static void
remove_subject_entry (
nssCertificateStore *store,
NSSCertificate *cert
)
{
nssList *subjectList;
/* Get the subject list for the cert's subject */
subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
if (subjectList) {
/* Remove the cert from the subject hash */
nssList_Remove(subjectList, cert);
nssHash_Remove(store->subject, &cert->subject);
if (nssList_Count(subjectList) == 0) {
nssList_Destroy(subjectList);
} else {
/* The cert being released may have keyed the subject entry.
* Since there are still subject certs around, get another and
* rekey the entry just in case.
*/
NSSCertificate *subjectCert;
(void)nssList_GetArray(subjectList, (void **)&subjectCert, 1);
nssHash_Add(store->subject, &subjectCert->subject, subjectList);
}
}
}
static PRStatus
remove_subject_entry (
nssTDCertificateCache *cache,
NSSCertificate *cert,
nssList **subjectList,
NSSUTF8 **nickname,
NSSArena **arena
)
{
PRStatus nssrv;
cache_entry *ce;
*subjectList = NULL;
*arena = NULL;
/* Get the subject list for the cert's subject */
ce = (cache_entry *)nssHash_Lookup(cache->subject, &cert->subject);
if (ce) {
/* Remove the cert from the subject hash */
nssList_Remove(ce->entry.list, cert);
*subjectList = ce->entry.list;
*nickname = ce->nickname;
*arena = ce->arena;
nssrv = PR_SUCCESS;
#ifdef DEBUG_CACHE
log_cert_ref("removed cert", cert);
log_item_dump("from subject list", &cert->subject);
#endif
} else {
nssrv = PR_FAILURE;
}
return nssrv;
}
static PRStatus
add_subject_entry (
nssCertificateStore *store,
NSSCertificate *cert
)
{
PRStatus nssrv;
nssList *subjectList;
subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
if (subjectList) {
/* The subject is already in, add this cert to the list */
nssrv = nssList_AddUnique(subjectList, cert);
} else {
/* Create a new subject list for the subject */
subjectList = nssList_Create(NULL, PR_FALSE);
if (!subjectList) {
return PR_FAILURE;
}
nssList_SetSortFunction(subjectList, nssCertificate_SubjectListSort);
/* Add the cert entry to this list of subjects */
nssrv = nssList_Add(subjectList, cert);
if (nssrv != PR_SUCCESS) {
return nssrv;
}
/* Add the subject list to the cache */
nssrv = nssHash_Add(store->subject, &cert->subject, subjectList);
}
return nssrv;
}
NSS_IMPLEMENT void
nssCertificateStore_RemoveCertLOCKED (
nssCertificateStore *store,
NSSCertificate *cert
)
{
certificate_hash_entry *entry;
entry = (certificate_hash_entry *)
nssHash_Lookup(store->issuer_and_serial, cert);
if (entry && entry->cert == cert) {
remove_certificate_entry(store, cert);
remove_subject_entry(store, cert);
}
}
NSS_IMPLEMENT nssSMIMEProfile *
nssCertificateStore_FindSMIMEProfileForCertificate (
nssCertificateStore *store,
NSSCertificate *cert
)
{
certificate_hash_entry *entry;
nssSMIMEProfile *rvProfile = NULL;
PZ_Lock(store->lock);
entry = (certificate_hash_entry *)
nssHash_Lookup(store->issuer_and_serial, cert);
if (entry && entry->profile) {
rvProfile = nssSMIMEProfile_AddRef(entry->profile);
}
PZ_Unlock(store->lock);
return rvProfile;
}
NSS_IMPLEMENT NSSTrust *
nssCertificateStore_FindTrustForCertificate (
nssCertificateStore *store,
NSSCertificate *cert
)
{
certificate_hash_entry *entry;
NSSTrust *rvTrust = NULL;
PZ_Lock(store->lock);
entry = (certificate_hash_entry *)
nssHash_Lookup(store->issuer_and_serial, cert);
if (entry && entry->trust) {
rvTrust = nssTrust_AddRef(entry->trust);
}
PZ_Unlock(store->lock);
return rvTrust;
}
NSS_EXTERN PRStatus
nssCertificateStore_AddSMIMEProfile (
nssCertificateStore *store,
nssSMIMEProfile *profile
)
{
NSSCertificate *cert;
certificate_hash_entry *entry;
cert = profile->certificate;
PZ_Lock(store->lock);
