Enc Dec MAC Using Key Wrap CertReq PKCS10 CSR
ll; if (!selfsign) { certcertificate *issuer = pk11_findcertfromnickname(issuernickname, pwarg); if ((certcertificate *)null == issuer) { pr_fprintf(pr_stderr, "unable to find issuer with nickname %s\n", issuernickname); goto cleanup; } privkey = caprivatekey = pk11_findkeybyanycert(issuer, pwarg); cert_destroycertificate(issuer); if (caprivatekey == null) { pr_fprintf(pr_stderr, "unable to retrieve key %s\n", issuernickname); goto cleanup; } } arena = cert->arena; algid = sec_getsignaturealgorithmoidtag(privkey->keytype, hashalgtag); if (algid == sec_oid_unknown) { pr_fprintf(pr_stderr, "unknown key or hash type for ...
...&req->subject : &issuercert->subject), validity, req); cert_destroyvalidity(validity); } cleanup: if ( issuercert ) { cert_destroycertificate (issuercert); } return cert; } /* * add a certificate to the nss database */ secstatus addcert(pk11slotinfo *slot, certcertdbhandle *handle, const char *name, char *trusts, char *infilename, prbool ascii, prbool emailcert, void *pwdata) { secitem certder; secstatus rv; certcerttrust *trust = null; certcertificate *cert = nul...
...certtrust(handle, cert, trust); } if (rv != secsuccess) { pr_fprintf(pr_stderr, "could not change trust on certificate : %s\n", port_errortostring(rv)); rv = secfailure; goto cleanup; } } if (emailcert) { cert_savesmimeprofile(cert, null, pwdata); } cleanup: if (cert) { cert_destroycertificate (cert); } if (trust) { port_free(trust); } if (certder.data) { port_free(certder.data); } return rv; } /* * create a certificate */ static secstatus createcert( certcertdbhandle *handle, pk11slotinfo *slot, char * issuernickname, char *infilename, char *outfilename, seckeyprivatekey **se...
...And 6 more matches

sample2
void *dummy; prarenapool *arena = null; secitem *result = null; seckeyprivatekey *caprivatekey = null; if (!selfsign) { certcertificate *issuer = pk11_findcertfromnickname(issuernickname, pwarg); if ((certcertificate *)null == issuer) { pr_fprintf(pr_stderr, "unable to find issuer with nickname %s\n", issuernickname); goto cleanup; } privkey = caprivatekey = pk11_findkeybyanycert(issuer, pwarg); cert_destroycertificate(issuer); if (caprivatekey == null) { pr_fprintf(pr_stderr, "unable to retrieve key %s\n", issuernickname); goto cleanup; } } arena = cert->arena; algid = sec_getsignaturealgorithmoidtag(privkey->keytype, hashalgtag); if (algid == sec_oid_unknown) { pr_fprintf(pr_stderr, "unknown key or hash type for issuer.\n"); goto cleanup; } rv = secoid_setalgorithmid(arena, &cert->signature, algid, 0); if (rv...
...&req->subject : &issuercert->subject), validity, req); cert_destroyvalidity(validity); } cleanup: if ( issuercert ) { cert_destroycertificate (issuercert); } return cert; } /* * add a certificate to the nss database */ secstatus addcert(pk11slotinfo *slot, certcertdbhandle *handle, const char *name, char *trusts, char *infilename, prbool ascii, prbool emailcert, void *pwdata) { secitem certder; secstatus rv; certcerttrust *trust = null; certcertificate *cert = null; certder.data = null; /* read in the entire file specified with the -i ...
...enticate to token %s : %s\n", pk11_gettokenname(slot), port_errortostring(rv)); rv = secfailure; goto cleanup; } rv = cert_changecerttrust(handle, cert, trust); } if (rv != secsuccess) { pr_fprintf(pr_stderr, "could not change trust on certificate : %s\n", port_errortostring(rv)); rv = secfailure; goto cleanup; } } if (emailcert) { cert_savesmimeprofile(cert, null, pwdata); } cleanup: if (cert) { cert_destroycertificate (cert); } if (trust) { port_free(trust); } if (certder.data) { port_free(certder.data); } return rv; } /* * create a certificate */ static secstatus createcert( certcertdbhandle *handle, pk11slotinfo *slot, char * issuernickname, char *infilename, char *outfilename, seckeyprivatekey **selfsignprivkey, void *pwarg, secoidtag hashalgtag, unsigned int serialnumber, int warpmonths, int validitymonths...
...And 6 more matches

sslcrt.html
manipulating certificates cert_dupcertificate cert_destroycertificate cert_dupcertificate makes a shallow copy of a specified certificate.
... cert_destroycertificate destroys a certificate object.
... syntax #include <cert.h> #include <certt.h> void cert_destroycertificate(certcertificate *cert); parameters this function has the following parameter: cert a pointer to the certificate to destroy.
...when you call cert_destroycertificate or seckey_destroyprivatekey, the function decrements the reference count and, if the reference count reaches zero as a result, both frees the memory and sets all the bits to zero.

