diff options
author | relyea%netscape.com <devnull@localhost> | 2005-08-12 18:01:26 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2005-08-12 18:01:26 +0000 |
commit | dc548377baa66a4bbf951002fed2680c08594f56 (patch) | |
tree | b9ede1576ab16716517eae6a770787372f2f535f /security/nss/lib/softoken | |
parent | 12176500010caf2636115bba6552d756d3125854 (diff) | |
download | nss-hg-dc548377baa66a4bbf951002fed2680c08594f56.tar.gz |
Bug 303010 Certificate upgrade can drop S/MIME certificates
r=wtc.
Delay loading the S/MIME records on upgrade until the cert is loaded
Diffstat (limited to 'security/nss/lib/softoken')
-rw-r--r-- | security/nss/lib/softoken/pcertdb.c | 65 |
1 files changed, 42 insertions, 23 deletions
diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c index e92f1b993..c344b525f 100644 --- a/security/nss/lib/softoken/pcertdb.c +++ b/security/nss/lib/softoken/pcertdb.c @@ -3521,6 +3521,9 @@ UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) case certDBEntryTypeSubject: case certDBEntryTypeContentVersion: case certDBEntryTypeNickname: + /* smime profiles need entries created after the certs have + * been imported, loop over them in a second run */ + case certDBEntryTypeSMimeProfile: break; case certDBEntryTypeCert: @@ -3568,22 +3571,45 @@ UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) crlEntry.common.arena = NULL; break; - case certDBEntryTypeSMimeProfile: - smimeEntry.common.version = (unsigned int)dataBuf[0]; - smimeEntry.common.type = entryType; - smimeEntry.common.flags = (unsigned int)dataBuf[2]; - smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data); - /* decode entry */ + default: + break; + } + } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 ); + + /* now loop again updating just the SMimeProfile. */ + ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST); + + if ( ret ) { + return(SECFailure); + } + + do { + unsigned char *dataBuf = (unsigned char *)data.data; + unsigned char *keyBuf = (unsigned char *)key.data; + dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN]; + dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN; + entryType = (certDBEntryType) keyBuf[0]; + if (entryType != certDBEntryTypeSMimeProfile) { + continue; + } + dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN]; + dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN; + if ((dbEntry.len <= 0) || (dbKey.len <= 0)) { + continue; + } + smimeEntry.common.version = (unsigned int)dataBuf[0]; + smimeEntry.common.type = entryType; + smimeEntry.common.flags = (unsigned int)dataBuf[2]; + smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + /* decode entry */ + rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data); + if (rv == SECSuccess) { nsslowcert_UpdateSMimeProfile(handle, smimeEntry.emailAddr, &smimeEntry.subjectName, &smimeEntry.smimeOptions, &smimeEntry.optionsDate); - PORT_FreeArena(smimeEntry.common.arena, PR_FALSE); - smimeEntry.common.arena = NULL; - break; - default: - break; } + PORT_FreeArena(smimeEntry.common.arena, PR_FALSE); + smimeEntry.common.arena = NULL; } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 ); (* updatedb->close)(updatedb); @@ -4037,17 +4063,6 @@ openNewCertDB(const char *appName, const char *prefix, const char *certdbname, } /* Verify version number; */ - - if (appName) { - updatedb = dbsopen(certdbname, NO_RDONLY, 0600, DB_HASH, 0); - if (updatedb) { - rv = UpdateV8DB(handle, updatedb); - db_FinishTransaction(handle->permCertDB,PR_FALSE); - db_InitComplete(handle->permCertDB); - return(rv); - } - } - versionEntry = NewDBVersionEntry(0); if ( versionEntry == NULL ) { rv = SECFailure; @@ -4064,6 +4079,10 @@ openNewCertDB(const char *appName, const char *prefix, const char *certdbname, /* rv must already be Success here because of previous if statement */ /* try to upgrade old db here */ + if (appName && + (updatedb = dbsopen(certdbname, NO_RDONLY, 0600, DB_HASH, 0)) != NULL) { + rv = UpdateV8DB(handle, updatedb); + } if ((updatedb = nsslowcert_openolddb(namecb,cbarg,7)) != NULL) { rv = UpdateV7DB(handle, updatedb); } else if ((updatedb = nsslowcert_openolddb(namecb,cbarg,6)) != NULL) { |