Fix for bug 113323 . Constify some functions. r=nelson
authorjulien.pierre.bugs%sun.com
Wed, 11 Jul 2007 04:47:42 +0000
changeset 7923 bd84a8c5103da078419554bbf461e17ed987bf19
parent 7922 ee95cbd51290fcc446121acb055abc106064f03c
child 7924 f57a6d7a3ae0ff282b5b54e87ec3c302bcf9ff07
push idunknown
push userunknown
push dateunknown
reviewersnelson
bugs113323
Fix for bug 113323 . Constify some functions. r=nelson
security/nss/lib/certdb/cert.h
security/nss/lib/certdb/certdb.c
security/nss/lib/certdb/stanpcertdb.c
security/nss/lib/certhigh/certhigh.c
security/nss/lib/dev/dev.h
security/nss/lib/dev/devtoken.c
security/nss/lib/pk11wrap/pk11auth.c
security/nss/lib/pk11wrap/pk11cert.c
security/nss/lib/pk11wrap/pk11pub.h
security/nss/lib/pki/cryptocontext.c
security/nss/lib/pki/nsspki.h
security/nss/lib/pki/pkim.h
security/nss/lib/pki/pkistore.c
security/nss/lib/pki/pkistore.h
security/nss/lib/pki/tdcache.c
security/nss/lib/pki/trustdomain.c
--- a/security/nss/lib/certdb/cert.h
+++ b/security/nss/lib/certdb/cert.h
@@ -538,17 +538,17 @@ CERT_FindCertByIssuerAndSN (CERTCertDBHa
 extern CERTCertificate *
 CERT_FindCertBySubjectKeyID (CERTCertDBHandle *handle, SECItem *subjKeyID);
 
 /*
 ** Find a certificate in the database by a nickname
 **	"nickname" is the ascii string nickname to look for
 */
 extern CERTCertificate *
-CERT_FindCertByNickname (CERTCertDBHandle *handle, char *nickname);
+CERT_FindCertByNickname (CERTCertDBHandle *handle, const char *nickname);
 
 /*
 ** Find a certificate in the database by a DER encoded certificate
 **	"derCert" is the DER encoded certificate
 */
 extern CERTCertificate *
 CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert);
 
@@ -559,17 +559,17 @@ CERT_FindCertByDERCert(CERTCertDBHandle 
 CERTCertificate *
 CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, char *emailAddr);
 
 /*
 ** Find a certificate in the database by a email address or nickname
 **	"name" is the email address or nickname to look up
 */
 CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, char *name);
+CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name);
 
 /*
 ** Find a certificate in the database by a digest of a subject public key
 **	"spkDigest" is the digest to look up
 */
 extern CERTCertificate *
 CERT_FindCertBySPKDigest(CERTCertDBHandle *handle, SECItem *spkDigest);
 
@@ -1070,17 +1070,17 @@ PRBool CERT_IsNewer(CERTCertificate *cer
 /* currently a stub for address book */
 PRBool
 CERT_IsCertRevoked(CERTCertificate *cert);
 
 void
 CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts);
 
 /* convert an email address to lower case */
-char *CERT_FixupEmailAddr(char *emailAddr);
+char *CERT_FixupEmailAddr(const char *emailAddr);
 
 /* decode string representation of trust flags into trust struct */
 SECStatus
 CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts);
 
 /* encode trust struct into string representation of trust flags */
 char *
 CERT_EncodeTrustString(CERTCertTrust *trust);
@@ -1195,25 +1195,16 @@ char *
 CERT_GetCertCommentString(CERTCertificate *cert);
 
 PRBool
 CERT_GovtApprovedBitSet(CERTCertificate *cert);
 
 SECStatus
 CERT_AddPermNickname(CERTCertificate *cert, char *nickname);
 
-/*
- * Given a cert, find the cert with the same subject name that
- * has the given key usage.  If the given cert has the correct keyUsage, then
- * return it, otherwise search the list in order.
- */
-CERTCertificate *
-CERT_FindCertByUsage(CERTCertificate *basecert, unsigned int requiredKeyUsage);
-
-
 CERTCertList *
 CERT_MatchUserCert(CERTCertDBHandle *handle,
 		   SECCertUsage usage,
 		   int nCANames, char **caNames,
 		   void *proto_win);
 
