Fix for bug 353577 . Remove NSS_CLASSIC code. r=nelson, wtc

4 files changed, 0 insertions, 189 deletions

diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c
index 3babb4510..276eb193a 100644
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1279,14 +1279,8 @@ CERTCertificate *
 CERT_DupCertificate(CERTCertificate *c)
 {
     if (c) {
-#ifdef NSS_CLASSIC
-	CERT_LockCertRefCount(c);
-	++c->referenceCount;
-	CERT_UnlockCertRefCount(c);
-#else
 	NSSCertificate *tmp = STAN_GetNSSCertificate(c);
 	nssCertificate_AddRef(tmp);
-#endif
     }
     return c;
 }
diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h
index 5b0db4c40..2bfa48b17 100644
--- a/security/nss/lib/certdb/certt.h
+++ b/security/nss/lib/certdb/certt.h
@@ -62,11 +62,7 @@ typedef struct CERTAttributeStr                  CERTAttribute;
 typedef struct CERTAuthInfoAccessStr             CERTAuthInfoAccess;
 typedef struct CERTAuthKeyIDStr                  CERTAuthKeyID;
 typedef struct CERTBasicConstraintsStr           CERTBasicConstraints;
-#ifdef NSS_CLASSIC
-typedef struct CERTCertDBHandleStr               CERTCertDBHandle;
-#else
 typedef struct NSSTrustDomainStr                 CERTCertDBHandle;
-#endif
 typedef struct CERTCertExtensionStr              CERTCertExtension;
 typedef struct CERTCertKeyStr                    CERTCertKey;
 typedef struct CERTCertListStr                   CERTCertList;
diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c
index f34844343..dabd0f393 100644
--- a/security/nss/lib/certhigh/certhigh.c
+++ b/security/nss/lib/certhigh/certhigh.c
@@ -938,99 +938,6 @@ CERTCertificateList *
 CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
 		       PRBool includeRoot)
 {
-#ifdef NSS_CLASSIC
-    CERTCertificateList *chain = NULL;
-    CERTCertificate *c;
-    SECItem *p;
-    int rv, len = 0;
-    PRArenaPool *tmpArena, *arena;
-    certNode *head, *tail, *node;
-
-    /*
-     * Initialize stuff so we can goto loser.
-     */
-    head = NULL;
-    arena = NULL;
-
-    /* arena for linked list */
-    tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (tmpArena == NULL) goto no_memory;
-
-    /* arena for SecCertificateList */
-    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL) goto no_memory;
-
-    head = tail = (certNode*)PORT_ArenaZAlloc(tmpArena, sizeof(certNode));
-    if (head == NULL) goto no_memory;
-
-    /* put primary cert first in the linked list */
-    head->cert = c = CERT_DupCertificate(cert);
-    if (head->cert == NULL) goto loser;
-    len++;
-
-    /* add certs until we come to a self-signed one */
-    while(SECITEM_CompareItem(&c->derIssuer, &c->derSubject) != SECEqual) {
-	c = CERT_FindCertIssuer(tail->cert, PR_Now(), usage);
-	if (c == NULL) {
-	    /* no root is found, so make sure we don't attempt to delete one
-	     * below
-	     */
-	    includeRoot = PR_TRUE;
-	    break;
-	}
-	
-	tail->next = (certNode*)PORT_ArenaZAlloc(tmpArena, sizeof(certNode));
-	tail = tail->next;
-	if (tail == NULL) goto no_memory;
-	
-	tail->cert = c;
-	len++;
-    }
-
-    /* now build the CERTCertificateList */
-    chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
-    if (chain == NULL) goto no_memory;
-    chain->certs = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
-    if (chain->certs == NULL) goto no_memory;
-    
-    for(node = head, p = chain->certs; node; node = node->next, p++) {
-	rv = SECITEM_CopyItem(arena, p, &node->cert->derCert);
-	CERT_DestroyCertificate(node->cert);
-	node->cert = NULL;
-	if (rv < 0) goto loser;
-    }
-    if ( !includeRoot && len > 1) {
-	chain->len = len - 1;
-    } else {
-	chain->len = len;
-    }
-    
-    chain->arena = arena;
-
-    PORT_FreeArena(tmpArena, PR_FALSE);
-    
-    return chain;
-
-no_memory:
-    PORT_SetError(SEC_ERROR_NO_MEMORY);
-loser:
-    if (head != NULL) {
-	for (node = head; node; node = node->next) {
-	    if (node->cert != NULL)
-		CERT_DestroyCertificate(node->cert);
-	}
-    }
-
-    if (arena != NULL) {
-	PORT_FreeArena(arena, PR_FALSE);
-    }
-
-    if (tmpArena != NULL) {
-	PORT_FreeArena(tmpArena, PR_FALSE);
-    }
-
-    return NULL;
-#else
     CERTCertificateList *chain = NULL;
     NSSCertificate **stanChain;
     NSSCertificate *stanCert;
@@ -1112,7 +1019,6 @@ loser:
 	PORT_FreeArena(arena, PR_FALSE);
     }
     return NULL;
-#endif
 }
 
