2 * NSS utility functions
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
19 #include "pk11func.h" /* for PK11_ function calls */
22 * This callback used by SSL to pull client sertificate upon
26 NSS_GetClientAuthData(void * arg,
28 struct CERTDistNamesStr * caNames,
29 struct CERTCertificateStr ** pRetCert,
30 struct SECKEYPrivateKeyStr **pRetKey)
32 CERTCertificate * cert = NULL;
33 SECKEYPrivateKey * privkey = NULL;
34 char * chosenNickName = (char *)arg; /* CONST */
35 void * proto_win = NULL;
36 SECStatus rv = SECFailure;
38 proto_win = SSL_RevealPinArg(socket);
41 cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
42 chosenNickName, certUsageSSLClient,
45 privkey = PK11_FindKeyByAnyCert(cert, proto_win);
49 CERT_DestroyCertificate(cert);
52 } else { /* no name given, automatically find the right cert. */
53 CERTCertNicknames * names;
56 names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
57 SEC_CERT_NICKNAMES_USER, proto_win);
59 for (i = 0; i < names->numnicknames; i++) {
60 cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
61 names->nicknames[i], certUsageSSLClient,
65 /* Only check unexpired certs */
66 if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
68 CERT_DestroyCertificate(cert);
71 rv = NSS_CmpCertChainWCANames(cert, caNames);
72 if ( rv == SECSuccess ) {
73 privkey = PK11_FindKeyByAnyCert(cert, proto_win);
78 CERT_DestroyCertificate(cert);
80 CERT_FreeNicknames(names);
83 if (rv == SECSuccess) {