Bugzilla bug 72291: have PK11_ListCerts return all the cert instances on

tokens.  The patch is Julien Pierre's, with changes by Wan-Teh Chang.
Modified Files: pk11wrap/pk11cert.c pki/pki3hack.c pki/pki3hack.h

3 files changed, 50 insertions, 8 deletions

diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index 33d896ec5..08813fd1c 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -3367,15 +3367,41 @@ pk11ListCertCallback(NSSCertificate *c, void *arg)
     if( isCA  && (!CERT_IsCACert(newCert, &certType)) ) {
 	return PR_SUCCESS;
     }
-    CERT_DupCertificate(newCert);
+    if (isUnique) {
+	CERT_DupCertificate(newCert);
 
-    nickname = STAN_GetCERTCertificateName(c);
+	nickname = STAN_GetCERTCertificateName(c);
 
-    /* put slot certs at the end */
-    if (newCert->slot && !PK11_IsInternal(newCert->slot)) {
-    	CERT_AddCertToListTailWithData(certList,newCert,nickname);
+	/* put slot certs at the end */
+	if (newCert->slot && !PK11_IsInternal(newCert->slot)) {
+	    CERT_AddCertToListTailWithData(certList,newCert,nickname);
+	} else {
+	    CERT_AddCertToListHeadWithData(certList,newCert,nickname);
+	}
     } else {
-    	CERT_AddCertToListHeadWithData(certList,newCert,nickname);
+	/* add multiple instances to the cert list */
+	nssCryptokiObject **ip;
+	nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
+	if (!instances) {
+	    return PR_SUCCESS;
+	}
+	for (ip = instances; *ip; ip++) {
+	    nssCryptokiObject *instance = *ip;
+	    PK11SlotInfo *slot = instance->token->pk11slot;
+
+	    /* put the same CERTCertificate in the list for all instances */
+	    CERT_DupCertificate(newCert);
+
+	    nickname = STAN_GetCERTCertificateNameForInstance(c, instance);
+
+	    /* put slot certs at the end */
+	    if (slot && !PK11_IsInternal(slot)) {
+		CERT_AddCertToListTailWithData(certList,newCert,nickname);
+	    } else {
+		CERT_AddCertToListHeadWithData(certList,newCert,nickname);
+	    }
+	}
+	nssCryptokiObjectArray_Destroy(instances);
     }
     return PR_SUCCESS;
 }
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
index ef378970a..7ee909e07 100644
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -586,9 +586,11 @@ get_cert_instance(NSSCertificate *c)
 }
 
 char * 
-STAN_GetCERTCertificateName(NSSCertificate *c)
+STAN_GetCERTCertificateNameForInstance (
+  NSSCertificate *c,
+  nssCryptokiInstance *instance
+)
 {
-    nssCryptokiInstance *instance = get_cert_instance(c);
     NSSCryptoContext *context = c->object.cryptoContext;
     PRStatus nssrv;
     int nicklen, tokenlen, len;
@@ -626,6 +628,12 @@ STAN_GetCERTCertificateName(NSSCertificate *c)
     return nickname;
 }
 
+char * 
+STAN_GetCERTCertificateName(NSSCertificate *c)
+{
+    nssCryptokiInstance *instance = get_cert_instance(c);
+    return STAN_GetCERTCertificateNameForInstance(c, instance);
+}
 
 static void
 fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced)
diff --git a/security/nss/lib/pki/pki3hack.h b/security/nss/lib/pki/pki3hack.h
index da68269c3..da49859e8 100644
--- a/security/nss/lib/pki/pki3hack.h
+++ b/security/nss/lib/pki/pki3hack.h
@@ -42,6 +42,10 @@ static const char PKINSS3HACK_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name
 #include "nssdevt.h"
 #endif /* NSSDEVT_H */
 
+#ifndef DEVT_H
+#include "devt.h"
+#endif /* DEVT_H */
+
 #ifndef NSSPKIT_H
 #include "nsspkit.h"
 #endif /* NSSPKIT_H */
@@ -109,6 +113,10 @@ nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena,
 NSS_EXTERN char *
 STAN_GetCERTCertificateName(NSSCertificate *c);
 
+NSS_EXTERN char *
+STAN_GetCERTCertificateNameForInstance(NSSCertificate *c,
+                                       nssCryptokiInstance *instance);
+
 /* exposing this */
 NSS_EXTERN NSSCertificate *
 NSSCertificate_Create