NSS_IMPLEMENT NSSUTF8 *
NSSToken_GetName (
NSSToken *token
)
{
return nssToken_GetName(token);
}
NSS_IMPLEMENT NSSUTF8 *
nssSlot_GetTokenName (
NSSSlot *slot
)
{
return nssToken_GetName(slot->token);
}
char *
STAN_GetCERTCertificateNameForInstance (
PLArenaPool *arenaOpt,
NSSCertificate *c,
nssCryptokiInstance *instance
)
{
NSSCryptoContext *context = c->object.cryptoContext;
PRStatus nssrv;
int nicklen, tokenlen, len;
NSSUTF8 *tokenName = NULL;
NSSUTF8 *stanNick = NULL;
char *nickname = NULL;
char *nick;
if (instance) {
stanNick = instance->label;
} else if (context) {
stanNick = c->object.tempName;
}
if (stanNick) {
/* fill other fields needed by NSS3 functions using CERTCertificate */
if (instance && (!PK11_IsInternalKeySlot(instance->token->pk11slot) ||
PORT_Strchr(stanNick, ':') != NULL) ) {
tokenName = nssToken_GetName(instance->token);
tokenlen = nssUTF8_Size(tokenName, &nssrv);
} else {
/* don't use token name for internal slot; 3.3 didn't */
tokenlen = 0;
}
nicklen = nssUTF8_Size(stanNick, &nssrv);
len = tokenlen + nicklen;
if (arenaOpt) {
nickname = PORT_ArenaAlloc(arenaOpt, len);
} else {
nickname = PORT_Alloc(len);
}
nick = nickname;
if (tokenName) {
memcpy(nick, tokenName, tokenlen-1);
nick += tokenlen-1;
*nick++ = ':';
}
memcpy(nick, stanNick, nicklen-1);
nickname[len-1] = '\0';
}
return nickname;
}
NSS_IMPLEMENT NSSToken *
NSSTrustDomain_FindTokenByName (
NSSTrustDomain *td,
NSSUTF8 *tokenName
)
{
PRStatus nssrv;
NSSUTF8 *myName;
NSSToken *tok = NULL;
NSSRWLock_LockRead(td->tokensLock);
for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
tok != (NSSToken *)NULL;
tok = (NSSToken *)nssListIterator_Next(td->tokens))
{
if (nssToken_IsPresent(tok)) {
myName = nssToken_GetName(tok);
if (nssUTF8_Equal(tokenName, myName, &nssrv)) break;
}
}
nssListIterator_Finish(td->tokens);
NSSRWLock_UnlockRead(td->tokensLock);
return tok;
}
static void
fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced)
{
CERTCertTrust* trust = NULL;
NSSTrust *nssTrust;
NSSCryptoContext *context = c->object.cryptoContext;
nssCryptokiInstance *instance;
NSSUTF8 *stanNick = NULL;
/* We are holding the base class object's lock on entry of this function
* This lock protects writes to fields of the CERTCertificate .
* It is also needed by some functions to compute values such as trust.
*/
instance = get_cert_instance(c);
if (instance) {
stanNick = instance->label;
} else if (context) {
stanNick = c->object.tempName;
}
/* fill other fields needed by NSS3 functions using CERTCertificate */
if ((!cc->nickname && stanNick) || forced) {
PRStatus nssrv;
int nicklen, tokenlen, len;
NSSUTF8 *tokenName = NULL;
char *nick;
if (instance &&
(!PK11_IsInternalKeySlot(instance->token->pk11slot) ||
(stanNick && PORT_Strchr(stanNick, ':') != NULL))) {
tokenName = nssToken_GetName(instance->token);
tokenlen = nssUTF8_Size(tokenName, &nssrv);
} else {
/* don't use token name for internal slot; 3.3 didn't */
tokenlen = 0;
}
if (stanNick) {
nicklen = nssUTF8_Size(stanNick, &nssrv);
len = tokenlen + nicklen;
nick = PORT_ArenaAlloc(cc->arena, len);
if (tokenName) {
memcpy(nick, tokenName, tokenlen-1);
nick[tokenlen-1] = ':';
memcpy(nick+tokenlen, stanNick, nicklen-1);
} else {
memcpy(nick, stanNick, nicklen-1);
}
nick[len-1] = '\0';
cc->nickname = nick;
} else {
cc->nickname = NULL;
}
}
if (context) {
/* trust */
nssTrust = nssCryptoContext_FindTrustForCertificate(context, c);
if (!nssTrust) {
/* chicken and egg issue:
*
* c->issuer and c->serial are empty at this point, but
* nssTrustDomain_FindTrustForCertificate use them to look up
* up the trust object, so we point them to cc->derIssuer and
* cc->serialNumber.
*
* Our caller will fill these in with proper arena copies when we
* return. */
c->issuer.data = cc->derIssuer.data;
c->issuer.size = cc->derIssuer.len;
c->serial.data = cc->serialNumber.data;
c->serial.size = cc->serialNumber.len;
nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c);
}
if (nssTrust) {
trust = cert_trust_from_stan_trust(nssTrust, cc->arena);
if (trust) {
/* we should destroy cc->trust before replacing it, but it's
allocated in cc->arena, so memory growth will occur on each
refresh */
CERT_LockCertTrust(cc);
cc->trust = trust;
CERT_UnlockCertTrust(cc);
}
nssTrust_Destroy(nssTrust);
}
} else if (instance) {
/* slot */
if (cc->slot != instance->token->pk11slot) {
if (cc->slot) {
PK11_FreeSlot(cc->slot);
}
cc->slot = PK11_ReferenceSlot(instance->token->pk11slot);
}
cc->ownSlot = PR_TRUE;
/* pkcs11ID */
cc->pkcs11ID = instance->handle;
/* trust */
trust = nssTrust_GetCERTCertTrustForCert(c, cc);
if (trust) {
/* we should destroy cc->trust before replacing it, but it's
allocated in cc->arena, so memory growth will occur on each
refresh */
CERT_LockCertTrust(cc);
cc->trust = trust;
CERT_UnlockCertTrust(cc);
}
nssCryptokiObject_Destroy(instance);
}
/* database handle is now the trust domain */
cc->dbhandle = c->object.trustDomain;
/* subjectList ? */
/* istemp and isperm are supported in NSS 3.4 */
cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */
cc->isperm = PR_TRUE; /* by default */
/* pointer back */
cc->nssCertificate = c;
if (trust) {
/* force the cert type to be recomputed to include trust info */
PRUint32 nsCertType = cert_ComputeCertType(cc);
/* Assert that it is safe to cast &cc->nsCertType to "PRInt32 *" */
PORT_Assert(sizeof(cc->nsCertType) == sizeof(PRInt32));
PR_ATOMIC_SET((PRInt32 *)&cc->nsCertType, nsCertType);
}
}
