summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pki
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/pki')
-rw-r--r--security/nss/lib/pki/cryptocontext.c57
-rw-r--r--security/nss/lib/pki/nsspki.h12
-rw-r--r--security/nss/lib/pki/pki3hack.c2
-rw-r--r--security/nss/lib/pki/trustdomain.c36
4 files changed, 79 insertions, 28 deletions
diff --git a/security/nss/lib/pki/cryptocontext.c b/security/nss/lib/pki/cryptocontext.c
index 074eb7435..0ec4f2f9b 100644
--- a/security/nss/lib/pki/cryptocontext.c
+++ b/security/nss/lib/pki/cryptocontext.c
@@ -47,7 +47,10 @@ NSS_IMPLEMENT PRStatus
NSSCryptoContext_Destroy(NSSCryptoContext *cc)
{
PRStatus status = PR_SUCCESS;
- PORT_Assert(cc->certStore);
+ PORT_Assert(cc && cc->certStore);
+ if (!cc) {
+ return PR_FAILURE;
+ }
if (cc->certStore) {
status = nssCertificateStore_Destroy(cc->certStore);
if (status == PR_FAILURE) {
@@ -93,8 +96,8 @@ NSSCryptoContext_FindOrImportCertificate(
{
NSSCertificate *rvCert = NULL;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return rvCert;
}
@@ -146,8 +149,8 @@ nssCryptoContext_ImportTrust(
NSSTrust *trust)
{
PRStatus nssrv;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return PR_FAILURE;
}
nssrv = nssCertificateStore_AddTrust(cc->certStore, trust);
@@ -165,8 +168,8 @@ nssCryptoContext_ImportSMIMEProfile(
nssSMIMEProfile *profile)
{
PRStatus nssrv;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return PR_FAILURE;
}
nssrv = nssCertificateStore_AddSMIMEProfile(cc->certStore, profile);
@@ -189,8 +192,8 @@ NSSCryptoContext_FindBestCertificateByNickname(
{
NSSCertificate **certs;
NSSCertificate *rvCert = NULL;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
certs = nssCertificateStore_FindCertificatesByNickname(cc->certStore,
@@ -215,8 +218,8 @@ NSSCryptoContext_FindCertificatesByNickname(
NSSArena *arenaOpt)
{
NSSCertificate **rvCerts;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
rvCerts = nssCertificateStore_FindCertificatesByNickname(cc->certStore,
@@ -233,8 +236,8 @@ NSSCryptoContext_FindCertificateByIssuerAndSerialNumber(
NSSDER *issuer,
NSSDER *serialNumber)
{
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
return nssCertificateStore_FindCertificateByIssuerAndSerialNumber(
@@ -253,8 +256,8 @@ NSSCryptoContext_FindBestCertificateBySubject(
{
NSSCertificate **certs;
NSSCertificate *rvCert = NULL;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
certs = nssCertificateStore_FindCertificatesBySubject(cc->certStore,
@@ -279,8 +282,8 @@ nssCryptoContext_FindCertificatesBySubject(
NSSArena *arenaOpt)
{
NSSCertificate **rvCerts;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
rvCerts = nssCertificateStore_FindCertificatesBySubject(cc->certStore,
@@ -333,8 +336,8 @@ NSSCryptoContext_FindCertificateByEncodedCertificate(
NSSCryptoContext *cc,
NSSBER *encodedCertificate)
{
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
return nssCertificateStore_FindCertificateByEncodedCertificate(
@@ -353,8 +356,8 @@ NSSCryptoContext_FindBestCertificateByEmail(
NSSCertificate **certs;
NSSCertificate *rvCert = NULL;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
certs = nssCertificateStore_FindCertificatesByEmail(cc->certStore,
@@ -379,8 +382,8 @@ NSSCryptoContext_FindCertificatesByEmail(
NSSArena *arenaOpt)
{
NSSCertificate **rvCerts;
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
