Bug 65903: Fixes to allow iWS admin stuff to work with shared library NSS

Add necessary exported symbols. Fix bug in NSS_Initialize where we weren't passing the read only paramter through. Add function to search for Certificate Lists so that Traverse does not need to be exposed. Update pkcs11 names.
2001-01-19 07:53:54 +00:00 · 2001-01-19 07:53:54 +00:00 · 82b228ad5d
--- a/security/nss/lib/certdb/cert.h
+++ b/security/nss/lib/certdb/cert.h
@ -34,7 +34,7 @@
 /*
 * cert.h - public data structures and prototypes for the certificate library
 *
- * $Id: cert.h,v 1.6 2001-01-08 19:43:01 mcgreer%netscape.com Exp $
+ * $Id: cert.h,v 1.7 2001-01-19 07:53:43 relyea%netscape.com Exp $
 */

 #ifndef _CERT_H_
@ -1060,6 +1060,9 @@ CERT_RemoveCertListNode(CERTCertListNode *node);
 SECStatus
 CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert);

+SECStatus
+CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert);
+
 typedef PRBool (* CERTSortCallback)(CERTCertificate *certa,
 				    CERTCertificate *certb,
 				    void *arg);
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@ -34,7 +34,7 @@
 /*
 * Certificate handling code
 *
- * $Id: certdb.c,v 1.5 2001-01-07 08:12:48 nelsonb%netscape.com Exp $
+ * $Id: certdb.c,v 1.6 2001-01-19 07:53:44 relyea%netscape.com Exp $
 */

 #include "nssilock.h"
@ -2007,6 +2007,31 @@ loser:
    return(SECFailure);
 }

+SECStatus
+CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert)
+{
+    CERTCertListNode *node;
+    CERTCertListNode *head;
+    
+    head = CERT_LIST_HEAD(certs);
+
+    if (head == NULL) return CERT_AddCertToListTail(certs,cert);
+
+    node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
+						sizeof(CERTCertListNode));
+    if ( node == NULL ) {
+	goto loser;
+    }
+    
+    PR_INSERT_BEFORE(&node->links, &head->links);
+    /* certs->count++; */
+    node->cert = cert;
+    return(SECSuccess);
+    
+loser:
+    return(SECFailure);
+}
+
 /*
 * Sort callback function to determine if cert a is newer than cert b.
 * Not valid certs are considered older than valid certs.
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@ -48,10 +48,19 @@
 LIBRARY nss3	;-
 EXPORTS		;-
 ATOB_AsciiToData;
+BTOA_ConvertItemToAscii;
 BTOA_DataToAscii;
 CERT_AsciiToName;
 CERT_CertTimesValid;
 CERT_CheckCertValidTimes;
+CERT_CreateCertificateRequest;
+CERT_ChangeCertTrust;
+CERT_DecodeDERCrl;
+CERT_DestroyCertificateRequest;
+CERT_DestroyCertList;
+CERT_DestroyName;
+CERT_EnableOCSPChecking;
+CERT_FormatName;
 CERT_DestroyCertificate;
 CERT_DupCertificate;
 CERT_FreeDistNames;
@ -72,6 +81,7 @@ CERT_GetOrgName;
 CERT_GetOrgUnitName;
 CERT_GetSSLCACerts;
 CERT_GetStateName;
+CERT_ImportCAChain;
 CERT_NameToAscii;
 CERT_RFC1485_EscapeAndQuote;
 CERT_VerifyCertName;
@ -93,19 +103,23 @@ PK11_ConfigurePKCS11;
 PK11_CreateContextBySymKey;
 PK11_CreateDigestContext;
 PK11_DestroyContext;
+PK11_DestroyTokenObject;
 PK11_DigestBegin;
 PK11_DigestOp;
 PK11_DigestFinal;
 PK11_DoesMechanism;
 PK11_FindCertFromNickname;
 PK11_FindCertFromDERCert;
+PK11_FindCertByIssuerAndSN;
 PK11_FindKeyByAnyCert;
 PK11_FindKeyByDERCert;
 PK11_FindSlotByName;
 PK11_Finalize;
 PK11_FortezzaHasKEA;
 PK11_FreeSlot;
+PK11_FreeSlotList;
 PK11_FreeSymKey;
+PK11_GenerateKeyPair;
 PK11_GenerateRandom;
 PK11_GenerateNewParam;
 PK11_GetAllTokens;
@ -117,26 +131,42 @@ PK11_GetSlotName;
 PK11_GetTokenName;
 PK11_HashBuf;
 PK11_IsFIPS;
+PK11_IsFriendly;
 PK11_IsInternal;
 PK11_IsHW;
 PK11_IsPresent;
 PK11_IsReadOnly;
 PK11_KeyGen;
+PK11_ListCerts;
 PK11_NeedLogin;
+PK11_RandomUpdate;
 PK11_SetPasswordFunc;
 PK11_SetSlotPWValues;
 PORT_Alloc;
 PORT_Free;
 PORT_GetError;
 PORT_SetError;
+PORT_SetUCS4_UTF8ConversionFunction;
 SECITEM_CopyItem;
 SECITEM_DupItem;
 SECITEM_FreeItem;
 SECITEM_ZfreeItem;
+SECKEY_ConvertToPublicKey;
 SECKEY_CopyPrivateKey;
+SECKEY_CreateSubjectPublicKeyInfo;
 SECKEY_DestroyPrivateKey;
+SECKEY_DestroySubjectPublicKeyInfo;
+SECMOD_IsModulePresent;
 SECOID_FindOIDTagDescription;
 SECOID_GetAlgorithmTag;
+SEC_DeletePermCertificate;
+SEC_DeletePermCRL;
+SEC_DerSignData;
+SEC_DestroyCrl;
+SEC_FindCrlByDERCert;
+SEC_FindCrlByName;
+SEC_LookupCrls;
+SEC_NewCrl;
 ;+#
 ;+# The following symbols are exported only to make libssl3.so work. 
 ;+# These are still private!!!
@ -323,7 +353,6 @@ SEC_ASN1EncoderSetTakeFromBuf;
 SEC_ASN1EncoderStart;
 SEC_ASN1EncoderUpdate;
 SEC_ASN1LengthLength;
-SEC_DeletePermCertificate;
 SEC_PKCS5GetCryptoAlgorithm;
 SEC_PKCS5GetKeyLength;
 SEC_PKCS5GetPBEAlgorithm;
--- a/security/nss/lib/nss/nssinit.c
+++ b/security/nss/lib/nss/nssinit.c
@ -32,7 +32,7 @@
 * may use your version of this file under either the MPL or the
 * GPL.
 *
- # $Id: nssinit.c,v 1.8 2001-01-18 20:29:00 wtc%netscape.com Exp $
+ # $Id: nssinit.c,v 1.9 2001-01-19 07:53:47 relyea%netscape.com Exp $
 */