 CERTCertList *
 CERT_NewCertList(void);
@@ -1347,17 +1338,17 @@ CERT_FindUserCertsByUsage(CERTCertDBHand
  *	"handle" - database to search
  *	"nickname" - nickname to match
  *	"usage" - certificate usage to match
  *	"validOnly" - only return certs that are curently valid
  *	"proto_win" - window handle passed to pkcs11
  */
 CERTCertificate *
 CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
-			 char *nickname,
+			 const char *nickname,
 			 SECCertUsage usage,
 			 PRBool validOnly,
 			 void *proto_win);
 
 /*
  * Filter a list of certificates, removing those certs that do not have
  * one of the named CA certs somewhere in their cert chain.
  *
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -2031,17 +2031,17 @@ CERT_DestroyCertArray(CERTCertificate **
 
 	PORT_Free(certs);
     }
     
     return;
 }
 
 char *
-CERT_FixupEmailAddr(char *emailAddr)
+CERT_FixupEmailAddr(const char *emailAddr)
 {
     char *retaddr;
     char *str;
 
     if ( emailAddr == NULL ) {
 	return(NULL);
     }
     
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -434,17 +434,17 @@ CERT_FindCertByKeyID(CERTCertDBHandle *h
 done:
     if (list) {
         CERT_DestroyCertList(list);
     }
     return cert;
 }
 
 CERTCertificate *
-CERT_FindCertByNickname(CERTCertDBHandle *handle, char *nickname)
+CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname)
 {
     NSSCryptoContext *cc;
     NSSCertificate *c, *ct;
     CERTCertificate *cert;
     NSSUsage usage;
     usage.anyUsage = PR_TRUE;
     cc = STAN_GetDefaultCryptoContext();
     ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, 
@@ -476,17 +476,17 @@ CERT_FindCertByDERCert(CERTCertDBHandle 
 	c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle, 
 	                                                       &encoding);
 	if (!c) return NULL;
     }
     return STAN_GetCERTCertificateOrRelease(c);
 }
 
 CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, char *name)
+CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
 {
     NSSCryptoContext *cc;
     NSSCertificate *c, *ct;
     CERTCertificate *cert;
     NSSUsage usage;
 
     if (NULL == name) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
--- a/security/nss/lib/certhigh/certhigh.c
+++ b/security/nss/lib/certhigh/certhigh.c
@@ -250,17 +250,17 @@ done:
  *	"handle" - database to search
  *	"nickname" - nickname to match
  *	"usage" - certificate usage to match
  *	"validOnly" - only return certs that are curently valid
  *	"proto_win" - window handle passed to pkcs11
  */
 CERTCertificate *
 CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
-			 char *nickname,
+			 const char *nickname,
 			 SECCertUsage usage,
 			 PRBool validOnly,
 			 void *proto_win)
 {
     CERTCertificate *cert = NULL;
     CERTCertList *certList = NULL;
     SECStatus rv;
     int64 time;
--- a/security/nss/lib/dev/dev.h
+++ b/security/nss/lib/dev/dev.h
@@ -515,17 +515,17 @@ nssToken_FindCertificatesBySubject
   PRStatus *statusOpt
 );
 
 NSS_EXTERN nssCryptokiObject **
 nssToken_FindCertificatesByNickname
 (
   NSSToken *token,
   nssSession *sessionOpt,
-  NSSUTF8 *name,
+  const NSSUTF8 *name,
   nssTokenSearchType searchType,
   PRUint32 maximumOpt,
   PRStatus *statusOpt
 );
 
 NSS_EXTERN nssCryptokiObject **
 nssToken_FindCertificatesByEmail
 (
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -732,17 +732,17 @@ nssToken_FindCertificatesBySubject (
                                        maximumOpt, statusOpt);
     return objects;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
 nssToken_FindCertificatesByNickname (
   NSSToken *token,
   nssSession *sessionOpt,
-  NSSUTF8 *name,
+  const NSSUTF8 *name,
   nssTokenSearchType searchType,
   PRUint32 maximumOpt,
   PRStatus *statusOpt
 )
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE nick_template[3];
     CK_ULONG ntsize;
--- a/security/nss/lib/pk11wrap/pk11auth.c
+++ b/security/nss/lib/pk11wrap/pk11auth.c
@@ -142,17 +142,17 @@ pk11_CheckPassword(PK11SlotInfo *slot,ch
     return rv;
 }
 
