as with the cache, a search by cert DER should crack the DER into issuer and serial, then index the hash directly, as opposed to iteration

2002-02-08 16:26:07 +00:00 · 2002-02-08 16:26:07 +00:00 · e9a7e3bb6e
--- a/security/nss/lib/pki/pkistore.c
+++ b/security/nss/lib/pki/pkistore.c
@ -32,7 +32,7 @@
 */
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pkistore.c,v $ $Revision: 1.8 $ $Date: 2002-02-08 02:51:38 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: pkistore.c,v $ $Revision: 1.9 $ $Date: 2002-02-08 16:26:07 $ $Name:  $";
 #endif /* DEBUG */
 #ifndef PKIM_H
@ -55,6 +55,10 @@ static const char CVS_ID[] = "@(#) $RCSfile: pkistore.c,v $ $Revision: 1.8 $ $Da
 #include "pkistore.h"
 #endif /* PKISTORE_H */
 #ifdef NSS_3_4_CODE
 #include "cert.h"
 #endif
 /* 
 * Certificate Store
 *
@ -539,34 +543,35 @@ nssCertificateStore_FindCertificateByIssuerAndSerialNumber
    return rvCert;
 }
-/* XXX Get this to use issuer/serial! */
+#ifdef NSS_3_4_CODE
-
+static PRStatus
-struct der_template_str
+issuer_and_serial_from_encoding
 (
  NSSBER *encoding, 
  NSSDER *issuer, 
  NSSDER *serial
 )
 {
-    NSSDER *encoding;
+    SECItem derCert, derIssuer, derSerial;
-    NSSCertificate *cert;
+    SECStatus secrv;
-};
+    derCert.data = (unsigned char *)encoding->data;
-
+    derCert.len = encoding->size;
-static void match_encoding(const void *k, void *v, void *a)
+    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
-{
+    if (secrv != SECSuccess) {
-    PRStatus nssrv;
+	return PR_FAILURE;
    NSSCertificate *c;
    nssList *subjectList = (nssList *)v;
    struct der_template_str *der = (struct der_template_str *)a;
    nssListIterator *iter = nssList_CreateIterator(subjectList);
    if (iter) {
 	for (c  = (NSSCertificate *)nssListIterator_Start(iter);
 	     c != (NSSCertificate *)NULL;
 	     c  = (NSSCertificate *)nssListIterator_Next(iter))
 	{
 	    if (nssItem_Equal(&c->encoding, der->encoding, &nssrv)) {
 		der->cert = c;
 	    }
 	}
 	nssListIterator_Finish(iter);
 	nssListIterator_Destroy(iter);
    }
    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
    if (secrv != SECSuccess) {
 	PORT_Free(derIssuer.data);
 	return PR_FAILURE;
    }
    issuer->data = derIssuer.data;
    issuer->size = derIssuer.len;
    serial->data = derSerial.data;
    serial->size = derSerial.len;
    return PR_SUCCESS;
 }
 #endif
 NSS_IMPLEMENT NSSCertificate *
 nssCertificateStore_FindCertificateByEncodedCertificate
@ -575,16 +580,22 @@ nssCertificateStore_FindCertificateByEncodedCertificate
  NSSDER *encoding
 )
 {
-    struct der_template_str der;
+    PRStatus nssrv = PR_FAILURE;
    NSSDER issuer, serial;
    NSSCertificate *rvCert = NULL;
-    der.encoding = encoding;
+#ifdef NSS_3_4_CODE
-    der.cert = NULL;
+    nssrv = issuer_and_serial_from_encoding(encoding, &issuer, &serial);
-    PZ_Lock(store->lock);
+#endif
-    nssHash_Iterate(store->subject, match_encoding, &der);
+    if (nssrv != PR_SUCCESS) {
-    if (der.cert) {
+	return NULL;
 	rvCert = nssCertificate_AddRef(der.cert);
    }
-    PZ_Unlock(store->lock);
+    rvCert = nssCertificateStore_FindCertificateByIssuerAndSerialNumber(store, 
                                                                     &issuer, 
                                                                     &serial);
 #ifdef NSS_3_4_CODE
    PORT_Free(issuer.data);
    PORT_Free(serial.data);
 #endif
    return rvCert;
 }