 #include <ctype.h>
@ -208,7 +208,7 @@ NSS_InitReadWrite(const char *configdir)
 SECStatus
 NSS_Initialize(const char *configdir, const char *certPrefix, const char *keyPrefix, const char *secmodName, PRBool readonly)
 {
-    return nss_Init(configdir, certPrefix, keyPrefix, secmodName, PR_TRUE);
+    return nss_Init(configdir, certPrefix, keyPrefix, secmodName, readonly);
 }

 /*
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@ -2542,3 +2542,89 @@ PK11_GetKeyIDFromPrivateKey(SECKEYPrivateKey *key, void *wincx)
 loser:
    return item;
 }
+
+struct listCertsStr {
+    enum PK11CertListType type;
+    CERTCertList *certList;
+};
+
+static PRBool
+isOnList(CERTCertList *certList,CERTCertificate *cert)
+{
+	CERTCertListNode *cln;
+
+	for (cln = CERT_LIST_HEAD(certList); !CERT_LIST_END(cln,certList);
+			cln = CERT_LIST_NEXT(cln)) {
+	    if (cln->cert == cert) {
+		return PR_TRUE;
+	    }
+	}
+	return PR_FALSE;
+}
+
+static SECStatus
+pk11ListCertCallback(CERTCertificate *cert, SECItem *derCert, void *arg)
+{
+    struct listCertsStr *listCertP = (struct listCertsStr *)arg;
+    CERTCertificate *newCert = NULL;
+    enum PK11CertListType type = listCertP->type;
+    CERTCertList *certList = listCertP->certList;
+    CERTCertTrust *trust;
+
+    if (derCert == NULL) {
+	newCert=CERT_DupCertificate(cert);
+    } else {
+	newCert=CERT_FindCertByDERCert(CERT_GetDefaultCertDB(),&cert->derCert);
+    }
+
+    if (newCert == NULL) return SECSuccess;
+
+    trust = newCert->trust;
+
+    /* if we want user certs and we don't have one skip this cert */
+    if ((type == PK11CertListUser) && 
+	( (cert->slot == NULL) || 
+	  (trust == NULL) || (((trust->sslFlags & CERTDB_USER == 0)  && 
+				((trust->emailFlags & CERTDB_USER) == 0))) ) ) {
+	CERT_DestroyCertificate(newCert);
+	return SECSuccess;
+    }
+
+
+    /* if we want Unique certs and we already have it on our list, skip it */
+    if ((type == PK11CertListUnique) && (isOnList(certList,newCert))) {
+	CERT_DestroyCertificate(newCert);
+	return SECSuccess;
+    }
+
+
+    /* put slot certs at the end */
+    if (newCert->slot && !PK11_IsInternal(newCert->slot)) {
+    	CERT_AddCertToListTail(certList,newCert);
+    } else {
+    	CERT_AddCertToListHead(certList,newCert);
+    }
+    return SECSuccess;
+}
+
+
+CERTCertList *
+PK11_ListCerts(enum PK11CertListType type, void *pwarg)
+{
+    CERTCertList *certList = NULL;
+    struct listCertsStr listCerts;
+    
+    certList= CERT_NewCertList();
+    listCerts.type = type;
+    listCerts.certList = certList;
+
+    SEC_TraversePermCerts(CERT_GetDefaultCertDB(),pk11ListCertCallback,&listCerts);
+
+    PK11_TraverseSlotCerts(pk11ListCertCallback,&listCerts,pwarg);
+
+    if (CERT_LIST_HEAD(certList) == NULL) {
+	CERT_DestroyCertList(certList);
+	certList = NULL;
+    }
+    return certList;
+}
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ b/security/nss/lib/pk11wrap/pk11func.h
@ -387,6 +387,8 @@ SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname,
 	void *arg);
 SECStatus PK11_TraverseCertsInSlot(PK11SlotInfo *slot,
       SECStatus(* callback)(CERTCertificate*, void *), void *arg);
+CERTCertList *
+PK11_ListCerts(enum PK11CertListType type, void *pwarg);


