зеркало из https://github.com/mozilla/gecko-dev.git
Bug 767241, Part 2: Replace almost all uses of NSSCleanupAutoPtrClass with ScopedNSSTypes, r=honzab
--HG-- extra : rebase_source : 5fa068e15febb301b0c776f1a565262d698789b2
This commit is contained in:
Родитель
ddd80afae9
Коммит
3a071d2b94
|
@ -111,6 +111,7 @@
|
|||
#include "nsServiceManagerUtils.h"
|
||||
#include "nsIConsoleService.h"
|
||||
#include "PSMRunnable.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "ssl.h"
|
||||
#include "secerr.h"
|
||||
|
@ -127,7 +128,6 @@ namespace {
|
|||
|
||||
NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
NSSCleanupAutoPtrClass_WithParam(PLArenaPool, PORT_FreeArena, FalseParam, false)
|
||||
|
||||
// do not use a nsCOMPtr to avoid static initializer/destructor
|
||||
|
@ -615,11 +615,9 @@ private:
|
|||
SSLServerCertVerificationJob(const void * fdForLogging,
|
||||
TransportSecurityInfo * infoObject,
|
||||
CERTCertificate * cert);
|
||||
~SSLServerCertVerificationJob();
|
||||
|
||||
const void * const mFdForLogging;
|
||||
const RefPtr<TransportSecurityInfo> mInfoObject;
|
||||
CERTCertificate * const mCert;
|
||||
const ScopedCERTCertificate mCert;
|
||||
};
|
||||
|
||||
SSLServerCertVerificationJob::SSLServerCertVerificationJob(
|
||||
|
@ -631,11 +629,6 @@ SSLServerCertVerificationJob::SSLServerCertVerificationJob(
|
|||
{
|
||||
}
|
||||
|
||||
SSLServerCertVerificationJob::~SSLServerCertVerificationJob()
|
||||
{
|
||||
CERT_DestroyCertificate(mCert);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
PSM_SSL_PKIX_AuthCertificate(CERTCertificate *peerCert, void * pinarg,
|
||||
const char * hostname)
|
||||
|
@ -818,10 +811,9 @@ BlockServerCertChangeForSpdy(nsNSSSocketInfo *infoObject,
|
|||
" Assuming spdy.\n"));
|
||||
|
||||
// Check to see if the cert has actually changed
|
||||
CERTCertificate * c = cert2->GetCert();
|
||||
ScopedCERTCertificate c(cert2->GetCert());
|
||||
NS_ASSERTION(c, "very bad and hopefully impossible state");
|
||||
bool sameCert = CERT_CompareCerts(c, serverCert);
|
||||
CERT_DestroyCertificate(c);
|
||||
if (sameCert)
|
||||
return SECSuccess;
|
||||
|
||||
|
@ -887,8 +879,8 @@ AuthCertificate(TransportSecurityInfo * infoObject, CERTCertificate * cert)
|
|||
nsc = nsNSSCertificate::Create(cert);
|
||||
}
|
||||
|
||||
CERTCertList *certList = nullptr;
|
||||
certList = CERT_GetCertChainFromCert(cert, PR_Now(), certUsageSSLCA);
|
||||
ScopedCERTCertList certList(CERT_GetCertChainFromCert(cert, PR_Now(),
|
||||
certUsageSSLCA));
|
||||
if (!certList) {
|
||||
rv = SECFailure;
|
||||
} else {
|
||||
|
@ -943,20 +935,15 @@ AuthCertificate(TransportSecurityInfo * infoObject, CERTCertificate * cert)
|
|||
// We have found a signer cert that we want to remember.
|
||||
char* nickname = nsNSSCertificate::defaultServerNickname(node->cert);
|
||||
if (nickname && *nickname) {
|
||||
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
|
||||
if (slot) {
|
||||
PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE,
|
||||
nickname, false);
|
||||
PK11_FreeSlot(slot);
|
||||
}
|
||||
}
|
||||
PR_FREEIF(nickname);
|
||||
}
|
||||
|
||||
if (certList) {
|
||||
CERT_DestroyCertList(certList);
|
||||
}
|
||||
|
||||
// The connection may get terminated, for example, if the server requires
|
||||
// a client cert. Let's provide a minimal SSLStatus
|
||||
// to the caller that contains at least the cert and its status.
|
||||
|
@ -1125,8 +1112,7 @@ AuthCertificateHook(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
|
|||
socketInfo->SetFirstServerHelloReceived();
|
||||
}
|
||||
|
||||
CERTCertificate *serverCert = SSL_PeerCertificate(fd);
|
||||
CERTCertificateCleaner serverCertCleaner(serverCert);
|
||||
ScopedCERTCertificate serverCert(SSL_PeerCertificate(fd));
|
||||
|
||||
if (!checkSig || isServer || !socketInfo || !serverCert) {
|
||||
PR_SetError(PR_INVALID_STATE_ERROR, 0);
|
||||
|
|
|
@ -15,10 +15,10 @@
|
|||
#include "nsIObjectInputStream.h"
|
||||
#include "nsIObjectOutputStream.h"
|
||||
#include "nsNSSCertHelper.h"
|
||||
#include "nsNSSCleaner.h"
|
||||
#include "nsIProgrammingLanguage.h"
|
||||
#include "nsIArray.h"
|
||||
#include "PSMRunnable.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -34,8 +34,6 @@
|
|||
|
||||
namespace {
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
||||
} // unnamed namespace
|
||||
|
@ -780,8 +778,7 @@ AppendErrorTextMismatch(const nsString &host,
|
|||
const PRUnichar *params[1];
|
||||
nsresult rv;
|
||||
|
||||
CERTCertificate *nssCert = nullptr;
|
||||
CERTCertificateCleaner nssCertCleaner(nssCert);
|
||||
ScopedCERTCertificate nssCert;
|
||||
|
||||
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(ix509, &rv);
|
||||
if (cert2)
|
||||
|
|
|
@ -14,10 +14,10 @@
|
|||
#include "nsArrayUtils.h"
|
||||
#include "nsCertVerificationThread.h"
|
||||
#include "nsCERTValInParamWrapper.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "prlog.h"
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
#include "nsNSSComponent.h"
|
||||
|
||||
#ifdef PR_LOGGING
|
||||
|
@ -28,8 +28,6 @@ using namespace mozilla;
|
|||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS2(nsCMSMessage, nsICMSMessage,
|
||||
nsICMSMessage2)
|
||||
|
||||
|
@ -540,8 +538,7 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsIArray * aRecipientCerts)
|
|||
if (!nssRecipientCert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CERTCertificate *c = nssRecipientCert->GetCert();
|
||||
CERTCertificateCleaner rcCleaner(c);
|
||||
ScopedCERTCertificate c(nssRecipientCert->GetCert());
|
||||
recipientCerts.set(i, c);
|
||||
}
|
||||
|
||||
|
@ -579,8 +576,7 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsIArray * aRecipientCerts)
|
|||
|
||||
// Create and attach recipient information //
|
||||
for (i=0; i < recipientCertCount; i++) {
|
||||
CERTCertificate *rc = recipientCerts.get(i);
|
||||
CERTCertificateCleaner rcCleaner(rc);
|
||||
ScopedCERTCertificate rc(recipientCerts.get(i));
|
||||
if ((recipientInfo = NSS_CMSRecipientInfo_Create(m_cmsMsg, rc)) == nullptr) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSMessage::CreateEncrypted - can't create recipient info\n"));
|
||||
goto loser;
|
||||
|
@ -611,7 +607,8 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
|
|||
NSSCMSContentInfo *cinfo;
|
||||
NSSCMSSignedData *sigd;
|
||||
NSSCMSSignerInfo *signerinfo;
|
||||
CERTCertificate *scert = nullptr, *ecert = nullptr;
|
||||
ScopedCERTCertificate scert;
|
||||
ScopedCERTCertificate ecert;
|
||||
nsCOMPtr<nsIX509Cert2> aSigningCert2 = do_QueryInterface(aSigningCert);
|
||||
nsresult rv = NS_ERROR_FAILURE;
|
||||
|
||||
|
@ -630,9 +627,6 @@ NS_IMETHODIMP nsCMSMessage::CreateSigned(nsIX509Cert* aSigningCert, nsIX509Cert*
|
|||
}
|
||||
}
|
||||
|
||||
CERTCertificateCleaner ecertCleaner(ecert);
|
||||
CERTCertificateCleaner scertCleaner(scert);
|
||||
|
||||
/*
|
||||
* create the message object
|
||||
*/
|
||||
|
|
|
@ -18,15 +18,14 @@
|
|||
#include "nsPromiseFlatString.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "nsStringBuffer.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "nspr.h"
|
||||
#include "pk11pub.h"
|
||||
#include "certdb.h"
|
||||
#include "sechash.h"
|
||||
#include "ssl.h" // For SSL_ClearSessionCache
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
static const char kCertOverrideFileName[] = "cert_override.txt";
|
||||
|
@ -414,11 +413,10 @@ GetCertFingerprintByOidTag(nsIX509Cert *aCert,
|
|||
if (!cert2)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CERTCertificate* nsscert = cert2->GetCert();
|
||||
ScopedCERTCertificate nsscert(cert2->GetCert());
|
||||
if (!nsscert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CERTCertificateCleaner nsscertCleaner(nsscert);
|
||||
return GetCertFingerprintByOidTag(nsscert, aOidTag, fp);
|
||||
}
|
||||
|
||||
|
@ -453,11 +451,10 @@ GetCertFingerprintByDottedOidString(nsIX509Cert *aCert,
|
|||
if (!cert2)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CERTCertificate* nsscert = cert2->GetCert();
|
||||
ScopedCERTCertificate nsscert(cert2->GetCert());
|
||||
if (!nsscert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CERTCertificateCleaner nsscertCleaner(nsscert);
|
||||
return GetCertFingerprintByDottedOidString(nsscert, dottedOid, fp);
|
||||
}
|
||||
|
||||
|
@ -477,16 +474,14 @@ nsCertOverrideService::RememberValidityOverride(const nsACString & aHostName, in
|
|||
if (!cert2)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CERTCertificate* nsscert = cert2->GetCert();
|
||||
ScopedCERTCertificate nsscert(cert2->GetCert());
|
||||
if (!nsscert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CERTCertificateCleaner nsscertCleaner(nsscert);
|
||||
|
||||
char* nickname = nsNSSCertificate::defaultServerNickname(nsscert);
|
||||
if (!aTemporary && nickname && *nickname)
|
||||
{
|
||||
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
|
||||
if (!slot) {
|
||||
PR_Free(nickname);
|
||||
return NS_ERROR_FAILURE;
|
||||
|
@ -494,8 +489,6 @@ nsCertOverrideService::RememberValidityOverride(const nsACString & aHostName, in
|
|||
|
||||
SECStatus srv = PK11_ImportCert(slot, nsscert, CK_INVALID_HANDLE,
|
||||
nickname, false);
|
||||
PK11_FreeSlot(slot);
|
||||
|
||||
if (srv != SECSuccess) {
|
||||
PR_Free(nickname);
|
||||
return NS_ERROR_FAILURE;
|
||||
|
|
|
@ -11,16 +11,15 @@
|
|||
#include "nsNSSComponent.h"
|
||||
#include "nsNSSCertificate.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsNSSCleaner.h"
|
||||
#include "nsICertPickDialogs.h"
|
||||
#include "nsNSSShutDown.h"
|
||||
#include "nsNSSCertHelper.h"
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertNicknames, CERT_FreeNicknames)
|
||||
NSSCleanupAutoPtrClass(CERTCertList, CERT_DestroyCertList)
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "cert.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
NS_IMPL_ISUPPORTS1(nsCertPicker, nsIUserCertPicker)
|
||||
|
||||
nsCertPicker::nsCertPicker()
|
||||
|
@ -49,31 +48,24 @@ NS_IMETHODIMP nsCertPicker::PickByUsage(nsIInterfaceRequestor *ctx,
|
|||
|
||||
{
|
||||
// Iterate over all certs. This assures that user is logged in to all hardware tokens.
