Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bugzilla bug 228624: made PK11_ListCertsInSlot reach into the Stan layer
to obtain the correct nicknames of the cert instances (pk11cert.c).  Fixed
the bug that if a cert we want to add the the cache is already in the
cache, we should merge the instances of the cert before destroying the
duplicate cert (tdcache.c).  r=jpierre,relyea.
  • Loading branch information
wchang0222%aol.com committed Dec 18, 2003
1 parent 2254cec commit 7b52fd9
Show file tree
Hide file tree
Showing 2 changed files with 81 additions and 5 deletions.
36 changes: 31 additions & 5 deletions security/nss/lib/pk11wrap/pk11cert.c
Expand Up @@ -3525,17 +3525,40 @@ PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *privKey)
return pk11_GetLowLevelKeyFromHandle(privKey->pkcs11Slot,privKey->pkcs11ID);
}

/* argument type for listCertsCallback */
typedef struct {
CERTCertList *list;
PK11SlotInfo *slot;
} ListCertsArg;

static SECStatus
listCertsCallback(CERTCertificate* cert, void*arg)
{
CERTCertList *list = (CERTCertList*)arg;
ListCertsArg *cdata = (ListCertsArg*)arg;
char *nickname = NULL;
nssCryptokiObject *instance, **ci;
nssCryptokiObject **instances;
NSSCertificate *c = STAN_GetNSSCertificate(cert);

if (cert->nickname) {
nickname = PORT_ArenaStrdup(list->arena,cert->nickname);
instances = nssPKIObject_GetInstances(&c->object);
instance = NULL;
for (ci = instances; *ci; ci++) {
if ((*ci)->token->pk11slot == cdata->slot) {
instance = *ci;
break;
}
}
PORT_Assert(instance != NULL);
if (!instance) {
nssCryptokiObjectArray_Destroy(instances);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
nickname = STAN_GetCERTCertificateNameForInstance(cdata->list->arena,
c, instance);
nssCryptokiObjectArray_Destroy(instances);

return CERT_AddCertToListTailWithData(list,
return CERT_AddCertToListTailWithData(cdata->list,
CERT_DupCertificate(cert),nickname);
}

Expand All @@ -3544,12 +3567,15 @@ PK11_ListCertsInSlot(PK11SlotInfo *slot)
{
SECStatus status;
CERTCertList *certs;
ListCertsArg cdata;

certs = CERT_NewCertList();
if(certs == NULL) return NULL;
cdata.list = certs;
cdata.slot = slot;

status = PK11_TraverseCertsInSlot(slot, listCertsCallback,
(void*)certs);
&cdata);

if( status != SECSuccess ) {
CERT_DestroyCertList(certs);
Expand Down
50 changes: 50 additions & 0 deletions security/nss/lib/pki/tdcache.c
Expand Up @@ -715,6 +715,50 @@ add_email_entry (

extern const NSSError NSS_ERROR_CERTIFICATE_IN_CACHE;

static void
remove_object_instances (
nssPKIObject *object,
nssCryptokiObject **instances,
int numInstances
)
{
int i;

for (i = 0; i < numInstances; i++) {
nssPKIObject_RemoveInstanceForToken(object, instances[i]->token);
}
}

static SECStatus
merge_object_instances (
nssPKIObject *to,
nssPKIObject *from
)
{
nssCryptokiObject **instances, **ci;
int i;
SECStatus rv = SECSuccess;

instances = nssPKIObject_GetInstances(from);
if (instances == NULL) {
return SECFailure;
}
for (ci = instances, i = 0; *ci; ci++, i++) {
nssCryptokiObject *instance = nssCryptokiObject_Clone(*ci);
if (instance) {
if (nssPKIObject_AddInstance(to, instance) == SECSuccess) {
continue;
}
nssCryptokiObject_Destroy(instance);
}
remove_object_instances(to, instances, i);
rv = SECFailure;
break;
}
nssCryptokiObjectArray_Destroy(instances);
return rv;
}

static NSSCertificate *
add_cert_to_cache (
NSSTrustDomain *td,
Expand Down Expand Up @@ -743,6 +787,12 @@ add_cert_to_cache (
/* collision - somebody else already added the cert
* to the cache before this thread got around to it.
*/
/* merge the instances of the cert */
if (merge_object_instances(&rvCert->object, &cert->object)
!= SECSuccess) {
nssCertificate_Destroy(rvCert);
return NULL;
}
nssCertificate_Destroy(cert);
return rvCert;
}
Expand Down

0 comments on commit 7b52fd9

Please sign in to comment.