CERTCertTrust *
nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc)
{
CERTCertTrust *rvTrust = NULL;
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
NSSTrust *t;
t = nssTrustDomain_FindTrustForCertificate(td, c);
if (t) {
rvTrust = cert_trust_from_stan_trust(t, cc->arena);
if (!rvTrust) {
nssTrust_Destroy(t);
return NULL;
}
nssTrust_Destroy(t);
} else {
rvTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust));
if (!rvTrust) {
return NULL;
}
memset(rvTrust, 0, sizeof(*rvTrust));
}
if (NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL)) {
rvTrust->sslFlags |= CERTDB_USER;
rvTrust->emailFlags |= CERTDB_USER;
rvTrust->objectSigningFlags |= CERTDB_USER;
}
return rvTrust;
}
static PRStatus
CollectNicknames( NSSCertificate *c, void *data)
{
CERTCertNicknames *names;
PRBool saveit = PR_FALSE;
stringNode *node;
int len;
#ifdef notdef
NSSTrustDomain *td;
NSSTrust *trust;
#endif
char *stanNickname;
char *nickname = NULL;
names = (CERTCertNicknames *)data;
stanNickname = nssCertificate_GetNickname(c,NULL);
if ( stanNickname ) {
nss_ZFreeIf(stanNickname);
stanNickname = NULL;
if (names->what == SEC_CERT_NICKNAMES_USER) {
saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL);
}
#ifdef notdef
else {
td = NSSCertificate_GetTrustDomain(c);
if (!td) {
return PR_SUCCESS;
}
trust = nssTrustDomain_FindTrustForCertificate(td,c);
switch(names->what) {
case SEC_CERT_NICKNAMES_ALL:
if ((trust->sslFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
(trust->emailFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
(trust->objectSigningFlags &
(CERTDB_VALID_CA|CERTDB_VALID_PEER))) {
saveit = PR_TRUE;
}
break;
case SEC_CERT_NICKNAMES_SERVER:
if ( trust->sslFlags & CERTDB_VALID_PEER ) {
saveit = PR_TRUE;
}
break;
case SEC_CERT_NICKNAMES_CA:
if (((trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA)||
((trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA) ||
((trust->objectSigningFlags & CERTDB_VALID_CA )
== CERTDB_VALID_CA)) {
saveit = PR_TRUE;
}
break;
}
}
#endif
}
/* traverse the list of collected nicknames and make sure we don't make
* a duplicate
*/
if ( saveit ) {
nickname = STAN_GetCERTCertificateName(NULL, c);
/* nickname can only be NULL here if we are having memory
* alloc problems */
if (nickname == NULL) {
return PR_FAILURE;
}
node = (stringNode *)names->head;
while ( node != NULL ) {
if ( PORT_Strcmp(nickname, node->string) == 0 ) {
/* if the string matches, then don't save this one */
saveit = PR_FALSE;
break;
}
node = node->next;
}
}
if ( saveit ) {
/* allocate the node */
node = (stringNode*)PORT_ArenaAlloc(names->arena, sizeof(stringNode));
if ( node == NULL ) {
PORT_Free(nickname);
return PR_FAILURE;
}
/* copy the string */
len = PORT_Strlen(nickname) + 1;
node->string = (char*)PORT_ArenaAlloc(names->arena, len);
if ( node->string == NULL ) {
PORT_Free(nickname);
return PR_FAILURE;
}
PORT_Memcpy(node->string, nickname, len);
/* link it into the list */
node->next = (stringNode *)names->head;
names->head = (void *)node;
/* bump the count */
names->numnicknames++;
}
if (nickname) PORT_Free(nickname);
return(PR_SUCCESS);
}
