b=129067 Deleted certs still appear in Cert Manager, uses slow workaround, which should get removed once bug 138626 is fixed.

r=javi sr=alecf

security/manager/pki/resources/content/certManager.js

@@ -80,7 +80,6 @@ function LoadCerts()
     enableBackupAllButton.setAttribute("enabled",true);
   }
 
-
   var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
   var verifiedColText;
   if (certdb.ocspOn) {
@@ -100,6 +99,14 @@ function ReloadCerts()
   userTreeView.loadCerts(nsIX509Cert.USER_CERT);
 }
 
+function CleanUp()
+{
+  caTreeView = null;
+  serverTreeView = null;
+  emailTreeView = null;
+  userTreeView = null;
+}
+
 function getSelectedTab()
 {
   var selTab = document.getElementById('certMgrTabbox').selectedItem;
@@ -264,6 +271,7 @@ function backupCerts()
     certdb.exportPKCS12File(null, fp.file, 
                             selected_certs.length, selected_certs);
   }
+  selected_certs = [];
 }
 
 function backupAllCerts()
@@ -289,6 +297,7 @@ function editCerts()
                   'chrome,width=100,resizable=1,modal');
     }
   }
+  selected_certs = [];
 }
 
 function restoreCerts()
@@ -338,6 +347,7 @@ function deleteCerts()
   }
   else
   {
+    selected_certs = [];
     return;
   }
 
@@ -346,7 +356,10 @@ function deleteCerts()
   {
     var cert = selected_certs[t];
     params.SetString(t+1, cert.dbKey);  
+    cert = null;
   }
+
+  selected_certs = [];
    
   window.openDialog('chrome://pippki/content/deletecert.xul', "",
                 'chrome,resizable=1,modal',params);
@@ -361,6 +374,7 @@ function viewCerts()
   for (var t=0; t<numcerts; t++) {
     selected_certs[t].view();
   }
+  selected_certs = [];
 }
 
 /* XXX future - import a DER cert from a file? */

security/manager/pki/resources/content/certManager.xul

@@ -35,7 +35,7 @@
 <window id="certmanager" 
 	xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
         title="&certmgr.title;"
-        onload="LoadCerts();">
+        onload="LoadCerts();" onclose="CleanUp();">
 
   <script type="application/x-javascript" src="chrome://help/content/contextHelp.js"/>
   <script type="application/x-javascript" src="chrome://global/content/strres.js"/>

security/manager/pki/resources/content/deletecert.js

@@ -94,6 +94,8 @@ function setWindowName()
   var text;
   for(x=0;x<certs.length;x++)
   {
+    if (!certs[x])
+      continue;
     text = document.createElement("text");
     text.setAttribute("value",certs[x].commonName);
     box.appendChild(text);
@@ -107,7 +109,10 @@ function doOK()
 {
   for(var i=0;i<certs.length;i++)
   {
-    certdb.deleteCertificate(certs[i]);
+    if (certs[i]) {
+      certdb.deleteCertificate(certs[i]);
+      certs[i] = null;
+    }
   }
   window.close();
 }

security/manager/ssl/src/nsCertTree.cpp

@@ -78,12 +78,17 @@ nsCertTree::FreeCertArray()
   if (mCertArray) {
     PRUint32 count;
     nsresult rv = mCertArray->Count(&count);
-    NS_ASSERTION(NS_SUCCEEDED(rv), "Count failed");
+    if (NS_FAILED(rv))
+    {
+      NS_ASSERTION(0, "Count failed");
+      return;
+    }
     PRInt32 i;
     for (i = count - 1; i >= 0; i--)
+    {
       mCertArray->RemoveElementAt(i);
+    }
   }
-  mCertArray = nsnull;
 }
 
 // CmpByToken
@@ -293,7 +298,7 @@ nsCertTree::LoadCerts(PRUint32 aType)
   if (rowsChanged) {
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%d,%d]", mNumRows, numChanged));
     numChanged = mNumRows - numChanged;
-    if (mTree) mTree->RowCountChanged(0, numChanged);
+    if (mTree) mTree->RowCountChanged(0, mNumRows);
   }
   return NS_OK;
 }

security/manager/ssl/src/nsNSSCertificate.cpp

@@ -2888,6 +2888,57 @@ nsNSSCertificateDB::GetCertsByType(PRUint32           aType,
        !CERT_LIST_END(node, certList);
        node = CERT_LIST_NEXT(node)) {
     if (getCertType(node->cert) == aType) {
+
+      // Work around bug 138626.
+
+      PRBool deleted = PR_FALSE;
+
+      {
+        SECItem key;
+        key.len = NS_NSS_LONG*4+node->cert->serialNumber.len+node->cert->derIssuer.len;
+        key.data = (unsigned char *)nsMemory::Alloc(key.len);
+        NS_NSS_PUT_LONG(0,key.data); // later put moduleID
+        NS_NSS_PUT_LONG(0,&key.data[NS_NSS_LONG]); // later put slotID
+        NS_NSS_PUT_LONG(node->cert->serialNumber.len,&key.data[NS_NSS_LONG*2]);
+        NS_NSS_PUT_LONG(node->cert->derIssuer.len,&key.data[NS_NSS_LONG*3]);
+        memcpy(&key.data[NS_NSS_LONG*4],node->cert->serialNumber.data,
+						      node->cert->serialNumber.len);
+        memcpy(&key.data[NS_NSS_LONG*4+node->cert->serialNumber.len],
+			      node->cert->derIssuer.data, node->cert->derIssuer.len);
+
+        SECItem &keyItem = key;
+
+        CERTIssuerAndSN issuerSN;
+        unsigned long moduleID,slotID;
+
+        // someday maybe we can speed up the search using the moduleID and slotID
+        moduleID = NS_NSS_GET_LONG(keyItem.data);
+        slotID = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG]);
+
+        // build the issuer/SN structure
+        issuerSN.serialNumber.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*2]);
+        issuerSN.derIssuer.len = NS_NSS_GET_LONG(&keyItem.data[NS_NSS_LONG*3]);
+        issuerSN.serialNumber.data= &keyItem.data[NS_NSS_LONG*4];
+        issuerSN.derIssuer.data= &keyItem.data[NS_NSS_LONG*4+
+                                                    issuerSN.serialNumber.len];
+
+        CERTCertificate *cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN);
+
+        nsMemory::Free(key.data); // SECItem is a 'c' type without a destrutor
+
+        if (!cert)
+        {
+          deleted = PR_TRUE;
+        }
+        else
+        {
+          CERT_DestroyCertificate(cert);
+        }
+      }
+
+      if (deleted)
+        continue;
+
       nsCOMPtr<nsIX509Cert> pipCert = new nsNSSCertificate(node->cert);
       if (pipCert) {
         for (i=0; i<count; i++) {