 /*
  * Check the user's password. Logout before hand to make sure that
  * we are really checking the password.
  */
 SECStatus
-PK11_CheckUserPassword(PK11SlotInfo *slot,char *pw)
+PK11_CheckUserPassword(PK11SlotInfo *slot, const char *pw)
 {
     int len = 0;
     CK_RV crv;
     SECStatus rv;
     int64 currtime = PR_Now();
 
     if (slot->protectedAuthPath) {
 	len = 0;
@@ -403,17 +403,17 @@ PK11_VerifyPW(PK11SlotInfo *slot,char *p
     }
     return SECSuccess;
 }
 
 /*
  * initialize a user PIN Value
  */
 SECStatus
-PK11_InitPin(PK11SlotInfo *slot,char *ssopw, char *userpw)
+PK11_InitPin(PK11SlotInfo *slot, const char *ssopw, const char *userpw)
 {
     CK_SESSION_HANDLE rwsession = CK_INVALID_SESSION;
     CK_RV crv;
     SECStatus rv = SECFailure;
     int len;
     int ssolen;
 
     if (userpw == NULL) userpw = "";
@@ -468,17 +468,17 @@ done:
     }
     return rv;
 }
 
 /*
  * Change an existing user password
  */
 SECStatus
-PK11_ChangePW(PK11SlotInfo *slot,char *oldpw, char *newpw)
+PK11_ChangePW(PK11SlotInfo *slot, const char *oldpw, const char *newpw)
 {
     CK_RV crv;
     SECStatus rv = SECFailure;
     int newLen;
     int oldLen;
     CK_SESSION_HANDLE rwsession;
 
     if (newpw == NULL) newpw = "";
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -519,17 +519,17 @@ transfer_token_certs_to_collection(nssLi
 	    nssTokenArray_Destroy(tokens);
 	}
 	CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(certs[i]));
     }
     nss_ZFreeIf(certs);
 }
 
 CERTCertificate *
-PK11_FindCertFromNickname(char *nickname, void *wincx) 
+PK11_FindCertFromNickname(const char *nickname, void *wincx) 
 {
     PRStatus status;
     CERTCertificate *rvCert = NULL;
     NSSCertificate *cert = NULL;
     NSSCertificate **certs = NULL;
     static const NSSUsage usage = {PR_TRUE /* ... */ };
     NSSToken *token;
     NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
@@ -634,17 +634,17 @@ loser:
     if (slot) {
 	PK11_FreeSlot(slot);
     }
     if (nickCopy) PORT_Free(nickCopy);
     return NULL;
 }
 
 CERTCertList *
-PK11_FindCertsFromNickname(char *nickname, void *wincx) 
+PK11_FindCertsFromNickname(const char *nickname, void *wincx) 
 {
     char *nickCopy;
     char *delimit = NULL;
     char *tokenName;
     int i;
     CERTCertList *certList = NULL;
     nssPKIObjectCollection *collection = NULL;
     NSSCertificate **foundCerts = NULL;
--- a/security/nss/lib/pk11wrap/pk11pub.h
+++ b/security/nss/lib/pk11wrap/pk11pub.h
@@ -77,20 +77,22 @@ void PK11_LogoutAll(void);
 
 
 /************************************************************
  *  Slot Password Management
  ************************************************************/
 void PK11_SetSlotPWValues(PK11SlotInfo *slot,int askpw, int timeout);
 void PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout);
 SECStatus PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw);
-SECStatus PK11_CheckUserPassword(PK11SlotInfo *slot,char *pw);
+SECStatus PK11_CheckUserPassword(PK11SlotInfo *slot, const char *pw);
 PRBool PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx);
-SECStatus PK11_InitPin(PK11SlotInfo *slot,char *ssopw, char *pk11_userpwd);
-SECStatus PK11_ChangePW(PK11SlotInfo *slot,char *oldpw, char *newpw);
+SECStatus PK11_InitPin(PK11SlotInfo *slot,const char *ssopw,
+                       const char *pk11_userpwd);
+SECStatus PK11_ChangePW(PK11SlotInfo *slot, const char *oldpw,
+                        const char *newpw);
 void PK11_SetPasswordFunc(PK11PasswordFunc func);
 int PK11_GetMinimumPwdLength(PK11SlotInfo *slot);
 SECStatus PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd);
 SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
 SECStatus PK11_TokenRefresh(PK11SlotInfo *slot);
 
 
 /******************************************************************
@@ -552,18 +554,18 @@ SECKEYPrivateKey * PK11_CopyTokenPrivKey
 
