File: | security/nss/lib/softoken/legacydb/pcertdb.c |
Location: | line 3703, column 4 |
Description: | Value stored to 'rv' is never read |
1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | |
5 | /* |
6 | * Permanent Certificate database handling code |
7 | */ |
8 | #include "lowkeyti.h" |
9 | #include "pcert.h" |
10 | #include "mcom_db.h" |
11 | #include "pcert.h" |
12 | #include "secitem.h" |
13 | #include "secder.h" |
14 | |
15 | #include "secerr.h" |
16 | #include "lgdb.h" |
17 | |
18 | /* forward declaration */ |
19 | NSSLOWCERTCertificate * |
20 | nsslowcert_FindCertByDERCertNoLocking(NSSLOWCERTCertDBHandle *handle, SECItem *derCert); |
21 | static SECStatus |
22 | nsslowcert_UpdateSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, |
23 | char *emailAddr, SECItem *derSubject, SECItem *emailProfile, |
24 | SECItem *profileTime); |
25 | static SECStatus |
26 | nsslowcert_UpdatePermCert(NSSLOWCERTCertDBHandle *dbhandle, |
27 | NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust); |
28 | static SECStatus |
29 | nsslowcert_UpdateCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, |
30 | SECItem *crlKey, char *url, PRBool isKRL); |
31 | |
32 | static NSSLOWCERTCertificate *certListHead = NULL((void*)0); |
33 | static NSSLOWCERTTrust *trustListHead = NULL((void*)0); |
34 | static certDBEntryCert *entryListHead = NULL((void*)0); |
35 | static int certListCount = 0; |
36 | static int trustListCount = 0; |
37 | static int entryListCount = 0; |
38 | #define MAX_CERT_LIST_COUNT10 10 |
39 | #define MAX_TRUST_LIST_COUNT10 10 |
40 | #define MAX_ENTRY_LIST_COUNT10 10 |
41 | |
42 | /* |
43 | * the following functions are wrappers for the db library that implement |
44 | * a global lock to make the database thread safe. |
45 | */ |
46 | static PZLockPRLock *dbLock = NULL((void*)0); |
47 | static PZLockPRLock *certRefCountLock = NULL((void*)0); |
48 | static PZLockPRLock *certTrustLock = NULL((void*)0); |
49 | static PZLockPRLock *freeListLock = NULL((void*)0); |
50 | |
51 | void |
52 | certdb_InitDBLock(NSSLOWCERTCertDBHandle *handle) |
53 | { |
54 | if (dbLock == NULL((void*)0)) { |
55 | dbLock = PZ_NewLock(nssILockCertDB)PR_NewLock(); |
56 | PORT_Assert(dbLock != NULL)((dbLock != ((void*)0))?((void)0):PR_Assert("dbLock != NULL", "pcertdb.c",56)); |
57 | } |
58 | } |
59 | |
60 | SECStatus |
61 | nsslowcert_InitLocks(void) |
62 | { |
63 | if (freeListLock == NULL((void*)0)) { |
64 | freeListLock = PZ_NewLock(nssILockRefLock)PR_NewLock(); |
65 | if (freeListLock == NULL((void*)0)) { |
66 | return SECFailure; |
67 | } |
68 | } |
69 | if (certRefCountLock == NULL((void*)0)) { |
70 | certRefCountLock = PZ_NewLock(nssILockRefLock)PR_NewLock(); |
71 | if (certRefCountLock == NULL((void*)0)) { |
72 | return SECFailure; |
73 | } |
74 | } |
75 | if (certTrustLock == NULL((void*)0) ) { |
76 | certTrustLock = PZ_NewLock(nssILockCertDB)PR_NewLock(); |
77 | if (certTrustLock == NULL((void*)0)) { |
78 | return SECFailure; |
79 | } |
80 | } |
81 | |
82 | return SECSuccess; |
83 | } |
84 | |
85 | /* |
86 | * Acquire the global lock on the cert database. |
87 | * This lock is currently used for the following operations: |
88 | * adding or deleting a cert to either the temp or perm databases |
89 | * converting a temp to perm or perm to temp |
90 | * changing (maybe just adding!?) the trust of a cert |
91 | * chaning the DB status checking Configuration |
92 | */ |
93 | static void |
94 | nsslowcert_LockDB(NSSLOWCERTCertDBHandle *handle) |
95 | { |
96 | PZ_EnterMonitor(handle->dbMon)PR_EnterMonitor((handle->dbMon)); |
97 | return; |
98 | } |
99 | |
100 | /* |
101 | * Free the global cert database lock. |
102 | */ |
103 | static void |
104 | nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle) |
105 | { |
106 | PRStatus prstat; |
107 | |
108 | prstat = PZ_ExitMonitor(handle->dbMon)PR_ExitMonitor((handle->dbMon)); |
109 | |
110 | PORT_Assert(prstat == PR_SUCCESS)((prstat == PR_SUCCESS)?((void)0):PR_Assert("prstat == PR_SUCCESS" ,"pcertdb.c",110)); |
111 | |
112 | return; |
113 | } |
114 | |
115 | |
116 | /* |
117 | * Acquire the cert reference count lock |
118 | * There is currently one global lock for all certs, but I'm putting a cert |
119 | * arg here so that it will be easy to make it per-cert in the future if |
120 | * that turns out to be necessary. |
121 | */ |
122 | static void |
123 | nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert) |
124 | { |
125 | PORT_Assert(certRefCountLock != NULL)((certRefCountLock != ((void*)0))?((void)0):PR_Assert("certRefCountLock != NULL" ,"pcertdb.c",125)); |
126 | |
127 | PZ_Lock(certRefCountLock)PR_Lock((certRefCountLock)); |
128 | return; |
129 | } |
130 | |
131 | /* |
132 | * Free the cert reference count lock |
133 | */ |
134 | static void |
135 | nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert) |
136 | { |
137 | PRStatus prstat; |
138 | |
139 | PORT_Assert(certRefCountLock != NULL)((certRefCountLock != ((void*)0))?((void)0):PR_Assert("certRefCountLock != NULL" ,"pcertdb.c",139)); |
140 | |
141 | prstat = PZ_Unlock(certRefCountLock)PR_Unlock((certRefCountLock)); |
142 | |
143 | PORT_Assert(prstat == PR_SUCCESS)((prstat == PR_SUCCESS)?((void)0):PR_Assert("prstat == PR_SUCCESS" ,"pcertdb.c",143)); |
144 | |
145 | return; |
146 | } |
147 | |
148 | /* |
149 | * Acquire the cert trust lock |
150 | * There is currently one global lock for all certs, but I'm putting a cert |
151 | * arg here so that it will be easy to make it per-cert in the future if |
152 | * that turns out to be necessary. |
153 | */ |
154 | static void |
155 | nsslowcert_LockCertTrust(NSSLOWCERTCertificate *cert) |
156 | { |
157 | PORT_Assert(certTrustLock != NULL)((certTrustLock != ((void*)0))?((void)0):PR_Assert("certTrustLock != NULL" ,"pcertdb.c",157)); |
158 | |
159 | PZ_Lock(certTrustLock)PR_Lock((certTrustLock)); |
160 | return; |
161 | } |
162 | |
163 | /* |
164 | * Free the cert trust lock |
165 | */ |
166 | static void |
167 | nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert) |
168 | { |
169 | PRStatus prstat; |
170 | |
171 | PORT_Assert(certTrustLock != NULL)((certTrustLock != ((void*)0))?((void)0):PR_Assert("certTrustLock != NULL" ,"pcertdb.c",171)); |
172 | |
173 | prstat = PZ_Unlock(certTrustLock)PR_Unlock((certTrustLock)); |
174 | |
175 | PORT_Assert(prstat == PR_SUCCESS)((prstat == PR_SUCCESS)?((void)0):PR_Assert("prstat == PR_SUCCESS" ,"pcertdb.c",175)); |
176 | |
177 | return; |
178 | } |
179 | |
180 | |
181 | /* |
182 | * Acquire the cert reference count lock |
183 | * There is currently one global lock for all certs, but I'm putting a cert |
184 | * arg here so that it will be easy to make it per-cert in the future if |
185 | * that turns out to be necessary. |
186 | */ |
187 | static void |
188 | nsslowcert_LockFreeList(void) |
189 | { |
190 | PORT_Assert(freeListLock != NULL)((freeListLock != ((void*)0))?((void)0):PR_Assert("freeListLock != NULL" ,"pcertdb.c",190)); |
191 | |
192 | SKIP_AFTER_FORK(PZ_Lock(freeListLock))if (!lg_parentForkedAfterC_Initialize) PR_Lock((freeListLock) ); |
193 | return; |
194 | } |
195 | |
196 | /* |
197 | * Free the cert reference count lock |
198 | */ |
199 | static void |
200 | nsslowcert_UnlockFreeList(void) |
201 | { |
202 | PRStatus prstat = PR_SUCCESS; |
203 | |
204 | PORT_Assert(freeListLock != NULL)((freeListLock != ((void*)0))?((void)0):PR_Assert("freeListLock != NULL" ,"pcertdb.c",204)); |
205 | |
206 | SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock))if (!lg_parentForkedAfterC_Initialize) prstat = PR_Unlock((freeListLock )); |
207 | |
208 | PORT_Assert(prstat == PR_SUCCESS)((prstat == PR_SUCCESS)?((void)0):PR_Assert("prstat == PR_SUCCESS" ,"pcertdb.c",208)); |
209 | |
210 | return; |
211 | } |
212 | |
213 | NSSLOWCERTCertificate * |
214 | nsslowcert_DupCertificate(NSSLOWCERTCertificate *c) |
215 | { |
216 | if (c) { |
217 | nsslowcert_LockCertRefCount(c); |
218 | ++c->referenceCount; |
219 | nsslowcert_UnlockCertRefCount(c); |
220 | } |
221 | return c; |
222 | } |
223 | |
224 | static int |
225 | certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) |
226 | { |
227 | PRStatus prstat; |
228 | int ret; |
229 | |
230 | PORT_Assert(dbLock != NULL)((dbLock != ((void*)0))?((void)0):PR_Assert("dbLock != NULL", "pcertdb.c",230)); |
231 | PZ_Lock(dbLock)PR_Lock((dbLock)); |
232 | |
233 | ret = (* db->get)(db, key, data, flags); |
234 | |
235 | prstat = PZ_Unlock(dbLock)PR_Unlock((dbLock)); |
236 | |
237 | return(ret); |
238 | } |
239 | |
240 | static int |
241 | certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) |
242 | { |
243 | PRStatus prstat; |
244 | int ret = 0; |
245 | |
246 | PORT_Assert(dbLock != NULL)((dbLock != ((void*)0))?((void)0):PR_Assert("dbLock != NULL", "pcertdb.c",246)); |
247 | PZ_Lock(dbLock)PR_Lock((dbLock)); |
248 | |
249 | ret = (* db->put)(db, key, data, flags); |
250 | |
251 | prstat = PZ_Unlock(dbLock)PR_Unlock((dbLock)); |
252 | |
253 | return(ret); |
254 | } |
255 | |
256 | static int |
257 | certdb_Sync(DB *db, unsigned int flags) |
258 | { |
259 | PRStatus prstat; |
260 | int ret; |
261 | |
262 | PORT_Assert(dbLock != NULL)((dbLock != ((void*)0))?((void)0):PR_Assert("dbLock != NULL", "pcertdb.c",262)); |
263 | PZ_Lock(dbLock)PR_Lock((dbLock)); |
264 | |
265 | ret = (* db->sync)(db, flags); |
266 | |
267 | prstat = PZ_Unlock(dbLock)PR_Unlock((dbLock)); |
268 | |
269 | return(ret); |
270 | } |
271 | |
272 | #define DB_NOT_FOUND-30991 -30991 /* from DBM 3.2 */ |
273 | static int |
274 | certdb_Del(DB *db, DBT *key, unsigned int flags) |
275 | { |
276 | PRStatus prstat; |
277 | int ret; |
278 | |
279 | PORT_Assert(dbLock != NULL)((dbLock != ((void*)0))?((void)0):PR_Assert("dbLock != NULL", "pcertdb.c",279)); |
280 | PZ_Lock(dbLock)PR_Lock((dbLock)); |
281 | |
282 | ret = (* db->del)(db, key, flags); |
283 | |
284 | prstat = PZ_Unlock(dbLock)PR_Unlock((dbLock)); |
285 | |
286 | /* don't fail if the record is already deleted */ |
287 | if (ret == DB_NOT_FOUND-30991) { |
288 | ret = 0; |
289 | } |
290 | |
291 | return(ret); |
292 | } |
293 | |
294 | static int |
295 | certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) |
296 | { |
297 | PRStatus prstat; |
298 | int ret; |
299 | |
300 | PORT_Assert(dbLock != NULL)((dbLock != ((void*)0))?((void)0):PR_Assert("dbLock != NULL", "pcertdb.c",300)); |
301 | PZ_Lock(dbLock)PR_Lock((dbLock)); |
302 | |
303 | ret = (* db->seq)(db, key, data, flags); |
304 | |
305 | prstat = PZ_Unlock(dbLock)PR_Unlock((dbLock)); |
306 | |
307 | return(ret); |
308 | } |
309 | |
310 | static void |
311 | certdb_Close(DB *db) |
312 | { |
313 | PRStatus prstat = PR_SUCCESS; |
314 | |
315 | PORT_Assert(dbLock != NULL)((dbLock != ((void*)0))?((void)0):PR_Assert("dbLock != NULL", "pcertdb.c",315)); |
316 | SKIP_AFTER_FORK(PZ_Lock(dbLock))if (!lg_parentForkedAfterC_Initialize) PR_Lock((dbLock)); |
317 | |
318 | (* db->close)(db); |
319 | |
320 | SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock))if (!lg_parentForkedAfterC_Initialize) prstat = PR_Unlock((dbLock )); |
321 | |
322 | return; |
323 | } |
324 | |
325 | void |
326 | pkcs11_freeNickname(char *nickname, char *space) |
327 | { |
328 | if (nickname && nickname != space) { |
329 | PORT_FreePORT_Free_Util(nickname); |
330 | } |
331 | } |
332 | |
333 | char * |
334 | pkcs11_copyNickname(char *nickname,char *space, int spaceLen) |
335 | { |
336 | int len; |
337 | char *copy = NULL((void*)0); |
338 | |
339 | len = PORT_Strlen(nickname)strlen(nickname)+1; |
340 | if (len <= spaceLen) { |
341 | copy = space; |
342 | PORT_Memcpymemcpy(copy,nickname,len); |
343 | } else { |
344 | copy = PORT_StrdupPORT_Strdup_Util(nickname); |
345 | } |
346 | |
347 | return copy; |
348 | } |
349 | |
350 | void |
351 | pkcs11_freeStaticData (unsigned char *data, unsigned char *space) |
352 | { |
353 | if (data && data != space) { |
354 | PORT_FreePORT_Free_Util(data); |
355 | } |
356 | } |
357 | |
358 | unsigned char * |
359 | pkcs11_allocStaticData(int len, unsigned char *space, int spaceLen) |
360 | { |
361 | unsigned char *data = NULL((void*)0); |
362 | |
363 | if (len <= spaceLen) { |
364 | data = space; |
365 | } else { |
366 | data = (unsigned char *) PORT_AllocPORT_Alloc_Util(len); |
367 | } |
368 | |
369 | return data; |
370 | } |
371 | |
372 | unsigned char * |
373 | pkcs11_copyStaticData(unsigned char *data, int len, |
374 | unsigned char *space, int spaceLen) |
375 | { |
376 | unsigned char *copy = pkcs11_allocStaticData(len, space, spaceLen); |
377 | if (copy) { |
378 | PORT_Memcpymemcpy(copy,data,len); |
379 | } |
380 | |
381 | return copy; |
382 | } |
383 | |
384 | /* |
385 | * destroy a database entry |
386 | */ |
387 | static void |
388 | DestroyDBEntry(certDBEntry *entry) |
389 | { |
390 | PLArenaPool *arena = entry->common.arena; |
391 | |
392 | /* must be one of our certDBEntry from the free list */ |
393 | if (arena == NULL((void*)0)) { |
394 | certDBEntryCert *certEntry; |
395 | if ( entry->common.type != certDBEntryTypeCert) { |
396 | return; |
397 | } |
398 | certEntry = (certDBEntryCert *)entry; |
399 | |
400 | pkcs11_freeStaticData(certEntry->derCert.data, certEntry->derCertSpace); |
401 | pkcs11_freeNickname(certEntry->nickname, certEntry->nicknameSpace); |
402 | |
403 | nsslowcert_LockFreeList(); |
404 | if (entryListCount > MAX_ENTRY_LIST_COUNT10) { |
405 | PORT_FreePORT_Free_Util(certEntry); |
406 | } else { |
407 | entryListCount++; |
408 | PORT_Memsetmemset(certEntry, 0, sizeof( *certEntry)); |
409 | certEntry->next = entryListHead; |
410 | entryListHead = certEntry; |
411 | } |
412 | nsslowcert_UnlockFreeList(); |
413 | return; |
414 | } |
415 | |
416 | |
417 | /* Zero out the entry struct, so that any further attempts to use it |
418 | * will cause an exception (e.g. null pointer reference). */ |
419 | PORT_Memsetmemset(&entry->common, 0, sizeof entry->common); |
420 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
421 | |
422 | return; |
423 | } |
424 | |
425 | /* forward references */ |
426 | static void nsslowcert_DestroyCertificateNoLocking(NSSLOWCERTCertificate *cert); |
427 | |
428 | static SECStatus |
429 | DeleteDBEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryType type, SECItem *dbkey) |
430 | { |
431 | DBT key; |
432 | int ret; |
433 | |
434 | /* init the database key */ |
435 | key.data = dbkey->data; |
436 | key.size = dbkey->len; |
437 | |
438 | dbkey->data[0] = (unsigned char)type; |
439 | |
440 | /* delete entry from database */ |
441 | ret = certdb_Del(handle->permCertDB, &key, 0 ); |
442 | if ( ret != 0 ) { |
443 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
444 | goto loser; |
445 | } |
446 | |
447 | ret = certdb_Sync(handle->permCertDB, 0); |
448 | if ( ret ) { |
449 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
450 | goto loser; |
451 | } |
452 | |
453 | return(SECSuccess); |
454 | |
455 | loser: |
456 | return(SECFailure); |
457 | } |
458 | |
459 | static SECStatus |
460 | ReadDBEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCommon *entry, |
461 | SECItem *dbkey, SECItem *dbentry, PLArenaPool *arena) |
462 | { |
463 | DBT data, key; |
464 | int ret; |
465 | unsigned char *buf; |
466 | |
467 | /* init the database key */ |
468 | key.data = dbkey->data; |
469 | key.size = dbkey->len; |
470 | |
471 | dbkey->data[0] = (unsigned char)entry->type; |
472 | |
473 | /* read entry from database */ |
474 | ret = certdb_Get(handle->permCertDB, &key, &data, 0 ); |
475 | if ( ret != 0 ) { |
476 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
477 | goto loser; |
478 | } |
479 | |
480 | /* validate the entry */ |
481 | if ( data.size < SEC_DB_ENTRY_HEADER_LEN3 ) { |
482 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
483 | goto loser; |
484 | } |
485 | buf = (unsigned char *)data.data; |
486 | /* version 7 has the same schema, we may be using a v7 db if we openned |
487 | * the databases readonly. */ |
488 | if (!((buf[0] == (unsigned char)CERT_DB_FILE_VERSION8) |
489 | || (buf[0] == (unsigned char) CERT_DB_V7_FILE_VERSION7))) { |
490 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
491 | goto loser; |
492 | } |
493 | if ( buf[1] != (unsigned char)entry->type ) { |
494 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
495 | goto loser; |
496 | } |
497 | |
498 | /* copy out header information */ |
499 | entry->version = (unsigned int)buf[0]; |
500 | entry->type = (certDBEntryType)buf[1]; |
501 | entry->flags = (unsigned int)buf[2]; |
502 | |
503 | /* format body of entry for return to caller */ |
504 | dbentry->len = data.size - SEC_DB_ENTRY_HEADER_LEN3; |
505 | if ( dbentry->len ) { |
506 | if (arena) { |
507 | dbentry->data = (unsigned char *) |
508 | PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbentry->len); |
509 | if ( dbentry->data == NULL((void*)0) ) { |
510 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
511 | goto loser; |
512 | } |
513 | |
514 | PORT_Memcpymemcpy(dbentry->data, &buf[SEC_DB_ENTRY_HEADER_LEN3], |
515 | dbentry->len); |
516 | } else { |
517 | dbentry->data = &buf[SEC_DB_ENTRY_HEADER_LEN3]; |
518 | } |
519 | } else { |
520 | dbentry->data = NULL((void*)0); |
521 | } |
522 | |
523 | return(SECSuccess); |
524 | |
525 | loser: |
526 | return(SECFailure); |
527 | } |
528 | |
529 | /** |
530 | ** Implement low level database access |
531 | **/ |
532 | static SECStatus |
533 | WriteDBEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCommon *entry, |
534 | SECItem *dbkey, SECItem *dbentry) |
535 | { |
536 | int ret; |
537 | DBT data, key; |
538 | unsigned char *buf; |
539 | |
540 | data.data = dbentry->data; |
541 | data.size = dbentry->len; |
542 | |
543 | buf = (unsigned char*)data.data; |
544 | |
545 | buf[0] = (unsigned char)entry->version; |
546 | buf[1] = (unsigned char)entry->type; |
547 | buf[2] = (unsigned char)entry->flags; |
548 | |
549 | key.data = dbkey->data; |
550 | key.size = dbkey->len; |
551 | |
552 | dbkey->data[0] = (unsigned char)entry->type; |
553 | |
554 | /* put the record into the database now */ |
555 | ret = certdb_Put(handle->permCertDB, &key, &data, 0); |
556 | |
557 | if ( ret != 0 ) { |
558 | goto loser; |
559 | } |
560 | |
561 | ret = certdb_Sync( handle->permCertDB, 0 ); |
562 | |
563 | if ( ret ) { |
564 | goto loser; |
565 | } |
566 | |
567 | return(SECSuccess); |
568 | |
569 | loser: |
570 | return(SECFailure); |
571 | } |
572 | |
573 | /* |
574 | * encode a database cert record |
575 | */ |
576 | static SECStatus |
577 | EncodeDBCertEntry(certDBEntryCert *entry, PLArenaPool *arena, SECItem *dbitem) |
578 | { |
579 | unsigned int nnlen; |
580 | unsigned char *buf; |
581 | char *nn; |
582 | char zbuf = 0; |
583 | |
584 | if ( entry->nickname ) { |
585 | nn = entry->nickname; |
586 | } else { |
587 | nn = &zbuf; |
588 | } |
589 | nnlen = PORT_Strlen(nn)strlen(nn) + 1; |
590 | |
591 | /* allocate space for encoded database record, including space |
592 | * for low level header |
593 | */ |
594 | dbitem->len = entry->derCert.len + nnlen + DB_CERT_ENTRY_HEADER_LEN10 + |
595 | SEC_DB_ENTRY_HEADER_LEN3; |
596 | |
597 | dbitem->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbitem->len); |
598 | if ( dbitem->data == NULL((void*)0)) { |
599 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
600 | goto loser; |
601 | } |
602 | |
603 | /* fill in database record */ |
604 | buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN3]; |
605 | |
606 | buf[0] = (PRUint8)( entry->trust.sslFlags >> 8 ); |
607 | buf[1] = (PRUint8)( entry->trust.sslFlags ); |
608 | buf[2] = (PRUint8)( entry->trust.emailFlags >> 8 ); |
609 | buf[3] = (PRUint8)( entry->trust.emailFlags ); |
610 | buf[4] = (PRUint8)( entry->trust.objectSigningFlags >> 8 ); |
611 | buf[5] = (PRUint8)( entry->trust.objectSigningFlags ); |
612 | buf[6] = (PRUint8)( entry->derCert.len >> 8 ); |
613 | buf[7] = (PRUint8)( entry->derCert.len ); |
614 | buf[8] = (PRUint8)( nnlen >> 8 ); |
615 | buf[9] = (PRUint8)( nnlen ); |
616 | |
617 | PORT_Memcpymemcpy(&buf[DB_CERT_ENTRY_HEADER_LEN10], entry->derCert.data, |
618 | entry->derCert.len); |
619 | |
620 | PORT_Memcpymemcpy(&buf[DB_CERT_ENTRY_HEADER_LEN10 + entry->derCert.len], |
621 | nn, nnlen); |
622 | |
623 | return(SECSuccess); |
624 | |
625 | loser: |
626 | return(SECFailure); |
627 | } |
628 | |
629 | /* |
630 | * encode a database key for a cert record |
631 | */ |
632 | static SECStatus |
633 | EncodeDBCertKey(const SECItem *certKey, PLArenaPool *arena, SECItem *dbkey) |
634 | { |
635 | unsigned int len = certKey->len + SEC_DB_KEY_HEADER_LEN1; |
636 | if (len > NSS_MAX_LEGACY_DB_KEY_SIZE(60 * 1024)) |
637 | goto loser; |
638 | if (arena) { |
639 | dbkey->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, len); |
640 | } else { |
641 | if (dbkey->len < len) { |
642 | dbkey->data = (unsigned char *)PORT_AllocPORT_Alloc_Util(len); |
643 | } |
644 | } |
645 | dbkey->len = len; |
646 | if ( dbkey->data == NULL((void*)0) ) { |
647 | goto loser; |
648 | } |
649 | PORT_Memcpymemcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN1], |
650 | certKey->data, certKey->len); |
651 | dbkey->data[0] = certDBEntryTypeCert; |
652 | |
653 | return(SECSuccess); |
654 | loser: |
655 | return(SECFailure); |
656 | } |
657 | |
658 | static SECStatus |
659 | EncodeDBGenericKey(const SECItem *certKey, PLArenaPool *arena, SECItem *dbkey, |
660 | certDBEntryType entryType) |
661 | { |
662 | /* |
663 | * we only allow _one_ KRL key! |
664 | */ |
665 | if (entryType == certDBEntryTypeKeyRevocation) { |
666 | dbkey->len = SEC_DB_KEY_HEADER_LEN1; |
667 | dbkey->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbkey->len); |
668 | if ( dbkey->data == NULL((void*)0) ) { |
669 | goto loser; |
670 | } |
671 | dbkey->data[0] = (unsigned char) entryType; |
672 | return(SECSuccess); |
673 | } |
674 | |
675 | |
676 | dbkey->len = certKey->len + SEC_DB_KEY_HEADER_LEN1; |
677 | if (dbkey->len > NSS_MAX_LEGACY_DB_KEY_SIZE(60 * 1024)) |
678 | goto loser; |
679 | dbkey->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbkey->len); |
680 | if ( dbkey->data == NULL((void*)0) ) { |