|
||||
CERTCertList *allcerts = nullptr;
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
|
||||
allcerts = PK11_ListCerts(PK11CertListUnique, ctx);
|
||||
CERT_DestroyCertList(allcerts);
|
||||
ScopedCERTCertList allcerts(PK11_ListCerts(PK11CertListUnique, ctx));
|
||||
}
|
||||
|
||||
/* find all user certs that are valid and for SSL */
|
||||
/* note that we are allowing expired certs in this list */
|
||||
|
||||
CERTCertList *certList =
|
||||
ScopedCERTCertList certList(
|
||||
CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
|
||||
(SECCertUsage)certUsage,
|
||||
!allowDuplicateNicknames,
|
||||
!allowInvalid,
|
||||
ctx);
|
||||
CERTCertListCleaner clc(certList);
|
||||
|
||||
ctx));
|
||||
if (!certList) {
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
CERTCertNicknames *nicknames = getNSSCertNicknamesFromCertList(certList);
|
||||
|
||||
CERTCertNicknamesCleaner cnc(nicknames);
|
||||
|
||||
ScopedCERTCertNicknames nicknames(getNSSCertNicknamesFromCertList(certList));
|
||||
if (!nicknames) {
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
|
|
@ -20,9 +20,9 @@
|
|||
#include "nsXPCOMCID.h"
|
||||
#include "nsTHashtable.h"
|
||||
#include "nsHashKeys.h"
|
||||
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "prlog.h"
|
||||
#include "nsNSSCleaner.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
|
@ -30,8 +30,6 @@ using namespace mozilla;
|
|||
extern PRLogModuleInfo* gPIPNSSLog;
|
||||
#endif
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
static NS_DEFINE_CID(kCertOverrideCID, NS_CERTOVERRIDE_CID);
|
||||
|
||||
|
@ -641,12 +639,9 @@ nsCertTree::GetCertsByType(uint32_t aType,
|
|||
void *aCertCmpFnArg)
|
||||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
CERTCertList *certList = nullptr;
|
||||
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
|
||||
certList = PK11_ListCerts(PK11CertListUnique, cxt);
|
||||
ScopedCERTCertList certList(PK11_ListCerts(PK11CertListUnique, cxt));
|
||||
nsresult rv = GetCertsByTypeFromCertList(certList, aType, aCertCmpFn, aCertCmpFnArg);
|
||||
if (certList)
|
||||
CERT_DestroyCertList(certList);
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -815,8 +810,7 @@ nsCertTree::DeleteEntryObject(uint32_t index)
|
|||
// although there are still overrides stored,
|
||||
// so, we keep the cert, but remove the trust
|
||||
|
||||
CERTCertificate *nsscert = nullptr;
|
||||
CERTCertificateCleaner nsscertCleaner(nsscert);
|
||||
ScopedCERTCertificate nsscert;
|
||||
|
||||
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(cert);
|
||||
if (cert2) {
|
||||
|
|
|
@ -22,12 +22,8 @@
|
|||
#include "certdb.h"
|
||||
#include "sechash.h"
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS2(nsClientAuthRememberService,
|
||||
nsIObserver,
|
||||
nsISupportsWeakReference)
|
||||
|
|
|
@ -59,6 +59,7 @@
|
|||
#include "secmod.h"
|
||||
#include "nsISaveAsCharset.h"
|
||||
#include "nsNativeCharsetUtils.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "ssl.h" // For SSL_ClearSessionCache
|
||||
|
||||
|
@ -69,12 +70,7 @@
|
|||
|
||||
using namespace mozilla;
|
||||
|
||||
NSSCleanupAutoPtrClass(SECKEYPrivateKey, SECKEY_DestroyPrivateKey)
|
||||
NSSCleanupAutoPtrClass(PK11SlotInfo, PK11_FreeSlot)
|
||||
NSSCleanupAutoPtrClass(CERTCertNicknames, CERT_FreeNicknames)
|
||||
NSSCleanupAutoPtrClass(PK11SymKey, PK11_FreeSymKey)
|
||||
NSSCleanupAutoPtrClass_WithParam(PK11Context, PK11_DestroyContext, TrueParam, true)
|
||||
NSSCleanupAutoPtrClass_WithParam(SECItem, SECITEM_FreeItem, TrueParam, true)
|
||||
|
||||
/*
|
||||
* These are the most common error strings that are returned
|
||||
|
@ -698,8 +694,7 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
|
|||
// user's key3.db file. Which the slot returned by
|
||||
// PK11_GetInternalKeySlot has access to and PK11_GetInternalSlot
|
||||
// does not.
|
||||
PK11SlotInfo *intSlot = nullptr;
|
||||
PK11SlotInfoCleaner siCleaner(intSlot);
|
||||
ScopedPK11SlotInfo intSlot;
|
||||
|
||||
if (willEscrow && !PK11_IsInternal(slot)) {
|
||||
intSlot = PK11_GetInternalSlot();
|
||||
|
@ -707,7 +702,6 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
|
|||
|
||||
if (!PK11_DoesMechanism(intSlot, mechanism)) {
|
||||
// Set to null, and the subsequent code will not attempt to use it.
|
||||
PK11_FreeSlot(intSlot);
|
||||
intSlot = nullptr;
|
||||
}
|
||||
}
|
||||
|
@ -832,23 +826,17 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
|
|||
//If we generated the key pair on the internal slot because the
|
||||
// keys were going to be escrowed, move the keys over right now.
|
||||
if (mustMoveKey) {
|
||||
SECKEYPrivateKey *newPrivKey = PK11_LoadPrivKey(slot,
|
||||
ScopedSECKEYPrivateKey newPrivKey(PK11_LoadPrivKey(slot,
|
||||
keyPairInfo->privKey,
|
||||
keyPairInfo->pubKey,
|
||||
true, true);
|
||||
SECKEYPrivateKeyCleaner pkCleaner(newPrivKey);
|
||||
|
||||
true, true));
|
||||
if (!newPrivKey)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
// The private key is stored on the selected slot now, and the copy we
|
||||
// ultimately use for escrowing when the time comes lives
|
||||
// in the internal slot. We will delete it from that slot
|
||||
// after the requests are made. This call only gives up
|
||||
// our reference to the key object and does not actually
|
||||
// physically remove it from the card itself.
|
||||
// The actual delete calls are being made in the destructors
|
||||
// of the cleaner helper instances.
|
||||
// after the requests are made.
