bug 130747, update trust after login to catch user certs when token d…

…oesn't return public key (ncipher)

security/nss/lib/pk11wrap/dev3hack.h

@@ -58,9 +58,12 @@ void PK11Slot_SetNSSToken(PK11SlotInfo *sl, NSSToken *nsst);
 
 NSSToken * PK11Slot_GetNSSToken(PK11SlotInfo *sl);
 
-NSS_IMPLEMENT PRStatus
+NSS_EXTERN PRStatus
 nssToken_LoadCerts(NSSToken *token);
 
+NSS_EXTERN void
+nssToken_UpdateTrustForCerts(NSSToken *token);
+
 PR_END_EXTERN_C
 
 #endif /* DEVNSS3HACK_H */

security/nss/lib/pk11wrap/pk11slot.c

@@ -1149,6 +1149,7 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
 	if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) {
 	    /* notify stan about the login if certs are not public readable */
 	    nssToken_LoadCerts(slot->nssToken);
+	    nssToken_UpdateTrustForCerts(slot->nssToken);
 	}
     } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD);
     return rv;

security/nss/lib/pki/pki3hack.c

@@ -282,6 +282,25 @@ nssToken_LoadCerts(NSSToken *token)
     return nssrv;
 }
 
+NSS_IMPLEMENT void
+nssToken_UpdateTrustForCerts(NSSToken *token)
+{
+    nssListIterator *certs;
+    NSSCertificate *cert;
+    certs = nssList_CreateIterator(token->certList);
+    for (cert  = (NSSCertificate *)nssListIterator_Start(certs);
+         cert != (NSSCertificate *)NULL;
+         cert  = (NSSCertificate *)nssListIterator_Next(certs))
+    {
+	CERTCertificate *cc = STAN_GetCERTCertificate(cert);
+	cc->trust = NULL;
+	/* force an update of the trust fields of the CERTCertificate */
+	(void)stan_GetCERTCertificate(cert, PR_FALSE);
+    }
+    nssListIterator_Finish(certs);
+    nssListIterator_Destroy(certs);
+}
+
 NSS_IMPLEMENT PRBool
 nssToken_SearchCerts
 (