| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 #ifdef DEBUG | 5 #ifdef DEBUG |
| 6 static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.109 $ $
Date: 2012/07/27 21:41:52 $"; | 6 static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.111 $ $
Date: 2013/01/07 04:11:51 $"; |
| 7 #endif /* DEBUG */ | 7 #endif /* DEBUG */ |
| 8 | 8 |
| 9 /* | 9 /* |
| 10 * Hacks to integrate NSS 3.4 and NSS 4.0 certificates. | 10 * Hacks to integrate NSS 3.4 and NSS 4.0 certificates. |
| 11 */ | 11 */ |
| 12 | 12 |
| 13 #ifndef NSSPKI_H | 13 #ifndef NSSPKI_H |
| 14 #include "nsspki.h" | 14 #include "nsspki.h" |
| 15 #endif /* NSSPKI_H */ | 15 #endif /* NSSPKI_H */ |
| 16 | 16 |
| (...skipping 781 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 798 c->serial.data = cc->serialNumber.data; | 798 c->serial.data = cc->serialNumber.data; |
| 799 c->serial.size = cc->serialNumber.len; | 799 c->serial.size = cc->serialNumber.len; |
| 800 nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c); | 800 nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c); |
| 801 } | 801 } |
| 802 if (nssTrust) { | 802 if (nssTrust) { |
| 803 trust = cert_trust_from_stan_trust(nssTrust, cc->arena); | 803 trust = cert_trust_from_stan_trust(nssTrust, cc->arena); |
| 804 if (trust) { | 804 if (trust) { |
| 805 /* we should destroy cc->trust before replacing it, but it's | 805 /* we should destroy cc->trust before replacing it, but it's |
| 806 allocated in cc->arena, so memory growth will occur on each | 806 allocated in cc->arena, so memory growth will occur on each |
| 807 refresh */ | 807 refresh */ |
| 808 CERT_LockCertTrust(cc); |
| 808 cc->trust = trust; | 809 cc->trust = trust; |
| 810 CERT_UnlockCertTrust(cc); |
| 809 } | 811 } |
| 810 nssTrust_Destroy(nssTrust); | 812 nssTrust_Destroy(nssTrust); |
| 811 } | 813 } |
| 812 } else if (instance) { | 814 } else if (instance) { |
| 813 /* slot */ | 815 /* slot */ |
| 814 if (cc->slot != instance->token->pk11slot) { | 816 if (cc->slot != instance->token->pk11slot) { |
| 815 if (cc->slot) { | 817 if (cc->slot) { |
| 816 PK11_FreeSlot(cc->slot); | 818 PK11_FreeSlot(cc->slot); |
| 817 } | 819 } |
| 818 cc->slot = PK11_ReferenceSlot(instance->token->pk11slot); | 820 cc->slot = PK11_ReferenceSlot(instance->token->pk11slot); |
| 819 } | 821 } |
| 820 cc->ownSlot = PR_TRUE; | 822 cc->ownSlot = PR_TRUE; |
| 821 /* pkcs11ID */ | 823 /* pkcs11ID */ |
| 822 cc->pkcs11ID = instance->handle; | 824 cc->pkcs11ID = instance->handle; |
| 823 /* trust */ | 825 /* trust */ |
| 824 trust = nssTrust_GetCERTCertTrustForCert(c, cc); | 826 trust = nssTrust_GetCERTCertTrustForCert(c, cc); |
| 825 if (trust) { | 827 if (trust) { |
| 826 /* we should destroy cc->trust before replacing it, but it's | 828 /* we should destroy cc->trust before replacing it, but it's |
| 827 allocated in cc->arena, so memory growth will occur on each | 829 allocated in cc->arena, so memory growth will occur on each |
| 828 refresh */ | 830 refresh */ |
| 831 CERT_LockCertTrust(cc); |
| 829 cc->trust = trust; | 832 cc->trust = trust; |
| 833 CERT_UnlockCertTrust(cc); |
| 830 } | 834 } |
| 831 nssCryptokiObject_Destroy(instance); | 835 nssCryptokiObject_Destroy(instance); |
| 832 } | 836 } |
| 833 /* database handle is now the trust domain */ | 837 /* database handle is now the trust domain */ |
| 834 cc->dbhandle = c->object.trustDomain; | 838 cc->dbhandle = c->object.trustDomain; |
| 835 /* subjectList ? */ | 839 /* subjectList ? */ |
| 836 /* istemp and isperm are supported in NSS 3.4 */ | 840 /* istemp and isperm are supported in NSS 3.4 */ |
| 837 cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */ | 841 cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */ |
| 838 cc->isperm = PR_TRUE; /* by default */ | 842 cc->isperm = PR_TRUE; /* by default */ |
