Revert the cert8 upgrade code - the changes don't affect any other fixes

between 3.3.4 and 3.3.7.

2 files changed, 40 insertions, 225 deletions

diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h
index 7da572099..2d75ee8b5 100644
--- a/security/nss/lib/certdb/certdb.h
+++ b/security/nss/lib/certdb/certdb.h
@@ -41,8 +41,7 @@
  */
 
 /* version number of certificate database */
-#define CERT_DB_FILE_VERSION		8
-#define CERT_DB_V7_FILE_VERSION		7
+#define CERT_DB_FILE_VERSION		7
 #ifdef USE_NS_ROOTS
 #define CERT_DB_CONTENT_VERSION		28
 #else
@@ -70,8 +69,7 @@ typedef enum {
     certDBEntryTypeRevocation = 4,
     certDBEntryTypeKeyRevocation = 5,
     certDBEntryTypeSMimeProfile = 6,
-    certDBEntryTypeContentVersion = 7,
-    certDBEntryTypeBlob = 8
+    certDBEntryTypeContentVersion = 7
 } certDBEntryType;
 
 typedef struct {
diff --git a/security/nss/lib/certdb/pcertdb.c b/security/nss/lib/certdb/pcertdb.c
index c7463e52b..f6601d4cb 100644
--- a/security/nss/lib/certdb/pcertdb.c
+++ b/security/nss/lib/certdb/pcertdb.c
@@ -238,11 +238,7 @@ ReadDBEntry(CERTCertDBHandle *handle, certDBEntryCommon *entry,
 	goto loser;
     }
     buf = (unsigned char *)data.data;
-    /* version 7 uses the shame scheme, we may be using a v7 db if we
-     * opened the dbs readonly
-     */
-    if ( !((buf[0] == (unsigned char)CERT_DB_FILE_VERSION) ||
-           (buf[0] == (unsigned char)CERT_DB_V7_FILE_VERSION)) ) {
+    if ( buf[0] != (unsigned char)CERT_DB_FILE_VERSION ) {
 	PORT_SetError(SEC_ERROR_BAD_DATABASE);
 	goto loser;
     }
@@ -449,7 +445,6 @@ DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
 	lenoff = 3;
 	break;
       case 7:
-      case 8:
 	headerlen = DB_CERT_ENTRY_HEADER_LEN;
 	lenoff = 6;
 	break;
@@ -3205,9 +3200,6 @@ RemovePermSubjectNode(CERTCertificate *cert)
 	    /* if the subject had an email record, then delete it too */
 	    DeleteDBSMimeEntry(cert->dbhandle, subjectList->entry->emailAddr);
 	}
-	if ( subjectList->entry->nickname ) {
-	    DeleteDBNicknameEntry(cert->dbhandle, subjectList->entry->nickname);
-	}
 	
 	DestroyDBEntry((certDBEntry *)subjectList->entry);
 	subjectList->entry = NULL;
@@ -3226,12 +3218,11 @@ AddPermSubjectNode(CERTCertificate *cert, char *nickname)
     CERTSubjectList *subjectList;
     certDBEntrySubject *entry;
     SECItem *newCertKeys, *newKeyIDs;
-    int i, new_i;
+    int i;
     SECStatus rv;
     CERTCertificate *cmpcert;
     unsigned int nnlen;
     int ncerts;
-    PRBool added = PR_FALSE;
     
     subjectList = cert->subjectList;
     
@@ -3273,32 +3264,27 @@ AddPermSubjectNode(CERTCertificate *cert, char *nickname)
 	    return(SECFailure);
 	}
 
