/** * deleteCrl * * Delete a Crl entry from the cert db. */ NS_IMETHODIMP nsCRLManager::DeleteCrl(uint32_t aCrlIndex) { nsNSSShutDownPreventionLock locker; CERTSignedCrl *realCrl = nullptr; CERTCrlHeadNode *head = nullptr; CERTCrlNode *node = nullptr; SECStatus sec_rv; uint32_t i; // Get the list of certs // sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1); if (sec_rv != SECSuccess) { return NS_ERROR_FAILURE; } if (head) { for (i = 0, node=head->first; node; i++, node = node->next) { if (i != aCrlIndex) { continue; } realCrl = SEC_FindCrlByName(CERT_GetDefaultCertDB(), &(node->crl->crl.derName), node->type); SEC_DeletePermCRL(realCrl); SEC_DestroyCrl(realCrl); SSL_ClearSessionCache(); } PORT_FreeArena(head->arena, false); } return NS_OK; }
static CERTSignedCrl * FindCRL(CERTCertDBHandle *certHandle, char *name, int type) { CERTSignedCrl *crl = NULL; CERTCertificate *cert = NULL; SECItem derName; derName.data = NULL; derName.len = 0; cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, name); if (!cert) { CERTName *certName = NULL; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; certName = CERT_AsciiToName(name); if (certName) { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena) { SECItem *nameItem = SEC_ASN1EncodeItem(arena, NULL, (void *)certName, SEC_ASN1_GET(CERT_NameTemplate)); if (nameItem) { rv = SECITEM_CopyItem(NULL, &derName, nameItem); } PORT_FreeArena(arena, PR_FALSE); } CERT_DestroyName(certName); } if (rv != SECSuccess) { SECU_PrintError(progName, "SECITEM_CopyItem failed, out of memory"); return ((CERTSignedCrl *)NULL); } if (!derName.len || !derName.data) { SECU_PrintError(progName, "could not find certificate named '%s'", name); return ((CERTSignedCrl *)NULL); } } else { SECITEM_CopyItem(NULL, &derName, &cert->derSubject); CERT_DestroyCertificate(cert); } crl = SEC_FindCrlByName(certHandle, &derName, type); if (crl == NULL) SECU_PrintError(progName, "could not find %s's CRL", name); if (derName.data) { SECITEM_FreeItem(&derName, PR_FALSE); } return (crl); }
static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls) { CERTCrlHeadNode *crlList = NULL; CERTCrlNode *crlNode = NULL; CERTName *name = NULL; PLArenaPool *arena = NULL; SECStatus rv; do { arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); if (arena == NULL) { fprintf(stderr, "%s: fail to allocate memory\n", progName); break; } name = PORT_ArenaZAlloc (arena, sizeof(*name)); if (name == NULL) { fprintf(stderr, "%s: fail to allocate memory\n", progName); break; } name->arena = arena; rv = SEC_LookupCrls (certHandle, &crlList, crlType); if (rv != SECSuccess) { fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName, SECU_Strerror(PORT_GetError())); break; } /* just in case */ if (!crlList) break; crlNode = crlList->first; fprintf (stdout, "\n"); fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type"); while (crlNode) { char* asciiname = NULL; CERTCertificate *cert = NULL; if (crlNode->crl && &crlNode->crl->crl.derName) { cert = CERT_FindCertByName(certHandle, &crlNode->crl->crl.derName); if (!cert) { SECU_PrintError(progName, "could not find signing " "certificate in database"); } } if (cert) { char* certName = NULL; if (cert->nickname && PORT_Strlen(cert->nickname) > 0) { certName = cert->nickname; } else if (cert->emailAddr && PORT_Strlen(cert->emailAddr) > 0) { certName = cert->emailAddr; } if (certName) { asciiname = PORT_Strdup(certName); } CERT_DestroyCertificate(cert); } if (!asciiname) { name = &crlNode->crl->crl.name; if (!name){ SECU_PrintError(progName, "fail to get the CRL " "issuer name"); continue; } asciiname = CERT_NameToAscii(name); } fprintf (stdout, "%-40s %-5s\n", asciiname, "CRL"); if (asciiname) { PORT_Free(asciiname); } if ( PR_TRUE == deletecrls) { CERTSignedCrl* acrl = NULL; SECItem* issuer = &crlNode->crl->crl.derName; acrl = SEC_FindCrlByName(certHandle, issuer, crlType); if (acrl) { SEC_DeletePermCRL(acrl); SEC_DestroyCrl(acrl); } } crlNode = crlNode->next; } } while (0); if (crlList) PORT_FreeArena (crlList->arena, PR_FALSE); PORT_FreeArena (arena, PR_FALSE); }