 /**********************************************************************
--- a/security/nss/lib/pk11wrap/secmodt.h
+++ b/security/nss/lib/pk11wrap/secmodt.h
@ -96,6 +96,11 @@ struct PK11RSAGenParamsStr {
    unsigned long pe;
 };

+enum PK11CertListType {
+	PK11CertListUnique = 0,
+	PK11CertListUser = 1
+};
+
 /*
 * Entry into the Array which lists all the legal bits for the default flags
 * in the slot, their definition, and the PKCS #11 mechanism the represent
--- a/security/nss/lib/smime/smime.def
+++ b/security/nss/lib/smime/smime.def
@ -127,6 +127,7 @@ NSS_CMSSignerInfo_GetVersion;
 NSS_CMSSignerInfo_IncludeCerts;
 NSS_CMSUtil_VerificationStatusToString;
 NSS_SMIMEUtil_FindBulkAlgForRecipients;
+CERT_DecodeCertPackage;
 SEC_PKCS7AddRecipient;
 SEC_PKCS7AddSigningTime;
 SEC_PKCS7ContentType;
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@ -67,15 +67,15 @@

 /* The next three strings must be exactly 32 characters long */
 static char *manufacturerID      = "Netscape Communications Corp    ";
-static char *libraryDescription  = "Communicator Internal Crypto Svc";
-static char *tokDescription      = "Communicator Generic Crypto Svcs";
-static char *privTokDescription  = "Communicator Certificate DB     ";
+static char *libraryDescription  = "NSS Internal Crypto Services    ";
+static char *tokDescription      = "NSS Generic Crypto Services     ";
+static char *privTokDescription  = "NSS Certificate DB              ";
 /* The next two strings must be exactly 64 characters long, with the
   first 32 characters meaningful  */
 static char *slotDescription     = 
-	"Communicator Internal Cryptographic Services Version 4.0        ";
+	"NSS Internal Cryptographic Services Version 3.2                 ";
 static char *privSlotDescription = 
-	"Communicator User Private Key and Certificate Services          ";
+	"NSS User Private Key and Certificate Services                   ";
 static int minimumPinLen = 0;

 #define __PASTE(x,y)    x##y
@ -2372,8 +2372,8 @@ CK_RV  NSC_GetInfo(CK_INFO_PTR pInfo)
    pInfo->cryptokiVersion.major = 2;
    pInfo->cryptokiVersion.minor = 1;
    PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
-    pInfo->libraryVersion.major = 4;
-    pInfo->libraryVersion.minor = 0;
+    pInfo->libraryVersion.major = 3;
+    pInfo->libraryVersion.minor = 2;
    PORT_Memcpy(pInfo->libraryDescription,libraryDescription,32);
    pInfo->flags = 0;
    return CKR_OK;
@ -2401,8 +2401,8 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
 	PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
 	PORT_Memcpy(pInfo->slotDescription,slotDescription,64);
 	pInfo->flags = CKF_TOKEN_PRESENT;
-        pInfo->hardwareVersion.major = 4;
-        pInfo->hardwareVersion.minor = 1;
+        pInfo->hardwareVersion.major = 3;
+        pInfo->hardwareVersion.minor = 2;
 	return CKR_OK;
    case PRIVATE_KEY_SLOT_ID:
 	PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);