Automatically create a NULL email profile for certs with email addresses which

are imported into the internal token.
This commit is contained in:
relyea%netscape.com 2002-05-07 20:38:59 +00:00
Родитель 136df8d56b
Коммит b815a638c1
6 изменённых файлов: 52 добавлений и 9 удалений

Просмотреть файл

@ -170,6 +170,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
&c->issuer,
&c->subject,
&c->serial,
cert->emailAddr,
PR_TRUE);
PK11_FreeSlot(slot);
if (!permInstance) {

Просмотреть файл

@ -41,7 +41,7 @@
*/
#ifdef DEBUG
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.26 $ $Date: 2002-04-26 14:33:59 $ $Name: $";
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.27 $ $Date: 2002-05-07 20:38:49 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSCKT_H
@ -434,6 +434,7 @@ nssToken_ImportCertificate
NSSDER *issuer,
NSSDER *subject,
NSSDER *serial,
NSSASCII7 *emailAddr,
PRBool asTokenObject
);

Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.21 $ $Date: 2002-04-26 14:33:59 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.22 $ $Date: 2002-05-07 20:38:53 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -529,12 +529,13 @@ nssToken_ImportCertificate
NSSDER *issuer,
NSSDER *subject,
NSSDER *serial,
NSSASCII7 *email,
PRBool asTokenObject
)
{
CK_CERTIFICATE_TYPE cert_type;
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE cert_tmpl[9];
CK_ATTRIBUTE cert_tmpl[10];
CK_ULONG ctsize;
nssTokenSearchType searchType;
nssCryptokiObject *rvObject = NULL;
@ -560,6 +561,9 @@ nssToken_ImportCertificate
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
if (email) {
NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL, email);
}
NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
/* see if the cert is already there */
rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok,

Просмотреть файл

@ -1562,6 +1562,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
{ CKA_SERIAL_NUMBER, NULL, 0},
{ CKA_VALUE, NULL, 0},
{ CKA_NETSCAPE_TRUST, NULL, 0},
{ CKA_NETSCAPE_EMAIL, NULL, 0},
};
int certCount = sizeof(certAttrs)/sizeof(certAttrs[0]), keyCount = 2;
int realCount = 0;
@ -1612,6 +1613,11 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
PK11_SETATTRS(attrs,CKA_NETSCAPE_TRUST, certUsage,
sizeof(SECCertUsage));
attrs++;
if (cert->emailAddr) {
PK11_SETATTRS(attrs,CKA_NETSCAPE_EMAIL, cert->emailAddr,
PORT_Strlen(cert->emailAddr);
attrs++;
}
}
realCount = attrs - certAttrs;
PORT_Assert(realCount <= certCount);
@ -1684,11 +1690,16 @@ done:
nssCryptokiObject *keyobj, *certobj;
NSSToken *token = PK11Slot_GetNSSToken(slot);
SECItem *keyID = pk11_mkcertKeyID(cert);
char *emailAddr = NULL;
if (keyID == NULL) {
goto loser;
}
if (PK11_IsInternal(slot) && cert->emailAddr) {
emailAddr = cert->emailAddr;
}
/* need to get the cert as a stan cert */
if (cert->nssCertificate) {
c = cert->nssCertificate;
@ -1738,6 +1749,7 @@ done:
&c->issuer,
&c->subject,
&c->serial,
emailAddr,
PR_TRUE);
if (!certobj) {
goto loser;

Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.51 $ $Date: 2002-04-22 14:14:43 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.52 $ $Date: 2002-05-07 20:38:57 $ $Name: $";
#endif /* DEBUG */
/*
@ -857,6 +857,11 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
* object in order to store trust. forcing it to be perm
*/
NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
NSSASCII7 *email = NULL;
if (PK11_IsInternal(tok->pk11slot)) {
email = c->email;
}
newInstance = nssToken_ImportCertificate(tok, NULL,
NSSCertificateType_PKIX,
&c->id,
@ -865,6 +870,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
&c->issuer,
&c->subject,
&c->serial,
email,
PR_TRUE);
if (!newInstance) {
return PR_FAILURE;

Просмотреть файл

@ -605,7 +605,8 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)
NSSLOWCERTCertTrust defTrust =
{ CERTDB_TRUSTED_UNKNOWN,
CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN };
char *label;
char *label = NULL;
char *email = NULL;
SECStatus rv;
PRBool inDB = PR_TRUE;
@ -646,10 +647,28 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)
if (label) PORT_Free(label);
pk11_FreeAttribute(attribute);
if (rv != SECSuccess) {
nsslowcert_DestroyCertificate(cert);
return CKR_DEVICE_ERROR;
}
/*
* Add a NULL S/MIME profile if necessary.
*/
email = pk11_getString(object,CKA_NETSCAPE_EMAIL);
if (email) {
certDBEntrySMime *entry;
entry = nsslowcert_ReadDBSMimeEntry(slot->certDB,email);
if (!entry) {
nsslowcert_SaveSMimeProfile(slot->certDB, email,
&cert->derSubject, NULL, NULL);
} else {
nsslowcert_DestroyDBEntry((certDBEntry *)entry);
}
PORT_Free(email);
}
object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT);
nsslowcert_DestroyCertificate(cert);
}
@ -2053,7 +2072,7 @@ pk11_SlotFromID(CK_SLOT_ID slotID)
PK11Slot *
pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
{
int slotIDIndex = (handle >> 24) & 0xff;
CK_ULONG slotIDIndex = (handle >> 24) & 0xff;
if (slotIDIndex >= nscSlotCount) {
return NULL;
@ -2313,7 +2332,7 @@ static void nscFreeAllSlots()
nscSlotHashTable = NULL;
nscSlotListSize = 0;
for (i=0; i < tmpSlotCount; i++) {
for (i=0; i < (int) tmpSlotCount; i++) {
slotID = tmpSlotList[i];
slot = (PK11Slot *)
PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
@ -2721,7 +2740,7 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession,
if (ulPinLen > PK11_MAX_PIN) {
return CKR_PIN_LEN_RANGE;
}
if (ulPinLen < slot->minimumPinLen) {
if (ulPinLen < (CK_ULONG)slot->minimumPinLen) {
return CKR_PIN_LEN_RANGE;
}
@ -2796,7 +2815,7 @@ CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
if ((ulNewLen > PK11_MAX_PIN) || (ulOldLen > PK11_MAX_PIN)) {
return CKR_PIN_LEN_RANGE;
}
if (ulNewLen < slot->minimumPinLen) {
if (ulNewLen < (CK_ULONG)slot->minimumPinLen) {
return CKR_PIN_LEN_RANGE;
}