diff options
author | jpierre%netscape.com <devnull@localhost> | 2002-10-03 03:35:32 +0000 |
---|---|---|
committer | jpierre%netscape.com <devnull@localhost> | 2002-10-03 03:35:32 +0000 |
commit | 27fa38aa49ae741e83d496db32b3913484671769 (patch) | |
tree | 1853c7996be70af4c72704bcaaf27b9a054ab1ee /security | |
parent | ee63ec0ba81c186c2020a0395d00ad326c903316 (diff) | |
download | nss-hg-27fa38aa49ae741e83d496db32b3913484671769.tar.gz |
Fix for 164744 - implement new functions for pk12util . r=wtc
Diffstat (limited to 'security')
-rw-r--r-- | security/nss/cmd/pk12util/pk12util.c | 59 | ||||
-rw-r--r-- | security/nss/lib/certdb/cert.h | 11 | ||||
-rw-r--r-- | security/nss/lib/certdb/certdb.c | 39 | ||||
-rw-r--r-- | security/nss/lib/certdb/certt.h | 1 | ||||
-rw-r--r-- | security/nss/lib/certhigh/certhigh.c | 30 | ||||
-rw-r--r-- | security/nss/lib/nss/nss.def | 2 |
6 files changed, 66 insertions, 76 deletions
diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index ddeaa1a7c..d0ba98ee8 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -552,38 +552,6 @@ p12u_WriteToExportFile(void *arg, const char *buf, unsigned long len) } } -static SECStatus -cert_UserCertsOnly(CERTCertList *certList) -{ - CERTCertListNode *node, *freenode; - CERTCertificate *cert; - PRUint32 numusercerts = 0; - - node = CERT_LIST_HEAD(certList); - - while ( ! CERT_LIST_END(node, certList) ) { - cert = node->cert; - if ( !( cert->trust->sslFlags & CERTDB_USER ) && - !( cert->trust->emailFlags & CERTDB_USER ) && - !( cert->trust->objectSigningFlags & CERTDB_USER ) ) { - /* Not a User Cert, so remove this cert from the list */ - freenode = node; - node = CERT_LIST_NEXT(node); - CERT_RemoveCertListNode(freenode); - } else { - /* Is a User cert, so leave it in the list */ - node = CERT_LIST_NEXT(node); - numusercerts ++; - } - } - - if (numusercerts) { - return(SECSuccess); - } else { - return(SECFailure); - } -} - void P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot, secuPWData *slotPw, secuPWData *p12FilePw) @@ -609,10 +577,11 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot, return; } - if (SECSuccess != cert_UserCertsOnly(certlist)) { - SECU_PrintError(progName,"find user certs from nickname failed"); + if ((SECSuccess != CERT_FilterCertListForUserCerts(certlist)) || + CERT_LIST_EMPTY(certlist)) { + SECU_PrintError(progName,"no user certs from given nickname"); pk12uErrno = PK12UERR_FINDCERTBYNN; - return; + goto loser; } /* Password to use for PKCS12 file. */ @@ -689,10 +658,11 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot, pk12uErrno = PK12UERR_ADDCERTKEY; goto loser; } - CERT_DestroyCertificate(cert); - node->cert = NULL; } + CERT_DestroyCertList(certlist); + certlist = NULL; + if(SEC_PKCS12Encode(p12ecx, p12u_WriteToExportFile, p12cxt) != SECSuccess) { SECU_PrintError(progName,"PKCS12 encode failed"); @@ -710,17 +680,10 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot, loser: SEC_PKCS12DestroyExportContext(p12ecx); - for (node = CERT_LIST_HEAD(certlist);!CERT_LIST_END(node,certlist);node=CERT_LIST_NEXT(node)) - { - CERTCertificate* cert = node->cert; - if (!node->cert) { - continue; - } - - if(cert) { - CERT_DestroyCertificate(cert); - } - } + if (certlist) { + CERT_DestroyCertList(certlist); + certlist = NULL; + } if (slotPw) PR_Free(slotPw->data); diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 46f77b75e..82e6c67e7 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -968,6 +968,11 @@ CERT_DupCertList(CERTCertificateList * oldList); extern void CERT_DestroyCertificateList(CERTCertificateList *list); +/* is cert a user cert ? ie. does it have CERTDB_USER trust, + ie. a private key + */ +PRBool CERT_IsUserCert(CERTCertificate* cert); + /* is cert a newer than cert b? */ PRBool CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb); @@ -1242,6 +1247,12 @@ CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames, char **caNames, SECCertUsage usage); /* + * Filter a list of certificates, removing those certs that aren't user certs + */ +SECStatus +CERT_FilterCertListForUserCerts(CERTCertList *certList); + +/* * Collect the nicknames from all certs in a CertList. If the cert is not * valid, append a string to that nickname. * diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index f3df9997f..a42b19b4f 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -2603,6 +2603,45 @@ loser: return(SECFailure); } +PRBool CERT_IsUserCert(CERTCertificate* cert) +{ + if ( (cert->trust->sslFlags & CERTDB_USER ) || + (cert->trust->emailFlags & CERTDB_USER ) || + (cert->trust->objectSigningFlags & CERTDB_USER ) ) { + return PR_TRUE; + } else { + return PR_FALSE; + } +} + +SECStatus +CERT_FilterCertListForUserCerts(CERTCertList *certList) +{ + CERTCertListNode *node, *freenode; + CERTCertificate *cert; + + if (!certList) { + return SECFailure; + } + + node = CERT_LIST_HEAD(certList); + + while ( ! CERT_LIST_END(node, certList) ) { + cert = node->cert; + if ( PR_TRUE != CERT_IsUserCert(cert) ) { + /* Not a User Cert, so remove this cert from the list */ + freenode = node; + node = CERT_LIST_NEXT(node); + CERT_RemoveCertListNode(freenode); + } else { + /* Is a User cert, so leave it in the list */ + node = CERT_LIST_NEXT(node); + } + } + + return(SECSuccess); +} + static PZLock *certRefCountLock = NULL; /* diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index 57f22efa7..3b9e985ee 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -371,6 +371,7 @@ struct CERTCertListStr { #define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list)) #define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next) #define CERT_LIST_END(n,l) (((void *)n) == ((void *)&l->list)) +#define CERT_LIST_EMPTY(l) CERT_LIST_END(CERT_LIST_HEAD(l), l) struct CERTCrlEntryStr { SECItem serialNumber; diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c index f3ab3a1bf..3b818d370 100644 --- a/security/nss/lib/certhigh/certhigh.c +++ b/security/nss/lib/certhigh/certhigh.c @@ -89,32 +89,6 @@ CERT_MatchNickname(char *name1, char *name2) { return PR_TRUE; } -static SECStatus -cert_UserCertsOnly(CERTCertList *certList) -{ - CERTCertListNode *node, *freenode; - CERTCertificate *cert; - - node = CERT_LIST_HEAD(certList); - - while ( ! CERT_LIST_END(node, certList) ) { - cert = node->cert; - if ( !( cert->trust->sslFlags & CERTDB_USER ) && - !( cert->trust->emailFlags & CERTDB_USER ) && - !( cert->trust->objectSigningFlags & CERTDB_USER ) ) { - /* Not a User Cert, so remove this cert from the list */ - freenode = node; - node = CERT_LIST_NEXT(node); - CERT_RemoveCertListNode(freenode); - } else { - /* Is a User cert, so leave it in the list */ - node = CERT_LIST_NEXT(node); - } - } - - return(SECSuccess); -} - /* * Find all user certificates that match the given criteria. * @@ -181,7 +155,7 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle, certList = CERT_CreateSubjectCertList(certList, handle, &cert->derSubject, time, validOnly); - cert_UserCertsOnly(certList); + CERT_FilterCertListForUserCerts(certList); /* drop the extra reference */ CERT_DestroyCertificate(cert); @@ -312,7 +286,7 @@ CERT_FindUserCertByUsage(CERTCertDBHandle *handle, certList = CERT_CreateSubjectCertList(certList, handle, &cert->derSubject, time, validOnly); - cert_UserCertsOnly(certList); + CERT_FilterCertListForUserCerts(certList); /* drop the extra reference */ CERT_DestroyCertificate(cert); diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 6d19fcaf9..d4c5d1c91 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -691,8 +691,10 @@ CERT_DecodeOCSPResponse; CERT_DestroyOCSPCertID; CERT_DestroyOCSPRequest; CERT_EncodeOCSPRequest; +CERT_FilterCertListForUserCerts; CERT_GetOCSPResponseStatus; CERT_GetOCSPStatusForCertID; +CERT_IsUserCert; CERT_RemoveCertListNode; CERT_VerifyCACertForUsage; CERT_VerifyCertificate; |