681 | goto loser; |
682 | } |
683 | PORT_Memcpymemcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN1], |
684 | certKey->data, certKey->len); |
685 | dbkey->data[0] = (unsigned char) entryType; |
686 | |
687 | return(SECSuccess); |
688 | loser: |
689 | return(SECFailure); |
690 | } |
691 | |
692 | static SECStatus |
693 | DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry) |
694 | { |
695 | unsigned int nnlen; |
696 | unsigned int headerlen; |
697 | int lenoff; |
698 | |
699 | /* allow updates of old versions of the database */ |
700 | switch ( entry->common.version ) { |
701 | case 5: |
702 | headerlen = DB_CERT_V5_ENTRY_HEADER_LEN7; |
703 | lenoff = 3; |
704 | break; |
705 | case 6: |
706 | /* should not get here */ |
707 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","pcertdb.c",707)); |
708 | headerlen = DB_CERT_V6_ENTRY_HEADER_LEN7; |
709 | lenoff = 3; |
710 | break; |
711 | case 7: |
712 | case 8: |
713 | headerlen = DB_CERT_ENTRY_HEADER_LEN10; |
714 | lenoff = 6; |
715 | break; |
716 | default: |
717 | /* better not get here */ |
718 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","pcertdb.c",718)); |
719 | headerlen = DB_CERT_V5_ENTRY_HEADER_LEN7; |
720 | lenoff = 3; |
721 | break; |
722 | } |
723 | |
724 | /* is record long enough for header? */ |
725 | if ( dbentry->len < headerlen ) { |
726 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
727 | goto loser; |
728 | } |
729 | |
730 | /* is database entry correct length? */ |
731 | entry->derCert.len = ( ( dbentry->data[lenoff] << 8 ) | |
732 | dbentry->data[lenoff+1] ); |
733 | nnlen = ( ( dbentry->data[lenoff+2] << 8 ) | dbentry->data[lenoff+3] ); |
734 | lenoff = dbentry->len - ( entry->derCert.len + nnlen + headerlen ); |
735 | if ( lenoff ) { |
736 | if ( lenoff < 0 || (lenoff & 0xffff) != 0 ) { |
737 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
738 | goto loser; |
739 | } |
740 | /* The cert size exceeded 64KB. Reconstruct the correct length. */ |
741 | entry->derCert.len += lenoff; |
742 | } |
743 | |
744 | /* copy the dercert */ |
745 | entry->derCert.data = pkcs11_copyStaticData(&dbentry->data[headerlen], |
746 | entry->derCert.len,entry->derCertSpace,sizeof(entry->derCertSpace)); |
747 | if ( entry->derCert.data == NULL((void*)0) ) { |
748 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
749 | goto loser; |
750 | } |
751 | |
752 | /* copy the nickname */ |
753 | if ( nnlen > 1 ) { |
754 | entry->nickname = (char *)pkcs11_copyStaticData( |
755 | &dbentry->data[headerlen+entry->derCert.len], nnlen, |
756 | (unsigned char *)entry->nicknameSpace, |
757 | sizeof(entry->nicknameSpace)); |
758 | if ( entry->nickname == NULL((void*)0) ) { |
759 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
760 | goto loser; |
761 | } |
762 | } else { |
763 | entry->nickname = NULL((void*)0); |
764 | } |
765 | |
766 | if ( entry->common.version < 7 ) { |
767 | /* allow updates of v5 db */ |
768 | entry->trust.sslFlags = dbentry->data[0]; |
769 | entry->trust.emailFlags = dbentry->data[1]; |
770 | entry->trust.objectSigningFlags = dbentry->data[2]; |
771 | } else { |
772 | entry->trust.sslFlags = ( dbentry->data[0] << 8 ) | dbentry->data[1]; |
773 | entry->trust.emailFlags = ( dbentry->data[2] << 8 ) | dbentry->data[3]; |
774 | entry->trust.objectSigningFlags = |
775 | ( dbentry->data[4] << 8 ) | dbentry->data[5]; |
776 | } |
777 | |
778 | return(SECSuccess); |
779 | loser: |
780 | return(SECFailure); |
781 | } |
782 | |
783 | |
784 | /* |
785 | * Create a new certDBEntryCert from existing data |
786 | */ |
787 | static certDBEntryCert * |
788 | NewDBCertEntry(SECItem *derCert, char *nickname, |
789 | NSSLOWCERTCertTrust *trust, int flags) |
790 | { |
791 | certDBEntryCert *entry; |
792 | PLArenaPool *arena = NULL((void*)0); |
793 | int nnlen; |
794 | |
795 | arena = PORT_NewArenaPORT_NewArena_Util( DER_DEFAULT_CHUNKSIZE(2048) ); |
796 | |
797 | if ( !arena ) { |
798 | goto loser; |
799 | } |
800 | |
801 | entry = PORT_ArenaZNew(arena, certDBEntryCert)(certDBEntryCert*) PORT_ArenaZAlloc_Util(arena, sizeof(certDBEntryCert )); |
802 | if ( entry == NULL((void*)0) ) { |
803 | goto loser; |
804 | } |
805 | |
806 | /* fill in the dbCert */ |
807 | entry->common.arena = arena; |
808 | entry->common.type = certDBEntryTypeCert; |
809 | entry->common.version = CERT_DB_FILE_VERSION8; |
810 | entry->common.flags = flags; |
811 | |
812 | if ( trust ) { |
813 | entry->trust = *trust; |
814 | } |
815 | |
816 | entry->derCert.data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, derCert->len); |
817 | if ( !entry->derCert.data ) { |
818 | goto loser; |
819 | } |
820 | entry->derCert.len = derCert->len; |
821 | PORT_Memcpymemcpy(entry->derCert.data, derCert->data, derCert->len); |
822 | |
823 | nnlen = ( nickname ? strlen(nickname) + 1 : 0 ); |
824 | |
825 | if ( nnlen ) { |
826 | entry->nickname = (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, nnlen); |
827 | if ( !entry->nickname ) { |
828 | goto loser; |
829 | } |
830 | PORT_Memcpymemcpy(entry->nickname, nickname, nnlen); |
831 | |
832 | } else { |
833 | entry->nickname = 0; |
834 | } |
835 | |
836 | return(entry); |
837 | |
838 | loser: |
839 | |
840 | /* allocation error, free arena and return */ |
841 | if ( arena ) { |
842 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
843 | } |
844 | |
845 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
846 | return(0); |
847 | } |
848 | |
849 | /* |
850 | * Decode a version 4 DBCert from the byte stream database format |
851 | * and construct a current database entry struct |
852 | */ |
853 | static certDBEntryCert * |
854 | DecodeV4DBCertEntry(unsigned char *buf, int len) |
855 | { |
856 | certDBEntryCert *entry; |
857 | int certlen; |
858 | int nnlen; |
859 | PLArenaPool *arena; |
860 | |
861 | /* make sure length is at least long enough for the header */ |
862 | if ( len < DBCERT_V4_HEADER_LEN7 ) { |
863 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
864 | return(0); |
865 | } |
866 | |
867 | /* get other lengths */ |
868 | certlen = buf[3] << 8 | buf[4]; |
869 | nnlen = buf[5] << 8 | buf[6]; |
870 | |
871 | /* make sure DB entry is the right size */ |
872 | if ( ( certlen + nnlen + DBCERT_V4_HEADER_LEN7 ) != len ) { |
873 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
874 | return(0); |
875 | } |
876 | |
877 | /* allocate arena */ |
878 | arena = PORT_NewArenaPORT_NewArena_Util( DER_DEFAULT_CHUNKSIZE(2048) ); |
879 | |
880 | if ( !arena ) { |
881 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
882 | return(0); |
883 | } |
884 | |
885 | /* allocate structure and members */ |
886 | entry = (certDBEntryCert *) PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, sizeof(certDBEntryCert)); |
887 | |
888 | if ( !entry ) { |
889 | goto loser; |
890 | } |
891 | |
892 | entry->common.arena = arena; |
893 | entry->common.version = CERT_DB_FILE_VERSION8; |
894 | entry->common.type = certDBEntryTypeCert; |
895 | entry->common.flags = 0; |
896 | entry->trust.sslFlags = buf[0]; |
897 | entry->trust.emailFlags = buf[1]; |
898 | entry->trust.objectSigningFlags = buf[2]; |
899 | |
900 | entry->derCert.data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, certlen); |
901 | if ( !entry->derCert.data ) { |
902 | goto loser; |
903 | } |
904 | entry->derCert.len = certlen; |
905 | PORT_Memcpymemcpy(entry->derCert.data, &buf[DBCERT_V4_HEADER_LEN7], certlen); |
906 | |
907 | if ( nnlen ) { |
908 | entry->nickname = (char *) PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, nnlen); |
909 | if ( !entry->nickname ) { |
910 | goto loser; |
911 | } |
912 | PORT_Memcpymemcpy(entry->nickname, &buf[DBCERT_V4_HEADER_LEN7 + certlen], nnlen); |
913 | |
914 | if (PORT_Strcmpstrcmp(entry->nickname, "Server-Cert") == 0) { |
915 | entry->trust.sslFlags |= CERTDB_USER(1<<6); |
916 | } |
917 | } else { |
918 | entry->nickname = 0; |
919 | } |
920 | |
921 | return(entry); |
922 | |
923 | loser: |
924 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
925 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
926 | return(0); |
927 | } |
928 | |
929 | /* |
930 | * Encode a Certificate database entry into byte stream suitable for |
931 | * the database |
932 | */ |
933 | static SECStatus |
934 | WriteDBCertEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry) |
935 | { |
936 | SECItem dbitem, dbkey; |
937 | PLArenaPool *tmparena = NULL((void*)0); |
938 | SECItem tmpitem; |
939 | SECStatus rv; |
940 | |
941 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
942 | if ( tmparena == NULL((void*)0) ) { |
943 | goto loser; |
944 | } |
945 | |
946 | rv = EncodeDBCertEntry(entry, tmparena, &dbitem); |
947 | if ( rv != SECSuccess ) { |
948 | goto loser; |
949 | } |
950 | |
951 | /* get the database key and format it */ |
952 | rv = nsslowcert_KeyFromDERCert(tmparena, &entry->derCert, &tmpitem); |
953 | if ( rv == SECFailure ) { |
954 | goto loser; |
955 | } |
956 | |
957 | rv = EncodeDBCertKey(&tmpitem, tmparena, &dbkey); |
958 | if ( rv == SECFailure ) { |
959 | goto loser; |
960 | } |
961 | |
962 | /* now write it to the database */ |
963 | rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem); |
964 | if ( rv != SECSuccess ) { |
965 | goto loser; |
966 | } |
967 | |
968 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
969 | return(SECSuccess); |
970 | |
971 | loser: |
972 | if ( tmparena ) { |
973 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
974 | } |
975 | return(SECFailure); |
976 | } |
977 | |
978 | |
979 | /* |
980 | * delete a certificate entry |
981 | */ |
982 | static SECStatus |
983 | DeleteDBCertEntry(NSSLOWCERTCertDBHandle *handle, SECItem *certKey) |
984 | { |
985 | SECItem dbkey; |
986 | SECStatus rv; |
987 | |
988 | dbkey.data= NULL((void*)0); |
989 | dbkey.len = 0; |
990 | |
991 | rv = EncodeDBCertKey(certKey, NULL((void*)0), &dbkey); |
992 | if ( rv != SECSuccess ) { |
993 | goto loser; |
994 | } |
995 | |
996 | rv = DeleteDBEntry(handle, certDBEntryTypeCert, &dbkey); |
997 | if ( rv == SECFailure ) { |
998 | goto loser; |
999 | } |
1000 | |
1001 | PORT_FreePORT_Free_Util(dbkey.data); |
1002 | |
1003 | return(SECSuccess); |
1004 | |
1005 | loser: |
1006 | if (dbkey.data) { |
1007 | PORT_FreePORT_Free_Util(dbkey.data); |
1008 | } |
1009 | return(SECFailure); |
1010 | } |
1011 | |
1012 | static certDBEntryCert * |
1013 | CreateCertEntry(void) |
1014 | { |
1015 | certDBEntryCert *entry; |
1016 | |
1017 | nsslowcert_LockFreeList(); |
1018 | entry = entryListHead; |
1019 | if (entry) { |
1020 | entryListCount--; |
1021 | entryListHead = entry->next; |
1022 | } |
1023 | PORT_Assert(entryListCount >= 0)((entryListCount >= 0)?((void)0):PR_Assert("entryListCount >= 0" ,"pcertdb.c",1023)); |
1024 | nsslowcert_UnlockFreeList(); |
1025 | if (entry) { |
1026 | return entry; |
1027 | } |
1028 | |
1029 | return PORT_ZNew(certDBEntryCert)(certDBEntryCert*)PORT_ZAlloc_Util(sizeof(certDBEntryCert)); |
1030 | } |
1031 | |
1032 | static void |
1033 | DestroyCertEntryFreeList(void) |
1034 | { |
1035 | certDBEntryCert *entry; |
1036 | |
1037 | nsslowcert_LockFreeList(); |
1038 | while (NULL((void*)0) != (entry = entryListHead)) { |
1039 | entryListCount--; |
1040 | entryListHead = entry->next; |
1041 | PORT_FreePORT_Free_Util(entry); |
1042 | } |
1043 | PORT_Assert(!entryListCount)((!entryListCount)?((void)0):PR_Assert("!entryListCount","pcertdb.c" ,1043)); |
1044 | entryListCount = 0; |
1045 | nsslowcert_UnlockFreeList(); |
1046 | } |
1047 | |
1048 | /* |
1049 | * Read a certificate entry |
1050 | */ |
1051 | static certDBEntryCert * |
1052 | ReadDBCertEntry(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey) |
1053 | { |
1054 | certDBEntryCert *entry; |
1055 | SECItem dbkey; |
1056 | SECItem dbentry; |
1057 | SECStatus rv; |
1058 | unsigned char buf[512]; |
1059 | |
1060 | dbkey.data = buf; |
1061 | dbkey.len = sizeof(buf); |
1062 | |
1063 | entry = CreateCertEntry(); |
1064 | if ( entry == NULL((void*)0) ) { |
1065 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1066 | goto loser; |
1067 | } |
1068 | entry->common.arena = NULL((void*)0); |
1069 | entry->common.type = certDBEntryTypeCert; |
1070 | |
1071 | rv = EncodeDBCertKey(certKey, NULL((void*)0), &dbkey); |
1072 | if ( rv != SECSuccess ) { |
1073 | goto loser; |
1074 | } |
1075 | |
1076 | rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, NULL((void*)0)); |
1077 | if ( rv == SECFailure ) { |
1078 | goto loser; |
1079 | } |
1080 | |
1081 | rv = DecodeDBCertEntry(entry, &dbentry); |
1082 | if ( rv != SECSuccess ) { |
1083 | goto loser; |
1084 | } |
1085 | |
1086 | pkcs11_freeStaticData(dbkey.data,buf); |
1087 | dbkey.data = NULL((void*)0); |
1088 | return(entry); |
1089 | |
1090 | loser: |
1091 | pkcs11_freeStaticData(dbkey.data,buf); |
1092 | dbkey.data = NULL((void*)0); |
1093 | if ( entry ) { |
1094 | DestroyDBEntry((certDBEntry *)entry); |
1095 | } |
1096 | |
1097 | return(NULL((void*)0)); |
1098 | } |
1099 | |
1100 | /* |
1101 | * encode a database cert record |
1102 | */ |
1103 | static SECStatus |
1104 | EncodeDBCrlEntry(certDBEntryRevocation *entry, PLArenaPool *arena, SECItem *dbitem) |
1105 | { |
1106 | unsigned int nnlen = 0; |
1107 | unsigned char *buf; |
1108 | |
1109 | if (entry->url) { |
1110 | nnlen = PORT_Strlen(entry->url)strlen(entry->url) + 1; |
1111 | } |
1112 | |
1113 | /* allocate space for encoded database record, including space |
1114 | * for low level header |
1115 | */ |
1116 | dbitem->len = entry->derCrl.len + nnlen |
1117 | + SEC_DB_ENTRY_HEADER_LEN3 + DB_CRL_ENTRY_HEADER_LEN4; |
1118 | |
1119 | dbitem->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbitem->len); |
1120 | if ( dbitem->data == NULL((void*)0)) { |
1121 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1122 | goto loser; |
1123 | } |
1124 | |
1125 | /* fill in database record */ |
1126 | buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN3]; |
1127 | |
1128 | buf[0] = (PRUint8)( entry->derCrl.len >> 8 ); |
1129 | buf[1] = (PRUint8)( entry->derCrl.len ); |
1130 | buf[2] = (PRUint8)( nnlen >> 8 ); |
1131 | buf[3] = (PRUint8)( nnlen ); |
1132 | |
1133 | PORT_Memcpymemcpy(&buf[DB_CRL_ENTRY_HEADER_LEN4], entry->derCrl.data, |
1134 | entry->derCrl.len); |
1135 | |
1136 | if (nnlen != 0) { |
1137 | PORT_Memcpymemcpy(&buf[DB_CRL_ENTRY_HEADER_LEN4 + entry->derCrl.len], |
1138 | entry->url, nnlen); |
1139 | } |
1140 | |
1141 | return(SECSuccess); |
1142 | |
1143 | loser: |
1144 | return(SECFailure); |
1145 | } |
1146 | |
1147 | static SECStatus |
1148 | DecodeDBCrlEntry(certDBEntryRevocation *entry, SECItem *dbentry) |
1149 | { |
1150 | unsigned int urlLen; |
1151 | int lenDiff; |
1152 | |
1153 | /* is record long enough for header? */ |
1154 | if ( dbentry->len < DB_CRL_ENTRY_HEADER_LEN4 ) { |
1155 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
1156 | goto loser; |
1157 | } |
1158 | |
1159 | /* is database entry correct length? */ |
1160 | entry->derCrl.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] ); |
1161 | urlLen = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] ); |
1162 | lenDiff = dbentry->len - |
1163 | (entry->derCrl.len + urlLen + DB_CRL_ENTRY_HEADER_LEN4); |
1164 | if (lenDiff) { |
1165 | if (lenDiff < 0 || (lenDiff & 0xffff) != 0) { |
1166 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
1167 | goto loser; |
1168 | } |
1169 | /* CRL entry is greater than 64 K. Hack to make this continue to work */ |
1170 | entry->derCrl.len += lenDiff; |
1171 | } |
1172 | |
1173 | /* copy the der CRL */ |
1174 | entry->derCrl.data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, |
1175 | entry->derCrl.len); |
1176 | if ( entry->derCrl.data == NULL((void*)0) ) { |
1177 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1178 | goto loser; |
1179 | } |
1180 | PORT_Memcpymemcpy(entry->derCrl.data, &dbentry->data[DB_CRL_ENTRY_HEADER_LEN4], |
1181 | entry->derCrl.len); |
1182 | |
1183 | /* copy the url */ |
1184 | entry->url = NULL((void*)0); |
1185 | if (urlLen != 0) { |
1186 | entry->url = (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, urlLen); |
1187 | if ( entry->url == NULL((void*)0) ) { |
1188 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1189 | goto loser; |
1190 | } |
1191 | PORT_Memcpymemcpy(entry->url, |
1192 | &dbentry->data[DB_CRL_ENTRY_HEADER_LEN4 + entry->derCrl.len], |
1193 | urlLen); |
1194 | } |
1195 | |
1196 | return(SECSuccess); |
1197 | loser: |
1198 | return(SECFailure); |
1199 | } |
1200 | |
1201 | /* |
1202 | * Create a new certDBEntryRevocation from existing data |
1203 | */ |
1204 | static certDBEntryRevocation * |
1205 | NewDBCrlEntry(SECItem *derCrl, char * url, certDBEntryType crlType, int flags) |
1206 | { |
1207 | certDBEntryRevocation *entry; |
1208 | PLArenaPool *arena = NULL((void*)0); |
1209 | int nnlen; |
1210 | |
1211 | arena = PORT_NewArenaPORT_NewArena_Util( DER_DEFAULT_CHUNKSIZE(2048) ); |
1212 | |
1213 | if ( !arena ) { |
1214 | goto loser; |
1215 | } |
1216 | |
1217 | entry = PORT_ArenaZNew(arena, certDBEntryRevocation)(certDBEntryRevocation*) PORT_ArenaZAlloc_Util(arena, sizeof( certDBEntryRevocation)); |
1218 | if ( entry == NULL((void*)0) ) { |
1219 | goto loser; |
1220 | } |
1221 | |
1222 | /* fill in the dbRevolcation */ |
1223 | entry->common.arena = arena; |
1224 | entry->common.type = crlType; |
1225 | entry->common.version = CERT_DB_FILE_VERSION8; |
1226 | entry->common.flags = flags; |
1227 | |
1228 | |
1229 | entry->derCrl.data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, derCrl->len); |
1230 | if ( !entry->derCrl.data ) { |
1231 | goto loser; |
1232 | } |
1233 | |
1234 | if (url) { |
1235 | nnlen = PORT_Strlen(url)strlen(url) + 1; |
1236 | entry->url = (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, nnlen); |
1237 | if ( !entry->url ) { |
1238 | goto loser; |
1239 | } |
1240 | PORT_Memcpymemcpy(entry->url, url, nnlen); |
1241 | } else { |
1242 | entry->url = NULL((void*)0); |
1243 | } |
1244 | |
1245 | |
1246 | entry->derCrl.len = derCrl->len; |
1247 | PORT_Memcpymemcpy(entry->derCrl.data, derCrl->data, derCrl->len); |
1248 | |
1249 | return(entry); |
1250 | |
1251 | loser: |
1252 | |
1253 | /* allocation error, free arena and return */ |
1254 | if ( arena ) { |
1255 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1256 | } |
1257 | |
1258 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1259 | return(0); |
1260 | } |
1261 | |
1262 | |
1263 | static SECStatus |
1264 | WriteDBCrlEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryRevocation *entry, |
1265 | SECItem *crlKey ) |
1266 | { |
1267 | SECItem dbkey; |
1268 | PLArenaPool *tmparena = NULL((void*)0); |
1269 | SECItem encodedEntry; |
1270 | SECStatus rv; |
1271 | |
1272 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1273 | if ( tmparena == NULL((void*)0) ) { |
1274 | goto loser; |
1275 | } |
1276 | |
1277 | rv = EncodeDBCrlEntry(entry, tmparena, &encodedEntry); |
1278 | if ( rv == SECFailure ) { |
1279 | goto loser; |
1280 | } |
1281 | |
1282 | rv = EncodeDBGenericKey(crlKey, tmparena, &dbkey, entry->common.type); |
1283 | if ( rv == SECFailure ) { |
1284 | goto loser; |
1285 | } |
1286 | |
1287 | /* now write it to the database */ |
1288 | rv = WriteDBEntry(handle, &entry->common, &dbkey, &encodedEntry); |
1289 | if ( rv != SECSuccess ) { |
1290 | goto loser; |
1291 | } |
1292 | |
1293 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
1294 | return(SECSuccess); |
1295 | |
1296 | loser: |
1297 | if ( tmparena ) { |
1298 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
1299 | } |
1300 | return(SECFailure); |
1301 | } |
1302 | /* |
1303 | * delete a crl entry |
1304 | */ |
1305 | static SECStatus |
1306 | DeleteDBCrlEntry(NSSLOWCERTCertDBHandle *handle, const SECItem *crlKey, |
1307 | certDBEntryType crlType) |
1308 | { |
1309 | SECItem dbkey; |
1310 | PLArenaPool *arena = NULL((void*)0); |
1311 | SECStatus rv; |
1312 | |
1313 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1314 | if ( arena == NULL((void*)0) ) { |
1315 | goto loser; |
1316 | } |
1317 | |
1318 | rv = EncodeDBGenericKey(crlKey, arena, &dbkey, crlType); |
1319 | if ( rv != SECSuccess ) { |
1320 | goto loser; |
1321 | } |
1322 | |
1323 | rv = DeleteDBEntry(handle, crlType, &dbkey); |
1324 | if ( rv == SECFailure ) { |
1325 | goto loser; |
1326 | } |
1327 | |
1328 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1329 | return(SECSuccess); |
1330 | |
1331 | loser: |
1332 | if ( arena ) { |
1333 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1334 | } |
1335 | |
1336 | return(SECFailure); |
1337 | } |
1338 | |
1339 | /* |
1340 | * Read a certificate entry |
1341 | */ |
1342 | static certDBEntryRevocation * |
1343 | ReadDBCrlEntry(NSSLOWCERTCertDBHandle *handle, SECItem *certKey, |
1344 | certDBEntryType crlType) |
1345 | { |
1346 | PLArenaPool *arena = NULL((void*)0); |
1347 | PLArenaPool *tmparena = NULL((void*)0); |
1348 | certDBEntryRevocation *entry; |
1349 | SECItem dbkey; |
1350 | SECItem dbentry; |
1351 | SECStatus rv; |
1352 | |
1353 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1354 | if ( arena == NULL((void*)0) ) { |
1355 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1356 | goto loser; |
1357 | } |
1358 | |
1359 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1360 | if ( tmparena == NULL((void*)0) ) { |
1361 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1362 | goto loser; |
1363 | } |
1364 | |
1365 | entry = (certDBEntryRevocation *) |
1366 | PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, sizeof(certDBEntryRevocation)); |
1367 | if ( entry == NULL((void*)0) ) { |
1368 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1369 | goto loser; |
1370 | } |
1371 | entry->common.arena = arena; |
1372 | entry->common.type = crlType; |
1373 | |
1374 | rv = EncodeDBGenericKey(certKey, tmparena, &dbkey, crlType); |
1375 | if ( rv != SECSuccess ) { |
1376 | goto loser; |
1377 | } |
1378 | |
1379 | rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, NULL((void*)0)); |
1380 | if ( rv == SECFailure ) { |
1381 | goto loser; |
1382 | } |