| 839 /* pointer back */ | 843 /* pointer back */ |
| 840 cc->nssCertificate = c; | 844 cc->nssCertificate = c; |
| 841 if (trust) { | 845 if (trust) { |
| 842 /* force the cert type to be recomputed to include trust info */ | 846 /* force the cert type to be recomputed to include trust info */ |
| 843 PRUint32 nsCertType = cert_ComputeCertType(cc); | 847 PRUint32 nsCertType = cert_ComputeCertType(cc); |
| 844 | 848 |
| 845 /* Assert that it is safe to cast &cc->nsCertType to "PRInt32 *" */ | 849 /* Assert that it is safe to cast &cc->nsCertType to "PRInt32 *" */ |
| 846 PORT_Assert(sizeof(cc->nsCertType) == sizeof(PRInt32)); | 850 PORT_Assert(sizeof(cc->nsCertType) == sizeof(PRInt32)); |
| 847 PR_ATOMIC_SET((PRInt32 *)&cc->nsCertType, nsCertType); | 851 PR_ATOMIC_SET((PRInt32 *)&cc->nsCertType, nsCertType); |
| 848 } | 852 } |
| 849 } | 853 } |
| 850 | 854 |
| 851 static CERTCertificate * | 855 static CERTCertificate * |
| 852 stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) | 856 stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) |
| 853 { | 857 { |
| 854 nssDecodedCert *dc = NULL; | 858 nssDecodedCert *dc = NULL; |
| 855 CERTCertificate *cc = NULL; | 859 CERTCertificate *cc = NULL; |
| 860 CERTCertTrust certTrust; |
| 856 | 861 |
| 857 nssPKIObject_Lock(&c->object); | 862 nssPKIObject_Lock(&c->object); |
| 858 | 863 |
| 859 dc = c->decoding; | 864 dc = c->decoding; |
| 860 if (!dc) { | 865 if (!dc) { |
| 861 dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); | 866 dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); |
| 862 if (!dc) { | 867 if (!dc) { |
| 863 goto loser; | 868 goto loser; |
| 864 } | 869 } |
| 865 cc = (CERTCertificate *)dc->data; | 870 cc = (CERTCertificate *)dc->data; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 880 } | 885 } |
| 881 } | 886 } |
| 882 cc = (CERTCertificate *)dc->data; | 887 cc = (CERTCertificate *)dc->data; |
| 883 PORT_Assert(cc); | 888 PORT_Assert(cc); |
| 884 if (!cc) { | 889 if (!cc) { |
| 885 nss_SetError(NSS_ERROR_INTERNAL_ERROR); | 890 nss_SetError(NSS_ERROR_INTERNAL_ERROR); |
| 886 goto loser; | 891 goto loser; |
| 887 } | 892 } |
| 888 if (!cc->nssCertificate || forceUpdate) { | 893 if (!cc->nssCertificate || forceUpdate) { |
| 889 fill_CERTCertificateFields(c, cc, forceUpdate); | 894 fill_CERTCertificateFields(c, cc, forceUpdate); |
| 890 } else if (!cc->trust && !c->object.cryptoContext) { | 895 } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess && |
| 896 !c->object.cryptoContext) { |
| 891 /* if it's a perm cert, it might have been stored before the | 897 /* if it's a perm cert, it might have been stored before the |
| 892 * trust, so look for the trust again. But a temp cert can be | 898 * trust, so look for the trust again. But a temp cert can be |
| 893 * ignored. | 899 * ignored. |
| 894 */ | 900 */ |
| 895 CERTCertTrust* trust = NULL; | 901 CERTCertTrust* trust = NULL; |
| 896 trust = nssTrust_GetCERTCertTrustForCert(c, cc); | 902 trust = nssTrust_GetCERTCertTrustForCert(c, cc); |
| 903 |
| 904 CERT_LockCertTrust(cc); |
| 897 cc->trust = trust; | 905 cc->trust = trust; |
| 906 CERT_UnlockCertTrust(cc); |
| 898 } | 907 } |
| 899 | 908 |
| 900 loser: | 909 loser: |
| 901 nssPKIObject_Unlock(&c->object); | 910 nssPKIObject_Unlock(&c->object); |
| 902 return cc; | 911 return cc; |
| 903 } | 912 } |
| 904 | 913 |
| 905 NSS_IMPLEMENT CERTCertificate * | 914 NSS_IMPLEMENT CERTCertificate * |
| 906 STAN_ForceCERTCertificateUpdate(NSSCertificate *c) | 915 STAN_ForceCERTCertificateUpdate(NSSCertificate *c) |
| 907 { | 916 { |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1079 NSS_EXTERN PRStatus | 1088 NSS_EXTERN PRStatus |