-	for ( i = 0, new_i = 0; i < ncerts; i++ ) {
+	for ( i = 0; i < ncerts; i++ ) {
 	    cmpcert = CERT_FindCertByKeyNoLocking(cert->dbhandle,
 						  &entry->certKeys[i]);
 	    PORT_Assert(cmpcert);
-	    /* The entry has been corrupted, remove it from the list */
-	    if (!cmpcert) {
-		continue;
-	    }
 	    
 	    if ( CERT_IsNewer(cert, cmpcert) ) {
 		/* insert before cmpcert */
-		rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i],
+		rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[i],
 				      &cert->certKey);
 		if ( rv != SECSuccess ) {
 		    return(SECFailure);
 		}
-		rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i],
+		rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[i],
 				      &cert->subjectKeyID);
 		if ( rv != SECSuccess ) {
 		    return(SECFailure);
 		}
-		new_i++;
-		/* copy the rest of the entries */
-		for ( ; i < ncerts; i++, new_i++ ) {
-		    newCertKeys[new_i] = entry->certKeys[i];
-		    newKeyIDs[new_i] = entry->keyIDs[i];
+		/* copy the rest of the entry */
+		for ( ; i < ncerts; i++ ) {
+		    newCertKeys[i+1] = entry->certKeys[i];
+		    newKeyIDs[i+1] = entry->keyIDs[i];
 		}
 
 		/* update certKeys and keyIDs */
@@ -3306,36 +3292,33 @@ AddPermSubjectNode(CERTCertificate *cert, char *nickname)
 		entry->keyIDs = newKeyIDs;
 		
 		/* increment count */
-		entry->ncerts = new_i;
-		added = PR_TRUE;
+		entry->ncerts++;
 		break;
 	    }
 	    /* copy this cert entry */
-	    newCertKeys[new_i] = entry->certKeys[i];
-	    newKeyIDs[new_i] = entry->keyIDs[i];
-	    new_i++;
+	    newCertKeys[i] = entry->certKeys[i];
+	    newKeyIDs[i] = entry->keyIDs[i];
 	}
 
-	if ( !added ) {
+	if ( entry->ncerts == ncerts ) {
 	    /* insert new one at end */
-	    rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i],
+	    rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[ncerts],
 				  &cert->certKey);
 	    if ( rv != SECSuccess ) {
 		return(SECFailure);
 	    }
-	    rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i],
+	    rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[ncerts],
 				  &cert->subjectKeyID);
 	    if ( rv != SECSuccess ) {
 		return(SECFailure);
 	    }
-	    new_i++;
 
 	    /* update certKeys and keyIDs */
 	    entry->certKeys = newCertKeys;
 	    entry->keyIDs = newKeyIDs;
 		
 	    /* increment count */
-	    entry->ncerts = new_i;
+	    entry->ncerts++;
 	}
     } else {
 	/* need to make a new DB entry */
@@ -3374,7 +3357,6 @@ __CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle,
     
     for( i = 0; i < entry->ncerts; i++ ) {
 	cert = CERT_FindCertByKey(handle, &entry->certKeys[i]);
-	if (!cert) continue;
 	rv = (* cb)(cert, cbarg);
 	CERT_DestroyCertificate(cert);
 	if ( rv == SECFailure ) {
@@ -3623,9 +3605,14 @@ CERT_AddPermNickname(CERTCertificate *cert, char *nickname)
     
     CERT_LockDB(cert->dbhandle);
     
+    PORT_Assert(cert->nickname == NULL);
     PORT_Assert(cert->isperm);
     PORT_Assert(cert->subjectList != NULL);
     PORT_Assert(cert->subjectList->entry != NULL);
+    
+    if ( cert->nickname != NULL ) {
+	goto done;
+    }
 
     if ( cert->subjectList == NULL ) {
 	goto loser;
@@ -3659,6 +3646,7 @@ CERT_AddPermNickname(CERTCertificate *cert, char *nickname)
 	}
     }
 
+done:
     CERT_UnlockDB(cert->dbhandle);
     return(SECSuccess);
 loser:
@@ -3779,144 +3767,6 @@ loser:
     return(NULL);
 }
 
