Merge commit '50d3e596bbe89c95615f96eb71f6bc5be737a1db' into Basilisk-releasev2018.07.18

# Conflicts: # browser/app/profile/firefox.js # browser/components/preferences/jar.mn
author: wolfbeast <mcwerewolf@gmail.com> 2018-07-18 08:24:24 +0200
committer: wolfbeast <mcwerewolf@gmail.com> 2018-07-18 08:24:24 +0200
commit: fc61780b35af913801d72086456f493f63197da6 (patch)
tree: f85891288a7bd988da9f0f15ae64e5c63f00d493 /security/nss/lib/certdb/stanpcertdb.c
parent: 69f7f9e5f1475891ce11cc4f431692f965b0cd30 (diff)
parent: 50d3e596bbe89c95615f96eb71f6bc5be737a1db (diff)
download: UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar
UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.gz
UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.lz
UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.xz
UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.zip
1 files changed, 60 insertions, 11 deletions
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index 4d42bd50d..d5d19c39d 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -30,6 +30,7 @@
 #include "pkistore.h"
 #include "dev3hack.h"
 #include "dev.h"
+#include "secmodi.h"
 
 PRBool
 SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
@@ -280,6 +281,18 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
     nssCertificateStore_RemoveCertLOCKED(context->certStore, c);
     nssCertificateStore_Unlock(context->certStore, &lockTrace, &unlockTrace);
     c->object.cryptoContext = NULL;
+
+    /* if the id has not been set explicitly yet, create one from the public
+     * key. */
+    if (c->id.data == NULL) {
+        SECItem *keyID = pk11_mkcertKeyID(cert);
+        if (keyID) {
+            nssItem_Create(c->object.arena, &c->id, keyID->len, keyID->data);
+            SECITEM_FreeItem(keyID, PR_TRUE);
+        }
+        /* if any of these failed, continue with our null c->id */
+    }
+
     /* Import the perm instance onto the internal token */
     slot = PK11_GetInternalKeySlot();
     internal = PK11Slot_GetNSSToken(slot);
@@ -343,7 +356,7 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
         /* First, see if it is already a temp cert */
         c = NSSCryptoContext_FindCertificateByEncodedCertificate(gCC,
                                                                  &encoding);
-        if (!c) {
+        if (!c && handle) {
             /* Then, see if it is already a perm cert */
             c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle,
                                                                    &encoding);
@@ -457,15 +470,15 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
     return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER);
 }
 
-/* maybe all the wincx's should be some const for internal token login? */
-CERTCertificate *
-CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
-                           CERTIssuerAndSN *issuerAndSN)
+static CERTCertificate *
+common_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
+                             CERTIssuerAndSN *issuerAndSN,
+                             void *wincx)
 {
     PK11SlotInfo *slot;
     CERTCertificate *cert;
 
-    cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL);
+    cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, wincx);
     if (cert && slot) {
         PK11_FreeSlot(slot);
     }
@@ -473,6 +486,23 @@ CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
     return cert;
 }
 
+/* maybe all the wincx's should be some const for internal token login? */
+CERTCertificate *
+CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
+                           CERTIssuerAndSN *issuerAndSN)
+{
+    return common_FindCertByIssuerAndSN(handle, issuerAndSN, NULL);
+}
+
+/* maybe all the wincx's should be some const for internal token login? */
+CERTCertificate *
+CERT_FindCertByIssuerAndSNCX(CERTCertDBHandle *handle,
+                             CERTIssuerAndSN *issuerAndSN,
+                             void *wincx)
+{
+    return common_FindCertByIssuerAndSN(handle, issuerAndSN, wincx);
+}
+
 static NSSCertificate *
 get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
 {
@@ -587,7 +617,8 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
 static CERTCertificate *
 common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
                                              const char *name, PRBool anyUsage,
-                                             SECCertUsage lookingForUsage)
+                                             SECCertUsage lookingForUsage,
+                                             void *wincx)
 {
     NSSCryptoContext *cc;
     NSSCertificate *c, *ct;
@@ -620,7 +651,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
     }
 
     if (anyUsage) {
-        cert = PK11_FindCertFromNickname(name, NULL);
+        cert = PK11_FindCertFromNickname(name, wincx);
     } else {
         if (ct) {
             /* Does ct really have the required usage? */
@@ -632,7 +663,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
             }
         }
 
-        certlist = PK11_FindCertsFromNickname(name, NULL);
+        certlist = PK11_FindCertsFromNickname(name, wincx);
         if (certlist) {
             SECStatus rv =
                 CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE);
@@ -659,7 +690,15 @@ CERTCertificate *
 CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
 {
     return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
-                                                        0);
+                                                        0, NULL);
+}
+
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle, const char *name,
+                                     void *wincx)
+{
+    return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
+                                                        0, wincx);
 }
 
 CERTCertificate *
@@ -668,7 +707,17 @@ CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
                                            SECCertUsage lookingForUsage)
 {
     return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
-                                                        lookingForUsage);
+                                                        lookingForUsage, NULL);
+}
+
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddrForUsageCX(CERTCertDBHandle *handle,
+                                             const char *name,
+                                             SECCertUsage lookingForUsage,
+                                             void *wincx)
+{
+    return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
+                                                        lookingForUsage, wincx);
 }
 
 static void
author	wolfbeast <mcwerewolf@gmail.com>	2018-07-18 08:24:24 +0200
committer	wolfbeast <mcwerewolf@gmail.com>	2018-07-18 08:24:24 +0200
commit	fc61780b35af913801d72086456f493f63197da6 (patch)
tree	f85891288a7bd988da9f0f15ae64e5c63f00d493 /security/nss/lib/certdb/stanpcertdb.c
parent	69f7f9e5f1475891ce11cc4f431692f965b0cd30 (diff)
parent	50d3e596bbe89c95615f96eb71f6bc5be737a1db (diff)
download	UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.gz UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.lz UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.xz UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.zip