NSS_IMPLEMENT NSSCertificate * NSSCryptoContext_FindBestCertificateByEmail ( NSSCryptoContext *cc, NSSASCII7 *email, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt ) { NSSCertificate **certs; NSSCertificate *rvCert = NULL; PORT_Assert(cc->certStore); if (!cc->certStore) { return NULL; } certs = nssCertificateStore_FindCertificatesByEmail(cc->certStore, email, NULL, 0, NULL); if (certs) { rvCert = nssCertificateArray_FindBestCertificate(certs, timeOpt, usage, policiesOpt); nssCertificateArray_Destroy(certs); } return rvCert; }
NSS_IMPLEMENT NSSCertificate * NSSCryptoContext_FindBestCertificateByNickname ( NSSCryptoContext *cc, const NSSUTF8 *name, NSSTime *timeOpt, /* NULL for "now" */ NSSUsage *usage, NSSPolicies *policiesOpt /* NULL for none */ ) { NSSCertificate **certs; NSSCertificate *rvCert = NULL; PORT_Assert(cc->certStore); if (!cc->certStore) { return NULL; } certs = nssCertificateStore_FindCertificatesByNickname(cc->certStore, name, NULL, 0, NULL); if (certs) { rvCert = nssCertificateArray_FindBestCertificate(certs, timeOpt, usage, policiesOpt); nssCertificateArray_Destroy(certs); } return rvCert; }
static NSSCertificate * find_cert_issuer ( NSSCertificate *c, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, NSSTrustDomain *td, NSSCryptoContext *cc ) { NSSArena *arena; NSSCertificate **certs = NULL; NSSCertificate **ccIssuers = NULL; NSSCertificate **tdIssuers = NULL; NSSCertificate *issuer = NULL; if (!cc) cc = c->object.cryptoContext; if (!td) td = NSSCertificate_GetTrustDomain(c); arena = nssArena_Create(); if (!arena) { return (NSSCertificate *)NULL; } if (cc) { ccIssuers = nssCryptoContext_FindCertificatesBySubject(cc, &c->issuer, NULL, 0, arena); } if (td) tdIssuers = nssTrustDomain_FindCertificatesBySubject(td, &c->issuer, NULL, 0, arena); certs = nssCertificateArray_Join(ccIssuers, tdIssuers); if (certs) { nssDecodedCert *dc = NULL; void *issuerID = NULL; dc = nssCertificate_GetDecoding(c); if (dc) { issuerID = dc->getIssuerIdentifier(dc); } /* XXX review based on CERT_FindCertIssuer * this function is not using the authCertIssuer field as a fallback * if authority key id does not exist */ if (issuerID) { certs = filter_subject_certs_for_id(certs, issuerID); } certs = filter_certs_for_valid_issuers(certs); issuer = nssCertificateArray_FindBestCertificate(certs, timeOpt, usage, policiesOpt); nssCertificateArray_Destroy(certs); } nssArena_Destroy(arena); return issuer; }
CERTCertList * CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle, const SECItem *name, PRTime sorttime, PRBool validOnly) { NSSCryptoContext *cc; NSSCertificate **tSubjectCerts, **pSubjectCerts; NSSCertificate **ci; CERTCertificate *cert; NSSDER subject; PRBool myList = PR_FALSE; cc = STAN_GetDefaultCryptoContext(); NSSITEM_FROM_SECITEM(&subject, name); /* Collect both temp and perm certs for the subject */ tSubjectCerts = NSSCryptoContext_FindCertificatesBySubject(cc, &subject, NULL, 0, NULL); pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle, &subject, NULL, 0, NULL); if (!tSubjectCerts && !pSubjectCerts) { return NULL; } if (certList == NULL) { certList = CERT_NewCertList(); myList = PR_TRUE; if (!certList) goto loser; } /* Iterate over the matching temp certs. Add them to the list */ ci = tSubjectCerts; while (ci && *ci) { cert = STAN_GetCERTCertificateOrRelease(*ci); /* *ci may be invalid at this point, don't reference it again */ if (cert) { /* NOTE: add_to_subject_list adopts the incoming cert. */ add_to_subject_list(certList, cert, validOnly, sorttime); } ci++; } /* Iterate over the matching perm certs. Add them to the list */ ci = pSubjectCerts; while (ci && *ci) { cert = STAN_GetCERTCertificateOrRelease(*ci); /* *ci may be invalid at this point, don't reference it again */ if (cert) { /* NOTE: add_to_subject_list adopts the incoming cert. */ add_to_subject_list(certList, cert, validOnly, sorttime); } ci++; } /* all the references have been adopted or freed at this point, just * free the arrays now */ nss_ZFreeIf(tSubjectCerts); nss_ZFreeIf(pSubjectCerts); return certList; loser: /* need to free the references in tSubjectCerts and pSubjectCerts! */ nssCertificateArray_Destroy(tSubjectCerts); nssCertificateArray_Destroy(pSubjectCerts); if (myList && certList != NULL) { CERT_DestroyCertList(certList); } return NULL; }