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
@ -1013,13 +1001,12 @@ nsSetEscrowAuthority(CRMFCertRequest *certReq, nsKeyPairInfo *keyInfo,
|
|||
CRMF_CertRequestIsControlPresent(certReq, crmfPKIArchiveOptionsControl)){
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
CERTCertificate *cert = wrappingCert->GetCert();
|
||||
ScopedCERTCertificate cert(wrappingCert->GetCert());
|
||||
if (!cert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CRMFEncryptedKey *encrKey =
|
||||
CRMF_CreateEncryptedKeyWithEncryptedValue(keyInfo->privKey, cert);
|
||||
CERT_DestroyCertificate(cert);
|
||||
if (!encrKey)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
@ -1046,14 +1033,13 @@ nsSetDNForRequest(CRMFCertRequest *certReq, char *reqDN)
|
|||
if (!reqDN || CRMF_CertRequestIsFieldPresent(certReq, crmfSubject)) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
CERTName *subjectName = CERT_AsciiToName(reqDN);
|
||||
ScopedCERTName subjectName(CERT_AsciiToName(reqDN));
|
||||
if (!subjectName) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
SECStatus srv = CRMF_CertRequestSetTemplateField(certReq, crmfSubject,
|
||||
static_cast<void*>
|
||||
(subjectName));
|
||||
CERT_DestroyName(subjectName);
|
||||
return (srv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
@ -1488,8 +1474,7 @@ nsSet_EC_DHMAC_ProofOfPossession(CRMFCertReqMsg *certReqMsg,
|
|||
// allows multiple requests to be sent in one step.
|
||||
|
||||
unsigned long der_request_len = 0;
|
||||
SECItem *der_request = nullptr;
|
||||
SECItemCleanerTrueParam der_request_cleaner(der_request);
|
||||
ScopedSECItem der_request;
|
||||
|
||||
if (SECSuccess != CRMF_EncodeCertRequest(certReq,
|
||||
nsCRMFEncoderItemCount,
|
||||
|
@ -1516,17 +1501,10 @@ nsSet_EC_DHMAC_ProofOfPossession(CRMFCertReqMsg *certReqMsg,
|
|||
// issuer names in the CA's certificate as follows:
|
||||
// K = SHA1(DER-encoded-subjectName | Kec | DER-encoded-issuerName)"
|
||||
|
||||
PK11SymKey *shared_secret = nullptr;
|
||||
PK11SymKeyCleaner shared_secret_cleaner(shared_secret);
|
||||
|
||||
PK11SymKey *subject_and_secret = nullptr;
|
||||
PK11SymKeyCleaner subject_and_secret_cleaner(subject_and_secret);
|
||||
|
||||
PK11SymKey *subject_and_secret_and_issuer = nullptr;
|
||||
PK11SymKeyCleaner subject_and_secret_and_issuer_cleaner(subject_and_secret_and_issuer);
|
||||
|
||||
PK11SymKey *sha1_of_subject_and_secret_and_issuer = nullptr;
|
||||
PK11SymKeyCleaner sha1_of_subject_and_secret_and_issuer_cleaner(sha1_of_subject_and_secret_and_issuer);
|
||||
ScopedPK11SymKey shared_secret;
|
||||
ScopedPK11SymKey subject_and_secret;
|
||||
ScopedPK11SymKey subject_and_secret_and_issuer;
|
||||
ScopedPK11SymKey sha1_of_subject_and_secret_and_issuer;
|
||||
|
||||
shared_secret =
|
||||
PK11_PubDeriveWithKDF(keyInfo->privKey, // SECKEYPrivateKey *privKey
|
||||
|
@ -1615,23 +1593,18 @@ nsSet_EC_DHMAC_ProofOfPossession(CRMFCertReqMsg *certReqMsg,
|
|||
PK11_DigestOp(context, der_request->data, der_request->len))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
SECItem *result_hmac_sha1_item = nullptr;
|
||||
SECItemCleanerTrueParam result_hmac_sha1_item_cleaner(result_hmac_sha1_item);
|
||||
|
||||
result_hmac_sha1_item = SECITEM_AllocItem(nullptr, nullptr, SHA1_LENGTH);
|
||||
if (!result_hmac_sha1_item)
|
||||
return NS_ERROR_FAILURE;
|
||||
ScopedAutoSECItem result_hmac_sha1_item(SHA1_LENGTH);
|
||||
|
||||
if (SECSuccess !=
|
||||
PK11_DigestFinal(context,
|
||||
result_hmac_sha1_item->data,
|
||||
&result_hmac_sha1_item->len,
|
||||
result_hmac_sha1_item.data,
|
||||
&result_hmac_sha1_item.len,
|
||||
SHA1_LENGTH))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
if (SECSuccess !=
|
||||
CRMF_CertReqMsgSetKeyAgreementPOP(certReqMsg, crmfDHMAC,
|
||||
crmfNoSubseqMess, result_hmac_sha1_item))
|
||||
crmfNoSubseqMess, &result_hmac_sha1_item))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
return NS_OK;
|
||||
|
@ -1950,14 +1923,13 @@ nsCrypto::GenerateCRMFRequest(nsIDOMCRMFObject** aReturn)
|
|||
if (srv != SECSuccess) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
CERTCertificate *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
|
||||
&certDer, nullptr, false,
|
||||
true);
|
||||
ScopedCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
|
||||
&certDer, nullptr,
|
||||
false, true));
|
||||
if (!cert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
escrowCert = nsNSSCertificate::Create(cert);
|
||||
CERT_DestroyCertificate(cert);
|
||||
nssCert = escrowCert;
|
||||
if (!nssCert)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
@ -2217,10 +2189,9 @@ static bool
|
|||
nsCertAlreadyExists(SECItem *derCert)
|
||||
{
|
||||
CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
|
||||
CERTCertificate *cert;
|
||||
bool retVal = false;
|
||||
|
||||
cert = CERT_FindCertByDERCert(handle, derCert);
|
||||
ScopedCERTCertificate cert(CERT_FindCertByDERCert(handle, derCert));
|
||||
if (cert) {
|
||||
if (cert->isperm && !cert->nickname && !cert->emailAddr) {
|
||||
//If the cert doesn't have a nickname or email addr, it is
|
||||
|
@ -2229,7 +2200,6 @@ nsCertAlreadyExists(SECItem *derCert)
|
|||
} else if (cert->isperm) {
|
||||
retVal = true;
|
||||
}
|
||||
CERT_DestroyCertificate(cert);
|
||||
}
|
||||
return retVal;
|
||||
}
|
||||
|
@ -2270,7 +2240,6 @@ nsCrypto::ImportUserCertificates(const nsAString& aNickname,
|
|||
nsAutoCString localNick;
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
|
||||
nsresult rv = NS_OK;
|
||||
CERTCertList *caPubs = nullptr;
|
||||
nsCOMPtr<nsIPK11Token> token;
|
||||
|
||||
nickname = ToNewCString(aNickname);
|
||||
|
@ -2382,7 +2351,8 @@ nsCrypto::ImportUserCertificates(const nsAString& aNickname,
|
|||
//That would be a good thing.
|
||||
|
||||
//Import the root chain into the cert db.
|
||||
caPubs = CMMF_CertRepContentGetCAPubs(certRepContent);
|
||||
{
|
||||
ScopedCERTCertList caPubs(CMMF_CertRepContentGetCAPubs(certRepContent));
|
||||
if (caPubs) {
|
||||
int32_t numCAs = nsCertListCount(caPubs);
|
||||
|
||||
|
@ -2405,9 +2375,8 @@ nsCrypto::ImportUserCertificates(const nsAString& aNickname,
|
|||
nsNSSCertificateDB::ImportValidCACerts(numCAs, derCerts, ctx);
|
||||
nsMemory::Free(derCerts);
|
||||
}
|
||||
|
||||
CERT_DestroyCertList(caPubs);
|
||||
}
|
||||
}
|
||||
|
||||
if (aDoForcedBackup) {
|
||||
// I can't pop up a file picker from the depths of JavaScript,
|
||||
|
@ -2639,7 +2608,7 @@ nsCrypto::SignText(const nsAString& aStringToSign, const nsAString& aCaOption,
|
|||
++numberOfCerts;
|
||||
}
|
||||
|
||||
CERTCertNicknames* nicknames = getNSSCertNicknamesFromCertList(certList);
|
||||
ScopedCERTCertNicknames nicknames(getNSSCertNicknamesFromCertList(certList));
|
||||
|
||||
if (!nicknames) {
|
||||
aResult.Append(internalError);
|
||||
|
@ -2647,8 +2616,6 @@ nsCrypto::SignText(const nsAString& aStringToSign, const nsAString& aCaOption,
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
CERTCertNicknamesCleaner cnc(nicknames);
|
||||
|
||||
NS_ASSERTION(nicknames->numnicknames == numberOfCerts,
|
||||
"nicknames->numnicknames != numberOfCerts");
|
||||
|
||||
|
|
|
@ -16,7 +16,9 @@
|
|||
#include "nsNSSComponent.h"
|
||||
#include "nsSSLStatus.h"
|
||||
#include "nsNSSCertificate.h"
|
||||
#include "nsNSSCleaner.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
#ifdef DEBUG
|
||||
#ifndef PSM_ENABLE_TEST_EV_ROOTS
|
||||
|
@ -28,10 +30,6 @@
|
|||
extern PRLogModuleInfo* gPIPNSSLog;
|
||||
#endif
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
NSSCleanupAutoPtrClass(CERTCertList, CERT_DestroyCertList)
|
||||
NSSCleanupAutoPtrClass_WithParam(SECItem, SECITEM_FreeItem, TrueParam, true)
|
||||
|
||||
#define CONST_OID static const unsigned char
|
||||
#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
|
||||
|
||||
|
@ -1217,8 +1215,7 @@ nsNSSCertificate::hasValidEVOidTag(SECOidTag &resultOidTag, bool &validEV)
|
|||
if (oid_tag == SEC_OID_UNKNOWN) // not in our list of OIDs accepted for EV
|
||||
return NS_OK;
|
||||
|
||||
CERTCertList *rootList = getRootsForOid(oid_tag);
|
||||
CERTCertListCleaner rootListCleaner(rootList);
|
||||
ScopedCERTCertList rootList(getRootsForOid(oid_tag));
|
||||
|
||||
CERTRevocationMethodIndex preferedRevMethods[1] = {
|
||||
cert_revocation_method_ocsp
|
||||
|
@ -1277,14 +1274,13 @@ nsNSSCertificate::hasValidEVOidTag(SECOidTag &resultOidTag, bool &validEV)
|
|||
cvout[0].value.pointer.cert = nullptr;
|
||||
cvout[1].type = cert_po_end;
|
||||
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("calling CERT_PKIXVerifyCert nss cert %p\n", mCert));
