// Generate a certificate key from the issuer and serialnumber, then look it up in the database.
// Return the cert if found. "issuerAndSN" is the issuer and serial number to look for
SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray,
CSSM_DATA_PTR *rawCerts, PRArenaPool *pl, const SecCmsIssuerAndSN *issuerAndSN)
{
SecCertificateRef certificate;
int numRawCerts = SecCmsArrayCount((void **)rawCerts);
int dex;
OSStatus ortn;
/*
* First search the rawCerts array.
*/
for(dex=0; dex<numRawCerts; dex++) {
ortn = SecCertificateCreateFromData(rawCerts[dex],
CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER,
&certificate);
if(ortn) {
continue;
}
SecCmsIssuerAndSN *isn = CERT_GetCertIssuerAndSN(pl, certificate);
if(isn == NULL) {
CFRelease(certificate);
continue;
}
if(!compareCssmData(&isn->derIssuer, &issuerAndSN->derIssuer)) {
CFRelease(certificate);
continue;
}
if(!compareCssmData(&isn->serialNumber, &issuerAndSN->serialNumber)) {
CFRelease(certificate);
continue;
}
/* got it */
dprintf("CERT_FindCertByIssuerAndSN: found cert %p\n", certificate);
return certificate;
}
/* now search keychain(s) */
OSStatus status = SecCertificateFindByIssuerAndSN(keychainOrArray, &issuerAndSN->derIssuer,
&issuerAndSN->serialNumber, &certificate);
if (status)
{
PORT_SetError(SEC_ERROR_NO_EMAIL_CERT);
certificate = NULL;
}
return certificate;
}
bool cssmOidToAlg(
const CSSM_OID *oid,
CSSM_ALGORITHMS *alg) // RETURNED
{
const OidToAlgEnt *ent;
for(ent=oidToAlgMap; ent->oid; ent++) {
if(compareCssmData(ent->oid, oid)) {
*alg = ent->alg;
return true;
}
}
return false;
}
SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray,
CSSM_DATA_PTR *rawCerts, const SECItem *subjKeyID)
{
SecCertificateRef certificate;
int numRawCerts = SecCmsArrayCount((void **)rawCerts);
int dex;
OSStatus ortn;
SECItem skid;
/*
* First search the rawCerts array.
*/
for(dex=0; dex<numRawCerts; dex++) {
int match;
ortn = SecCertificateCreateFromData(rawCerts[dex],
CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER,
&certificate);
if(ortn) {
continue;
}
if(CERT_FindSubjectKeyIDExtension(certificate, &skid)) {
CFRelease(certificate);
/* not present */
continue;
}
match = compareCssmData(subjKeyID, &skid);
SECITEM_FreeItem(&skid, PR_FALSE);
if(match) {
/* got it */
return certificate;
}
CFRelease(certificate);
}
/* now search keychain(s) */
OSStatus status = SecCertificateFindBySubjectKeyID(keychainOrArray,subjKeyID,&certificate);
if (status)
{
PORT_SetError(SEC_ERROR_NO_EMAIL_CERT);
certificate = NULL;
}
return certificate;
}
/*
* Print an NSS_ATV
*/
void printAtv(
const NSS_ATV *atv)
{
const CSSM_OID *oid = &atv->type;
const char *fieldName = "Other";
if(compareCssmData(oid, &CSSMOID_CountryName)) {
fieldName = "Country ";
}
else if(compareCssmData(oid, &CSSMOID_OrganizationName)) {
fieldName = "Org ";
}
else if(compareCssmData(oid, &CSSMOID_LocalityName)) {
fieldName = "Locality ";
}
else if(compareCssmData(oid, &CSSMOID_OrganizationalUnitName)) {
fieldName = "OrgUnit ";
}
else if(compareCssmData(oid, &CSSMOID_CommonName)) {
fieldName = "Common Name ";
}
else if(compareCssmData(oid, &CSSMOID_Surname)) {
fieldName = "Surname ";
}
else if(compareCssmData(oid, &CSSMOID_Title)) {
fieldName = "Title ";
}
else if(compareCssmData(oid, &CSSMOID_Surname)) {
fieldName = "Surname ";
}
else if(compareCssmData(oid, &CSSMOID_StateProvinceName)) {
fieldName = "State ";
}
else if(compareCssmData(oid, &CSSMOID_CollectiveStateProvinceName)) {
fieldName = "Coll. State ";
}
else if(compareCssmData(oid, &CSSMOID_EmailAddress)) {
/* deprecated, used by Thawte */
fieldName = "Email addrs ";
}
else {
fieldName = "Other name ";
}
printf(" %s : ", fieldName);
switch(atv->value.tag) {
case SEC_ASN1_PRINTABLE_STRING:
case SEC_ASN1_IA5_STRING:
case SEC_ASN1_T61_STRING: // mostly printable....
case SEC_ASN1_UTF8_STRING: // ditto
printString(&atv->value.item);
break;
default:
printData(&atv->value.item);
break;
}
}
