/**
* deleteCrl
*
* Delete a Crl entry from the cert db.
*/
NS_IMETHODIMP
nsCRLManager::DeleteCrl(uint32_t aCrlIndex)
{
nsNSSShutDownPreventionLock locker;
CERTSignedCrl *realCrl = nullptr;
CERTCrlHeadNode *head = nullptr;
CERTCrlNode *node = nullptr;
SECStatus sec_rv;
uint32_t i;
// Get the list of certs //
sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
if (sec_rv != SECSuccess) {
return NS_ERROR_FAILURE;
}
if (head) {
for (i = 0, node=head->first; node; i++, node = node->next) {
if (i != aCrlIndex) {
continue;
}
realCrl = SEC_FindCrlByName(CERT_GetDefaultCertDB(), &(node->crl->crl.derName), node->type);
SEC_DeletePermCRL(realCrl);
SEC_DestroyCrl(realCrl);
SSL_ClearSessionCache();
}
PORT_FreeArena(head->arena, false);
}
return NS_OK;
}
/**
* getCRLs
*
* Export a set of certs and keys from the database to a PKCS#12 file.
*/
NS_IMETHODIMP
nsCRLManager::GetCrls(nsIArray ** aCrls)
{
nsNSSShutDownPreventionLock locker;
SECStatus sec_rv;
CERTCrlHeadNode *head = nullptr;
CERTCrlNode *node = nullptr;
nsresult rv;
nsCOMPtr<nsIMutableArray> crlsArray =
do_CreateInstance(NS_ARRAY_CONTRACTID, &rv);
if (NS_FAILED(rv)) {
return rv;
}
// Get the list of certs //
sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
if (sec_rv != SECSuccess) {
return NS_ERROR_FAILURE;
}
if (head) {
for (node=head->first; node; node = node->next) {
nsCOMPtr<nsICRLInfo> entry = new nsCRLInfo((node->crl));
crlsArray->AppendElement(entry, false);
}
PORT_FreeArena(head->arena, false);
}
*aCrls = crlsArray;
NS_IF_ADDREF(*aCrls);
return NS_OK;
}
static CERTSignedCrl *get_issuer_crl(CERTCertDBHandle *handle,
CERTCertificate *cert)
{
if (handle == NULL || cert == NULL)
return NULL;
DBG(DBG_X509,
DBG_log("%s : looking for a CRL issued by %s", __FUNCTION__,
cert->issuerName));
/*
* Use SEC_LookupCrls method instead of SEC_FindCrlByName.
* For some reason, SEC_FindCrlByName was giving out bad pointers!
*
* crl = (CERTSignedCrl *)SEC_FindCrlByName(handle, &searchName, SEC_CRL_TYPE);
*/
CERTCrlHeadNode *crl_list = NULL;
if (SEC_LookupCrls(handle, &crl_list, SEC_CRL_TYPE) != SECSuccess) {
return NULL;
}
CERTCrlNode *crl_node = crl_list->first;
CERTSignedCrl *crl = NULL;
while (crl_node != NULL) {
if (crl_node->crl != NULL &&
SECITEM_ItemsAreEqual(&cert->derIssuer,
&crl_node->crl->crl.derName)) {
crl = crl_node->crl;
DBG(DBG_X509,
DBG_log("%s : CRL found", __FUNCTION__));
break;
}
crl_node = crl_node->next;
}
if (crl == NULL) {
PORT_FreeArena(crl_list->arena, PR_FALSE);
}
return crl;
}
static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls)
{
CERTCrlHeadNode *crlList = NULL;
CERTCrlNode *crlNode = NULL;
CERTName *name = NULL;
PLArenaPool *arena = NULL;
SECStatus rv;
do {
arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
if (arena == NULL) {
fprintf(stderr, "%s: fail to allocate memory\n", progName);
break;
}
name = PORT_ArenaZAlloc (arena, sizeof(*name));
if (name == NULL) {
fprintf(stderr, "%s: fail to allocate memory\n", progName);
break;
}
name->arena = arena;
rv = SEC_LookupCrls (certHandle, &crlList, crlType);
if (rv != SECSuccess) {
fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
SECU_Strerror(PORT_GetError()));
break;
}
/* just in case */
if (!crlList)
break;
crlNode = crlList->first;
fprintf (stdout, "\n");
fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
while (crlNode) {
char* asciiname = NULL;
CERTCertificate *cert = NULL;
if (crlNode->crl && &crlNode->crl->crl.derName) {
cert = CERT_FindCertByName(certHandle,
&crlNode->crl->crl.derName);
if (!cert) {
SECU_PrintError(progName, "could not find signing "
"certificate in database");
}
}
if (cert) {
char* certName = NULL;
if (cert->nickname && PORT_Strlen(cert->nickname) > 0) {
certName = cert->nickname;
} else if (cert->emailAddr && PORT_Strlen(cert->emailAddr) > 0) {
certName = cert->emailAddr;
}
if (certName) {
asciiname = PORT_Strdup(certName);
}
CERT_DestroyCertificate(cert);
}
if (!asciiname) {
name = &crlNode->crl->crl.name;
if (!name){
SECU_PrintError(progName, "fail to get the CRL "
"issuer name");
continue;
}
asciiname = CERT_NameToAscii(name);
}
fprintf (stdout, "%-40s %-5s\n", asciiname, "CRL");
if (asciiname) {
PORT_Free(asciiname);
}
if ( PR_TRUE == deletecrls) {
CERTSignedCrl* acrl = NULL;
SECItem* issuer = &crlNode->crl->crl.derName;
acrl = SEC_FindCrlByName(certHandle, issuer, crlType);
if (acrl)
{
SEC_DeletePermCRL(acrl);
SEC_DestroyCrl(acrl);
}
}
crlNode = crlNode->next;
}
} while (0);
if (crlList)
PORT_FreeArena (crlList->arena, PR_FALSE);
PORT_FreeArena (arena, PR_FALSE);
}
