diff options
author | Robert Relyea <rrelyea@redhat.com> | 2018-02-27 14:58:14 +0100 |
---|---|---|
committer | Robert Relyea <rrelyea@redhat.com> | 2018-02-27 14:58:14 +0100 |
commit | ba9bb1e4ca10c86d18b1a0f153306156979512d9 (patch) | |
tree | 451eab9e7d6dc0aca0e93519005fd07580edafe7 | |
parent | d3417611b4aefdc9b81b9aa9be7f23b7b9728898 (diff) | |
download | nss-hg-ba9bb1e4ca10c86d18b1a0f153306156979512d9.tar.gz |
Bug 1429591, Importing a certificate with CERT_ImportCerts to an NSS SQL db doesn't associate it to the existing private key, r=kaie
-rw-r--r-- | lib/certdb/cert.h | 2 | ||||
-rw-r--r-- | lib/certdb/stanpcertdb.c | 15 | ||||
-rw-r--r-- | lib/pk11wrap/secmodi.h | 1 |
3 files changed, 16 insertions, 2 deletions
diff --git a/lib/certdb/cert.h b/lib/certdb/cert.h index c76a5a9b0..086c90fdb 100644 --- a/lib/certdb/cert.h +++ b/lib/certdb/cert.h @@ -278,7 +278,7 @@ extern CERTCertDBHandle *CERT_GetDefaultCertDB(void); extern CERTCertList *CERT_GetCertChainFromCert(CERTCertificate *cert, PRTime time, SECCertUsage usage); extern CERTCertificate *CERT_NewTempCertificate(CERTCertDBHandle *handle, - SECItem *derCert, + const SECItem *derCert, char *nickname, PRBool isperm, PRBool copyDER); diff --git a/lib/certdb/stanpcertdb.c b/lib/certdb/stanpcertdb.c index a26ebf881..477008907 100644 --- a/lib/certdb/stanpcertdb.c +++ b/lib/certdb/stanpcertdb.c @@ -30,6 +30,7 @@ #include "pkistore.h" #include "dev3hack.h" #include "dev.h" +#include "secmodi.h" PRBool SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject, @@ -280,6 +281,18 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, nssCertificateStore_RemoveCertLOCKED(context->certStore, c); nssCertificateStore_Unlock(context->certStore, &lockTrace, &unlockTrace); c->object.cryptoContext = NULL; + + /* if the id has not been set explicitly yet, create one from the public + * key. */ + if (c->id.data == NULL) { + SECItem *keyID = pk11_mkcertKeyID(cert); + if (keyID) { + nssItem_Create(c->object.arena, &c->id, keyID->len, keyID->data); + SECITEM_FreeItem(keyID, PR_TRUE); + } + /* if any of these failed, continue with our null c->id */ + } + /* Import the perm instance onto the internal token */ slot = PK11_GetInternalKeySlot(); internal = PK11Slot_GetNSSToken(slot); @@ -328,7 +341,7 @@ CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, } CERTCertificate * -CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, +CERT_NewTempCertificate(CERTCertDBHandle *handle, const SECItem *derCert, char *nickname, PRBool isperm, PRBool copyDER) { NSSCertificate *c; diff --git a/lib/pk11wrap/secmodi.h b/lib/pk11wrap/secmodi.h index 1225661ad..84f5f2a30 100644 --- a/lib/pk11wrap/secmodi.h +++ b/lib/pk11wrap/secmodi.h @@ -164,6 +164,7 @@ CERTCertificate *PK11_MakeCertFromHandle(PK11SlotInfo *slot, SECItem *pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen); SECItem *pk11_ParamFromIVWithLen(CK_MECHANISM_TYPE type, SECItem *iv, int keyLen); +SECItem *pk11_mkcertKeyID(CERTCertificate *cert); SEC_END_PROTOS |