1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
* License, v. 2.0. If a copy of the MPL was not distributed with this
3
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
31
extern const NSSError NSS_ERROR_NOT_FOUND;
33
/* Creates a certificate from a base object */
34
NSS_IMPLEMENT NSSCertificate *
35
nssCertificate_Create (
40
NSSCertificate *rvCert;
42
NSSArena *arena = object->arena;
43
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
44
PR_ASSERT(object->lockType == nssPKIMonitor);
45
mark = nssArena_Mark(arena);
46
rvCert = nss_ZNEW(arena, NSSCertificate);
48
return (NSSCertificate *)NULL;
50
rvCert->object = *object;
51
/* XXX should choose instance based on some criteria */
52
status = nssCryptokiCertificate_GetAttributes(object->instances[0],
53
NULL, /* XXX sessionOpt */
61
if (status != PR_SUCCESS ||
62
!rvCert->encoding.data ||
63
!rvCert->encoding.size ||
64
!rvCert->issuer.data ||
65
!rvCert->issuer.size ||
66
!rvCert->serial.data ||
67
!rvCert->serial.size) {
69
nssArena_Release(arena, mark);
70
return (NSSCertificate *)NULL;
73
nssArena_Unmark(arena, mark);
77
NSS_IMPLEMENT NSSCertificate *
78
nssCertificate_AddRef (
83
nssPKIObject_AddRef(&c->object);
88
NSS_IMPLEMENT PRStatus
89
nssCertificate_Destroy (
93
nssCertificateStoreTrace lockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
94
nssCertificateStoreTrace unlockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
98
nssDecodedCert *dc = c->decoding;
99
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
100
NSSCryptoContext *cc = c->object.cryptoContext;
102
PR_ASSERT(c->object.refCount > 0);
104
/* --- LOCK storage --- */
106
nssCertificateStore_Lock(cc->certStore, &lockTrace);
108
nssTrustDomain_LockCertCache(td);
110
if (PR_ATOMIC_DECREMENT(&c->object.refCount) == 0) {
111
/* --- remove cert and UNLOCK storage --- */
113
nssCertificateStore_RemoveCertLOCKED(cc->certStore, c);
114
nssCertificateStore_Unlock(cc->certStore, &lockTrace,
117
nssTrustDomain_RemoveCertFromCacheLOCKED(td, c);
118
nssTrustDomain_UnlockCertCache(td);
121
for (i=0; i<c->object.numInstances; i++) {
122
nssCryptokiObject_Destroy(c->object.instances[i]);
124
nssPKIObject_DestroyLock(&c->object);
125
nssArena_Destroy(c->object.arena);
126
nssDecodedCert_Destroy(dc);
128
/* --- UNLOCK storage --- */
130
nssCertificateStore_Unlock(cc->certStore,
134
nssTrustDomain_UnlockCertCache(td);
141
NSS_IMPLEMENT PRStatus
142
NSSCertificate_Destroy (
146
return nssCertificate_Destroy(c);
149
NSS_IMPLEMENT NSSDER *
150
nssCertificate_GetEncoding (
154
if (c->encoding.size > 0 && c->encoding.data) {
157
return (NSSDER *)NULL;
161
NSS_IMPLEMENT NSSDER *
162
nssCertificate_GetIssuer (
166
if (c->issuer.size > 0 && c->issuer.data) {
169
return (NSSDER *)NULL;
173
NSS_IMPLEMENT NSSDER *
174
nssCertificate_GetSerialNumber (
178
if (c->serial.size > 0 && c->serial.data) {
181
return (NSSDER *)NULL;
185
NSS_IMPLEMENT NSSDER *
186
nssCertificate_GetSubject (
190
if (c->subject.size > 0 && c->subject.data) {
193
return (NSSDER *)NULL;
197
/* Returns a copy, Caller must free using nss_ZFreeIf */
198
NSS_IMPLEMENT NSSUTF8 *
199
nssCertificate_GetNickname (
204
return nssPKIObject_GetNicknameForToken(&c->object, tokenOpt);
207
NSS_IMPLEMENT NSSASCII7 *
208
nssCertificate_GetEmailAddress (
215
NSS_IMPLEMENT PRStatus