 /**********************************************************************
  *                   Certs
  **********************************************************************/
 SECItem *PK11_MakeIDFromPubKey(SECItem *pubKeyData);
 SECStatus PK11_TraverseSlotCerts(
      SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
                                                 void *arg, void *wincx);
-CERTCertificate * PK11_FindCertFromNickname(char *nickname, void *wincx);
-CERTCertList * PK11_FindCertsFromNickname(char *nickname, void *wincx);
+CERTCertificate * PK11_FindCertFromNickname(const char *nickname, void *wincx);
+CERTCertList * PK11_FindCertsFromNickname(const char *nickname, void *wincx);
 CERTCertificate *PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey);
 SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
                 CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust);
 SECStatus PK11_ImportDERCert(PK11SlotInfo *slot, SECItem *derCert,
                 CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust);
 PK11SlotInfo *PK11_ImportCertForKey(CERTCertificate *cert, char *nickname,
 								void *wincx);
 PK11SlotInfo *PK11_ImportDERCertForKey(SECItem *derCert, char *nickname,
--- a/security/nss/lib/pki/cryptocontext.c
+++ b/security/nss/lib/pki/cryptocontext.c
@@ -240,17 +240,17 @@ nssCryptoContext_ImportSMIMEProfile (
     }
 #endif
     return nssrv;
 }
 
 NSS_IMPLEMENT NSSCertificate *
 NSSCryptoContext_FindBestCertificateByNickname (
   NSSCryptoContext *cc,
-  NSSUTF8 *name,
+  const NSSUTF8 *name,
   NSSTime *timeOpt, /* NULL for "now" */
   NSSUsage *usage,
   NSSPolicies *policiesOpt /* NULL for none */
 )
 {
     NSSCertificate **certs;
     NSSCertificate *rvCert = NULL;
     PORT_Assert(cc->certStore);
--- a/security/nss/lib/pki/nsspki.h
+++ b/security/nss/lib/pki/nsspki.h
@@ -1704,17 +1704,17 @@ NSSTrustDomain_ImportEncodedPublicKey
  * NSSTrustDomain_FindBestCertificateByNickname
  *
  */
 
 NSS_EXTERN NSSCertificate *
 NSSTrustDomain_FindBestCertificateByNickname
 (
   NSSTrustDomain *td,
-  NSSUTF8 *name,
+  const NSSUTF8 *name,
   NSSTime *timeOpt, /* NULL for "now" */
   NSSUsage *usage,
   NSSPolicies *policiesOpt /* NULL for none */
 );
 
 /*
  * NSSTrustDomain_FindCertificatesByNickname
  *
@@ -2300,17 +2300,17 @@ NSSCryptoContext_ImportEncodedPKIXCertif
  * NSSCryptoContext_FindBestCertificateByNickname
  *
  */
 
 NSS_EXTERN NSSCertificate *
 NSSCryptoContext_FindBestCertificateByNickname
 (
   NSSCryptoContext *cc,
-  NSSUTF8 *name,
+  const NSSUTF8 *name,
   NSSTime *timeOpt, /* NULL for "now" */
   NSSUsage *usage,
   NSSPolicies *policiesOpt /* NULL for none */
 );
 
 /*
  * NSSCryptoContext_FindCertificatesByNickname
  *
--- a/security/nss/lib/pki/pkim.h
+++ b/security/nss/lib/pki/pkim.h
@@ -651,17 +651,17 @@ nssTrustDomain_UpdateCachedTokenCerts
 
 /*
  * Find all cached certs with this nickname (label).
  */
 NSS_EXTERN NSSCertificate **
 nssTrustDomain_GetCertsForNicknameFromCache
 (
   NSSTrustDomain *td,
-  NSSUTF8 *nickname,
+  const NSSUTF8 *nickname,
   nssList *certListOpt
 );
 
 /*
  * Find all cached certs with this email address.
  */
 NSS_EXTERN NSSCertificate **
 nssTrustDomain_GetCertsForEmailAddressFromCache
--- a/security/nss/lib/pki/pkistore.c
+++ b/security/nss/lib/pki/pkistore.c
@@ -459,25 +459,25 @@ static void match_nickname(const void *k
 }
 