1383 | |
1384 | rv = DecodeDBCrlEntry(entry, &dbentry); |
1385 | if ( rv != SECSuccess ) { |
1386 | goto loser; |
1387 | } |
1388 | |
1389 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
1390 | return(entry); |
1391 | |
1392 | loser: |
1393 | if ( tmparena ) { |
1394 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
1395 | } |
1396 | if ( arena ) { |
1397 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1398 | } |
1399 | |
1400 | return(NULL((void*)0)); |
1401 | } |
1402 | |
1403 | void |
1404 | nsslowcert_DestroyDBEntry(certDBEntry *entry) |
1405 | { |
1406 | DestroyDBEntry(entry); |
1407 | return; |
1408 | } |
1409 | |
1410 | /* |
1411 | * Encode a database nickname record |
1412 | */ |
1413 | static SECStatus |
1414 | EncodeDBNicknameEntry(certDBEntryNickname *entry, PLArenaPool *arena, |
1415 | SECItem *dbitem) |
1416 | { |
1417 | unsigned char *buf; |
1418 | |
1419 | /* allocate space for encoded database record, including space |
1420 | * for low level header |
1421 | */ |
1422 | dbitem->len = entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN2 + |
1423 | SEC_DB_ENTRY_HEADER_LEN3; |
1424 | dbitem->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbitem->len); |
1425 | if ( dbitem->data == NULL((void*)0)) { |
1426 | goto loser; |
1427 | } |
1428 | |
1429 | /* fill in database record */ |
1430 | buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN3]; |
1431 | buf[0] = (PRUint8)( entry->subjectName.len >> 8 ); |
1432 | buf[1] = (PRUint8)( entry->subjectName.len ); |
1433 | PORT_Memcpymemcpy(&buf[DB_NICKNAME_ENTRY_HEADER_LEN2], entry->subjectName.data, |
1434 | entry->subjectName.len); |
1435 | |
1436 | return(SECSuccess); |
1437 | |
1438 | loser: |
1439 | return(SECFailure); |
1440 | } |
1441 | |
1442 | /* |
1443 | * Encode a database key for a nickname record |
1444 | */ |
1445 | static SECStatus |
1446 | EncodeDBNicknameKey(char *nickname, PLArenaPool *arena, |
1447 | SECItem *dbkey) |
1448 | { |
1449 | unsigned int nnlen; |
1450 | |
1451 | nnlen = PORT_Strlen(nickname)strlen(nickname) + 1; /* includes null */ |
1452 | |
1453 | /* now get the database key and format it */ |
1454 | dbkey->len = nnlen + SEC_DB_KEY_HEADER_LEN1; |
1455 | if (dbkey->len > NSS_MAX_LEGACY_DB_KEY_SIZE(60 * 1024)) |
1456 | goto loser; |
1457 | dbkey->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbkey->len); |
1458 | if ( dbkey->data == NULL((void*)0) ) { |
1459 | goto loser; |
1460 | } |
1461 | PORT_Memcpymemcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN1], nickname, nnlen); |
1462 | dbkey->data[0] = certDBEntryTypeNickname; |
1463 | |
1464 | return(SECSuccess); |
1465 | |
1466 | loser: |
1467 | return(SECFailure); |
1468 | } |
1469 | |
1470 | static SECStatus |
1471 | DecodeDBNicknameEntry(certDBEntryNickname *entry, SECItem *dbentry, |
1472 | char *nickname) |
1473 | { |
1474 | int lenDiff; |
1475 | |
1476 | /* is record long enough for header? */ |
1477 | if ( dbentry->len < DB_NICKNAME_ENTRY_HEADER_LEN2 ) { |
1478 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
1479 | goto loser; |
1480 | } |
1481 | |
1482 | /* is database entry correct length? */ |
1483 | entry->subjectName.len = ( ( dbentry->data[0] << 8 ) | dbentry->data[1] ); |
1484 | lenDiff = dbentry->len - |
1485 | (entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN2); |
1486 | if (lenDiff) { |
1487 | if (lenDiff < 0 || (lenDiff & 0xffff) != 0 ) { |
1488 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
1489 | goto loser; |
1490 | } |
1491 | /* The entry size exceeded 64KB. Reconstruct the correct length. */ |
1492 | entry->subjectName.len += lenDiff; |
1493 | } |
1494 | |
1495 | /* copy the certkey */ |
1496 | entry->subjectName.data = |
1497 | (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, |
1498 | entry->subjectName.len); |
1499 | if ( entry->subjectName.data == NULL((void*)0) ) { |
1500 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1501 | goto loser; |
1502 | } |
1503 | PORT_Memcpymemcpy(entry->subjectName.data, |
1504 | &dbentry->data[DB_NICKNAME_ENTRY_HEADER_LEN2], |
1505 | entry->subjectName.len); |
1506 | entry->subjectName.type = siBuffer; |
1507 | |
1508 | entry->nickname = (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, |
1509 | PORT_Strlen(nickname)strlen(nickname)+1); |
1510 | if ( entry->nickname ) { |
1511 | PORT_Strcpystrcpy(entry->nickname, nickname); |
1512 | } |
1513 | |
1514 | return(SECSuccess); |
1515 | |
1516 | loser: |
1517 | return(SECFailure); |
1518 | } |
1519 | |
1520 | /* |
1521 | * create a new nickname entry |
1522 | */ |
1523 | static certDBEntryNickname * |
1524 | NewDBNicknameEntry(char *nickname, SECItem *subjectName, unsigned int flags) |
1525 | { |
1526 | PLArenaPool *arena = NULL((void*)0); |
1527 | certDBEntryNickname *entry; |
1528 | int nnlen; |
1529 | SECStatus rv; |
1530 | |
1531 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1532 | if ( arena == NULL((void*)0) ) { |
1533 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1534 | goto loser; |
1535 | } |
1536 | |
1537 | entry = (certDBEntryNickname *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, |
1538 | sizeof(certDBEntryNickname)); |
1539 | if ( entry == NULL((void*)0) ) { |
1540 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1541 | goto loser; |
1542 | } |
1543 | |
1544 | /* init common fields */ |
1545 | entry->common.arena = arena; |
1546 | entry->common.type = certDBEntryTypeNickname; |
1547 | entry->common.version = CERT_DB_FILE_VERSION8; |
1548 | entry->common.flags = flags; |
1549 | |
1550 | /* copy the nickname */ |
1551 | nnlen = PORT_Strlen(nickname)strlen(nickname) + 1; |
1552 | |
1553 | entry->nickname = (char*)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, nnlen); |
1554 | if ( entry->nickname == NULL((void*)0) ) { |
1555 | goto loser; |
1556 | } |
1557 | |
1558 | PORT_Memcpymemcpy(entry->nickname, nickname, nnlen); |
1559 | |
1560 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(arena, &entry->subjectName, subjectName); |
1561 | if ( rv != SECSuccess ) { |
1562 | goto loser; |
1563 | } |
1564 | |
1565 | return(entry); |
1566 | loser: |
1567 | if ( arena ) { |
1568 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1569 | } |
1570 | |
1571 | return(NULL((void*)0)); |
1572 | } |
1573 | |
1574 | /* |
1575 | * delete a nickname entry |
1576 | */ |
1577 | static SECStatus |
1578 | DeleteDBNicknameEntry(NSSLOWCERTCertDBHandle *handle, char *nickname) |
1579 | { |
1580 | PLArenaPool *arena = NULL((void*)0); |
1581 | SECStatus rv; |
1582 | SECItem dbkey; |
1583 | |
1584 | if ( nickname == NULL((void*)0) ) { |
1585 | return(SECSuccess); |
1586 | } |
1587 | |
1588 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1589 | if ( arena == NULL((void*)0) ) { |
1590 | goto loser; |
1591 | } |
1592 | |
1593 | rv = EncodeDBNicknameKey(nickname, arena, &dbkey); |
1594 | if ( rv != SECSuccess ) { |
1595 | goto loser; |
1596 | } |
1597 | |
1598 | rv = DeleteDBEntry(handle, certDBEntryTypeNickname, &dbkey); |
1599 | if ( rv == SECFailure ) { |
1600 | goto loser; |
1601 | } |
1602 | |
1603 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1604 | return(SECSuccess); |
1605 | |
1606 | loser: |
1607 | if ( arena ) { |
1608 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1609 | } |
1610 | |
1611 | return(SECFailure); |
1612 | } |
1613 | |
1614 | /* |
1615 | * Read a nickname entry |
1616 | */ |
1617 | static certDBEntryNickname * |
1618 | ReadDBNicknameEntry(NSSLOWCERTCertDBHandle *handle, char *nickname) |
1619 | { |
1620 | PLArenaPool *arena = NULL((void*)0); |
1621 | PLArenaPool *tmparena = NULL((void*)0); |
1622 | certDBEntryNickname *entry; |
1623 | SECItem dbkey; |
1624 | SECItem dbentry; |
1625 | SECStatus rv; |
1626 | |
1627 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1628 | if ( arena == NULL((void*)0) ) { |
1629 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1630 | goto loser; |
1631 | } |
1632 | |
1633 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1634 | if ( tmparena == NULL((void*)0) ) { |
1635 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1636 | goto loser; |
1637 | } |
1638 | |
1639 | entry = (certDBEntryNickname *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, |
1640 | sizeof(certDBEntryNickname)); |
1641 | if ( entry == NULL((void*)0) ) { |
1642 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1643 | goto loser; |
1644 | } |
1645 | entry->common.arena = arena; |
1646 | entry->common.type = certDBEntryTypeNickname; |
1647 | |
1648 | rv = EncodeDBNicknameKey(nickname, tmparena, &dbkey); |
1649 | if ( rv != SECSuccess ) { |
1650 | goto loser; |
1651 | } |
1652 | |
1653 | rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena); |
1654 | if ( rv == SECFailure ) { |
1655 | goto loser; |
1656 | } |
1657 | |
1658 | /* is record long enough for header? */ |
1659 | if ( dbentry.len < DB_NICKNAME_ENTRY_HEADER_LEN2 ) { |
1660 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
1661 | goto loser; |
1662 | } |
1663 | |
1664 | rv = DecodeDBNicknameEntry(entry, &dbentry, nickname); |
1665 | if ( rv != SECSuccess ) { |
1666 | goto loser; |
1667 | } |
1668 | |
1669 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
1670 | return(entry); |
1671 | |
1672 | loser: |
1673 | if ( tmparena ) { |
1674 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
1675 | } |
1676 | if ( arena ) { |
1677 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1678 | } |
1679 | |
1680 | return(NULL((void*)0)); |
1681 | } |
1682 | |
1683 | /* |
1684 | * Encode a nickname entry into byte stream suitable for |
1685 | * the database |
1686 | */ |
1687 | static SECStatus |
1688 | WriteDBNicknameEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryNickname *entry) |
1689 | { |
1690 | SECItem dbitem, dbkey; |
1691 | PLArenaPool *tmparena = NULL((void*)0); |
1692 | SECStatus rv; |
1693 | |
1694 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1695 | if ( tmparena == NULL((void*)0) ) { |
1696 | goto loser; |
1697 | } |
1698 | |
1699 | rv = EncodeDBNicknameEntry(entry, tmparena, &dbitem); |
1700 | if ( rv != SECSuccess ) { |
1701 | goto loser; |
1702 | } |
1703 | |
1704 | rv = EncodeDBNicknameKey(entry->nickname, tmparena, &dbkey); |
1705 | if ( rv != SECSuccess ) { |
1706 | goto loser; |
1707 | } |
1708 | |
1709 | /* now write it to the database */ |
1710 | rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem); |
1711 | if ( rv != SECSuccess ) { |
1712 | goto loser; |
1713 | } |
1714 | |
1715 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
1716 | return(SECSuccess); |
1717 | |
1718 | loser: |
1719 | if ( tmparena ) { |
1720 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
1721 | } |
1722 | return(SECFailure); |
1723 | |
1724 | } |
1725 | |
1726 | static SECStatus |
1727 | EncodeDBSMimeEntry(certDBEntrySMime *entry, PLArenaPool *arena, |
1728 | SECItem *dbitem) |
1729 | { |
1730 | unsigned char *buf; |
1731 | |
1732 | /* allocate space for encoded database record, including space |
1733 | * for low level header |
1734 | */ |
1735 | dbitem->len = entry->subjectName.len + entry->smimeOptions.len + |
1736 | entry->optionsDate.len + |
1737 | DB_SMIME_ENTRY_HEADER_LEN6 + SEC_DB_ENTRY_HEADER_LEN3; |
1738 | |
1739 | dbitem->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbitem->len); |
1740 | if ( dbitem->data == NULL((void*)0)) { |
1741 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1742 | goto loser; |
1743 | } |
1744 | |
1745 | /* fill in database record */ |
1746 | buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN3]; |
1747 | |
1748 | buf[0] = (PRUint8)( entry->subjectName.len >> 8 ); |
1749 | buf[1] = (PRUint8)( entry->subjectName.len ); |
1750 | buf[2] = (PRUint8)( entry->smimeOptions.len >> 8 ); |
1751 | buf[3] = (PRUint8)( entry->smimeOptions.len ); |
1752 | buf[4] = (PRUint8)( entry->optionsDate.len >> 8 ); |
1753 | buf[5] = (PRUint8)( entry->optionsDate.len ); |
1754 | |
1755 | /* if no smime options, then there should not be an options date either */ |
1756 | PORT_Assert( ! ( ( entry->smimeOptions.len == 0 ) &&((! ( ( entry->smimeOptions.len == 0 ) && ( entry-> optionsDate.len != 0 ) ))?((void)0):PR_Assert("! ( ( entry->smimeOptions.len == 0 ) && ( entry->optionsDate.len != 0 ) )" ,"pcertdb.c",1757)) |
1757 | ( entry->optionsDate.len != 0 ) ) )((! ( ( entry->smimeOptions.len == 0 ) && ( entry-> optionsDate.len != 0 ) ))?((void)0):PR_Assert("! ( ( entry->smimeOptions.len == 0 ) && ( entry->optionsDate.len != 0 ) )" ,"pcertdb.c",1757)); |
1758 | |
1759 | PORT_Memcpymemcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN6], entry->subjectName.data, |
1760 | entry->subjectName.len); |
1761 | if ( entry->smimeOptions.len ) { |
1762 | PORT_Memcpymemcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN6+entry->subjectName.len], |
1763 | entry->smimeOptions.data, |
1764 | entry->smimeOptions.len); |
1765 | PORT_Memcpymemcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN6 + entry->subjectName.len + |
1766 | entry->smimeOptions.len], |
1767 | entry->optionsDate.data, |
1768 | entry->optionsDate.len); |
1769 | } |
1770 | |
1771 | return(SECSuccess); |
1772 | |
1773 | loser: |
1774 | return(SECFailure); |
1775 | } |
1776 | |
1777 | /* |
1778 | * Encode a database key for a SMIME record |
1779 | */ |
1780 | static SECStatus |
1781 | EncodeDBSMimeKey(char *emailAddr, PLArenaPool *arena, |
1782 | SECItem *dbkey) |
1783 | { |
1784 | unsigned int addrlen; |
1785 | |
1786 | addrlen = PORT_Strlen(emailAddr)strlen(emailAddr) + 1; /* includes null */ |
1787 | |
1788 | /* now get the database key and format it */ |
1789 | dbkey->len = addrlen + SEC_DB_KEY_HEADER_LEN1; |
1790 | if (dbkey->len > NSS_MAX_LEGACY_DB_KEY_SIZE(60 * 1024)) |
1791 | goto loser; |
1792 | dbkey->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbkey->len); |
1793 | if ( dbkey->data == NULL((void*)0) ) { |
1794 | goto loser; |
1795 | } |
1796 | PORT_Memcpymemcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN1], emailAddr, addrlen); |
1797 | dbkey->data[0] = certDBEntryTypeSMimeProfile; |
1798 | |
1799 | return(SECSuccess); |
1800 | |
1801 | loser: |
1802 | return(SECFailure); |
1803 | } |
1804 | |
1805 | /* |
1806 | * Decode a database SMIME record |
1807 | */ |
1808 | static SECStatus |
1809 | DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr) |
1810 | { |
1811 | int lenDiff; |
1812 | |
1813 | /* is record long enough for header? */ |
1814 | if ( dbentry->len < DB_SMIME_ENTRY_HEADER_LEN6 ) { |
1815 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
1816 | goto loser; |
1817 | } |
1818 | |
1819 | /* is database entry correct length? */ |
1820 | entry->subjectName.len = (( dbentry->data[0] << 8 ) | dbentry->data[1] ); |
1821 | entry->smimeOptions.len = (( dbentry->data[2] << 8 ) | dbentry->data[3] ); |
1822 | entry->optionsDate.len = (( dbentry->data[4] << 8 ) | dbentry->data[5] ); |
1823 | lenDiff = dbentry->len - (entry->subjectName.len + |
1824 | entry->smimeOptions.len + |
1825 | entry->optionsDate.len + |
1826 | DB_SMIME_ENTRY_HEADER_LEN6); |
1827 | if (lenDiff) { |
1828 | if (lenDiff < 0 || (lenDiff & 0xffff) != 0 ) { |
1829 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
1830 | goto loser; |
1831 | } |
1832 | /* The entry size exceeded 64KB. Reconstruct the correct length. */ |
1833 | entry->subjectName.len += lenDiff; |
1834 | } |
1835 | |
1836 | /* copy the subject name */ |
1837 | entry->subjectName.data = |
1838 | (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, |
1839 | entry->subjectName.len); |
1840 | if ( entry->subjectName.data == NULL((void*)0) ) { |
1841 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1842 | goto loser; |
1843 | } |
1844 | PORT_Memcpymemcpy(entry->subjectName.data, |
1845 | &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN6], |
1846 | entry->subjectName.len); |
1847 | |
1848 | /* copy the smime options */ |
1849 | if ( entry->smimeOptions.len ) { |
1850 | entry->smimeOptions.data = |
1851 | (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, |
1852 | entry->smimeOptions.len); |
1853 | if ( entry->smimeOptions.data == NULL((void*)0) ) { |
1854 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1855 | goto loser; |
1856 | } |
1857 | PORT_Memcpymemcpy(entry->smimeOptions.data, |
1858 | &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN6 + |
1859 | entry->subjectName.len], |
1860 | entry->smimeOptions.len); |
1861 | } |
1862 | if ( entry->optionsDate.len ) { |
1863 | entry->optionsDate.data = |
1864 | (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, |
1865 | entry->optionsDate.len); |
1866 | if ( entry->optionsDate.data == NULL((void*)0) ) { |
1867 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1868 | goto loser; |
1869 | } |
1870 | PORT_Memcpymemcpy(entry->optionsDate.data, |
1871 | &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN6 + |
1872 | entry->subjectName.len + |
1873 | entry->smimeOptions.len], |
1874 | entry->optionsDate.len); |
1875 | } |
1876 | |
1877 | /* both options and options date must either exist or not exist */ |
1878 | if ( ( ( entry->optionsDate.len == 0 ) || |
1879 | ( entry->smimeOptions.len == 0 ) ) && |
1880 | entry->smimeOptions.len != entry->optionsDate.len ) { |
1881 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
1882 | goto loser; |
1883 | } |
1884 | |
1885 | entry->emailAddr = (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, |
1886 | PORT_Strlen(emailAddr)strlen(emailAddr)+1); |
1887 | if ( entry->emailAddr ) { |
1888 | PORT_Strcpystrcpy(entry->emailAddr, emailAddr); |
1889 | } |
1890 | |
1891 | return(SECSuccess); |
1892 | |
1893 | loser: |
1894 | return(SECFailure); |
1895 | } |
1896 | |
1897 | /* |
1898 | * create a new SMIME entry |
1899 | */ |
1900 | static certDBEntrySMime * |
1901 | NewDBSMimeEntry(char *emailAddr, SECItem *subjectName, SECItem *smimeOptions, |
1902 | SECItem *optionsDate, unsigned int flags) |
1903 | { |
1904 | PLArenaPool *arena = NULL((void*)0); |
1905 | certDBEntrySMime *entry; |
1906 | int addrlen; |
1907 | SECStatus rv; |
1908 | |
1909 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1910 | if ( arena == NULL((void*)0) ) { |
1911 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1912 | goto loser; |
1913 | } |
1914 | |
1915 | entry = (certDBEntrySMime *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, |
1916 | sizeof(certDBEntrySMime)); |
1917 | if ( entry == NULL((void*)0) ) { |
1918 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
1919 | goto loser; |
1920 | } |
1921 | |
1922 | /* init common fields */ |
1923 | entry->common.arena = arena; |
1924 | entry->common.type = certDBEntryTypeSMimeProfile; |
1925 | entry->common.version = CERT_DB_FILE_VERSION8; |
1926 | entry->common.flags = flags; |
1927 | |
1928 | /* copy the email addr */ |
1929 | addrlen = PORT_Strlen(emailAddr)strlen(emailAddr) + 1; |
1930 | |
1931 | entry->emailAddr = (char*)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, addrlen); |
1932 | if ( entry->emailAddr == NULL((void*)0) ) { |
1933 | goto loser; |
1934 | } |
1935 | |
1936 | PORT_Memcpymemcpy(entry->emailAddr, emailAddr, addrlen); |
1937 | |
1938 | /* copy the subject name */ |
1939 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(arena, &entry->subjectName, subjectName); |
1940 | if ( rv != SECSuccess ) { |
1941 | goto loser; |
1942 | } |
1943 | |
1944 | /* copy the smime options */ |
1945 | if ( smimeOptions ) { |
1946 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(arena, &entry->smimeOptions, smimeOptions); |
1947 | if ( rv != SECSuccess ) { |
1948 | goto loser; |
1949 | } |
1950 | } else { |
1951 | PORT_Assert(optionsDate == NULL)((optionsDate == ((void*)0))?((void)0):PR_Assert("optionsDate == NULL" ,"pcertdb.c",1951)); |
1952 | entry->smimeOptions.data = NULL((void*)0); |
1953 | entry->smimeOptions.len = 0; |
1954 | } |
1955 | |
1956 | /* copy the options date */ |
1957 | if ( optionsDate ) { |
1958 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(arena, &entry->optionsDate, optionsDate); |
1959 | if ( rv != SECSuccess ) { |
1960 | goto loser; |
1961 | } |
1962 | } else { |
1963 | PORT_Assert(smimeOptions == NULL)((smimeOptions == ((void*)0))?((void)0):PR_Assert("smimeOptions == NULL" ,"pcertdb.c",1963)); |
1964 | entry->optionsDate.data = NULL((void*)0); |
1965 | entry->optionsDate.len = 0; |
1966 | } |
1967 | |
1968 | return(entry); |
1969 | loser: |
1970 | if ( arena ) { |
1971 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
1972 | } |
1973 | |
1974 | return(NULL((void*)0)); |
1975 | } |
1976 | |
1977 | /* |
1978 | * delete a SMIME entry |
1979 | */ |
1980 | static SECStatus |
1981 | DeleteDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr) |
1982 | { |
1983 | PLArenaPool *arena = NULL((void*)0); |
1984 | SECStatus rv; |
1985 | SECItem dbkey; |
1986 | |
1987 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
1988 | if ( arena == NULL((void*)0) ) { |
1989 | goto loser; |
1990 | } |
1991 | |
1992 | rv = EncodeDBSMimeKey(emailAddr, arena, &dbkey); |
1993 | if ( rv != SECSuccess ) { |
1994 | goto loser; |
1995 | } |
1996 | |
1997 | rv = DeleteDBEntry(handle, certDBEntryTypeSMimeProfile, &dbkey); |
1998 | if ( rv == SECFailure ) { |
1999 | goto loser; |
2000 | } |
2001 | |
2002 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2003 | return(SECSuccess); |
2004 | |
2005 | loser: |
2006 | if ( arena ) { |
2007 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2008 | } |
2009 | |
2010 | return(SECFailure); |
2011 | } |
2012 | |
2013 | /* |
2014 | * Read a SMIME entry |
2015 | */ |
2016 | certDBEntrySMime * |
2017 | nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr) |
2018 | { |
2019 | PLArenaPool *arena = NULL((void*)0); |
2020 | PLArenaPool *tmparena = NULL((void*)0); |
2021 | certDBEntrySMime *entry; |
2022 | SECItem dbkey; |
2023 | SECItem dbentry; |
2024 | SECStatus rv; |
2025 | |
2026 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2027 | if ( arena == NULL((void*)0) ) { |
2028 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2029 | goto loser; |
2030 | } |