| 1080 STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) | 1089 STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) |
| 1081 { | 1090 { |
| 1082 PRStatus nssrv; | 1091 PRStatus nssrv; |
| 1083 NSSCertificate *c = STAN_GetNSSCertificate(cc); | 1092 NSSCertificate *c = STAN_GetNSSCertificate(cc); |
| 1084 NSSToken *tok; | 1093 NSSToken *tok; |
| 1085 NSSTrustDomain *td; | 1094 NSSTrustDomain *td; |
| 1086 NSSTrust *nssTrust; | 1095 NSSTrust *nssTrust; |
| 1087 NSSArena *arena; | 1096 NSSArena *arena; |
| 1088 CERTCertTrust *oldTrust; | 1097 CERTCertTrust *oldTrust; |
| 1098 CERTCertTrust *newTrust; |
| 1089 nssListIterator *tokens; | 1099 nssListIterator *tokens; |
| 1090 PRBool moving_object; | 1100 PRBool moving_object; |
| 1091 nssCryptokiObject *newInstance; | 1101 nssCryptokiObject *newInstance; |
| 1092 nssPKIObject *pkiob; | 1102 nssPKIObject *pkiob; |
| 1093 | 1103 |
| 1094 if (c == NULL) { | 1104 if (c == NULL) { |
| 1095 return SECFailure; | 1105 return PR_FAILURE; |
| 1096 } | 1106 } |
| 1097 oldTrust = nssTrust_GetCERTCertTrustForCert(c, cc); | 1107 oldTrust = nssTrust_GetCERTCertTrustForCert(c, cc); |
| 1098 if (oldTrust) { | 1108 if (oldTrust) { |
| 1099 if (memcmp(oldTrust, trust, sizeof (CERTCertTrust)) == 0) { | 1109 if (memcmp(oldTrust, trust, sizeof (CERTCertTrust)) == 0) { |
| 1100 /* ... and the new trust is no different, done) */ | 1110 /* ... and the new trust is no different, done) */ |
| 1101 return PR_SUCCESS; | 1111 return PR_SUCCESS; |
| 1102 } else { | 1112 } else { |
| 1103 /* take over memory already allocated in cc's arena */ | 1113 /* take over memory already allocated in cc's arena */ |
| 1104 » cc->trust = oldTrust; | 1114 » newTrust = oldTrust; |
| 1105 } | 1115 } |
| 1106 } else { | 1116 } else { |
| 1107 » cc->trust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); | 1117 » newTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust)); |
| 1108 } | 1118 } |
| 1109 memcpy(cc->trust, trust, sizeof(CERTCertTrust)); | 1119 memcpy(newTrust, trust, sizeof(CERTCertTrust)); |
| 1120 CERT_LockCertTrust(cc); |
| 1121 cc->trust = newTrust; |
| 1122 CERT_UnlockCertTrust(cc); |
| 1110 /* Set the NSSCerticate's trust */ | 1123 /* Set the NSSCerticate's trust */ |
| 1111 arena = nssArena_Create(); | 1124 arena = nssArena_Create(); |
| 1112 if (!arena) return PR_FAILURE; | 1125 if (!arena) return PR_FAILURE; |
| 1113 nssTrust = nss_ZNEW(arena, NSSTrust); | 1126 nssTrust = nss_ZNEW(arena, NSSTrust); |
| 1114 if (!nssTrust) { | 1127 if (!nssTrust) { |
| 1115 nssArena_Destroy(arena); | 1128 nssArena_Destroy(arena); |
| 1116 return PR_FAILURE; | 1129 return PR_FAILURE; |
| 1117 } | 1130 } |
| 1118 pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKILock); | 1131 pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKILock); |
| 1119 if (!pkiob) { | 1132 if (!pkiob) { |
| (...skipping 293 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1413 td = STAN_GetDefaultTrustDomain(); | 1426 td = STAN_GetDefaultTrustDomain(); |
| 1414 cc = STAN_GetDefaultCryptoContext(); | 1427 cc = STAN_GetDefaultCryptoContext(); |
| 1415 printf("\n\nCertificates in the cache:\n"); | 1428 printf("\n\nCertificates in the cache:\n"); |
| 1416 nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL); | 1429 nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL); |
| 1417 printf("\n\nCertificates in the temporary store:\n"); | 1430 printf("\n\nCertificates in the temporary store:\n"); |
| 1418 if (cc->certStore) { | 1431 if (cc->certStore) { |
| 1419 nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); | 1432 nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL); |
| 1420 } | 1433 } |
| 1421 } | 1434 } |
| 1422 | 1435 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12197027:
Merge NSS_3_14_2_RTM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/