// Generate a certificate key from the issuer and serialnumber, then look it up in the database. // Return the cert if found. "issuerAndSN" is the issuer and serial number to look for SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray, CSSM_DATA_PTR *rawCerts, PRArenaPool *pl, const SecCmsIssuerAndSN *issuerAndSN) { SecCertificateRef certificate; int numRawCerts = SecCmsArrayCount((void **)rawCerts); int dex; OSStatus ortn; /* * First search the rawCerts array. */ for(dex=0; dex<numRawCerts; dex++) { ortn = SecCertificateCreateFromData(rawCerts[dex], CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, &certificate); if(ortn) { continue; } SecCmsIssuerAndSN *isn = CERT_GetCertIssuerAndSN(pl, certificate); if(isn == NULL) { CFRelease(certificate); continue; } if(!compareCssmData(&isn->derIssuer, &issuerAndSN->derIssuer)) { CFRelease(certificate); continue; } if(!compareCssmData(&isn->serialNumber, &issuerAndSN->serialNumber)) { CFRelease(certificate); continue; } /* got it */ dprintf("CERT_FindCertByIssuerAndSN: found cert %p\n", certificate); return certificate; } /* now search keychain(s) */ OSStatus status = SecCertificateFindByIssuerAndSN(keychainOrArray, &issuerAndSN->derIssuer, &issuerAndSN->serialNumber, &certificate); if (status) { PORT_SetError(SEC_ERROR_NO_EMAIL_CERT); certificate = NULL; } return certificate; }
bool cssmOidToAlg( const CSSM_OID *oid, CSSM_ALGORITHMS *alg) // RETURNED { const OidToAlgEnt *ent; for(ent=oidToAlgMap; ent->oid; ent++) { if(compareCssmData(ent->oid, oid)) { *alg = ent->alg; return true; } } return false; }
SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray, CSSM_DATA_PTR *rawCerts, const SECItem *subjKeyID) { SecCertificateRef certificate; int numRawCerts = SecCmsArrayCount((void **)rawCerts); int dex; OSStatus ortn; SECItem skid; /* * First search the rawCerts array. */ for(dex=0; dex<numRawCerts; dex++) { int match; ortn = SecCertificateCreateFromData(rawCerts[dex], CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, &certificate); if(ortn) { continue; } if(CERT_FindSubjectKeyIDExtension(certificate, &skid)) { CFRelease(certificate); /* not present */ continue; } match = compareCssmData(subjKeyID, &skid); SECITEM_FreeItem(&skid, PR_FALSE); if(match) { /* got it */ return certificate; } CFRelease(certificate); } /* now search keychain(s) */ OSStatus status = SecCertificateFindBySubjectKeyID(keychainOrArray,subjKeyID,&certificate); if (status) { PORT_SetError(SEC_ERROR_NO_EMAIL_CERT); certificate = NULL; } return certificate; }
/* * Print an NSS_ATV */ void printAtv( const NSS_ATV *atv) { const CSSM_OID *oid = &atv->type; const char *fieldName = "Other"; if(compareCssmData(oid, &CSSMOID_CountryName)) { fieldName = "Country "; } else if(compareCssmData(oid, &CSSMOID_OrganizationName)) { fieldName = "Org "; } else if(compareCssmData(oid, &CSSMOID_LocalityName)) { fieldName = "Locality "; } else if(compareCssmData(oid, &CSSMOID_OrganizationalUnitName)) { fieldName = "OrgUnit "; } else if(compareCssmData(oid, &CSSMOID_CommonName)) { fieldName = "Common Name "; } else if(compareCssmData(oid, &CSSMOID_Surname)) { fieldName = "Surname "; } else if(compareCssmData(oid, &CSSMOID_Title)) { fieldName = "Title "; } else if(compareCssmData(oid, &CSSMOID_Surname)) { fieldName = "Surname "; } else if(compareCssmData(oid, &CSSMOID_StateProvinceName)) { fieldName = "State "; } else if(compareCssmData(oid, &CSSMOID_CollectiveStateProvinceName)) { fieldName = "Coll. State "; } else if(compareCssmData(oid, &CSSMOID_EmailAddress)) { /* deprecated, used by Thawte */ fieldName = "Email addrs "; } else { fieldName = "Other name "; } printf(" %s : ", fieldName); switch(atv->value.tag) { case SEC_ASN1_PRINTABLE_STRING: case SEC_ASN1_IA5_STRING: case SEC_ASN1_T61_STRING: // mostly printable.... case SEC_ASN1_UTF8_STRING: // ditto printString(&atv->value.item); break; default: printData(&atv->value.item); break; } }