entry = (certificate_hash_entry *)
nssHash_Lookup(store->issuer_and_serial, cert);
if (entry) {
entry->profile = nssSMIMEProfile_AddRef(profile);
}
PZ_Unlock(store->lock);
return (entry) ? PR_SUCCESS : PR_FAILURE;
}
NSS_EXTERN PRStatus
nssCertificateStore_AddTrust (
nssCertificateStore *store,
NSSTrust *trust
)
{
NSSCertificate *cert;
certificate_hash_entry *entry;
cert = trust->certificate;
PZ_Lock(store->lock);
entry = (certificate_hash_entry *)
nssHash_Lookup(store->issuer_and_serial, cert);
if (entry) {
entry->trust = nssTrust_AddRef(trust);
}
PZ_Unlock(store->lock);
return (entry) ? PR_SUCCESS : PR_FAILURE;
}
/* Caller holds store->lock */
static NSSCertificate *
nssCertStore_FindCertByIssuerAndSerialNumberLocked (
nssCertificateStore *store,
NSSDER *issuer,
NSSDER *serial
)
{
certificate_hash_entry *entry;
NSSCertificate *rvCert = NULL;
NSSCertificate index;
index.issuer = *issuer;
index.serial = *serial;
entry = (certificate_hash_entry *)
nssHash_Lookup(store->issuer_and_serial, &index);
if (entry) {
rvCert = nssCertificate_AddRef(entry->cert);
}
return rvCert;
}
static void
remove_certificate_entry (
nssCertificateStore *store,
NSSCertificate *cert
)
{
certificate_hash_entry *entry;
entry = (certificate_hash_entry *)
nssHash_Lookup(store->issuer_and_serial, cert);
if (entry) {
nssHash_Remove(store->issuer_and_serial, cert);
if (entry->trust) {
nssTrust_Destroy(entry->trust);
}
if (entry->profile) {
nssSMIMEProfile_Destroy(entry->profile);
}
nss_ZFreeIf(entry);
}
}
NSS_IMPLEMENT void
nssTrustDomain_RemoveCertFromCacheLOCKED (
NSSTrustDomain *td,
NSSCertificate *cert
)
{
nssList *subjectList;
cache_entry *ce;
NSSArena *arena;
NSSUTF8 *nickname;
#ifdef DEBUG_CACHE
log_cert_ref("attempt to remove cert", cert);
#endif
ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, cert);
if (!ce || ce->entry.cert != cert) {
/* If it's not in the cache, or a different cert is (this is really
* for safety reasons, though it shouldn't happen), do nothing
*/
#ifdef DEBUG_CACHE
PR_LOG(s_log, PR_LOG_DEBUG, ("but it wasn't in the cache"));
#endif
return;
}
(void)remove_issuer_and_serial_entry(td->cache, cert);
(void)remove_subject_entry(td->cache, cert, &subjectList,
&nickname, &arena);
if (nssList_Count(subjectList) == 0) {
(void)remove_nickname_entry(td->cache, nickname, subjectList);
(void)remove_email_entry(td->cache, cert, subjectList);
(void)nssList_Destroy(subjectList);
nssHash_Remove(td->cache->subject, &cert->subject);
/* there are no entries left for this subject, free the space used
* for both the nickname and subject entries
*/
if (arena) {
nssArena_Destroy(arena);
}
}
}
static PRStatus
remove_email_entry(
nssTDCertificateCache *cache,
NSSCertificate *cert,
nssList *subjectList)
{
PRStatus nssrv = PR_FAILURE;
cache_entry *ce;
/* Find the subject list in the email hash */
if (cert->email) {
ce = (cache_entry *)nssHash_Lookup(cache->email, cert->email);
if (ce) {
nssList *subjects = ce->entry.list;
/* Remove the subject list from the email hash */
if (subjects) {
nssList_Remove(subjects, subjectList);
#ifdef DEBUG_CACHE
log_item_dump("removed subject list", &cert->subject);
PR_LOG(s_log, PR_LOG_DEBUG, ("for email %s", cert->email));
#endif
if (nssList_Count(subjects) == 0) {
/* No more subject lists for email, delete list and
* remove hash entry
*/
(void)nssList_Destroy(subjects);
nssHash_Remove(cache->email, cert->email);
/* there are no entries left for this address, free space
* used for email entries
*/
nssArena_Destroy(ce->arena);
#ifdef DEBUG_CACHE
PR_LOG(s_log, PR_LOG_DEBUG, ("removed email %s", cert->email));
#endif
}
}
nssrv = PR_SUCCESS;
}
}
return nssrv;
}