NSS API Guidelines
for example: layer_capitalizedenglishwords() or cert_destroycertificate().
...for instance, cert_destroycertificate() is type 1, pk11_destroyslot() is type 2, and pk11_destroytokenobject() is type 3.

sslfnc.html
the application should destroy its copies when it has no further use for them by calling cert_destroycertificate and seckey_destroyprivatekey.
...the application should destroy its copies when it has no further use for them by calling cert_destroycertificate and seckey_destroyprivatekey.

Function_Name
the certificate is a shallow copy, use cert_destroycertificate to decrement the reference count on the certificate instance.

CERT_FindCertByDERCert
the certificate is a shallow copy, use cert_destroycertificate to decrement the reference count on the certificate instance.

CERT_FindCertByIssuerAndSN
the certificate is a shallow copy, use cert_destroycertificate to decrement the reference count on the certificate instance.

Certificate functions
decodeocspresponse mxr 3.6 and later cert_decodeoidsequence mxr 3.2 and later cert_decodeprivkeyusageperiodextension mxr 3.10 and later cert_decodetruststring mxr 3.4 and later cert_decodeusernotice mxr 3.2 and later cert_dernametoascii mxr 3.4 and later cert_destroycertarray mxr 3.2 and later cert_destroycertificate mxr 3.2 and later cert_destroycertificatelist mxr 3.2 and later cert_destroycertificatepoliciesextension mxr 3.2 and later cert_destroycertificaterequest mxr 3.2 and later cert_destroycertlist mxr 3.2 and later cert_destroyname mxr 3.2 and later cert_destroyocspcertid mxr 3.6 and later cert_de...

Enc Dec MAC Output Public Key as CSR
ler); if (obuf) { port_free(obuf); } } else { numbytes = pr_write(outfile, result.data, result.len); if (numbytes != (int)result.len) { pr_fprintf(pr_stderr, "write error\n"); rv = secfailure; goto cleanup; } } cleanup: if (spki) { seckey_destroysubjectpublickeyinfo(spki); } if (cr) { cert_destroycertificaterequest (cr); } if (arena) { port_freearena(arena, pr_false); } if (outfile) { pr_close(outfile); } return rv; } /* * mac and encrypt the input file content */ secstatus encryptandmac(prfiledesc *infile, prfiledesc *headerfile, prfiledesc *encfile, pk11symkey *ek, pk11symkey *mk, unsigned ...

NSS Sample Code sample4
ptraw(pvtkey, buf1, &outlen, modulus_len, buf2, modulus_len); if (rv != secsuccess) { fprintf(stderr, "decrypt with private key failed (err %d)\n", pr_geterror()); goto cleanup; } fprintf(stderr, "result of decryption, outlen = %d\n", outlen); fprintf(stderr, "result of decryption, buf = \n%s\n", buf1); exit(0); cleanup: if (cert) cert_destroycertificate(cert); if (pubkey) seckey_destroypublickey(pubkey); if (pvtkey) seckey_destroyprivatekey(pvtkey); if (buf1) free(buf1); if (buf2) free(buf2); exit(1); } char *passwdcb(pk11slotinfo *info, prbool retry, void *arg) { if (!retry) return pl_strdup("test"); else return null; } ...

NSS Sample Code sample5
k11_pubdecryptraw(pvtkey, buf1, &outlen, modulus_len, buf2, modulus_len); if (rv != secsuccess) { fprintf(stderr, "decrypt with private key failed (err %d)\n", pr_geterror()); goto cleanup; } fprintf(stderr, "result of decryption, outlen = %d\n", outlen); fprintf(stderr, "result of decryption, buf = \n%s\n", buf1); cleanup: if (cert) cert_destroycertificate(cert); if (pubkey) seckey_destroypublickey(pubkey); if (pvtkey) seckey_destroyprivatekey(pvtkey); if (spki) seckey_destroysubjectpublickeyinfo(spki); if (slot) pk11_freeslot(slot); if (buf1) free(buf1); if (buf2) free(buf2); exit(1); } ...

nss tech note4
he client's cert handle if client auth is enabled certcertificate* cert = ssl_localcertificate(prfiledesc *fd); if ssl client, this will get you the client cert's handle, if client auth happened if ssl server, this will get you the server's cert handle don't forget to clean up the cert handle when you're done with it void cert_destroycertificate(certcertificate *cert); some info is readily available cert->subjectname (char*) cert->issuername (char*) cert->emailaddr (char*) or char *cert_getcertificateemailaddress(certcertificate *cert); cert->keyusage (unsigned int) to break the issuer and subject names into components pass &(cert->issuer) or &(cert->su...

NSS PKCS11 Functions
description when you are finished with the certificate structure returned by pk11_findcertfromnickname, you must free it by calling cert_destroycertificate.

NSS Key Functions
when you call cert_destroycertificate or seckey_destroyprivatekey, the function decrements the reference count and, if the reference count reaches zero as a result, both frees the memory and sets all the bits to zero.