bug 337433, Need CERT_FindCertByNicknameOrEmailAddrByUsage

r=rrelyea git-svn-id: svn://10.0.0.236/trunk@261270 18797224-902f-48f8-a5cc-f745e15eee43
2010-09-24 13:31:58 +00:00 · 2010-09-24 13:31:58 +00:00 · 856edfa42a
commit 856edfa42a
parent e4a0ee0f03
3 changed files with 76 additions and 5 deletions
--- a/mozilla/security/nss/lib/certdb/cert.h
+++ b/mozilla/security/nss/lib/certdb/cert.h
@ -37,7 +37,7 @@
 /*
 * cert.h - public data structures and prototypes for the certificate library
 *
- * $Id: cert.h,v 1.81 2010-08-13 01:18:18 wtc%google.com Exp $
+ * $Id: cert.h,v 1.82 2010-09-24 13:27:28 kaie%kuix.de Exp $
 */

 #ifndef _CERT_H_
@ -606,6 +606,16 @@ CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, char *emailAddr);
 CERTCertificate *
 CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name);

+/*
+** Find a certificate in the database by a email address or nickname
+** and require it to have the given usage.
+**      "name" is the email address or nickname to look up
+*/
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
+                                           const char *name, 
+                                           SECCertUsage lookingForUsage);
+
 /*
 ** Find a certificate in the database by a digest of a subject public key
 **	"spkDigest" is the digest to look up
--- a/mozilla/security/nss/lib/certdb/stanpcertdb.c
+++ b/mozilla/security/nss/lib/certdb/stanpcertdb.c
@ -614,19 +614,30 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
    return STAN_GetCERTCertificateOrRelease(c);
 }

-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
+static CERTCertificate *
+common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, 
+                                             char *name,
+                                             PRBool anyUsage,
+                                             SECCertUsage lookingForUsage)
 {
    NSSCryptoContext *cc;
    NSSCertificate *c, *ct;
    CERTCertificate *cert;
    NSSUsage usage;
+    CERTCertList *certlist;

    if (NULL == name) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return NULL;
    }
-    usage.anyUsage = PR_TRUE;
+
+    usage.anyUsage = anyUsage;
+
+    if (!anyUsage) {
+      usage.nss3lookingForCA = PR_FALSE;
+      usage.nss3usage = lookingForUsage;
+    }
+
    cc = STAN_GetDefaultCryptoContext();
    ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, 
                                                       NULL, &usage, NULL);
@ -638,7 +649,34 @@ CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
            PORT_Free(lowercaseName);
        }
    }
+
+    if (anyUsage) {
      cert = PK11_FindCertFromNickname(name, NULL);
+    }
+    else {
+      if (ct) {
+        /* Does ct really have the required usage? */
+          nssDecodedCert *dc;
+          dc = nssCertificate_GetDecoding(ct);
+          if (!dc->matchUsage(dc, &usage)) {
+            CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+            ct = NULL;
+          }
+      }
+
+      certlist = PK11_FindCertsFromNickname(name, NULL);
+      if (certlist) {
+        SECStatus rv = CERT_FilterCertListByUsage(certlist, 
+                                                  lookingForUsage, 
+                                                  PR_FALSE);
+        if (SECSuccess == rv &&
+            !CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) {
+          cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert);
+        }
+        CERT_DestroyCertList(certlist);
+      }
+    }
+
    if (cert) {
 	c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
 	CERT_DestroyCertificate(cert);
@ -651,6 +689,23 @@ CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
 }

+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
+{
+  return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, 
+                                                      PR_TRUE, 0);
+}
+
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, 
+                                           const char *name, 
+                                           SECCertUsage lookingForUsage)
+{
+  return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, 
+                                                      PR_FALSE, 
+                                                      lookingForUsage);
+}
+
 static void 
 add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
                    PRBool validOnly, int64 sorttime)
--- a/mozilla/security/nss/lib/nss/nss.def
+++ b/mozilla/security/nss/lib/nss/nss.def
@ -1003,6 +1003,12 @@ CERT_GetConstrainedCertificateNames;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.12.9 {  # NSS 3.12.9 release
+;+    global:
+CERT_FindCertByNicknameOrEmailAddrForUsage;
+;+    local:
+;+       *;
+;+};
 ;+NSS_3.13 { 	# NSS 3.13 release
 ;+    global:
 ;;SECKEY_RSAPSSParamsTemplate DATA ;