*/
JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_CryptoManager_findCertByNicknameNative
(JNIEnv *env, jobject this, jstring nickname)
{
char *nick=NULL;
jobject certObject=NULL;
CERTCertificate *cert=NULL;
PK11SlotInfo *slot=NULL;
PR_ASSERT(env!=NULL && this!=NULL && nickname!=NULL);
nick = (char*) (*env)->GetStringUTFChars(env, nickname, NULL);
PR_ASSERT(nick!=NULL);
cert = JSS_PK11_findCertAndSlotFromNickname(nick, NULL, &slot);
if(cert == NULL) {
JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION);
goto finish;
}
certObject = JSS_PK11_wrapCertAndSlot(env, &cert, &slot);
finish:
if(nick != NULL) {
(*env)->ReleaseStringUTFChars(env, nickname, nick);
}
if(cert != NULL) {
CERT_DestroyCertificate(cert);
}
/*
* This callback is called when the peer has request you to send you
* client-auth certificate. You get to pick which one you want
* to send.
*
* Expected return values:
* 0 SECSuccess
* -1 SECFailure - No suitable certificate found.
* -2 SECWouldBlock (we're waiting while we ask the user).
*/
SECStatus
JSSL_CallCertSelectionCallback( void * arg,
PRFileDesc * fd,
CERTDistNames * caNames,
CERTCertificate ** pRetCert,
SECKEYPrivateKey ** pRetKey)
{
CERTCertificate * cert;
PK11SlotInfo * slot;
SECKEYPrivateKey * privkey;
jobject nicknamecallback = (jobject)arg;
SECStatus rv = SECFailure;
CERTCertNicknames * names;
int i;
int count =0;
jclass vectorclass;
jmethodID vectorcons;
jobject vector;
jmethodID vector_add;
jstring nickname_string;
jstring chosen_nickname;
char *chosen_nickname_for_c;
jboolean chosen_nickname_cleanup;
jclass clientcertselectionclass;
jmethodID clientcertselectionclass_select;
JNIEnv *env;
int debug_cc=0;
if((*JSS_javaVM)->AttachCurrentThread(JSS_javaVM, (void**)&env, NULL) != 0){
PR_ASSERT(PR_FALSE);
goto loser;
}
PR_ASSERT(env != NULL);
clientcertselectionclass = (*env)->GetObjectClass(env,nicknamecallback);
clientcertselectionclass_select = (*env)->GetMethodID(
env,
clientcertselectionclass,
"select",
"(Ljava/util/Vector;)Ljava/lang/String;" );
/* get java bits and piece ready to create a new vector */
vectorclass = (*env)->FindClass(
env, "java/util/Vector");
if (debug_cc) { PR_fprintf(PR_STDOUT," got vectorclass: %lx\n",vectorclass); }
vectorcons = (*env)->GetMethodID(
env,
vectorclass,"<init>","()V");
if (debug_cc) { PR_fprintf(PR_STDOUT," got vectorcons: %lx\n",vectorcons); }
vector_add = (*env)->GetMethodID(
env,
vectorclass,
"addElement",
"(Ljava/lang/Object;)V");
if (debug_cc) { PR_fprintf(PR_STDOUT," got vectoradd: %lx\n",vector_add); }
/* create new vector */
vector = (*env)->NewObject( env, vectorclass, vectorcons);
if (debug_cc) { PR_fprintf(PR_STDOUT," got new vector: %lx\n",vector); }
/* next, get a list of all the valid nicknames */
names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
SEC_CERT_NICKNAMES_USER, NULL /*pinarg*/);
if (names != NULL) {
for (i = 0; i < names->numnicknames; i++) {
if (debug_cc) { PR_fprintf(PR_STDOUT,"checking nn: %s\n",names->nicknames[i]); }
cert = JSS_PK11_findCertAndSlotFromNickname(
names->nicknames[i],
NULL /*pinarg*/,
&slot);
if ( !cert )
continue;
/* Only check unexpired certs */
if ( CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE /*allowOverride*/)
!= secCertTimeValid ) {
if (debug_cc) { PR_fprintf(PR_STDOUT," not valid\n"); }
CERT_DestroyCertificate(cert);
PK11_FreeSlot(slot);
continue;
}
rv = secCmpCertChainWCANames(cert, caNames);
if ( rv == SECSuccess ) {
if (debug_cc) { PR_fprintf(PR_STDOUT," matches ca name\n"); }
privkey = PK11_FindPrivateKeyFromCert(slot, cert, NULL /*pinarg*/);
/* just test if we have the private key */
if ( privkey ) {
count++;
if (debug_cc) { PR_fprintf(PR_STDOUT," found privkey\n"); }
SECKEY_DestroyPrivateKey(privkey);
/* if we have, then this nickname has passed all the
tests necessary to put it in the list */
nickname_string = (*env)->NewStringUTF(env,
names->nicknames[i]);
if (debug_cc) { PR_fprintf(PR_STDOUT," calling vector_add\n"); }
(*env)->CallVoidMethod(env,vector,vector_add,
nickname_string
);
if (debug_cc) { PR_fprintf(PR_STDOUT," back from vector_add\n"); }
}
}
CERT_DestroyCertificate(cert);
PK11_FreeSlot(slot);
}
CERT_FreeNicknames(names);
}
/* okay - so we made a vector of the certs - now call the java
class to figure out which one to send */
chosen_nickname = (*env)->CallObjectMethod(env,nicknamecallback,
clientcertselectionclass_select,
vector
);
if (chosen_nickname == NULL) {
rv = SECFailure;
goto loser;
}
chosen_nickname_for_c = (char*)(*env)->GetStringUTFChars(env,
chosen_nickname,
&chosen_nickname_cleanup);
if (debug_cc) { PR_fprintf(PR_STDOUT," chosen nickname: %s\n",chosen_nickname_for_c); }
cert = JSS_PK11_findCertAndSlotFromNickname(chosen_nickname_for_c,
NULL /*pinarg*/,
&slot);
if (debug_cc) { PR_fprintf(PR_STDOUT," found certificate\n"); }
if (chosen_nickname_cleanup == JNI_TRUE) {
(*env)->ReleaseStringUTFChars(env,
chosen_nickname,
chosen_nickname_for_c);
}
if (cert == NULL) {
rv = SECFailure;
goto loser;
}
privkey = PK11_FindPrivateKeyFromCert(slot, cert, NULL /*pinarg*/);
PK11_FreeSlot(slot);
if ( privkey == NULL ) {
CERT_DestroyCertificate(cert);
rv = SECFailure;
goto loser;
}
if (debug_cc) { PR_fprintf(PR_STDOUT," found privkey. returning\n"); }
*pRetCert = cert;
*pRetKey = privkey;
rv = SECSuccess;
loser:
return rv;
}
