nsresult
nsCertTree::GetCertsByType(PRUint32 aType,
nsCertCompareFunc aCertCmpFn,
void *aCertCmpFnArg)
{
nsNSSShutDownPreventionLock locker;
CERTCertList *certList = NULL;
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
certList = PK11_ListCerts(PK11CertListUnique, cxt);
nsresult rv = GetCertsByTypeFromCertList(certList, aType, aCertCmpFn, aCertCmpFnArg);
if (certList)
CERT_DestroyCertList(certList);
return rv;
}
NS_IMETHODIMP
nsNSSCertificateDB::GetCerts(nsIX509CertList **_retval)
{
CERTCertList *certList;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
nsCOMPtr<nsIX509CertList> nssCertList;
certList = PK11_ListCerts(PK11CertListUnique, ctx);
// nsNSSCertList 1) adopts certList, and 2) handles the NULL case fine.
// (returns an empty list)
nssCertList = new nsNSSCertList(certList, PR_TRUE);
if (!nssCertList) { return NS_ERROR_OUT_OF_MEMORY; }
*_retval = nssCertList;
NS_ADDREF(*_retval);
return NS_OK;
}
NS_IMETHODIMP
nsNSSCertificateDB::FindCertNicknames(nsISupports *aToken,
PRUint32 aType,
PRUint32 *_count,
PRUnichar ***_certNames)
{
nsNSSShutDownPreventionLock locker;
nsresult rv = NS_ERROR_FAILURE;
/*
* obtain the cert list from NSS
*/
CERTCertList *certList = NULL;
PK11CertListType pk11type;
#if 0
// this would seem right, but it didn't work...
// oh, I know why - bonks out on internal slot certs
if (aType == nsIX509Cert::USER_CERT)
pk11type = PK11CertListUser;
else
#endif
pk11type = PK11CertListUnique;
certList = PK11_ListCerts(pk11type, NULL);
if (!certList)
goto cleanup;
/*
* get list of cert names from list of certs
* XXX also cull the list (NSS only distinguishes based on user/non-user
*/
getCertNames(certList, aType, _count, _certNames);
rv = NS_OK;
/*
* finish up
*/
cleanup:
if (certList)
CERT_DestroyCertList(certList);
return rv;
}
NS_IMETHODIMP nsCertPicker::PickByUsage(nsIInterfaceRequestor *ctx,
const PRUnichar *selectedNickname,
PRInt32 certUsage,
bool allowInvalid,
bool allowDuplicateNicknames,
bool *canceled,
nsIX509Cert **_retval)
{
nsNSSShutDownPreventionLock locker;
PRInt32 selectedIndex = -1;
bool selectionFound = false;
PRUnichar **certNicknameList = nsnull;
PRUnichar **certDetailsList = nsnull;
CERTCertListNode* node = nsnull;
nsresult rv = NS_OK;
{
// Iterate over all certs. This assures that user is logged in to all hardware tokens.
CERTCertList *allcerts = nsnull;
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
allcerts = PK11_ListCerts(PK11CertListUnique, ctx);
CERT_DestroyCertList(allcerts);
}
/* find all user certs that are valid and for SSL */
/* note that we are allowing expired certs in this list */
CERTCertList *certList =
CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
(SECCertUsage)certUsage,
!allowDuplicateNicknames,
!allowInvalid,
ctx);
CERTCertListCleaner clc(certList);
if (!certList) {
return NS_ERROR_NOT_AVAILABLE;
}
CERTCertNicknames *nicknames = getNSSCertNicknamesFromCertList(certList);
CERTCertNicknamesCleaner cnc(nicknames);
if (!nicknames) {
return NS_ERROR_NOT_AVAILABLE;
}
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
certDetailsList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
if (!certNicknameList || !certDetailsList) {
nsMemory::Free(certNicknameList);
nsMemory::Free(certDetailsList);
return NS_ERROR_OUT_OF_MEMORY;
}
PRInt32 CertsToUse;
for (CertsToUse = 0, node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList) && CertsToUse < nicknames->numnicknames;
node = CERT_LIST_NEXT(node)
)
{
nsNSSCertificate *tempCert = nsNSSCertificate::Create(node->cert);
if (tempCert) {
// XXX we really should be using an nsCOMPtr instead of manually add-refing,
// but nsNSSCertificate does not have a default constructor.
