry; cert = profile->certificate; PZ_Lock(store->lock); entry = (certificate_hash_entry *) - nssHash_Lookup(store->issuer_and_serial, cert); + nssHash_Lookup(store->issuer_and_serial, cert); if (entry) { - nssSMIMEProfile* newProfile = nssSMIMEProfile_AddRef(profile); - if (entry->profile) { - nssSMIMEProfile_Destroy(entry->profile); - } - entry->profile = newProfile; + nssSMIMEProfile *newProfile = nssSMIMEProfile_AddRef(profile); + if (entry->profile) { + nssSMIMEProfile_Destroy(entry->profile); + } + entry->profile = newProfile; } PZ_Unlock(store->lock); return (entry) ? PR_SUCCESS : PR_FAILURE; } NSS_IMPLEMENT nssSMIMEProfile * -nssCertificateStore_FindSMIMEProfileForCertificate ( - nssCertificateStore *store, - NSSCertificate *cert -) +nssCertificateStore_FindSMIMEProfileForCertificate( + nssCertificateStore *store, + NSSCertificate *cert) { certificate_hash_entry *entry; nssSMIMEProfile *rvProfile = NULL; PZ_Lock(store->lock); entry = (certificate_hash_entry *) - nssHash_Lookup(store->issuer_and_serial, cert); + nssHash_Lookup(store->issuer_and_serial, cert); if (entry && entry->profile) { - rvProfile = nssSMIMEProfile_AddRef(entry->profile); + rvProfile = nssSMIMEProfile_AddRef(entry->profile); } PZ_Unlock(store->lock); return rvProfile; @@ -661,18 +628,16 @@ nssCertificateStore_FindSMIMEProfileForCertificate ( /* XXX this is also used by cache and should be somewhere else */ static PLHashNumber -nss_certificate_hash ( - const void *key -) +nss_certificate_hash(const void *key) { unsigned int i; PLHashNumber h; NSSCertificate *c = (NSSCertificate *)key; h = 0; - for (i=0; i<c->issuer.size; i++) - h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->issuer.data)[i]; - for (i=0; i<c->serial.size; i++) - h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->serial.data)[i]; + for (i = 0; i < c->issuer.size; i++) + h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->issuer.data)[i]; + for (i = 0; i < c->serial.size; i++) + h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->serial.data)[i]; return h; } @@ -687,27 +652,24 @@ nss_compare_certs(const void *v1, const void *v2) } NSS_IMPLEMENT nssHash * -nssHash_CreateCertificate ( - NSSArena *arenaOpt, - PRUint32 numBuckets -) -{ - return nssHash_Create(arenaOpt, - numBuckets, - nss_certificate_hash, - nss_compare_certs, +nssHash_CreateCertificate( + NSSArena *arenaOpt, + PRUint32 numBuckets) +{ + return nssHash_Create(arenaOpt, + numBuckets, + nss_certificate_hash, + nss_compare_certs, PL_CompareValues); } NSS_IMPLEMENT void -nssCertificateStore_DumpStoreInfo ( - nssCertificateStore *store, - void (* cert_dump_iter)(const void *, void *, void *), - void *arg -) +nssCertificateStore_DumpStoreInfo( + nssCertificateStore *store, + void (*cert_dump_iter)(const void *, void *, void *), + void *arg) { PZ_Lock(store->lock); nssHash_Iterate(store->issuer_and_serial, cert_dump_iter, arg); PZ_Unlock(store->lock); } - diff --git a/nss/lib/pki/pkistore.h b/nss/lib/pki/pkistore.h index d9d8944..729f209 100644 --- a/nss/lib/pki/pkistore.h +++ b/nss/lib/pki/pkistore.h @@ -15,7 +15,7 @@ PR_BEGIN_EXTERN_C -/* +/* * PKI Stores * * This is a set of routines for managing local stores of PKI objects. @@ -24,7 +24,7 @@ PR_BEGIN_EXTERN_C * here for storing local references to keys. */ -/* +/* * nssCertificateStore * * Manages local store of certificate, trust, and S/MIME profile objects. @@ -34,37 +34,29 @@ PR_BEGIN_EXTERN_C */ NSS_EXTERN nssCertificateStore * -nssCertificateStore_Create -( - NSSArena *arenaOpt -); +nssCertificateStore_Create( + NSSArena *arenaOpt); NSS_EXTERN PRStatus -nssCertificateStore_Destroy -( - nssCertificateStore *store -); +nssCertificateStore_Destroy( + nssCertificateStore *store); /* Atomic Find cert in store, or add this cert to the store. ** Ref counts properly maintained. */ NSS_EXTERN NSSCertificate * -nssCertificateStore_FindOrAdd -( - nssCertificateStore *store, - NSSCertificate *c -); +nssCertificateStore_FindOrAdd( + nssCertificateStore *store, + NSSCertificate *c); NSS_EXTERN void -nssCertificateStore_RemoveCertLOCKED -( - nssCertificateStore *store, - NSSCertificate *cert -); +nssCertificateStore_RemoveCertLOCKED( + nssCertificateStore *store, + NSSCertificate *cert); struct nssCertificateStoreTraceStr { - nssCertificateStore* store; - PZLock* lock; + nssCertificateStore *store; + PZLock *lock; PRBool locked; PRBool unlocked; }; @@ -72,96 +64,74 @@ struct nssCertificateStoreTraceStr { typedef struct nssCertificateStoreTraceStr nssCertificateStoreTrace; NSS_EXTERN void -nssCertificateStore_Lock ( - nssCertificateStore *store, nssCertificateStoreTrace* out -); +nssCertificateStore_Lock( + nssCertificateStore *store, nssCertificateStoreTrace *out); NSS_EXTERN void -nssCertificateStore_Unlock ( - nssCertificateStore *store, const nssCertificateStoreTrace* in, - nssCertificateStoreTrace* out -); +nssCertificateStore_Unlock( + nssCertificateStore *store, const nssCertificateStoreTrace *in, + nssCertificateStoreTrace *out); NSS_EXTERN NSSCertificate ** -nssCertificateStore_FindCertificatesBySubject -( - nssCertificateStore *store, - NSSDER *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssCertificateStore_FindCertificatesBySubject( + nssCertificateStore *store, + NSSDER *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSCertificate ** -nssCertificateStore_FindCertificatesByNickname -( - nssCertificateStore *store, - const NSSUTF8 *nickname, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssCertificateStore_FindCertificatesByNickname( + nssCertificateStore *store, + const NSSUTF8 *nickname, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSCertificate ** -nssCertificateStore_FindCertificatesByEmail -( - nssCertificateStore *store, - NSSASCII7 *email, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -); +nssCertificateStore_FindCertificatesByEmail( + nssCertificateStore *store, + NSSASCII7 *email, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt); NSS_EXTERN NSSCertificate * -nssCertificateStore_FindCertificateByIssuerAndSerialNumber -( - nssCertificateStore *store, - NSSDER *issuer, - NSSDER *serial -); +nssCertificateStore_FindCertificateByIssuerAndSerialNumber( + nssCertificateStore *store, + NSSDER *issuer, + NSSDER *serial); NSS_EXTERN NSSCertificate * -nssCertificateStore_FindCertificateByEncodedCertificate -( - nssCertificateStore *store, - NSSDER *encoding -); +nssCertificateStore_FindCertificateByEncodedCertificate( + nssCertificateStore *store, + NSSDER *encoding); NSS_EXTERN PRStatus -nssCertificateStore_AddTrust -( - nssCertificateStore *store, - NSSTrust *trust -); +nssCertificateStore_AddTrust( + nssCertificateStore *store, + NSSTrust *trust); NSS_EXTERN NSSTrust * -nssCertificateStore_FindTrustForCertificate -( - nssCertificateStore *store, - NSSCertificate *cert -); +nssCertificateStore_FindTrustForCertificate( + nssCertificateStore *store, + NSSCertificate *cert); NSS_EXTERN PRStatus -nssCertificateStore_AddSMIMEProfile -( - nssCertificateStore *store, - nssSMIMEProfile *profile -); +nssCertificateStore_AddSMIMEProfile( + nssCertificateStore *store, + nssSMIMEProfile *profile); NSS_EXTERN nssSMIMEProfile * -nssCertificateStore_FindSMIMEProfileForCertificate -( - nssCertificateStore *store, - NSSCertificate *cert -); +nssCertificateStore_FindSMIMEProfileForCertificate( + nssCertificateStore *store, + NSSCertificate *cert); NSS_EXTERN void -nssCertificateStore_DumpStoreInfo -( - nssCertificateStore *store, - void (* cert_dump_iter)(const void *, void *, void *), - void *arg -); +nssCertificateStore_DumpStoreInfo( + nssCertificateStore *store, + void (*cert_dump_iter)(const void *, void *, void *), + void *arg); PR_END_EXTERN_C diff --git a/nss/lib/pki/pkit.h b/nss/lib/pki/pkit.h index 5855dd2..5d17a45 100644 --- a/nss/lib/pki/pkit.h +++ b/nss/lib/pki/pkit.h @@ -45,7 +45,7 @@ PR_BEGIN_EXTERN_C * * The key objects defined here can only be created on tokens, and can only * exist on tokens. Therefore, any instance of a key object must have - * a corresponding cryptoki instance. OTOH, certificates created in + * a corresponding cryptoki instance. OTOH, certificates created in * crypto contexts need not be stored as session objects on the token. * There are good performance reasons for not doing so. The certificate * and trust objects have been defined with a cryptoContext field to @@ -65,15 +65,14 @@ typedef enum { * This is the base object class, common to all PKI objects defined in * nsspkit.h */ -struct nssPKIObjectStr -{ +struct nssPKIObjectStr { /* The arena for all object memory */ NSSArena *arena; /* Atomically incremented/decremented reference counting */ PRInt32 refCount; /* lock protects the array of nssCryptokiInstance's of the object */ union { - PZLock* lock; + PZLock *lock; PZMonitor *mlock; } sync; nssPKILockType lockType; @@ -100,8 +99,7 @@ typedef struct nssSMIMEProfileStr nssSMIMEProfile; typedef struct nssPKIObjectStr nssPKIObject; -struct NSSTrustStr -{ +struct NSSTrustStr { nssPKIObject object; NSSCertificate *certificate; nssTrustLevel serverAuth; @@ -111,8 +109,7 @@ struct NSSTrustStr PRBool stepUpApproved; }; -struct nssSMIMEProfileStr -{ +struct nssSMIMEProfileStr { nssPKIObject object; NSSCertificate *certificate; NSSASCII7 *email; @@ -121,8 +118,7 @@ struct nssSMIMEProfileStr NSSItem *profileData; }; -struct NSSCertificateStr -{ +struct NSSCertificateStr { nssPKIObject object; NSSCertificateType type; NSSItem id; @@ -154,8 +150,7 @@ struct NSSTrustDomainStr { CERTStatusConfig *statusConfig; }; -struct NSSCryptoContextStr -{ +struct NSSCryptoContextStr { PRInt32 refCount; NSSArena *arena; NSSTrustDomain *td; @@ -169,10 +164,10 @@ struct NSSTimeStr { }; struct NSSCRLStr { - nssPKIObject object; - NSSDER encoding; - NSSUTF8 *url; - PRBool isKRL; + nssPKIObject object; + NSSDER encoding; + NSSUTF8 *url; + PRBool isKRL; }; typedef struct NSSCRLStr NSSCRL; diff --git a/nss/lib/pki/pkitm.h b/nss/lib/pki/pkitm.h index 76e2c66..38a5fac 100644 --- a/nss/lib/pki/pkitm.h +++ b/nss/lib/pki/pkitm.h @@ -22,9 +22,9 @@ PR_BEGIN_EXTERN_C typedef enum nssCertIDMatchEnum { - nssCertIDMatch_Yes = 0, - nssCertIDMatch_No = 1, - nssCertIDMatch_Unknown = 2 + nssCertIDMatch_Yes = 0, + nssCertIDMatch_No = 1, + nssCertIDMatch_Unknown = 2 } nssCertIDMatch; /* @@ -39,29 +39,29 @@ struct nssDecodedCertStr { NSSCertificateType type; void *data; /* returns the unique identifier for the cert */ - NSSItem * (*getIdentifier)(nssDecodedCert *dc); + NSSItem *(*getIdentifier)(nssDecodedCert *dc); /* returns the unique identifier for this cert's issuer */ - void * (*getIssuerIdentifier)(nssDecodedCert *dc); + void *(*getIssuerIdentifier)(nssDecodedCert *dc); /* is id the identifier for this cert? */ nssCertIDMatch (*matchIdentifier)(nssDecodedCert *dc, void *id); /* is this cert a valid CA cert? */ - PRBool (*isValidIssuer)(nssDecodedCert *dc); + PRBool (*isValidIssuer)(nssDecodedCert *dc); /* returns the cert usage */ - NSSUsage * (*getUsage)(nssDecodedCert *dc); + NSSUsage *(*getUsage)(nssDecodedCert *dc); /* is time within the validity period of the cert? */ - PRBool (*isValidAtTime)(nssDecodedCert *dc, NSSTime *time); + PRBool (*isValidAtTime)(nssDecodedCert *dc, NSSTime *time); /* is the validity period of this cert newer than cmpdc? */ - PRBool (*isNewerThan)(nssDecodedCert *dc, nssDecodedCert *cmpdc); + PRBool (*isNewerThan)(nssDecodedCert *dc, nssDecodedCert *cmpdc); /* does the usage for this cert match the requested usage? */ - PRBool (*matchUsage)(nssDecodedCert *dc, const NSSUsage *usage); + PRBool (*matchUsage)(nssDecodedCert *dc, const NSSUsage *usage); /* is this cert trusted for the requested usage? */ - PRBool (*isTrustedForUsage)(nssDecodedCert *dc, - const NSSUsage *usage); + PRBool (*isTrustedForUsage)(nssDecodedCert *dc, + const NSSUsage *usage); /* extract the email address */ NSSASCII7 *(*getEmailAddress)(nssDecodedCert *dc); /* extract the DER-encoded serial number */ - PRStatus (*getDERSerialNumber)(nssDecodedCert *dc, - NSSDER *derSerial, NSSArena *arena); + PRStatus (*getDERSerialNumber)(nssDecodedCert *dc, + NSSDER *derSerial, NSSArena *arena); }; struct NSSUsageStr { @@ -74,13 +74,13 @@ typedef struct nssPKIObjectCollectionStr nssPKIObjectCollection; typedef struct { - union { - PRStatus (* cert)(NSSCertificate *c, void *arg); - PRStatus (* crl)(NSSCRL *crl, void *arg); - PRStatus (* pvkey)(NSSPrivateKey *vk, void *arg); - PRStatus (* pbkey)(NSSPublicKey *bk, void *arg); - } func; - void *arg; + union { + PRStatus (*cert)(NSSCertificate *c, void *arg); + PRStatus (*crl)(NSSCRL *crl, void *arg); + PRStatus (*pvkey)(NSSPrivateKey *vk, void *arg); + PRStatus (*pbkey)(NSSPublicKey *bk, void *arg); + } func; + void *arg; } nssPKIObjectCallback; PR_END_EXTERN_C diff --git a/nss/lib/pki/symmkey.c b/nss/lib/pki/symmkey.c index 60ed47a..3103f20 100644 --- a/nss/lib/pki/symmkey.c +++ b/nss/lib/pki/symmkey.c @@ -9,256 +9,230 @@ extern const NSSError NSS_ERROR_NOT_FOUND; NSS_IMPLEMENT PRStatus -NSSSymmetricKey_Destroy ( - NSSSymmetricKey *mk -) +NSSSymmetricKey_Destroy(NSSSymmetricKey *mk) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSSymmetricKey_DeleteStoredObject ( - NSSSymmetricKey *mk, - NSSCallback *uhh -) +NSSSymmetricKey_DeleteStoredObject( + NSSSymmetricKey *mk, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRUint32 -NSSSymmetricKey_GetKeyLength ( - NSSSymmetricKey *mk -) +NSSSymmetricKey_GetKeyLength(NSSSymmetricKey *mk) { nss_SetError(NSS_ERROR_NOT_FOUND); return -1; } NSS_IMPLEMENT PRUint32 -NSSSymmetricKey_GetKeyStrength ( - NSSSymmetricKey *mk -) +NSSSymmetricKey_GetKeyStrength(NSSSymmetricKey *mk) { nss_SetError(NSS_ERROR_NOT_FOUND); return -1; } NSS_IMPLEMENT PRStatus -NSSSymmetricKey_IsStillPresent ( - NSSSymmetricKey *mk -) +NSSSymmetricKey_IsStillPresent(NSSSymmetricKey *mk) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSTrustDomain * -NSSSymmetricKey_GetTrustDomain ( - NSSSymmetricKey *mk, - PRStatus *statusOpt -) +NSSSymmetricKey_GetTrustDomain( + NSSSymmetricKey *mk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSToken * -NSSSymmetricKey_GetToken ( - NSSSymmetricKey *mk, - PRStatus *statusOpt -) +NSSSymmetricKey_GetToken( + NSSSymmetricKey *mk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSlot * -NSSSymmetricKey_GetSlot ( - NSSSymmetricKey *mk, - PRStatus *statusOpt -) +NSSSymmetricKey_GetSlot( + NSSSymmetricKey *mk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSModule * -NSSSymmetricKey_GetModule ( - NSSSymmetricKey *mk, - PRStatus *statusOpt -) +NSSSymmetricKey_GetModule( + NSSSymmetricKey *mk, + PRStatus *statusOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSSymmetricKey_Encrypt ( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSSymmetricKey_Encrypt( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSSymmetricKey_Decrypt ( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *encryptedData, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSSymmetricKey_Decrypt( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *encryptedData, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSSymmetricKey_Sign ( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSSymmetricKey_Sign( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSSymmetricKey_SignRecover ( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSSymmetricKey_SignRecover( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSSymmetricKey_Verify ( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *data, - NSSItem *signature, - NSSCallback *uhh -) +NSSSymmetricKey_Verify( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *data, + NSSItem *signature, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSItem * -NSSSymmetricKey_VerifyRecover ( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSItem *signature, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSSymmetricKey_VerifyRecover( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSItem *signature, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSSymmetricKey_WrapSymmetricKey ( - NSSSymmetricKey *wrappingKey, - NSSAlgorithmAndParameters *apOpt, - NSSSymmetricKey *keyToWrap, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSSymmetricKey_WrapSymmetricKey( + NSSSymmetricKey *wrappingKey, + NSSAlgorithmAndParameters *apOpt, + NSSSymmetricKey *keyToWrap, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSItem * -NSSSymmetricKey_WrapPrivateKey ( - NSSSymmetricKey *wrappingKey, - NSSAlgorithmAndParameters *apOpt, - NSSPrivateKey *keyToWrap, - NSSCallback *uhh, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +NSSSymmetricKey_WrapPrivateKey( + NSSSymmetricKey *wrappingKey, + NSSAlgorithmAndParameters *apOpt, + NSSPrivateKey *keyToWrap, + NSSCallback *uhh, + NSSItem *rvOpt, + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSSymmetricKey_UnwrapSymmetricKey ( - NSSSymmetricKey *wrappingKey, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSOID *target, - PRUint32 keySizeOpt, - NSSOperations operations, - NSSCallback *uhh -) +NSSSymmetricKey_UnwrapSymmetricKey( + NSSSymmetricKey *wrappingKey, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSOID *target, + PRUint32 keySizeOpt, + NSSOperations operations, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSPrivateKey * -NSSSymmetricKey_UnwrapPrivateKey ( - NSSSymmetricKey *wrappingKey, - NSSAlgorithmAndParameters *apOpt, - NSSItem *wrappedKey, - NSSUTF8 *labelOpt, - NSSItem *keyIDOpt, - PRBool persistant, - PRBool sensitive, - NSSToken *destinationOpt, - NSSCallback *uhh -) +NSSSymmetricKey_UnwrapPrivateKey( + NSSSymmetricKey *wrappingKey, + NSSAlgorithmAndParameters *apOpt, + NSSItem *wrappedKey, + NSSUTF8 *labelOpt, + NSSItem *keyIDOpt, + PRBool persistant, + PRBool sensitive, + NSSToken *destinationOpt, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSSymmetricKey_DeriveSymmetricKey ( - NSSSymmetricKey *originalKey, - NSSAlgorithmAndParameters *apOpt, - NSSOID *target, - PRUint32 keySizeOpt, - NSSOperations operations, - NSSCallback *uhh -) +NSSSymmetricKey_DeriveSymmetricKey( + NSSSymmetricKey *originalKey, + NSSAlgorithmAndParameters *apOpt, + NSSOID *target, + PRUint32 keySizeOpt, + NSSOperations operations, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCryptoContext * -NSSSymmetricKey_CreateCryptoContext ( - NSSSymmetricKey *mk, - NSSAlgorithmAndParameters *apOpt, - NSSCallback *uhh -) +NSSSymmetricKey_CreateCryptoContext( + NSSSymmetricKey *mk, + NSSAlgorithmAndParameters *apOpt, + NSSCallback *uhh) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } - diff --git a/nss/lib/pki/tdcache.c b/nss/lib/pki/tdcache.c index 5f9dfdd..385b8e4 100644 --- a/nss/lib/pki/tdcache.c +++ b/nss/lib/pki/tdcache.c @@ -35,29 +35,31 @@ static PRLogModuleInfo *s_log = NULL; #endif #ifdef DEBUG_CACHE -static void log_item_dump(const char *msg, NSSItem *it) +static void +log_item_dump(const char *msg, NSSItem *it) { char buf[33]; int i, j; - for (i=0; i<10 && i<it->size; i++) { - sprintf(&buf[2*i], "%02X", ((PRUint8 *)it->data)[i]); + for (i = 0; i < 10 && i < it->size; i++) { + sprintf(&buf[2 * i], "%02X", ((PRUint8 *)it->data)[i]); } - if (it->size>10) { - sprintf(&buf[2*i], ".."); - i += 1; - for (j=it->size-1; i<=16 && j>10; i++, j--) { - sprintf(&buf[2*i], "%02X", ((PRUint8 *)it->data)[j]); - } + if (it->size > 10) { + sprintf(&buf[2 * i], ".."); + i += 1; + for (j = it->size - 1; i <= 16 && j > 10; i++, j--) { + sprintf(&buf[2 * i], "%02X", ((PRUint8 *)it->data)[j]); + } } PR_LOG(s_log, PR_LOG_DEBUG, ("%s: %s", msg, buf)); } #endif #ifdef DEBUG_CACHE -static void log_cert_ref(const char *msg, NSSCertificate *c) +static void +log_cert_ref(const char *msg, NSSCertificate *c) { PR_LOG(s_log, PR_LOG_DEBUG, ("%s: %s", msg, - (c->nickname) ? c->nickname : c->email)); + (c->nickname) ? c->nickname : c->email)); log_item_dump("\tserial", &c->serial); log_item_dump("\tsubject", &c->subject); } @@ -71,8 +73,7 @@ static void log_cert_ref(const char *msg, NSSCertificate *c) */ /* should it live in its own arena? */ -struct nssTDCertificateCacheStr -{ +struct nssTDCertificateCacheStr { PZLock *lock; NSSArena *arena; nssHash *issuerAndSN; @@ -81,12 +82,11 @@ struct nssTDCertificateCacheStr nssHash *email; }; -struct cache_entry_str -{ +struct cache_entry_str { union { - NSSCertificate *cert; - nssList *list; - void *value; + NSSCertificate *cert; + nssList *list; + void *value; } entry; PRUint32 hits; PRTime lastHit; @@ -101,13 +101,13 @@ new_cache_entry(NSSArena *arena, void *value, PRBool ownArena) { cache_entry *ce = nss_ZNEW(arena, cache_entry); if (ce) { - ce->entry.value = value; - ce->hits = 1; - ce->lastHit = PR_Now(); - if (ownArena) { - ce->arena = arena; - } - ce->nickname = NULL; + ce->entry.value = value; + ce->hits = 1; + ce->lastHit = PR_Now(); + if (ownArena) { + ce->arena = arena; + } + ce->nickname = NULL; } return ce; } @@ -116,10 +116,9 @@ new_cache_entry(NSSArena *arena, void *value, PRBool ownArena) * types/functions static */ NSS_IMPLEMENT PRStatus -nssTrustDomain_InitializeCache ( - NSSTrustDomain *td, - PRUint32 cacheSize -) +nssTrustDomain_InitializeCache( + NSSTrustDomain *td, + PRUint32 cacheSize) { NSSArena *arena; nssTDCertificateCache *cache = td->cache; @@ -130,37 +129,37 @@ nssTrustDomain_InitializeCache ( PR_ASSERT(!cache); arena = nssArena_Create(); if (!arena) { - return PR_FAILURE; + return PR_FAILURE; } cache = nss_ZNEW(arena, nssTDCertificateCache); if (!cache) { - nssArena_Destroy(arena); - return PR_FAILURE; + nssArena_Destroy(arena); + return PR_FAILURE; } cache->lock = PZ_NewLock(nssILockCache); if (!cache->lock) { - nssArena_Destroy(arena); - return PR_FAILURE; + nssArena_Destroy(arena); + return PR_FAILURE; } /* Create the issuer and serial DER --> certificate hash */ cache->issuerAndSN = nssHash_CreateCertificate(arena, cacheSize); if (!cache->issuerAndSN) { - goto loser; + goto loser; } /* Create the subject DER --> subject list hash */ cache->subject = nssHash_CreateItem(arena, cacheSize); if (!cache->subject) { - goto loser; + goto loser; } /* Create the nickname --> subject list hash */ cache->nickname = nssHash_CreateString(arena, cacheSize); if (!cache->nickname) { - goto loser; + goto loser; } /* Create the email --> list of subject lists hash */ cache->email = nssHash_CreateString(arena, cacheSize); if (!cache->email) { - goto loser; + goto loser; } cache->arena = arena; td->cache = cache; @@ -189,17 +188,15 @@ extern const NSSError NSS_ERROR_INTERNAL_ERROR; extern const NSSError NSS_ERROR_BUSY; NSS_IMPLEMENT PRStatus -nssTrustDomain_DestroyCache ( - NSSTrustDomain *td -) +nssTrustDomain_DestroyCache(NSSTrustDomain *td) { if (!td->cache) { - nss_SetError(NSS_ERROR_INTERNAL_ERROR); - return PR_FAILURE; + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + return PR_FAILURE; } if (nssHash_Count(td->cache->issuerAndSN) > 0) { - nss_SetError(NSS_ERROR_BUSY); - return PR_FAILURE; + nss_SetError(NSS_ERROR_BUSY); + return PR_FAILURE; } PZ_DestroyLock(td->cache->lock); nssHash_Destroy(td->cache->issuerAndSN); @@ -215,10 +212,9 @@ nssTrustDomain_DestroyCache ( } static PRStatus -remove_issuer_and_serial_entry ( - nssTDCertificateCache *cache, - NSSCertificate *cert -) +remove_issuer_and_serial_entry( + nssTDCertificateCache *cache, + NSSCertificate *cert) { /* Remove the cert from the issuer/serial hash */ nssHash_Remove(cache->issuerAndSN, cert); @@ -229,13 +225,12 @@ remove_issuer_and_serial_entry ( } static PRStatus -remove_subject_entry ( - nssTDCertificateCache *cache, - NSSCertificate *cert, - nssList **subjectList, - NSSUTF8 **nickname, - NSSArena **arena -) +remove_subject_entry( + nssTDCertificateCache *cache, + NSSCertificate *cert, + nssList **subjectList, + NSSUTF8 **nickname, + NSSArena **arena) { PRStatus nssrv; cache_entry *ce; @@ -244,87 +239,86 @@ remove_subject_entry ( /* Get the subject list for the cert's subject */ ce = (cache_entry *)nssHash_Lookup(cache->subject, &cert->subject); if (ce) { - /* Remove the cert from the subject hash */ - nssList_Remove(ce->entry.list, cert); - *subjectList = ce->entry.list; - *nickname = ce->nickname; - *arena = ce->arena; - nssrv = PR_SUCCESS; + /* Remove the cert from the subject hash */ + nssList_Remove(ce->entry.list, cert); + *subjectList = ce->entry.list; + *nickname = ce->nickname; + *arena = ce->arena; + nssrv = PR_SUCCESS; #ifdef DEBUG_CACHE - log_cert_ref("removed cert", cert); - log_item_dump("from subject list", &cert->subject); + log_cert_ref("removed cert", cert); + log_item_dump("from subject list", &cert->subject); #endif } else { - nssrv = PR_FAILURE; + nssrv = PR_FAILURE; } return nssrv; } static PRStatus -remove_nickname_entry ( - nssTDCertificateCache *cache, - NSSUTF8 *nickname, - nssList *subjectList -) +remove_nickname_entry( + nssTDCertificateCache *cache, + NSSUTF8 *nickname, + nssList *subjectList) { PRStatus nssrv; if (nickname) { - nssHash_Remove(cache->nickname, nickname); - nssrv = PR_SUCCESS; + nssHash_Remove(cache->nickname, nickname); + nssrv = PR_SUCCESS; #ifdef DEBUG_CACHE - PR_LOG(s_log, PR_LOG_DEBUG, ("removed nickname %s", nickname)); + PR_LOG(s_log, PR_LOG_DEBUG, ("removed nickname %s", nickname)); #endif } else { - nssrv = PR_FAILURE; + nssrv = PR_FAILURE; } return nssrv; } static PRStatus -remove_email_entry ( - nssTDCertificateCache *cache, - NSSCertificate *cert, - nssList *subjectList -) +remove_email_entry( + nssTDCertificateCache *cache, + NSSCertificate *cert, + nssList *subjectList) { PRStatus nssrv = PR_FAILURE; cache_entry *ce; /* Find the subject list in the email hash */ if (cert->email) { - ce = (cache_entry *)nssHash_Lookup(cache->email, cert->email); - if (ce) { - nssList *subjects = ce->entry.list; - /* Remove the subject list from the email hash */ - nssList_Remove(subjects, subjectList); + ce = (cache_entry *)nssHash_Lookup(cache->email, cert->email); + if (ce) { + nssList *subjects = ce->entry.list; + /* Remove the subject list from the email hash */ + if (subjects) { + nssList_Remove(subjects, subjectList); #ifdef DEBUG_CACHE - log_item_dump("removed subject list", &cert->subject); - PR_LOG(s_log, PR_LOG_DEBUG, ("for email %s", cert->email)); + log_item_dump("removed subject list", &cert->subject); + PR_LOG(s_log, PR_LOG_DEBUG, ("for email %s", cert->email)); #endif - if (nssList_Count(subjects) == 0) { - /* No more subject lists for email, delete list and - * remove hash entry - */ - (void)nssList_Destroy(subjects); - nssHash_Remove(cache->email, cert->email); - /* there are no entries left for this address, free space - * used for email entries - */ - nssArena_Destroy(ce->arena); + if (nssList_Count(subjects) == 0) { + /* No more subject lists for email, delete list and + * remove hash entry + */ + (void)nssList_Destroy(subjects); + nssHash_Remove(cache->email, cert->email); + /* there are no entries left for this address, free space + * used for email entries + */ + nssArena_Destroy(ce->arena); #ifdef DEBUG_CACHE - PR_LOG(s_log, PR_LOG_DEBUG, ("removed email %s", cert->email)); + PR_LOG(s_log, PR_LOG_DEBUG, ("removed email %s", cert->email)); #endif - } - nssrv = PR_SUCCESS; - } + } + } + nssrv = PR_SUCCESS; + } } return nssrv; } NSS_IMPLEMENT void -nssTrustDomain_RemoveCertFromCacheLOCKED ( - NSSTrustDomain *td, - NSSCertificate *cert -) +nssTrustDomain_RemoveCertFromCacheLOCKED( + NSSTrustDomain *td, + NSSCertificate *cert) { nssList *subjectList; cache_entry *ce; @@ -336,43 +330,39 @@ nssTrustDomain_RemoveCertFromCacheLOCKED ( #endif ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, cert); if (!ce || ce->entry.cert != cert) { - /* If it's not in the cache, or a different cert is (this is really - * for safety reasons, though it shouldn't happen), do nothing - */ +/* If it's not in the cache, or a different cert is (this is really + * for safety reasons, though it shouldn't happen), do nothing + */ #ifdef DEBUG_CACHE - PR_LOG(s_log, PR_LOG_DEBUG, ("but it wasn't in the cache")); + PR_LOG(s_log, PR_LOG_DEBUG, ("but it wasn't in the cache")); #endif - return; + return; } (void)remove_issuer_and_serial_entry(td->cache, cert); - (void)remove_subject_entry(td->cache, cert, &subjectList, + (void)remove_subject_entry(td->cache, cert, &subjectList, &nickname, &arena); if (nssList_Count(subjectList) == 0) { - (void)remove_nickname_entry(td->cache, nickname, subjectList); - (void)remove_email_entry(td->cache, cert, subjectList); - (void)nssList_Destroy(subjectList); - nssHash_Remove(td->cache->subject, &cert->subject); - /* there are no entries left for this subject, free the space used - * for both the nickname and subject entries - */ - if (arena) { - nssArena_Destroy(arena); - } + (void)remove_nickname_entry(td->cache, nickname, subjectList); + (void)remove_email_entry(td->cache, cert, subjectList); + (void)nssList_Destroy(subjectList); + nssHash_Remove(td->cache->subject, &cert->subject); + /* there are no entries left for this subject, free the space used + * for both the nickname and subject entries + */ + if (arena) { + nssArena_Destroy(arena); + } } } NSS_IMPLEMENT void -nssTrustDomain_LockCertCache ( - NSSTrustDomain *td -) +nssTrustDomain_LockCertCache(NSSTrustDomain *td) { PZ_Lock(td->cache->lock); } NSS_IMPLEMENT void -nssTrustDomain_UnlockCertCache ( - NSSTrustDomain *td -) +nssTrustDomain_UnlockCertCache(NSSTrustDomain *td) { PZ_Unlock(td->cache->lock); } @@ -384,7 +374,7 @@ struct token_cert_dtor { PRUint32 numCerts, arrSize; }; -static void +static void remove_token_certs(const void *k, void *v, void *a) { NSSCertificate *c = (NSSCertificate *)k; @@ -393,43 +383,42 @@ remove_token_certs(const void *k, void *v, void *a) PRUint32 i; nssPKIObject_AddRef(object); nssPKIObject_Lock(object); - for (i=0; i<object->numInstances; i++) { - if (object->instances[i]->token == dtor->token) { - nssCryptokiObject_Destroy(object->instances[i]); - object->instances[i] = object->instances[object->numInstances-1]; - object->instances[object->numInstances-1] = NULL; - object->numInstances--; - dtor->certs[dtor->numCerts++] = c; - if (dtor->numCerts == dtor->arrSize) { - dtor->arrSize *= 2; - dtor->certs = nss_ZREALLOCARRAY(dtor->certs, - NSSCertificate *, - dtor->arrSize); - } - break; - } + for (i = 0; i < object->numInstances; i++) { + if (object->instances[i]->token == dtor->token) { + nssCryptokiObject_Destroy(object->instances[i]); + object->instances[i] = object->instances[object->numInstances - 1]; + object->instances[object->numInstances - 1] = NULL; + object->numInstances--; + dtor->certs[dtor->numCerts++] = c; + if (dtor->numCerts == dtor->arrSize) { + dtor->arrSize *= 2; + dtor->certs = nss_ZREALLOCARRAY(dtor->certs, + NSSCertificate *, + dtor->arrSize); + } + break; + } } nssPKIObject_Unlock(object); nssPKIObject_Destroy(object); return; } -/* +/* * Remove all certs for the given token from the cache. This is - * needed if the token is removed. + * needed if the token is removed. */ NSS_IMPLEMENT PRStatus -nssTrustDomain_RemoveTokenCertsFromCache ( - NSSTrustDomain *td, - NSSToken *token -) +nssTrustDomain_RemoveTokenCertsFromCache( + NSSTrustDomain *td, + NSSToken *token) { NSSCertificate **certs; PRUint32 i, arrSize = 10; struct token_cert_dtor dtor; certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize); if (!certs) { - return PR_FAILURE; + return PR_FAILURE; } dtor.cache = td->cache; dtor.token = token; @@ -438,74 +427,73 @@ nssTrustDomain_RemoveTokenCertsFromCache ( dtor.arrSize = arrSize; PZ_Lock(td->cache->lock); nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, &dtor); - for (i=0; i<dtor.numCerts; i++) { - if (dtor.certs[i]->object.numInstances == 0) { - nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]); - dtor.certs[i] = NULL; /* skip this cert in the second for loop */ - } else { - /* make sure it doesn't disappear on us before we finish */ - nssCertificate_AddRef(dtor.certs[i]); - } + for (i = 0; i < dtor.numCerts; i++) { + if (dtor.certs[i]->object.numInstances == 0) { + nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]); + dtor.certs[i] = NULL; /* skip this cert in the second for loop */ + } else { + /* make sure it doesn't disappear on us before we finish */ + nssCertificate_AddRef(dtor.certs[i]); + } } PZ_Unlock(td->cache->lock); - for (i=0; i<dtor.numCerts; i++) { - if (dtor.certs[i]) { - STAN_ForceCERTCertificateUpdate(dtor.certs[i]); - nssCertificate_Destroy(dtor.certs[i]); - } + for (i = 0; i < dtor.numCerts; i++) { + if (dtor.certs[i]) { + STAN_ForceCERTCertificateUpdate(dtor.certs[i]); + nssCertificate_Destroy(dtor.certs[i]); + } } nss_ZFreeIf(dtor.certs); return PR_SUCCESS; } NSS_IMPLEMENT PRStatus -nssTrustDomain_UpdateCachedTokenCerts ( - NSSTrustDomain *td, - NSSToken *token -) +nssTrustDomain_UpdateCachedTokenCerts( + NSSTrustDomain *td, + NSSToken *token) { NSSCertificate **cp, **cached = NULL; nssList *certList; PRUint32 count; certList = nssList_Create(NULL, PR_FALSE); - if (!certList) return PR_FAILURE; + if (!certList) + return PR_FAILURE; (void)nssTrustDomain_GetCertsFromCache(td, certList); count = nssList_Count(certList); if (count > 0) { - cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); - if (!cached) { - nssList_Destroy(certList); - return PR_FAILURE; - } - nssList_GetArray(certList, (void **)cached, count); - for (cp = cached; *cp; cp++) { - nssCryptokiObject *instance; - NSSCertificate *c = *cp; - nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - instance = nssToken_FindCertificateByIssuerAndSerialNumber( - token, - NULL, - &c->issuer, - &c->serial, - tokenOnly, - NULL); - if (instance) { - nssPKIObject_AddInstance(&c->object, instance); - STAN_ForceCERTCertificateUpdate(c); - } - } - nssCertificateArray_Destroy(cached); + cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); + if (!cached) { + nssList_Destroy(certList); + return PR_FAILURE; + } + nssList_GetArray(certList, (void **)cached, count); + for (cp = cached; *cp; cp++) { + nssCryptokiObject *instance; + NSSCertificate *c = *cp; + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + instance = nssToken_FindCertificateByIssuerAndSerialNumber( + token, + NULL, + &c->issuer, + &c->serial, + tokenOnly, + NULL); + if (instance) { + nssPKIObject_AddInstance(&c->object, instance); + STAN_ForceCERTCertificateUpdate(c); + } + } + nssCertificateArray_Destroy(cached); } nssList_Destroy(certList); return PR_SUCCESS; } static PRStatus -add_issuer_and_serial_entry ( - NSSArena *arena, - nssTDCertificateCache *cache, - NSSCertificate *cert -) +add_issuer_and_serial_entry( + NSSArena *arena, + nssTDCertificateCache *cache, + NSSCertificate *cert) { cache_entry *ce; ce = new_cache_entry(arena, (void *)cert, PR_FALSE); @@ -516,156 +504,153 @@ add_issuer_and_serial_entry ( } static PRStatus -add_subject_entry ( - NSSArena *arena, - nssTDCertificateCache *cache, - NSSCertificate *cert, - NSSUTF8 *nickname, - nssList **subjectList -) +add_subject_entry( + NSSArena *arena, + nssTDCertificateCache *cache, + NSSCertificate *cert, + NSSUTF8 *nickname, + nssList **subjectList) { PRStatus nssrv; nssList *list; cache_entry *ce; - *subjectList = NULL; /* this is only set if a new one is created */ + *subjectList = NULL; /* this is only set if a new one is created */ ce = (cache_entry *)nssHash_Lookup(cache->subject, &cert->subject); if (ce) { - ce->hits++; - ce->lastHit = PR_Now(); - /* The subject is already in, add this cert to the list */ - nssrv = nssList_AddUnique(ce->entry.list, cert); + ce->hits++; + ce->lastHit = PR_Now(); + /* The subject is already in, add this cert to the list */ + nssrv = nssList_AddUnique(ce->entry.list, cert); #ifdef DEBUG_CACHE - log_cert_ref("added to existing subject list", cert); + log_cert_ref("added to existing subject list", cert); #endif } else { - NSSDER *subject; - /* Create a new subject list for the subject */ - list = nssList_Create(arena, PR_FALSE); - if (!list) { - return PR_FAILURE; - } - ce = new_cache_entry(arena, (void *)list, PR_TRUE); - if (!ce) { - return PR_FAILURE; - } - if (nickname) { - ce->nickname = nssUTF8_Duplicate(nickname, arena); - } - nssList_SetSortFunction(list, nssCertificate_SubjectListSort); - /* Add the cert entry to this list of subjects */ - nssrv = nssList_AddUnique(list, cert); - if (nssrv != PR_SUCCESS) { - return nssrv; - } - /* Add the subject list to the cache */ - subject = nssItem_Duplicate(&cert->subject, arena, NULL); - if (!subject) { - return PR_FAILURE; - } - nssrv = nssHash_Add(cache->subject, subject, ce); - if (nssrv != PR_SUCCESS) { - return nssrv; - } - *subjectList = list; + NSSDER *subject; + /* Create a new subject list for the subject */ + list = nssList_Create(arena, PR_FALSE); + if (!list) { + return PR_FAILURE; + } + ce = new_cache_entry(arena, (void *)list, PR_TRUE); + if (!ce) { + return PR_FAILURE; + } + if (nickname) { + ce->nickname = nssUTF8_Duplicate(nickname, arena); + } + nssList_SetSortFunction(list, nssCertificate_SubjectListSort); + /* Add the cert entry to this list of subjects */ + nssrv = nssList_AddUnique(list, cert); + if (nssrv != PR_SUCCESS) { + return nssrv; + } + /* Add the subject list to the cache */ + subject = nssItem_Duplicate(&cert->subject, arena, NULL); + if (!subject) { + return PR_FAILURE; + } + nssrv = nssHash_Add(cache->subject, subject, ce); + if (nssrv != PR_SUCCESS) { + return nssrv; + } + *subjectList = list; #ifdef DEBUG_CACHE - log_cert_ref("created subject list", cert); + log_cert_ref("created subject list", cert); #endif } return nssrv; } static PRStatus -add_nickname_entry ( - NSSArena *arena, - nssTDCertificateCache *cache, - NSSUTF8 *certNickname, - nssList *subjectList -) +add_nickname_entry( + NSSArena *arena, + nssTDCertificateCache *cache, + NSSUTF8 *certNickname, + nssList *subjectList) { PRStatus nssrv = PR_SUCCESS; cache_entry *ce; ce = (cache_entry *)nssHash_Lookup(cache->nickname, certNickname); if (ce) { - /* This is a collision. A nickname entry already exists for this - * subject, but a subject entry didn't. This would imply there are - * two subjects using the same nickname, which is not allowed. - */ - return PR_FAILURE; + /* This is a collision. A nickname entry already exists for this + * subject, but a subject entry didn't. This would imply there are + * two subjects using the same nickname, which is not allowed. + */ + return PR_FAILURE; } else { - NSSUTF8 *nickname; - ce = new_cache_entry(arena, subjectList, PR_FALSE); - if (!ce) { - return PR_FAILURE; - } - nickname = nssUTF8_Duplicate(certNickname, arena); - if (!nickname) { - return PR_FAILURE; - } - nssrv = nssHash_Add(cache->nickname, nickname, ce); + NSSUTF8 *nickname; + ce = new_cache_entry(arena, subjectList, PR_FALSE); + if (!ce) { + return PR_FAILURE; + } + nickname = nssUTF8_Duplicate(certNickname, arena); + if (!nickname) { + return PR_FAILURE; + } + nssrv = nssHash_Add(cache->nickname, nickname, ce); #ifdef DEBUG_CACHE - log_cert_ref("created nickname for", cert); + log_cert_ref("created nickname for", cert); #endif } return nssrv; } static PRStatus -add_email_entry ( - nssTDCertificateCache *cache, - NSSCertificate *cert, - nssList *subjectList -) +add_email_entry( + nssTDCertificateCache *cache, + NSSCertificate *cert, + nssList *subjectList) { PRStatus nssrv = PR_SUCCESS; nssList *subjects; cache_entry *ce; ce = (cache_entry *)nssHash_Lookup(cache->email, cert->email); if (ce) { - /* Already have an entry for this email address, but not subject */ - subjects = ce->entry.list; - nssrv = nssList_AddUnique(subjects, subjectList); - ce->hits++; - ce->lastHit = PR_Now(); + /* Already have an entry for this email address, but not subject */ + subjects = ce->entry.list; + nssrv = nssList_AddUnique(subjects, subjectList); + ce->hits++; + ce->lastHit = PR_Now(); #ifdef DEBUG_CACHE - log_cert_ref("added subject to email for", cert); + log_cert_ref("added subject to email for", cert); #endif } else { - NSSASCII7 *email; - NSSArena *arena; - arena = nssArena_Create(); - if (!arena) { - return PR_FAILURE; - } - /* Create a new list of subject lists, add this subject */ - subjects = nssList_Create(arena, PR_TRUE); - if (!subjects) { - nssArena_Destroy(arena); - return PR_FAILURE; - } - /* Add the new subject to the list */ - nssrv = nssList_AddUnique(subjects, subjectList); - if (nssrv != PR_SUCCESS) { - nssArena_Destroy(arena); - return nssrv; - } - /* Add the new entry to the cache */ - ce = new_cache_entry(arena, (void *)subjects, PR_TRUE); - if (!ce) { - nssArena_Destroy(arena); - return PR_FAILURE; - } - email = nssUTF8_Duplicate(cert->email, arena); - if (!email) { - nssArena_Destroy(arena); - return PR_FAILURE; - } - nssrv = nssHash_Add(cache->email, email, ce); - if (nssrv != PR_SUCCESS) { - nssArena_Destroy(arena); - return nssrv; - } + NSSASCII7 *email; + NSSArena *arena; + arena = nssArena_Create(); + if (!arena) { + return PR_FAILURE; + } + /* Create a new list of subject lists, add this subject */ + subjects = nssList_Create(arena, PR_TRUE); + if (!subjects) { + nssArena_Destroy(arena); + return PR_FAILURE; + } + /* Add the new subject to the list */ + nssrv = nssList_AddUnique(subjects, subjectList); + if (nssrv != PR_SUCCESS) { + nssArena_Destroy(arena); + return nssrv; + } + /* Add the new entry to the cache */ + ce = new_cache_entry(arena, (void *)subjects, PR_TRUE); + if (!ce) { + nssArena_Destroy(arena); + return PR_FAILURE; + } + email = nssUTF8_Duplicate(cert->email, arena); + if (!email) { + nssArena_Destroy(arena); + return PR_FAILURE; + } + nssrv = nssHash_Add(cache->email, email, ce); + if (nssrv != PR_SUCCESS) { + nssArena_Destroy(arena); + return nssrv; + } #ifdef DEBUG_CACHE - log_cert_ref("created email for", cert); + log_cert_ref("created email for", cert); #endif } return nssrv; @@ -674,24 +659,22 @@ add_email_entry ( extern const NSSError NSS_ERROR_CERTIFICATE_IN_CACHE; static void -remove_object_instances ( - nssPKIObject *object, - nssCryptokiObject **instances, - int numInstances -) +remove_object_instances( + nssPKIObject *object, + nssCryptokiObject **instances, + int numInstances) { int i; for (i = 0; i < numInstances; i++) { - nssPKIObject_RemoveInstanceForToken(object, instances[i]->token); + nssPKIObject_RemoveInstanceForToken(object, instances[i]->token); } } static SECStatus -merge_object_instances ( - nssPKIObject *to, - nssPKIObject *from -) +merge_object_instances( + nssPKIObject *to, + nssPKIObject *from) { nssCryptokiObject **instances, **ci; int i; @@ -699,29 +682,28 @@ merge_object_instances ( instances = nssPKIObject_GetInstances(from); if (instances == NULL) { - return SECFailure; + return SECFailure; } for (ci = instances, i = 0; *ci; ci++, i++) { - nssCryptokiObject *instance = nssCryptokiObject_Clone(*ci); - if (instance) { - if (nssPKIObject_AddInstance(to, instance) == PR_SUCCESS) { - continue; - } - nssCryptokiObject_Destroy(instance); - } - remove_object_instances(to, instances, i); - rv = SECFailure; - break; + nssCryptokiObject *instance = nssCryptokiObject_Clone(*ci); + if (instance) { + if (nssPKIObject_AddInstance(to, instance) == PR_SUCCESS) { + continue; + } + nssCryptokiObject_Destroy(instance); + } + remove_object_instances(to, instances, i); + rv = SECFailure; + break; } nssCryptokiObjectArray_Destroy(instances); return rv; } static NSSCertificate * -add_cert_to_cache ( - NSSTrustDomain *td, - NSSCertificate *cert -) +add_cert_to_cache( + NSSTrustDomain *td, + NSSCertificate *cert) { NSSArena *arena = NULL; nssList *subjectList = NULL; @@ -735,85 +717,84 @@ add_cert_to_cache ( /* If it exists in the issuer/serial hash, it's already in all */ ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, cert); if (ce) { - ce->hits++; - ce->lastHit = PR_Now(); - rvCert = nssCertificate_AddRef(ce->entry.cert); + ce->hits++; + ce->lastHit = PR_Now(); + rvCert = nssCertificate_AddRef(ce->entry.cert); #ifdef DEBUG_CACHE - log_cert_ref("attempted to add cert already in cache", cert); + log_cert_ref("attempted to add cert already in cache", cert); #endif - PZ_Unlock(td->cache->lock); + PZ_Unlock(td->cache->lock); nss_ZFreeIf(certNickname); - /* collision - somebody else already added the cert - * to the cache before this thread got around to it. - */ - /* merge the instances of the cert */ - if (merge_object_instances(&rvCert->object, &cert->object) - != SECSuccess) { - nssCertificate_Destroy(rvCert); - return NULL; - } - STAN_ForceCERTCertificateUpdate(rvCert); - nssCertificate_Destroy(cert); - return rvCert; + /* collision - somebody else already added the cert + * to the cache before this thread got around to it. + */ + /* merge the instances of the cert */ + if (merge_object_instances(&rvCert->object, &cert->object) != SECSuccess) { + nssCertificate_Destroy(rvCert); + return NULL; + } + STAN_ForceCERTCertificateUpdate(rvCert); + nssCertificate_Destroy(cert); + return rvCert; } /* create a new cache entry for this cert within the cert's arena*/ nssrv = add_issuer_and_serial_entry(cert->object.arena, td->cache, cert); if (nssrv != PR_SUCCESS) { - goto loser; + goto loser; } added++; /* create an arena for the nickname and subject entries */ arena = nssArena_Create(); if (!arena) { - goto loser; + goto loser; } /* create a new subject list for this cert, or add to existing */ - nssrv = add_subject_entry(arena, td->cache, cert, - certNickname, &subjectList); + nssrv = add_subject_entry(arena, td->cache, cert, + certNickname, &subjectList); if (nssrv != PR_SUCCESS) { - goto loser; + goto loser; } added++; /* If a new subject entry was created, also need nickname and/or email */ if (subjectList != NULL) { #ifdef nodef - PRBool handle = PR_FALSE; + PRBool handle = PR_FALSE; #endif - if (certNickname) { - nssrv = add_nickname_entry(arena, td->cache, - certNickname, subjectList); - if (nssrv != PR_SUCCESS) { - goto loser; - } + if (certNickname) { + nssrv = add_nickname_entry(arena, td->cache, + certNickname, subjectList); + if (nssrv != PR_SUCCESS) { + goto loser; + } #ifdef nodef - handle = PR_TRUE; + handle = PR_TRUE; #endif - added++; - } - if (cert->email) { - nssrv = add_email_entry(td->cache, cert, subjectList); - if (nssrv != PR_SUCCESS) { - goto loser; - } + added++; + } + if (cert->email) { + nssrv = add_email_entry(td->cache, cert, subjectList); + if (nssrv != PR_SUCCESS) { + goto loser; + } #ifdef nodef - handle = PR_TRUE; + handle = PR_TRUE; #endif - added += 2; - } + added += 2; + } #ifdef nodef - /* I think either a nickname or email address must be associated - * with the cert. However, certs are passed to NewTemp without - * either. This worked in the old code, so it must work now. - */ - if (!handle) { - /* Require either nickname or email handle */ - nssrv = PR_FAILURE; - goto loser; - } + /* I think either a nickname or email address must be associated + * with the cert. However, certs are passed to NewTemp without + * either. This worked in the old code, so it must work now. + */ + if (!handle) { + /* Require either nickname or email handle */ + nssrv = PR_FAILURE; + goto loser; + } #endif } else { - /* A new subject entry was not created. arena is unused. */ - nssArena_Destroy(arena); + /* A new subject entry was not created. arena is unused. */ + nssArena_Destroy(arena); } rvCert = cert; PZ_Unlock(td->cache->lock); @@ -825,78 +806,76 @@ loser: /* Remove any handles that have been created */ subjectList = NULL; if (added >= 1) { - (void)remove_issuer_and_serial_entry(td->cache, cert); + (void)remove_issuer_and_serial_entry(td->cache, cert); } if (added >= 2) { - (void)remove_subject_entry(td->cache, cert, &subjectList, - &certNickname, &arena); + (void)remove_subject_entry(td->cache, cert, &subjectList, + &certNickname, &arena); } if (added == 3 || added == 5) { - (void)remove_nickname_entry(td->cache, certNickname, subjectList); + (void)remove_nickname_entry(td->cache, certNickname, subjectList); } if (added >= 4) { - (void)remove_email_entry(td->cache, cert, subjectList); + (void)remove_email_entry(td->cache, cert, subjectList); } if (subjectList) { - nssHash_Remove(td->cache->subject, &cert->subject); - nssList_Destroy(subjectList); + nssHash_Remove(td->cache->subject, &cert->subject); + nssList_Destroy(subjectList); } if (arena) { - nssArena_Destroy(arena); + nssArena_Destroy(arena); } PZ_Unlock(td->cache->lock); return NULL; } NSS_IMPLEMENT PRStatus -nssTrustDomain_AddCertsToCache ( - NSSTrustDomain *td, - NSSCertificate **certs, - PRUint32 numCerts -) +nssTrustDomain_AddCertsToCache( + NSSTrustDomain *td, + NSSCertificate **certs, + PRUint32 numCerts) { PRUint32 i; NSSCertificate *c; - for (i=0; i<numCerts && certs[i]; i++) { - c = add_cert_to_cache(td, certs[i]); - if (c == NULL) { - return PR_FAILURE; - } else { - certs[i] = c; - } + for (i = 0; i < numCerts && certs[i]; i++) { + c = add_cert_to_cache(td, certs[i]); + if (c == NULL) { + return PR_FAILURE; + } else { + certs[i] = c; + } } return PR_SUCCESS; } static NSSCertificate ** -collect_subject_certs ( - nssList *subjectList, - nssList *rvCertListOpt -) +collect_subject_certs( + nssList *subjectList, + nssList *rvCertListOpt) { NSSCertificate *c; NSSCertificate **rvArray = NULL; PRUint32 count; nssCertificateList_AddReferences(subjectList); if (rvCertListOpt) { - nssListIterator *iter = nssList_CreateIterator(subjectList); - if (!iter) { - return (NSSCertificate **)NULL; - } - for (c = (NSSCertificate *)nssListIterator_Start(iter); - c != (NSSCertificate *)NULL; - c = (NSSCertificate *)nssListIterator_Next(iter)) { - nssList_Add(rvCertListOpt, c); - } - nssListIterator_Finish(iter); - nssListIterator_Destroy(iter); + nssListIterator *iter = nssList_CreateIterator(subjectList); + if (!iter) { + return (NSSCertificate **)NULL; + } + for (c = (NSSCertificate *)nssListIterator_Start(iter); + c != (NSSCertificate *)NULL; + c = (NSSCertificate *)nssListIterator_Next(iter)) { + nssList_Add(rvCertListOpt, c); + } + nssListIterator_Finish(iter); + nssListIterator_Destroy(iter); } else { - count = nssList_Count(subjectList); - rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); - if (!rvArray) { - return (NSSCertificate **)NULL; - } - nssList_GetArray(subjectList, (void **)rvArray, count); + count = nssList_Count(subjectList); + rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); + if (!rvArray) { + return (NSSCertificate **)NULL; + } + nssList_GetArray(subjectList, (void **)rvArray, count); } return rvArray; } @@ -905,11 +884,10 @@ collect_subject_certs ( * Find all cached certs with this subject. */ NSS_IMPLEMENT NSSCertificate ** -nssTrustDomain_GetCertsForSubjectFromCache ( - NSSTrustDomain *td, - NSSDER *subject, - nssList *certListOpt -) +nssTrustDomain_GetCertsForSubjectFromCache( + NSSTrustDomain *td, + NSSDER *subject, + nssList *certListOpt) { NSSCertificate **rvArray = NULL; cache_entry *ce; @@ -919,12 +897,12 @@ nssTrustDomain_GetCertsForSubjectFromCache ( PZ_Lock(td->cache->lock); ce = (cache_entry *)nssHash_Lookup(td->cache->subject, subject); if (ce) { - ce->hits++; - ce->lastHit = PR_Now(); + ce->hits++; + ce->lastHit = PR_Now(); #ifdef DEBUG_CACHE - PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); + PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); #endif - rvArray = collect_subject_certs(ce->entry.list, certListOpt); + rvArray = collect_subject_certs(ce->entry.list, certListOpt); } PZ_Unlock(td->cache->lock); return rvArray; @@ -934,11 +912,10 @@ nssTrustDomain_GetCertsForSubjectFromCache ( * Find all cached certs with this label. */ NSS_IMPLEMENT NSSCertificate ** -nssTrustDomain_GetCertsForNicknameFromCache ( - NSSTrustDomain *td, - const NSSUTF8 *nickname, - nssList *certListOpt -) +nssTrustDomain_GetCertsForNicknameFromCache( + NSSTrustDomain *td, + const NSSUTF8 *nickname, + nssList *certListOpt) { NSSCertificate **rvArray = NULL; cache_entry *ce; @@ -948,12 +925,12 @@ nssTrustDomain_GetCertsForNicknameFromCache ( PZ_Lock(td->cache->lock); ce = (cache_entry *)nssHash_Lookup(td->cache->nickname, nickname); if (ce) { - ce->hits++; - ce->lastHit = PR_Now(); + ce->hits++; + ce->lastHit = PR_Now(); #ifdef DEBUG_CACHE - PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); + PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); #endif - rvArray = collect_subject_certs(ce->entry.list, certListOpt); + rvArray = collect_subject_certs(ce->entry.list, certListOpt); } PZ_Unlock(td->cache->lock); return rvArray; @@ -963,11 +940,10 @@ nssTrustDomain_GetCertsForNicknameFromCache ( * Find all cached certs with this email address. */ NSS_IMPLEMENT NSSCertificate ** -nssTrustDomain_GetCertsForEmailAddressFromCache ( - NSSTrustDomain *td, - NSSASCII7 *email, - nssList *certListOpt -) +nssTrustDomain_GetCertsForEmailAddressFromCache( + NSSTrustDomain *td, + NSSASCII7 *email, + nssList *certListOpt) { NSSCertificate **rvArray = NULL; cache_entry *ce; @@ -980,45 +956,45 @@ nssTrustDomain_GetCertsForEmailAddressFromCache ( PZ_Lock(td->cache->lock); ce = (cache_entry *)nssHash_Lookup(td->cache->email, email); if (ce) { - ce->hits++; - ce->lastHit = PR_Now(); + ce->hits++; + ce->lastHit = PR_Now(); #ifdef DEBUG_CACHE - PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); + PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); #endif - /* loop over subject lists and get refs for certs */ - if (certListOpt) { - collectList = certListOpt; - } else { - collectList = nssList_Create(NULL, PR_FALSE); - if (!collectList) { - PZ_Unlock(td->cache->lock); - return NULL; - } - } - iter = nssList_CreateIterator(ce->entry.list); - if (!iter) { - PZ_Unlock(td->cache->lock); - if (!certListOpt) { - nssList_Destroy(collectList); - } - return NULL; - } - for (subjectList = (nssList *)nssListIterator_Start(iter); - subjectList != (nssList *)NULL; - subjectList = (nssList *)nssListIterator_Next(iter)) { - (void)collect_subject_certs(subjectList, collectList); - } - nssListIterator_Finish(iter); - nssListIterator_Destroy(iter); + /* loop over subject lists and get refs for certs */ + if (certListOpt) { + collectList = certListOpt; + } else { + collectList = nssList_Create(NULL, PR_FALSE); + if (!collectList) { + PZ_Unlock(td->cache->lock); + return NULL; + } + } + iter = nssList_CreateIterator(ce->entry.list); + if (!iter) { + PZ_Unlock(td->cache->lock); + if (!certListOpt) { + nssList_Destroy(collectList); + } + return NULL; + } + for (subjectList = (nssList *)nssListIterator_Start(iter); + subjectList != (nssList *)NULL; + subjectList = (nssList *)nssListIterator_Next(iter)) { + (void)collect_subject_certs(subjectList, collectList); + } + nssListIterator_Finish(iter); + nssListIterator_Destroy(iter); } PZ_Unlock(td->cache->lock); if (!certListOpt && collectList) { - PRUint32 count = nssList_Count(collectList); - rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count); - if (rvArray) { - nssList_GetArray(collectList, (void **)rvArray, count); - } - nssList_Destroy(collectList); + PRUint32 count = nssList_Count(collectList); + rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count); + if (rvArray) { + nssList_GetArray(collectList, (void **)rvArray, count); + } + nssList_Destroy(collectList); } return rvArray; } @@ -1027,11 +1003,10 @@ nssTrustDomain_GetCertsForEmailAddressFromCache ( * Look for a specific cert in the cache */ NSS_IMPLEMENT NSSCertificate * -nssTrustDomain_GetCertForIssuerAndSNFromCache ( - NSSTrustDomain *td, - NSSDER *issuer, - NSSDER *serial -) +nssTrustDomain_GetCertForIssuerAndSNFromCache( + NSSTrustDomain *td, + NSSDER *issuer, + NSSDER *serial) { NSSCertificate certkey; NSSCertificate *rvCert = NULL; @@ -1047,11 +1022,11 @@ nssTrustDomain_GetCertForIssuerAndSNFromCache ( PZ_Lock(td->cache->lock); ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, &certkey); if (ce) { - ce->hits++; - ce->lastHit = PR_Now(); - rvCert = nssCertificate_AddRef(ce->entry.cert); + ce->hits++; + ce->lastHit = PR_Now(); + rvCert = nssCertificate_AddRef(ce->entry.cert); #ifdef DEBUG_CACHE - PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); + PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); #endif } PZ_Unlock(td->cache->lock); @@ -1062,29 +1037,29 @@ nssTrustDomain_GetCertForIssuerAndSNFromCache ( * Look for a specific cert in the cache */ NSS_IMPLEMENT NSSCertificate * -nssTrustDomain_GetCertByDERFromCache ( - NSSTrustDomain *td, - NSSDER *der -) +nssTrustDomain_GetCertByDERFromCache( + NSSTrustDomain *td, + NSSDER *der) { PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert; nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial); if (nssrv != PR_SUCCESS) { - return NULL; + return NULL; } #ifdef DEBUG_CACHE log_item_dump("looking for cert by DER", der); #endif - rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, + rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, &issuer, &serial); PORT_Free(issuer.data); PORT_Free(serial.data); return rvCert; } -static void cert_iter(const void *k, void *v, void *a) +static void +cert_iter(const void *k, void *v, void *a) { nssList *certList = (nssList *)a; NSSCertificate *c = (NSSCertificate *)k; @@ -1092,40 +1067,38 @@ static void cert_iter(const void *k, void *v, void *a) } NSS_EXTERN NSSCertificate ** -nssTrustDomain_GetCertsFromCache ( - NSSTrustDomain *td, - nssList *certListOpt -) +nssTrustDomain_GetCertsFromCache( + NSSTrustDomain *td, + nssList *certListOpt) { NSSCertificate **rvArray = NULL; nssList *certList; if (certListOpt) { - certList = certListOpt; + certList = certListOpt; } else { - certList = nssList_Create(NULL, PR_FALSE); - if (!certList) { - return NULL; - } + certList = nssList_Create(NULL, PR_FALSE); + if (!certList) { + return NULL; + } } PZ_Lock(td->cache->lock); nssHash_Iterate(td->cache->issuerAndSN, cert_iter, (void *)certList); PZ_Unlock(td->cache->lock); if (!certListOpt) { - PRUint32 count = nssList_Count(certList); - rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count); - nssList_GetArray(certList, (void **)rvArray, count); - /* array takes the references */ - nssList_Destroy(certList); + PRUint32 count = nssList_Count(certList); + rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count); + nssList_GetArray(certList, (void **)rvArray, count); + /* array takes the references */ + nssList_Destroy(certList); } return rvArray; } NSS_IMPLEMENT void -nssTrustDomain_DumpCacheInfo ( - NSSTrustDomain *td, - void (* cert_dump_iter)(const void *, void *, void *), - void *arg -) +nssTrustDomain_DumpCacheInfo( + NSSTrustDomain *td, + void (*cert_dump_iter)(const void *, void *, void *), + void *arg) { PZ_Lock(td->cache->lock); nssHash_Iterate(td->cache->issuerAndSN, cert_dump_iter, arg); diff --git a/nss/lib/pki/trustdomain.c b/nss/lib/pki/trustdomain.c index 90e8f26..49f7dc5 100644 --- a/nss/lib/pki/trustdomain.c +++ b/nss/lib/pki/trustdomain.c @@ -22,27 +22,26 @@ extern const NSSError NSS_ERROR_NOT_FOUND; typedef PRUint32 nssUpdateLevel; NSS_IMPLEMENT NSSTrustDomain * -NSSTrustDomain_Create ( - NSSUTF8 *moduleOpt, - NSSUTF8 *uriOpt, - NSSUTF8 *opaqueOpt, - void *reserved -) +NSSTrustDomain_Create( + NSSUTF8 *moduleOpt, + NSSUTF8 *uriOpt, + NSSUTF8 *opaqueOpt, + void *reserved) { NSSArena *arena; NSSTrustDomain *rvTD; arena = NSSArena_Create(); - if(!arena) { - return (NSSTrustDomain *)NULL; + if (!arena) { + return (NSSTrustDomain *)NULL; } rvTD = nss_ZNEW(arena, NSSTrustDomain); if (!rvTD) { - goto loser; + goto loser; } /* protect the token list and the token iterator */ rvTD->tokensLock = NSSRWLock_New(100, "tokens"); if (!rvTD->tokensLock) { - goto loser; + goto loser; } nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE); rvTD->arena = arena; @@ -51,7 +50,7 @@ NSSTrustDomain_Create ( return rvTD; loser: if (rvTD && rvTD->tokensLock) { - NSSRWLock_Destroy(rvTD->tokensLock); + NSSRWLock_Destroy(rvTD->tokensLock); } nssArena_Destroy(arena); return (NSSTrustDomain *)NULL; @@ -62,205 +61,196 @@ token_destructor(void *t) { NSSToken *tok = (NSSToken *)t; /* The token holds the first/last reference to the slot. - * When the token is actually destroyed (ref count == 0), + * When the token is actually destroyed (ref count == 0), * the slot will also be destroyed. */ nssToken_Destroy(tok); } NSS_IMPLEMENT PRStatus -NSSTrustDomain_Destroy ( - NSSTrustDomain *td -) +NSSTrustDomain_Destroy( + NSSTrustDomain *td) { PRStatus status = PR_SUCCESS; if (--td->refCount == 0) { - /* Destroy each token in the list of tokens */ - if (td->tokens) { - nssListIterator_Destroy(td->tokens); - td->tokens = NULL; - } - if (td->tokenList) { - nssList_Clear(td->tokenList, token_destructor); - nssList_Destroy(td->tokenList); - td->tokenList = NULL; - } - NSSRWLock_Destroy(td->tokensLock); - td->tokensLock = NULL; - status = nssTrustDomain_DestroyCache(td); - if (status == PR_FAILURE) { - return status; - } - if (td->statusConfig) { - td->statusConfig->statusDestroy(td->statusConfig); - td->statusConfig = NULL; - } - /* Destroy the trust domain */ - nssArena_Destroy(td->arena); + /* Destroy each token in the list of tokens */ + if (td->tokens) { + nssListIterator_Destroy(td->tokens); + td->tokens = NULL; + } + if (td->tokenList) { + nssList_Clear(td->tokenList, token_destructor); + nssList_Destroy(td->tokenList); + td->tokenList = NULL; + } + NSSRWLock_Destroy(td->tokensLock); + td->tokensLock = NULL; + status = nssTrustDomain_DestroyCache(td); + if (status == PR_FAILURE) { + return status; + } + if (td->statusConfig) { + td->statusConfig->statusDestroy(td->statusConfig); + td->statusConfig = NULL; + } + /* Destroy the trust domain */ + nssArena_Destroy(td->arena); } return status; } /* XXX uses tokens until slot list is in place */ static NSSSlot ** -nssTrustDomain_GetActiveSlots ( - NSSTrustDomain *td, - nssUpdateLevel *updateLevel -) +nssTrustDomain_GetActiveSlots( + NSSTrustDomain *td, + nssUpdateLevel *updateLevel) { PRUint32 count; NSSSlot **slots = NULL; NSSToken **tp, **tokens; *updateLevel = 1; + if (!td->tokenList) { + return NULL; + } NSSRWLock_LockRead(td->tokensLock); count = nssList_Count(td->tokenList); tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1); if (!tokens) { - NSSRWLock_UnlockRead(td->tokensLock); - return NULL; + NSSRWLock_UnlockRead(td->tokensLock); + return NULL; } slots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1); if (!slots) { - NSSRWLock_UnlockRead(td->tokensLock); - nss_ZFreeIf(tokens); - return NULL; + NSSRWLock_UnlockRead(td->tokensLock); + nss_ZFreeIf(tokens); + return NULL; } nssList_GetArray(td->tokenList, (void **)tokens, count); NSSRWLock_UnlockRead(td->tokensLock); count = 0; for (tp = tokens; *tp; tp++) { - NSSSlot * slot = nssToken_GetSlot(*tp); + NSSSlot *slot = nssToken_GetSlot(*tp); if (!PK11_IsDisabled(slot->pk11slot)) { slots[count++] = slot; } else { - nssSlot_Destroy(slot); - } + nssSlot_Destroy(slot); + } } nss_ZFreeIf(tokens); if (!count) { - nss_ZFreeIf(slots); - slots = NULL; + nss_ZFreeIf(slots); + slots = NULL; } return slots; } /* XXX */ static nssSession * -nssTrustDomain_GetSessionForToken ( - NSSTrustDomain *td, - NSSToken *token -) +nssTrustDomain_GetSessionForToken( + NSSTrustDomain *td, + NSSToken *token) { return nssToken_GetDefaultSession(token); } NSS_IMPLEMENT PRStatus -NSSTrustDomain_SetDefaultCallback ( - NSSTrustDomain *td, - NSSCallback *newCallback, - NSSCallback **oldCallbackOpt -) +NSSTrustDomain_SetDefaultCallback( + NSSTrustDomain *td, + NSSCallback *newCallback, + NSSCallback **oldCallbackOpt) { if (oldCallbackOpt) { - *oldCallbackOpt = td->defaultCallback; + *oldCallbackOpt = td->defaultCallback; } td->defaultCallback = newCallback; return PR_SUCCESS; } NSS_IMPLEMENT NSSCallback * -nssTrustDomain_GetDefaultCallback ( - NSSTrustDomain *td, - PRStatus *statusOpt -) +nssTrustDomain_GetDefaultCallback( + NSSTrustDomain *td, + PRStatus *statusOpt) { if (statusOpt) { - *statusOpt = PR_SUCCESS; + *statusOpt = PR_SUCCESS; } return td->defaultCallback; } NSS_IMPLEMENT NSSCallback * -NSSTrustDomain_GetDefaultCallback ( - NSSTrustDomain *td, - PRStatus *statusOpt -) +NSSTrustDomain_GetDefaultCallback( + NSSTrustDomain *td, + PRStatus *statusOpt) { return nssTrustDomain_GetDefaultCallback(td, statusOpt); } NSS_IMPLEMENT PRStatus -NSSTrustDomain_LoadModule ( - NSSTrustDomain *td, - NSSUTF8 *moduleOpt, - NSSUTF8 *uriOpt, - NSSUTF8 *opaqueOpt, - void *reserved -) +NSSTrustDomain_LoadModule( + NSSTrustDomain *td, + NSSUTF8 *moduleOpt, + NSSUTF8 *uriOpt, + NSSUTF8 *opaqueOpt, + void *reserved) { return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSTrustDomain_DisableToken ( - NSSTrustDomain *td, - NSSToken *token, - NSSError why -) +NSSTrustDomain_DisableToken( + NSSTrustDomain *td, + NSSToken *token, + NSSError why) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSTrustDomain_EnableToken ( - NSSTrustDomain *td, - NSSToken *token -) +NSSTrustDomain_EnableToken( + NSSTrustDomain *td, + NSSToken *token) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSTrustDomain_IsTokenEnabled ( - NSSTrustDomain *td, - NSSToken *token, - NSSError *whyOpt -) +NSSTrustDomain_IsTokenEnabled( + NSSTrustDomain *td, + NSSToken *token, + NSSError *whyOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSSlot * -NSSTrustDomain_FindSlotByName ( - NSSTrustDomain *td, - NSSUTF8 *slotName -) +NSSTrustDomain_FindSlotByName( + NSSTrustDomain *td, + NSSUTF8 *slotName) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSToken * -NSSTrustDomain_FindTokenByName ( - NSSTrustDomain *td, - NSSUTF8 *tokenName -) +NSSTrustDomain_FindTokenByName( + NSSTrustDomain *td, + NSSUTF8 *tokenName) { PRStatus nssrv; NSSUTF8 *myName; NSSToken *tok = NULL; NSSRWLock_LockRead(td->tokensLock); - for (tok = (NSSToken *)nssListIterator_Start(td->tokens); + for (tok = (NSSToken *)nssListIterator_Start(td->tokens); tok != (NSSToken *)NULL; - tok = (NSSToken *)nssListIterator_Next(td->tokens)) - { - if (nssToken_IsPresent(tok)) { - myName = nssToken_GetName(tok); - if (nssUTF8_Equal(tokenName, myName, &nssrv)) break; - } + tok = (NSSToken *)nssListIterator_Next(td->tokens)) { + if (nssToken_IsPresent(tok)) { + myName = nssToken_GetName(tok); + if (nssUTF8_Equal(tokenName, myName, &nssrv)) + break; + } } nssListIterator_Finish(td->tokens); NSSRWLock_UnlockRead(td->tokensLock); @@ -268,117 +258,106 @@ NSSTrustDomain_FindTokenByName ( } NSS_IMPLEMENT NSSToken * -NSSTrustDomain_FindTokenBySlotName ( - NSSTrustDomain *td, - NSSUTF8 *slotName -) +NSSTrustDomain_FindTokenBySlotName( + NSSTrustDomain *td, + NSSUTF8 *slotName) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSToken * -NSSTrustDomain_FindTokenForAlgorithm ( - NSSTrustDomain *td, - NSSOID *algorithm -) +NSSTrustDomain_FindTokenForAlgorithm( + NSSTrustDomain *td, + NSSOID *algorithm) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSToken * -NSSTrustDomain_FindBestTokenForAlgorithms ( - NSSTrustDomain *td, - NSSOID *algorithms[], /* may be null-terminated */ - PRUint32 nAlgorithmsOpt /* limits the array if nonzero */ -) +NSSTrustDomain_FindBestTokenForAlgorithms( + NSSTrustDomain *td, + NSSOID *algorithms[], /* may be null-terminated */ + PRUint32 nAlgorithmsOpt /* limits the array if nonzero */ + ) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT PRStatus -NSSTrustDomain_Login ( - NSSTrustDomain *td, - NSSCallback *uhhOpt -) +NSSTrustDomain_Login( + NSSTrustDomain *td, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT PRStatus -NSSTrustDomain_Logout ( - NSSTrustDomain *td -) +NSSTrustDomain_Logout(NSSTrustDomain *td) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_ImportCertificate ( - NSSTrustDomain *td, - NSSCertificate *c -) +NSSTrustDomain_ImportCertificate( + NSSTrustDomain *td, + NSSCertificate *c) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_ImportPKIXCertificate ( - NSSTrustDomain *td, - /* declared as a struct until these "data types" are defined */ - struct NSSPKIXCertificateStr *pc -) +NSSTrustDomain_ImportPKIXCertificate( + NSSTrustDomain *td, + /* declared as a struct until these "data types" are defined */ + struct NSSPKIXCertificateStr *pc) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_ImportEncodedCertificate ( - NSSTrustDomain *td, - NSSBER *ber -) +NSSTrustDomain_ImportEncodedCertificate( + NSSTrustDomain *td, + NSSBER *ber) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSTrustDomain_ImportEncodedCertificateChain ( - NSSTrustDomain *td, - NSSBER *ber, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSTrustDomain_ImportEncodedCertificateChain( + NSSTrustDomain *td, + NSSBER *ber, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSPrivateKey * -NSSTrustDomain_ImportEncodedPrivateKey ( - NSSTrustDomain *td, - NSSBER *ber, - NSSItem *passwordOpt, /* NULL will cause a callback */ - NSSCallback *uhhOpt, - NSSToken *destination -) +NSSTrustDomain_ImportEncodedPrivateKey( + NSSTrustDomain *td, + NSSBER *ber, + NSSItem *passwordOpt, /* NULL will cause a callback */ + NSSCallback *uhhOpt, + NSSToken *destination) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSPublicKey * -NSSTrustDomain_ImportEncodedPublicKey ( - NSSTrustDomain *td, - NSSBER *ber -) +NSSTrustDomain_ImportEncodedPublicKey( + NSSTrustDomain *td, + NSSBER *ber) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; @@ -390,22 +369,21 @@ get_certs_from_list(nssList *list) PRUint32 count = nssList_Count(list); NSSCertificate **certs = NULL; if (count > 0) { - certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); - if (certs) { - nssList_GetArray(list, (void **)certs, count); - } + certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); + if (certs) { + nssList_GetArray(list, (void **)certs, count); + } } return certs; } NSS_IMPLEMENT NSSCertificate ** -nssTrustDomain_FindCertificatesByNickname ( - NSSTrustDomain *td, - const NSSUTF8 *name, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +nssTrustDomain_FindCertificatesByNickname( + NSSTrustDomain *td, + const NSSUTF8 *name, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { NSSToken *token = NULL; NSSSlot **slots = NULL; @@ -421,7 +399,7 @@ nssTrustDomain_FindCertificatesByNickname ( /* First, grab from the cache */ nameList = nssList_Create(NULL, PR_FALSE); if (!nameList) { - return NULL; + return NULL; } (void)nssTrustDomain_GetCertsForNicknameFromCache(td, name, nameList); rvCerts = get_certs_from_list(nameList); @@ -432,55 +410,55 @@ nssTrustDomain_FindCertificatesByNickname ( nssCertificateArray_Destroy(rvCerts); nssList_Destroy(nameList); if (!collection) { - return (NSSCertificate **)NULL; + return (NSSCertificate **)NULL; } /* obtain the current set of active slots in the trust domain */ slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); if (!slots) { - goto loser; + goto loser; } /* iterate over the slots */ for (slotp = slots; *slotp; slotp++) { - token = nssSlot_GetToken(*slotp); - if (token) { - nssSession *session; - nssCryptokiObject **instances = NULL; - nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - PRStatus status = PR_FAILURE; - - session = nssTrustDomain_GetSessionForToken(td, token); - if (session) { - instances = nssToken_FindCertificatesByNickname(token, - session, - name, - tokenOnly, - numRemaining, - &status); - } - nssToken_Destroy(token); - if (status != PR_SUCCESS) { - errors++; - continue; - } - if (instances) { - status = nssPKIObjectCollection_AddInstances(collection, - instances, 0); - nss_ZFreeIf(instances); - if (status != PR_SUCCESS) { - errors++; - continue; - } - collectionCount = nssPKIObjectCollection_Count(collection); - if (maximumOpt > 0) { - if (collectionCount >= maximumOpt) - break; - numRemaining = maximumOpt - collectionCount; - } - } - } + token = nssSlot_GetToken(*slotp); + if (token) { + nssSession *session; + nssCryptokiObject **instances = NULL; + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + PRStatus status = PR_FAILURE; + + session = nssTrustDomain_GetSessionForToken(td, token); + if (session) { + instances = nssToken_FindCertificatesByNickname(token, + session, + name, + tokenOnly, + numRemaining, + &status); + } + nssToken_Destroy(token); + if (status != PR_SUCCESS) { + errors++; + continue; + } + if (instances) { + status = nssPKIObjectCollection_AddInstances(collection, + instances, 0); + nss_ZFreeIf(instances); + if (status != PR_SUCCESS) { + errors++; + continue; + } + collectionCount = nssPKIObjectCollection_Count(collection); + if (maximumOpt > 0) { + if (collectionCount >= maximumOpt) + break; + numRemaining = maximumOpt - collectionCount; + } + } + } } if (!collectionCount && errors) - goto loser; + goto loser; /* Grab the certs collected in the search. */ rvCerts = nssPKIObjectCollection_GetCertificates(collection, rvOpt, maximumOpt, @@ -491,22 +469,21 @@ nssTrustDomain_FindCertificatesByNickname ( return rvCerts; loser: if (slots) { - nssSlotArray_Destroy(slots); + nssSlotArray_Destroy(slots); } if (collection) { - nssPKIObjectCollection_Destroy(collection); + nssPKIObjectCollection_Destroy(collection); } return (NSSCertificate **)NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSTrustDomain_FindCertificatesByNickname ( - NSSTrustDomain *td, - NSSUTF8 *name, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSTrustDomain_FindCertificatesByNickname( + NSSTrustDomain *td, + NSSUTF8 *name, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { return nssTrustDomain_FindCertificatesByNickname(td, name, @@ -516,13 +493,12 @@ NSSTrustDomain_FindCertificatesByNickname ( } NSS_IMPLEMENT NSSCertificate * -nssTrustDomain_FindBestCertificateByNickname ( - NSSTrustDomain *td, - const NSSUTF8 *name, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +nssTrustDomain_FindBestCertificateByNickname( + NSSTrustDomain *td, + const NSSUTF8 *name, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { NSSCertificate **nicknameCerts; NSSCertificate *rvCert = NULL; @@ -531,23 +507,22 @@ nssTrustDomain_FindBestCertificateByNickname ( 0, NULL); if (nicknameCerts) { - rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts, + rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts, timeOpt, usage, policiesOpt); - nssCertificateArray_Destroy(nicknameCerts); + nssCertificateArray_Destroy(nicknameCerts); } return rvCert; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindBestCertificateByNickname ( - NSSTrustDomain *td, - const NSSUTF8 *name, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSTrustDomain_FindBestCertificateByNickname( + NSSTrustDomain *td, + const NSSUTF8 *name, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { return nssTrustDomain_FindBestCertificateByNickname(td, name, @@ -557,13 +532,12 @@ NSSTrustDomain_FindBestCertificateByNickname ( } NSS_IMPLEMENT NSSCertificate ** -nssTrustDomain_FindCertificatesBySubject ( - NSSTrustDomain *td, - NSSDER *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +nssTrustDomain_FindCertificatesBySubject( + NSSTrustDomain *td, + NSSDER *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { NSSToken *token = NULL; NSSSlot **slots = NULL; @@ -579,7 +553,7 @@ nssTrustDomain_FindCertificatesBySubject ( /* look in cache */ subjectList = nssList_Create(NULL, PR_FALSE); if (!subjectList) { - return NULL; + return NULL; } (void)nssTrustDomain_GetCertsForSubjectFromCache(td, subject, subjectList); rvCerts = get_certs_from_list(subjectList); @@ -587,53 +561,53 @@ nssTrustDomain_FindCertificatesBySubject ( nssCertificateArray_Destroy(rvCerts); nssList_Destroy(subjectList); if (!collection) { - return (NSSCertificate **)NULL; + return (NSSCertificate **)NULL; } slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); if (!slots) { - goto loser; + goto loser; } for (slotp = slots; *slotp; slotp++) { - token = nssSlot_GetToken(*slotp); - if (token) { - nssSession *session; - nssCryptokiObject **instances = NULL; - nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - PRStatus status = PR_FAILURE; - - session = nssTrustDomain_GetSessionForToken(td, token); - if (session) { - instances = nssToken_FindCertificatesBySubject(token, - session, - subject, - tokenOnly, - numRemaining, - &status); - } - nssToken_Destroy(token); - if (status != PR_SUCCESS) { - errors++; - continue; - } - if (instances) { - status = nssPKIObjectCollection_AddInstances(collection, - instances, 0); - nss_ZFreeIf(instances); - if (status != PR_SUCCESS) { - errors++; - continue; - } - collectionCount = nssPKIObjectCollection_Count(collection); - if (maximumOpt > 0) { - if (collectionCount >= maximumOpt) - break; - numRemaining = maximumOpt - collectionCount; - } - } - } + token = nssSlot_GetToken(*slotp); + if (token) { + nssSession *session; + nssCryptokiObject **instances = NULL; + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + PRStatus status = PR_FAILURE; + + session = nssTrustDomain_GetSessionForToken(td, token); + if (session) { + instances = nssToken_FindCertificatesBySubject(token, + session, + subject, + tokenOnly, + numRemaining, + &status); + } + nssToken_Destroy(token); + if (status != PR_SUCCESS) { + errors++; + continue; + } + if (instances) { + status = nssPKIObjectCollection_AddInstances(collection, + instances, 0); + nss_ZFreeIf(instances); + if (status != PR_SUCCESS) { + errors++; + continue; + } + collectionCount = nssPKIObjectCollection_Count(collection); + if (maximumOpt > 0) { + if (collectionCount >= maximumOpt) + break; + numRemaining = maximumOpt - collectionCount; + } + } + } } if (!collectionCount && errors) - goto loser; + goto loser; rvCerts = nssPKIObjectCollection_GetCertificates(collection, rvOpt, maximumOpt, arenaOpt); @@ -642,24 +616,23 @@ nssTrustDomain_FindCertificatesBySubject ( return rvCerts; loser: if (slots) { - nssSlotArray_Destroy(slots); + nssSlotArray_Destroy(slots); } if (collection) { - nssPKIObjectCollection_Destroy(collection); + nssPKIObjectCollection_Destroy(collection); } return (NSSCertificate **)NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSTrustDomain_FindCertificatesBySubject ( - NSSTrustDomain *td, - NSSDER *subject, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, - NSSArena *arenaOpt -) +NSSTrustDomain_FindCertificatesBySubject( + NSSTrustDomain *td, + NSSDER *subject, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, + NSSArena *arenaOpt) { - return nssTrustDomain_FindCertificatesBySubject(td, + return nssTrustDomain_FindCertificatesBySubject(td, subject, rvOpt, maximumOpt, @@ -667,13 +640,12 @@ NSSTrustDomain_FindCertificatesBySubject ( } NSS_IMPLEMENT NSSCertificate * -nssTrustDomain_FindBestCertificateBySubject ( - NSSTrustDomain *td, - NSSDER *subject, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +nssTrustDomain_FindBestCertificateBySubject( + NSSTrustDomain *td, + NSSDER *subject, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { NSSCertificate **subjectCerts; NSSCertificate *rvCert = NULL; @@ -682,23 +654,22 @@ nssTrustDomain_FindBestCertificateBySubject ( 0, NULL); if (subjectCerts) { - rvCert = nssCertificateArray_FindBestCertificate(subjectCerts, + rvCert = nssCertificateArray_FindBestCertificate(subjectCerts, timeOpt, usage, policiesOpt); - nssCertificateArray_Destroy(subjectCerts); + nssCertificateArray_Destroy(subjectCerts); } return rvCert; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindBestCertificateBySubject ( - NSSTrustDomain *td, - NSSDER *subject, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSTrustDomain_FindBestCertificateBySubject( + NSSTrustDomain *td, + NSSDER *subject, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { return nssTrustDomain_FindBestCertificateBySubject(td, subject, @@ -708,26 +679,24 @@ NSSTrustDomain_FindBestCertificateBySubject ( } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindBestCertificateByNameComponents ( - NSSTrustDomain *td, - NSSUTF8 *nameComponents, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSTrustDomain_FindBestCertificateByNameComponents( + NSSTrustDomain *td, + NSSUTF8 *nameComponents, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSTrustDomain_FindCertificatesByNameComponents ( - NSSTrustDomain *td, - NSSUTF8 *nameComponents, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSTrustDomain_FindCertificatesByNameComponents( + NSSTrustDomain *td, + NSSUTF8 *nameComponents, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; @@ -737,11 +706,10 @@ NSSTrustDomain_FindCertificatesByNameComponents ( * when one is found. */ NSS_IMPLEMENT NSSCertificate * -nssTrustDomain_FindCertificateByIssuerAndSerialNumber ( - NSSTrustDomain *td, - NSSDER *issuer, - NSSDER *serial -) +nssTrustDomain_FindCertificateByIssuerAndSerialNumber( + NSSTrustDomain *td, + NSSDER *issuer, + NSSDER *serial) { NSSSlot **slots = NULL; NSSSlot **slotp; @@ -751,70 +719,69 @@ nssTrustDomain_FindCertificateByIssuerAndSerialNumber ( /* see if this search is already cached */ rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, - issuer, + issuer, serial); if (rvCert) { - return rvCert; + return rvCert; } slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); if (slots) { - for (slotp = slots; *slotp; slotp++) { - NSSToken *token = nssSlot_GetToken(*slotp); - nssSession *session; - nssCryptokiObject *instance; - nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - PRStatus status = PR_FAILURE; - - if (!token) - continue; - session = nssTrustDomain_GetSessionForToken(td, token); - if (session) { - instance = nssToken_FindCertificateByIssuerAndSerialNumber( - token, - session, - issuer, - serial, - tokenOnly, - &status); - } - nssToken_Destroy(token); - if (status != PR_SUCCESS) { - continue; - } - if (instance) { - if (!collection) { - collection = nssCertificateCollection_Create(td, NULL); - if (!collection) { - break; /* don't keep looping if out if memory */ - } - } - status = nssPKIObjectCollection_AddInstances(collection, - &instance, 1); - if (status == PR_SUCCESS) { - (void)nssPKIObjectCollection_GetCertificates( - collection, &rvCert, 1, NULL); - } - if (rvCert) { - break; /* found one cert, all done */ - } - } - } + for (slotp = slots; *slotp; slotp++) { + NSSToken *token = nssSlot_GetToken(*slotp); + nssSession *session; + nssCryptokiObject *instance; + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + PRStatus status = PR_FAILURE; + + if (!token) + continue; + session = nssTrustDomain_GetSessionForToken(td, token); + if (session) { + instance = nssToken_FindCertificateByIssuerAndSerialNumber( + token, + session, + issuer, + serial, + tokenOnly, + &status); + } + nssToken_Destroy(token); + if (status != PR_SUCCESS) { + continue; + } + if (instance) { + if (!collection) { + collection = nssCertificateCollection_Create(td, NULL); + if (!collection) { + break; /* don't keep looping if out if memory */ + } + } + status = nssPKIObjectCollection_AddInstances(collection, + &instance, 1); + if (status == PR_SUCCESS) { + (void)nssPKIObjectCollection_GetCertificates( + collection, &rvCert, 1, NULL); + } + if (rvCert) { + break; /* found one cert, all done */ + } + } + } } if (collection) { - nssPKIObjectCollection_Destroy(collection); + nssPKIObjectCollection_Destroy(collection); } if (slots) { - nssSlotArray_Destroy(slots); + nssSlotArray_Destroy(slots); } return rvCert; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindCertificateByIssuerAndSerialNumber ( - NSSTrustDomain *td, - NSSDER *issuer, - NSSDER *serial -) +NSSTrustDomain_FindCertificateByIssuerAndSerialNumber( + NSSTrustDomain *td, + NSSDER *issuer, + NSSDER *serial) { return nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td, issuer, @@ -822,10 +789,9 @@ NSSTrustDomain_FindCertificateByIssuerAndSerialNumber ( } NSS_IMPLEMENT NSSCertificate * -nssTrustDomain_FindCertificateByEncodedCertificate ( - NSSTrustDomain *td, - NSSBER *ber -) +nssTrustDomain_FindCertificateByEncodedCertificate( + NSSTrustDomain *td, + NSSBER *ber) { PRStatus status; NSSCertificate *rvCert = NULL; @@ -834,7 +800,7 @@ nssTrustDomain_FindCertificateByEncodedCertificate ( /* XXX this is not generic... will any cert crack into issuer/serial? */ status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial); if (status != PR_SUCCESS) { - return NULL; + return NULL; } rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td, &issuer, @@ -845,133 +811,123 @@ nssTrustDomain_FindCertificateByEncodedCertificate ( } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindCertificateByEncodedCertificate ( - NSSTrustDomain *td, - NSSBER *ber -) +NSSTrustDomain_FindCertificateByEncodedCertificate( + NSSTrustDomain *td, + NSSBER *ber) { return nssTrustDomain_FindCertificateByEncodedCertificate(td, ber); } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindBestCertificateByEmail ( - NSSTrustDomain *td, - NSSASCII7 *email, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSTrustDomain_FindBestCertificateByEmail( + NSSTrustDomain *td, + NSSASCII7 *email, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { return 0; } NSS_IMPLEMENT NSSCertificate ** -NSSTrustDomain_FindCertificatesByEmail ( - NSSTrustDomain *td, - NSSASCII7 *email, - NSSCertificate *rvOpt[], - PRUint32 maximumOpt, /* 0 for no max */ - NSSArena *arenaOpt -) +NSSTrustDomain_FindCertificatesByEmail( + NSSTrustDomain *td, + NSSASCII7 *email, + NSSCertificate *rvOpt[], + PRUint32 maximumOpt, /* 0 for no max */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindCertificateByOCSPHash ( - NSSTrustDomain *td, - NSSItem *hash -) +NSSTrustDomain_FindCertificateByOCSPHash( + NSSTrustDomain *td, + NSSItem *hash) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindBestUserCertificate ( - NSSTrustDomain *td, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policiesOpt -) +NSSTrustDomain_FindBestUserCertificate( + NSSTrustDomain *td, + NSSTime *timeOpt, + NSSUsage *usage, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSTrustDomain_FindUserCertificates ( - NSSTrustDomain *td, - NSSTime *timeOpt, - NSSUsage *usageOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -) +NSSTrustDomain_FindUserCertificates( + NSSTrustDomain *td, + NSSTime *timeOpt, + NSSUsage *usageOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindBestUserCertificateForSSLClientAuth ( - NSSTrustDomain *td, - NSSUTF8 *sslHostOpt, - NSSDER *rootCAsOpt[], /* null pointer for none */ - PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt -) +NSSTrustDomain_FindBestUserCertificateForSSLClientAuth( + NSSTrustDomain *td, + NSSUTF8 *sslHostOpt, + NSSDER *rootCAsOpt[], /* null pointer for none */ + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSTrustDomain_FindUserCertificatesForSSLClientAuth ( - NSSTrustDomain *td, - NSSUTF8 *sslHostOpt, - NSSDER *rootCAsOpt[], /* null pointer for none */ - PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -) +NSSTrustDomain_FindUserCertificatesForSSLClientAuth( + NSSTrustDomain *td, + NSSUTF8 *sslHostOpt, + NSSDER *rootCAsOpt[], /* null pointer for none */ + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate * -NSSTrustDomain_FindBestUserCertificateForEmailSigning ( - NSSTrustDomain *td, - NSSASCII7 *signerOpt, - NSSASCII7 *recipientOpt, - /* anything more here? */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt -) +NSSTrustDomain_FindBestUserCertificateForEmailSigning( + NSSTrustDomain *td, + NSSASCII7 *signerOpt, + NSSASCII7 *recipientOpt, + /* anything more here? */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCertificate ** -NSSTrustDomain_FindUserCertificatesForEmailSigning ( - NSSTrustDomain *td, - NSSASCII7 *signerOpt, - NSSASCII7 *recipientOpt, - /* anything more here? */ - NSSAlgorithmAndParameters *apOpt, - NSSPolicies *policiesOpt, - NSSCertificate **rvOpt, - PRUint32 rvLimit, /* zero for no limit */ - NSSArena *arenaOpt -) +NSSTrustDomain_FindUserCertificatesForEmailSigning( + NSSTrustDomain *td, + NSSASCII7 *signerOpt, + NSSASCII7 *recipientOpt, + /* anything more here? */ + NSSAlgorithmAndParameters *apOpt, + NSSPolicies *policiesOpt, + NSSCertificate **rvOpt, + PRUint32 rvLimit, /* zero for no limit */ + NSSArena *arenaOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; @@ -985,11 +941,10 @@ collector(nssCryptokiObject *instance, void *arg) } NSS_IMPLEMENT PRStatus * -NSSTrustDomain_TraverseCertificates ( - NSSTrustDomain *td, - PRStatus (*callback)(NSSCertificate *c, void *arg), - void *arg -) +NSSTrustDomain_TraverseCertificates( + NSSTrustDomain *td, + PRStatus (*callback)(NSSCertificate *c, void *arg), + void *arg) { NSSToken *token = NULL; NSSSlot **slots = NULL; @@ -1001,40 +956,40 @@ NSSTrustDomain_TraverseCertificates ( nssList *certList; certList = nssList_Create(NULL, PR_FALSE); - if (!certList) - return NULL; + if (!certList) + return NULL; (void)nssTrustDomain_GetCertsFromCache(td, certList); cached = get_certs_from_list(certList); collection = nssCertificateCollection_Create(td, cached); nssCertificateArray_Destroy(cached); nssList_Destroy(certList); if (!collection) { - return (PRStatus *)NULL; + return (PRStatus *)NULL; } /* obtain the current set of active slots in the trust domain */ slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); if (!slots) { - goto loser; + goto loser; } /* iterate over the slots */ for (slotp = slots; *slotp; slotp++) { - /* get the token for the slot, if present */ - token = nssSlot_GetToken(*slotp); - if (token) { - nssSession *session; - nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - /* get a session for the token */ - session = nssTrustDomain_GetSessionForToken(td, token); - if (session) { - /* perform the traversal */ - (void)nssToken_TraverseCertificates(token, - session, - tokenOnly, - collector, - collection); - } - nssToken_Destroy(token); - } + /* get the token for the slot, if present */ + token = nssSlot_GetToken(*slotp); + if (token) { + nssSession *session; + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + /* get a session for the token */ + session = nssTrustDomain_GetSessionForToken(td, token); + if (session) { + /* perform the traversal */ + (void)nssToken_TraverseCertificates(token, + session, + tokenOnly, + collector, + collection); + } + nssToken_Destroy(token); + } } /* Traverse the collection */ @@ -1043,20 +998,18 @@ NSSTrustDomain_TraverseCertificates ( (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback); loser: if (slots) { - nssSlotArray_Destroy(slots); + nssSlotArray_Destroy(slots); } if (collection) { - nssPKIObjectCollection_Destroy(collection); + nssPKIObjectCollection_Destroy(collection); } return NULL; } - NSS_IMPLEMENT NSSTrust * -nssTrustDomain_FindTrustForCertificate ( - NSSTrustDomain *td, - NSSCertificate *c -) +nssTrustDomain_FindTrustForCertificate( + NSSTrustDomain *td, + NSSCertificate *c) { NSSSlot **slots; NSSSlot **slotp; @@ -1066,50 +1019,49 @@ nssTrustDomain_FindTrustForCertificate ( nssUpdateLevel updateLevel; slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); if (!slots) { - return (NSSTrust *)NULL; + return (NSSTrust *)NULL; } for (slotp = slots; *slotp; slotp++) { - NSSToken *token = nssSlot_GetToken(*slotp); - - if (token) { - to = nssToken_FindTrustForCertificate(token, NULL, - &c->encoding, - &c->issuer, - &c->serial, - nssTokenSearchType_TokenOnly); - if (to) { - PRStatus status; - if (!pkio) { - pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock); - status = pkio ? PR_SUCCESS : PR_FAILURE; - } else { - status = nssPKIObject_AddInstance(pkio, to); - } - if (status != PR_SUCCESS) { - nssCryptokiObject_Destroy(to); - } - } - nssToken_Destroy(token); - } + NSSToken *token = nssSlot_GetToken(*slotp); + + if (token) { + to = nssToken_FindTrustForCertificate(token, NULL, + &c->encoding, + &c->issuer, + &c->serial, + nssTokenSearchType_TokenOnly); + if (to) { + PRStatus status; + if (!pkio) { + pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock); + status = pkio ? PR_SUCCESS : PR_FAILURE; + } else { + status = nssPKIObject_AddInstance(pkio, to); + } + if (status != PR_SUCCESS) { + nssCryptokiObject_Destroy(to); + } + } + nssToken_Destroy(token); + } } if (pkio) { - rvt = nssTrust_Create(pkio, &c->encoding); - if (rvt) { - pkio = NULL; /* rvt object now owns the pkio reference */ - } + rvt = nssTrust_Create(pkio, &c->encoding); + if (rvt) { + pkio = NULL; /* rvt object now owns the pkio reference */ + } } nssSlotArray_Destroy(slots); if (pkio) { - nssPKIObject_Destroy(pkio); + nssPKIObject_Destroy(pkio); } return rvt; } NSS_IMPLEMENT NSSCRL ** -nssTrustDomain_FindCRLsBySubject ( - NSSTrustDomain *td, - NSSDER *subject -) +nssTrustDomain_FindCRLsBySubject( + NSSTrustDomain *td, + NSSDER *subject) { NSSSlot **slots; NSSSlot **slotp; @@ -1119,35 +1071,35 @@ nssTrustDomain_FindCRLsBySubject ( NSSCRL **rvCRLs = NULL; collection = nssCRLCollection_Create(td, NULL); if (!collection) { - return (NSSCRL **)NULL; + return (NSSCRL **)NULL; } slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); if (!slots) { - goto loser; + goto loser; } for (slotp = slots; *slotp; slotp++) { - token = nssSlot_GetToken(*slotp); - if (token) { - PRStatus status = PR_FAILURE; - nssSession *session; - nssCryptokiObject **instances = NULL; - nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - - /* get a session for the token */ - session = nssTrustDomain_GetSessionForToken(td, token); - if (session) { - /* perform the traversal */ - instances = nssToken_FindCRLsBySubject(token, session, subject, - tokenOnly, 0, &status); - } - nssToken_Destroy(token); - if (status == PR_SUCCESS) { - /* add the found CRL's to the collection */ - status = nssPKIObjectCollection_AddInstances(collection, - instances, 0); - } - nss_ZFreeIf(instances); - } + token = nssSlot_GetToken(*slotp); + if (token) { + PRStatus status = PR_FAILURE; + nssSession *session; + nssCryptokiObject **instances = NULL; + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + + /* get a session for the token */ + session = nssTrustDomain_GetSessionForToken(td, token); + if (session) { + /* perform the traversal */ + instances = nssToken_FindCRLsBySubject(token, session, subject, + tokenOnly, 0, &status); + } + nssToken_Destroy(token); + if (status == PR_SUCCESS) { + /* add the found CRL's to the collection */ + status = nssPKIObjectCollection_AddInstances(collection, + instances, 0); + } + nss_ZFreeIf(instances); + } } rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL); loser: @@ -1157,93 +1109,84 @@ loser: } NSS_IMPLEMENT PRStatus -NSSTrustDomain_GenerateKeyPair ( - NSSTrustDomain *td, - NSSAlgorithmAndParameters *ap, - NSSPrivateKey **pvkOpt, - NSSPublicKey **pbkOpt, - PRBool privateKeyIsSensitive, - NSSToken *destination, - NSSCallback *uhhOpt -) +NSSTrustDomain_GenerateKeyPair( + NSSTrustDomain *td, + NSSAlgorithmAndParameters *ap, + NSSPrivateKey **pvkOpt, + NSSPublicKey **pbkOpt, + PRBool privateKeyIsSensitive, + NSSToken *destination, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return PR_FAILURE; } NSS_IMPLEMENT NSSSymmetricKey * -NSSTrustDomain_GenerateSymmetricKey ( - NSSTrustDomain *td, - NSSAlgorithmAndParameters *ap, - PRUint32 keysize, - NSSToken *destination, - NSSCallback *uhhOpt -) +NSSTrustDomain_GenerateSymmetricKey( + NSSTrustDomain *td, + NSSAlgorithmAndParameters *ap, + PRUint32 keysize, + NSSToken *destination, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSTrustDomain_GenerateSymmetricKeyFromPassword ( - NSSTrustDomain *td, - NSSAlgorithmAndParameters *ap, - NSSUTF8 *passwordOpt, /* if null, prompt */ - NSSToken *destinationOpt, - NSSCallback *uhhOpt -) +NSSTrustDomain_GenerateSymmetricKeyFromPassword( + NSSTrustDomain *td, + NSSAlgorithmAndParameters *ap, + NSSUTF8 *passwordOpt, /* if null, prompt */ + NSSToken *destinationOpt, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSSymmetricKey * -NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID ( - NSSTrustDomain *td, - NSSOID *algorithm, - NSSItem *keyID, - NSSCallback *uhhOpt -) +NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID( + NSSTrustDomain *td, + NSSOID *algorithm, + NSSItem *keyID, + NSSCallback *uhhOpt) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCryptoContext * -nssTrustDomain_CreateCryptoContext ( - NSSTrustDomain *td, - NSSCallback *uhhOpt -) +nssTrustDomain_CreateCryptoContext( + NSSTrustDomain *td, + NSSCallback *uhhOpt) { return nssCryptoContext_Create(td, uhhOpt); } NSS_IMPLEMENT NSSCryptoContext * -NSSTrustDomain_CreateCryptoContext ( - NSSTrustDomain *td, - NSSCallback *uhhOpt -) +NSSTrustDomain_CreateCryptoContext( + NSSTrustDomain *td, + NSSCallback *uhhOpt) { return nssTrustDomain_CreateCryptoContext(td, uhhOpt); } NSS_IMPLEMENT NSSCryptoContext * -NSSTrustDomain_CreateCryptoContextForAlgorithm ( - NSSTrustDomain *td, - NSSOID *algorithm -) +NSSTrustDomain_CreateCryptoContextForAlgorithm( + NSSTrustDomain *td, + NSSOID *algorithm) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } NSS_IMPLEMENT NSSCryptoContext * -NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters ( - NSSTrustDomain *td, - NSSAlgorithmAndParameters *ap -) +NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters( + NSSTrustDomain *td, + NSSAlgorithmAndParameters *ap) { nss_SetError(NSS_ERROR_NOT_FOUND); return NULL; } - |