2031 | |
2032 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2033 | if ( tmparena == NULL((void*)0) ) { |
2034 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2035 | goto loser; |
2036 | } |
2037 | |
2038 | entry = (certDBEntrySMime *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, |
2039 | sizeof(certDBEntrySMime)); |
2040 | if ( entry == NULL((void*)0) ) { |
2041 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2042 | goto loser; |
2043 | } |
2044 | entry->common.arena = arena; |
2045 | entry->common.type = certDBEntryTypeSMimeProfile; |
2046 | |
2047 | rv = EncodeDBSMimeKey(emailAddr, tmparena, &dbkey); |
2048 | if ( rv != SECSuccess ) { |
2049 | goto loser; |
2050 | } |
2051 | |
2052 | rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena); |
2053 | if ( rv == SECFailure ) { |
2054 | goto loser; |
2055 | } |
2056 | |
2057 | /* is record long enough for header? */ |
2058 | if ( dbentry.len < DB_SMIME_ENTRY_HEADER_LEN6 ) { |
2059 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
2060 | goto loser; |
2061 | } |
2062 | |
2063 | rv = DecodeDBSMimeEntry(entry, &dbentry, emailAddr); |
2064 | if ( rv != SECSuccess ) { |
2065 | goto loser; |
2066 | } |
2067 | |
2068 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2069 | return(entry); |
2070 | |
2071 | loser: |
2072 | if ( tmparena ) { |
2073 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2074 | } |
2075 | if ( arena ) { |
2076 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2077 | } |
2078 | |
2079 | return(NULL((void*)0)); |
2080 | } |
2081 | |
2082 | /* |
2083 | * Encode a SMIME entry into byte stream suitable for |
2084 | * the database |
2085 | */ |
2086 | static SECStatus |
2087 | WriteDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, certDBEntrySMime *entry) |
2088 | { |
2089 | SECItem dbitem, dbkey; |
2090 | PLArenaPool *tmparena = NULL((void*)0); |
2091 | SECStatus rv; |
2092 | |
2093 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2094 | if ( tmparena == NULL((void*)0) ) { |
2095 | goto loser; |
2096 | } |
2097 | |
2098 | rv = EncodeDBSMimeEntry(entry, tmparena, &dbitem); |
2099 | if ( rv != SECSuccess ) { |
2100 | goto loser; |
2101 | } |
2102 | |
2103 | rv = EncodeDBSMimeKey(entry->emailAddr, tmparena, &dbkey); |
2104 | if ( rv != SECSuccess ) { |
2105 | goto loser; |
2106 | } |
2107 | |
2108 | /* now write it to the database */ |
2109 | rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem); |
2110 | if ( rv != SECSuccess ) { |
2111 | goto loser; |
2112 | } |
2113 | |
2114 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2115 | return(SECSuccess); |
2116 | |
2117 | loser: |
2118 | if ( tmparena ) { |
2119 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2120 | } |
2121 | return(SECFailure); |
2122 | |
2123 | } |
2124 | |
2125 | /* |
2126 | * Encode a database subject record |
2127 | */ |
2128 | static SECStatus |
2129 | EncodeDBSubjectEntry(certDBEntrySubject *entry, PLArenaPool *arena, |
2130 | SECItem *dbitem) |
2131 | { |
2132 | unsigned char *buf; |
2133 | int len; |
2134 | unsigned int ncerts; |
2135 | unsigned int i; |
2136 | unsigned char *tmpbuf; |
2137 | unsigned int nnlen = 0; |
2138 | unsigned int eaddrslen = 0; |
2139 | int keyidoff; |
2140 | SECItem *certKeys = entry->certKeys; |
2141 | SECItem *keyIDs = entry->keyIDs;; |
2142 | |
2143 | if ( entry->nickname ) { |
2144 | nnlen = PORT_Strlen(entry->nickname)strlen(entry->nickname) + 1; |
2145 | } |
2146 | if ( entry->emailAddrs ) { |
2147 | eaddrslen = 2; |
2148 | for (i=0; i < entry->nemailAddrs; i++) { |
2149 | eaddrslen += PORT_Strlen(entry->emailAddrs[i])strlen(entry->emailAddrs[i]) + 1 + 2; |
2150 | } |
2151 | } |
2152 | |
2153 | ncerts = entry->ncerts; |
2154 | |
2155 | /* compute the length of the entry */ |
2156 | keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN6 + nnlen ; |
2157 | len = keyidoff + (4 * ncerts) + eaddrslen; |
2158 | for ( i = 0; i < ncerts; i++ ) { |
2159 | if (keyIDs[i].len > 0xffff || |
2160 | (certKeys[i].len > 0xffff)) { |
2161 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INPUT_LEN); |
2162 | goto loser; |
2163 | } |
2164 | len += certKeys[i].len; |
2165 | len += keyIDs[i].len; |
2166 | } |
2167 | |
2168 | /* allocate space for encoded database record, including space |
2169 | * for low level header |
2170 | */ |
2171 | dbitem->len = len + SEC_DB_ENTRY_HEADER_LEN3; |
2172 | |
2173 | dbitem->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbitem->len); |
2174 | if ( dbitem->data == NULL((void*)0)) { |
2175 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2176 | goto loser; |
2177 | } |
2178 | |
2179 | /* fill in database record */ |
2180 | buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN3]; |
2181 | |
2182 | buf[0] = (PRUint8)( ncerts >> 8 ); |
2183 | buf[1] = (PRUint8)( ncerts ); |
2184 | buf[2] = (PRUint8)( nnlen >> 8 ); |
2185 | buf[3] = (PRUint8)( nnlen ); |
2186 | /* v7 email field is NULL in v8 */ |
2187 | buf[4] = 0; |
2188 | buf[5] = 0; |
2189 | |
2190 | PORT_Memcpymemcpy(&buf[DB_SUBJECT_ENTRY_HEADER_LEN6], entry->nickname, nnlen); |
2191 | tmpbuf = &buf[keyidoff]; |
2192 | for ( i = 0; i < ncerts; i++ ) { |
2193 | tmpbuf[0] = (PRUint8)( certKeys[i].len >> 8 ); |
2194 | tmpbuf[1] = (PRUint8)( certKeys[i].len ); |
2195 | tmpbuf += 2; |
2196 | } |
2197 | for ( i = 0; i < ncerts; i++ ) { |
2198 | tmpbuf[0] = (PRUint8)( keyIDs[i].len >> 8 ); |
2199 | tmpbuf[1] = (PRUint8)( keyIDs[i].len ); |
2200 | tmpbuf += 2; |
2201 | } |
2202 | |
2203 | for ( i = 0; i < ncerts; i++ ) { |
2204 | PORT_Memcpymemcpy(tmpbuf, certKeys[i].data, certKeys[i].len); |
2205 | tmpbuf += certKeys[i].len; |
2206 | } |
2207 | for ( i = 0; i < ncerts; i++ ) { |
2208 | PORT_Memcpymemcpy(tmpbuf, keyIDs[i].data, keyIDs[i].len); |
2209 | tmpbuf += keyIDs[i].len; |
2210 | } |
2211 | |
2212 | if (entry->emailAddrs) { |
2213 | tmpbuf[0] = (PRUint8)( entry->nemailAddrs >> 8 ); |
2214 | tmpbuf[1] = (PRUint8)( entry->nemailAddrs ); |
2215 | tmpbuf += 2; |
2216 | for (i=0; i < entry->nemailAddrs; i++) { |
2217 | int nameLen = PORT_Strlen(entry->emailAddrs[i])strlen(entry->emailAddrs[i]) + 1; |
2218 | tmpbuf[0] = (PRUint8)( nameLen >> 8 ); |
2219 | tmpbuf[1] = (PRUint8)( nameLen ); |
2220 | tmpbuf += 2; |
2221 | PORT_Memcpymemcpy(tmpbuf,entry->emailAddrs[i],nameLen); |
2222 | tmpbuf +=nameLen; |
2223 | } |
2224 | } |
2225 | |
2226 | PORT_Assert(tmpbuf == &buf[len])((tmpbuf == &buf[len])?((void)0):PR_Assert("tmpbuf == &buf[len]" ,"pcertdb.c",2226)); |
2227 | |
2228 | return(SECSuccess); |
2229 | |
2230 | loser: |
2231 | return(SECFailure); |
2232 | } |
2233 | |
2234 | /* |
2235 | * Encode a database key for a subject record |
2236 | */ |
2237 | static SECStatus |
2238 | EncodeDBSubjectKey(SECItem *derSubject, PLArenaPool *arena, |
2239 | SECItem *dbkey) |
2240 | { |
2241 | dbkey->len = derSubject->len + SEC_DB_KEY_HEADER_LEN1; |
2242 | if (dbkey->len > NSS_MAX_LEGACY_DB_KEY_SIZE(60 * 1024)) |
2243 | goto loser; |
2244 | dbkey->data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, dbkey->len); |
2245 | if ( dbkey->data == NULL((void*)0) ) { |
2246 | goto loser; |
2247 | } |
2248 | PORT_Memcpymemcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN1], derSubject->data, |
2249 | derSubject->len); |
2250 | dbkey->data[0] = certDBEntryTypeSubject; |
2251 | |
2252 | return(SECSuccess); |
2253 | |
2254 | loser: |
2255 | return(SECFailure); |
2256 | } |
2257 | |
2258 | static SECStatus |
2259 | DecodeDBSubjectEntry(certDBEntrySubject *entry, SECItem *dbentry, |
2260 | const SECItem *derSubject) |
2261 | { |
2262 | PLArenaPool *arena = entry->common.arena; |
2263 | unsigned char *tmpbuf; |
2264 | unsigned char *end; |
2265 | void *mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); |
2266 | unsigned int eaddrlen; |
2267 | unsigned int i; |
2268 | unsigned int keyidoff; |
2269 | unsigned int len; |
2270 | unsigned int ncerts = 0; |
2271 | unsigned int nnlen; |
2272 | SECStatus rv; |
2273 | |
2274 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(arena, &entry->derSubject, derSubject); |
2275 | if ( rv != SECSuccess ) { |
2276 | goto loser; |
2277 | } |
2278 | |
2279 | /* is record long enough for header? */ |
2280 | if ( dbentry->len < DB_SUBJECT_ENTRY_HEADER_LEN6 ) { |
2281 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
2282 | goto loser; |
2283 | } |
2284 | |
2285 | entry->ncerts = ncerts = (( dbentry->data[0] << 8 ) | dbentry->data[1] ); |
2286 | nnlen = (( dbentry->data[2] << 8 ) | dbentry->data[3] ); |
2287 | eaddrlen = (( dbentry->data[4] << 8 ) | dbentry->data[5] ); |
2288 | keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN6 + nnlen + eaddrlen; |
2289 | len = keyidoff + (4 * ncerts); |
2290 | if ( dbentry->len < len) { |
2291 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
2292 | goto loser; |
2293 | } |
2294 | |
2295 | entry->certKeys = PORT_ArenaNewArray(arena, SECItem, ncerts)(SECItem*) PORT_ArenaAlloc_Util (arena, sizeof(SECItem)*(ncerts )); |
2296 | entry->keyIDs = PORT_ArenaNewArray(arena, SECItem, ncerts)(SECItem*) PORT_ArenaAlloc_Util (arena, sizeof(SECItem)*(ncerts )); |
2297 | if ( ( entry->certKeys == NULL((void*)0) ) || ( entry->keyIDs == NULL((void*)0) ) ) { |
2298 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2299 | goto loser; |
2300 | } |
2301 | |
2302 | if ( nnlen > 1 ) { /* null terminator is stored */ |
2303 | entry->nickname = (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, nnlen); |
2304 | if ( entry->nickname == NULL((void*)0) ) { |
2305 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2306 | goto loser; |
2307 | } |
2308 | PORT_Memcpymemcpy(entry->nickname, |
2309 | &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN6], |
2310 | nnlen); |
2311 | } else { |
2312 | entry->nickname = NULL((void*)0); |
2313 | } |
2314 | |
2315 | /* if we have an old style email entry, there is only one */ |
2316 | entry->nemailAddrs = 0; |
2317 | if ( eaddrlen > 1 ) { /* null terminator is stored */ |
2318 | entry->emailAddrs = PORT_ArenaNewArray(arena, char *, 2)(char **) PORT_ArenaAlloc_Util (arena, sizeof(char *)*(2)); |
2319 | if ( entry->emailAddrs == NULL((void*)0) ) { |
2320 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2321 | goto loser; |
2322 | } |
2323 | entry->emailAddrs[0] = (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, eaddrlen); |
2324 | if ( entry->emailAddrs[0] == NULL((void*)0) ) { |
2325 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2326 | goto loser; |
2327 | } |
2328 | PORT_Memcpymemcpy(entry->emailAddrs[0], |
2329 | &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN6+nnlen], |
2330 | eaddrlen); |
2331 | entry->nemailAddrs = 1; |
2332 | } else { |
2333 | entry->emailAddrs = NULL((void*)0); |
2334 | } |
2335 | |
2336 | /* collect the lengths of the certKeys and keyIDs, and total the |
2337 | * overall length. |
2338 | */ |
2339 | tmpbuf = &dbentry->data[keyidoff]; |
2340 | for ( i = 0; i < ncerts; i++ ) { |
2341 | unsigned int itemlen = ( tmpbuf[0] << 8 ) | tmpbuf[1]; |
2342 | entry->certKeys[i].len = itemlen; |
2343 | len += itemlen; |
2344 | tmpbuf += 2; |
2345 | } |
2346 | for ( i = 0; i < ncerts; i++ ) { |
2347 | unsigned int itemlen = ( tmpbuf[0] << 8 ) | tmpbuf[1] ; |
2348 | entry->keyIDs[i].len = itemlen; |
2349 | len += itemlen; |
2350 | tmpbuf += 2; |
2351 | } |
2352 | |
2353 | /* is encoded entry large enough ? */ |
2354 | if ( len > dbentry->len ){ |
2355 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
2356 | goto loser; |
2357 | } |
2358 | |
2359 | for ( i = 0; i < ncerts; i++ ) { |
2360 | unsigned int kLen = entry->certKeys[i].len; |
2361 | entry->certKeys[i].data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, kLen); |
2362 | if ( entry->certKeys[i].data == NULL((void*)0) ) { |
2363 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2364 | goto loser; |
2365 | } |
2366 | PORT_Memcpymemcpy(entry->certKeys[i].data, tmpbuf, kLen); |
2367 | tmpbuf += kLen; |
2368 | } |
2369 | for ( i = 0; i < ncerts; i++ ) { |
2370 | unsigned int iLen = entry->keyIDs[i].len; |
2371 | entry->keyIDs[i].data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, iLen); |
2372 | if ( entry->keyIDs[i].data == NULL((void*)0) ) { |
2373 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2374 | goto loser; |
2375 | } |
2376 | PORT_Memcpymemcpy(entry->keyIDs[i].data, tmpbuf, iLen); |
2377 | tmpbuf += iLen; |
2378 | } |
2379 | |
2380 | end = dbentry->data + dbentry->len; |
2381 | if ((eaddrlen == 0) && (end - tmpbuf > 1)) { |
2382 | /* read in the additional email addresses */ |
2383 | entry->nemailAddrs = (((unsigned int)tmpbuf[0]) << 8) | tmpbuf[1]; |
2384 | tmpbuf += 2; |
2385 | if (end - tmpbuf < 2 * (int)entry->nemailAddrs) |
2386 | goto loser; |
2387 | entry->emailAddrs = PORT_ArenaNewArray(arena, char *, entry->nemailAddrs)(char **) PORT_ArenaAlloc_Util (arena, sizeof(char *)*(entry-> nemailAddrs)); |
2388 | if (entry->emailAddrs == NULL((void*)0)) { |
2389 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2390 | goto loser; |
2391 | } |
2392 | for (i=0; i < entry->nemailAddrs; i++) { |
2393 | int nameLen; |
2394 | if (end - tmpbuf < 2) { |
2395 | goto loser; |
2396 | } |
2397 | nameLen = (((int)tmpbuf[0]) << 8) | tmpbuf[1]; |
2398 | tmpbuf += 2; |
2399 | if (end - tmpbuf < nameLen) { |
2400 | goto loser; |
2401 | } |
2402 | entry->emailAddrs[i] = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena,nameLen); |
2403 | if (entry->emailAddrs == NULL((void*)0)) { |
2404 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2405 | goto loser; |
2406 | } |
2407 | PORT_Memcpymemcpy(entry->emailAddrs[i], tmpbuf, nameLen); |
2408 | tmpbuf += nameLen; |
2409 | } |
2410 | if (tmpbuf != end) |
2411 | goto loser; |
2412 | } |
2413 | PORT_ArenaUnmarkPORT_ArenaUnmark_Util(arena, mark); |
2414 | return(SECSuccess); |
2415 | |
2416 | loser: |
2417 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); /* discard above allocations */ |
2418 | return(SECFailure); |
2419 | } |
2420 | |
2421 | /* |
2422 | * create a new subject entry with a single cert |
2423 | */ |
2424 | static certDBEntrySubject * |
2425 | NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, |
2426 | SECItem *keyID, char *nickname, char *emailAddr, |
2427 | unsigned int flags) |
2428 | { |
2429 | PLArenaPool *arena = NULL((void*)0); |
2430 | certDBEntrySubject *entry; |
2431 | SECStatus rv; |
2432 | unsigned int nnlen; |
2433 | unsigned int eaddrlen; |
2434 | |
2435 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2436 | if ( arena == NULL((void*)0) ) { |
2437 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2438 | goto loser; |
2439 | } |
2440 | |
2441 | entry = (certDBEntrySubject *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, |
2442 | sizeof(certDBEntrySubject)); |
2443 | if ( entry == NULL((void*)0) ) { |
2444 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2445 | goto loser; |
2446 | } |
2447 | |
2448 | /* init common fields */ |
2449 | entry->common.arena = arena; |
2450 | entry->common.type = certDBEntryTypeSubject; |
2451 | entry->common.version = CERT_DB_FILE_VERSION8; |
2452 | entry->common.flags = flags; |
2453 | |
2454 | /* copy the subject */ |
2455 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(arena, &entry->derSubject, derSubject); |
2456 | if ( rv != SECSuccess ) { |
2457 | goto loser; |
2458 | } |
2459 | |
2460 | entry->ncerts = 1; |
2461 | entry->nemailAddrs = 0; |
2462 | /* copy nickname */ |
2463 | if ( nickname && ( *nickname != '\0' ) ) { |
2464 | nnlen = PORT_Strlen(nickname)strlen(nickname) + 1; |
2465 | entry->nickname = (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, nnlen); |
2466 | if ( entry->nickname == NULL((void*)0) ) { |
2467 | goto loser; |
2468 | } |
2469 | |
2470 | PORT_Memcpymemcpy(entry->nickname, nickname, nnlen); |
2471 | } else { |
2472 | entry->nickname = NULL((void*)0); |
2473 | } |
2474 | |
2475 | /* copy email addr */ |
2476 | if ( emailAddr && ( *emailAddr != '\0' ) ) { |
2477 | emailAddr = nsslowcert_FixupEmailAddr(emailAddr); |
2478 | if ( emailAddr == NULL((void*)0) ) { |
2479 | entry->emailAddrs = NULL((void*)0); |
2480 | goto loser; |
2481 | } |
2482 | |
2483 | eaddrlen = PORT_Strlen(emailAddr)strlen(emailAddr) + 1; |
2484 | entry->emailAddrs = (char **)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, sizeof(char *)); |
2485 | if ( entry->emailAddrs == NULL((void*)0) ) { |
2486 | PORT_FreePORT_Free_Util(emailAddr); |
2487 | goto loser; |
2488 | } |
2489 | entry->emailAddrs[0] = PORT_ArenaStrdupPORT_ArenaStrdup_Util(arena,emailAddr); |
2490 | if (entry->emailAddrs[0]) { |
2491 | entry->nemailAddrs = 1; |
2492 | } |
2493 | |
2494 | PORT_FreePORT_Free_Util(emailAddr); |
2495 | } else { |
2496 | entry->emailAddrs = NULL((void*)0); |
2497 | } |
2498 | |
2499 | /* allocate space for certKeys and keyIDs */ |
2500 | entry->certKeys = (SECItem *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, sizeof(SECItem)); |
2501 | entry->keyIDs = (SECItem *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, sizeof(SECItem)); |
2502 | if ( ( entry->certKeys == NULL((void*)0) ) || ( entry->keyIDs == NULL((void*)0) ) ) { |
2503 | goto loser; |
2504 | } |
2505 | |
2506 | /* copy the certKey and keyID */ |
2507 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(arena, &entry->certKeys[0], certKey); |
2508 | if ( rv != SECSuccess ) { |
2509 | goto loser; |
2510 | } |
2511 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(arena, &entry->keyIDs[0], keyID); |
2512 | if ( rv != SECSuccess ) { |
2513 | goto loser; |
2514 | } |
2515 | |
2516 | return(entry); |
2517 | loser: |
2518 | if ( arena ) { |
2519 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2520 | } |
2521 | |
2522 | return(NULL((void*)0)); |
2523 | } |
2524 | |
2525 | /* |
2526 | * delete a subject entry |
2527 | */ |
2528 | static SECStatus |
2529 | DeleteDBSubjectEntry(NSSLOWCERTCertDBHandle *handle, SECItem *derSubject) |
2530 | { |
2531 | SECItem dbkey; |
2532 | PLArenaPool *arena = NULL((void*)0); |
2533 | SECStatus rv; |
2534 | |
2535 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2536 | if ( arena == NULL((void*)0) ) { |
2537 | goto loser; |
2538 | } |
2539 | |
2540 | rv = EncodeDBSubjectKey(derSubject, arena, &dbkey); |
2541 | if ( rv != SECSuccess ) { |
2542 | goto loser; |
2543 | } |
2544 | |
2545 | rv = DeleteDBEntry(handle, certDBEntryTypeSubject, &dbkey); |
2546 | if ( rv == SECFailure ) { |
2547 | goto loser; |
2548 | } |
2549 | |
2550 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2551 | return(SECSuccess); |
2552 | |
2553 | loser: |
2554 | if ( arena ) { |
2555 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2556 | } |
2557 | |
2558 | return(SECFailure); |
2559 | } |
2560 | |
2561 | /* |
2562 | * Read the subject entry |
2563 | */ |
2564 | static certDBEntrySubject * |
2565 | ReadDBSubjectEntry(NSSLOWCERTCertDBHandle *handle, SECItem *derSubject) |
2566 | { |
2567 | PLArenaPool *arena = NULL((void*)0); |
2568 | PLArenaPool *tmparena = NULL((void*)0); |
2569 | certDBEntrySubject *entry; |
2570 | SECItem dbkey; |
2571 | SECItem dbentry; |
2572 | SECStatus rv; |
2573 | |
2574 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2575 | if ( arena == NULL((void*)0) ) { |
2576 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2577 | goto loser; |
2578 | } |
2579 | |
2580 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2581 | if ( tmparena == NULL((void*)0) ) { |
2582 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2583 | goto loser; |
2584 | } |
2585 | |
2586 | entry = (certDBEntrySubject *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, |
2587 | sizeof(certDBEntrySubject)); |
2588 | if ( entry == NULL((void*)0) ) { |
2589 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2590 | goto loser; |
2591 | } |
2592 | entry->common.arena = arena; |
2593 | entry->common.type = certDBEntryTypeSubject; |
2594 | |
2595 | rv = EncodeDBSubjectKey(derSubject, tmparena, &dbkey); |
2596 | if ( rv != SECSuccess ) { |
2597 | goto loser; |
2598 | } |
2599 | |
2600 | rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena); |
2601 | if ( rv == SECFailure ) { |
2602 | goto loser; |
2603 | } |
2604 | |
2605 | rv = DecodeDBSubjectEntry(entry, &dbentry, derSubject); |
2606 | if ( rv == SECFailure ) { |
2607 | goto loser; |
2608 | } |
2609 | |
2610 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2611 | return(entry); |
2612 | |
2613 | loser: |
2614 | if ( tmparena ) { |
2615 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2616 | } |
2617 | if ( arena ) { |
2618 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2619 | } |
2620 | |
2621 | return(NULL((void*)0)); |
2622 | } |
2623 | |
2624 | /* |
2625 | * Encode a subject name entry into byte stream suitable for |
2626 | * the database |
2627 | */ |
2628 | static SECStatus |
2629 | WriteDBSubjectEntry(NSSLOWCERTCertDBHandle *handle, certDBEntrySubject *entry) |
2630 | { |
2631 | SECItem dbitem, dbkey; |
2632 | PLArenaPool *tmparena = NULL((void*)0); |
2633 | SECStatus rv; |
2634 | |
2635 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2636 | if ( tmparena == NULL((void*)0) ) { |
2637 | goto loser; |
2638 | } |
2639 | |
2640 | rv = EncodeDBSubjectEntry(entry, tmparena, &dbitem); |
2641 | if ( rv != SECSuccess ) { |
2642 | goto loser; |
2643 | } |
2644 | |
2645 | rv = EncodeDBSubjectKey(&entry->derSubject, tmparena, &dbkey); |
2646 | if ( rv != SECSuccess ) { |
2647 | goto loser; |
2648 | } |
2649 | |
2650 | /* now write it to the database */ |
2651 | rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem); |
2652 | if ( rv != SECSuccess ) { |
2653 | goto loser; |
2654 | } |
2655 | |
2656 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2657 | return(SECSuccess); |
2658 | |
2659 | loser: |
2660 | if ( tmparena ) { |
2661 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2662 | } |
2663 | return(SECFailure); |
2664 | |
2665 | } |
2666 | |
2667 | typedef enum { nsslowcert_remove, nsslowcert_add } nsslowcertUpdateType; |
2668 | |
2669 | static SECStatus |
