From 856edfa42a2b589cbe2cde0f3d8d9b240fd37f29 Mon Sep 17 00:00:00 2001
From: "kaie%kuix.de" <kaie%kuix.de@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Fri, 24 Sep 2010 13:31:58 +0000
Subject: [PATCH] bug 337433, Need CERT_FindCertByNicknameOrEmailAddrByUsage
 r=rrelyea

git-svn-id: svn://10.0.0.236/trunk@261270 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/security/nss/lib/certdb/cert.h        | 12 +++-
 mozilla/security/nss/lib/certdb/stanpcertdb.c | 63 +++++++++++++++++--
 mozilla/security/nss/lib/nss/nss.def          |  6 ++
 3 files changed, 76 insertions(+), 5 deletions(-)

diff --git a/mozilla/security/nss/lib/certdb/cert.h b/mozilla/security/nss/lib/certdb/cert.h
index 89d97ed73ba..89f417ab8ce 100644
--- a/mozilla/security/nss/lib/certdb/cert.h
+++ b/mozilla/security/nss/lib/certdb/cert.h
@@ -37,7 +37,7 @@
 /*
  * cert.h - public data structures and prototypes for the certificate library
  *
- * $Id: cert.h,v 1.81 2010-08-13 01:18:18 wtc%google.com Exp $
+ * $Id: cert.h,v 1.82 2010-09-24 13:27:28 kaie%kuix.de Exp $
  */
 
 #ifndef _CERT_H_
@@ -606,6 +606,16 @@ CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, char *emailAddr);
 CERTCertificate *
 CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name);
 
+/*
+** Find a certificate in the database by a email address or nickname
+** and require it to have the given usage.
+**      "name" is the email address or nickname to look up
+*/
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
+                                           const char *name, 
+                                           SECCertUsage lookingForUsage);
+
 /*
 ** Find a certificate in the database by a digest of a subject public key
 **	"spkDigest" is the digest to look up
diff --git a/mozilla/security/nss/lib/certdb/stanpcertdb.c b/mozilla/security/nss/lib/certdb/stanpcertdb.c
index da0d7bc0371..119a8da9fd4 100644
--- a/mozilla/security/nss/lib/certdb/stanpcertdb.c
+++ b/mozilla/security/nss/lib/certdb/stanpcertdb.c
@@ -614,19 +614,30 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
     return STAN_GetCERTCertificateOrRelease(c);
 }
 
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
+static CERTCertificate *
+common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, 
+                                             char *name,
+                                             PRBool anyUsage,
+                                             SECCertUsage lookingForUsage)
 {
     NSSCryptoContext *cc;
     NSSCertificate *c, *ct;
     CERTCertificate *cert;
     NSSUsage usage;
+    CERTCertList *certlist;
 
     if (NULL == name) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return NULL;
     }
-    usage.anyUsage = PR_TRUE;
+
+    usage.anyUsage = anyUsage;
+
+    if (!anyUsage) {
+      usage.nss3lookingForCA = PR_FALSE;
+      usage.nss3usage = lookingForUsage;
+    }
+
     cc = STAN_GetDefaultCryptoContext();
     ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, 
                                                        NULL, &usage, NULL);
@@ -638,7 +649,34 @@ CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
             PORT_Free(lowercaseName);
         }
     }
-    cert = PK11_FindCertFromNickname(name, NULL);
+
+    if (anyUsage) {
+      cert = PK11_FindCertFromNickname(name, NULL);
+    }
+    else {
+      if (ct) {
+        /* Does ct really have the required usage? */
+          nssDecodedCert *dc;
+          dc = nssCertificate_GetDecoding(ct);
+          if (!dc->matchUsage(dc, &usage)) {
+            CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+            ct = NULL;
+          }
+      }
+
+      certlist = PK11_FindCertsFromNickname(name, NULL);
+      if (certlist) {
+        SECStatus rv = CERT_FilterCertListByUsage(certlist, 
+                                                  lookingForUsage, 
+                                                  PR_FALSE);
+        if (SECSuccess == rv &&
+            !CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) {
+          cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert);
+        }
+        CERT_DestroyCertList(certlist);
+      }
+    }
+
     if (cert) {
 	c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
 	CERT_DestroyCertificate(cert);
@@ -651,6 +689,23 @@ CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
     return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
 }
 
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
+{
+  return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, 
+                                                      PR_TRUE, 0);
+}
+
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, 
+                                           const char *name, 
+                                           SECCertUsage lookingForUsage)
+{
+  return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, 
+                                                      PR_FALSE, 
+                                                      lookingForUsage);
+}
+
 static void 
 add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
                     PRBool validOnly, int64 sorttime)
diff --git a/mozilla/security/nss/lib/nss/nss.def b/mozilla/security/nss/lib/nss/nss.def
index 9860ba9c906..1894d9291e9 100644
--- a/mozilla/security/nss/lib/nss/nss.def
+++ b/mozilla/security/nss/lib/nss/nss.def
@@ -1003,6 +1003,12 @@ CERT_GetConstrainedCertificateNames;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.12.9 {  # NSS 3.12.9 release
+;+    global:
+CERT_FindCertByNicknameOrEmailAddrForUsage;
+;+    local:
+;+       *;
+;+};
 ;+NSS_3.13 { 	# NSS 3.13 release
 ;+    global:
 ;;SECKEY_RSAPSSParamsTemplate DATA ;