 /*
  * Find all cached certs with this label.
  */
 NSS_IMPLEMENT NSSCertificate **
 nssCertificateStore_FindCertificatesByNickname (
   nssCertificateStore *store,
-  NSSUTF8 *nickname,
+  const NSSUTF8 *nickname,
   NSSCertificate *rvOpt[],
   PRUint32 maximumOpt,
   NSSArena *arenaOpt
 )
 {
     NSSCertificate **rvArray = NULL;
     struct nickname_template_str nt;
-    nt.nickname = nickname;
+    nt.nickname = (char*) nickname;
     nt.subjectList = NULL;
     PZ_Lock(store->lock);
     nssHash_Iterate(store->subject, match_nickname, &nt);
     if (nt.subjectList) {
 	nssCertificateList_AddReferences(nt.subjectList);
 	rvArray = get_array_from_list(nt.subjectList, 
 	                              rvOpt, maximumOpt, arenaOpt);
     }
--- a/security/nss/lib/pki/pkistore.h
+++ b/security/nss/lib/pki/pkistore.h
@@ -139,17 +139,17 @@ nssCertificateStore_FindCertificatesBySu
   PRUint32 maximumOpt,
   NSSArena *arenaOpt
 );
 
 NSS_EXTERN NSSCertificate **
 nssCertificateStore_FindCertificatesByNickname
 (
   nssCertificateStore *store,
-  NSSUTF8 *nickname,
+  const NSSUTF8 *nickname,
   NSSCertificate *rvOpt[],
   PRUint32 maximumOpt,
   NSSArena *arenaOpt
 );
 
 NSS_EXTERN NSSCertificate **
 nssCertificateStore_FindCertificatesByEmail
 (
--- a/security/nss/lib/pki/tdcache.c
+++ b/security/nss/lib/pki/tdcache.c
@@ -949,17 +949,17 @@ nssTrustDomain_GetCertsForSubjectFromCac
 }
 
 /*
  * Find all cached certs with this label.
  */
 NSS_IMPLEMENT NSSCertificate **
 nssTrustDomain_GetCertsForNicknameFromCache (
   NSSTrustDomain *td,
-  NSSUTF8 *nickname,
+  const NSSUTF8 *nickname,
   nssList *certListOpt
 )
 {
     NSSCertificate **rvArray = NULL;
     cache_entry *ce;
 #ifdef DEBUG_CACHE
     PR_LOG(s_log, PR_LOG_DEBUG, ("looking for cert by nick %s", nickname));
 #endif
--- a/security/nss/lib/pki/trustdomain.c
+++ b/security/nss/lib/pki/trustdomain.c
@@ -439,17 +439,17 @@ get_certs_from_list(nssList *list)
 	}
     }
     return certs;
 }
 
 NSS_IMPLEMENT NSSCertificate **
 nssTrustDomain_FindCertificatesByNickname (
   NSSTrustDomain *td,
-  NSSUTF8 *name,
+  const NSSUTF8 *name,
   NSSCertificate *rvOpt[],
   PRUint32 maximumOpt, /* 0 for no max */
   NSSArena *arenaOpt
 )
 {
     PRStatus status;
     PRUint32 numRemaining;
     NSSToken *token = NULL;
@@ -551,17 +551,17 @@ NSSTrustDomain_FindCertificatesByNicknam
                                                      rvOpt,
                                                      maximumOpt,
                                                      arenaOpt);
 }
 
 NSS_IMPLEMENT NSSCertificate *
 nssTrustDomain_FindBestCertificateByNickname (
   NSSTrustDomain *td,
-  NSSUTF8 *name,
+  const NSSUTF8 *name,
   NSSTime *timeOpt,
   NSSUsage *usage,
   NSSPolicies *policiesOpt
 )
 {
     NSSCertificate **nicknameCerts;
     NSSCertificate *rvCert = NULL;
     nicknameCerts = nssTrustDomain_FindCertificatesByNickname(td, name,
@@ -576,17 +576,17 @@ nssTrustDomain_FindBestCertificateByNick
 	nssCertificateArray_Destroy(nicknameCerts);
     }
     return rvCert;
 }
 
 NSS_IMPLEMENT NSSCertificate *
 NSSTrustDomain_FindBestCertificateByNickname (
   NSSTrustDomain *td,
-  NSSUTF8 *name,
+  const NSSUTF8 *name,
   NSSTime *timeOpt,
   NSSUsage *usage,
   NSSPolicies *policiesOpt
 )
 {
     return nssTrustDomain_FindBestCertificateByNickname(td,
                                                         name,
                                                         timeOpt,