2670 | nsslowcert_UpdateSubjectEmailAddr(NSSLOWCERTCertDBHandle *dbhandle, |
2671 | SECItem *derSubject, char *emailAddr, nsslowcertUpdateType updateType) |
2672 | { |
2673 | certDBEntrySubject *entry = NULL((void*)0); |
2674 | int index = -1, i; |
2675 | SECStatus rv; |
2676 | |
2677 | if (emailAddr) { |
2678 | emailAddr = nsslowcert_FixupEmailAddr(emailAddr); |
2679 | if (emailAddr == NULL((void*)0)) { |
2680 | return SECFailure; |
2681 | } |
2682 | } else { |
2683 | return SECSuccess; |
2684 | } |
2685 | |
2686 | entry = ReadDBSubjectEntry(dbhandle,derSubject); |
2687 | if (entry == NULL((void*)0)) { |
2688 | rv = SECFailure; |
2689 | goto done; |
2690 | } |
2691 | |
2692 | for (i=0; i < (int)(entry->nemailAddrs); i++) { |
2693 | if (PORT_Strcmpstrcmp(entry->emailAddrs[i],emailAddr) == 0) { |
2694 | index = i; |
2695 | } |
2696 | } |
2697 | |
2698 | if (updateType == nsslowcert_remove) { |
2699 | if (index == -1) { |
2700 | rv = SECSuccess; |
2701 | goto done; |
2702 | } |
2703 | entry->nemailAddrs--; |
2704 | for (i=index; i < (int)(entry->nemailAddrs); i++) { |
2705 | entry->emailAddrs[i] = entry->emailAddrs[i+1]; |
2706 | } |
2707 | } else { |
2708 | char **newAddrs = NULL((void*)0); |
2709 | |
2710 | if (index != -1) { |
2711 | rv = SECSuccess; |
2712 | goto done; |
2713 | } |
2714 | newAddrs = (char **)PORT_ArenaAllocPORT_ArenaAlloc_Util(entry->common.arena, |
2715 | (entry->nemailAddrs+1)* sizeof(char *)); |
2716 | if (!newAddrs) { |
2717 | rv = SECFailure; |
2718 | goto done; |
2719 | } |
2720 | for (i=0; i < (int)(entry->nemailAddrs); i++) { |
2721 | newAddrs[i] = entry->emailAddrs[i]; |
2722 | } |
2723 | newAddrs[entry->nemailAddrs] = |
2724 | PORT_ArenaStrdupPORT_ArenaStrdup_Util(entry->common.arena,emailAddr); |
2725 | if (!newAddrs[entry->nemailAddrs]) { |
2726 | rv = SECFailure; |
2727 | goto done; |
2728 | } |
2729 | entry->emailAddrs = newAddrs; |
2730 | entry->nemailAddrs++; |
2731 | } |
2732 | |
2733 | /* delete the subject entry */ |
2734 | DeleteDBSubjectEntry(dbhandle, derSubject); |
2735 | |
2736 | /* write the new one */ |
2737 | rv = WriteDBSubjectEntry(dbhandle, entry); |
2738 | |
2739 | done: |
2740 | if (entry) DestroyDBEntry((certDBEntry *)entry); |
2741 | if (emailAddr) PORT_FreePORT_Free_Util(emailAddr); |
2742 | return rv; |
2743 | } |
2744 | |
2745 | /* |
2746 | * writes a nickname to an existing subject entry that does not currently |
2747 | * have one |
2748 | */ |
2749 | static SECStatus |
2750 | AddNicknameToSubject(NSSLOWCERTCertDBHandle *dbhandle, |
2751 | NSSLOWCERTCertificate *cert, char *nickname) |
2752 | { |
2753 | certDBEntrySubject *entry; |
2754 | SECStatus rv; |
2755 | |
2756 | if ( nickname == NULL((void*)0) ) { |
2757 | return(SECFailure); |
2758 | } |
2759 | |
2760 | entry = ReadDBSubjectEntry(dbhandle,&cert->derSubject); |
2761 | PORT_Assert(entry != NULL)((entry != ((void*)0))?((void)0):PR_Assert("entry != NULL","pcertdb.c" ,2761)); |
2762 | if ( entry == NULL((void*)0) ) { |
2763 | goto loser; |
2764 | } |
2765 | |
2766 | PORT_Assert(entry->nickname == NULL)((entry->nickname == ((void*)0))?((void)0):PR_Assert("entry->nickname == NULL" ,"pcertdb.c",2766)); |
2767 | if ( entry->nickname != NULL((void*)0) ) { |
2768 | goto loser; |
2769 | } |
2770 | |
2771 | entry->nickname = PORT_ArenaStrdupPORT_ArenaStrdup_Util(entry->common.arena, nickname); |
2772 | |
2773 | if ( entry->nickname == NULL((void*)0) ) { |
2774 | goto loser; |
2775 | } |
2776 | |
2777 | /* delete the subject entry */ |
2778 | DeleteDBSubjectEntry(dbhandle, &cert->derSubject); |
2779 | |
2780 | /* write the new one */ |
2781 | rv = WriteDBSubjectEntry(dbhandle, entry); |
2782 | if ( rv != SECSuccess ) { |
2783 | goto loser; |
2784 | } |
2785 | |
2786 | return(SECSuccess); |
2787 | |
2788 | loser: |
2789 | return(SECFailure); |
2790 | } |
2791 | |
2792 | /* |
2793 | * create a new version entry |
2794 | */ |
2795 | static certDBEntryVersion * |
2796 | NewDBVersionEntry(unsigned int flags) |
2797 | { |
2798 | PLArenaPool *arena = NULL((void*)0); |
2799 | certDBEntryVersion *entry; |
2800 | |
2801 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2802 | if ( arena == NULL((void*)0) ) { |
2803 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2804 | goto loser; |
2805 | } |
2806 | |
2807 | entry = (certDBEntryVersion *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, |
2808 | sizeof(certDBEntryVersion)); |
2809 | if ( entry == NULL((void*)0) ) { |
2810 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2811 | goto loser; |
2812 | } |
2813 | entry->common.arena = arena; |
2814 | entry->common.type = certDBEntryTypeVersion; |
2815 | entry->common.version = CERT_DB_FILE_VERSION8; |
2816 | entry->common.flags = flags; |
2817 | |
2818 | return(entry); |
2819 | loser: |
2820 | if ( arena ) { |
2821 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2822 | } |
2823 | |
2824 | return(NULL((void*)0)); |
2825 | } |
2826 | |
2827 | /* |
2828 | * Read the version entry |
2829 | */ |
2830 | static certDBEntryVersion * |
2831 | ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle) |
2832 | { |
2833 | PLArenaPool *arena = NULL((void*)0); |
2834 | PLArenaPool *tmparena = NULL((void*)0); |
2835 | certDBEntryVersion *entry; |
2836 | SECItem dbkey; |
2837 | SECItem dbentry; |
2838 | SECStatus rv; |
2839 | |
2840 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2841 | if ( arena == NULL((void*)0) ) { |
2842 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2843 | goto loser; |
2844 | } |
2845 | |
2846 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2847 | if ( tmparena == NULL((void*)0) ) { |
2848 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2849 | goto loser; |
2850 | } |
2851 | |
2852 | entry = PORT_ArenaZNew(arena, certDBEntryVersion)(certDBEntryVersion*) PORT_ArenaZAlloc_Util(arena, sizeof(certDBEntryVersion )); |
2853 | if ( entry == NULL((void*)0) ) { |
2854 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2855 | goto loser; |
2856 | } |
2857 | entry->common.arena = arena; |
2858 | entry->common.type = certDBEntryTypeVersion; |
2859 | |
2860 | /* now get the database key and format it */ |
2861 | dbkey.len = SEC_DB_VERSION_KEY_LENsizeof("Version") + SEC_DB_KEY_HEADER_LEN1; |
2862 | dbkey.data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(tmparena, dbkey.len); |
2863 | if ( dbkey.data == NULL((void*)0) ) { |
2864 | goto loser; |
2865 | } |
2866 | PORT_Memcpymemcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN1], SEC_DB_VERSION_KEY"Version", |
2867 | SEC_DB_VERSION_KEY_LENsizeof("Version")); |
2868 | |
2869 | rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena); |
2870 | if (rv != SECSuccess) { |
2871 | goto loser; |
2872 | } |
2873 | |
2874 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2875 | return(entry); |
2876 | |
2877 | loser: |
2878 | if ( tmparena ) { |
2879 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2880 | } |
2881 | if ( arena ) { |
2882 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
2883 | } |
2884 | |
2885 | return(NULL((void*)0)); |
2886 | } |
2887 | |
2888 | |
2889 | /* |
2890 | * Encode a version entry into byte stream suitable for |
2891 | * the database |
2892 | */ |
2893 | static SECStatus |
2894 | WriteDBVersionEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryVersion *entry) |
2895 | { |
2896 | SECItem dbitem, dbkey; |
2897 | PLArenaPool *tmparena = NULL((void*)0); |
2898 | SECStatus rv; |
2899 | |
2900 | tmparena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
2901 | if ( tmparena == NULL((void*)0) ) { |
2902 | goto loser; |
2903 | } |
2904 | |
2905 | /* allocate space for encoded database record, including space |
2906 | * for low level header |
2907 | */ |
2908 | dbitem.len = SEC_DB_ENTRY_HEADER_LEN3; |
2909 | |
2910 | dbitem.data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(tmparena, dbitem.len); |
2911 | if ( dbitem.data == NULL((void*)0)) { |
2912 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY); |
2913 | goto loser; |
2914 | } |
2915 | |
2916 | /* now get the database key and format it */ |
2917 | dbkey.len = SEC_DB_VERSION_KEY_LENsizeof("Version") + SEC_DB_KEY_HEADER_LEN1; |
2918 | dbkey.data = (unsigned char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(tmparena, dbkey.len); |
2919 | if ( dbkey.data == NULL((void*)0) ) { |
2920 | goto loser; |
2921 | } |
2922 | PORT_Memcpymemcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN1], SEC_DB_VERSION_KEY"Version", |
2923 | SEC_DB_VERSION_KEY_LENsizeof("Version")); |
2924 | |
2925 | /* now write it to the database */ |
2926 | rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem); |
2927 | if ( rv != SECSuccess ) { |
2928 | goto loser; |
2929 | } |
2930 | |
2931 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2932 | return(SECSuccess); |
2933 | |
2934 | loser: |
2935 | if ( tmparena ) { |
2936 | PORT_FreeArenaPORT_FreeArena_Util(tmparena, PR_FALSE0); |
2937 | } |
2938 | return(SECFailure); |
2939 | } |
2940 | |
2941 | /* |
2942 | * cert is no longer a perm cert, but will remain a temp cert |
2943 | */ |
2944 | static SECStatus |
2945 | RemovePermSubjectNode(NSSLOWCERTCertificate *cert) |
2946 | { |
2947 | certDBEntrySubject *entry; |
2948 | unsigned int i; |
2949 | SECStatus rv; |
2950 | |
2951 | entry = ReadDBSubjectEntry(cert->dbhandle,&cert->derSubject); |
2952 | if ( entry == NULL((void*)0) ) { |
2953 | return(SECFailure); |
2954 | } |
2955 | |
2956 | PORT_Assert(entry->ncerts)((entry->ncerts)?((void)0):PR_Assert("entry->ncerts","pcertdb.c" ,2956)); |
2957 | rv = SECFailure; |
2958 | |
2959 | if ( entry->ncerts > 1 ) { |
2960 | for ( i = 0; i < entry->ncerts; i++ ) { |
2961 | if ( SECITEM_CompareItemSECITEM_CompareItem_Util(&entry->certKeys[i], &cert->certKey) == |
2962 | SECEqual ) { |
2963 | /* copy rest of list forward one entry */ |
2964 | for ( i = i + 1; i < entry->ncerts; i++ ) { |
2965 | entry->certKeys[i-1] = entry->certKeys[i]; |
2966 | entry->keyIDs[i-1] = entry->keyIDs[i]; |
2967 | } |
2968 | entry->ncerts--; |
2969 | DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject); |
2970 | rv = WriteDBSubjectEntry(cert->dbhandle, entry); |
2971 | break; |
2972 | } |
2973 | } |
2974 | } else { |
2975 | /* no entries left, delete the perm entry in the DB */ |
2976 | if ( entry->emailAddrs ) { |
2977 | /* if the subject had an email record, then delete it too */ |
2978 | for (i=0; i < entry->nemailAddrs; i++) { |
2979 | DeleteDBSMimeEntry(cert->dbhandle, entry->emailAddrs[i]); |
2980 | } |
2981 | } |
2982 | if ( entry->nickname ) { |
2983 | DeleteDBNicknameEntry(cert->dbhandle, entry->nickname); |
2984 | } |
2985 | |
2986 | DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject); |
2987 | } |
2988 | DestroyDBEntry((certDBEntry *)entry); |
2989 | |
2990 | return(rv); |
2991 | } |
2992 | |
2993 | /* |
2994 | * add a cert to the perm subject list |
2995 | */ |
2996 | static SECStatus |
2997 | AddPermSubjectNode(certDBEntrySubject *entry, NSSLOWCERTCertificate *cert, |
2998 | char *nickname) |
2999 | { |
3000 | SECItem *newCertKeys, *newKeyIDs; |
3001 | unsigned int i, new_i; |
3002 | SECStatus rv; |
3003 | unsigned int ncerts; |
3004 | |
3005 | PORT_Assert(entry)((entry)?((void)0):PR_Assert("entry","pcertdb.c",3005)); |
3006 | ncerts = entry->ncerts; |
3007 | |
3008 | if ( nickname && entry->nickname ) { |
3009 | /* nicknames must be the same */ |
3010 | PORT_Assert(PORT_Strcmp(nickname, entry->nickname) == 0)((strcmp(nickname, entry->nickname) == 0)?((void)0):PR_Assert ("PORT_Strcmp(nickname, entry->nickname) == 0","pcertdb.c" ,3010)); |
3011 | } |
3012 | |
3013 | if ( ( entry->nickname == NULL((void*)0) ) && ( nickname != NULL((void*)0) ) ) { |
3014 | /* copy nickname into the entry */ |
3015 | entry->nickname = PORT_ArenaStrdupPORT_ArenaStrdup_Util(entry->common.arena, nickname); |
3016 | if ( entry->nickname == NULL((void*)0) ) { |
3017 | return(SECFailure); |
3018 | } |
3019 | } |
3020 | |
3021 | /* a DB entry already exists, so add this cert */ |
3022 | newCertKeys = PORT_ArenaZNewArray(entry->common.arena, SECItem, ncerts + 1)(SECItem*) PORT_ArenaZAlloc_Util (entry->common.arena, sizeof (SECItem)*(ncerts + 1)); |
3023 | newKeyIDs = PORT_ArenaZNewArray(entry->common.arena, SECItem, ncerts + 1)(SECItem*) PORT_ArenaZAlloc_Util (entry->common.arena, sizeof (SECItem)*(ncerts + 1)); |
3024 | |
3025 | if ( ( newCertKeys == NULL((void*)0) ) || ( newKeyIDs == NULL((void*)0) ) ) { |
3026 | return(SECFailure); |
3027 | } |
3028 | |
3029 | /* Step 1: copy certs older than "cert" into new entry. */ |
3030 | for ( i = 0, new_i=0; i < ncerts; i++ ) { |
3031 | NSSLOWCERTCertificate *cmpcert; |
3032 | PRBool isNewer; |
3033 | cmpcert = nsslowcert_FindCertByKey(cert->dbhandle, |
3034 | &entry->certKeys[i]); |
3035 | /* The entry has been corrupted, remove it from the list */ |
3036 | if (!cmpcert) { |
3037 | continue; |
3038 | } |
3039 | |
3040 | isNewer = nsslowcert_IsNewer(cert, cmpcert); |
3041 | nsslowcert_DestroyCertificate(cmpcert); |
3042 | if ( isNewer ) |
3043 | break; |
3044 | /* copy this cert entry */ |
3045 | newCertKeys[new_i] = entry->certKeys[i]; |
3046 | newKeyIDs[new_i] = entry->keyIDs[i]; |
3047 | new_i++; |
3048 | } |
3049 | |
3050 | /* Step 2: Add "cert" to the entry. */ |
3051 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(entry->common.arena, &newCertKeys[new_i], |
3052 | &cert->certKey); |
3053 | if ( rv != SECSuccess ) { |
3054 | return(SECFailure); |
3055 | } |
3056 | rv = SECITEM_CopyItemSECITEM_CopyItem_Util(entry->common.arena, &newKeyIDs[new_i], |
3057 | &cert->subjectKeyID); |
3058 | if ( rv != SECSuccess ) { |
3059 | return(SECFailure); |
3060 | } |
3061 | new_i++; |
3062 | |
3063 | /* Step 3: copy remaining certs (if any) from old entry to new. */ |
3064 | for ( ; i < ncerts; i++ ,new_i++) { |
3065 | newCertKeys[new_i] = entry->certKeys[i]; |
3066 | newKeyIDs[new_i] = entry->keyIDs[i]; |
3067 | } |
3068 | |
3069 | /* update certKeys and keyIDs */ |
3070 | entry->certKeys = newCertKeys; |
3071 | entry->keyIDs = newKeyIDs; |
3072 | |
3073 | /* set new count value */ |
3074 | entry->ncerts = new_i; |
3075 | |
3076 | DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject); |
3077 | rv = WriteDBSubjectEntry(cert->dbhandle, entry); |
3078 | return(rv); |
3079 | } |
3080 | |
3081 | |
3082 | SECStatus |
3083 | nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle, |
3084 | SECItem *derSubject, |
3085 | NSSLOWCERTCertCallback cb, void *cbarg) |
3086 | { |
3087 | certDBEntrySubject *entry; |
3088 | unsigned int i; |
3089 | NSSLOWCERTCertificate *cert; |
3090 | SECStatus rv = SECSuccess; |
3091 | |
3092 | entry = ReadDBSubjectEntry(handle, derSubject); |
3093 | |
3094 | if ( entry == NULL((void*)0) ) { |
3095 | return(SECFailure); |
3096 | } |
3097 | |
3098 | for( i = 0; i < entry->ncerts; i++ ) { |
3099 | cert = nsslowcert_FindCertByKey(handle, &entry->certKeys[i]); |
3100 | if (!cert) { |
3101 | continue; |
3102 | } |
3103 | rv = (* cb)(cert, cbarg); |
3104 | nsslowcert_DestroyCertificate(cert); |
3105 | if ( rv == SECFailure ) { |
3106 | break; |
3107 | } |
3108 | } |
3109 | |
3110 | DestroyDBEntry((certDBEntry *)entry); |
3111 | |
3112 | return(rv); |
3113 | } |
3114 | |
3115 | int |
3116 | nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle, |
3117 | SECItem *derSubject) |
3118 | { |
3119 | certDBEntrySubject *entry; |
3120 | int ret; |
3121 | |
3122 | entry = ReadDBSubjectEntry(handle, derSubject); |
3123 | |
3124 | if ( entry == NULL((void*)0) ) { |
3125 | return(SECFailure); |
3126 | } |
3127 | |
3128 | ret = entry->ncerts; |
3129 | |
3130 | DestroyDBEntry((certDBEntry *)entry); |
3131 | |
3132 | return(ret); |
3133 | } |
3134 | |
3135 | SECStatus |
3136 | nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle, |
3137 | char *nickname, NSSLOWCERTCertCallback cb, void *cbarg) |
3138 | { |
3139 | certDBEntryNickname *nnentry = NULL((void*)0); |
3140 | certDBEntrySMime *smentry = NULL((void*)0); |
3141 | SECStatus rv; |
3142 | SECItem *derSubject = NULL((void*)0); |
3143 | |
3144 | nnentry = ReadDBNicknameEntry(handle, nickname); |
3145 | if ( nnentry ) { |
3146 | derSubject = &nnentry->subjectName; |
3147 | } else { |
3148 | smentry = nsslowcert_ReadDBSMimeEntry(handle, nickname); |
3149 | if ( smentry ) { |
3150 | derSubject = &smentry->subjectName; |
3151 | } |
3152 | } |
3153 | |
3154 | if ( derSubject ) { |
3155 | rv = nsslowcert_TraversePermCertsForSubject(handle, derSubject, |
3156 | cb, cbarg); |
3157 | } else { |
3158 | rv = SECFailure; |
3159 | } |
3160 | |
3161 | if ( nnentry ) { |
3162 | DestroyDBEntry((certDBEntry *)nnentry); |
3163 | } |
3164 | if ( smentry ) { |
3165 | DestroyDBEntry((certDBEntry *)smentry); |
3166 | } |
3167 | |
3168 | return(rv); |
3169 | } |
3170 | |
3171 | int |
3172 | nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle, |
3173 | char *nickname) |
3174 | { |
3175 | certDBEntryNickname *entry; |
3176 | int ret; |
3177 | |
3178 | entry = ReadDBNicknameEntry(handle, nickname); |
3179 | |
3180 | if ( entry ) { |
3181 | ret = nsslowcert_NumPermCertsForSubject(handle, &entry->subjectName); |
3182 | DestroyDBEntry((certDBEntry *)entry); |
3183 | } else { |
3184 | ret = 0; |
3185 | } |
3186 | return(ret); |
3187 | } |
3188 | |
3189 | /* |
3190 | * add a nickname to a cert that doesn't have one |
3191 | */ |
3192 | static SECStatus |
3193 | AddNicknameToPermCert(NSSLOWCERTCertDBHandle *dbhandle, |
3194 | NSSLOWCERTCertificate *cert, char *nickname) |
3195 | { |
3196 | certDBEntryCert *entry; |
3197 | int rv; |
3198 | |
3199 | entry = cert->dbEntry; |
3200 | PORT_Assert(entry != NULL)((entry != ((void*)0))?((void)0):PR_Assert("entry != NULL","pcertdb.c" ,3200)); |
3201 | if ( entry == NULL((void*)0) ) { |
3202 | goto loser; |
3203 | } |
3204 | |
3205 | pkcs11_freeNickname(entry->nickname,entry->nicknameSpace); |
3206 | entry->nickname = NULL((void*)0); |
3207 | entry->nickname = pkcs11_copyNickname(nickname,entry->nicknameSpace, |
3208 | sizeof(entry->nicknameSpace)); |
3209 | |
3210 | rv = WriteDBCertEntry(dbhandle, entry); |
3211 | if ( rv ) { |
3212 | goto loser; |
3213 | } |
3214 | |
3215 | pkcs11_freeNickname(cert->nickname,cert->nicknameSpace); |
3216 | cert->nickname = NULL((void*)0); |
3217 | cert->nickname = pkcs11_copyNickname(nickname,cert->nicknameSpace, |
3218 | sizeof(cert->nicknameSpace)); |
3219 | |
3220 | return(SECSuccess); |
3221 | |
3222 | loser: |
3223 | return(SECFailure); |
3224 | } |
3225 | |
3226 | /* |
3227 | * add a nickname to a cert that is already in the perm database, but doesn't |
3228 | * have one yet (it is probably an e-mail cert). |
3229 | */ |
3230 | SECStatus |
3231 | nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle, |
3232 | NSSLOWCERTCertificate *cert, char *nickname) |
3233 | { |
3234 | SECStatus rv = SECFailure; |
3235 | certDBEntrySubject *entry = NULL((void*)0); |
3236 | certDBEntryNickname *nicknameEntry = NULL((void*)0); |
3237 | |
3238 | nsslowcert_LockDB(dbhandle); |
3239 | |
3240 | entry = ReadDBSubjectEntry(dbhandle, &cert->derSubject); |
3241 | if (entry == NULL((void*)0)) goto loser; |
3242 | |
3243 | if ( entry->nickname == NULL((void*)0) ) { |
3244 | |
3245 | /* no nickname for subject */ |
3246 | rv = AddNicknameToSubject(dbhandle, cert, nickname); |
3247 | if ( rv != SECSuccess ) { |
3248 | goto loser; |
3249 | } |
3250 | rv = AddNicknameToPermCert(dbhandle, cert, nickname); |
3251 | if ( rv != SECSuccess ) { |
3252 | goto loser; |
3253 | } |
3254 | nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0); |
3255 | if ( nicknameEntry == NULL((void*)0) ) { |
3256 | goto loser; |
3257 | } |
3258 | |
3259 | rv = WriteDBNicknameEntry(dbhandle, nicknameEntry); |
3260 | if ( rv != SECSuccess ) { |
3261 | goto loser; |
3262 | } |
3263 | } else { |
3264 | /* subject already has a nickname */ |
3265 | rv = AddNicknameToPermCert(dbhandle, cert, entry->nickname); |
3266 | if ( rv != SECSuccess ) { |
3267 | goto loser; |
3268 | } |
3269 | /* make sure nickname entry exists. If the database was corrupted, |
3270 | * we may have lost the nickname entry. Add it back now */ |
3271 | nicknameEntry = ReadDBNicknameEntry(dbhandle, entry->nickname); |
3272 | if (nicknameEntry == NULL((void*)0) ) { |
3273 | nicknameEntry = NewDBNicknameEntry(entry->nickname, |
3274 | &cert->derSubject, 0); |
3275 | if ( nicknameEntry == NULL((void*)0) ) { |
3276 | goto loser; |
3277 | } |
3278 | |
3279 | rv = WriteDBNicknameEntry(dbhandle, nicknameEntry); |
3280 | if ( rv != SECSuccess ) { |
3281 | goto loser; |
3282 | } |
3283 | } |
3284 | } |
3285 | rv = SECSuccess; |
3286 | |
3287 | loser: |
3288 | if (entry) { |
3289 | DestroyDBEntry((certDBEntry *)entry); |
3290 | } |
3291 | if (nicknameEntry) { |
3292 | DestroyDBEntry((certDBEntry *)nicknameEntry); |
3293 | } |
3294 | nsslowcert_UnlockDB(dbhandle); |
3295 | return(rv); |
3296 | } |
3297 | |
3298 | static certDBEntryCert * |
3299 | AddCertToPermDB(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, |
3300 | char *nickname, NSSLOWCERTCertTrust *trust) |
3301 | { |
3302 | certDBEntryCert *certEntry = NULL((void*)0); |
3303 | certDBEntryNickname *nicknameEntry = NULL((void*)0); |
3304 | certDBEntrySubject *subjectEntry = NULL((void*)0); |
3305 | int state = 0; |
3306 | SECStatus rv; |
3307 | PRBool donnentry = PR_FALSE0; |
3308 | |
3309 | if ( nickname ) { |
3310 | donnentry = PR_TRUE1; |
3311 | } |
3312 | |
3313 | subjectEntry = ReadDBSubjectEntry(handle, &cert->derSubject); |
3314 | |
3315 | if ( subjectEntry && subjectEntry->nickname ) { |
3316 | donnentry = PR_FALSE0; |
3317 | nickname = subjectEntry->nickname; |
3318 | } |
3319 | |
3320 | certEntry = NewDBCertEntry(&cert->derCert, nickname, trust, 0); |
3321 | if ( certEntry == NULL((void*)0) ) { |
3322 | goto loser; |
3323 | } |
3324 | |
3325 | if ( donnentry ) { |
3326 | nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0); |
3327 | if ( nicknameEntry == NULL((void*)0) ) { |
3328 | goto loser; |
3329 | } |
3330 | } |
3331 | |
3332 | rv = WriteDBCertEntry(handle, certEntry); |
3333 | if ( rv != SECSuccess ) { |