216
NSSCertificate_DeleteStoredObject (
221
return nssPKIObject_DeleteStoredObject(&c->object, uhh, PR_TRUE);
224
NSS_IMPLEMENT PRStatus
225
NSSCertificate_Validate (
227
NSSTime *timeOpt, /* NULL for "now" */
229
NSSPolicies *policiesOpt /* NULL for none */
232
nss_SetError(NSS_ERROR_NOT_FOUND);
236
NSS_IMPLEMENT void ** /* void *[] */
237
NSSCertificate_ValidateCompletely (
239
NSSTime *timeOpt, /* NULL for "now" */
241
NSSPolicies *policiesOpt, /* NULL for none */
242
void **rvOpt, /* NULL for allocate */
243
PRUint32 rvLimit, /* zero for no limit */
244
NSSArena *arenaOpt /* NULL for heap */
247
nss_SetError(NSS_ERROR_NOT_FOUND);
251
NSS_IMPLEMENT PRStatus
252
NSSCertificate_ValidateAndDiscoverUsagesAndPolicies (
254
NSSTime **notBeforeOutOpt,
255
NSSTime **notAfterOutOpt,
257
void *disallowedUsages,
258
void *allowedPolicies,
259
void *disallowedPolicies,
260
/* more args.. work on this fgmr */
264
nss_SetError(NSS_ERROR_NOT_FOUND);
268
NSS_IMPLEMENT NSSDER *
269
NSSCertificate_Encode (
275
/* Item, DER, BER are all typedefs now... */
276
return nssItem_Duplicate((NSSItem *)&c->encoding, arenaOpt, rvOpt);
279
NSS_IMPLEMENT nssDecodedCert *
280
nssCertificate_GetDecoding (
284
nssDecodedCert* deco = NULL;
285
if (c->type == NSSCertificateType_PKIX) {
286
(void)STAN_GetCERTCertificate(c);
288
nssPKIObject_Lock(&c->object);
290
deco = nssDecodedCert_Create(NULL, &c->encoding, c->type);
291
PORT_Assert(!c->decoding);
296
nssPKIObject_Unlock(&c->object);
300
static NSSCertificate **
301
filter_subject_certs_for_id (
302
NSSCertificate **subjectCerts,
308
int nextOpenSlot = 0;
310
nssCertIDMatch matchLevel = nssCertIDMatch_Unknown;
311
nssCertIDMatch match;
313
/* walk the subject certs */
314
for (si = subjectCerts; *si; si++) {
315
dcp = nssCertificate_GetDecoding(*si);
317
NSSCertificate_Destroy(*si);
320
match = dcp->matchIdentifier(dcp, id);
322
case nssCertIDMatch_Yes:
323
if (matchLevel == nssCertIDMatch_Unknown) {
324
/* we have non-definitive matches, forget them */
325
for (i = 0; i < nextOpenSlot; i++) {
326
NSSCertificate_Destroy(subjectCerts[i]);
327
subjectCerts[i] = NULL;
330
/* only keep definitive matches from now on */
331
matchLevel = nssCertIDMatch_Yes;
334
subjectCerts[nextOpenSlot++] = *si;
336
case nssCertIDMatch_Unknown:
337
if (matchLevel == nssCertIDMatch_Unknown) {
338
/* only have non-definitive matches so far, keep it */
339
subjectCerts[nextOpenSlot++] = *si;
342
/* else fall through, we have a definitive match already */
343
case nssCertIDMatch_No:
345
NSSCertificate_Destroy(*si);
349
subjectCerts[nextOpenSlot] = NULL;
353
static NSSCertificate **
354
filter_certs_for_valid_issuers (
355
NSSCertificate **certs
360
int nextOpenSlot = 0;
362
for (cp = certs; *cp; cp++) {
363
dcp = nssCertificate_GetDecoding(*cp);
364
if (dcp && dcp->isValidIssuer(dcp)) {
365
certs[nextOpenSlot++] = *cp;
367
NSSCertificate_Destroy(*cp);
370
certs[nextOpenSlot] = NULL;
374
static NSSCertificate *
379
NSSPolicies *policiesOpt,
385
NSSCertificate **certs = NULL;
386
NSSCertificate **ccIssuers = NULL;
387
NSSCertificate **tdIssuers = NULL;
388
NSSCertificate *issuer = NULL;
391
cc = c->object.cryptoContext;
393
td = NSSCertificate_GetTrustDomain(c);
394
arena = nssArena_Create();
396
return (NSSCertificate *)NULL;
399
