CERTCertNicknames *
CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
{
PLArenaPool *arena;
CERTCertNicknames *names;
int i;
stringNode *node;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return (NULL);
}
names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
if (names == NULL) {
goto loser;
}
names->arena = arena;
names->head = NULL;
names->numnicknames = 0;
names->nicknames = NULL;
names->what = what;
names->totallen = 0;
/* make sure we are logged in */
(void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
NSSTrustDomain_TraverseCertificates(handle,
CollectNicknames, (void *)names);
if (names->numnicknames) {
names->nicknames = (char **)PORT_ArenaAlloc(arena,
names->numnicknames *
sizeof(char *));
if (names->nicknames == NULL) {
goto loser;
}
node = (stringNode *)names->head;
for (i = 0; i < names->numnicknames; i++) {
PORT_Assert(node != NULL);
names->nicknames[i] = node->string;
names->totallen += PORT_Strlen(node->string);
node = node->next;
}
PORT_Assert(node == NULL);
}
return (names);
loser:
PORT_FreeArena(arena, PR_FALSE);
return (NULL);
}
/*
* Return a list of all the CRLs .
* CRLs are allocated in the list's arena.
*/
SECStatus
PK11_LookupCrls(CERTCrlHeadNode *nodes, int type, void *wincx) {
pk11TraverseSlot creater;
CK_ATTRIBUTE theTemplate[2];
CK_ATTRIBUTE *attrs;
CK_OBJECT_CLASS certClass = CKO_NETSCAPE_CRL;
CK_BBOOL isKrl = CK_FALSE;
attrs = theTemplate;
PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass)); attrs++;
if (type != -1) {
isKrl = (CK_BBOOL) (type == SEC_KRL_TYPE);
PK11_SETATTRS(attrs, CKA_NETSCAPE_KRL, &isKrl, sizeof(isKrl)); attrs++;
}
creater.callback = pk11_CollectCrls;
creater.callbackArg = (void *) nodes;
creater.findTemplate = theTemplate;
creater.templateCount = (attrs - theTemplate);
return pk11_TraverseAllSlots(PK11_TraverseSlot, &creater, PR_FALSE, wincx);
}
/*
* Return a list of CRLs matching specified issuer and type
* CRLs are not allocated in the list's arena, but rather in their own,
* arena, so that they can be used individually in the CRL cache .
* CRLs are always partially decoded for efficiency.
*/
SECStatus pk11_RetrieveCrls(CERTCrlHeadNode *nodes, SECItem* issuer,
void *wincx)
{
pk11TraverseSlot creater;
CK_ATTRIBUTE theTemplate[2];
CK_ATTRIBUTE *attrs;
CK_OBJECT_CLASS crlClass = CKO_NETSCAPE_CRL;
crlOptions options;
attrs = theTemplate;
PK11_SETATTRS(attrs, CKA_CLASS, &crlClass, sizeof(crlClass)); attrs++;
options.head = nodes;
/* - do a partial decoding - we don't need to decode the entries while
fetching
- don't copy the DER for optimal performance - CRL can be very large
- have the CRL objects adopt the DER, so SEC_DestroyCrl will free it
- keep bad CRL objects. The CRL cache is interested in them, for
security purposes. Bad CRL objects are a sign of something amiss.
*/
options.decodeOptions = CRL_DECODE_SKIP_ENTRIES | CRL_DECODE_DONT_COPY_DER |
CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_KEEP_BAD_CRL;
if (issuer)
{
PK11_SETATTRS(attrs, CKA_SUBJECT, issuer->data, issuer->len); attrs++;
}
creater.callback = pk11_RetrieveCrlsCallback;
creater.callbackArg = (void *) &options;
creater.findTemplate = theTemplate;
creater.templateCount = (attrs - theTemplate);
return pk11_TraverseAllSlots(PK11_TraverseSlot, &creater, PR_FALSE, wincx);
}