3334 | goto loser; |
3335 | } |
3336 | state = 1; |
3337 | |
3338 | if ( nicknameEntry ) { |
3339 | rv = WriteDBNicknameEntry(handle, nicknameEntry); |
3340 | if ( rv != SECSuccess ) { |
3341 | goto loser; |
3342 | } |
3343 | } |
3344 | |
3345 | state = 2; |
3346 | |
3347 | /* "Change" handles if necessary */ |
3348 | cert->dbhandle = handle; |
3349 | |
3350 | /* add to or create new subject entry */ |
3351 | if ( subjectEntry ) { |
3352 | /* REWRITE BASED ON SUBJECT ENTRY */ |
3353 | rv = AddPermSubjectNode(subjectEntry, cert, nickname); |
3354 | if ( rv != SECSuccess ) { |
3355 | goto loser; |
3356 | } |
3357 | } else { |
3358 | /* make a new subject entry - this case is only used when updating |
3359 | * an old version of the database. This is OK because the oldnickname |
3360 | * db format didn't allow multiple certs with the same subject. |
3361 | */ |
3362 | /* where does subjectKeyID and certKey come from? */ |
3363 | subjectEntry = NewDBSubjectEntry(&cert->derSubject, &cert->certKey, |
3364 | &cert->subjectKeyID, nickname, |
3365 | NULL((void*)0), 0); |
3366 | if ( subjectEntry == NULL((void*)0) ) { |
3367 | goto loser; |
3368 | } |
3369 | rv = WriteDBSubjectEntry(handle, subjectEntry); |
3370 | if ( rv != SECSuccess ) { |
3371 | goto loser; |
3372 | } |
3373 | } |
3374 | |
3375 | state = 3; |
3376 | |
3377 | if ( nicknameEntry ) { |
3378 | DestroyDBEntry((certDBEntry *)nicknameEntry); |
3379 | } |
3380 | |
3381 | if ( subjectEntry ) { |
3382 | DestroyDBEntry((certDBEntry *)subjectEntry); |
3383 | } |
3384 | |
3385 | return(certEntry); |
3386 | |
3387 | loser: |
3388 | /* don't leave partial entry in the database */ |
3389 | if ( state > 0 ) { |
3390 | rv = DeleteDBCertEntry(handle, &cert->certKey); |
3391 | } |
3392 | if ( ( state > 1 ) && donnentry ) { |
3393 | rv = DeleteDBNicknameEntry(handle, nickname); |
3394 | } |
3395 | if ( state > 2 ) { |
3396 | rv = DeleteDBSubjectEntry(handle, &cert->derSubject); |
3397 | } |
3398 | if ( certEntry ) { |
3399 | DestroyDBEntry((certDBEntry *)certEntry); |
3400 | } |
3401 | if ( nicknameEntry ) { |
3402 | DestroyDBEntry((certDBEntry *)nicknameEntry); |
3403 | } |
3404 | if ( subjectEntry ) { |
3405 | DestroyDBEntry((certDBEntry *)subjectEntry); |
3406 | } |
3407 | |
3408 | return(NULL((void*)0)); |
3409 | } |
3410 | |
3411 | /* forward declaration */ |
3412 | static SECStatus |
3413 | UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb); |
3414 | |
3415 | /* |
3416 | * version 8 uses the same schema as version 7. The only differences are |
3417 | * 1) version 8 db uses the blob shim to store data entries > 32k. |
3418 | * 2) version 8 db sets the db block size to 32k. |
3419 | * both of these are dealt with by the handle. |
3420 | */ |
3421 | |
3422 | static SECStatus |
3423 | UpdateV8DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) |
3424 | { |
3425 | return UpdateV7DB(handle,updatedb); |
3426 | } |
3427 | |
3428 | |
3429 | /* |
3430 | * we could just blindly sequence through reading key data pairs and writing |
3431 | * them back out, but some cert.db's have gotten quite large and may have some |
3432 | * subtle corruption problems, so instead we cycle through the certs and |
3433 | * CRL's and S/MIME profiles and rebuild our subject lists from those records. |
3434 | */ |
3435 | static SECStatus |
3436 | UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) |
3437 | { |
3438 | DBT key, data; |
3439 | int ret; |
3440 | NSSLOWCERTCertificate *cert; |
3441 | PRBool isKRL = PR_FALSE0; |
3442 | certDBEntryType entryType; |
3443 | SECItem dbEntry, dbKey; |
3444 | certDBEntryRevocation crlEntry; |
3445 | certDBEntryCert certEntry; |
3446 | certDBEntrySMime smimeEntry; |
3447 | SECStatus rv; |
3448 | |
3449 | ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST3); |
3450 | |
3451 | if ( ret ) { |
3452 | return(SECFailure); |
3453 | } |
3454 | |
3455 | do { |
3456 | unsigned char *dataBuf = (unsigned char *)data.data; |
3457 | unsigned char *keyBuf = (unsigned char *)key.data; |
3458 | dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN3]; |
3459 | dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN3; |
3460 | entryType = (certDBEntryType) keyBuf[0]; |
3461 | dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN1]; |
3462 | dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN1; |
3463 | if ((dbEntry.len <= 0) || (dbKey.len <= 0)) { |
3464 | continue; |
3465 | } |
3466 | |
3467 | switch (entryType) { |
3468 | /* these entries will get regenerated as we read the |
3469 | * rest of the data from the database */ |
3470 | case certDBEntryTypeVersion: |
3471 | case certDBEntryTypeSubject: |
3472 | case certDBEntryTypeContentVersion: |
3473 | case certDBEntryTypeNickname: |
3474 | /* smime profiles need entries created after the certs have |
3475 | * been imported, loop over them in a second run */ |
3476 | case certDBEntryTypeSMimeProfile: |
3477 | break; |
3478 | |
3479 | case certDBEntryTypeCert: |
3480 | /* decode Entry */ |
3481 | certEntry.common.version = (unsigned int)dataBuf[0]; |
3482 | certEntry.common.type = entryType; |
3483 | certEntry.common.flags = (unsigned int)dataBuf[2]; |
3484 | rv = DecodeDBCertEntry(&certEntry,&dbEntry); |
3485 | if (rv != SECSuccess) { |
3486 | break; |
3487 | } |
3488 | /* should we check for existing duplicates? */ |
3489 | cert = nsslowcert_DecodeDERCertificate(&certEntry.derCert, |
3490 | certEntry.nickname); |
3491 | if (cert) { |
3492 | nsslowcert_UpdatePermCert(handle, cert, certEntry.nickname, |
3493 | &certEntry.trust); |
3494 | nsslowcert_DestroyCertificate(cert); |
3495 | } |
3496 | /* free any data the decode may have allocated. */ |
3497 | pkcs11_freeStaticData(certEntry.derCert.data, |
3498 | certEntry.derCertSpace); |
3499 | pkcs11_freeNickname(certEntry.nickname, certEntry.nicknameSpace); |
3500 | break; |
3501 | |
3502 | case certDBEntryTypeKeyRevocation: |
3503 | isKRL = PR_TRUE1; |
3504 | /* fall through */ |
3505 | case certDBEntryTypeRevocation: |
3506 | crlEntry.common.version = (unsigned int)dataBuf[0]; |
3507 | crlEntry.common.type = entryType; |
3508 | crlEntry.common.flags = (unsigned int)dataBuf[2]; |
3509 | crlEntry.common.arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
3510 | if (crlEntry.common.arena == NULL((void*)0)) { |
3511 | break; |
3512 | } |
3513 | rv = DecodeDBCrlEntry(&crlEntry,&dbEntry); |
3514 | if (rv != SECSuccess) { |
3515 | break; |
3516 | } |
3517 | nsslowcert_UpdateCrl(handle, &crlEntry.derCrl, &dbKey, |
3518 | crlEntry.url, isKRL); |
3519 | /* free data allocated by the decode */ |
3520 | PORT_FreeArenaPORT_FreeArena_Util(crlEntry.common.arena, PR_FALSE0); |
3521 | crlEntry.common.arena = NULL((void*)0); |
3522 | break; |
3523 | |
3524 | default: |
3525 | break; |
3526 | } |
3527 | } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT7) == 0 ); |
3528 | |
3529 | /* now loop again updating just the SMimeProfile. */ |
3530 | ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST3); |
3531 | |
3532 | if ( ret ) { |
3533 | return(SECFailure); |
3534 | } |
3535 | |
3536 | do { |
3537 | unsigned char *dataBuf = (unsigned char *)data.data; |
3538 | unsigned char *keyBuf = (unsigned char *)key.data; |
3539 | dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN3]; |
3540 | dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN3; |
3541 | entryType = (certDBEntryType) keyBuf[0]; |
3542 | if (entryType != certDBEntryTypeSMimeProfile) { |
3543 | continue; |
3544 | } |
3545 | dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN1]; |
3546 | dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN1; |
3547 | if ((dbEntry.len <= 0) || (dbKey.len <= 0)) { |
3548 | continue; |
3549 | } |
3550 | smimeEntry.common.version = (unsigned int)dataBuf[0]; |
3551 | smimeEntry.common.type = entryType; |
3552 | smimeEntry.common.flags = (unsigned int)dataBuf[2]; |
3553 | smimeEntry.common.arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
3554 | /* decode entry */ |
3555 | rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data); |
3556 | if (rv == SECSuccess) { |
3557 | nsslowcert_UpdateSMimeProfile(handle, smimeEntry.emailAddr, |
3558 | &smimeEntry.subjectName, &smimeEntry.smimeOptions, |
3559 | &smimeEntry.optionsDate); |
3560 | } |
3561 | PORT_FreeArenaPORT_FreeArena_Util(smimeEntry.common.arena, PR_FALSE0); |
3562 | smimeEntry.common.arena = NULL((void*)0); |
3563 | } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT7) == 0 ); |
3564 | |
3565 | (* updatedb->close)(updatedb); |
3566 | |
3567 | /* a database update is a good time to go back and verify the integrity of |
3568 | * the keys and certs */ |
3569 | handle->dbVerify = PR_TRUE1; |
3570 | return(SECSuccess); |
3571 | } |
3572 | |
3573 | /* |
3574 | * NOTE - Version 6 DB did not go out to the real world in a release, |
3575 | * so we can remove this function in a later release. |
3576 | */ |
3577 | static SECStatus |
3578 | UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) |
3579 | { |
3580 | int ret; |
3581 | DBT key, data; |
3582 | unsigned char *buf, *tmpbuf = NULL((void*)0); |
3583 | certDBEntryType type; |
3584 | certDBEntryNickname *nnEntry = NULL((void*)0); |
3585 | certDBEntrySubject *subjectEntry = NULL((void*)0); |
3586 | certDBEntrySMime *emailEntry = NULL((void*)0); |
3587 | char *nickname; |
3588 | char *emailAddr; |
3589 | SECStatus rv; |
3590 | |
3591 | /* |
3592 | * Sequence through the old database and copy all of the entries |
3593 | * to the new database. Subject name entries will have the new |
3594 | * fields inserted into them (with zero length). |
3595 | */ |
3596 | ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST3); |
3597 | if ( ret ) { |
3598 | return(SECFailure); |
3599 | } |
3600 | |
3601 | do { |
3602 | buf = (unsigned char *)data.data; |
3603 | |
3604 | if ( data.size >= 3 ) { |
3605 | if ( buf[0] == 6 ) { /* version number */ |
3606 | type = (certDBEntryType)buf[1]; |
3607 | if ( type == certDBEntryTypeSubject ) { |
3608 | /* expando subjecto entrieo */ |
3609 | tmpbuf = (unsigned char *)PORT_AllocPORT_Alloc_Util(data.size + 4); |
3610 | if ( tmpbuf ) { |
3611 | /* copy header stuff */ |
3612 | PORT_Memcpymemcpy(tmpbuf, buf, SEC_DB_ENTRY_HEADER_LEN3 + 2); |
3613 | /* insert 4 more bytes of zero'd header */ |
3614 | PORT_Memsetmemset(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN3 + 2], |
3615 | 0, 4); |
3616 | /* copy rest of the data */ |
3617 | PORT_Memcpymemcpy(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN3 + 6], |
3618 | &buf[SEC_DB_ENTRY_HEADER_LEN3 + 2], |
3619 | data.size - (SEC_DB_ENTRY_HEADER_LEN3 + 2)); |
3620 | |
3621 | data.data = (void *)tmpbuf; |
3622 | data.size += 4; |
3623 | buf = tmpbuf; |
3624 | } |
3625 | } else if ( type == certDBEntryTypeCert ) { |
3626 | /* expando certo entrieo */ |
3627 | tmpbuf = (unsigned char *)PORT_AllocPORT_Alloc_Util(data.size + 3); |
3628 | if ( tmpbuf ) { |
3629 | /* copy header stuff */ |
3630 | PORT_Memcpymemcpy(tmpbuf, buf, SEC_DB_ENTRY_HEADER_LEN3); |
3631 | |
3632 | /* copy trust flage, setting msb's to 0 */ |
3633 | tmpbuf[SEC_DB_ENTRY_HEADER_LEN3] = 0; |
3634 | tmpbuf[SEC_DB_ENTRY_HEADER_LEN3+1] = |
3635 | buf[SEC_DB_ENTRY_HEADER_LEN3]; |
3636 | tmpbuf[SEC_DB_ENTRY_HEADER_LEN3+2] = 0; |
3637 | tmpbuf[SEC_DB_ENTRY_HEADER_LEN3+3] = |
3638 | buf[SEC_DB_ENTRY_HEADER_LEN3+1]; |
3639 | tmpbuf[SEC_DB_ENTRY_HEADER_LEN3+4] = 0; |
3640 | tmpbuf[SEC_DB_ENTRY_HEADER_LEN3+5] = |
3641 | buf[SEC_DB_ENTRY_HEADER_LEN3+2]; |
3642 | |
3643 | /* copy rest of the data */ |
3644 | PORT_Memcpymemcpy(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN3 + 6], |
3645 | &buf[SEC_DB_ENTRY_HEADER_LEN3 + 3], |
3646 | data.size - (SEC_DB_ENTRY_HEADER_LEN3 + 3)); |
3647 | |
3648 | data.data = (void *)tmpbuf; |
3649 | data.size += 3; |
3650 | buf = tmpbuf; |
3651 | } |
3652 | |
3653 | } |
3654 | |
3655 | /* update the record version number */ |
3656 | buf[0] = CERT_DB_FILE_VERSION8; |
3657 | |
3658 | /* copy to the new database */ |
3659 | ret = certdb_Put(handle->permCertDB, &key, &data, 0); |
3660 | if ( tmpbuf ) { |
3661 | PORT_FreePORT_Free_Util(tmpbuf); |
3662 | tmpbuf = NULL((void*)0); |
3663 | } |
3664 | } |
3665 | } |
3666 | } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT7) == 0 ); |
3667 | |
3668 | ret = certdb_Sync(handle->permCertDB, 0); |
3669 | |
3670 | ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST3); |
3671 | if ( ret ) { |
3672 | return(SECFailure); |
3673 | } |
3674 | |
3675 | do { |
3676 | buf = (unsigned char *)data.data; |
3677 | |
3678 | if ( data.size >= 3 ) { |
3679 | if ( buf[0] == CERT_DB_FILE_VERSION8 ) { /* version number */ |
3680 | type = (certDBEntryType)buf[1]; |
3681 | if ( type == certDBEntryTypeNickname ) { |
3682 | nickname = &((char *)key.data)[1]; |
3683 | |
3684 | /* get the matching nickname entry in the new DB */ |
3685 | nnEntry = ReadDBNicknameEntry(handle, nickname); |
3686 | if ( nnEntry == NULL((void*)0) ) { |
3687 | goto endloop; |
3688 | } |
3689 | |
3690 | /* find the subject entry pointed to by nickname */ |
3691 | subjectEntry = ReadDBSubjectEntry(handle, |
3692 | &nnEntry->subjectName); |
3693 | if ( subjectEntry == NULL((void*)0) ) { |
3694 | goto endloop; |
3695 | } |
3696 | |
3697 | subjectEntry->nickname = |
3698 | (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(subjectEntry->common.arena, |
3699 | key.size - 1); |
3700 | if ( subjectEntry->nickname ) { |
3701 | PORT_Memcpymemcpy(subjectEntry->nickname, nickname, |
3702 | key.size - 1); |
3703 | rv = WriteDBSubjectEntry(handle, subjectEntry); |
Value stored to 'rv' is never read | |
3704 | } |
3705 | } else if ( type == certDBEntryTypeSMimeProfile ) { |
3706 | emailAddr = &((char *)key.data)[1]; |
3707 | |
3708 | /* get the matching smime entry in the new DB */ |
3709 | emailEntry = nsslowcert_ReadDBSMimeEntry(handle, emailAddr); |
3710 | if ( emailEntry == NULL((void*)0) ) { |
3711 | goto endloop; |
3712 | } |
3713 | |
3714 | /* find the subject entry pointed to by nickname */ |
3715 | subjectEntry = ReadDBSubjectEntry(handle, |
3716 | &emailEntry->subjectName); |
3717 | if ( subjectEntry == NULL((void*)0) ) { |
3718 | goto endloop; |
3719 | } |
3720 | |
3721 | subjectEntry->emailAddrs = (char **) |
3722 | PORT_ArenaAllocPORT_ArenaAlloc_Util(subjectEntry->common.arena, |
3723 | sizeof(char *)); |
3724 | if ( subjectEntry->emailAddrs ) { |
3725 | subjectEntry->emailAddrs[0] = |
3726 | (char *)PORT_ArenaAllocPORT_ArenaAlloc_Util(subjectEntry->common.arena, |
3727 | key.size - 1); |
3728 | if ( subjectEntry->emailAddrs[0] ) { |
3729 | PORT_Memcpymemcpy(subjectEntry->emailAddrs[0], emailAddr, |
3730 | key.size - 1); |
3731 | subjectEntry->nemailAddrs = 1; |
3732 | rv = WriteDBSubjectEntry(handle, subjectEntry); |
3733 | } |
3734 | } |
3735 | } |
3736 | |
3737 | endloop: |
3738 | if ( subjectEntry ) { |
3739 | DestroyDBEntry((certDBEntry *)subjectEntry); |
3740 | subjectEntry = NULL((void*)0); |
3741 | } |
3742 | if ( nnEntry ) { |
3743 | DestroyDBEntry((certDBEntry *)nnEntry); |
3744 | nnEntry = NULL((void*)0); |
3745 | } |
3746 | if ( emailEntry ) { |
3747 | DestroyDBEntry((certDBEntry *)emailEntry); |
3748 | emailEntry = NULL((void*)0); |
3749 | } |
3750 | } |
3751 | } |
3752 | } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT7) == 0 ); |
3753 | |
3754 | ret = certdb_Sync(handle->permCertDB, 0); |
3755 | |
3756 | (* updatedb->close)(updatedb); |
3757 | return(SECSuccess); |
3758 | } |
3759 | |
3760 | |
3761 | static SECStatus |
3762 | updateV5Callback(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata) |
3763 | { |
3764 | NSSLOWCERTCertDBHandle *handle; |
3765 | certDBEntryCert *entry; |
3766 | NSSLOWCERTCertTrust *trust; |
3767 | |
3768 | handle = (NSSLOWCERTCertDBHandle *)pdata; |
3769 | trust = &cert->dbEntry->trust; |
3770 | |
3771 | /* SSL user certs can be used for email if they have an email addr */ |
3772 | if ( cert->emailAddr && ( trust->sslFlags & CERTDB_USER(1<<6) ) && |
3773 | ( trust->emailFlags == 0 ) ) { |
3774 | trust->emailFlags = CERTDB_USER(1<<6); |
3775 | } |
3776 | /* servers didn't set the user flags on the server cert.. */ |
3777 | if (PORT_Strcmpstrcmp(cert->dbEntry->nickname,"Server-Cert") == 0) { |
3778 | trust->sslFlags |= CERTDB_USER(1<<6); |
3779 | } |
3780 | |
3781 | entry = AddCertToPermDB(handle, cert, cert->dbEntry->nickname, |
3782 | &cert->dbEntry->trust); |
3783 | if ( entry ) { |
3784 | DestroyDBEntry((certDBEntry *)entry); |
3785 | } |
3786 | |
3787 | return(SECSuccess); |
3788 | } |
3789 | |
3790 | static SECStatus |
3791 | UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) |
3792 | { |
3793 | NSSLOWCERTCertDBHandle updatehandle; |
3794 | SECStatus rv; |
3795 | |
3796 | updatehandle.permCertDB = updatedb; |
3797 | updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB)PR_NewMonitor(); |
3798 | updatehandle.dbVerify = 0; |
3799 | updatehandle.ref = 1; /* prevent premature close */ |
3800 | |
3801 | rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, |
3802 | (void *)handle); |
3803 | |
3804 | PZ_DestroyMonitor(updatehandle.dbMon)PR_DestroyMonitor((updatehandle.dbMon)); |
3805 | |
3806 | (* updatedb->close)(updatedb); |
3807 | return(SECSuccess); |
3808 | } |
3809 | |
3810 | static PRBool |
3811 | isV4DB(DB *db) { |
3812 | DBT key,data; |
3813 | int ret; |
3814 | |
3815 | key.data = "Version"; |
3816 | key.size = 7; |
3817 | |
3818 | ret = (*db->get)(db, &key, &data, 0); |
3819 | if (ret) { |
3820 | return PR_FALSE0; |
3821 | } |
3822 | |
3823 | if ((data.size == 1) && (*(unsigned char *)data.data <= 4)) { |
3824 | return PR_TRUE1; |
3825 | } |
3826 | |
3827 | return PR_FALSE0; |
3828 | } |
3829 | |
3830 | static SECStatus |
3831 | UpdateV4DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) |
3832 | { |
3833 | DBT key, data; |
3834 | certDBEntryCert *entry, *entry2; |
3835 | int ret; |
3836 | PLArenaPool *arena = NULL((void*)0); |
3837 | NSSLOWCERTCertificate *cert; |
3838 | |
3839 | ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST3); |
3840 | |
3841 | if ( ret ) { |
3842 | return(SECFailure); |
3843 | } |
3844 | |
3845 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
3846 | if (arena == NULL((void*)0)) { |
3847 | return(SECFailure); |
3848 | } |
3849 | |
3850 | do { |
3851 | if ( data.size != 1 ) { /* skip version number */ |
3852 | |
3853 | /* decode the old DB entry */ |
3854 | entry = (certDBEntryCert *) |
3855 | DecodeV4DBCertEntry((unsigned char*)data.data, data.size); |
3856 | |
3857 | if ( entry ) { |
3858 | cert = nsslowcert_DecodeDERCertificate(&entry->derCert, |
3859 | entry->nickname); |
3860 | |
3861 | if ( cert != NULL((void*)0) ) { |
3862 | /* add to new database */ |
3863 | entry2 = AddCertToPermDB(handle, cert, entry->nickname, |
3864 | &entry->trust); |
3865 | |
3866 | nsslowcert_DestroyCertificate(cert); |
3867 | if ( entry2 ) { |
3868 | DestroyDBEntry((certDBEntry *)entry2); |
3869 | } |
3870 | } |
3871 | DestroyDBEntry((certDBEntry *)entry); |
3872 | } |
3873 | } |
3874 | } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT7) == 0 ); |
3875 | |
3876 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
3877 | (* updatedb->close)(updatedb); |
3878 | return(SECSuccess); |
3879 | } |
3880 | |
3881 | |
3882 | /* |
3883 | * return true if a database key conflict exists |
3884 | */ |
3885 | PRBool |
3886 | nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle) |
3887 | { |
3888 | SECStatus rv; |
3889 | DBT tmpdata; |
3890 | DBT namekey; |
3891 | int ret; |
3892 | SECItem keyitem; |
3893 | PLArenaPool *arena = NULL((void*)0); |
3894 | SECItem derKey; |
3895 | |
3896 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
3897 | if ( arena == NULL((void*)0) ) { |
3898 | goto loser; |
3899 | } |
3900 | |
3901 | /* get the db key of the cert */ |
3902 | rv = nsslowcert_KeyFromDERCert(arena, derCert, &derKey); |
3903 | if ( rv != SECSuccess ) { |
3904 | goto loser; |
3905 | } |
3906 | |
3907 | rv = EncodeDBCertKey(&derKey, arena, &keyitem); |
3908 | if ( rv != SECSuccess ) { |
3909 | goto loser; |
3910 | } |
3911 | |
3912 | namekey.data = keyitem.data; |
3913 | namekey.size = keyitem.len; |
3914 | |
3915 | ret = certdb_Get(handle->permCertDB, &namekey, &tmpdata, 0); |
3916 | if ( ret == 0 ) { |
3917 | goto loser; |
3918 | } |
3919 | |
3920 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
3921 | |
3922 | return(PR_FALSE0); |
3923 | loser: |
3924 | if ( arena ) { |
3925 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
3926 | } |
3927 | |
3928 | return(PR_TRUE1); |
3929 | } |
3930 | |
3931 | /* |
3932 | * return true if a nickname conflict exists |
3933 | * NOTE: caller must have already made sure that this exact cert |
3934 | * doesn't exist in the DB |
3935 | */ |
3936 | static PRBool |
3937 | nsslowcert_CertNicknameConflict(char *nickname, SECItem *derSubject, |
3938 | NSSLOWCERTCertDBHandle *handle) |
3939 | { |
3940 | PRBool rv; |
3941 | certDBEntryNickname *entry; |
3942 | |
3943 | if ( nickname == NULL((void*)0) ) { |
3944 | return(PR_FALSE0); |
3945 | } |
3946 | |
3947 | entry = ReadDBNicknameEntry(handle, nickname); |
3948 | |
3949 | if ( entry == NULL((void*)0) ) { |
3950 | /* no entry for this nickname, so no conflict */ |
3951 | return(PR_FALSE0); |
3952 | } |
3953 | |
3954 | rv = PR_TRUE1; |
3955 | if ( SECITEM_CompareItemSECITEM_CompareItem_Util(derSubject, &entry->subjectName) == SECEqual ) { |
3956 | /* if subject names are the same, then no conflict */ |
3957 | rv = PR_FALSE0; |
3958 | } |
3959 | |
3960 | DestroyDBEntry((certDBEntry *)entry); |
3961 | return(rv); |
3962 | } |
3963 | |
3964 | #ifdef DBM_USING_NSPR |
3965 | #define NO_RDONLY00 PR_RDONLY0x01 |
3966 | #define NO_RDWR02 PR_RDWR0x04 |
3967 | #define NO_CREATE(02 | 0100 | 01000) (PR_RDWR0x04 | PR_CREATE_FILE0x08 | PR_TRUNCATE0x20) |
3968 | #else |
3969 | #define NO_RDONLY00 O_RDONLY00 |
3970 | #define NO_RDWR02 O_RDWR02 |
3971 | #define NO_CREATE(02 | 0100 | 01000) (O_RDWR02 | O_CREAT0100 | O_TRUNC01000) |
3972 | #endif |
3973 | |
3974 | /* |
3975 | * open an old database that needs to be updated |
3976 | */ |