ccIssuers = nssCryptoContext_FindCertificatesBySubject(cc,
406
tdIssuers = nssTrustDomain_FindCertificatesBySubject(td,
411
certs = nssCertificateArray_Join(ccIssuers, tdIssuers);
413
nssDecodedCert *dc = NULL;
414
void *issuerID = NULL;
415
dc = nssCertificate_GetDecoding(c);
417
issuerID = dc->getIssuerIdentifier(dc);
419
/* XXX review based on CERT_FindCertIssuer
420
* this function is not using the authCertIssuer field as a fallback
421
* if authority key id does not exist
424
certs = filter_subject_certs_for_id(certs, issuerID);
426
certs = filter_certs_for_valid_issuers(certs);
427
issuer = nssCertificateArray_FindBestCertificate(certs,
431
nssCertificateArray_Destroy(certs);
433
nssArena_Destroy(arena);
437
/* This function returns the built chain, as far as it gets,
438
** even if/when it fails to find an issuer, and returns PR_FAILURE
440
NSS_IMPLEMENT NSSCertificate **
441
nssCertificate_BuildChain (
445
NSSPolicies *policiesOpt,
446
NSSCertificate **rvOpt,
454
NSSCertificate **rvChain = NULL;
455
NSSUsage issuerUsage = *usage;
456
nssPKIObjectCollection *collection = NULL;
457
PRUint32 rvCount = 0;
459
PRStatus ret = PR_SUCCESS;
462
(!td && (td = NSSCertificate_GetTrustDomain(c)) == NULL)) {
465
/* bump the usage up to CA level */
466
issuerUsage.nss3lookingForCA = PR_TRUE;
467
collection = nssCertificateCollection_Create(td, NULL);
470
st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c);
471
if (st != PR_SUCCESS)
473
for (rvCount = 1; (!rvLimit || rvCount < rvLimit); ++rvCount) {
474
CERTCertificate *cCert = STAN_GetCERTCertificate(c);
476
/* not including the issuer of the self-signed cert, which is,
481
c = find_cert_issuer(c, timeOpt, &issuerUsage, policiesOpt, td, cc);
486
st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c);
487
nssCertificate_Destroy(c); /* collection has it */
488
if (st != PR_SUCCESS)
491
rvChain = nssPKIObjectCollection_GetCertificates(collection,
496
nssPKIObjectCollection_Destroy(collection);
499
if (ret != PR_SUCCESS)
500
nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND);
506
nssPKIObjectCollection_Destroy(collection);
508
*statusOpt = PR_FAILURE;
509
nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND);
513
NSS_IMPLEMENT NSSCertificate **
514
NSSCertificate_BuildChain (
518
NSSPolicies *policiesOpt,
519
NSSCertificate **rvOpt,
520
PRUint32 rvLimit, /* zero for no limit */
527
return nssCertificate_BuildChain(c, timeOpt, usage, policiesOpt,
528
rvOpt, rvLimit, arenaOpt, statusOpt,
532
NSS_IMPLEMENT NSSCryptoContext *
533
nssCertificate_GetCryptoContext (
537
return c->object.cryptoContext;
540
NSS_IMPLEMENT NSSTrustDomain *
541
nssCertificate_GetTrustDomain (
545
return c->object.trustDomain;
548
NSS_IMPLEMENT NSSTrustDomain *
549
NSSCertificate_GetTrustDomain (
553
return nssCertificate_GetTrustDomain(c);
556
NSS_IMPLEMENT NSSToken *
557
NSSCertificate_GetToken (
562
return (NSSToken *)NULL;
565
NSS_IMPLEMENT NSSSlot *
566
NSSCertificate_GetSlot (
571
return (NSSSlot *)NULL;
574
NSS_IMPLEMENT NSSModule *
575
NSSCertificate_GetModule (
580
return (NSSModule *)NULL;
583
NSS_IMPLEMENT NSSItem *
584
NSSCertificate_Encrypt (
586
NSSAlgorithmAndParameters *apOpt,
590
NSSPolicies *policiesOpt,
596
nss_SetError(NSS_ERROR_NOT_FOUND);
600
NSS_IMPLEMENT PRStatus
601
NSSCertificate_Verify (
603
NSSAlgorithmAndParameters *apOpt,