 /* Builds a CERTCertificateList holding just one DER-encoded cert, namely
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
index 724400ea2..942fd9527 100644
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -222,90 +222,6 @@ SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert,
 CERTCertificate *
 CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage)
 {
-#ifdef NSS_CLASSIC
-    CERTAuthKeyID *   authorityKeyID = NULL;  
-    CERTCertificate * issuerCert     = NULL;
-    SECItem *         caName;
-    PRArenaPool       *tmpArena = NULL;
-
-    tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    
-    if ( !tmpArena ) {
-	goto loser;
-    }
-    authorityKeyID = CERT_FindAuthKeyIDExten(tmpArena,cert);
-
-    if ( authorityKeyID != NULL ) {
-	/* has the authority key ID extension */
-	if ( authorityKeyID->keyID.data != NULL ) {
-	    /* extension contains a key ID, so lookup based on it */
-	    issuerCert = CERT_FindCertByKeyID(cert->dbhandle, &cert->derIssuer,
-					      &authorityKeyID->keyID);
-	    if ( issuerCert == NULL ) {
-		PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
-		goto loser;
-	    }
-	    
-	} else if ( authorityKeyID->authCertIssuer != NULL ) {
-	    /* no key ID, so try issuer and serial number */
-	    caName = (SECItem*)CERT_GetGeneralNameByType(authorityKeyID->authCertIssuer,
-					       		 certDirectoryName, PR_TRUE);
-
-	    /*
-	     * caName is NULL when the authCertIssuer field is not
-	     * being used, or other name form is used instead.
-	     * If the directoryName format and serialNumber fields are
-	     * used, we use them to find the CA cert.
-	     * Note:
-	     *	By the time it gets here, we known for sure that if the
-	     *	authCertIssuer exists, then the authCertSerialNumber
-	     *	must also exists (CERT_DecodeAuthKeyID() ensures this).
-	     *	We don't need to check again. 
-	     */
-
-	    if (caName != NULL) {
-		CERTIssuerAndSN issuerSN;
-
-		issuerSN.derIssuer.data = caName->data;
-		issuerSN.derIssuer.len = caName->len;
-		issuerSN.serialNumber.data = 
-			authorityKeyID->authCertSerialNumber.data;
-		issuerSN.serialNumber.len = 
-			authorityKeyID->authCertSerialNumber.len;
-		issuerCert = CERT_FindCertByIssuerAndSN(cert->dbhandle,
-								&issuerSN);
-		if ( issuerCert == NULL ) {
-		    PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
-		    goto loser;
-		}
-	    }
-	}
-    }
-    if ( issuerCert == NULL ) {
-	/* if there is not authorityKeyID, then try to find the issuer */
-	/* find a valid CA cert with correct usage */
-	issuerCert = CERT_FindMatchingCert(cert->dbhandle,
-					   &cert->derIssuer,
-					   certOwnerCA, usage, PR_TRUE,
-					   validTime, PR_TRUE);
-
-	/* if that fails, then fall back to grabbing any cert with right name*/
-	if ( issuerCert == NULL ) {
-	    issuerCert = CERT_FindCertByName(cert->dbhandle, &cert->derIssuer);
-	    if ( issuerCert == NULL ) {
-		PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
-	    }
-	}
-    }
-
-loser:
-    if (tmpArena != NULL) {
-	PORT_FreeArena(tmpArena, PR_FALSE);
-	tmpArena = NULL;
-    }
-
-    return(issuerCert);
-#else
     NSSCertificate *me;
     NSSTime *nssTime;
     NSSTrustDomain *td;
@@ -345,7 +261,6 @@ loser:
     }
     PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
     return NULL;
-#endif
 }
 
 /*