3977 | static DB * |
3978 | nsslowcert_openolddb(NSSLOWCERTDBNameFunc namecb, void *cbarg, int version) |
3979 | { |
3980 | char * tmpname; |
3981 | DB *updatedb = NULL((void*)0); |
3982 | |
3983 | tmpname = (* namecb)(cbarg, version); /* get v6 db name */ |
3984 | if ( tmpname ) { |
3985 | updatedb = dbopen( tmpname, NO_RDONLY00, 0600, DB_HASH, 0 ); |
3986 | PORT_FreePORT_Free_Util(tmpname); |
3987 | } |
3988 | return updatedb; |
3989 | } |
3990 | |
3991 | static SECStatus |
3992 | openNewCertDB(const char *appName, const char *prefix, const char *certdbname, |
3993 | NSSLOWCERTCertDBHandle *handle, NSSLOWCERTDBNameFunc namecb, void *cbarg) |
3994 | { |
3995 | SECStatus rv; |
3996 | certDBEntryVersion *versionEntry = NULL((void*)0); |
3997 | DB *updatedb = NULL((void*)0); |
3998 | int status = RDB_FAIL1; |
3999 | |
4000 | if (appName) { |
4001 | handle->permCertDB=rdbopen( appName, prefix, "cert", NO_CREATE(02 | 0100 | 01000), &status); |
4002 | } else { |
4003 | handle->permCertDB=dbsopen(certdbname, NO_CREATE(02 | 0100 | 01000), 0600, DB_HASH, 0); |
4004 | } |
4005 | |
4006 | /* if create fails then we lose */ |
4007 | if ( handle->permCertDB == 0 ) { |
4008 | return status == RDB_RETRY2 ? SECWouldBlock : SECFailure; |
4009 | } |
4010 | |
4011 | /* Verify version number; */ |
4012 | versionEntry = NewDBVersionEntry(0); |
4013 | if ( versionEntry == NULL((void*)0) ) { |
4014 | rv = SECFailure; |
4015 | goto loser; |
4016 | } |
4017 | |
4018 | rv = WriteDBVersionEntry(handle, versionEntry); |
4019 | |
4020 | DestroyDBEntry((certDBEntry *)versionEntry); |
4021 | |
4022 | if ( rv != SECSuccess ) { |
4023 | goto loser; |
4024 | } |
4025 | |
4026 | /* rv must already be Success here because of previous if statement */ |
4027 | /* try to upgrade old db here */ |
4028 | if (appName && |
4029 | (updatedb = dbsopen(certdbname, NO_RDONLY00, 0600, DB_HASH, 0)) != NULL((void*)0)) { |
4030 | rv = UpdateV8DB(handle, updatedb); |
4031 | } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,7)) != NULL((void*)0)) { |
4032 | rv = UpdateV7DB(handle, updatedb); |
4033 | } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,6)) != NULL((void*)0)) { |
4034 | rv = UpdateV6DB(handle, updatedb); |
4035 | } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,5)) != NULL((void*)0)) { |
4036 | rv = UpdateV5DB(handle, updatedb); |
4037 | } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,4)) != NULL((void*)0)) { |
4038 | /* NES has v5 format db's with v4 db names! */ |
4039 | if (isV4DB(updatedb)) { |
4040 | rv = UpdateV4DB(handle,updatedb); |
4041 | } else { |
4042 | rv = UpdateV5DB(handle,updatedb); |
4043 | } |
4044 | } |
4045 | |
4046 | |
4047 | loser: |
4048 | db_InitComplete(handle->permCertDB); |
4049 | return rv; |
4050 | } |
4051 | |
4052 | static int |
4053 | nsslowcert_GetVersionNumber( NSSLOWCERTCertDBHandle *handle) |
4054 | { |
4055 | certDBEntryVersion *versionEntry = NULL((void*)0); |
4056 | int version = 0; |
4057 | |
4058 | versionEntry = ReadDBVersionEntry(handle); |
4059 | if ( versionEntry == NULL((void*)0) ) { |
4060 | return 0; |
4061 | } |
4062 | version = versionEntry->common.version; |
4063 | DestroyDBEntry((certDBEntry *)versionEntry); |
4064 | return version; |
4065 | } |
4066 | |
4067 | /* |
4068 | * Open the certificate database and index databases. Create them if |
4069 | * they are not there or bad. |
4070 | */ |
4071 | static SECStatus |
4072 | nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, |
4073 | const char *appName, const char *prefix, |
4074 | NSSLOWCERTDBNameFunc namecb, void *cbarg) |
4075 | { |
4076 | SECStatus rv; |
4077 | int openflags; |
4078 | char *certdbname; |
4079 | int version = 0; |
4080 | |
4081 | certdbname = (* namecb)(cbarg, CERT_DB_FILE_VERSION8); |
4082 | if ( certdbname == NULL((void*)0) ) { |
4083 | return(SECFailure); |
4084 | } |
4085 | |
4086 | openflags = readOnly ? NO_RDONLY00 : NO_RDWR02; |
4087 | |
4088 | /* |
4089 | * first open the permanent file based database. |
4090 | */ |
4091 | if (appName) { |
4092 | handle->permCertDB = rdbopen( appName, prefix, "cert", openflags, NULL((void*)0)); |
4093 | } else { |
4094 | handle->permCertDB = dbsopen( certdbname, openflags, 0600, DB_HASH, 0 ); |
4095 | } |
4096 | |
4097 | /* check for correct version number */ |
4098 | if ( handle->permCertDB ) { |
4099 | version = nsslowcert_GetVersionNumber(handle); |
4100 | if ((version != CERT_DB_FILE_VERSION8) && |
4101 | !(appName && version == CERT_DB_V7_FILE_VERSION7)) { |
4102 | goto loser; |
4103 | } |
4104 | } else if ( readOnly ) { |
4105 | /* don't create if readonly */ |
4106 | /* Try openning a version 7 database */ |
4107 | handle->permCertDB = nsslowcert_openolddb(namecb,cbarg, 7); |
4108 | if (!handle->permCertDB) { |
4109 | goto loser; |
4110 | } |
4111 | if (nsslowcert_GetVersionNumber(handle) != 7) { |
4112 | goto loser; |
4113 | } |
4114 | } else { |
4115 | /* if first open fails, try to create a new DB */ |
4116 | rv = openNewCertDB(appName,prefix,certdbname,handle,namecb,cbarg); |
4117 | if (rv == SECWouldBlock) { |
4118 | /* only the rdb version can fail with wouldblock */ |
4119 | handle->permCertDB = |
4120 | rdbopen( appName, prefix, "cert", openflags, NULL((void*)0)); |
4121 | |
4122 | /* check for correct version number */ |
4123 | if ( !handle->permCertDB ) { |
4124 | goto loser; |
4125 | } |
4126 | version = nsslowcert_GetVersionNumber(handle); |
4127 | if ((version != CERT_DB_FILE_VERSION8) && |
4128 | !(appName && version == CERT_DB_V7_FILE_VERSION7)) { |
4129 | goto loser; |
4130 | } |
4131 | } else if (rv != SECSuccess) { |
4132 | goto loser; |
4133 | } |
4134 | } |
4135 | |
4136 | PORT_FreePORT_Free_Util(certdbname); |
4137 | |
4138 | return (SECSuccess); |
4139 | |
4140 | loser: |
4141 | |
4142 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
4143 | |
4144 | if ( handle->permCertDB ) { |
4145 | certdb_Close(handle->permCertDB); |
4146 | handle->permCertDB = 0; |
4147 | } |
4148 | |
4149 | PORT_FreePORT_Free_Util(certdbname); |
4150 | |
4151 | return(SECFailure); |
4152 | } |
4153 | |
4154 | /* |
4155 | * delete all DB records associated with a particular certificate |
4156 | */ |
4157 | static SECStatus |
4158 | DeletePermCert(NSSLOWCERTCertificate *cert) |
4159 | { |
4160 | SECStatus rv; |
4161 | SECStatus ret; |
4162 | |
4163 | ret = SECSuccess; |
4164 | |
4165 | rv = DeleteDBCertEntry(cert->dbhandle, &cert->certKey); |
4166 | if ( rv != SECSuccess ) { |
4167 | ret = SECFailure; |
4168 | } |
4169 | |
4170 | rv = RemovePermSubjectNode(cert); |
4171 | |
4172 | |
4173 | return(ret); |
4174 | } |
4175 | |
4176 | /* |
4177 | * Delete a certificate from the permanent database. |
4178 | */ |
4179 | SECStatus |
4180 | nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert) |
4181 | { |
4182 | SECStatus rv; |
4183 | |
4184 | nsslowcert_LockDB(cert->dbhandle); |
4185 | |
4186 | /* delete the records from the permanent database */ |
4187 | rv = DeletePermCert(cert); |
4188 | |
4189 | /* get rid of dbcert and stuff pointing to it */ |
4190 | DestroyDBEntry((certDBEntry *)cert->dbEntry); |
4191 | cert->dbEntry = NULL((void*)0); |
4192 | cert->trust = NULL((void*)0); |
4193 | |
4194 | nsslowcert_UnlockDB(cert->dbhandle); |
4195 | return(rv); |
4196 | } |
4197 | |
4198 | /* |
4199 | * Traverse all of the entries in the database of a particular type |
4200 | * call the given function for each one. |
4201 | */ |
4202 | SECStatus |
4203 | nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle, |
4204 | certDBEntryType type, |
4205 | SECStatus (* callback)(SECItem *data, SECItem *key, |
4206 | certDBEntryType type, void *pdata), |
4207 | void *udata ) |
4208 | { |
4209 | DBT data; |
4210 | DBT key; |
4211 | SECStatus rv = SECSuccess; |
4212 | int ret; |
4213 | SECItem dataitem; |
4214 | SECItem keyitem; |
4215 | unsigned char *buf; |
4216 | unsigned char *keybuf; |
4217 | |
4218 | ret = certdb_Seq(handle->permCertDB, &key, &data, R_FIRST3); |
4219 | if ( ret ) { |
4220 | return(SECFailure); |
4221 | } |
4222 | /* here, ret is zero and rv is SECSuccess. |
4223 | * Below here, ret is a count of successful calls to the callback function. |
4224 | */ |
4225 | do { |
4226 | buf = (unsigned char *)data.data; |
4227 | |
4228 | if ( buf[1] == (unsigned char)type ) { |
4229 | dataitem.len = data.size; |
4230 | dataitem.data = buf; |
4231 | dataitem.type = siBuffer; |
4232 | keyitem.len = key.size - SEC_DB_KEY_HEADER_LEN1; |
4233 | keybuf = (unsigned char *)key.data; |
4234 | keyitem.data = &keybuf[SEC_DB_KEY_HEADER_LEN1]; |
4235 | keyitem.type = siBuffer; |
4236 | /* type should equal keybuf[0]. */ |
4237 | |
4238 | rv = (* callback)(&dataitem, &keyitem, type, udata); |
4239 | if ( rv == SECSuccess ) { |
4240 | ++ret; |
4241 | } |
4242 | } |
4243 | } while ( certdb_Seq(handle->permCertDB, &key, &data, R_NEXT7) == 0 ); |
4244 | /* If any callbacks succeeded, or no calls to callbacks were made, |
4245 | * then report success. Otherwise, report failure. |
4246 | */ |
4247 | return (ret ? SECSuccess : rv); |
4248 | } |
4249 | /* |
4250 | * Decode a certificate and enter it into the temporary certificate database. |
4251 | * Deal with nicknames correctly |
4252 | * |
4253 | * This is the private entry point. |
4254 | */ |
4255 | static NSSLOWCERTCertificate * |
4256 | DecodeACert(NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry) |
4257 | { |
4258 | NSSLOWCERTCertificate *cert = NULL((void*)0); |
4259 | |
4260 | cert = nsslowcert_DecodeDERCertificate(&entry->derCert, entry->nickname ); |
4261 | |
4262 | if ( cert == NULL((void*)0) ) { |
4263 | goto loser; |
4264 | } |
4265 | |
4266 | cert->dbhandle = handle; |
4267 | cert->dbEntry = entry; |
4268 | cert->trust = &entry->trust; |
4269 | |
4270 | return(cert); |
4271 | |
4272 | loser: |
4273 | return(0); |
4274 | } |
4275 | |
4276 | static NSSLOWCERTTrust * |
4277 | CreateTrust(void) |
4278 | { |
4279 | NSSLOWCERTTrust *trust = NULL((void*)0); |
4280 | |
4281 | nsslowcert_LockFreeList(); |
4282 | trust = trustListHead; |
4283 | if (trust) { |
4284 | trustListCount--; |
4285 | trustListHead = trust->next; |
4286 | } |
4287 | PORT_Assert(trustListCount >= 0)((trustListCount >= 0)?((void)0):PR_Assert("trustListCount >= 0" ,"pcertdb.c",4287)); |
4288 | nsslowcert_UnlockFreeList(); |
4289 | if (trust) { |
4290 | return trust; |
4291 | } |
4292 | |
4293 | return PORT_ZNew(NSSLOWCERTTrust)(NSSLOWCERTTrust*)PORT_ZAlloc_Util(sizeof(NSSLOWCERTTrust)); |
4294 | } |
4295 | |
4296 | static void |
4297 | DestroyTrustFreeList(void) |
4298 | { |
4299 | NSSLOWCERTTrust *trust; |
4300 | |
4301 | nsslowcert_LockFreeList(); |
4302 | while (NULL((void*)0) != (trust = trustListHead)) { |
4303 | trustListCount--; |
4304 | trustListHead = trust->next; |
4305 | PORT_FreePORT_Free_Util(trust); |
4306 | } |
4307 | PORT_Assert(!trustListCount)((!trustListCount)?((void)0):PR_Assert("!trustListCount","pcertdb.c" ,4307)); |
4308 | trustListCount = 0; |
4309 | nsslowcert_UnlockFreeList(); |
4310 | } |
4311 | |
4312 | static NSSLOWCERTTrust * |
4313 | DecodeTrustEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry, |
4314 | const SECItem *dbKey) |
4315 | { |
4316 | NSSLOWCERTTrust *trust = CreateTrust(); |
4317 | if (trust == NULL((void*)0)) { |
4318 | return trust; |
4319 | } |
4320 | trust->dbhandle = handle; |
4321 | trust->dbEntry = entry; |
4322 | trust->dbKey.data = pkcs11_copyStaticData(dbKey->data,dbKey->len, |
4323 | trust->dbKeySpace, sizeof(trust->dbKeySpace)); |
4324 | if (!trust->dbKey.data) { |
4325 | PORT_FreePORT_Free_Util(trust); |
4326 | return NULL((void*)0); |
4327 | } |
4328 | trust->dbKey.len = dbKey->len; |
4329 | |
4330 | trust->trust = &entry->trust; |
4331 | trust->derCert = &entry->derCert; |
4332 | |
4333 | return(trust); |
4334 | } |
4335 | |
4336 | typedef struct { |
4337 | PermCertCallback certfunc; |
4338 | NSSLOWCERTCertDBHandle *handle; |
4339 | void *data; |
4340 | } PermCertCallbackState; |
4341 | |
4342 | /* |
4343 | * traversal callback to decode certs and call callers callback |
4344 | */ |
4345 | static SECStatus |
4346 | certcallback(SECItem *dbdata, SECItem *dbkey, certDBEntryType type, void *data) |
4347 | { |
4348 | PermCertCallbackState *mystate; |
4349 | SECStatus rv; |
4350 | certDBEntryCert *entry; |
4351 | SECItem entryitem; |
4352 | NSSLOWCERTCertificate *cert; |
4353 | PLArenaPool *arena = NULL((void*)0); |
4354 | |
4355 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
4356 | if ( arena == NULL((void*)0) ) { |
4357 | goto loser; |
4358 | } |
4359 | |
4360 | entry = (certDBEntryCert *)PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, sizeof(certDBEntryCert)); |
4361 | mystate = (PermCertCallbackState *)data; |
4362 | entry->common.version = (unsigned int)dbdata->data[0]; |
4363 | entry->common.type = (certDBEntryType)dbdata->data[1]; |
4364 | entry->common.flags = (unsigned int)dbdata->data[2]; |
4365 | entry->common.arena = arena; |
4366 | |
4367 | entryitem.len = dbdata->len - SEC_DB_ENTRY_HEADER_LEN3; |
4368 | entryitem.data = &dbdata->data[SEC_DB_ENTRY_HEADER_LEN3]; |
4369 | |
4370 | rv = DecodeDBCertEntry(entry, &entryitem); |
4371 | if (rv != SECSuccess ) { |
4372 | goto loser; |
4373 | } |
4374 | entry->derCert.type = siBuffer; |
4375 | |
4376 | /* note: Entry is 'inheritted'. */ |
4377 | cert = DecodeACert(mystate->handle, entry); |
4378 | |
4379 | rv = (* mystate->certfunc)(cert, dbkey, mystate->data); |
4380 | |
4381 | /* arena stored in entry destroyed by nsslowcert_DestroyCertificate */ |
4382 | nsslowcert_DestroyCertificateNoLocking(cert); |
4383 | |
4384 | return(rv); |
4385 | |
4386 | loser: |
4387 | if ( arena ) { |
4388 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
4389 | } |
4390 | return(SECFailure); |
4391 | } |
4392 | |
4393 | /* |
4394 | * Traverse all of the certificates in the permanent database and |
4395 | * call the given function for each one; expect the caller to have lock. |
4396 | */ |
4397 | static SECStatus |
4398 | TraversePermCertsNoLocking(NSSLOWCERTCertDBHandle *handle, |
4399 | SECStatus (* certfunc)(NSSLOWCERTCertificate *cert, |
4400 | SECItem *k, |
4401 | void *pdata), |
4402 | void *udata ) |
4403 | { |
4404 | SECStatus rv; |
4405 | PermCertCallbackState mystate; |
4406 | |
4407 | mystate.certfunc = certfunc; |
4408 | mystate.handle = handle; |
4409 | mystate.data = udata; |
4410 | rv = nsslowcert_TraverseDBEntries(handle, certDBEntryTypeCert, certcallback, |
4411 | (void *)&mystate); |
4412 | |
4413 | return(rv); |
4414 | } |
4415 | |
4416 | /* |
4417 | * Traverse all of the certificates in the permanent database and |
4418 | * call the given function for each one. |
4419 | */ |
4420 | SECStatus |
4421 | nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle, |
4422 | SECStatus (* certfunc)(NSSLOWCERTCertificate *cert, SECItem *k, |
4423 | void *pdata), |
4424 | void *udata ) |
4425 | { |
4426 | SECStatus rv; |
4427 | |
4428 | nsslowcert_LockDB(handle); |
4429 | rv = TraversePermCertsNoLocking(handle, certfunc, udata); |
4430 | nsslowcert_UnlockDB(handle); |
4431 | |
4432 | return(rv); |
4433 | } |
4434 | |
4435 | |
4436 | |
4437 | /* |
4438 | * Close the database |
4439 | */ |
4440 | void |
4441 | nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle) |
4442 | { |
4443 | if ( handle ) { |
4444 | if ( handle->permCertDB ) { |
4445 | certdb_Close( handle->permCertDB ); |
4446 | handle->permCertDB = NULL((void*)0); |
4447 | } |
4448 | if (handle->dbMon) { |
4449 | PZ_DestroyMonitor(handle->dbMon)PR_DestroyMonitor((handle->dbMon)); |
4450 | handle->dbMon = NULL((void*)0); |
4451 | } |
4452 | PORT_FreePORT_Free_Util(handle); |
4453 | } |
4454 | return; |
4455 | } |
4456 | |
4457 | /* |
4458 | * Get the trust attributes from a certificate |
4459 | */ |
4460 | SECStatus |
4461 | nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust) |
4462 | { |
4463 | SECStatus rv; |
4464 | |
4465 | nsslowcert_LockCertTrust(cert); |
4466 | |
4467 | if ( cert->trust == NULL((void*)0) ) { |
4468 | rv = SECFailure; |
4469 | } else { |
4470 | *trust = *cert->trust; |
4471 | rv = SECSuccess; |
4472 | } |
4473 | |
4474 | nsslowcert_UnlockCertTrust(cert); |
4475 | return(rv); |
4476 | } |
4477 | |
4478 | /* |
4479 | * Change the trust attributes of a certificate and make them permanent |
4480 | * in the database. |
4481 | */ |
4482 | SECStatus |
4483 | nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, |
4484 | NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust) |
4485 | { |
4486 | certDBEntryCert *entry; |
4487 | int rv; |
4488 | SECStatus ret; |
4489 | |
4490 | nsslowcert_LockDB(handle); |
4491 | nsslowcert_LockCertTrust(cert); |
4492 | /* only set the trust on permanent certs */ |
4493 | if ( cert->trust == NULL((void*)0) ) { |
4494 | ret = SECFailure; |
4495 | goto done; |
4496 | } |
4497 | |
4498 | *cert->trust = *trust; |
4499 | if ( cert->dbEntry == NULL((void*)0) ) { |
4500 | ret = SECSuccess; /* not in permanent database */ |
4501 | goto done; |
4502 | } |
4503 | |
4504 | entry = cert->dbEntry; |
4505 | entry->trust = *trust; |
4506 | |
4507 | rv = WriteDBCertEntry(handle, entry); |
4508 | if ( rv ) { |
4509 | ret = SECFailure; |
4510 | goto done; |
4511 | } |
4512 | |
4513 | ret = SECSuccess; |
4514 | |
4515 | done: |
4516 | nsslowcert_UnlockCertTrust(cert); |
4517 | nsslowcert_UnlockDB(handle); |
4518 | return(ret); |
4519 | } |
4520 | |
4521 | |
4522 | static SECStatus |
4523 | nsslowcert_UpdatePermCert(NSSLOWCERTCertDBHandle *dbhandle, |
4524 | NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust) |
4525 | { |
4526 | char *oldnn; |
4527 | certDBEntryCert *entry; |
4528 | PRBool conflict; |
4529 | SECStatus ret; |
4530 | |
4531 | PORT_Assert(!cert->dbEntry)((!cert->dbEntry)?((void)0):PR_Assert("!cert->dbEntry", "pcertdb.c",4531)); |
4532 | |
4533 | /* don't add a conflicting nickname */ |
4534 | conflict = nsslowcert_CertNicknameConflict(nickname, &cert->derSubject, |
4535 | dbhandle); |
4536 | if ( conflict ) { |
4537 | ret = SECFailure; |
4538 | goto done; |
4539 | } |
4540 | |
4541 | /* save old nickname so that we can delete it */ |
4542 | oldnn = cert->nickname; |
4543 | |
4544 | entry = AddCertToPermDB(dbhandle, cert, nickname, trust); |
4545 | |
4546 | if ( entry == NULL((void*)0) ) { |
4547 | ret = SECFailure; |
4548 | goto done; |
4549 | } |
4550 | |
4551 | pkcs11_freeNickname(oldnn,cert->nicknameSpace); |
4552 | |
4553 | cert->nickname = (entry->nickname) ? pkcs11_copyNickname(entry->nickname, |
4554 | cert->nicknameSpace, sizeof(cert->nicknameSpace)) : NULL((void*)0); |
4555 | cert->trust = &entry->trust; |
4556 | cert->dbEntry = entry; |
4557 | |
4558 | ret = SECSuccess; |
4559 | done: |
4560 | return(ret); |
4561 | } |
4562 | |
4563 | SECStatus |
4564 | nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *dbhandle, |
4565 | NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust) |
4566 | { |
4567 | SECStatus ret; |
4568 | |
4569 | nsslowcert_LockDB(dbhandle); |
4570 | |
4571 | ret = nsslowcert_UpdatePermCert(dbhandle, cert, nickname, trust); |
4572 | |
4573 | nsslowcert_UnlockDB(dbhandle); |
4574 | return(ret); |
4575 | } |
4576 | |
4577 | /* |
4578 | * Open the certificate database and index databases. Create them if |
4579 | * they are not there or bad. |
4580 | */ |
4581 | SECStatus |
4582 | nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, |
4583 | const char *appName, const char *prefix, |
4584 | NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile) |
4585 | { |
4586 | int rv; |
4587 | |
4588 | certdb_InitDBLock(handle); |
4589 | |
4590 | handle->dbMon = PZ_NewMonitor(nssILockCertDB)PR_NewMonitor(); |
4591 | PORT_Assert(handle->dbMon != NULL)((handle->dbMon != ((void*)0))?((void)0):PR_Assert("handle->dbMon != NULL" ,"pcertdb.c",4591)); |
4592 | handle->dbVerify = PR_FALSE0; |
4593 | |
4594 | rv = nsslowcert_OpenPermCertDB(handle, readOnly, appName, prefix, |
4595 | namecb, cbarg); |
4596 | if ( rv ) { |
4597 | goto loser; |
4598 | } |
4599 | |
4600 | return (SECSuccess); |
4601 | |
4602 | loser: |
4603 | |
4604 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_BAD_DATABASE); |
4605 | return(SECFailure); |
4606 | } |
4607 | |
4608 | PRBool |
4609 | nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle) |
4610 | { |
4611 | if (!handle) return PR_FALSE0; |
4612 | return handle->dbVerify; |
4613 | } |
4614 | |
4615 | void |
4616 | nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value) |
4617 | { |
4618 | handle->dbVerify = value; |
4619 | } |
4620 | |
4621 | |
4622 | /* |
4623 | * Lookup a certificate in the databases. |
4624 | */ |
4625 | static NSSLOWCERTCertificate * |
4626 | FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey, PRBool lockdb) |
4627 | { |
4628 | NSSLOWCERTCertificate *cert = NULL((void*)0); |
4629 | certDBEntryCert *entry; |
4630 | PRBool locked = PR_FALSE0; |
4631 | |
4632 | if ( lockdb ) { |
4633 | locked = PR_TRUE1; |
4634 | nsslowcert_LockDB(handle); |
4635 | } |
4636 | |
4637 | /* find in perm database */ |
4638 | entry = ReadDBCertEntry(handle, certKey); |
4639 | |
4640 | if ( entry == NULL((void*)0) ) { |
4641 | goto loser; |
4642 | } |
4643 | |
4644 | /* inherit entry */ |
4645 | cert = DecodeACert(handle, entry); |
4646 | |
4647 | loser: |
4648 | if (cert == NULL((void*)0)) { |
4649 | if (entry) { |
4650 | DestroyDBEntry((certDBEntry *)entry); |
4651 | } |
4652 | } |
4653 | |
4654 | if ( locked ) { |
4655 | nsslowcert_UnlockDB(handle); |
4656 | } |
4657 | |
4658 | return(cert); |
4659 | } |
4660 | |
4661 | /* |
4662 | * Lookup a certificate in the databases. |
4663 | */ |
4664 | static NSSLOWCERTTrust * |
4665 | FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey, PRBool lockdb) |
4666 | { |
4667 | NSSLOWCERTTrust *trust = NULL((void*)0); |
4668 | certDBEntryCert *entry; |
4669 | PRBool locked = PR_FALSE0; |
4670 | |
4671 | if ( lockdb ) { |
4672 | locked = PR_TRUE1; |
4673 | nsslowcert_LockDB(handle); |
4674 | } |
4675 | |
4676 | /* find in perm database */ |
4677 | entry = ReadDBCertEntry(handle, certKey); |
4678 | |