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("calling CERT_PKIXVerifyCert nss cert %p\n", mCert.get()));
|
||||
rv = CERT_PKIXVerifyCert(mCert, certificateUsageSSLServer,
|
||||
cvin, cvout, nullptr);
|
||||
if (rv != SECSuccess)
|
||||
return NS_OK;
|
||||
|
||||
CERTCertificate *issuerCert = cvout[0].value.pointer.cert;
|
||||
CERTCertificateCleaner issuerCleaner(issuerCert);
|
||||
ScopedCERTCertificate issuerCert(cvout[0].value.pointer.cert);
|
||||
|
||||
#ifdef PR_LOGGING
|
||||
if (PR_LOG_TEST(gPIPNSSLog, PR_LOG_DEBUG)) {
|
||||
|
|
|
@ -6,6 +6,10 @@
|
|||
#include "nsCOMPtr.h"
|
||||
#include "nsKeyModule.h"
|
||||
#include "nsString.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
using namespace mozilla;
|
||||
using namespace mozilla::psm;
|
||||
|
||||
NS_IMPL_ISUPPORTS1(nsKeyObject, nsIKeyObject)
|
||||
|
||||
|
@ -174,8 +178,7 @@ nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString & aKey,
|
|||
keyItem.data = (unsigned char*)flatKey.get();
|
||||
keyItem.len = flatKey.Length();
|
||||
|
||||
PK11SlotInfo *slot = nullptr;
|
||||
slot = PK11_GetBestSlot(cipherMech, nullptr);
|
||||
ScopedPK11SlotInfo slot(PK11_GetBestSlot(cipherMech, nullptr));
|
||||
if (!slot) {
|
||||
NS_ERROR("no slot");
|
||||
return NS_ERROR_FAILURE;
|
||||
|
@ -183,10 +186,6 @@ nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString & aKey,
|
|||
|
||||
PK11SymKey* symKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap,
|
||||
cipherOperation, &keyItem, nullptr);
|
||||
// cleanup code
|
||||
if (slot)
|
||||
PK11_FreeSlot(slot);
|
||||
|
||||
if (!symKey) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
|
|
@ -3,12 +3,12 @@
|
|||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
#include "nsNSSComponent.h"
|
||||
|
||||
#include "nsNSSCallbacks.h"
|
||||
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/TimeStamp.h"
|
||||
|
||||
#include "nsNSSComponent.h"
|
||||
#include "nsNSSIOLayer.h"
|
||||
#include "nsIWebProgressListener.h"
|
||||
#include "nsProtectedAuthThread.h"
|
||||
|
@ -19,6 +19,7 @@
|
|||
#include "nsIPrompt.h"
|
||||
#include "nsProxyRelease.h"
|
||||
#include "PSMRunnable.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
#include "nsIConsoleService.h"
|
||||
#include "nsIHttpChannelInternal.h"
|
||||
#include "nsCRT.h"
|
||||
|
@ -880,10 +881,9 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||
}
|
||||
|
||||
|
||||
CERTCertificate *peerCert = SSL_PeerCertificate(fd);
|
||||
ScopedCERTCertificate serverCert(SSL_PeerCertificate(fd));
|
||||
const char* caName = nullptr; // caName is a pointer only, no ownership
|
||||
char* certOrgName = CERT_GetOrgName(&peerCert->issuer);
|
||||
CERT_DestroyCertificate(peerCert);
|
||||
char* certOrgName = CERT_GetOrgName(&serverCert->issuer);
|
||||
caName = certOrgName ? certOrgName : signer;
|
||||
|
||||
const char* verisignName = "Verisign, Inc.";
|
||||
|
@ -917,12 +917,8 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||
RememberCertErrorsTable::GetInstance().LookupCertErrorBits(infoObject,
|
||||
status);
|
||||
|
||||
CERTCertificate *serverCert = SSL_PeerCertificate(fd);
|
||||
if (serverCert) {
|
||||
RefPtr<nsNSSCertificate> nssc(nsNSSCertificate::Create(serverCert));
|
||||
CERT_DestroyCertificate(serverCert);
|
||||
serverCert = nullptr;
|
||||
|
||||
nsCOMPtr<nsIX509Cert> prevcert;
|
||||
infoObject->GetPreviousCert(getter_AddRefs(prevcert));
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
#ifndef _NSNSSCALLBACKS_H_
|
||||
#define _NSNSSCALLBACKS_H_
|
||||
|
||||
#include "nsCOMPtr.h"
|
||||
#include "pk11func.h"
|
||||
#include "nspr.h"
|
||||
#include "ocspt.h"
|
||||
|
@ -14,6 +15,9 @@
|
|||
#include "mozilla/CondVar.h"
|
||||
#include "mozilla/Mutex.h"
|
||||
#include "mozilla/Attributes.h"
|
||||
#include "nsString.h"
|
||||
|
||||
class nsILoadGroup;
|
||||
|
||||
char*
|
||||
PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg);
|
||||
|
|
|
@ -34,13 +34,11 @@
|
|||
#include "nsIObjectOutputStream.h"
|
||||
#include "nsIObjectInputStream.h"
|
||||
#include "nsIProgrammingLanguage.h"
|
||||
|
||||
#include "nsXULAppAPI.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "nspr.h"
|
||||
#include "pk11func.h"
|
||||
#include "certdb.h"
|
||||
#include "cert.h"
|
||||
#include "secerr.h"
|
||||
#include "nssb64.h"
|
||||
#include "secasn1.h"
|
||||
|
@ -48,8 +46,6 @@
|
|||
#include "ssl.h"
|
||||
#include "ocsp.h"
|
||||
#include "plbase64.h"
|
||||
#include "cms.h"
|
||||
#include "cert.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
|
@ -59,12 +55,7 @@ extern PRLogModuleInfo* gPIPNSSLog;
|
|||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificateList, CERT_DestroyCertificateList)
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
NSSCleanupAutoPtrClass(NSSCMSMessage, NSS_CMSMessage_Destroy)
|
||||
NSSCleanupAutoPtrClass_WithParam(PLArenaPool, PORT_FreeArena, FalseParam, false)
|
||||
NSSCleanupAutoPtrClass(NSSCMSSignedData, NSS_CMSSignedData_Destroy)
|
||||
NSSCleanupAutoPtrClass(PK11SlotList, PK11_FreeSlotList)
|
||||
|
||||
// This is being stored in an uint32_t that can otherwise
|
||||
// only take values from nsIX509Cert's list of cert types.
|
||||
|
@ -198,7 +189,6 @@ void nsNSSCertificate::destructorSafeDestroyNSSReference()
|
|||
}
|
||||
|
||||
if (mCert) {
|
||||
CERT_DestroyCertificate(mCert);
|
||||
mCert = nullptr;
|
||||
}
|
||||
}
|
||||
|
@ -776,7 +766,7 @@ nsNSSCertificate::GetIssuer(nsIX509Cert * *aIssuer)
|
|||
|
||||
NS_ENSURE_ARG(aIssuer);
|
||||
*aIssuer = nullptr;
|
||||
CERTCertificate *issuer;
|
||||
ScopedCERTCertificate issuer;
|
||||
issuer = CERT_FindCertIssuer(mCert, PR_Now(), certUsageSSLClient);
|
||||
if (issuer) {
|
||||
nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::Create(issuer);
|
||||
|
@ -784,7 +774,6 @@ nsNSSCertificate::GetIssuer(nsIX509Cert * *aIssuer)
|
|||
*aIssuer = cert;
|
||||
NS_ADDREF(*aIssuer);
|
||||
}
|
||||
CERT_DestroyCertificate(issuer);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -822,8 +811,8 @@ nsNSSCertificate::GetChain(nsIArray **_rvChain)
|
|||
NS_ENSURE_ARG(_rvChain);
|
||||
nsresult rv;
|
||||
/* Get the cert chain from NSS */
|
||||
CERTCertList *nssChain = nullptr;
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting chain for \"%s\"\n", mCert->nickname));
|
||||
ScopedCERTCertList nssChain;
|
||||
nssChain = CERT_GetCertChainFromCert(mCert, PR_Now(), certUsageSSLClient);
|
||||
if (!nssChain)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
@ -845,8 +834,6 @@ nsNSSCertificate::GetChain(nsIArray **_rvChain)
|
|||
NS_IF_ADDREF(*_rvChain);
|
||||
rv = NS_OK;
|
||||
done:
|
||||
if (nssChain)
|
||||
CERT_DestroyCertList(nssChain);
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -863,8 +850,7 @@ nsNSSCertificate::GetAllTokenNames(uint32_t *aLength, PRUnichar*** aTokenNames)
|
|||
*aTokenNames = nullptr;
|
||||
|
||||
/* Get the slots from NSS */
|
||||
PK11SlotList *slots = nullptr;
|
||||
PK11SlotListCleaner slotCleaner(slots);
|
||||
ScopedPK11SlotList slots;
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting slots for \"%s\"\n", mCert->nickname));
|
||||
slots = PK11_GetAllSlotsForCert(mCert, nullptr);
|
||||
if (!slots) {
|
||||
|
@ -1082,8 +1068,7 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
|
|||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
NSSCMSMessage *cmsg = NSS_CMSMessage_Create(nullptr);
|
||||
NSSCMSMessageCleaner cmsgCleaner(cmsg);
|
||||
ScopedNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr));
|
||||
if (!cmsg) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
||||
("nsNSSCertificate::ExportAsCMS - can't create CMS message\n"));
|
||||
|
@ -1093,8 +1078,8 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
|
|||
/*
|
||||
* first, create SignedData with the certificate only (no chain)
|
||||
*/
|
||||
NSSCMSSignedData *sigd = NSS_CMSSignedData_CreateCertsOnly(cmsg, mCert, false);
|
||||
NSSCMSSignedDataCleaner sigdCleaner(sigd);
|
||||
ScopedNSSCMSSignedData sigd(NSS_CMSSignedData_CreateCertsOnly(cmsg, mCert,
|
||||
false));
|
||||
if (!sigd) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
||||
("nsNSSCertificate::ExportAsCMS - can't create SignedData\n"));
|
||||
|
@ -1110,8 +1095,8 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
|
|||
*/
|
||||
if (chainMode == nsIX509Cert3::CMS_CHAIN_MODE_CertChain ||
|
||||
chainMode == nsIX509Cert3::CMS_CHAIN_MODE_CertChainWithRoot) {
|
||||
CERTCertificate *issuerCert = CERT_FindCertIssuer(mCert, PR_Now(), certUsageAnyCA);
|
||||
CERTCertificateCleaner issuerCertCleaner(issuerCert);