608
NSSPolicies *policiesOpt,
612
nss_SetError(NSS_ERROR_NOT_FOUND);
616
NSS_IMPLEMENT NSSItem *
617
NSSCertificate_VerifyRecover (
619
NSSAlgorithmAndParameters *apOpt,
623
NSSPolicies *policiesOpt,
629
nss_SetError(NSS_ERROR_NOT_FOUND);
633
NSS_IMPLEMENT NSSItem *
634
NSSCertificate_WrapSymmetricKey (
636
NSSAlgorithmAndParameters *apOpt,
637
NSSSymmetricKey *keyToWrap,
640
NSSPolicies *policiesOpt,
646
nss_SetError(NSS_ERROR_NOT_FOUND);
650
NSS_IMPLEMENT NSSCryptoContext *
651
NSSCertificate_CreateCryptoContext (
653
NSSAlgorithmAndParameters *apOpt,
656
NSSPolicies *policiesOpt,
660
nss_SetError(NSS_ERROR_NOT_FOUND);
664
NSS_IMPLEMENT NSSPublicKey *
665
NSSCertificate_GetPublicKey (
670
CK_ATTRIBUTE pubktemplate[] = {
671
{ CKA_CLASS, NULL, 0 },
673
{ CKA_SUBJECT, NULL, 0 }
676
CK_ULONG count = sizeof(pubktemplate) / sizeof(pubktemplate[0]);
677
NSS_CK_SET_ATTRIBUTE_ITEM(pubktemplate, 0, &g_ck_class_pubkey);
678
if (c->id.size > 0) {
680
NSS_CK_ITEM_TO_ATTRIBUTE(&c->id, &pubktemplate[1]);
683
return (NSSPublicKey *)NULL;
685
if (c->subject.size > 0) {
687
NSS_CK_ITEM_TO_ATTRIBUTE(&c->subject, &pubktemplate[2]);
690
return (NSSPublicKey *)NULL;
692
/* Try the cert's token first */
694
nssrv = nssToken_FindObjectByTemplate(c->token, pubktemplate, count);
697
/* Try all other key tokens */
698
return (NSSPublicKey *)NULL;
701
NSS_IMPLEMENT NSSPrivateKey *
702
NSSCertificate_FindPrivateKey (
707
nss_SetError(NSS_ERROR_NOT_FOUND);
712
NSSCertificate_IsPrivateKeyAvailable (
718
PRBool isUser = PR_FALSE;
719
nssCryptokiObject **ip;
720
nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
724
for (ip = instances; *ip; ip++) {
725
nssCryptokiObject *instance = *ip;
726
if (nssToken_IsPrivateKeyAvailable(instance->token, c, instance)) {
730
nssCryptokiObjectArray_Destroy(instances);
734
/* sort the subject cert list from newest to oldest */
736
nssCertificate_SubjectListSort (
741
NSSCertificate *c1 = (NSSCertificate *)v1;
742
NSSCertificate *c2 = (NSSCertificate *)v2;
743
nssDecodedCert *dc1 = nssCertificate_GetDecoding(c1);
744
nssDecodedCert *dc2 = nssCertificate_GetDecoding(c2);
750
return dc1->isNewerThan(dc1, dc2) ? -1 : 1;
755
NSSUserCertificate_IsStillPresent (
756
NSSUserCertificate *uc,
760
nss_SetError(NSS_ERROR_NOT_FOUND);
764
NSS_IMPLEMENT NSSItem *
765
NSSUserCertificate_Decrypt (
766
NSSUserCertificate *uc,
767
NSSAlgorithmAndParameters *apOpt,
771
NSSPolicies *policiesOpt,
777
nss_SetError(NSS_ERROR_NOT_FOUND);
781
NSS_IMPLEMENT NSSItem *
782
NSSUserCertificate_Sign (
783
NSSUserCertificate *uc,
784
NSSAlgorithmAndParameters *apOpt,
788
NSSPolicies *policiesOpt,
794
nss_SetError(NSS_ERROR_NOT_FOUND);
798
NSS_IMPLEMENT NSSItem *
799
NSSUserCertificate_SignRecover (
800
NSSUserCertificate *uc,
801
NSSAlgorithmAndParameters *apOpt,
805
NSSPolicies *policiesOpt,
811
nss_SetError(NSS_ERROR_NOT_FOUND);
815
NSS_IMPLEMENT NSSSymmetricKey *
816
NSSUserCertificate_UnwrapSymmetricKey (
817
NSSUserCertificate *uc,
818
NSSAlgorithmAndParameters *apOpt,
822
NSSPolicies *policiesOpt,
828
nss_SetError(NSS_ERROR_NOT_FOUND);
832
NSS_IMPLEMENT NSSSymmetricKey *
833
NSSUserCertificate_DeriveSymmetricKey (
834
NSSUserCertificate *uc, /* provides private key */
835
NSSCertificate *c, /* provides public key */
836
NSSAlgorithmAndParameters *apOpt,
838