4679 | if ( entry == NULL((void*)0) ) { |
4680 | goto loser; |
4681 | } |
4682 | |
4683 | if (!nsslowcert_hasTrust(&entry->trust)) { |
4684 | goto loser; |
4685 | } |
4686 | |
4687 | /* inherit entry */ |
4688 | trust = DecodeTrustEntry(handle, entry, certKey); |
4689 | |
4690 | loser: |
4691 | if (trust == NULL((void*)0)) { |
4692 | if (entry) { |
4693 | DestroyDBEntry((certDBEntry *)entry); |
4694 | } |
4695 | } |
4696 | |
4697 | if ( locked ) { |
4698 | nsslowcert_UnlockDB(handle); |
4699 | } |
4700 | |
4701 | return(trust); |
4702 | } |
4703 | |
4704 | /* |
4705 | * Lookup a certificate in the databases without locking |
4706 | */ |
4707 | NSSLOWCERTCertificate * |
4708 | nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey) |
4709 | { |
4710 | return(FindCertByKey(handle, certKey, PR_FALSE0)); |
4711 | } |
4712 | |
4713 | /* |
4714 | * Lookup a trust object in the databases without locking |
4715 | */ |
4716 | NSSLOWCERTTrust * |
4717 | nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey) |
4718 | { |
4719 | return(FindTrustByKey(handle, certKey, PR_FALSE0)); |
4720 | } |
4721 | |
4722 | /* |
4723 | * Generate a key from an issuerAndSerialNumber, and find the |
4724 | * associated cert in the database. |
4725 | */ |
4726 | NSSLOWCERTCertificate * |
4727 | nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN) |
4728 | { |
4729 | SECItem certKey; |
4730 | SECItem *sn = &issuerAndSN->serialNumber; |
4731 | SECItem *issuer = &issuerAndSN->derIssuer; |
4732 | NSSLOWCERTCertificate *cert; |
4733 | int data_left = sn->len-1; |
4734 | int data_len = sn->len; |
4735 | int index = 0; |
4736 | |
4737 | /* automatically detect DER encoded serial numbers and remove the der |
4738 | * encoding since the database expects unencoded data. |
4739 | * if it's DER encoded, there must be at least 3 bytes, tag, len, data */ |
4740 | if ((sn->len >= 3) && (sn->data[0] == 0x2)) { |
4741 | /* remove the der encoding of the serial number before generating the |
4742 | * key.. */ |
4743 | data_left = sn->len-2; |
4744 | data_len = sn->data[1]; |
4745 | index = 2; |
4746 | |
4747 | /* extended length ? (not very likely for a serial number) */ |
4748 | if (data_len & 0x80) { |
4749 | int len_count = data_len & 0x7f; |
4750 | |
4751 | data_len = 0; |
4752 | data_left -= len_count; |
4753 | if (data_left > 0) { |
4754 | while (len_count --) { |
4755 | data_len = (data_len << 8) | sn->data[index++]; |
4756 | } |
4757 | } |
4758 | } |
4759 | /* XXX leaving any leading zeros on the serial number for backwards |
4760 | * compatibility |
4761 | */ |
4762 | /* not a valid der, must be just an unlucky serial number value */ |
4763 | if (data_len != data_left) { |
4764 | data_len = sn->len; |
4765 | index = 0; |
4766 | } |
4767 | } |
4768 | |
4769 | certKey.type = 0; |
4770 | certKey.data = (unsigned char*)PORT_AllocPORT_Alloc_Util(sn->len + issuer->len); |
4771 | certKey.len = data_len + issuer->len; |
4772 | |
4773 | if ( certKey.data == NULL((void*)0) ) { |
4774 | return(0); |
4775 | } |
4776 | |
4777 | /* first try the serial number as hand-decoded above*/ |
4778 | /* copy the serialNumber */ |
4779 | PORT_Memcpymemcpy(certKey.data, &sn->data[index], data_len); |
4780 | |
4781 | /* copy the issuer */ |
4782 | PORT_Memcpymemcpy( &certKey.data[data_len],issuer->data,issuer->len); |
4783 | |
4784 | cert = nsslowcert_FindCertByKey(handle, &certKey); |
4785 | if (cert) { |
4786 | PORT_FreePORT_Free_Util(certKey.data); |
4787 | return (cert); |
4788 | } |
4789 | |
4790 | /* didn't find it, try by der encoded serial number */ |
4791 | /* copy the serialNumber */ |
4792 | PORT_Memcpymemcpy(certKey.data, sn->data, sn->len); |
4793 | |
4794 | /* copy the issuer */ |
4795 | PORT_Memcpymemcpy( &certKey.data[sn->len], issuer->data, issuer->len); |
4796 | certKey.len = sn->len + issuer->len; |
4797 | |
4798 | cert = nsslowcert_FindCertByKey(handle, &certKey); |
4799 | |
4800 | PORT_FreePORT_Free_Util(certKey.data); |
4801 | |
4802 | return(cert); |
4803 | } |
4804 | |
4805 | /* |
4806 | * Generate a key from an issuerAndSerialNumber, and find the |
4807 | * associated cert in the database. |
4808 | */ |
4809 | NSSLOWCERTTrust * |
4810 | nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, |
4811 | NSSLOWCERTIssuerAndSN *issuerAndSN) |
4812 | { |
4813 | SECItem certKey; |
4814 | SECItem *sn = &issuerAndSN->serialNumber; |
4815 | SECItem *issuer = &issuerAndSN->derIssuer; |
4816 | NSSLOWCERTTrust *trust; |
4817 | unsigned char keyBuf[512]; |
4818 | int data_left = sn->len-1; |
4819 | int data_len = sn->len; |
4820 | int index = 0; |
4821 | int len; |
4822 | |
4823 | /* automatically detect DER encoded serial numbers and remove the der |
4824 | * encoding since the database expects unencoded data. |
4825 | * if it's DER encoded, there must be at least 3 bytes, tag, len, data */ |
4826 | if ((sn->len >= 3) && (sn->data[0] == 0x2)) { |
4827 | /* remove the der encoding of the serial number before generating the |
4828 | * key.. */ |
4829 | data_left = sn->len-2; |
4830 | data_len = sn->data[1]; |
4831 | index = 2; |
4832 | |
4833 | /* extended length ? (not very likely for a serial number) */ |
4834 | if (data_len & 0x80) { |
4835 | int len_count = data_len & 0x7f; |
4836 | |
4837 | data_len = 0; |
4838 | data_left -= len_count; |
4839 | if (data_left > 0) { |
4840 | while (len_count --) { |
4841 | data_len = (data_len << 8) | sn->data[index++]; |
4842 | } |
4843 | } |
4844 | } |
4845 | /* XXX leaving any leading zeros on the serial number for backwards |
4846 | * compatibility |
4847 | */ |
4848 | /* not a valid der, must be just an unlucky serial number value */ |
4849 | if (data_len != data_left) { |
4850 | data_len = sn->len; |
4851 | index = 0; |
4852 | } |
4853 | } |
4854 | |
4855 | certKey.type = 0; |
4856 | certKey.len = data_len + issuer->len; |
4857 | len = sn->len + issuer->len; |
4858 | if (len > sizeof (keyBuf)) { |
4859 | certKey.data = (unsigned char*)PORT_AllocPORT_Alloc_Util(len); |
4860 | } else { |
4861 | certKey.data = keyBuf; |
4862 | } |
4863 | |
4864 | if ( certKey.data == NULL((void*)0) ) { |
4865 | return(0); |
4866 | } |
4867 | |
4868 | /* first try the serial number as hand-decoded above*/ |
4869 | /* copy the serialNumber */ |
4870 | PORT_Memcpymemcpy(certKey.data, &sn->data[index], data_len); |
4871 | |
4872 | /* copy the issuer */ |
4873 | PORT_Memcpymemcpy( &certKey.data[data_len],issuer->data,issuer->len); |
4874 | |
4875 | trust = nsslowcert_FindTrustByKey(handle, &certKey); |
4876 | if (trust) { |
4877 | pkcs11_freeStaticData(certKey.data, keyBuf); |
4878 | return (trust); |
4879 | } |
4880 | |
4881 | if (index == 0) { |
4882 | pkcs11_freeStaticData(certKey.data, keyBuf); |
4883 | return NULL((void*)0); |
4884 | } |
4885 | |
4886 | /* didn't find it, try by der encoded serial number */ |
4887 | /* copy the serialNumber */ |
4888 | PORT_Memcpymemcpy(certKey.data, sn->data, sn->len); |
4889 | |
4890 | /* copy the issuer */ |
4891 | PORT_Memcpymemcpy( &certKey.data[sn->len], issuer->data, issuer->len); |
4892 | certKey.len = sn->len + issuer->len; |
4893 | |
4894 | trust = nsslowcert_FindTrustByKey(handle, &certKey); |
4895 | |
4896 | pkcs11_freeStaticData(certKey.data, keyBuf); |
4897 | |
4898 | return(trust); |
4899 | } |
4900 | |
4901 | /* |
4902 | * look for the given DER certificate in the database |
4903 | */ |
4904 | NSSLOWCERTCertificate * |
4905 | nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert) |
4906 | { |
4907 | PLArenaPool *arena; |
4908 | SECItem certKey; |
4909 | SECStatus rv; |
4910 | NSSLOWCERTCertificate *cert = NULL((void*)0); |
4911 | |
4912 | /* create a scratch arena */ |
4913 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
4914 | if ( arena == NULL((void*)0) ) { |
4915 | return(NULL((void*)0)); |
4916 | } |
4917 | |
4918 | /* extract the database key from the cert */ |
4919 | rv = nsslowcert_KeyFromDERCert(arena, derCert, &certKey); |
4920 | if ( rv != SECSuccess ) { |
4921 | goto loser; |
4922 | } |
4923 | |
4924 | /* find the certificate */ |
4925 | cert = nsslowcert_FindCertByKey(handle, &certKey); |
4926 | |
4927 | loser: |
4928 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
4929 | return(cert); |
4930 | } |
4931 | |
4932 | static void |
4933 | DestroyCertificate(NSSLOWCERTCertificate *cert, PRBool lockdb) |
4934 | { |
4935 | int refCount; |
4936 | NSSLOWCERTCertDBHandle *handle; |
4937 | |
4938 | if ( cert ) { |
4939 | |
4940 | handle = cert->dbhandle; |
4941 | |
4942 | /* |
4943 | * handle may be NULL, for example if the cert was created with |
4944 | * nsslowcert_DecodeDERCertificate. |
4945 | */ |
4946 | if ( lockdb && handle ) { |
4947 | nsslowcert_LockDB(handle); |
4948 | } |
4949 | |
4950 | nsslowcert_LockCertRefCount(cert); |
4951 | PORT_Assert(cert->referenceCount > 0)((cert->referenceCount > 0)?((void)0):PR_Assert("cert->referenceCount > 0" ,"pcertdb.c",4951)); |
4952 | refCount = --cert->referenceCount; |
4953 | nsslowcert_UnlockCertRefCount(cert); |
4954 | |
4955 | if ( refCount == 0 ) { |
4956 | certDBEntryCert *entry = cert->dbEntry; |
4957 | |
4958 | if ( entry ) { |
4959 | DestroyDBEntry((certDBEntry *)entry); |
4960 | } |
4961 | |
4962 | pkcs11_freeNickname(cert->nickname,cert->nicknameSpace); |
4963 | pkcs11_freeNickname(cert->emailAddr,cert->emailAddrSpace); |
4964 | pkcs11_freeStaticData(cert->certKey.data,cert->certKeySpace); |
4965 | cert->certKey.data = NULL((void*)0); |
4966 | cert->nickname = NULL((void*)0); |
4967 | |
4968 | /* zero cert before freeing. Any stale references to this cert |
4969 | * after this point will probably cause an exception. */ |
4970 | PORT_Memsetmemset(cert, 0, sizeof *cert); |
4971 | |
4972 | /* use reflock to protect the free list */ |
4973 | nsslowcert_LockFreeList(); |
4974 | if (certListCount > MAX_CERT_LIST_COUNT10) { |
4975 | PORT_FreePORT_Free_Util(cert); |
4976 | } else { |
4977 | certListCount++; |
4978 | cert->next = certListHead; |
4979 | certListHead = cert; |
4980 | } |
4981 | nsslowcert_UnlockFreeList(); |
4982 | cert = NULL((void*)0); |
4983 | } |
4984 | if ( lockdb && handle ) { |
4985 | nsslowcert_UnlockDB(handle); |
4986 | } |
4987 | } |
4988 | |
4989 | return; |
4990 | } |
4991 | |
4992 | NSSLOWCERTCertificate * |
4993 | nsslowcert_CreateCert(void) |
4994 | { |
4995 | NSSLOWCERTCertificate *cert; |
4996 | nsslowcert_LockFreeList(); |
4997 | cert = certListHead; |
4998 | if (cert) { |
4999 | certListHead = cert->next; |
5000 | certListCount--; |
5001 | } |
5002 | PORT_Assert(certListCount >= 0)((certListCount >= 0)?((void)0):PR_Assert("certListCount >= 0" ,"pcertdb.c",5002)); |
5003 | nsslowcert_UnlockFreeList(); |
5004 | if (cert) { |
5005 | return cert; |
5006 | } |
5007 | return PORT_ZNew(NSSLOWCERTCertificate)(NSSLOWCERTCertificate*)PORT_ZAlloc_Util(sizeof(NSSLOWCERTCertificate )); |
5008 | } |
5009 | |
5010 | static void |
5011 | DestroyCertFreeList(void) |
5012 | { |
5013 | NSSLOWCERTCertificate *cert; |
5014 | |
5015 | nsslowcert_LockFreeList(); |
5016 | while (NULL((void*)0) != (cert = certListHead)) { |
5017 | certListCount--; |
5018 | certListHead = cert->next; |
5019 | PORT_FreePORT_Free_Util(cert); |
5020 | } |
5021 | PORT_Assert(!certListCount)((!certListCount)?((void)0):PR_Assert("!certListCount","pcertdb.c" ,5021)); |
5022 | certListCount = 0; |
5023 | nsslowcert_UnlockFreeList(); |
5024 | } |
5025 | |
5026 | void |
5027 | nsslowcert_DestroyTrust(NSSLOWCERTTrust *trust) |
5028 | { |
5029 | certDBEntryCert *entry = trust->dbEntry; |
5030 | |
5031 | if ( entry ) { |
5032 | DestroyDBEntry((certDBEntry *)entry); |
5033 | } |
5034 | pkcs11_freeStaticData(trust->dbKey.data,trust->dbKeySpace); |
5035 | PORT_Memsetmemset(trust, 0, sizeof(*trust)); |
5036 | |
5037 | nsslowcert_LockFreeList(); |
5038 | if (trustListCount > MAX_TRUST_LIST_COUNT10) { |
5039 | PORT_FreePORT_Free_Util(trust); |
5040 | } else { |
5041 | trustListCount++; |
5042 | trust->next = trustListHead; |
5043 | trustListHead = trust; |
5044 | } |
5045 | nsslowcert_UnlockFreeList(); |
5046 | |
5047 | return; |
5048 | } |
5049 | |
5050 | void |
5051 | nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert) |
5052 | { |
5053 | DestroyCertificate(cert, PR_TRUE1); |
5054 | return; |
5055 | } |
5056 | |
5057 | static void |
5058 | nsslowcert_DestroyCertificateNoLocking(NSSLOWCERTCertificate *cert) |
5059 | { |
5060 | DestroyCertificate(cert, PR_FALSE0); |
5061 | return; |
5062 | } |
5063 | |
5064 | /* |
5065 | * Lookup a CRL in the databases. We mirror the same fast caching data base |
5066 | * caching stuff used by certificates....? |
5067 | */ |
5068 | certDBEntryRevocation * |
5069 | nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, |
5070 | SECItem *crlKey, PRBool isKRL) |
5071 | { |
5072 | SECItem keyitem; |
5073 | DBT key; |
5074 | SECStatus rv; |
5075 | PLArenaPool *arena = NULL((void*)0); |
5076 | certDBEntryRevocation *entry = NULL((void*)0); |
5077 | certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation |
5078 | : certDBEntryTypeRevocation; |
5079 | |
5080 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
5081 | if ( arena == NULL((void*)0) ) { |
5082 | goto loser; |
5083 | } |
5084 | |
5085 | rv = EncodeDBGenericKey(crlKey, arena, &keyitem, crlType); |
5086 | if ( rv != SECSuccess ) { |
5087 | goto loser; |
5088 | } |
5089 | |
5090 | key.data = keyitem.data; |
5091 | key.size = keyitem.len; |
5092 | |
5093 | /* find in perm database */ |
5094 | entry = ReadDBCrlEntry(handle, crlKey, crlType); |
5095 | |
5096 | if ( entry == NULL((void*)0) ) { |
5097 | goto loser; |
5098 | } |
5099 | |
5100 | loser: |
5101 | if ( arena ) { |
5102 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
5103 | } |
5104 | |
5105 | return entry; |
5106 | } |
5107 | |
5108 | /* |
5109 | * replace the existing URL in the data base with a new one |
5110 | */ |
5111 | static SECStatus |
5112 | nsslowcert_UpdateCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, |
5113 | SECItem *crlKey, char *url, PRBool isKRL) |
5114 | { |
5115 | SECStatus rv = SECFailure; |
5116 | certDBEntryRevocation *entry = NULL((void*)0); |
5117 | certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation |
5118 | : certDBEntryTypeRevocation; |
5119 | DeleteDBCrlEntry(handle, crlKey, crlType); |
5120 | |
5121 | /* Write the new entry into the data base */ |
5122 | entry = NewDBCrlEntry(derCrl, url, crlType, 0); |
5123 | if (entry == NULL((void*)0)) goto done; |
5124 | |
5125 | rv = WriteDBCrlEntry(handle, entry, crlKey); |
5126 | if (rv != SECSuccess) goto done; |
5127 | |
5128 | done: |
5129 | if (entry) { |
5130 | DestroyDBEntry((certDBEntry *)entry); |
5131 | } |
5132 | return rv; |
5133 | } |
5134 | |
5135 | SECStatus |
5136 | nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, |
5137 | SECItem *crlKey, char *url, PRBool isKRL) |
5138 | { |
5139 | SECStatus rv; |
5140 | |
5141 | rv = nsslowcert_UpdateCrl(handle, derCrl, crlKey, url, isKRL); |
5142 | |
5143 | return rv; |
5144 | } |
5145 | |
5146 | SECStatus |
5147 | nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle, const SECItem *derName, |
5148 | PRBool isKRL) |
5149 | { |
5150 | SECStatus rv; |
5151 | certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation |
5152 | : certDBEntryTypeRevocation; |
5153 | |
5154 | rv = DeleteDBCrlEntry(handle, derName, crlType); |
5155 | if (rv != SECSuccess) goto done; |
5156 | |
5157 | done: |
5158 | return rv; |
5159 | } |
5160 | |
5161 | |
5162 | PRBool |
5163 | nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust) |
5164 | { |
5165 | if (trust == NULL((void*)0)) { |
5166 | return PR_FALSE0; |
5167 | } |
5168 | return !((trust->sslFlags & CERTDB_TRUSTED_UNKNOWN(1<<11)) && |
5169 | (trust->emailFlags & CERTDB_TRUSTED_UNKNOWN(1<<11)) && |
5170 | (trust->objectSigningFlags & CERTDB_TRUSTED_UNKNOWN(1<<11))); |
5171 | } |
5172 | |
5173 | /* |
5174 | * This function has the logic that decides if another person's cert and |
5175 | * email profile from an S/MIME message should be saved. It can deal with |
5176 | * the case when there is no profile. |
5177 | */ |
5178 | static SECStatus |
5179 | nsslowcert_UpdateSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, |
5180 | char *emailAddr, SECItem *derSubject, SECItem *emailProfile, |
5181 | SECItem *profileTime) |
5182 | { |
5183 | certDBEntrySMime *entry = NULL((void*)0); |
5184 | SECStatus rv = SECFailure;; |
5185 | |
5186 | |
5187 | /* find our existing entry */ |
5188 | entry = nsslowcert_ReadDBSMimeEntry(dbhandle, emailAddr); |
5189 | |
5190 | if ( entry ) { |
5191 | /* keep our old db entry consistant for old applications. */ |
5192 | if (!SECITEM_ItemsAreEqualSECITEM_ItemsAreEqual_Util(derSubject, &entry->subjectName)) { |
5193 | nsslowcert_UpdateSubjectEmailAddr(dbhandle, &entry->subjectName, |
5194 | emailAddr, nsslowcert_remove); |
5195 | } |
5196 | DestroyDBEntry((certDBEntry *)entry); |
5197 | entry = NULL((void*)0); |
5198 | } |
5199 | |
5200 | /* now save the entry */ |
5201 | entry = NewDBSMimeEntry(emailAddr, derSubject, emailProfile, |
5202 | profileTime, 0); |
5203 | if ( entry == NULL((void*)0) ) { |
5204 | rv = SECFailure; |
5205 | goto loser; |
5206 | } |
5207 | |
5208 | nsslowcert_LockDB(dbhandle); |
5209 | |
5210 | rv = DeleteDBSMimeEntry(dbhandle, emailAddr); |
5211 | /* if delete fails, try to write new entry anyway... */ |
5212 | |
5213 | /* link subject entry back here */ |
5214 | rv = nsslowcert_UpdateSubjectEmailAddr(dbhandle, derSubject, emailAddr, |
5215 | nsslowcert_add); |
5216 | if ( rv != SECSuccess ) { |
5217 | nsslowcert_UnlockDB(dbhandle); |
5218 | goto loser; |
5219 | } |
5220 | |
5221 | rv = WriteDBSMimeEntry(dbhandle, entry); |
5222 | if ( rv != SECSuccess ) { |
5223 | nsslowcert_UnlockDB(dbhandle); |
5224 | goto loser; |
5225 | } |
5226 | |
5227 | nsslowcert_UnlockDB(dbhandle); |
5228 | |
5229 | rv = SECSuccess; |
5230 | |
5231 | loser: |
5232 | if ( entry ) { |
5233 | DestroyDBEntry((certDBEntry *)entry); |
5234 | } |
5235 | return(rv); |
5236 | } |
5237 | |
5238 | SECStatus |
5239 | nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, |
5240 | SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime) |
5241 | { |
5242 | SECStatus rv = SECFailure;; |
5243 | |
5244 | |
5245 | rv = nsslowcert_UpdateSMimeProfile(dbhandle, emailAddr, |
5246 | derSubject, emailProfile, profileTime); |
5247 | |
5248 | return(rv); |
5249 | } |
5250 | |
5251 | void |
5252 | nsslowcert_DestroyFreeLists(void) |
5253 | { |
5254 | if (freeListLock == NULL((void*)0)) { |
5255 | return; |
5256 | } |
5257 | DestroyCertEntryFreeList(); |
5258 | DestroyTrustFreeList(); |
5259 | DestroyCertFreeList(); |
5260 | SKIP_AFTER_FORK(PZ_DestroyLock(freeListLock))if (!lg_parentForkedAfterC_Initialize) PR_DestroyLock((freeListLock )); |
5261 | freeListLock = NULL((void*)0); |
5262 | } |
5263 | |
5264 | void |
5265 | nsslowcert_DestroyGlobalLocks(void) |
5266 | { |
5267 | if (dbLock) { |
5268 | SKIP_AFTER_FORK(PZ_DestroyLock(dbLock))if (!lg_parentForkedAfterC_Initialize) PR_DestroyLock((dbLock )); |
5269 | dbLock = NULL((void*)0); |
5270 | } |
5271 | if (certRefCountLock) { |
5272 | SKIP_AFTER_FORK(PZ_DestroyLock(certRefCountLock))if (!lg_parentForkedAfterC_Initialize) PR_DestroyLock((certRefCountLock )); |
5273 | certRefCountLock = NULL((void*)0); |
5274 | } |
5275 | if (certTrustLock) { |
5276 | SKIP_AFTER_FORK(PZ_DestroyLock(certTrustLock))if (!lg_parentForkedAfterC_Initialize) PR_DestroyLock((certTrustLock )); |
5277 | certTrustLock = NULL((void*)0); |
5278 | } |
5279 | } |
5280 | |
5281 | certDBEntry * |
5282 | nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey, |
5283 | certDBEntryType entryType, void *pdata) |
5284 | { |
5285 | PLArenaPool *arena = NULL((void*)0); |
5286 | certDBEntry *entry; |
5287 | SECStatus rv; |
5288 | SECItem dbEntry; |
5289 | |
5290 | |
5291 | if ((dbData->len < SEC_DB_ENTRY_HEADER_LEN3) || (dbKey->len == 0)) { |
5292 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
5293 | goto loser; |
5294 | } |
5295 | dbEntry.data = &dbData->data[SEC_DB_ENTRY_HEADER_LEN3]; |
5296 | dbEntry.len = dbData->len - SEC_DB_ENTRY_HEADER_LEN3; |
5297 | |
5298 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
5299 | if (arena == NULL((void*)0)) { |
5300 | goto loser; |
5301 | } |
5302 | entry = PORT_ArenaZNew(arena, certDBEntry)(certDBEntry*) PORT_ArenaZAlloc_Util(arena, sizeof(certDBEntry )); |
5303 | if (!entry) |
5304 | goto loser; |
5305 | |
5306 | entry->common.version = (unsigned int)dbData->data[0]; |
5307 | entry->common.flags = (unsigned int)dbData->data[2]; |
5308 | entry->common.type = entryType; |
5309 | entry->common.arena = arena; |
5310 | |
5311 | switch (entryType) { |
5312 | case certDBEntryTypeContentVersion: /* This type appears to be unused */ |
5313 | case certDBEntryTypeVersion: /* This type has only the common hdr */ |
5314 | rv = SECSuccess; |
5315 | break; |
5316 | |
5317 | case certDBEntryTypeSubject: |
5318 | rv = DecodeDBSubjectEntry(&entry->subject, &dbEntry, dbKey); |
5319 | break; |
5320 | |
5321 | case certDBEntryTypeNickname: |
5322 | rv = DecodeDBNicknameEntry(&entry->nickname, &dbEntry, |
5323 | (char *)dbKey->data); |
5324 | break; |
5325 | |
5326 | /* smime profiles need entries created after the certs have |
5327 | * been imported, loop over them in a second run */ |
5328 | case certDBEntryTypeSMimeProfile: |
5329 | rv = DecodeDBSMimeEntry(&entry->smime, &dbEntry, (char *)dbKey->data); |
5330 | break; |
5331 | |
5332 | case certDBEntryTypeCert: |
5333 | rv = DecodeDBCertEntry(&entry->cert, &dbEntry); |
5334 | break; |
5335 | |
5336 | case certDBEntryTypeKeyRevocation: |
5337 | case certDBEntryTypeRevocation: |
5338 | rv = DecodeDBCrlEntry(&entry->revocation, &dbEntry); |
5339 | break; |
5340 | |
5341 | default: |
5342 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
5343 | rv = SECFailure; |
5344 | } |
5345 | |
5346 | if (rv == SECSuccess) |
5347 | return entry; |
5348 | |
5349 | loser: |
5350 | if (arena) |
5351 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
5352 | return NULL((void*)0); |
5353 | } |
5354 |