NSS_IMPLEMENT NSSCertificate *
NSSCryptoContext_FindBestCertificateByEmail (
NSSCryptoContext *cc,
NSSASCII7 *email,
NSSTime *timeOpt,
NSSUsage *usage,
NSSPolicies *policiesOpt
)
{
NSSCertificate **certs;
NSSCertificate *rvCert = NULL;
PORT_Assert(cc->certStore);
if (!cc->certStore) {
return NULL;
}
certs = nssCertificateStore_FindCertificatesByEmail(cc->certStore,
email,
NULL, 0, NULL);
if (certs) {
rvCert = nssCertificateArray_FindBestCertificate(certs,
timeOpt,
usage,
policiesOpt);
nssCertificateArray_Destroy(certs);
}
return rvCert;
}
NSS_IMPLEMENT NSSCertificate *
NSSCryptoContext_FindBestCertificateByNickname (
NSSCryptoContext *cc,
const NSSUTF8 *name,
NSSTime *timeOpt, /* NULL for "now" */
NSSUsage *usage,
NSSPolicies *policiesOpt /* NULL for none */
)
{
NSSCertificate **certs;
NSSCertificate *rvCert = NULL;
PORT_Assert(cc->certStore);
if (!cc->certStore) {
return NULL;
}
certs = nssCertificateStore_FindCertificatesByNickname(cc->certStore,
name,
NULL, 0, NULL);
if (certs) {
rvCert = nssCertificateArray_FindBestCertificate(certs,
timeOpt,
usage,
policiesOpt);
nssCertificateArray_Destroy(certs);
}
return rvCert;
}
static NSSCertificate *
get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
{
NSSUsage usage;
NSSCertificate *arr[3];
if (!ct) {
return nssCertificate_AddRef(cp);
} else if (!cp) {
return nssCertificate_AddRef(ct);
}
arr[0] = ct;
arr[1] = cp;
arr[2] = NULL;
usage.anyUsage = PR_TRUE;
return nssCertificateArray_FindBestCertificate(arr, NULL, &usage, NULL);
}
static NSSCertificate *
find_cert_issuer (
NSSCertificate *c,
NSSTime *timeOpt,
NSSUsage *usage,
NSSPolicies *policiesOpt,
NSSTrustDomain *td,
NSSCryptoContext *cc
)
{
NSSArena *arena;
NSSCertificate **certs = NULL;
NSSCertificate **ccIssuers = NULL;
NSSCertificate **tdIssuers = NULL;
NSSCertificate *issuer = NULL;
if (!cc)
cc = c->object.cryptoContext;
if (!td)
td = NSSCertificate_GetTrustDomain(c);
arena = nssArena_Create();
if (!arena) {
return (NSSCertificate *)NULL;
}
if (cc) {
ccIssuers = nssCryptoContext_FindCertificatesBySubject(cc,
&c->issuer,
NULL,
0,
arena);
}
if (td)
tdIssuers = nssTrustDomain_FindCertificatesBySubject(td,
&c->issuer,
NULL,
0,
arena);
certs = nssCertificateArray_Join(ccIssuers, tdIssuers);
if (certs) {
nssDecodedCert *dc = NULL;
void *issuerID = NULL;
dc = nssCertificate_GetDecoding(c);
if (dc) {
issuerID = dc->getIssuerIdentifier(dc);
}
/* XXX review based on CERT_FindCertIssuer
* this function is not using the authCertIssuer field as a fallback
* if authority key id does not exist
*/
if (issuerID) {
certs = filter_subject_certs_for_id(certs, issuerID);
}
certs = filter_certs_for_valid_issuers(certs);
issuer = nssCertificateArray_FindBestCertificate(certs,
timeOpt,
usage,
policiesOpt);
nssCertificateArray_Destroy(certs);
}
nssArena_Destroy(arena);
return issuer;
}