PRUint32 keySizeOpt, /* zero for best allowed */
839
NSSOperations operations,
843
nss_SetError(NSS_ERROR_NOT_FOUND);
847
NSS_IMPLEMENT nssSMIMEProfile *
848
nssSMIMEProfile_Create (
849
NSSCertificate *cert,
850
NSSItem *profileTime,
855
nssSMIMEProfile *rvProfile;
856
nssPKIObject *object;
857
NSSTrustDomain *td = nssCertificate_GetTrustDomain(cert);
858
NSSCryptoContext *cc = nssCertificate_GetCryptoContext(cert);
859
arena = nssArena_Create();
863
object = nssPKIObject_Create(arena, NULL, td, cc, nssPKILock);
867
rvProfile = nss_ZNEW(arena, nssSMIMEProfile);
871
rvProfile->object = *object;
872
rvProfile->certificate = cert;
873
rvProfile->email = nssUTF8_Duplicate(cert->email, arena);
874
rvProfile->subject = nssItem_Duplicate(&cert->subject, arena, NULL);
876
rvProfile->profileTime = nssItem_Duplicate(profileTime, arena, NULL);
879
rvProfile->profileData = nssItem_Duplicate(profileData, arena, NULL);
883
if (object) nssPKIObject_Destroy(object);
884
else if (arena) nssArena_Destroy(arena);
885
return (nssSMIMEProfile *)NULL;
888
/* execute a callback function on all members of a cert list */
890
nssCertificateList_DoCallback (
892
PRStatus (* callback)(NSSCertificate *c, void *arg),
896
nssListIterator *certs;
897
NSSCertificate *cert;
899
certs = nssList_CreateIterator(certList);
903
for (cert = (NSSCertificate *)nssListIterator_Start(certs);
904
cert != (NSSCertificate *)NULL;
905
cert = (NSSCertificate *)nssListIterator_Next(certs))
907
nssrv = (*callback)(cert, arg);
909
nssListIterator_Finish(certs);
910
nssListIterator_Destroy(certs);
914
static PRStatus add_ref_callback(NSSCertificate *c, void *a)
916
nssCertificate_AddRef(c);
921
nssCertificateList_AddReferences (
925
(void)nssCertificateList_DoCallback(certList, add_ref_callback, NULL);
930
* Is this trust record safe to apply to all certs of the same issuer/SN
931
* independent of the cert matching the hash. This is only true is the trust
932
* is unknown or distrusted. In general this feature is only useful to
933
* explicitly distrusting certs. It is not safe to use to trust certs, so
934
* only allow unknown and untrusted trust types.
937
nssTrust_IsSafeToIgnoreCertHash(nssTrustLevel serverAuth,
938
nssTrustLevel clientAuth, nssTrustLevel codeSigning,
939
nssTrustLevel email, PRBool stepup)
941
/* step up is a trust type, if it's on, we must have a hash for the cert */
945
if ((serverAuth != nssTrustLevel_Unknown) &&
946
(serverAuth != nssTrustLevel_NotTrusted)) {
949
if ((clientAuth != nssTrustLevel_Unknown) &&
950
(clientAuth != nssTrustLevel_NotTrusted)) {
953
if ((codeSigning != nssTrustLevel_Unknown) &&
954
(codeSigning != nssTrustLevel_NotTrusted)) {
957
if ((email != nssTrustLevel_Unknown) &&
958
(email != nssTrustLevel_NotTrusted)) {
961
/* record only has Unknown and Untrusted entries, ok to accept without a
966
NSS_IMPLEMENT NSSTrust *
968
nssPKIObject *object,
974
PRUint32 lastTrustOrder, myTrustOrder;
975
unsigned char sha1_hashcmp[SHA1_LENGTH];
976
unsigned char sha1_hashin[SHA1_LENGTH];
979
nssCryptokiObject *instance;
980
nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
981
SECStatus rv; /* Should be stan flavor */
984
lastTrustOrder = 1<<16; /* just make it big */
985
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
986
rvt = nss_ZNEW(object->arena, NSSTrust);
988