|
||||
ScopedCERTCertificate issuerCert(
|
||||
CERT_FindCertIssuer(mCert, PR_Now(), certUsageAnyCA));
|
||||
/*
|
||||
* the issuerCert of a self signed root is the cert itself,
|
||||
* so make sure we're not adding duplicates, again
|
||||
|
@ -1119,11 +1104,11 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
|
|||
if (issuerCert && issuerCert != mCert) {
|
||||
bool includeRoot =
|
||||
(chainMode == nsIX509Cert3::CMS_CHAIN_MODE_CertChainWithRoot);
|
||||
CERTCertificateList *certChain = CERT_CertChainFromCert(issuerCert, certUsageAnyCA, includeRoot);
|
||||
CERTCertificateListCleaner certChainCleaner(certChain);
|
||||
ScopedCERTCertificateList certChain(
|
||||
CERT_CertChainFromCert(issuerCert, certUsageAnyCA, includeRoot));
|
||||
if (certChain) {
|
||||
if (NSS_CMSSignedData_AddCertList(sigd, certChain) == SECSuccess) {
|
||||
certChainCleaner.detach();
|
||||
certChain.forget();
|
||||
}
|
||||
else {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
||||
|
@ -1135,7 +1120,7 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
|
|||
/* try to add the issuerCert, at least */
|
||||
if (NSS_CMSSignedData_AddCertificate(sigd, issuerCert)
|
||||
== SECSuccess) {
|
||||
issuerCertCleaner.detach();
|
||||
issuerCert.forget();
|
||||
}
|
||||
else {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
||||
|
@ -1149,7 +1134,7 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
|
|||
NSSCMSContentInfo *cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
|
||||
if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd)
|
||||
== SECSuccess) {
|
||||
sigdCleaner.detach();
|
||||
sigd.forget();
|
||||
}
|
||||
else {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
||||
|
@ -1507,11 +1492,8 @@ nsNSSCertificate::Equals(nsIX509Cert *other, bool *result)
|
|||
if (!other2)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
CERTCertificate *cert = other2->GetCert();
|
||||
ScopedCERTCertificate cert(other2->GetCert());
|
||||
*result = (mCert == cert);
|
||||
if (cert) {
|
||||
CERT_DestroyCertificate(cert);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -1600,13 +1582,6 @@ nsNSSCertList::nsNSSCertList(CERTCertList *certList, bool adopt)
|
|||
}
|
||||
}
|
||||
|
||||
nsNSSCertList::~nsNSSCertList()
|
||||
{
|
||||
if (mCertList) {
|
||||
CERT_DestroyCertList(mCertList);
|
||||
}
|
||||
}
|
||||
|
||||
/* void addCert (in nsIX509Cert cert); */
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertList::AddCert(nsIX509Cert *aCert)
|
||||
|
@ -1706,13 +1681,6 @@ nsNSSCertListEnumerator::nsNSSCertListEnumerator(CERTCertList *certList)
|
|||
mCertList = nsNSSCertList::DupCertList(certList);
|
||||
}
|
||||
|
||||
nsNSSCertListEnumerator::~nsNSSCertListEnumerator()
|
||||
{
|
||||
if (mCertList) {
|
||||
CERT_DestroyCertList(mCertList);
|
||||
}
|
||||
}
|
||||
|
||||
/* boolean hasMoreElements (); */
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertListEnumerator::HasMoreElements(bool *_retval)
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#include "nsISimpleEnumerator.h"
|
||||
#include "nsISerializable.h"
|
||||
#include "nsIClassInfo.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
#include "certt.h"
|
||||
|
||||
class nsAutoString;
|
||||
|
@ -56,7 +57,7 @@ public:
|
|||
static char* defaultServerNickname(CERTCertificate* cert);
|
||||
|
||||
private:
|
||||
CERTCertificate *mCert;
|
||||
mozilla::ScopedCERTCertificate mCert;
|
||||
bool mPermDelete;
|
||||
uint32_t mCertType;
|
||||
nsCOMPtr<nsIASN1Object> mASN1Structure;
|
||||
|
@ -83,11 +84,15 @@ public:
|
|||
NS_DECL_NSIX509CERTLIST
|
||||
|
||||
nsNSSCertList(CERTCertList *certList = nullptr, bool adopt = false);
|
||||
virtual ~nsNSSCertList();
|
||||
|
||||
static CERTCertList *DupCertList(CERTCertList *aCertList);
|
||||
private:
|
||||
CERTCertList *mCertList;
|
||||
virtual ~nsNSSCertList() { }
|
||||
|
||||
mozilla::ScopedCERTCertList mCertList;
|
||||
|
||||
nsNSSCertList(const nsNSSCertList &) MOZ_DELETE;
|
||||
void operator=(const nsNSSCertList &) MOZ_DELETE;
|
||||
};
|
||||
|
||||
class nsNSSCertListEnumerator: public nsISimpleEnumerator
|
||||
|
@ -97,9 +102,13 @@ public:
|
|||
NS_DECL_NSISIMPLEENUMERATOR
|
||||
|
||||
nsNSSCertListEnumerator(CERTCertList *certList);
|
||||
virtual ~nsNSSCertListEnumerator();
|
||||
private:
|
||||
CERTCertList *mCertList;
|
||||
virtual ~nsNSSCertListEnumerator() { }
|
||||
|
||||
mozilla::ScopedCERTCertList mCertList;
|
||||
|
||||
nsNSSCertListEnumerator(const nsNSSCertListEnumerator &) MOZ_DELETE;
|
||||
void operator=(const nsNSSCertListEnumerator &) MOZ_DELETE;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -29,11 +29,10 @@
|
|||
#include "nsComponentManagerUtils.h"
|
||||
#include "nsIPrompt.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "nspr.h"
|
||||
#include "pk11func.h"
|
||||
#include "certdb.h"
|
||||
#include "cert.h"
|
||||
#include "secerr.h"
|
||||
#include "nssb64.h"
|
||||
#include "secasn1.h"
|
||||
|
@ -42,19 +41,12 @@
|
|||
#include "ocsp.h"
|
||||
#include "plbase64.h"
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
#ifdef PR_LOGGING
|
||||
extern PRLogModuleInfo* gPIPNSSLog;
|
||||
#endif
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
NSSCleanupAutoPtrClass(CERTCertList, CERT_DestroyCertList)
|
||||
NSSCleanupAutoPtrClass(CERTCertificateList, CERT_DestroyCertificateList)
|
||||
NSSCleanupAutoPtrClass(PK11SlotInfo, PK11_FreeSlot)
|
||||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
||||
|
||||
|
@ -73,8 +65,11 @@ nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
|
|||
const nsAString &nickname,
|
||||
nsIX509Cert **_rvCert)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(_rvCert);
|
||||
*_rvCert = nullptr;
|
||||
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
CERTCertificate *cert = nullptr;
|
||||
ScopedCERTCertificate cert;
|
||||
char *asciiname = nullptr;
|
||||
NS_ConvertUTF16toUTF8 aUtf8Nickname(nickname);
|
||||
asciiname = const_cast<char*>(aUtf8Nickname.get());
|
||||
|
@ -94,14 +89,11 @@ nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
|
|||
if (cert) {
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));
|
||||
nsCOMPtr<nsIX509Cert> pCert = nsNSSCertificate::Create(cert);
|
||||
CERT_DestroyCertificate(cert);
|
||||
if (pCert) {
|
||||
*_rvCert = pCert;
|
||||
NS_ADDREF(*_rvCert);
|
||||
pCert.forget(_rvCert);
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
*_rvCert = nullptr;
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
@ -109,14 +101,17 @@ NS_IMETHODIMP
|
|||
nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
|
||||
nsIX509Cert **_cert)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(aDBkey);
|
||||
NS_ENSURE_ARG(aDBkey[0]);
|
||||
NS_ENSURE_ARG_POINTER(aToken);
|
||||
NS_ENSURE_ARG_POINTER(_cert);
|
||||
*_cert = nullptr;
|
||||
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
SECItem keyItem = {siBuffer, nullptr, 0};
|
||||
SECItem *dummy;
|
||||
CERTIssuerAndSN issuerSN;
|
||||
//unsigned long moduleID,slotID;
|
||||
*_cert = nullptr;
|
||||
if (!aDBkey || !*aDBkey)
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
|
||||
dummy = NSSBase64_DecodeBuffer(nullptr, &keyItem, aDBkey,
|
||||
(uint32_t)PL_strlen(aDBkey));
|
||||
|
@ -125,7 +120,7 @@ nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
|
|||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
|
||||
CERTCertificate *cert;
|
||||
ScopedCERTCertificate cert;
|
||||
// someday maybe we can speed up the search using the moduleID and slotID
|
||||
// moduleID = NS_NSS_GET_LONG(keyItem.data);
|
||||
// slotID = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG]);
|
||||
|
@ -146,12 +141,10 @@ nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
|
|||
cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN);
|
||||
PR_FREEIF(keyItem.data);
|
||||
if (cert) {
|
||||
nsNSSCertificate *nssCert = nsNSSCertificate::Create(cert);
|
||||
CERT_DestroyCertificate(cert);
|
||||
nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert);
|
||||
if (!nssCert)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
NS_ADDREF(nssCert);
|
||||
*_cert = static_cast<nsIX509Cert*>(nssCert);
|
||||
nssCert.forget(_cert);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -167,7 +160,7 @@ nsNSSCertificateDB::FindCertNicknames(nsISupports *aToken,
|
|||
/*
|
||||
* obtain the cert list from NSS
|
||||
*/
|
||||
CERTCertList *certList = nullptr;
|
||||
ScopedCERTCertList certList;
|
||||
PK11CertListType pk11type;
|
||||
#if 0
|
||||
// this would seem right, but it didn't work...
