Bug 966557: Add nsIX509CertDB.ConstructX509FromRawDER (r=bsmith)
authorMonica Chew <mmc@mozilla.com>
Fri, 31 Jan 2014 17:33:28 -0800
changeset 182503 af7bcffbbac935b9e22a405a0eedaaa9668c7739
parent 182502 935b9884d7705b9fae1a3b49046a45d99ee1752c
child 182504 acadb164dbc5947de50aff7643ed7120b44bd08f
push id3343
push userffxbld
push dateMon, 17 Mar 2014 21:55:32 +0000
treeherdermozilla-beta@2f7d3415f79f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmith
bugs966557
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 966557: Add nsIX509CertDB.ConstructX509FromRawDER (r=bsmith)
security/manager/ssl/public/nsIX509CertDB.idl
security/manager/ssl/src/nsNSSCertificateDB.cpp
--- a/security/manager/ssl/public/nsIX509CertDB.idl
+++ b/security/manager/ssl/public/nsIX509CertDB.idl
@@ -14,17 +14,17 @@ interface nsIInterfaceRequestor;
 interface nsIZipReader;
 interface nsIRecentBadCerts;
 interface nsIX509CertList;
 
 %{C++
 #define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
 %}
 
-[scriptable, function, uuid(48411e2d-85a9-4b16-bec8-e30cde801f9e)]
+[scriptable, function, uuid(25a048e8-bb1c-4c33-ad3a-eacf2ad9e9ee)]
 interface nsIOpenSignedJARFileCallback : nsISupports
 {
   void openSignedJARFileFinished(in nsresult rv,
                                  in nsIZipReader aZipReader,
                                  in nsIX509Cert3 aSignerCert);
 };
 
 /**
@@ -257,16 +257,26 @@ interface nsIX509CertDB : nsISupports {
    *
    *  @param base64 The raw representation of a certificate,
    *                encoded as Base 64.
    *  @return The new certificate object.
    */
   nsIX509Cert constructX509FromBase64(in string base64);
 
   /*
+   *  Decode a raw data presentation and instantiate an object in memory.
+   *
+   *  @param certDER The raw representation of a certificate,
+   *                 encoded as raw DER.
+   *  @param length  The length of the DER string.
+   *  @return The new certificate object.
+   */
+  nsIX509Cert constructX509(in string certDER, in unsigned long length);
+
+  /*
    *  Obtain a reference to the appropriate service for recent
    *  bad certificates. May only be called on the main thread.
    *
    *  @param isPrivate True if the service for certs for private connections
    *                   is desired, false otherwise.
    *  @return The requested service.
    */
   nsIRecentBadCerts getRecentBadCerts(in boolean isPrivate);
--- a/security/manager/ssl/src/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/src/nsNSSCertificateDB.cpp
@@ -1393,17 +1393,19 @@ nsNSSCertificateDB::FindCertByEmailAddre
 NS_IMETHODIMP
 nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
                                             nsIX509Cert **_retval)
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
-  NS_ENSURE_ARG_POINTER(_retval);
+  if (NS_WARN_IF(!_retval)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
 
   // sure would be nice to have a smart pointer class for PL_ allocations
   // unfortunately, we cannot distinguish out-of-memory from bad-input here
   uint32_t len = base64 ? strlen(base64) : 0;
   char *certDER = PL_Base64Decode(base64, len, nullptr);
   if (!certDER)
     return NS_ERROR_ILLEGAL_VALUE;
   if (!*certDER) {
@@ -1416,28 +1418,44 @@ nsNSSCertificateDB::ConstructX509FromBas
   // characters long.  Compute the unpadded length of the decoded data.
   uint32_t lengthDER = (len * 3) / 4;
   if (base64[len-1] == '=') {
     lengthDER--;
     if (base64[len-2] == '=')
       lengthDER--;
   }
 
+  nsresult rv = ConstructX509(certDER, lengthDER, _retval);
+  PL_strfree(certDER);
+  return rv;
+}
+
+/* nsIX509Cert constructX509 (in string certDER, unsigned long len); */
+NS_IMETHODIMP
+nsNSSCertificateDB::ConstructX509(const char* certDER,
+                                  uint32_t lengthDER,
+                                  nsIX509Cert** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  if (NS_WARN_IF(!_retval)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
 
   SECItem secitem_cert;
   secitem_cert.type = siDERCertBuffer;
   secitem_cert.data = (unsigned char*)certDER;
   secitem_cert.len = lengthDER;
 
   insanity::pkix::ScopedCERTCertificate cert;
   cert =
     CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &secitem_cert,
                             nullptr, false, true);
-  PL_strfree(certDER);
-
   if (!cert)
     return (PORT_GetError() == SEC_ERROR_NO_MEMORY)
       ? NS_ERROR_OUT_OF_MEMORY : NS_ERROR_FAILURE;
 
   nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
   if (!nssCert) {
     return NS_ERROR_OUT_OF_MEMORY;
   }