/** * deleteCrl * * Delete a Crl entry from the cert db. */ NS_IMETHODIMP nsCRLManager::DeleteCrl(uint32_t aCrlIndex) { nsNSSShutDownPreventionLock locker; CERTSignedCrl *realCrl = nullptr; CERTCrlHeadNode *head = nullptr; CERTCrlNode *node = nullptr; SECStatus sec_rv; uint32_t i; // Get the list of certs // sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1); if (sec_rv != SECSuccess) { return NS_ERROR_FAILURE; } if (head) { for (i = 0, node=head->first; node; i++, node = node->next) { if (i != aCrlIndex) { continue; } realCrl = SEC_FindCrlByName(CERT_GetDefaultCertDB(), &(node->crl->crl.derName), node->type); SEC_DeletePermCRL(realCrl); SEC_DestroyCrl(realCrl); SSL_ClearSessionCache(); } PORT_FreeArena(head->arena, false); } return NS_OK; }
/** * getCRLs * * Export a set of certs and keys from the database to a PKCS#12 file. */ NS_IMETHODIMP nsCRLManager::GetCrls(nsIArray ** aCrls) { nsNSSShutDownPreventionLock locker; SECStatus sec_rv; CERTCrlHeadNode *head = nullptr; CERTCrlNode *node = nullptr; nsresult rv; nsCOMPtr<nsIMutableArray> crlsArray = do_CreateInstance(NS_ARRAY_CONTRACTID, &rv); if (NS_FAILED(rv)) { return rv; } // Get the list of certs // sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1); if (sec_rv != SECSuccess) { return NS_ERROR_FAILURE; } if (head) { for (node=head->first; node; node = node->next) { nsCOMPtr<nsICRLInfo> entry = new nsCRLInfo((node->crl)); crlsArray->AppendElement(entry, false); } PORT_FreeArena(head->arena, false); } *aCrls = crlsArray; NS_IF_ADDREF(*aCrls); return NS_OK; }
static CERTSignedCrl *get_issuer_crl(CERTCertDBHandle *handle, CERTCertificate *cert) { if (handle == NULL || cert == NULL) return NULL; DBG(DBG_X509, DBG_log("%s : looking for a CRL issued by %s", __FUNCTION__, cert->issuerName)); /* * Use SEC_LookupCrls method instead of SEC_FindCrlByName. * For some reason, SEC_FindCrlByName was giving out bad pointers! * * crl = (CERTSignedCrl *)SEC_FindCrlByName(handle, &searchName, SEC_CRL_TYPE); */ CERTCrlHeadNode *crl_list = NULL; if (SEC_LookupCrls(handle, &crl_list, SEC_CRL_TYPE) != SECSuccess) { return NULL; } CERTCrlNode *crl_node = crl_list->first; CERTSignedCrl *crl = NULL; while (crl_node != NULL) { if (crl_node->crl != NULL && SECITEM_ItemsAreEqual(&cert->derIssuer, &crl_node->crl->crl.derName)) { crl = crl_node->crl; DBG(DBG_X509, DBG_log("%s : CRL found", __FUNCTION__)); break; } crl_node = crl_node->next; } if (crl == NULL) { PORT_FreeArena(crl_list->arena, PR_FALSE); } return crl; }
static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls) { CERTCrlHeadNode *crlList = NULL; CERTCrlNode *crlNode = NULL; CERTName *name = NULL; PLArenaPool *arena = NULL; SECStatus rv; do { arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); if (arena == NULL) { fprintf(stderr, "%s: fail to allocate memory\n", progName); break; } name = PORT_ArenaZAlloc (arena, sizeof(*name)); if (name == NULL) { fprintf(stderr, "%s: fail to allocate memory\n", progName); break; } name->arena = arena; rv = SEC_LookupCrls (certHandle, &crlList, crlType); if (rv != SECSuccess) { fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName, SECU_Strerror(PORT_GetError())); break; } /* just in case */ if (!crlList) break; crlNode = crlList->first; fprintf (stdout, "\n"); fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type"); while (crlNode) { char* asciiname = NULL; CERTCertificate *cert = NULL; if (crlNode->crl && &crlNode->crl->crl.derName) { cert = CERT_FindCertByName(certHandle, &crlNode->crl->crl.derName); if (!cert) { SECU_PrintError(progName, "could not find signing " "certificate in database"); } } if (cert) { char* certName = NULL; if (cert->nickname && PORT_Strlen(cert->nickname) > 0) { certName = cert->nickname; } else if (cert->emailAddr && PORT_Strlen(cert->emailAddr) > 0) { certName = cert->emailAddr; } if (certName) { asciiname = PORT_Strdup(certName); } CERT_DestroyCertificate(cert); } if (!asciiname) { name = &crlNode->crl->crl.name; if (!name){ SECU_PrintError(progName, "fail to get the CRL " "issuer name"); continue; } asciiname = CERT_NameToAscii(name); } fprintf (stdout, "%-40s %-5s\n", asciiname, "CRL"); if (asciiname) { PORT_Free(asciiname); } if ( PR_TRUE == deletecrls) { CERTSignedCrl* acrl = NULL; SECItem* issuer = &crlNode->crl->crl.derName; acrl = SEC_FindCrlByName(certHandle, issuer, crlType); if (acrl) { SEC_DeletePermCRL(acrl); SEC_DestroyCrl(acrl); } } crlNode = crlNode->next; } } while (0); if (crlList) PORT_FreeArena (crlList->arena, PR_FALSE); PORT_FreeArena (arena, PR_FALSE); }