|
||||
|
@ -190,8 +183,6 @@ nsNSSCertificateDB::FindCertNicknames(nsISupports *aToken,
|
|||
* finish up
|
||||
*/
|
||||
cleanup:
|
||||
if (certList)
|
||||
CERT_DestroyCertList(certList);
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -334,7 +325,7 @@ nsNSSCertificateDB::handleCACertDownload(nsIArray *x509Certs,
|
|||
return rv;
|
||||
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Creating temp cert\n"));
|
||||
CERTCertificate *tmpCert;
|
||||
ScopedCERTCertificate tmpCert;
|
||||
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
|
||||
tmpCert = CERT_FindCertByDERCert(certdb, &der);
|
||||
if (!tmpCert) {
|
||||
|
@ -350,8 +341,6 @@ nsNSSCertificateDB::handleCACertDownload(nsIArray *x509Certs,
|
|||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
CERTCertificateCleaner tmpCertCleaner(tmpCert);
|
||||
|
||||
if (!CERT_IsCACert(tmpCert, nullptr)) {
|
||||
DisplayCertificateAlert(ctx, "NotACACert", certToShow);
|
||||
return NS_ERROR_FAILURE;
|
||||
|
@ -393,13 +382,11 @@ nsNSSCertificateDB::handleCACertDownload(nsIArray *x509Certs,
|
|||
// Import additional delivered certificates that can be verified.
|
||||
|
||||
// build a CertList for filtering
|
||||
CERTCertList *certList = CERT_NewCertList();
|
||||
ScopedCERTCertList certList(CERT_NewCertList());
|
||||
if (!certList) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
CERTCertListCleaner listCleaner(certList);
|
||||
|
||||
// get all remaining certs into temp store
|
||||
|
||||
for (uint32_t i=0; i<numCerts; i++) {
|
||||
|
@ -499,7 +486,7 @@ nsNSSCertificateDB::ImportEmailCertificate(uint8_t * data, uint32_t length,
|
|||
nsresult nsrv = NS_OK;
|
||||
CERTCertDBHandle *certdb;
|
||||
CERTCertificate **certArray = nullptr;
|
||||
CERTCertList *certList = nullptr;
|
||||
ScopedCERTCertList certList;
|
||||
CERTCertListNode *node;
|
||||
PRTime now;
|
||||
SECCertUsage certusage;
|
||||
|
@ -599,8 +586,7 @@ nsNSSCertificateDB::ImportEmailCertificate(uint8_t * data, uint32_t length,
|
|||
}
|
||||
}
|
||||
|
||||
CERTCertificateList *certChain = nullptr;
|
||||
CERTCertificateListCleaner chainCleaner(certChain);
|
||||
ScopedCERTCertificateList certChain;
|
||||
|
||||
if (!alert_and_skip) {
|
||||
certChain = CERT_CertChainFromCert(node->cert, certusage, false);
|
||||
|
@ -639,9 +625,6 @@ loser:
|
|||
if (certArray) {
|
||||
CERT_DestroyCertArray(certArray, numcerts);
|
||||
}
|
||||
if (certList) {
|
||||
CERT_DestroyCertList(certList);
|
||||
}
|
||||
if (arena)
|
||||
PORT_FreeArena(arena, true);
|
||||
return nsrv;
|
||||
|
@ -655,7 +638,7 @@ nsNSSCertificateDB::ImportServerCertificate(uint8_t * data, uint32_t length,
|
|||
nsNSSShutDownPreventionLock locker;
|
||||
SECStatus srv = SECFailure;
|
||||
nsresult nsrv = NS_OK;
|
||||
CERTCertificate * cert;
|
||||
ScopedCERTCertificate cert;
|
||||
SECItem **rawCerts = nullptr;
|
||||
int numcerts;
|
||||
int i;
|
||||
|
@ -706,8 +689,6 @@ nsNSSCertificateDB::ImportServerCertificate(uint8_t * data, uint32_t length,
|
|||
}
|
||||
loser:
|
||||
PORT_Free(rawCerts);
|
||||
if (cert)
|
||||
CERT_DestroyCertificate(cert);
|
||||
if (arena)
|
||||
PORT_FreeArena(arena, true);
|
||||
return nsrv;
|
||||
|
@ -716,7 +697,7 @@ loser:
|
|||
nsresult
|
||||
nsNSSCertificateDB::ImportValidCACerts(int numCACerts, SECItem *CACerts, nsIInterfaceRequestor *ctx)
|
||||
{
|
||||
CERTCertList *certList = nullptr;
|
||||
ScopedCERTCertList certList;
|
||||
SECItem **rawArray;
|
||||
|
||||
// build a CertList for filtering
|
||||
|
@ -725,8 +706,6 @@ nsNSSCertificateDB::ImportValidCACerts(int numCACerts, SECItem *CACerts, nsIInte
|
|||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
CERTCertListCleaner listCleaner(certList);
|
||||
|
||||
// get all certs into temp store
|
||||
SECStatus srv = SECFailure;
|
||||
CERTCertificate **certArray = nullptr;
|
||||
|
@ -810,8 +789,7 @@ nsNSSCertificateDB::ImportValidCACertsInList(CERTCertList *certList, nsIInterfac
|
|||
}
|
||||
}
|
||||
|
||||
CERTCertificateList *certChain = nullptr;
|
||||
CERTCertificateListCleaner chainCleaner(certChain);
|
||||
ScopedCERTCertificateList certChain;
|
||||
|
||||
if (!alert_and_skip) {
|
||||
certChain = CERT_CertChainFromCert(node->cert, certUsageAnyCA, false);
|
||||
|
@ -891,14 +869,14 @@ nsNSSCertificateDB::ImportUserCertificate(uint8_t *data, uint32_t length, nsIInt
|
|||
}
|
||||
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
PK11SlotInfo *slot;
|
||||
ScopedPK11SlotInfo slot;
|
||||
nsAutoCString nickname;
|
||||
nsresult rv = NS_ERROR_FAILURE;
|
||||
int numCACerts;
|
||||
SECItem *CACerts;
|
||||
CERTDERCerts * collectArgs;
|
||||
PLArenaPool *arena;
|
||||
CERTCertificate * cert = nullptr;
|
||||
ScopedCERTCertificate cert;
|
||||
|
||||
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if (!arena) {
|
||||
|
@ -922,7 +900,7 @@ nsNSSCertificateDB::ImportUserCertificate(uint8_t *data, uint32_t length, nsIInt
|
|||
DisplayCertificateAlert(ctx, "UserCertIgnoredNoPrivateKey", certToShow);
|
||||
goto loser;
|
||||
}
|
||||
PK11_FreeSlot(slot);
|
||||
slot = nullptr;
|
||||
|
||||
/* pick a nickname for the cert */
|
||||
if (cert->nickname) {
|
||||
|
@ -943,7 +921,7 @@ nsNSSCertificateDB::ImportUserCertificate(uint8_t *data, uint32_t length, nsIInt
|
|||
if (!slot) {
|
||||
goto loser;
|
||||
}
|
||||
PK11_FreeSlot(slot);
|
||||
slot = nullptr;
|
||||
|
||||
{
|
||||
nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(cert);
|
||||
|
@ -961,9 +939,6 @@ loser:
|
|||
if (arena) {
|
||||
PORT_FreeArena(arena, false);
|
||||
}
|
||||
if ( cert ) {
|
||||
CERT_DestroyCertificate(cert);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -975,9 +950,8 @@ nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert)
|
|||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
nsCOMPtr<nsIX509Cert2> nssCert = do_QueryInterface(aCert);
|
||||
CERTCertificate *cert = nssCert->GetCert();
|
||||
ScopedCERTCertificate cert(nssCert->GetCert());
|
||||
if (!cert) return NS_ERROR_FAILURE;
|
||||
CERTCertificateCleaner certCleaner(cert);
|
||||
SECStatus srv = SECSuccess;
|
||||
|
||||
uint32_t certType;
|
||||
|
@ -1019,8 +993,8 @@ nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert,
|
|||
nsCOMPtr<nsIX509Cert2> pipCert = do_QueryInterface(cert);
|
||||
if (!pipCert)
|
||||
return NS_ERROR_FAILURE;
|
||||
CERTCertificate *nsscert = pipCert->GetCert();
|
||||
CERTCertificateCleaner certCleaner(nsscert);
|
||||
ScopedCERTCertificate nsscert(pipCert->GetCert());
|
||||
|
||||
if (type == nsIX509Cert::CA_CERT) {
|
||||
// always start with untrusted and move up
|
||||
trust.SetValidCA();
|
||||
|
@ -1063,14 +1037,13 @@ nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert,
|
|||
nsNSSShutDownPreventionLock locker;
|
||||
SECStatus srv;
|
||||
nsCOMPtr<nsIX509Cert2> pipCert = do_QueryInterface(cert);
|
||||
CERTCertificate *nsscert = pipCert->GetCert();
|
||||
ScopedCERTCertificate nsscert(pipCert->GetCert());
