зеркало из https://github.com/mozilla/pjs.git
Automatically create a NULL email profile for certs with email addresses which
are imported into the internal token.
This commit is contained in:
Родитель
136df8d56b
Коммит
b815a638c1
|
@ -170,6 +170,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
|
|||
&c->issuer,
|
||||
&c->subject,
|
||||
&c->serial,
|
||||
cert->emailAddr,
|
||||
PR_TRUE);
|
||||
PK11_FreeSlot(slot);
|
||||
if (!permInstance) {
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.26 $ $Date: 2002-04-26 14:33:59 $ $Name: $";
|
||||
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.27 $ $Date: 2002-05-07 20:38:49 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKT_H
|
||||
|
@ -434,6 +434,7 @@ nssToken_ImportCertificate
|
|||
NSSDER *issuer,
|
||||
NSSDER *subject,
|
||||
NSSDER *serial,
|
||||
NSSASCII7 *emailAddr,
|
||||
PRBool asTokenObject
|
||||
);
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.21 $ $Date: 2002-04-26 14:33:59 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.22 $ $Date: 2002-05-07 20:38:53 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKEPV_H
|
||||
|
@ -529,12 +529,13 @@ nssToken_ImportCertificate
|
|||
NSSDER *issuer,
|
||||
NSSDER *subject,
|
||||
NSSDER *serial,
|
||||
NSSASCII7 *email,
|
||||
PRBool asTokenObject
|
||||
)
|
||||
{
|
||||
CK_CERTIFICATE_TYPE cert_type;
|
||||
CK_ATTRIBUTE_PTR attr;
|
||||
CK_ATTRIBUTE cert_tmpl[9];
|
||||
CK_ATTRIBUTE cert_tmpl[10];
|
||||
CK_ULONG ctsize;
|
||||
nssTokenSearchType searchType;
|
||||
nssCryptokiObject *rvObject = NULL;
|
||||
|
@ -560,6 +561,9 @@ nssToken_ImportCertificate
|
|||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
|
||||
if (email) {
|
||||
NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL, email);
|
||||
}
|
||||
NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
|
||||
/* see if the cert is already there */
|
||||
rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok,
|
||||
|
|
|
@ -1562,6 +1562,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
|
|||
{ CKA_SERIAL_NUMBER, NULL, 0},
|
||||
{ CKA_VALUE, NULL, 0},
|
||||
{ CKA_NETSCAPE_TRUST, NULL, 0},
|
||||
{ CKA_NETSCAPE_EMAIL, NULL, 0},
|
||||
};
|
||||
int certCount = sizeof(certAttrs)/sizeof(certAttrs[0]), keyCount = 2;
|
||||
int realCount = 0;
|
||||
|
@ -1612,6 +1613,11 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
|
|||
PK11_SETATTRS(attrs,CKA_NETSCAPE_TRUST, certUsage,
|
||||
sizeof(SECCertUsage));
|
||||
attrs++;
|
||||
if (cert->emailAddr) {
|
||||
PK11_SETATTRS(attrs,CKA_NETSCAPE_EMAIL, cert->emailAddr,
|
||||
PORT_Strlen(cert->emailAddr);
|
||||
attrs++;
|
||||
}
|
||||
}
|
||||
realCount = attrs - certAttrs;
|
||||
PORT_Assert(realCount <= certCount);
|
||||
|
@ -1684,11 +1690,16 @@ done:
|
|||
nssCryptokiObject *keyobj, *certobj;
|
||||
NSSToken *token = PK11Slot_GetNSSToken(slot);
|
||||
SECItem *keyID = pk11_mkcertKeyID(cert);
|
||||
char *emailAddr = NULL;
|
||||
|
||||
if (keyID == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (PK11_IsInternal(slot) && cert->emailAddr) {
|
||||
emailAddr = cert->emailAddr;
|
||||
}
|
||||
|
||||
/* need to get the cert as a stan cert */
|
||||
if (cert->nssCertificate) {
|
||||
c = cert->nssCertificate;
|
||||
|
@ -1738,6 +1749,7 @@ done:
|
|||
&c->issuer,
|
||||
&c->subject,
|
||||
&c->serial,
|
||||
emailAddr,
|
||||
PR_TRUE);
|
||||
if (!certobj) {
|
||||
goto loser;
