diff options
author | nelson%bolyard.com <devnull@localhost> | 2008-09-30 04:24:55 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2008-09-30 04:24:55 +0000 |
commit | cd6acd3c94b3077fff2655d913d8f1a0cd95da23 (patch) | |
tree | 37fadcc6ebb2cdd9e7d7846ef3301cdec6b43502 | |
parent | d3144124ff36de9e06bcd9260c153aa59472fe2a (diff) | |
download | nss-hg-cd6acd3c94b3077fff2655d913d8f1a0cd95da23.tar.gz |
Add new function SEC_PKCS12AddCertOrChainAndKey for bug 311483. r=wtc
-rw-r--r-- | security/nss/lib/pkcs12/p12.h | 9 | ||||
-rw-r--r-- | security/nss/lib/pkcs12/p12e.c | 48 | ||||
-rw-r--r-- | security/nss/lib/smime/smime.def | 6 |
3 files changed, 47 insertions, 16 deletions
diff --git a/security/nss/lib/pkcs12/p12.h b/security/nss/lib/pkcs12/p12.h index 8d1d4696d..852047c1f 100644 --- a/security/nss/lib/pkcs12/p12.h +++ b/security/nss/lib/pkcs12/p12.h @@ -145,6 +145,15 @@ SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, SECItem *keyId, SECItem *nickName); extern SECStatus +SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, + void *certSafe, void *certNestedDest, + CERTCertificate *cert, CERTCertDBHandle *certDb, + void *keySafe, void *keyNestedDest, PRBool shroudKey, + SECItem *pwitem, SECOidTag algorithm, + PRBool includeCertChain); + + +extern SECStatus SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, void *certSafe, void *certNestedDest, CERTCertificate *cert, CERTCertDBHandle *certDb, diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 9e7d62dfa..959d37483 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -1334,25 +1334,27 @@ loser: return rv; } -/* SEC_PKCS12AddCertAndKey +/* SEC_PKCS12AddCertOrChainAndKey * Add a certificate and key pair to be exported. * - * p12ctxt - the export context - * certSafe - the safeInfo where the cert is stored - * certNestedDest - the nested safeContents to store the cert - * keySafe - the safeInfo where the key is stored - * keyNestedDest - the nested safeContents to store the key - * shroudKey - extract the private key encrypted? - * pwitem - the password with which the key is encrypted - * algorithm - the algorithm with which the key is encrypted + * p12ctxt - the export context + * certSafe - the safeInfo where the cert is stored + * certNestedDest - the nested safeContents to store the cert + * keySafe - the safeInfo where the key is stored + * keyNestedDest - the nested safeContents to store the key + * shroudKey - extract the private key encrypted? + * pwitem - the password with which the key is encrypted + * algorithm - the algorithm with which the key is encrypted + * includeCertChain - also add certs from chain to bag. */ SECStatus -SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, - void *certSafe, void *certNestedDest, - CERTCertificate *cert, CERTCertDBHandle *certDb, - void *keySafe, void *keyNestedDest, - PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm) -{ +SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, + void *certSafe, void *certNestedDest, + CERTCertificate *cert, CERTCertDBHandle *certDb, + void *keySafe, void *keyNestedDest, + PRBool shroudKey, SECItem *pwitem, + SECOidTag algorithm, PRBool includeCertChain) +{ SECStatus rv = SECFailure; SGNDigestInfo *digest = NULL; void *mark = NULL; @@ -1373,7 +1375,7 @@ SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, /* add the certificate */ rv = SEC_PKCS12AddCert(p12ctxt, (SEC_PKCS12SafeInfo*)certSafe, (SEC_PKCS12SafeInfo*)certNestedDest, cert, certDb, - &digest->digest, PR_TRUE); + &digest->digest, includeCertChain); if(rv != SECSuccess) { goto loser; } @@ -1399,6 +1401,20 @@ loser: return SECFailure; } +/* like SEC_PKCS12AddCertOrChainAndKey, but always adds cert chain */ +SECStatus +SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, + void *certSafe, void *certNestedDest, + CERTCertificate *cert, CERTCertDBHandle *certDb, + void *keySafe, void *keyNestedDest, + PRBool shroudKey, SECItem *pwItem, SECOidTag algorithm) +{ + return SEC_PKCS12AddCertOrChainAndKey(p12ctxt, certSafe, certNestedDest, + cert, certDb, keySafe, keyNestedDest, shroudKey, pwItem, + algorithm, PR_TRUE); +} + + /* SEC_PKCS12CreateNestedSafeContents * Allows nesting of safe contents to be implemented. No limit imposed on * depth. diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index 53b933d76..39ccc45bb 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -267,3 +267,9 @@ SEC_PKCS12DecryptionAllowed; ;+ local: ;+ *; ;+}; +;+NSS_3.12.2 { # NSS 3.12.2 release +;+ global: +SEC_PKCS12AddCertOrChainAndKey; +;+ local: +;+ *; +;+}; |