NS_ADDREF(tempCert);
nsAutoString i_nickname(NS_ConvertUTF8toUTF16(nicknames->nicknames[CertsToUse]));
nsAutoString nickWithSerial;
nsAutoString details;
if (!selectionFound) {
if (i_nickname == nsDependentString(selectedNickname)) {
selectedIndex = CertsToUse;
selectionFound = PR_TRUE;
}
}
if (NS_SUCCEEDED(tempCert->FormatUIStrings(i_nickname, nickWithSerial, details))) {
certNicknameList[CertsToUse] = ToNewUnicode(nickWithSerial);
certDetailsList[CertsToUse] = ToNewUnicode(details);
}
else {
certNicknameList[CertsToUse] = nsnull;
certDetailsList[CertsToUse] = nsnull;
}
NS_RELEASE(tempCert);
++CertsToUse;
}
}
if (CertsToUse) {
nsICertPickDialogs *dialogs = nsnull;
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsICertPickDialogs),
NS_CERTPICKDIALOGS_CONTRACTID);
if (NS_SUCCEEDED(rv)) {
nsPSMUITracker tracker;
if (tracker.isUIForbidden()) {
rv = NS_ERROR_NOT_AVAILABLE;
}
else {
/* Throw up the cert picker dialog and get back the index of the selected cert */
rv = dialogs->PickCertificate(ctx,
(const PRUnichar**)certNicknameList, (const PRUnichar**)certDetailsList,
CertsToUse, &selectedIndex, canceled);
}
NS_RELEASE(dialogs);
}
}
PRInt32 i;
for (i = 0; i < CertsToUse; ++i) {
nsMemory::Free(certNicknameList[i]);
nsMemory::Free(certDetailsList[i]);
}
nsMemory::Free(certNicknameList);
nsMemory::Free(certDetailsList);
if (!CertsToUse) {
return NS_ERROR_NOT_AVAILABLE;
}
if (NS_SUCCEEDED(rv) && !*canceled) {
for (i = 0, node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
++i, node = CERT_LIST_NEXT(node)) {
if (i == selectedIndex) {
nsNSSCertificate *cert = nsNSSCertificate::Create(node->cert);
if (!cert) {
rv = NS_ERROR_OUT_OF_MEMORY;
break;
}
nsIX509Cert *x509 = 0;
nsresult rv = cert->QueryInterface(NS_GET_IID(nsIX509Cert), (void**)&x509);
if (NS_FAILED(rv)) {
break;
}
NS_ADDREF(x509);
*_retval = x509;
NS_RELEASE(cert);
break;
}
}
}
return rv;
}
static int
nss_cmd_list_cert(NSS_CTX *ctx, long i) {
int ret = 0;
BIO *out = NULL;
void *wincx = NULL;
CERTCertList *list;
CERTCertListNode *node;
PK11CertListType type;
CALL_TRACE("nss_cmd_list_cert: %ld\n", i);
if (ctx == NULL) {
NSSerr(NSS_F_CMD_LIST_CERT, NSS_R_INVALID_ARGUMENT);
goto done;
}
if (!NSS_IsInitialized()) {
NSSerr(NSS_F_CMD_LIST_CERT, NSS_R_DB_IS_NOT_INITIALIZED);
goto done;
}
#if 0
softoken/secmodt.h: PK11CertListUnique = 0, /* get one instance of all certs */
softoken/secmodt.h: PK11CertListUser = 1, /* get all instances of user certs */
softoken/secmodt.h: PK11CertListRootUnique = 2, /* get one instance of CA certs without a private key. */
softoken/secmodt.h: PK11CertListCA = 3, /* get all instances of CA certs */
softoken/secmodt.h: PK11CertListCAUnique = 4, /* get one instance of CA certs */
softoken/secmodt.h: PK11CertListUserUnique = 5, /* get one instance of user certs */
softoken/secmodt.h: PK11CertListAll = 6 /* get all instances of all certs */
#endif
switch (i) {
case 1: type = PK11CertListUser; break;
case 2: type = PK11CertListCA ; break;
case 3: type = PK11CertListAll ; break;
default:
goto done;
break;
}
out = BIO_new_fp(stdout, BIO_NOCLOSE);
list = PK11_ListCerts(type, wincx);
for (node = CERT_LIST_HEAD(list);
!CERT_LIST_END(node, list);
node = CERT_LIST_NEXT(node)
) {
CERTCertificate *cert = node->cert;
BIO_printf(out, "nickname='%s'\n" , cert->nickname);
BIO_printf(out, " subject_name='%s'\n", cert->subjectName);
/* NOTE:
* - NSS cut long strings in cert->subjectName (?)
* - RFC 3280 : For UTF8String or UniversalString at least four
* times the upper bound should be allowed.
* => lets perform own output
*/
BIO_printf_CERTName(out, &cert->subject, " ");
BIO_printf(out, " email_addr ='%s'\n", cert->emailAddr);
}
CERT_DestroyCertList(list);
ret = 1;
done:
if (out) BIO_free(out);
return(ret);
}