-/* forward declaration */
-static SECStatus
-UpdateV7DB(CERTCertDBHandle *handle, DB *updatedb);
-
-/*
- * version 8 uses the same schema as version 7. The only differences are
- * 1) version 8 db uses the blob shim to store data entries > 32k.
- * 2) version 8 db sets the db block size to 32k.
- * both of these are dealt with by the handle.
- */
-
-static SECStatus
-UpdateV8DB(CERTCertDBHandle *handle, DB *updatedb)
-{
-    return UpdateV7DB(handle,updatedb);
-}
-
-
-/*
- * we could just blindly sequence through reading key data pairs and writing
- * them back out, but some cert.db's have gotten quite large and may have some
- * subtle corruption problems, so instead we cycle through the certs and
- * CRL's and S/MIME profiles and rebuild our subject lists from those records.
- */
-static SECStatus
-UpdateV7DB(CERTCertDBHandle *handle, DB *updatedb)
-{
-    DBT key, data;
-    int ret;
-    CERTCertificate *cert;
-    PRBool isKRL = PR_FALSE;
-    certDBEntryType entryType;
-    SECItem dbEntry, dbKey;
-    certDBEntryRevocation crlEntry;
-    certDBEntryCert certEntry;
-    certDBEntrySMime smimeEntry;
-    SECStatus rv;
-
-    ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);
-
-    if ( ret ) {
-	return(SECFailure);
-    }
-    
-    do {
-	unsigned char *dataBuf = (unsigned char *)data.data;
-	unsigned char *keyBuf = (unsigned char *)key.data;
-	dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN];
-	dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN;
- 	entryType = (certDBEntryType) keyBuf[0];
-	dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN];
-	dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN;
-	if ((dbEntry.len <= 0) || (dbKey.len <= 0)) {
-	    continue;
-	}
-
-	switch (entryType) {
-	/* these entries will get regenerated as we read the 
-	 * rest of the data from the database */
-	case certDBEntryTypeVersion:
-	case certDBEntryTypeSubject:
-	case certDBEntryTypeContentVersion:
-	case certDBEntryTypeNickname:
-	/*default: */
-	    break;
-
-	case certDBEntryTypeCert:
-	    /* decode Entry */
-    	    certEntry.common.version = (unsigned int)dataBuf[0];
-	    certEntry.common.type = entryType;
-	    certEntry.common.flags = (unsigned int)dataBuf[2];
-	    certEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-	    if (certEntry.common.arena == NULL) {
-		break;
-	    }
-	    rv = DecodeDBCertEntry(&certEntry,&dbEntry);
-	    if (rv != SECSuccess) {
-		break;
-	    }
-	    /* should we check for existing duplicates? */
-	    cert = CERT_DecodeDERCertificate(&certEntry.derCert, PR_FALSE,
-	                                     certEntry.nickname);
-	    if (cert) {
-		AddCertToPermDB(handle, cert, certEntry.nickname,
-		                &certEntry.trust);
-		CERT_DestroyCertificate(cert);
-	    }
-	    /* free data allocated by the decode */
-	    PORT_FreeArena(certEntry.common.arena, PR_FALSE);
-	    certEntry.common.arena = NULL;
-	    break;
-
-	case certDBEntryTypeKeyRevocation:
-	    isKRL = PR_TRUE;
-	    /* fall through */
-	case certDBEntryTypeRevocation:
-    	    crlEntry.common.version = (unsigned int)dataBuf[0];
-	    crlEntry.common.type = entryType;
-	    crlEntry.common.flags = (unsigned int)dataBuf[2];
-	    crlEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-	    if (crlEntry.common.arena == NULL) {
-		break;
-	    }
-	    rv = DecodeDBCrlEntry(&crlEntry,&dbEntry);
-	    if (rv != SECSuccess) {
-		break;
-	    }
-
-	    rv = WriteDBCrlEntry(handle, &crlEntry);
-	    if (rv != SECSuccess) {
-		break;
-	    }
-	    /* free data allocated by the decode */
-	    PORT_FreeArena(crlEntry.common.arena, PR_FALSE);
-	    crlEntry.common.arena = NULL;
-	    break;
-
-	case certDBEntryTypeSMimeProfile:
-    	    smimeEntry.common.version = (unsigned int)dataBuf[0];
-	    smimeEntry.common.type = entryType;
-	    smimeEntry.common.flags = (unsigned int)dataBuf[2];
-	    smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-	    rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data);
-	    /* decode entry */
-	    WriteDBSMimeEntry(handle, &smimeEntry);
-	    PORT_FreeArena(smimeEntry.common.arena, PR_FALSE);
-	    smimeEntry.common.arena = NULL;
-	    break;
-	}
-    } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 );
-
-    (* updatedb->close)(updatedb);
-
-    /* a database update is a good time to go back and verify the integrity of
-     * the keys and certs */
-    return(SECSuccess);
-}
-
 /*
  * NOTE - Version 6 DB did not go out to the real world in a release,
  * so we can remove this function in a later release.
@@ -4404,7 +4254,7 @@ SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly,
     /*
      * first open the permanent file based database.
      */
-    handle->permCertDB = dbsopen( certdbname, openflags, 0600, DB_HASH, 0 );
+    handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 );
 
