Bug 323570. Make dbck work with softoken. r=rrelyea. Backported from trunk.

3 files changed, 97 insertions, 18 deletions

diff --git a/security/nss/lib/softoken/pcert.h b/security/nss/lib/softoken/pcert.h
index e2d56b715..d4314f634 100644
--- a/security/nss/lib/softoken/pcert.h
+++ b/security/nss/lib/softoken/pcert.h
@@ -41,6 +41,8 @@
 #include "prlong.h"
 #include "pcertt.h"
 
+#include "lowkeyti.h" 	/* for struct NSSLOWKEYPublicKeyStr */
+
 SEC_BEGIN_PROTOS
 
 /*
@@ -249,6 +251,11 @@ pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
 						int spaceLen);
 NSSLOWCERTCertificate *
 nsslowcert_CreateCert(void);
+
+certDBEntry *
+nsslowcert_DecodeAnyDBEntry(SECItem *dbData, SECItem *dbKey, 
+                            certDBEntryType entryType, void *pdata);
+
 SEC_END_PROTOS
 
  #endif /* _PCERTDB_H_ */
diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c
index 828ee2e3c..52f6ee2af 100644
--- a/security/nss/lib/softoken/pcertdb.c
+++ b/security/nss/lib/softoken/pcertdb.c
@@ -838,8 +838,7 @@ NewDBCertEntry(SECItem *derCert, char *nickname,
 	goto loser;
     }
 	
-    entry = (certDBEntryCert *)PORT_ArenaZAlloc(arena, sizeof(certDBEntryCert));
-
+    entry = PORT_ArenaZNew(arena, certDBEntryCert);
     if ( entry == NULL ) {
 	goto loser;
     }
@@ -1069,7 +1068,7 @@ CreateCertEntry(void)
 	return entry;
     }
 
-    return PORT_ZAlloc(sizeof(certDBEntryCert));
+    return PORT_ZNew(certDBEntryCert);
 }
 
 static void
@@ -1257,9 +1256,7 @@ NewDBCrlEntry(SECItem *derCrl, char * url, certDBEntryType crlType, int flags)
 	goto loser;
     }
 	
-    entry = (certDBEntryRevocation*)
-			PORT_ArenaZAlloc(arena, sizeof(certDBEntryRevocation));
-
+    entry = PORT_ArenaZNew(arena, certDBEntryRevocation);
     if ( entry == NULL ) {
 	goto loser;
     }
@@ -1469,7 +1466,6 @@ EncodeDBNicknameEntry(certDBEntryNickname *entry, PRArenaPool *arena,
     
     dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
     if ( dbitem->data == NULL) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	goto loser;
     }
     
@@ -2886,8 +2882,7 @@ ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle)
 	goto loser;
     }
     
-    entry = (certDBEntryVersion *)PORT_ArenaAlloc(arena,
-						sizeof(certDBEntryVersion));
+    entry = PORT_ArenaZNew(arena, certDBEntryVersion);
     if ( entry == NULL ) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	goto loser;
@@ -4312,7 +4307,8 @@ nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
 	    keybuf = (unsigned char *)key.data;
 	    keyitem.data = &keybuf[SEC_DB_KEY_HEADER_LEN];
             keyitem.type = siBuffer;
-	    
+	    /* type should equal keybuf[0].  */
+
 	    rv = (* callback)(&dataitem, &keyitem, type, udata);
 	    if ( rv != SECSuccess ) {
 		return(rv);
@@ -4366,7 +4362,7 @@ CreateTrust(void)
 	return trust;
     }
 
-    return PORT_ZAlloc(sizeof(NSSLOWCERTTrust));
+    return PORT_ZNew(NSSLOWCERTTrust);
 }
 
 static void
@@ -5093,7 +5089,7 @@ nsslowcert_CreateCert(void)
     if (cert) {
 	return cert;
     }
-    return (NSSLOWCERTCertificate *) PORT_ZAlloc(sizeof(NSSLOWCERTCertificate));
+    return PORT_ZNew(NSSLOWCERTCertificate);
 }
 
 static void
@@ -5382,3 +5378,77 @@ nsslowcert_DestroyGlobalLocks(void)
     }
 }
 
+certDBEntry *
+nsslowcert_DecodeAnyDBEntry(SECItem *dbData, SECItem *dbKey, 
+                 certDBEntryType entryType, void *pdata)
+{
+    PLArenaPool *arena = NULL;
+    certDBEntry *entry;
+    SECStatus rv;
+    SECItem dbEntry;
+
+
+    if ((dbData->len < SEC_DB_ENTRY_HEADER_LEN) || (dbKey->len == 0)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	goto loser;
+    }
+    dbEntry.data = &dbData->data[SEC_DB_ENTRY_HEADER_LEN];
+    dbEntry.len  = dbData->len - SEC_DB_ENTRY_HEADER_LEN;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+	goto loser;
+    }
+    entry = PORT_ArenaZNew(arena, certDBEntry);
+    if (!entry)
+    	goto loser;
+
+    entry->common.version = (unsigned int)dbData->data[0];
+    entry->common.flags   = (unsigned int)dbData->data[2];
+    entry->common.type    = entryType;
+    entry->common.arena   = arena;
+
+    switch (entryType) {
+    case certDBEntryTypeContentVersion: /* This type appears to be unused */
+    case certDBEntryTypeVersion:        /* This type has only the common hdr */
+	rv = SECSuccess;
+    	break;
+
+    case certDBEntryTypeSubject:
+	rv = DecodeDBSubjectEntry(&entry->subject, &dbEntry, dbKey);
+    	break;
+
+    case certDBEntryTypeNickname:
+	rv = DecodeDBNicknameEntry(&entry->nickname, &dbEntry,
+                                   (char *)dbKey->data);
+    	break;
+
+    /* smime profiles need entries created after the certs have
+     * been imported, loop over them in a second run */
+    case certDBEntryTypeSMimeProfile:
+	rv = DecodeDBSMimeEntry(&entry->smime, &dbEntry, (char *)dbKey->data);
+	break;
+
+    case certDBEntryTypeCert:
+	rv = DecodeDBCertEntry(&entry->cert, &dbEntry);
+	break;
+
+    case certDBEntryTypeKeyRevocation:
+    case certDBEntryTypeRevocation:
+	rv = DecodeDBCrlEntry(&entry->revocation, &dbEntry);
+	break;
+
+    default:
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	rv = SECFailure;
+    }
+
+    if (rv == SECSuccess)
+	return entry;
+
+loser:
+    if (arena)
+	PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
diff --git a/security/nss/lib/softoken/pcertt.h b/security/nss/lib/softoken/pcertt.h
index e805950e1..848fe69e9 100644
--- a/security/nss/lib/softoken/pcertt.h
+++ b/security/nss/lib/softoken/pcertt.h
@@ -410,12 +410,14 @@ typedef struct {
 #define SEC_DB_CONTENT_VERSION_KEY_LEN sizeof(SEC_DB_CONTENT_VERSION_KEY)
 
 typedef union {
-    certDBEntryCommon common;
-    certDBEntryVersion version;
-    certDBEntryCert cert;
-    certDBEntryNickname nickname;
-    certDBEntrySubject subject;
-    certDBEntryRevocation revocation;
+    certDBEntryCommon         common;
+    certDBEntryCert           cert;
+    certDBEntryContentVersion content;
+    certDBEntryNickname       nickname;
+    certDBEntryRevocation     revocation;
+    certDBEntrySMime          smime;
+    certDBEntrySubject        subject;
+    certDBEntryVersion        version;
 } certDBEntry;
 
 /* length of the fixed part of a database entry */