Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
bug 1552262 - add PK11_FindRawCertsBySubject to search a given slot f…
…or certificates with a given subject r=jcj,RyanSleevi.sleevi

Differential Revision: https://phabricator.services.mozilla.com/D32067

--HG--
branch : NSS_3_44_BRANCH
extra : moz-landing-system : lando
  • Loading branch information
mozkeeler committed May 31, 2019
1 parent fcb2a4c commit b4135f3
Show file tree
Hide file tree
Showing 11 changed files with 559 additions and 87 deletions.
5 changes: 5 additions & 0 deletions automation/abi-check/expected-report-libnss3.so.txt
@@ -1,4 +1,9 @@

1 Added function:

'function SECStatus PK11_FindRawCertsWithSubject(PK11SlotInfo*, SECItem*, CERTCertificateList**)' {PK11_FindRawCertsWithSubject@@NSS_3.45}


1 Added function:

'function SECStatus CERT_GetCertificateDer(const CERTCertificate*, SECItem*)' {CERT_GetCertificateDer@@NSS_3.44}
Expand Down
3 changes: 3 additions & 0 deletions cpputil/nss_scoped_ptrs.h
Expand Up @@ -14,6 +14,7 @@
#include "pk11pqg.h"
#include "pk11pub.h"
#include "pkcs11uri.h"
#include "secmod.h"

struct ScopedDelete {
void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); }
Expand Down Expand Up @@ -47,6 +48,7 @@ struct ScopedDelete {
SEC_PKCS12DecoderFinish(dcx);
}
void operator()(CERTDistNames* names) { CERT_FreeDistNames(names); }
void operator()(SECMODModule* module) { SECMOD_DestroyModule(module); }
};

template <class T>
Expand Down Expand Up @@ -82,6 +84,7 @@ SCOPED(PK11Context);
SCOPED(PK11GenericObject);
SCOPED(SEC_PKCS12DecoderContext);
SCOPED(CERTDistNames);
SCOPED(SECMODModule);

#undef SCOPED

Expand Down
91 changes: 91 additions & 0 deletions gtests/common/util.h
Expand Up @@ -8,7 +8,21 @@
#define util_h__

#include <cassert>
#include <cstdlib>
#include <iomanip>
#include <iostream>
#include <sstream>
#include <sys/stat.h>
#include <vector>
#if defined(_WIN32)
#include <windows.h>
#include <codecvt>
#include <direct.h>
#else
#include <unistd.h>
#endif

#include "nspr.h"

static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
std::vector<uint8_t> bytes;
Expand All @@ -18,4 +32,81 @@ static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
return bytes;
}

// Given a prefix, attempts to create a unique directory that the user can do
// work in without impacting other tests. For example, if given the prefix
// "scratch", a directory like "scratch05c17b25" will be created in the current
// working directory (or the location specified by NSS_GTEST_WORKDIR, if
// defined).
// Upon destruction, the implementation will attempt to delete the directory.
// However, no attempt is made to first remove files in the directory - the
// user is responsible for this. If the directory is not empty, deleting it will
// fail.
// Statistically, it is technically possible to fail to create a unique
// directory name, but this is extremely unlikely given the expected workload of
// this implementation.
class ScopedUniqueDirectory {
public:
explicit ScopedUniqueDirectory(const std::string &prefix) {
std::string path;
const char *workingDirectory = PR_GetEnvSecure("NSS_GTEST_WORKDIR");
if (workingDirectory) {
path.assign(workingDirectory);
}
path.append(prefix);
for (int i = 0; i < RETRY_LIMIT; i++) {
std::string pathCopy(path);
// TryMakingDirectory will modify its input. If it fails, we want to throw
// away the modified result.
if (TryMakingDirectory(pathCopy)) {
mPath.assign(pathCopy);
break;
}
}
assert(mPath.length() > 0);
#if defined(_WIN32)
// sqldb always uses UTF-8 regardless of the current system locale.
DWORD len =
MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), nullptr, 0);
std::vector<wchar_t> buf(len, L'\0');
MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), buf.data(),
buf.size());
std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter;
mUTF8Path = converter.to_bytes(std::wstring(buf.begin(), buf.end()));
#else
mUTF8Path = mPath;
#endif
}

// NB: the directory must be empty upon destruction
~ScopedUniqueDirectory() { assert(rmdir(mPath.c_str()) == 0); }

const std::string &GetPath() { return mPath; }
const std::string &GetUTF8Path() { return mUTF8Path; }

private:
static const int RETRY_LIMIT = 5;

static void GenerateRandomName(/*in/out*/ std::string &prefix) {
std::stringstream ss;
ss << prefix;
// RAND_MAX is at least 32767.
ss << std::setfill('0') << std::setw(4) << std::hex << rand() << rand();
// This will overwrite the value of prefix. This is a little inefficient,
// but at least it makes the code simple.
ss >> prefix;
}

static bool TryMakingDirectory(/*in/out*/ std::string &prefix) {
GenerateRandomName(prefix);
#if defined(_WIN32)
return _mkdir(prefix.c_str()) == 0;
#else
return mkdir(prefix.c_str(), 0777) == 0;
#endif
}

std::string mPath;
std::string mUTF8Path;
};

#endif // util_h__
1 change: 1 addition & 0 deletions gtests/pk11_gtest/manifest.mn
Expand Up @@ -14,6 +14,7 @@ CPPSRCS = \
pk11_ecdsa_unittest.cc \
pk11_encrypt_derive_unittest.cc \
pk11_export_unittest.cc \
pk11_find_certs_unittest.cc \
pk11_import_unittest.cc \
pk11_pbkdf2_unittest.cc \
pk11_prf_unittest.cc \
Expand Down

0 comments on commit b4135f3

Please sign in to comment.