Automatically create a NULL email profile for certs with email addresses which

are imported into the internal token.
2024-10-14 22:05:44 +00:00 · 2002-05-07 20:38:59 +00:00 · 2002-05-07 20:38:59 +00:00 · 56f8e3b5e8
commit 56f8e3b5e8
parent 57ca92911d
6 changed files with 52 additions and 9 deletions
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@ -170,6 +170,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
                                              &c->issuer,
                                              &c->subject,
                                              &c->serial,
+					      cert->emailAddr,
                                              PR_TRUE);
    PK11_FreeSlot(slot);
    if (!permInstance) {
--- a/security/nss/lib/dev/dev.h
+++ b/security/nss/lib/dev/dev.h
@ -41,7 +41,7 @@
 */

 #ifdef DEBUG
-static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.26 $ $Date: 2002/04/26 14:33:59 $ $Name:  $";
+static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.27 $ $Date: 2002/05/07 20:38:49 $ $Name:  $";
 #endif /* DEBUG */

 #ifndef NSSCKT_H
@ -434,6 +434,7 @@ nssToken_ImportCertificate
  NSSDER *issuer,
  NSSDER *subject,
  NSSDER *serial,
+  NSSASCII7 *emailAddr,
  PRBool asTokenObject
 );

--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@ -32,7 +32,7 @@
 */

 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.21 $ $Date: 2002/04/26 14:33:59 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.22 $ $Date: 2002/05/07 20:38:53 $ $Name:  $";
 #endif /* DEBUG */

 #ifndef NSSCKEPV_H
@ -529,12 +529,13 @@ nssToken_ImportCertificate
  NSSDER *issuer,
  NSSDER *subject,
  NSSDER *serial,
+  NSSASCII7 *email,
  PRBool asTokenObject
 )
 {
    CK_CERTIFICATE_TYPE cert_type;
    CK_ATTRIBUTE_PTR attr;
-    CK_ATTRIBUTE cert_tmpl[9];
+    CK_ATTRIBUTE cert_tmpl[10];
    CK_ULONG ctsize;
    nssTokenSearchType searchType;
    nssCryptokiObject *rvObject = NULL;
@ -560,6 +561,9 @@ nssToken_ImportCertificate
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,            issuer);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT,           subject);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER,     serial);
+    if (email) {
+	NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL,    email);
+    }
    NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
    /* see if the cert is already there */
    rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok,
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@ -1562,6 +1562,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
 	{ CKA_SERIAL_NUMBER,  NULL, 0},
 	{ CKA_VALUE,  NULL, 0},
 	{ CKA_NETSCAPE_TRUST,  NULL, 0},
+	{ CKA_NETSCAPE_EMAIL,  NULL, 0},
    };
    int certCount = sizeof(certAttrs)/sizeof(certAttrs[0]), keyCount = 2;
    int realCount = 0;
@ -1612,6 +1613,11 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
 	PK11_SETATTRS(attrs,CKA_NETSCAPE_TRUST, certUsage,
 							 sizeof(SECCertUsage));
 	attrs++;
+	if (cert->emailAddr) {
+	    PK11_SETATTRS(attrs,CKA_NETSCAPE_EMAIL, cert->emailAddr,
+						PORT_Strlen(cert->emailAddr);
+	    attrs++;
+	}
    }
    realCount = attrs - certAttrs;
    PORT_Assert(realCount <= certCount);
@ -1684,11 +1690,16 @@ done:
    nssCryptokiObject *keyobj, *certobj;
    NSSToken *token = PK11Slot_GetNSSToken(slot);
    SECItem *keyID = pk11_mkcertKeyID(cert);
+    char *emailAddr = NULL;

    if (keyID == NULL) {
 	goto loser;
    }

+    if (PK11_IsInternal(slot) && cert->emailAddr) {
+	emailAddr = cert->emailAddr;
+    }
+
    /* need to get the cert as a stan cert */
    if (cert->nssCertificate) {
 	c = cert->nssCertificate;
@ -1738,6 +1749,7 @@ done:
                                         &c->issuer,
                                         &c->subject,
                                         &c->serial,
+					 emailAddr,
                                         PR_TRUE);
    if (!certobj) {
 	goto loser;
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@ -32,7 +32,7 @@
 */

