CERTCertNicknames * CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx) { PLArenaPool *arena; CERTCertNicknames *names; int i; stringNode *node; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { PORT_SetError(SEC_ERROR_NO_MEMORY); return (NULL); } names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames)); if (names == NULL) { goto loser; } names->arena = arena; names->head = NULL; names->numnicknames = 0; names->nicknames = NULL; names->what = what; names->totallen = 0; /* make sure we are logged in */ (void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx); NSSTrustDomain_TraverseCertificates(handle, CollectNicknames, (void *)names); if (names->numnicknames) { names->nicknames = (char **)PORT_ArenaAlloc(arena, names->numnicknames * sizeof(char *)); if (names->nicknames == NULL) { goto loser; } node = (stringNode *)names->head; for (i = 0; i < names->numnicknames; i++) { PORT_Assert(node != NULL); names->nicknames[i] = node->string; names->totallen += PORT_Strlen(node->string); node = node->next; } PORT_Assert(node == NULL); } return (names); loser: PORT_FreeArena(arena, PR_FALSE); return (NULL); }
/* * Return a list of all the CRLs . * CRLs are allocated in the list's arena. */ SECStatus PK11_LookupCrls(CERTCrlHeadNode *nodes, int type, void *wincx) { pk11TraverseSlot creater; CK_ATTRIBUTE theTemplate[2]; CK_ATTRIBUTE *attrs; CK_OBJECT_CLASS certClass = CKO_NETSCAPE_CRL; CK_BBOOL isKrl = CK_FALSE; attrs = theTemplate; PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass)); attrs++; if (type != -1) { isKrl = (CK_BBOOL) (type == SEC_KRL_TYPE); PK11_SETATTRS(attrs, CKA_NETSCAPE_KRL, &isKrl, sizeof(isKrl)); attrs++; } creater.callback = pk11_CollectCrls; creater.callbackArg = (void *) nodes; creater.findTemplate = theTemplate; creater.templateCount = (attrs - theTemplate); return pk11_TraverseAllSlots(PK11_TraverseSlot, &creater, PR_FALSE, wincx); }
/* * Return a list of CRLs matching specified issuer and type * CRLs are not allocated in the list's arena, but rather in their own, * arena, so that they can be used individually in the CRL cache . * CRLs are always partially decoded for efficiency. */ SECStatus pk11_RetrieveCrls(CERTCrlHeadNode *nodes, SECItem* issuer, void *wincx) { pk11TraverseSlot creater; CK_ATTRIBUTE theTemplate[2]; CK_ATTRIBUTE *attrs; CK_OBJECT_CLASS crlClass = CKO_NETSCAPE_CRL; crlOptions options; attrs = theTemplate; PK11_SETATTRS(attrs, CKA_CLASS, &crlClass, sizeof(crlClass)); attrs++; options.head = nodes; /* - do a partial decoding - we don't need to decode the entries while fetching - don't copy the DER for optimal performance - CRL can be very large - have the CRL objects adopt the DER, so SEC_DestroyCrl will free it - keep bad CRL objects. The CRL cache is interested in them, for security purposes. Bad CRL objects are a sign of something amiss. */ options.decodeOptions = CRL_DECODE_SKIP_ENTRIES | CRL_DECODE_DONT_COPY_DER | CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_KEEP_BAD_CRL; if (issuer) { PK11_SETATTRS(attrs, CKA_SUBJECT, issuer->data, issuer->len); attrs++; } creater.callback = pk11_RetrieveCrlsCallback; creater.callbackArg = (void *) &options; creater.findTemplate = theTemplate; creater.templateCount = (attrs - theTemplate); return pk11_TraverseAllSlots(PK11_TraverseSlot, &creater, PR_FALSE, wincx); }