     /* check for correct version number */
     if ( handle->permCertDB ) {
@@ -4427,34 +4277,14 @@ SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly,
     /* if first open fails, try to create a new DB */
     if ( handle->permCertDB == NULL ) {
 
+	/* don't create if readonly */
 	if ( readOnly ) {
-	    /* if opening read-only and cert8.db does not exist, 
-	     * use cert7.db
-	     */
-	    tmpname = (* namecb)(cbarg, 7); /* get v7 db name */
-	    if (!tmpname) {
-		goto loser;
-	    }
-	    handle->permCertDB = dbopen(tmpname, O_RDONLY, 0600, DB_HASH, 0);
-	    PORT_Free(tmpname);
-	    if (!handle->permCertDB) {
-		goto loser;
-	    }
-	    versionEntry = ReadDBVersionEntry(handle);
-	    if ( versionEntry == NULL ) {
-		/* no version number */
-		goto loser;
-	    } else if ( versionEntry->common.version != 7 ) {
-		DestroyDBEntry((certDBEntry *)versionEntry);
-		goto loser;
-	    }
-	    PORT_Free(certdbname);
-	    return SECSuccess;
+	    goto loser;
 	}
-	/* create a new database */
-	handle->permCertDB = dbsopen(certdbname,
-                                     O_RDWR | O_CREAT | O_TRUNC,
-                                     0600, DB_HASH, 0);
+	
+	handle->permCertDB = dbopen(certdbname,
+				    O_RDWR | O_CREAT | O_TRUNC,
+				    0600, DB_HASH, 0);
 
 	/* if create fails then we lose */
 	if ( handle->permCertDB == 0 ) {
@@ -4473,22 +4303,7 @@ SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly,
 	if ( rv != SECSuccess ) {
 	    goto loser;
 	}
-#if 0 /* in this 3.3.4.x version, we want to avoid upgrading 7 to 8 */
-	/* try to upgrade old db here */
-	tmpname = (* namecb)(cbarg, 7);	/* get v7 db name */
-	if ( tmpname ) {
-	    updatedb = dbopen( tmpname, O_RDONLY, 0600, DB_HASH, 0 );
-	    PORT_Free(tmpname);
-	    if ( updatedb ) {
-		rv = UpdateV7DB(handle, updatedb);
-		if ( rv != SECSuccess ) {
-		    goto loser;
-		}
-		updated = PR_TRUE;
-		goto update_finished;
-	    }
-	}
-#endif
+
 	/* try to upgrade old db here */
 	tmpname = (* namecb)(cbarg, 6);	/* get v6 db name */
 	if ( tmpname ) {
@@ -4536,7 +4351,6 @@ SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly,
 		}
 	    }
 	}
-update_finished:
 
 	/* initialize the database with our well known certificates
 	 * or in the case of update, just fall down to CERT_AddNewCerts()
@@ -4587,7 +4401,14 @@ DeletePermCert(CERTCertificate *cert)
     if ( rv != SECSuccess ) {
 	ret = SECFailure;
     }
-
+    
+    if ( cert->nickname ) {
+	rv = DeleteDBNicknameEntry(cert->dbhandle, cert->nickname);
+	if ( rv != SECSuccess ) {
+	    ret = SECFailure;
+	}
+    }
+    
     rv = RemovePermSubjectNode(cert);
 
     return(ret);
@@ -4865,10 +4686,6 @@ __CERT_ClosePermCertDB(CERTCertDBHandle *handle)
 	    certdb_Close( handle->permCertDB );
 	    handle->permCertDB = 0;
 	}
-	if (handle->dbMon) {
-	    PZ_DestroyMonitor(handle->dbMon);
-	    handle->dbMon = NULL;
-	}
     }
     return;
 }