|
||||
CERTCertTrust nsstrust;
|
||||
srv = CERT_GetCertTrust(nsscert, &nsstrust);
|
||||
if (srv != SECSuccess)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
nsNSSCertTrust trust(&nsstrust);
|
||||
CERT_DestroyCertificate(nsscert);
|
||||
if (certType == nsIX509Cert::CA_CERT) {
|
||||
if (trustType & nsIX509CertDB::TRUSTED_SSL) {
|
||||
*_isTrusted = trust.HasTrustedCA(true, false, false);
|
||||
|
@ -1197,10 +1170,9 @@ nsNSSCertificateDB::ExportPKCS12File(nsISupports *aToken,
|
|||
if (count == 0) return NS_OK;
|
||||
nsCOMPtr<nsIPK11Token> localRef;
|
||||
if (!aToken) {
|
||||
PK11SlotInfo *keySlot = PK11_GetInternalKeySlot();
|
||||
ScopedPK11SlotInfo keySlot(PK11_GetInternalKeySlot());
|
||||
NS_ASSERTION(keySlot,"Failed to get the internal key slot");
|
||||
localRef = new nsPK11Token(keySlot);
|
||||
PK11_FreeSlot(keySlot);
|
||||
}
|
||||
else {
|
||||
localRef = do_QueryInterface(aToken);
|
||||
|
@ -1295,59 +1267,47 @@ nsNSSCertificateDB::GetIsOcspOn(bool *aOcspOn)
|
|||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString &aNickname, nsIX509Cert **_retval)
|
||||
{
|
||||
if (!_retval)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
*_retval = 0;
|
||||
NS_ENSURE_ARG_POINTER(_retval);
|
||||
*_retval = nullptr;
|
||||
|
||||
if (aNickname.IsEmpty())
|
||||
return NS_OK;
|
||||
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
nsresult rv = NS_OK;
|
||||
CERTCertificate *cert = 0;
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
|
||||
nsNSSCertificate *nssCert = nullptr;
|
||||
char *asciiname = nullptr;
|
||||
NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname);
|
||||
asciiname = const_cast<char*>(aUtf8Nickname.get());
|
||||
|
||||
/* Find a good cert in the user's database */
|
||||
ScopedCERTCertificate cert;
|
||||
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), asciiname,
|
||||
certUsageEmailRecipient, true, ctx);
|
||||
|
||||
if (!cert) { goto loser; }
|
||||
|
||||
nssCert = nsNSSCertificate::Create(cert);
|
||||
if (!nssCert) {
|
||||
rv = NS_ERROR_OUT_OF_MEMORY;
|
||||
if (!cert) {
|
||||
return NS_OK;
|
||||
}
|
||||
NS_ADDREF(nssCert);
|
||||
|
||||
*_retval = static_cast<nsIX509Cert*>(nssCert);
|
||||
|
||||
loser:
|
||||
if (cert) CERT_DestroyCertificate(cert);
|
||||
return rv;
|
||||
nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert);
|
||||
if (!nssCert) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
nssCert.forget(_retval);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/* nsIX509Cert getDefaultEmailSigningCert (); */
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::FindEmailSigningCert(const nsAString &aNickname, nsIX509Cert **_retval)
|
||||
{
|
||||
if (!_retval)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
*_retval = 0;
|
||||
NS_ENSURE_ARG_POINTER(_retval);
|
||||
*_retval = nullptr;
|
||||
|
||||
if (aNickname.IsEmpty())
|
||||
return NS_OK;
|
||||
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
nsresult rv = NS_OK;
|
||||
CERTCertificate *cert = 0;
|
||||
ScopedCERTCertificate cert;
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
|
||||
nsNSSCertificate *nssCert = nullptr;
|
||||
char *asciiname = nullptr;
|
||||
NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname);
|
||||
asciiname = const_cast<char*>(aUtf8Nickname.get());
|
||||
|
@ -1355,20 +1315,16 @@ nsNSSCertificateDB::FindEmailSigningCert(const nsAString &aNickname, nsIX509Cert
|
|||
/* Find a good cert in the user's database */
|
||||
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), asciiname,
|
||||
certUsageEmailSigner, true, ctx);
|
||||
|
||||
if (!cert) { goto loser; }
|
||||
|
||||
nssCert = nsNSSCertificate::Create(cert);
|
||||
if (!nssCert) {
|
||||
rv = NS_ERROR_OUT_OF_MEMORY;
|
||||
if (!cert) {
|
||||
return NS_OK;
|
||||
}
|
||||
NS_ADDREF(nssCert);
|
||||
|
||||
*_retval = static_cast<nsIX509Cert*>(nssCert);
|
||||
|
||||
loser:
|
||||
if (cert) CERT_DestroyCertificate(cert);
|
||||
return rv;
|
||||
nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert);
|
||||
if (!nssCert) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
nssCert.forget(_retval);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
|
@ -1389,15 +1345,14 @@ nsNSSCertificateDB::FindCertByEmailAddress(nsISupports *aToken, const char *aEma
|
|||
return nsrv;
|
||||
}
|
||||
|
||||
CERTCertList *certlist = PK11_FindCertsFromEmailAddress(aEmailAddress, nullptr);
|
||||
ScopedCERTCertList certlist(
|
||||
PK11_FindCertsFromEmailAddress(aEmailAddress, nullptr));
|
||||
if (!certlist)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
// certlist now contains certificates with the right email address,
|
||||
// but they might not have the correct usage or might even be invalid
|
||||
|
||||
CERTCertListCleaner listCleaner(certlist);
|
||||
|
||||
if (CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist))
|
||||
return NS_ERROR_FAILURE; // no certs found
|
||||
|
||||
|
@ -1476,7 +1431,8 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
|
|||
secitem_cert.data = (unsigned char*)certDER;
|
||||
secitem_cert.len = lengthDER;
|
||||
|
||||
CERTCertificate *cert =
|
||||
ScopedCERTCertificate cert;
|
||||
cert =
|
||||
CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &secitem_cert,
|
||||
nullptr, false, true);
|
||||
PL_strfree(certDER);
|
||||
|
@ -1485,13 +1441,12 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
|
|||
return (PORT_GetError() == SEC_ERROR_NO_MEMORY)
|
||||
? NS_ERROR_OUT_OF_MEMORY : NS_ERROR_FAILURE;
|
||||
|
||||
nsNSSCertificate *nsNSS = nsNSSCertificate::Create(cert);
|
||||
CERT_DestroyCertificate(cert);
|
||||
|
||||
if (!nsNSS)
|
||||
nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert);
|
||||
if (!nssCert) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
return CallQueryInterface(nsNSS, _retval);
|
||||
}
|
||||
nssCert.forget(_retval);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -1547,8 +1502,7 @@ nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
|
|||
* then we need to check for nicknames that already exist on the smart
|
||||
* card.
|
||||
*/
|
||||
PK11SlotInfo *slot = PK11_KeyForCertExists(cert, &keyHandle, ctx);
|
||||
PK11SlotInfoCleaner slotCleaner(slot);
|
||||
ScopedPK11SlotInfo slot(PK11_KeyForCertExists(cert, &keyHandle, ctx));
|
||||
if (!slot)
|
||||
return;
|
||||
|
||||
|
@ -1576,8 +1530,7 @@ nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
|
|||
PR_smprintf_free(tmp);
|
||||
}
|
||||
|
||||
CERTCertificate *dummycert = nullptr;
|
||||
CERTCertificateCleaner dummycertCleaner(dummycert);
|
||||
ScopedCERTCertificate dummycert;
|
||||
|
||||
if (PK11_IsInternal(slot)) {
|
||||
/* look up the nickname to make sure it isn't in use already */
|
||||
|
@ -1600,7 +1553,6 @@ nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
|
|||
* the same subject name on the smart card, so let's use this
|
||||
* nickname.