 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.51 $ $Date: 2002/04/22 14:14:43 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.52 $ $Date: 2002/05/07 20:38:57 $ $Name:  $";
 #endif /* DEBUG */

 /*
@ -857,6 +857,11 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
 	     * object in order to store trust.  forcing it to be perm
 	     */
 	    NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
+	    NSSASCII7 *email = NULL;
+
+	    if (PK11_IsInternal(tok->pk11slot)) {
+		email = c->email;
+	    }
 	    newInstance = nssToken_ImportCertificate(tok, NULL,
 	                                             NSSCertificateType_PKIX,
 	                                             &c->id,
@ -865,6 +870,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
 	                                             &c->issuer,
 	                                             &c->subject,
 	                                             &c->serial,
+						     email,
 	                                             PR_TRUE);
 	    if (!newInstance) {
 		return PR_FAILURE;
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@ -605,7 +605,8 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)
 	NSSLOWCERTCertTrust defTrust = 
 		{ CERTDB_TRUSTED_UNKNOWN, 
 			CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN };
-	char *label;
+	char *label = NULL;
+	char *email = NULL;
 	SECStatus rv;
 	PRBool inDB = PR_TRUE;

@ -646,10 +647,28 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)

 	if (label) PORT_Free(label);
 	pk11_FreeAttribute(attribute);
+
 	if (rv != SECSuccess) {
 	    nsslowcert_DestroyCertificate(cert);
 	    return CKR_DEVICE_ERROR;
 	}
+
+	/*
+	 * Add a NULL S/MIME profile if necessary.
+	 */
+	email = pk11_getString(object,CKA_NETSCAPE_EMAIL);
+	if (email) {
+	    certDBEntrySMime *entry;
+
+	    entry = nsslowcert_ReadDBSMimeEntry(slot->certDB,email);
+	    if (!entry) {
+	    	nsslowcert_SaveSMimeProfile(slot->certDB, email, 
+						&cert->derSubject, NULL, NULL);
+	    } else {
+		 nsslowcert_DestroyDBEntry((certDBEntry *)entry);
+	    }
+	    PORT_Free(email);
+	}
 	object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT);
 	nsslowcert_DestroyCertificate(cert);
    }
@ -2053,7 +2072,7 @@ pk11_SlotFromID(CK_SLOT_ID slotID)
 PK11Slot *
 pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
 {
-    int slotIDIndex = (handle >> 24) & 0xff;
+    CK_ULONG slotIDIndex = (handle >> 24) & 0xff;

    if (slotIDIndex >= nscSlotCount) {
 	return NULL;
@ -2313,7 +2332,7 @@ static void nscFreeAllSlots()
 	nscSlotHashTable = NULL;
 	nscSlotListSize = 0;

-	for (i=0; i < tmpSlotCount; i++) {
+	for (i=0; i < (int) tmpSlotCount; i++) {
 	    slotID = tmpSlotList[i];
 	    slot = (PK11Slot *)
 			PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
@ -2721,7 +2740,7 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession,
    if (ulPinLen > PK11_MAX_PIN) {
 	return CKR_PIN_LEN_RANGE;
    }
-    if (ulPinLen < slot->minimumPinLen) {
+    if (ulPinLen < (CK_ULONG)slot->minimumPinLen) {
 	return CKR_PIN_LEN_RANGE;
    }

@ -2796,7 +2815,7 @@ CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
    if ((ulNewLen > PK11_MAX_PIN) || (ulOldLen > PK11_MAX_PIN)) {
 	return CKR_PIN_LEN_RANGE;
    }
-    if (ulNewLen < slot->minimumPinLen) {
+    if (ulNewLen < (CK_ULONG)slot->minimumPinLen) {
 	return CKR_PIN_LEN_RANGE;
    }