/* * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer */ SECStatus NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage) { if (signerinfo->cert == NULL) return SECFailure; /* don't leak if we get called twice */ if (signerinfo->certList != NULL) { CERT_DestroyCertificateList(signerinfo->certList); signerinfo->certList = NULL; } switch (cm) { case NSSCMSCM_None: signerinfo->certList = NULL; break; case NSSCMSCM_CertOnly: signerinfo->certList = CERT_CertListFromCert(signerinfo->cert); break; case NSSCMSCM_CertChain: signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_FALSE); break; case NSSCMSCM_CertChainWithRoot: signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_TRUE); break; } if (cm != NSSCMSCM_None && signerinfo->certList == NULL) return SECFailure; return SECSuccess; }
/* * SecCmsSignerInfoIncludeCerts - set cert chain inclusion mode for this signer */ OSStatus SecCmsSignerInfoIncludeCerts(SecCmsSignerInfoRef signerinfo, SecCmsCertChainMode cm, SECCertUsage usage) { if (signerinfo->cert == NULL) return SECFailure; /* don't leak if we get called twice */ if (signerinfo->certList != NULL) { CFRelease(signerinfo->certList); signerinfo->certList = NULL; } switch (cm) { case SecCmsCMNone: signerinfo->certList = NULL; break; case SecCmsCMCertOnly: signerinfo->certList = CERT_CertListFromCert(signerinfo->cert); break; case SecCmsCMCertChain: signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_FALSE); break; case SecCmsCMCertChainWithRoot: signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_TRUE); break; } if (cm != SecCmsCMNone && signerinfo->certList == NULL) return SECFailure; return SECSuccess; }
bool RTCCertificate::WriteCertificate(JSStructuredCloneWriter* aWriter, const nsNSSShutDownPreventionLock& /*proof*/) const { ScopedCERTCertificateList certs(CERT_CertListFromCert(mCertificate.get())); if (!certs || certs->len <= 0) { return false; } if (!JS_WriteUint32Pair(aWriter, certs->certs[0].len, 0)) { return false; } return JS_WriteBytes(aWriter, certs->certs[0].data, certs->certs[0].len); }
CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage, Boolean includeRoot) { SecPolicySearchRef searchRef = NULL; SecPolicyRef policy = NULL; CFArrayRef wrappedCert = NULL; SecTrustRef trust = NULL; CFArrayRef certChain = NULL; CSSM_TP_APPLE_EVIDENCE_INFO *statusChain; CFDataRef actionData = NULL; OSStatus status = 0; if (!cert) goto loser; status = SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_X509_BASIC, NULL, &searchRef); if (status) goto loser; status = SecPolicySearchCopyNext(searchRef, &policy); if (status) goto loser; wrappedCert = CERT_CertListFromCert(cert); status = SecTrustCreateWithCertificates(wrappedCert, policy, &trust); if (status) goto loser; /* Tell SecTrust that we don't care if any certs in the chain have expired, nor do we want to stop when encountering a cert with a trust setting; we always want to build the full chain. */ CSSM_APPLE_TP_ACTION_DATA localActionData = { CSSM_APPLE_TP_ACTION_VERSION, CSSM_TP_ACTION_ALLOW_EXPIRED | CSSM_TP_ACTION_ALLOW_EXPIRED_ROOT }; actionData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)&localActionData, sizeof(localActionData), kCFAllocatorNull); if (!actionData) goto loser; status = SecTrustSetParameters(trust, CSSM_TP_ACTION_DEFAULT, actionData); if (status) goto loser; status = SecTrustEvaluate(trust, NULL); if (status) goto loser; status = SecTrustGetResult(trust, NULL, &certChain, &statusChain); if (status) goto loser; /* We don't drop the root if there is only 1 (self signed) certificate in the chain. */ if (!includeRoot && CFArrayGetCount(certChain) > 1) { CFMutableArrayRef subChain = CFArrayCreateMutableCopy(NULL, 0, certChain); CFRelease(certChain); certChain = subChain; if (subChain) CFArrayRemoveValueAtIndex(subChain, CFArrayGetCount(subChain) - 1); } loser: if (searchRef) CFRelease(searchRef); if (policy) CFRelease(policy); if (wrappedCert) CFRelease(wrappedCert); if (trust) CFRelease(trust); if (actionData) CFRelease(actionData); if (certChain && status) { CFRelease(certChain); certChain = NULL; } return certChain; }