|
||||
*/
|
||||
CERT_DestroyCertificate(dummycert);
|
||||
dummycert = nullptr;
|
||||
}
|
||||
}
|
||||
|
@ -1633,9 +1585,8 @@ NS_IMETHODIMP nsNSSCertificateDB::AddCertFromBase64(const char *aBase64, const c
|
|||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Creating temp cert\n"));
|
||||
CERTCertificate *tmpCert;
|
||||
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
|
||||
tmpCert = CERT_FindCertByDERCert(certdb, &der);
|
||||
ScopedCERTCertificate tmpCert(CERT_FindCertByDERCert(certdb, &der));
|
||||
if (!tmpCert)
|
||||
tmpCert = CERT_NewTempCertificate(certdb, &der,
|
||||
nullptr, false, true);
|
||||
|
@ -1649,12 +1600,9 @@ NS_IMETHODIMP nsNSSCertificateDB::AddCertFromBase64(const char *aBase64, const c
|
|||
}
|
||||
|
||||
if (tmpCert->isperm) {
|
||||
CERT_DestroyCertificate(tmpCert);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
CERTCertificateCleaner tmpCertCleaner(tmpCert);
|
||||
|
||||
nsXPIDLCString nickname;
|
||||
nickname.Adopt(CERT_MakeCANickname(tmpCert));
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
#include "nsCharSeparatedTokenizer.h"
|
||||
#include "nsIConsoleService.h"
|
||||
#include "PSMRunnable.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "ssl.h"
|
||||
#include "secerr.h"
|
||||
|
@ -49,7 +50,6 @@ using namespace mozilla::psm;
|
|||
|
||||
namespace {
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
NSSCleanupAutoPtrClass(void, PR_FREEIF)
|
||||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
@ -259,8 +259,7 @@ nsNSSSocketInfo::JoinConnection(const nsACString & npnProtocol,
|
|||
// Ensure that the server certificate covers the hostname that would
|
||||
// like to join this connection
|
||||
|
||||
CERTCertificate *nssCert = nullptr;
|
||||
CERTCertificateCleaner nsscertCleaner(nssCert);
|
||||
ScopedCERTCertificate nssCert;
|
||||
|
||||
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(SSLStatus()->mServerCert);
|
||||
if (cert2)
|
||||
|
@ -1914,11 +1913,11 @@ void ClientAuthDataRunnable::RunOnTargetThread()
|
|||
{
|
||||
PLArenaPool* arena = nullptr;
|
||||
char** caNameStrings;
|
||||
CERTCertificate* cert = nullptr;
|
||||
SECKEYPrivateKey* privKey = nullptr;
|
||||
CERTCertList* certList = nullptr;
|
||||
ScopedCERTCertificate cert;
|
||||
ScopedSECKEYPrivateKey privKey;
|
||||
ScopedCERTCertList certList;
|
||||
CERTCertListNode* node;
|
||||
CERTCertNicknames* nicknames = nullptr;
|
||||
ScopedCERTCertNicknames nicknames;
|
||||
char* extracted = nullptr;
|
||||
int keyError = 0; /* used for private key retrieval error */
|
||||
SSM_UserCertChoice certChoice;
|
||||
|
@ -1972,8 +1971,7 @@ void ClientAuthDataRunnable::RunOnTargetThread()
|
|||
goto noCert;
|
||||
}
|
||||
|
||||
CERTCertificate* low_prio_nonrep_cert = nullptr;
|
||||
CERTCertificateCleaner low_prio_cleaner(low_prio_nonrep_cert);
|
||||
ScopedCERTCertificate low_prio_nonrep_cert;
|
||||
|
||||
/* loop through the list until we find a cert with a key */
|
||||
while (!CERT_LIST_END(node, certList)) {
|
||||
|
@ -1991,7 +1989,6 @@ void ClientAuthDataRunnable::RunOnTargetThread()
|
|||
privKey = PK11_FindKeyByAnyCert(node->cert, wincx);
|
||||
if (privKey) {
|
||||
if (hasExplicitKeyUsageNonRepudiation(node->cert)) {
|
||||
SECKEY_DestroyPrivateKey(privKey);
|
||||
privKey = nullptr;
|
||||
// Not a prefered cert
|
||||
if (!low_prio_nonrep_cert) // did not yet find a low prio cert
|
||||
|
@ -2013,8 +2010,7 @@ void ClientAuthDataRunnable::RunOnTargetThread()
|
|||
}
|
||||
|
||||
if (!cert && low_prio_nonrep_cert) {
|
||||
cert = low_prio_nonrep_cert;
|
||||
low_prio_nonrep_cert = nullptr; // take it away from the cleaner
|
||||
cert = low_prio_nonrep_cert.forget();
|
||||
privKey = PK11_FindKeyByAnyCert(cert, wincx);
|
||||
}
|
||||
|
||||
|
@ -2270,7 +2266,8 @@ if (!hasRemembered)
|
|||
}
|
||||
|
||||
if (cars && wantRemember) {
|
||||
cars->RememberDecision(hostname, mServerCert, canceled ? 0 : cert);
|
||||
cars->RememberDecision(hostname, mServerCert,
|
||||
canceled ? nullptr : cert.get());
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2300,28 +2297,18 @@ loser:
|
|||
if (mRV == SECSuccess) {
|
||||
mRV = SECFailure;
|
||||
}
|
||||
if (cert) {
|
||||
CERT_DestroyCertificate(cert);
|
||||
cert = nullptr;
|
||||
}
|
||||
done:
|
||||
int error = PR_GetError();
|
||||
|
||||
if (extracted) {
|
||||
PR_Free(extracted);
|
||||
}
|
||||
if (nicknames) {
|
||||
CERT_FreeNicknames(nicknames);
|
||||
}
|
||||
if (certList) {
|
||||
CERT_DestroyCertList(certList);
|
||||
}
|
||||
if (arena) {
|
||||
PORT_FreeArena(arena, false);
|
||||
}
|
||||
|
||||
*mPRetCert = cert;
|
||||
*mPRetKey = privKey;
|
||||
*mPRetCert = cert.forget();
|
||||
*mPRetKey = privKey.forget();
|
||||
|
||||
if (mRV == SECFailure) {
|
||||
mErrorCodeToReport = error;
|
||||
|
|
|
@ -26,15 +26,15 @@
|
|||
#include "nsICertificateDialogs.h"
|
||||
#include "nsNSSShutDown.h"
|
||||
#include "nsCRT.h"
|
||||
#include "pk11func.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "secerr.h"
|
||||
|
||||
#ifdef PR_LOGGING
|
||||
extern PRLogModuleInfo* gPIPNSSLog;
|
||||
#endif
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
using namespace mozilla;
|
||||
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
||||
|
@ -360,9 +360,7 @@ nsPKCS12Blob::ExportToFile(nsIFile *file,
|
|||
// nsNSSCertificate *cert = reinterpret_cast<nsNSSCertificate *>(certs[i]);
|
||||
nsNSSCertificate *cert = (nsNSSCertificate *)certs[i];
|
||||
// get it as a CERTCertificate XXX
|
||||
CERTCertificate *nssCert = NULL;
|
||||
CERTCertificateCleaner nssCertCleaner(nssCert);
|
||||
nssCert = cert->GetCert();
|
||||
ScopedCERTCertificate nssCert(cert->GetCert());
|
||||
if (!nssCert) {
|
||||
rv = NS_ERROR_FAILURE;
|
||||
goto finish;
|
||||
|
|
|
@ -18,12 +18,8 @@
|
|||
#include "certdb.h"
|
||||
#include "sechash.h"
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS1(nsRecentBadCertsService,
|
||||
nsIRecentBadCertsService)
|
||||
|
||||
|
@ -78,9 +74,8 @@ nsRecentBadCertsService::GetRecentBadCert(const nsAString & aHostNameWithPort,
|
|||
}
|
||||
|
||||
if (foundDER.len) {
|
||||
CERTCertificate *nssCert;
|
||||
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
|
||||
nssCert = CERT_FindCertByDERCert(certdb, &foundDER);
|
||||
ScopedCERTCertificate nssCert(CERT_FindCertByDERCert(certdb, &foundDER));
|
||||
if (!nssCert)
|
||||
nssCert = CERT_NewTempCertificate(certdb, &foundDER,
|
||||
nullptr, // no nickname
|
||||
|
@ -93,8 +88,6 @@ nsRecentBadCertsService::GetRecentBadCert(const nsAString & aHostNameWithPort,
|
|||
return NS_ERROR_FAILURE;
|
||||
|
||||
status->mServerCert = nsNSSCertificate::Create(nssCert);
|
||||
CERT_DestroyCertificate(nssCert);
|
||||
|
||||
status->mHaveCertErrorBits = true;
|
||||
status->mIsDomainMismatch = isDomainMismatch;
|
||||
status->mIsNotValidAtThisTime = isNotValidAtThisTime;
|
||||
|
|
|
@ -21,14 +21,14 @@
|
|||
#include "nsSDR.h"
|
||||
#include "nsNSSComponent.h"
|
||||
#include "nsNSSShutDown.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
|
||||
#include "pk11func.h"
|
||||
#include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt
|
||||
|
||||
#include "ssl.h" // For SSL_ClearSessionCache
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
NSSCleanupAutoPtrClass(PK11SlotInfo, PK11_FreeSlot)
|
||||
using namespace mozilla;
|
||||
|
||||
// Standard ISupports implementation
|
||||
// NOTE: Should these be the thread-safe versions?
|
||||
|
@ -51,8 +51,7 @@ Encrypt(unsigned char * data, int32_t dataLen, unsigned char * *result, int32_t
|
|||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
nsresult rv = NS_OK;
|
||||
PK11SlotInfo *slot = 0;
|
||||
PK11SlotInfoCleaner tmpSlotCleaner(slot);
|
||||
ScopedPK11SlotInfo slot;
|
||||
SECItem keyid;
|
||||
SECItem request;
|
||||
SECItem reply;
|
||||
|
@ -94,8 +93,7 @@ Decrypt(unsigned char * data, int32_t dataLen, unsigned char * *result, int32_t
|
|||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
nsresult rv = NS_OK;
|
||||
PK11SlotInfo *slot = 0;
|
||||
PK11SlotInfoCleaner tmpSlotCleaner(slot);
|
||||
ScopedPK11SlotInfo slot;
|
||||
SECStatus s;
|
||||
SECItem request;
|
||||
SECItem reply;
|
||||
|
@ -200,16 +198,12 @@ ChangePassword()
|
|||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
nsresult rv;
|
||||
PK11SlotInfo *slot;
|
||||
|
||||
slot = PK11_GetInternalKeySlot();
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
|
||||
if (!slot) return NS_ERROR_NOT_AVAILABLE;
|
||||
|
||||
/* Convert UTF8 token name to UCS2 */
|
||||
NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot));
|
||||
|
||||
PK11_FreeSlot(slot);
|
||||
|
||||
/* Get the set password dialog handler imlementation */
|
||||
nsCOMPtr<nsITokenPasswordDialogs> dialogs;
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче