diff options
author | relyea%netscape.com <devnull@localhost> | 2002-05-07 20:38:59 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2002-05-07 20:38:59 +0000 |
commit | d7794dca672b3fdbe37caf9f8213881be5b99d71 (patch) | |
tree | 182553e1c9d89fba8ae755b4aa879d2f250cd72e | |
parent | 621ed7382b573312b79d32be829da0a031b128cd (diff) | |
download | nss-hg-d7794dca672b3fdbe37caf9f8213881be5b99d71.tar.gz |
Automatically create a NULL email profile for certs with email addresses which
are imported into the internal token.
-rw-r--r-- | security/nss/lib/certdb/stanpcertdb.c | 1 | ||||
-rw-r--r-- | security/nss/lib/dev/dev.h | 1 | ||||
-rw-r--r-- | security/nss/lib/dev/devtoken.c | 6 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 12 | ||||
-rw-r--r-- | security/nss/lib/pki/pki3hack.c | 6 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 29 |
6 files changed, 49 insertions, 6 deletions
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c index 78dbdaa0f..1ed2e8d23 100644 --- a/security/nss/lib/certdb/stanpcertdb.c +++ b/security/nss/lib/certdb/stanpcertdb.c @@ -170,6 +170,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, &c->issuer, &c->subject, &c->serial, + cert->emailAddr, PR_TRUE); PK11_FreeSlot(slot); if (!permInstance) { diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h index 169cfd406..e7651aa47 100644 --- a/security/nss/lib/dev/dev.h +++ b/security/nss/lib/dev/dev.h @@ -434,6 +434,7 @@ nssToken_ImportCertificate NSSDER *issuer, NSSDER *subject, NSSDER *serial, + NSSASCII7 *emailAddr, PRBool asTokenObject ); diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index 7c1dbda1b..70f552d4b 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -529,12 +529,13 @@ nssToken_ImportCertificate NSSDER *issuer, NSSDER *subject, NSSDER *serial, + NSSASCII7 *email, PRBool asTokenObject ) { CK_CERTIFICATE_TYPE cert_type; CK_ATTRIBUTE_PTR attr; - CK_ATTRIBUTE cert_tmpl[9]; + CK_ATTRIBUTE cert_tmpl[10]; CK_ULONG ctsize; nssTokenSearchType searchType; nssCryptokiObject *rvObject = NULL; @@ -560,6 +561,9 @@ nssToken_ImportCertificate NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); + if (email) { + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL, email); + } NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); /* see if the cert is already there */ rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok, diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 639d13956..112222ff6 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1562,6 +1562,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, { CKA_SERIAL_NUMBER, NULL, 0}, { CKA_VALUE, NULL, 0}, { CKA_NETSCAPE_TRUST, NULL, 0}, + { CKA_NETSCAPE_EMAIL, NULL, 0}, }; int certCount = sizeof(certAttrs)/sizeof(certAttrs[0]), keyCount = 2; int realCount = 0; @@ -1612,6 +1613,11 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, PK11_SETATTRS(attrs,CKA_NETSCAPE_TRUST, certUsage, sizeof(SECCertUsage)); attrs++; + if (cert->emailAddr) { + PK11_SETATTRS(attrs,CKA_NETSCAPE_EMAIL, cert->emailAddr, + PORT_Strlen(cert->emailAddr); + attrs++; + } } realCount = attrs - certAttrs; PORT_Assert(realCount <= certCount); @@ -1684,11 +1690,16 @@ done: nssCryptokiObject *keyobj, *certobj; NSSToken *token = PK11Slot_GetNSSToken(slot); SECItem *keyID = pk11_mkcertKeyID(cert); + char *emailAddr = NULL; if (keyID == NULL) { goto loser; } + if (PK11_IsInternal(slot) && cert->emailAddr) { + emailAddr = cert->emailAddr; + } + /* need to get the cert as a stan cert */ if (cert->nssCertificate) { c = cert->nssCertificate; @@ -1738,6 +1749,7 @@ done: &c->issuer, &c->subject, &c->serial, + emailAddr, PR_TRUE); if (!certobj) { goto loser; diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 170c4f50a..cb06b3a98 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -857,6 +857,11 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) * object in order to store trust. forcing it to be perm */ NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); + NSSASCII7 *email = NULL; + + if (PK11_IsInternal(tok->pk11slot)) { + email = c->email; + } newInstance = nssToken_ImportCertificate(tok, NULL, NSSCertificateType_PKIX, &c->id, @@ -865,6 +870,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) &c->issuer, &c->subject, &c->serial, + email, PR_TRUE); if (!newInstance) { return PR_FAILURE; diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index e006330bc..86b7520f4 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -605,7 +605,8 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) NSSLOWCERTCertTrust defTrust = { CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN }; - char *label; + char *label = NULL; + char *email = NULL; SECStatus rv; PRBool inDB = PR_TRUE; @@ -646,10 +647,28 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) if (label) PORT_Free(label); pk11_FreeAttribute(attribute); + if (rv != SECSuccess) { nsslowcert_DestroyCertificate(cert); return CKR_DEVICE_ERROR; } + + /* + * Add a NULL S/MIME profile if necessary. + */ + email = pk11_getString(object,CKA_NETSCAPE_EMAIL); + if (email) { + certDBEntrySMime *entry; + + entry = nsslowcert_ReadDBSMimeEntry(slot->certDB,email); + if (!entry) { + nsslowcert_SaveSMimeProfile(slot->certDB, email, + &cert->derSubject, NULL, NULL); + } else { + nsslowcert_DestroyDBEntry((certDBEntry *)entry); + } + PORT_Free(email); + } object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT); nsslowcert_DestroyCertificate(cert); } @@ -2053,7 +2072,7 @@ pk11_SlotFromID(CK_SLOT_ID slotID) PK11Slot * pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle) { - int slotIDIndex = (handle >> 24) & 0xff; + CK_ULONG slotIDIndex = (handle >> 24) & 0xff; if (slotIDIndex >= nscSlotCount) { return NULL; @@ -2313,7 +2332,7 @@ static void nscFreeAllSlots() nscSlotHashTable = NULL; nscSlotListSize = 0; - for (i=0; i < tmpSlotCount; i++) { + for (i=0; i < (int) tmpSlotCount; i++) { slotID = tmpSlotList[i]; slot = (PK11Slot *) PL_HashTableLookup(tmpSlotHashTable, (void *)slotID); @@ -2721,7 +2740,7 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession, if (ulPinLen > PK11_MAX_PIN) { return CKR_PIN_LEN_RANGE; } - if (ulPinLen < slot->minimumPinLen) { + if (ulPinLen < (CK_ULONG)slot->minimumPinLen) { return CKR_PIN_LEN_RANGE; } @@ -2796,7 +2815,7 @@ CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, if ((ulNewLen > PK11_MAX_PIN) || (ulOldLen > PK11_MAX_PIN)) { return CKR_PIN_LEN_RANGE; } - if (ulNewLen < slot->minimumPinLen) { + if (ulNewLen < (CK_ULONG)slot->minimumPinLen) { return CKR_PIN_LEN_RANGE; } |