rvCerts = nssCertificateStore_FindCertificatesByEmail(cc->certStore,
@@ -488,8 +491,8 @@ nssCryptoContext_FindTrustForCertificate(
NSSCryptoContext *cc,
NSSCertificate *cert)
{
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
return nssCertificateStore_FindTrustForCertificate(cc->certStore, cert);
@@ -500,8 +503,8 @@ nssCryptoContext_FindSMIMEProfileForCertificate(
NSSCryptoContext *cc,
NSSCertificate *cert)
{
- PORT_Assert(cc->certStore);
- if (!cc->certStore) {
+ PORT_Assert(cc && cc->certStore);
+ if (!cc || !cc->certStore) {
return NULL;
}
return nssCertificateStore_FindSMIMEProfileForCertificate(cc->certStore,
diff --git a/security/nss/lib/pki/nsspki.h b/security/nss/lib/pki/nsspki.h
index 28780c375..0ecec0826 100644
--- a/security/nss/lib/pki/nsspki.h
+++ b/security/nss/lib/pki/nsspki.h
@@ -23,6 +23,8 @@
#include "base.h"
#endif /* BASE_H */
+#include "pkcs11uri.h"
+
PR_BEGIN_EXTERN_C
/*
@@ -1302,6 +1304,16 @@ NSSTrustDomain_IsTokenEnabled(
NSSError *whyOpt);
/*
+ * NSSTrustDomain_FindTokensByURI
+ *
+ */
+
+NSS_EXTERN NSSToken **
+NSSTrustDomain_FindTokensByURI(
+ NSSTrustDomain *td,
+ PK11URI *uri);
+
+/*
* NSSTrustDomain_FindSlotByName
*
*/
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
index 0826b7f5e..548853970 100644
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -831,8 +831,10 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced
cc->dbhandle = c->object.trustDomain;
/* subjectList ? */
/* istemp and isperm are supported in NSS 3.4 */
+ CERT_LockCertTempPerm(cc);
cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */
cc->isperm = PR_TRUE; /* by default */
+ CERT_UnlockCertTempPerm(cc);
/* pointer back */
cc->nssCertificate = c;
if (trust) {
diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c
index 49f7dc5ba..151b88875 100644
--- a/security/nss/lib/pki/trustdomain.c
+++ b/security/nss/lib/pki/trustdomain.c
@@ -14,6 +14,7 @@
#include "pki3hack.h"
#include "pk11pub.h"
#include "nssrwlk.h"
+#include "pk11priv.h"
#define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
@@ -234,6 +235,37 @@ NSSTrustDomain_FindSlotByName(
return NULL;
}
+NSS_IMPLEMENT NSSToken **
+NSSTrustDomain_FindTokensByURI(
+ NSSTrustDomain *td,
+ PK11URI *uri)
+{
+ NSSToken *tok = NULL;
+ PK11SlotInfo *slotinfo;
+ NSSToken **tokens;
+ int count, i = 0;
+
+ NSSRWLock_LockRead(td->tokensLock);
+ count = nssList_Count(td->tokenList);
+ tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
+ if (!tokens) {
+ return NULL;
+ }
+ for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
+ tok != (NSSToken *)NULL;
+ tok = (NSSToken *)nssListIterator_Next(td->tokens)) {
+ if (nssToken_IsPresent(tok)) {
+ slotinfo = tok->pk11slot;
+ if (pk11_MatchUriTokenInfo(slotinfo, uri))
+ tokens[i++] = nssToken_AddRef(tok);
+ }
+ }
+ tokens[i] = NULL;
+ nssListIterator_Finish(td->tokens);
+ NSSRWLock_UnlockRead(td->tokensLock);
+ return tokens;
+}
+
NSS_IMPLEMENT NSSToken *
NSSTrustDomain_FindTokenByName(
NSSTrustDomain *td,
@@ -248,8 +280,10 @@ NSSTrustDomain_FindTokenByName(
tok = (NSSToken *)nssListIterator_Next(td->tokens)) {
if (nssToken_IsPresent(tok)) {
myName = nssToken_GetName(tok);
- if (nssUTF8_Equal(tokenName, myName, &nssrv))
+ if (nssUTF8_Equal(tokenName, myName, &nssrv)) {
+ tok = nssToken_AddRef(tok);
break;
+ }
}
}
nssListIterator_Finish(td->tokens);