Bug 966557: Add nsIX509CertDB.ConstructX509FromRawDER (r=bsmith)

This commit is contained in:
Monica Chew 2014-01-31 17:33:28 -08:00
parent 3f31a31974
commit 22825ad2de
2 changed files with 32 additions and 4 deletions

View File

@ -19,7 +19,7 @@ interface nsIX509CertList;
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
%}
[scriptable, function, uuid(48411e2d-85a9-4b16-bec8-e30cde801f9e)]
[scriptable, function, uuid(25a048e8-bb1c-4c33-ad3a-eacf2ad9e9ee)]
interface nsIOpenSignedJARFileCallback : nsISupports
{
void openSignedJARFileFinished(in nsresult rv,
@ -261,6 +261,16 @@ interface nsIX509CertDB : nsISupports {
*/
nsIX509Cert constructX509FromBase64(in string base64);
/*
* Decode a raw data presentation and instantiate an object in memory.
*
* @param certDER The raw representation of a certificate,
* encoded as raw DER.
* @param length The length of the DER string.
* @return The new certificate object.
*/
nsIX509Cert constructX509(in string certDER, in unsigned long length);
/*
* Obtain a reference to the appropriate service for recent
* bad certificates. May only be called on the main thread.

View File

@ -1398,7 +1398,9 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
NS_ENSURE_ARG_POINTER(_retval);
if (NS_WARN_IF(!_retval)) {
return NS_ERROR_INVALID_POINTER;
}
// sure would be nice to have a smart pointer class for PL_ allocations
// unfortunately, we cannot distinguish out-of-memory from bad-input here
@ -1421,6 +1423,24 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
lengthDER--;
}
nsresult rv = ConstructX509(certDER, lengthDER, _retval);
PL_strfree(certDER);
return rv;
}
/* nsIX509Cert constructX509 (in string certDER, unsigned long len); */
NS_IMETHODIMP
nsNSSCertificateDB::ConstructX509(const char* certDER,
uint32_t lengthDER,
nsIX509Cert** _retval)
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (NS_WARN_IF(!_retval)) {
return NS_ERROR_INVALID_POINTER;
}
SECItem secitem_cert;
secitem_cert.type = siDERCertBuffer;
@ -1431,8 +1451,6 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
cert =
CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &secitem_cert,
nullptr, false, true);
PL_strfree(certDER);
if (!cert)
return (PORT_GetError() == SEC_ERROR_NO_MEMORY)
? NS_ERROR_OUT_OF_MEMORY : NS_ERROR_FAILURE;