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.51 $ $Date: 2002-04-22 14:14:43 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.52 $ $Date: 2002-05-07 20:38:57 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -857,6 +857,11 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
|
|||
* object in order to store trust. forcing it to be perm
|
||||
*/
|
||||
NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
|
||||
NSSASCII7 *email = NULL;
|
||||
|
||||
if (PK11_IsInternal(tok->pk11slot)) {
|
||||
email = c->email;
|
||||
}
|
||||
newInstance = nssToken_ImportCertificate(tok, NULL,
|
||||
NSSCertificateType_PKIX,
|
||||
&c->id,
|
||||
|
@ -865,6 +870,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
|
|||
&c->issuer,
|
||||
&c->subject,
|
||||
&c->serial,
|
||||
email,
|
||||
PR_TRUE);
|
||||
if (!newInstance) {
|
||||
return PR_FAILURE;
|
||||
|
|
|
@ -605,7 +605,8 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)
|
|||
NSSLOWCERTCertTrust defTrust =
|
||||
{ CERTDB_TRUSTED_UNKNOWN,
|
||||
CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN };
|
||||
char *label;
|
||||
char *label = NULL;
|
||||
char *email = NULL;
|
||||
SECStatus rv;
|
||||
PRBool inDB = PR_TRUE;
|
||||
|
||||
|
@ -646,10 +647,28 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)
|
|||
|
||||
if (label) PORT_Free(label);
|
||||
pk11_FreeAttribute(attribute);
|
||||
|
||||
if (rv != SECSuccess) {
|
||||
nsslowcert_DestroyCertificate(cert);
|
||||
return CKR_DEVICE_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* Add a NULL S/MIME profile if necessary.
|
||||
*/
|
||||
email = pk11_getString(object,CKA_NETSCAPE_EMAIL);
|
||||
if (email) {
|
||||
certDBEntrySMime *entry;
|
||||
|
||||
entry = nsslowcert_ReadDBSMimeEntry(slot->certDB,email);
|
||||
if (!entry) {
|
||||
nsslowcert_SaveSMimeProfile(slot->certDB, email,
|
||||
&cert->derSubject, NULL, NULL);
|
||||
} else {
|
||||
nsslowcert_DestroyDBEntry((certDBEntry *)entry);
|
||||
}
|
||||
PORT_Free(email);
|
||||
}
|
||||
object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT);
|
||||
nsslowcert_DestroyCertificate(cert);
|
||||
}
|
||||
|
@ -2053,7 +2072,7 @@ pk11_SlotFromID(CK_SLOT_ID slotID)
|
|||
PK11Slot *
|
||||
pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
|
||||
{
|
||||
int slotIDIndex = (handle >> 24) & 0xff;
|
||||
CK_ULONG slotIDIndex = (handle >> 24) & 0xff;
|
||||
|
||||
if (slotIDIndex >= nscSlotCount) {
|
||||
return NULL;
|
||||
|
@ -2313,7 +2332,7 @@ static void nscFreeAllSlots()
|
|||
nscSlotHashTable = NULL;
|
||||
nscSlotListSize = 0;
|
||||
|
||||
for (i=0; i < tmpSlotCount; i++) {
|
||||
for (i=0; i < (int) tmpSlotCount; i++) {
|
||||
slotID = tmpSlotList[i];
|
||||
slot = (PK11Slot *)
|
||||
PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
|
||||
|
@ -2721,7 +2740,7 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession,
|
|||
if (ulPinLen > PK11_MAX_PIN) {
|
||||
return CKR_PIN_LEN_RANGE;
|
||||
}
|
||||
if (ulPinLen < slot->minimumPinLen) {
|
||||
if (ulPinLen < (CK_ULONG)slot->minimumPinLen) {
|
||||
return CKR_PIN_LEN_RANGE;
|
||||
}
|
||||
|
||||
|
@ -2796,7 +2815,7 @@ CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
|
|||
if ((ulNewLen > PK11_MAX_PIN) || (ulOldLen > PK11_MAX_PIN)) {
|
||||
return CKR_PIN_LEN_RANGE;
|
||||
}
|
||||
if (ulNewLen < slot->minimumPinLen) {
|
||||
if (ulNewLen < (CK_ULONG)slot->minimumPinLen) {
|
||||
return CKR_PIN_LEN_RANGE;
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче