SecIdentityRef
CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray, const SECItem *subjKeyID)
{
SecCertificateRef certificate = CERT_FindCertBySubjectKeyID(keychainOrArray, NULL, subjKeyID);
if (!certificate)
return NULL;
return CERT_FindIdentityByCertificate(keychainOrArray, certificate);
}
/*
* Return the signing cert of a CMS signerInfo.
*
* the certs in the enclosing SignedData must have been imported already
*/
SecCertificateRef
SecCmsSignerInfoGetSigningCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef keychainOrArray)
{
SecCertificateRef cert;
SecCmsSignerIdentifier *sid;
OSStatus ortn;
CSSM_DATA_PTR *rawCerts;
if (signerinfo->cert != NULL) {
dprintfRC("SecCmsSignerInfoGetSigningCertificate top: cert %p cert.rc %d\n",
signerinfo->cert, (int)CFGetRetainCount(signerinfo->cert));
return signerinfo->cert;
}
ortn = SecCmsSignedDataRawCerts(signerinfo->sigd, &rawCerts);
if(ortn) {
return NULL;
}
dprintf("SecCmsSignerInfoGetSigningCertificate: numRawCerts %d\n",
SecCmsArrayCount((void **)rawCerts));
/*
* This cert will also need to be freed, but since we save it
* in signerinfo for later, we do not want to destroy it when
* we leave this function -- we let the clean-up of the entire
* cinfo structure later do the destroy of this cert.
*/
sid = &signerinfo->signerIdentifier;
switch (sid->identifierType) {
case SecCmsSignerIDIssuerSN:
cert = CERT_FindCertByIssuerAndSN(keychainOrArray, rawCerts, signerinfo->cmsg->poolp,
sid->id.issuerAndSN);
break;
case SecCmsSignerIDSubjectKeyID:
cert = CERT_FindCertBySubjectKeyID(keychainOrArray, rawCerts, sid->id.subjectKeyID);
break;
default:
cert = NULL;
break;
}
/* cert can be NULL at that point */
signerinfo->cert = cert; /* earmark it */
dprintfRC("SecCmsSignerInfoGetSigningCertificate end: certp %p cert.rc %d\n",
signerinfo->cert, (int)CFGetRetainCount(signerinfo->cert));
return cert;
}
/*
* Return the signing cert of a CMS signerInfo.
*
* the certs in the enclosing SignedData must have been imported already
*/
CERTCertificate *
NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb)
{
CERTCertificate *cert;
NSSCMSSignerIdentifier *sid;
if (signerinfo->cert != NULL)
return signerinfo->cert;
/* no certdb, and cert hasn't been set yet? */
if (certdb == NULL)
return NULL;
/*
* This cert will also need to be freed, but since we save it
* in signerinfo for later, we do not want to destroy it when
* we leave this function -- we let the clean-up of the entire
* cinfo structure later do the destroy of this cert.
*/
sid = &signerinfo->signerIdentifier;
switch (sid->identifierType) {
case NSSCMSSignerID_IssuerSN:
cert = CERT_FindCertByIssuerAndSN(certdb, sid->id.issuerAndSN);
break;
case NSSCMSSignerID_SubjectKeyID:
cert = CERT_FindCertBySubjectKeyID(certdb, sid->id.subjectKeyID);
break;
default:
cert = NULL;
break;
}
/* cert can be NULL at that point */
signerinfo->cert = cert; /* earmark it */
return cert;
}
