Add new function SEC_PKCS12AddCertOrChainAndKey for bug 311483. r=wtc

3 files changed, 47 insertions, 16 deletions

diff --git a/security/nss/lib/pkcs12/p12.h b/security/nss/lib/pkcs12/p12.h
index 8d1d4696d..852047c1f 100644
--- a/security/nss/lib/pkcs12/p12.h
+++ b/security/nss/lib/pkcs12/p12.h
@@ -145,6 +145,15 @@ SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt,
 			SECItem *keyId, SECItem *nickName);
 
 extern SECStatus
+SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, 
+			void *certSafe, void *certNestedDest, 
+			CERTCertificate *cert, CERTCertDBHandle *certDb,
+			void *keySafe, void *keyNestedDest, PRBool shroudKey, 
+			SECItem *pwitem, SECOidTag algorithm,
+			PRBool includeCertChain);
+
+
+extern SECStatus
 SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, 
 			void *certSafe, void *certNestedDest, 
 			CERTCertificate *cert, CERTCertDBHandle *certDb,
diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c
index 9e7d62dfa..959d37483 100644
--- a/security/nss/lib/pkcs12/p12e.c
+++ b/security/nss/lib/pkcs12/p12e.c
@@ -1334,25 +1334,27 @@ loser:
     return rv;
 }
 
-/* SEC_PKCS12AddCertAndKey
+/* SEC_PKCS12AddCertOrChainAndKey
  *	Add a certificate and key pair to be exported.
  *
- *	p12ctxt - the export context 
- * 	certSafe - the safeInfo where the cert is stored
- *	certNestedDest - the nested safeContents to store the cert
- *	keySafe - the safeInfo where the key is stored
- *	keyNestedDest - the nested safeContents to store the key
- *	shroudKey - extract the private key encrypted?
- *	pwitem - the password with which the key is encrypted
- *	algorithm - the algorithm with which the key is encrypted
+ *	p12ctxt          - the export context 
+ * 	certSafe         - the safeInfo where the cert is stored
+ *	certNestedDest   - the nested safeContents to store the cert
+ *	keySafe          - the safeInfo where the key is stored
+ *	keyNestedDest    - the nested safeContents to store the key
+ *	shroudKey        - extract the private key encrypted?
+ *	pwitem           - the password with which the key is encrypted
+ *	algorithm        - the algorithm with which the key is encrypted
+ *	includeCertChain - also add certs from chain to bag.
  */
 SECStatus
-SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, 
-			void *certSafe, void *certNestedDest, 
-			CERTCertificate *cert, CERTCertDBHandle *certDb,
-			void *keySafe, void *keyNestedDest, 
-			PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm)
-{		
+SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, 
+			       void *certSafe, void *certNestedDest, 
+			       CERTCertificate *cert, CERTCertDBHandle *certDb,
+			       void *keySafe, void *keyNestedDest, 
+			       PRBool shroudKey, SECItem *pwitem, 
+			       SECOidTag algorithm, PRBool includeCertChain)
+{
     SECStatus rv = SECFailure;
     SGNDigestInfo *digest = NULL;
     void *mark = NULL;
@@ -1373,7 +1375,7 @@ SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt,
     /* add the certificate */
     rv = SEC_PKCS12AddCert(p12ctxt, (SEC_PKCS12SafeInfo*)certSafe, 
 			   (SEC_PKCS12SafeInfo*)certNestedDest, cert, certDb,
-    			   &digest->digest, PR_TRUE);
+    			   &digest->digest, includeCertChain);
     if(rv != SECSuccess) {
 	goto loser;
     }
@@ -1399,6 +1401,20 @@ loser:
     return SECFailure; 
 }
 
+/* like SEC_PKCS12AddCertOrChainAndKey, but always adds cert chain */
+SECStatus
+SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, 
+			void *certSafe, void *certNestedDest, 
+			CERTCertificate *cert, CERTCertDBHandle *certDb,
+			void *keySafe, void *keyNestedDest, 
+			PRBool shroudKey, SECItem *pwItem, SECOidTag algorithm)
+{
+    return SEC_PKCS12AddCertOrChainAndKey(p12ctxt, certSafe, certNestedDest,
+    		cert, certDb, keySafe, keyNestedDest, shroudKey, pwItem, 
+		algorithm, PR_TRUE);
+}
+
+
 /* SEC_PKCS12CreateNestedSafeContents
  * 	Allows nesting of safe contents to be implemented.  No limit imposed on 
  *	depth.  
diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def
index 53b933d76..39ccc45bb 100644
--- a/security/nss/lib/smime/smime.def
+++ b/security/nss/lib/smime/smime.def
@@ -267,3 +267,9 @@ SEC_PKCS12DecryptionAllowed;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.12.2 {   # NSS 3.12.2 release
+;+    global:
+SEC_PKCS12AddCertOrChainAndKey;
+;+    local:
+;+       *;
+;+};