Fix token/cert interactions:

1) don't have certs disappear because we have empty tokens.
2) Make sure the NSSToken structure has up-to-date nicknames.

5 files changed, 22 insertions, 4 deletions

diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c
index cdd0fc9ac..cc5709a4b 100644
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -167,12 +167,14 @@ nssToken_Destroy
 	if (tok->defaultSession) {
 	    nssSession_Destroy(tok->defaultSession);
 	}
-#endif
 	if (tok->arena) {
 	    return NSSArena_Destroy(tok->arena);
 	} else {
 	    nss_ZFreeIf(tok);
 	}
+#else
+	    nss_ZFreeIf(tok);
+#endif
     }
     return PR_SUCCESS;
 }
diff --git a/security/nss/lib/pk11wrap/dev3hack.c b/security/nss/lib/pk11wrap/dev3hack.c
index 742335c9d..0cbd686aa 100644
--- a/security/nss/lib/pk11wrap/dev3hack.c
+++ b/security/nss/lib/pk11wrap/dev3hack.c
@@ -151,9 +151,19 @@ nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
     rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
     rvToken->slot->token = rvToken;
     rvToken->defaultSession->slot = rvToken->slot;
+    rvToken->arena = td->arena;
     return rvToken;
 }
 
+NSS_IMPLEMENT void
+nssToken_UpdateName(NSSToken *token)
+{
+    if (!token) {
+	return;
+    }
+    token->name = nssUTF8_Duplicate(token->pk11slot->token_name,token->arena);
+}
+
 NSS_IMPLEMENT PRBool
 nssSlot_IsPermanent
 (
diff --git a/security/nss/lib/pk11wrap/dev3hack.h b/security/nss/lib/pk11wrap/dev3hack.h
index 0f096e3e8..ae5b2fac5 100644
--- a/security/nss/lib/pk11wrap/dev3hack.h
+++ b/security/nss/lib/pk11wrap/dev3hack.h
@@ -45,6 +45,9 @@ PR_BEGIN_EXTERN_C
 NSS_EXTERN NSSToken *
 nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot);
 
+NSS_EXTERN void
+nssToken_UpdateName(NSSToken *);
+
 NSSTrustDomain *
 nssToken_GetTrustDomain(NSSToken *token);
 
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index c3839594e..136789fb6 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -447,6 +447,7 @@ PK11_NewSlotInfo(void)
     slot->minPassword = 0;
     slot->maxPassword = 0;
     slot->hasRootCerts = PR_FALSE;
+    slot->nssToken = NULL;
     return slot;
 }
     
@@ -1721,6 +1722,8 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
     slot->maxPassword = tokenInfo.ulMaxPinLen;
     PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial));
 
+    nssToken_UpdateName(slot->nssToken);
+
     slot->defRWSession = (PRBool)((!slot->readOnly) && 
 					(tokenInfo.ulMaxSessionCount == 1));
     rv = PK11_ReadMechanismList(slot);
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
index 1df51b1e1..351e1742e 100644
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -185,10 +185,10 @@ destroy_token_certs(nssList *certList, NSSToken *token, PRBool renewInstances)
          cert  = (NSSCertificate *)nssListIterator_Next(certs))
     {
 	removeIt = instance_destructor(cert, token);
-	if (removeIt || !renewInstances) {
+	if (removeIt) {
 	    nssList_Remove(certList, cert);
 	    CERT_DestroyCertificate(STAN_GetCERTCertificate(cert));
-	} else {
+	} else if (renewInstances) {
 	    /* force an update of the nickname and slot fields of the cert */
 	    (void)stan_GetCERTCertificate(cert, PR_TRUE);
 	}
@@ -200,7 +200,7 @@ destroy_token_certs(nssList *certList, NSSToken *token, PRBool renewInstances)
 NSS_IMPLEMENT void
 nssCertificateList_DestroyTokenCerts(nssList *certList, NSSToken *token)
 {
-    destroy_token_certs(certList, token, PR_FALSE);
+    destroy_token_certs(certList, token, PR_TRUE);
 }
 
 NSS_IMPLEMENT void