CERTCertTrust * nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc) { CERTCertTrust *rvTrust = NULL; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); NSSTrust *t; t = nssTrustDomain_FindTrustForCertificate(td, c); if (t) { rvTrust = cert_trust_from_stan_trust(t, cc->arena); if (!rvTrust) { nssTrust_Destroy(t); return NULL; } nssTrust_Destroy(t); } else { rvTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); if (!rvTrust) { return NULL; } memset(rvTrust, 0, sizeof(*rvTrust)); } if (NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL)) { rvTrust->sslFlags |= CERTDB_USER; rvTrust->emailFlags |= CERTDB_USER; rvTrust->objectSigningFlags |= CERTDB_USER; } return rvTrust; }
static PRStatus CollectNicknames( NSSCertificate *c, void *data) { CERTCertNicknames *names; PRBool saveit = PR_FALSE; stringNode *node; int len; #ifdef notdef NSSTrustDomain *td; NSSTrust *trust; #endif char *stanNickname; char *nickname = NULL; names = (CERTCertNicknames *)data; stanNickname = nssCertificate_GetNickname(c,NULL); if ( stanNickname ) { nss_ZFreeIf(stanNickname); stanNickname = NULL; if (names->what == SEC_CERT_NICKNAMES_USER) { saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL); } #ifdef notdef else { td = NSSCertificate_GetTrustDomain(c); if (!td) { return PR_SUCCESS; } trust = nssTrustDomain_FindTrustForCertificate(td,c); switch(names->what) { case SEC_CERT_NICKNAMES_ALL: if ((trust->sslFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) || (trust->emailFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) || (trust->objectSigningFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER))) { saveit = PR_TRUE; } break; case SEC_CERT_NICKNAMES_SERVER: if ( trust->sslFlags & CERTDB_VALID_PEER ) { saveit = PR_TRUE; } break; case SEC_CERT_NICKNAMES_CA: if (((trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA)|| ((trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA) || ((trust->objectSigningFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA)) { saveit = PR_TRUE; } break; } } #endif } /* traverse the list of collected nicknames and make sure we don't make * a duplicate */ if ( saveit ) { nickname = STAN_GetCERTCertificateName(NULL, c); /* nickname can only be NULL here if we are having memory * alloc problems */ if (nickname == NULL) { return PR_FAILURE; } node = (stringNode *)names->head; while ( node != NULL ) { if ( PORT_Strcmp(nickname, node->string) == 0 ) { /* if the string matches, then don't save this one */ saveit = PR_FALSE; break; } node = node->next; } } if ( saveit ) { /* allocate the node */ node = (stringNode*)PORT_ArenaAlloc(names->arena, sizeof(stringNode)); if ( node == NULL ) { PORT_Free(nickname); return PR_FAILURE; } /* copy the string */ len = PORT_Strlen(nickname) + 1; node->string = (char*)PORT_ArenaAlloc(names->arena, len); if ( node->string == NULL ) { PORT_Free(nickname); return PR_FAILURE; } PORT_Memcpy(node->string, nickname, len); /* link it into the list */ node->next = (stringNode *)names->head; names->head = (void *)node; /* bump the count */ names->numnicknames++; } if (nickname) PORT_Free(nickname); return(PR_SUCCESS); }