return (NSSTrust *)NULL;
990
rvt->object = *object;
992
/* should be stan flavor of Hashbuf */
993
rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size);
994
if (rv != SECSuccess) {
995
return (NSSTrust *)NULL;
997
sha1_hash.data = sha1_hashin;
998
sha1_hash.size = sizeof (sha1_hashin);
999
/* trust has to peek into the base object members */
1000
nssPKIObject_Lock(object);
1001
for (i=0; i<object->numInstances; i++) {
1002
instance = object->instances[i];
1003
myTrustOrder = nssToken_GetTrustOrder(instance->token);
1004
status = nssCryptokiTrust_GetAttributes(instance, NULL,
1011
if (status != PR_SUCCESS) {
1012
nssPKIObject_Unlock(object);
1013
return (NSSTrust *)NULL;
1015
/* if no hash is specified, then trust applies to all certs with
1016
* this issuer/SN. NOTE: This is only true for entries that
1017
* have distrust and unknown record */
1019
/* we continue if there is no hash, and the trust type is
1020
* safe to accept without a hash ... or ... */
1021
((sha1_hash.size == 0) &&
1022
nssTrust_IsSafeToIgnoreCertHash(serverAuth,clientAuth,
1023
codeSigning, emailProtection,stepUp))
1025
/* we have a hash of the correct size, and it matches */
1026
((sha1_hash.size == SHA1_LENGTH) && (PORT_Memcmp(sha1_hashin,
1027
sha1_hashcmp,SHA1_LENGTH) == 0)) )) {
1028
nssPKIObject_Unlock(object);
1029
return (NSSTrust *)NULL;
1031
if (rvt->serverAuth == nssTrustLevel_Unknown ||
1032
myTrustOrder < lastTrustOrder)
1034
rvt->serverAuth = serverAuth;
1036
if (rvt->clientAuth == nssTrustLevel_Unknown ||
1037
myTrustOrder < lastTrustOrder)
1039
rvt->clientAuth = clientAuth;
1041
if (rvt->emailProtection == nssTrustLevel_Unknown ||
1042
myTrustOrder < lastTrustOrder)
1044
rvt->emailProtection = emailProtection;
1046
if (rvt->codeSigning == nssTrustLevel_Unknown ||
1047
myTrustOrder < lastTrustOrder)
1049
rvt->codeSigning = codeSigning;
1051
rvt->stepUpApproved = stepUp;
1052
lastTrustOrder = myTrustOrder;
1054
nssPKIObject_Unlock(object);
1058
NSS_IMPLEMENT NSSTrust *
1064
nssPKIObject_AddRef(&trust->object);
1069
NSS_IMPLEMENT PRStatus
1075
(void)nssPKIObject_Destroy(&trust->object);
1080
NSS_IMPLEMENT nssSMIMEProfile *
1081
nssSMIMEProfile_AddRef (
1082
nssSMIMEProfile *profile
1086
nssPKIObject_AddRef(&profile->object);
1091
NSS_IMPLEMENT PRStatus
1092
nssSMIMEProfile_Destroy (
1093
nssSMIMEProfile *profile
1097
(void)nssPKIObject_Destroy(&profile->object);
1102
NSS_IMPLEMENT NSSCRL *
1104
nssPKIObject *object
1109
NSSArena *arena = object->arena;
1110
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
1111
rvCRL = nss_ZNEW(arena, NSSCRL);
1113
return (NSSCRL *)NULL;
1115
rvCRL->object = *object;
1116
/* XXX should choose instance based on some criteria */
1117
status = nssCryptokiCRL_GetAttributes(object->instances[0],
1118
NULL, /* XXX sessionOpt */
1125
if (status != PR_SUCCESS) {
1126
return (NSSCRL *)NULL;
1131
NSS_IMPLEMENT NSSCRL *
1137
nssPKIObject_AddRef(&crl->object);
1142
NSS_IMPLEMENT PRStatus
1148
(void)nssPKIObject_Destroy(&crl->object);
1153
NSS_IMPLEMENT PRStatus
1154
nssCRL_DeleteStoredObject (
1159
return nssPKIObject_DeleteStoredObject(&crl->object, uhh, PR_TRUE);
1162
NSS_IMPLEMENT NSSDER *
1163
nssCRL_GetEncoding (
1167
if (crl && crl->encoding.data != NULL && crl->encoding.size > 0) {
1168
return &crl->encoding;
1170
return (NSSDER *)NULL;