fix bugs in cert import with smart card cache
authorian.mcgreer%sun.com
Mon, 22 Apr 2002 14:14:44 +0000
changeset 3027 f3556c983228bfc2318e933197b1b00e71e20560
parent 3026 cb87262736bef5461a55eba17ddbc3b34b404e72
child 3028 8b4ed8bce8689605f285e05e5260ef92c54041f1
push idunknown
push userunknown
push dateunknown
fix bugs in cert import with smart card cache
security/nss/lib/certdb/stanpcertdb.c
security/nss/lib/dev/devtoken.c
security/nss/lib/dev/devutil.c
security/nss/lib/pk11wrap/pk11cert.c
security/nss/lib/pki/pki3hack.c
security/nss/lib/pki/tdcache.c
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -169,16 +169,17 @@ SECStatus
                                               &c->subject,
                                               &c->serial,
                                               PR_TRUE);
     PK11_FreeSlot(slot);
     if (!permInstance) {
 	return SECFailure;
     }
     nssPKIObject_AddInstance(&c->object, permInstance);
+    nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
     /* reset the CERTCertificate fields */
     cert->nssCertificate = NULL;
     cert = STAN_GetCERTCertificate(c); /* will return same pointer */
     cert->istemp = PR_FALSE;
     cert->isperm = PR_TRUE;
     return (STAN_ChangeCertTrust(cert, trust) == PR_SUCCESS) ? 
 							SECSuccess: SECFailure;
 }
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -1024,18 +1024,17 @@ nssToken_ImportTrust
     NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH,      ckSA);
     NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH,      ckCA);
     NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING,     ckCS);
     NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, ckEP);
     NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize);
     /* import the trust object onto the token */
     object = import_object(tok, sessionOpt, trust_tmpl, tsize);
     if (object && tok->cache) {
-	nssTokenObjectCache_ImportObject(tok->cache, object,
-	                                 CKO_CERTIFICATE,
+	nssTokenObjectCache_ImportObject(tok->cache, object, tobjc,
 	                                 trust_tmpl, tsize);
     }
     return object;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
 nssToken_FindTrustObjects
 (
@@ -1162,18 +1161,17 @@ nssToken_ImportCRL
     } else {
 	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NETSCAPE_KRL, &g_ck_false);
     }
     NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize);
 
     /* import the crl object onto the token */
     object = import_object(token, sessionOpt, crl_tmpl, crlsize);
     if (object && token->cache) {
-	nssTokenObjectCache_ImportObject(token->cache, object,
-	                                 CKO_CERTIFICATE,
+	nssTokenObjectCache_ImportObject(token->cache, object, crlobjc,
 	                                 crl_tmpl, crlsize);
     }
     return object;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
 nssToken_FindCRLs
 (
--- a/security/nss/lib/dev/devutil.c
+++ b/security/nss/lib/dev/devutil.c
@@ -1233,16 +1233,17 @@ make_object_and_attr
     oa->object = object;
     oa->arena = arena;
     nssToken_Destroy(object->token);
     oa->attributes = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, otlen);
     if (!oa->attributes) {
 	goto loser;
     }
     for (i=0; i<otlen; i++) {
+	oa->attributes[i].type = ot[i].type;
 	oa->attributes[i].pValue = nss_ZAlloc(arena, ot[i].ulValueLen);
 	if (!oa->attributes[i].pValue) {
 	    goto loser;
 	}
 	nsslibc_memcpy(oa->attributes[i].pValue, ot[i].pValue,
 	               ot[i].ulValueLen);
 	oa->attributes[i].ulValueLen = ot[i].ulValueLen;
     }
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -1731,16 +1731,17 @@ done:
                                          PR_TRUE);
     if (!certobj) {
 	goto loser;
     }
     /* add the new instance to the cert, force an update of the
      * CERTCertificate, and finish
      */
     nssPKIObject_AddInstance(&c->object, certobj);
+    nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
     (void)STAN_ForceCERTCertificateUpdate(c);
     SECITEM_FreeItem(keyID,PR_TRUE);
     return SECSuccess;
 loser:
     SECITEM_FreeItem(keyID,PR_TRUE);
     PORT_SetError(SEC_ERROR_ADDING_CERT);
     return SECFailure;
 #endif
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -501,16 +501,19 @@ cert_trust_from_stan_trust(NSSTrust *t, 
 }
 
 /* check all cert instances for private key */
 static PRBool is_user_cert(NSSCertificate *c, CERTCertificate *cc)
 {
     PRBool isUser = PR_FALSE;
     nssCryptokiObject **ip;
     nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
+    if (!instances) {
+	return PR_FALSE;
+    }
     for (ip = instances; *ip; ip++) {
 	nssCryptokiObject *instance = *ip;
 	if (PK11_IsUserCert(instance->token->pk11slot, cc, instance->handle)) {
 	    isUser = PR_TRUE;
 	}
     }
     nssCryptokiObjectArray_Destroy(instances);
     return isUser;
--- a/security/nss/lib/pki/tdcache.c
+++ b/security/nss/lib/pki/tdcache.c
@@ -818,17 +818,17 @@ add_cert_to_cache
 	 */
 	if (!handle) {
 	    /* Require either nickname or email handle */
 	    nssrv = PR_FAILURE;
 	    goto loser;
 	}
 #endif
     }
-    nssCertificate_AddRef(cert);
+    rvCert = nssCertificate_AddRef(cert);
     PZ_Unlock(td->cache->lock);
     return rvCert;
 loser:
     /* Remove any handles that have been created */
     subjectList = NULL;
     if (added >= 1) {
 	(void)remove_issuer_and_serial_entry(td->cache, cert);
     }