Automatically create a NULL email profile for certs with email addresses which

are imported into the internal token.

6 files changed, 49 insertions, 6 deletions

diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index 78dbdaa0f..1ed2e8d23 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -170,6 +170,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
                                               &c->issuer,
                                               &c->subject,
                                               &c->serial,
+					      cert->emailAddr,
                                               PR_TRUE);
     PK11_FreeSlot(slot);
     if (!permInstance) {
diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h
index 169cfd406..e7651aa47 100644
--- a/security/nss/lib/dev/dev.h
+++ b/security/nss/lib/dev/dev.h
@@ -434,6 +434,7 @@ nssToken_ImportCertificate
   NSSDER *issuer,
   NSSDER *subject,
   NSSDER *serial,
+  NSSASCII7 *emailAddr,
   PRBool asTokenObject
 );
 
diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c
index 7c1dbda1b..70f552d4b 100644
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -529,12 +529,13 @@ nssToken_ImportCertificate
   NSSDER *issuer,
   NSSDER *subject,
   NSSDER *serial,
+  NSSASCII7 *email,
   PRBool asTokenObject
 )
 {
     CK_CERTIFICATE_TYPE cert_type;
     CK_ATTRIBUTE_PTR attr;
-    CK_ATTRIBUTE cert_tmpl[9];
+    CK_ATTRIBUTE cert_tmpl[10];
     CK_ULONG ctsize;
     nssTokenSearchType searchType;
     nssCryptokiObject *rvObject = NULL;
@@ -560,6 +561,9 @@ nssToken_ImportCertificate
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,            issuer);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT,           subject);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER,     serial);
+    if (email) {
+	NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL,    email);
+    }
     NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
     /* see if the cert is already there */
     rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok,
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index 639d13956..112222ff6 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -1562,6 +1562,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
 	{ CKA_SERIAL_NUMBER,  NULL, 0},
 	{ CKA_VALUE,  NULL, 0},
 	{ CKA_NETSCAPE_TRUST,  NULL, 0},
+	{ CKA_NETSCAPE_EMAIL,  NULL, 0},
     };
     int certCount = sizeof(certAttrs)/sizeof(certAttrs[0]), keyCount = 2;
     int realCount = 0;
@@ -1612,6 +1613,11 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
 	PK11_SETATTRS(attrs,CKA_NETSCAPE_TRUST, certUsage,
 							 sizeof(SECCertUsage));
 	attrs++;
+	if (cert->emailAddr) {
+	    PK11_SETATTRS(attrs,CKA_NETSCAPE_EMAIL, cert->emailAddr,
+						PORT_Strlen(cert->emailAddr);
+	    attrs++;
+	}
     }
     realCount = attrs - certAttrs;
     PORT_Assert(realCount <= certCount);
@@ -1684,11 +1690,16 @@ done:
     nssCryptokiObject *keyobj, *certobj;
     NSSToken *token = PK11Slot_GetNSSToken(slot);
     SECItem *keyID = pk11_mkcertKeyID(cert);
+    char *emailAddr = NULL;
 
     if (keyID == NULL) {
 	goto loser;
     }
 
+    if (PK11_IsInternal(slot) && cert->emailAddr) {
+	emailAddr = cert->emailAddr;
+    }
+
     /* need to get the cert as a stan cert */
     if (cert->nssCertificate) {
 	c = cert->nssCertificate;
@@ -1738,6 +1749,7 @@ done:
                                          &c->issuer,
                                          &c->subject,
                                          &c->serial,
+					 emailAddr,
                                          PR_TRUE);
     if (!certobj) {
 	goto loser;
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
index 170c4f50a..cb06b3a98 100644
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -857,6 +857,11 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
 	     * object in order to store trust.  forcing it to be perm
 	     */
 	    NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
+	    NSSASCII7 *email = NULL;
+
+	    if (PK11_IsInternal(tok->pk11slot)) {
+		email = c->email;
+	    }
 	    newInstance = nssToken_ImportCertificate(tok, NULL,
 	                                             NSSCertificateType_PKIX,
 	                                             &c->id,
@@ -865,6 +870,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
 	                                             &c->issuer,
 	                                             &c->subject,
 	                                             &c->serial,
+						     email,
 	                                             PR_TRUE);
 	    if (!newInstance) {
 		return PR_FAILURE;
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index e006330bc..86b7520f4 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -605,7 +605,8 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)
  	NSSLOWCERTCertTrust defTrust = 
 		{ CERTDB_TRUSTED_UNKNOWN, 
 			CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN };
-	char *label;
+	char *label = NULL;
+	char *email = NULL;
 	SECStatus rv;
 	PRBool inDB = PR_TRUE;
 
@@ -646,10 +647,28 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)
 
 	if (label) PORT_Free(label);
 	pk11_FreeAttribute(attribute);
+
 	if (rv != SECSuccess) {
 	    nsslowcert_DestroyCertificate(cert);
 	    return CKR_DEVICE_ERROR;
 	}
+
+	/*
+	 * Add a NULL S/MIME profile if necessary.
+	 */
+	email = pk11_getString(object,CKA_NETSCAPE_EMAIL);
+	if (email) {
+	    certDBEntrySMime *entry;
+
+	    entry = nsslowcert_ReadDBSMimeEntry(slot->certDB,email);
+	    if (!entry) {
+	    	nsslowcert_SaveSMimeProfile(slot->certDB, email, 
+						&cert->derSubject, NULL, NULL);
+	    } else {
+		 nsslowcert_DestroyDBEntry((certDBEntry *)entry);
+	    }
+	    PORT_Free(email);
+	}
 	object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT);
 	nsslowcert_DestroyCertificate(cert);
     }
@@ -2053,7 +2072,7 @@ pk11_SlotFromID(CK_SLOT_ID slotID)
 PK11Slot *
 pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
 {
-    int slotIDIndex = (handle >> 24) & 0xff;
+    CK_ULONG slotIDIndex = (handle >> 24) & 0xff;
 
     if (slotIDIndex >= nscSlotCount) {
 	return NULL;
@@ -2313,7 +2332,7 @@ static void nscFreeAllSlots()
 	nscSlotHashTable = NULL;
 	nscSlotListSize = 0;
 
-	for (i=0; i < tmpSlotCount; i++) {
+	for (i=0; i < (int) tmpSlotCount; i++) {
 	    slotID = tmpSlotList[i];
 	    slot = (PK11Slot *)
 			PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
@@ -2721,7 +2740,7 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession,
     if (ulPinLen > PK11_MAX_PIN) {
 	return CKR_PIN_LEN_RANGE;
     }
-    if (ulPinLen < slot->minimumPinLen) {
+    if (ulPinLen < (CK_ULONG)slot->minimumPinLen) {
 	return CKR_PIN_LEN_RANGE;
     }
 
@@ -2796,7 +2815,7 @@ CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
     if ((ulNewLen > PK11_MAX_PIN) || (ulOldLen > PK11_MAX_PIN)) {
 	return CKR_PIN_LEN_RANGE;
     }
-    if (ulNewLen < slot->minimumPinLen) {
+    if (ulNewLen < (CK_ULONG)slot->minimumPinLen) {
 	return CKR_PIN_LEN_RANGE;
     }