diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c index 78dbdaa0f7e..1ed2e8d2332 100644 --- a/security/nss/lib/certdb/stanpcertdb.c +++ b/security/nss/lib/certdb/stanpcertdb.c @@ -170,6 +170,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, &c->issuer, &c->subject, &c->serial, + cert->emailAddr, PR_TRUE); PK11_FreeSlot(slot); if (!permInstance) { diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h index 222c9b413b0..9284a635f28 100644 --- a/security/nss/lib/dev/dev.h +++ b/security/nss/lib/dev/dev.h @@ -41,7 +41,7 @@ */ #ifdef DEBUG -static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.26 $ $Date: 2002-04-26 14:33:59 $ $Name: $"; +static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.27 $ $Date: 2002-05-07 20:38:49 $ $Name: $"; #endif /* DEBUG */ #ifndef NSSCKT_H @@ -434,6 +434,7 @@ nssToken_ImportCertificate NSSDER *issuer, NSSDER *subject, NSSDER *serial, + NSSASCII7 *emailAddr, PRBool asTokenObject ); diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index ff0a9cd3423..0f953ec651d 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.21 $ $Date: 2002-04-26 14:33:59 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.22 $ $Date: 2002-05-07 20:38:53 $ $Name: $"; #endif /* DEBUG */ #ifndef NSSCKEPV_H @@ -529,12 +529,13 @@ nssToken_ImportCertificate NSSDER *issuer, NSSDER *subject, NSSDER *serial, + NSSASCII7 *email, PRBool asTokenObject ) { CK_CERTIFICATE_TYPE cert_type; CK_ATTRIBUTE_PTR attr; - CK_ATTRIBUTE cert_tmpl[9]; + CK_ATTRIBUTE cert_tmpl[10]; CK_ULONG ctsize; nssTokenSearchType searchType; nssCryptokiObject *rvObject = NULL; @@ -560,6 +561,9 @@ nssToken_ImportCertificate NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); + if (email) { + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL, email); + } NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); /* see if the cert is already there */ rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok, diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 639d13956d5..112222ff621 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1562,6 +1562,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, { CKA_SERIAL_NUMBER, NULL, 0}, { CKA_VALUE, NULL, 0}, { CKA_NETSCAPE_TRUST, NULL, 0}, + { CKA_NETSCAPE_EMAIL, NULL, 0}, }; int certCount = sizeof(certAttrs)/sizeof(certAttrs[0]), keyCount = 2; int realCount = 0; @@ -1612,6 +1613,11 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, PK11_SETATTRS(attrs,CKA_NETSCAPE_TRUST, certUsage, sizeof(SECCertUsage)); attrs++; + if (cert->emailAddr) { + PK11_SETATTRS(attrs,CKA_NETSCAPE_EMAIL, cert->emailAddr, + PORT_Strlen(cert->emailAddr); + attrs++; + } } realCount = attrs - certAttrs; PORT_Assert(realCount <= certCount); @@ -1684,11 +1690,16 @@ done: nssCryptokiObject *keyobj, *certobj; NSSToken *token = PK11Slot_GetNSSToken(slot); SECItem *keyID = pk11_mkcertKeyID(cert); + char *emailAddr = NULL; if (keyID == NULL) { goto loser; } + if (PK11_IsInternal(slot) && cert->emailAddr) { + emailAddr = cert->emailAddr; + } + /* need to get the cert as a stan cert */ if (cert->nssCertificate) { c = cert->nssCertificate; @@ -1738,6 +1749,7 @@ done: &c->issuer, &c->subject, &c->serial, + emailAddr, PR_TRUE); if (!certobj) { goto loser; diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index a13d59b406f..6aa45e59694 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.51 $ $Date: 2002-04-22 14:14:43 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.52 $ $Date: 2002-05-07 20:38:57 $ $Name: $"; #endif /* DEBUG */ /* @@ -857,6 +857,11 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) * object in order to store trust. forcing it to be perm */ NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); + NSSASCII7 *email = NULL; + + if (PK11_IsInternal(tok->pk11slot)) { + email = c->email; + } newInstance = nssToken_ImportCertificate(tok, NULL, NSSCertificateType_PKIX, &c->id, @@ -865,6 +870,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) &c->issuer, &c->subject, &c->serial, + email, PR_TRUE); if (!newInstance) { return PR_FAILURE; diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index e006330bc3a..86b7520f415 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -605,7 +605,8 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) NSSLOWCERTCertTrust defTrust = { CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN }; - char *label; + char *label = NULL; + char *email = NULL; SECStatus rv; PRBool inDB = PR_TRUE; @@ -646,10 +647,28 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object) if (label) PORT_Free(label); pk11_FreeAttribute(attribute); + if (rv != SECSuccess) { nsslowcert_DestroyCertificate(cert); return CKR_DEVICE_ERROR; } + + /* + * Add a NULL S/MIME profile if necessary. + */ + email = pk11_getString(object,CKA_NETSCAPE_EMAIL); + if (email) { + certDBEntrySMime *entry; + + entry = nsslowcert_ReadDBSMimeEntry(slot->certDB,email); + if (!entry) { + nsslowcert_SaveSMimeProfile(slot->certDB, email, + &cert->derSubject, NULL, NULL); + } else { + nsslowcert_DestroyDBEntry((certDBEntry *)entry); + } + PORT_Free(email); + } object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT); nsslowcert_DestroyCertificate(cert); } @@ -2053,7 +2072,7 @@ pk11_SlotFromID(CK_SLOT_ID slotID) PK11Slot * pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle) { - int slotIDIndex = (handle >> 24) & 0xff; + CK_ULONG slotIDIndex = (handle >> 24) & 0xff; if (slotIDIndex >= nscSlotCount) { return NULL; @@ -2313,7 +2332,7 @@ static void nscFreeAllSlots() nscSlotHashTable = NULL; nscSlotListSize = 0; - for (i=0; i < tmpSlotCount; i++) { + for (i=0; i < (int) tmpSlotCount; i++) { slotID = tmpSlotList[i]; slot = (PK11Slot *) PL_HashTableLookup(tmpSlotHashTable, (void *)slotID); @@ -2721,7 +2740,7 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession, if (ulPinLen > PK11_MAX_PIN) { return CKR_PIN_LEN_RANGE; } - if (ulPinLen < slot->minimumPinLen) { + if (ulPinLen < (CK_ULONG)slot->minimumPinLen) { return CKR_PIN_LEN_RANGE; } @@ -2796,7 +2815,7 @@ CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, if ((ulNewLen > PK11_MAX_PIN) || (ulOldLen > PK11_MAX_PIN)) { return CKR_PIN_LEN_RANGE; } - if (ulNewLen < slot->minimumPinLen) { + if (ulNewLen < (CK_ULONG)slot->minimumPinLen) { return CKR_PIN_LEN_RANGE; }