static void
remove_subject_entry (
nssCertificateStore *store,
NSSCertificate *cert
)
{
nssList *subjectList;
/* Get the subject list for the cert's subject */
subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
if (subjectList) {
/* Remove the cert from the subject hash */
nssList_Remove(subjectList, cert);
nssHash_Remove(store->subject, &cert->subject);
if (nssList_Count(subjectList) == 0) {
nssList_Destroy(subjectList);
} else {
/* The cert being released may have keyed the subject entry.
* Since there are still subject certs around, get another and
* rekey the entry just in case.
*/
NSSCertificate *subjectCert;
(void)nssList_GetArray(subjectList, (void **)&subjectCert, 1);
nssHash_Add(store->subject, &subjectCert->subject, subjectList);
}
}
}
static PRStatus
remove_issuer_and_serial_entry(
nssTDCertificateCache *cache,
NSSCertificate *cert)
{
/* Remove the cert from the issuer/serial hash */
nssHash_Remove(cache->issuerAndSN, cert);
#ifdef DEBUG_CACHE
log_cert_ref("removed issuer/sn", cert);
#endif
return PR_SUCCESS;
}
static PRStatus
remove_nickname_entry(
nssTDCertificateCache *cache,
NSSUTF8 *nickname,
nssList *subjectList)
{
PRStatus nssrv;
if (nickname) {
nssHash_Remove(cache->nickname, nickname);
nssrv = PR_SUCCESS;
#ifdef DEBUG_CACHE
PR_LOG(s_log, PR_LOG_DEBUG, ("removed nickname %s", nickname));
#endif
} else {
nssrv = PR_FAILURE;
}
return nssrv;
}
static void
remove_certificate_entry (
nssCertificateStore *store,
NSSCertificate *cert
)
{
certificate_hash_entry *entry;
entry = (certificate_hash_entry *)
nssHash_Lookup(store->issuer_and_serial, cert);
if (entry) {
nssHash_Remove(store->issuer_and_serial, cert);
if (entry->trust) {
nssTrust_Destroy(entry->trust);
}
if (entry->profile) {
nssSMIMEProfile_Destroy(entry->profile);
}
nss_ZFreeIf(entry);
}
}
NSS_IMPLEMENT void
nssTrustDomain_RemoveCertFromCacheLOCKED (
NSSTrustDomain *td,
NSSCertificate *cert
)
{
nssList *subjectList;
cache_entry *ce;
NSSArena *arena;
NSSUTF8 *nickname;
#ifdef DEBUG_CACHE
log_cert_ref("attempt to remove cert", cert);
#endif
ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, cert);
if (!ce || ce->entry.cert != cert) {
/* If it's not in the cache, or a different cert is (this is really
* for safety reasons, though it shouldn't happen), do nothing
*/
#ifdef DEBUG_CACHE
PR_LOG(s_log, PR_LOG_DEBUG, ("but it wasn't in the cache"));
#endif
return;
}
(void)remove_issuer_and_serial_entry(td->cache, cert);
(void)remove_subject_entry(td->cache, cert, &subjectList,
&nickname, &arena);
if (nssList_Count(subjectList) == 0) {
(void)remove_nickname_entry(td->cache, nickname, subjectList);
(void)remove_email_entry(td->cache, cert, subjectList);
(void)nssList_Destroy(subjectList);
nssHash_Remove(td->cache->subject, &cert->subject);
/* there are no entries left for this subject, free the space used
* for both the nickname and subject entries
*/
if (arena) {
nssArena_Destroy(arena);
}
}
}
static PRStatus
remove_email_entry(
nssTDCertificateCache *cache,
NSSCertificate *cert,
nssList *subjectList)
{
PRStatus nssrv = PR_FAILURE;
cache_entry *ce;
/* Find the subject list in the email hash */
if (cert->email) {
ce = (cache_entry *)nssHash_Lookup(cache->email, cert->email);
if (ce) {
nssList *subjects = ce->entry.list;
/* Remove the subject list from the email hash */
if (subjects) {
nssList_Remove(subjects, subjectList);
#ifdef DEBUG_CACHE
log_item_dump("removed subject list", &cert->subject);
PR_LOG(s_log, PR_LOG_DEBUG, ("for email %s", cert->email));
#endif
if (nssList_Count(subjects) == 0) {
/* No more subject lists for email, delete list and
* remove hash entry
*/
(void)nssList_Destroy(subjects);
nssHash_Remove(cache->email, cert->email);
/* there are no entries left for this address, free space
* used for email entries
*/
nssArena_Destroy(ce->arena);
#ifdef DEBUG_CACHE
PR_LOG(s_log, PR_LOG_DEBUG, ("removed email %s", cert->email));
#endif
}
}
nssrv = PR_SUCCESS;
}
}
return nssrv;
}
