Fix for bug 215186 - add missing options to PK11_ListCerts . r=wtc

2003-09-18 00:22:18 +00:00 · 2003-09-18 00:22:18 +00:00 · 81af9c614e
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@ -3333,32 +3333,31 @@ pk11ListCertCallback(NSSCertificate *c, void *arg)
    char *nickname = NULL;
    unsigned int certType;

-    if ((type == PK11CertListUnique) || (type == PK11CertListRootUnique)) {
+    if ((type == PK11CertListUnique) || (type == PK11CertListRootUnique) ||
+        (type == PK11CertListCAUnique) || (type == PK11CertListUserUnique) ) {
+        /* only list one instance of each certificate, even if several exist */
 	isUnique = PR_TRUE;
    }
-    if ((type == PK11CertListCA) || (type == PK11CertListRootUnique)) {
+    if ((type == PK11CertListCA) || (type == PK11CertListRootUnique) ||
+        (type == PK11CertListCAUnique)) {
 	isCA = PR_TRUE;
    }

-
    /* if we want user certs and we don't have one skip this cert */
-    if ((type == PK11CertListUser) && 
+    if ( ( (type == PK11CertListUser) || (type == PK11CertListUserUnique) ) && 
 		!NSSCertificate_IsPrivateKeyAvailable(c, NULL,NULL)) {
 	return PR_SUCCESS;
    }

-    /* if we want root certs, skip the user certs */
+    /* PK11CertListRootUnique means we want CA certs without a private key.
+     * This is for legacy app support . PK11CertListCAUnique should be used
+     * instead to get all CA certs, regardless of private key
+     */
    if ((type == PK11CertListRootUnique) && 
 		NSSCertificate_IsPrivateKeyAvailable(c, NULL,NULL)) {
 	return PR_SUCCESS;
    }

-    /* if we want Unique certs and we already have it on our list, skip it */
-    if ( isUnique && isOnList(certList,c) ) {
-	return PR_SUCCESS;
-    }
-
-
    newCert = STAN_GetCERTCertificate(c);
    if (!newCert) {
 	return PR_SUCCESS;
--- a/security/nss/lib/pk11wrap/secmodt.h
+++ b/security/nss/lib/pk11wrap/secmodt.h
@ -118,10 +118,15 @@ struct PK11RSAGenParamsStr {
 };

 typedef enum {
-     PK11CertListUnique = 0,
-     PK11CertListUser = 1,
-     PK11CertListRootUnique = 2,
-     PK11CertListCA = 3
+     PK11CertListUnique = 0,     /* get one instance of all certs */
+     PK11CertListUser = 1,       /* get all instances of user certs */
+     PK11CertListRootUnique = 2, /* get one instance of CA certs without a private key.
+                                  * deprecated. Use PK11CertListCAUnique
+                                  */
+     PK11CertListCA = 3,         /* get all instances of CA certs */
+     PK11CertListCAUnique = 4,   /* get one instance of CA certs */
+     PK11CertListUserUnique = 5, /* get one instance of user certs */
+     PK11CertListAll = 6         /* get all instances of all certs */
 } PK11CertListType;

 /*