fcelda/nss-pem-certname-support.patch

## nss-pem-certname-support.patch
diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/ckpem.h nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/ckpem.h
--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/ckpem.h	2012-04-02 18:27:20.000000000 +0200
+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/ckpem.h	2012-06-12 12:24:28.289901209 +0200
@@ -243,9 +243,11 @@ PRBool pem_ParseString(const char* input
                        PRInt32* numStrings, char*** returnedstrings);
 PRBool pem_FreeParsedStrings(PRInt32 numStrings, char** instrings);

+char * pem_ObjectNickname(char *filename, char *certname);
+
 pemInternalObject *
 AddObjectIfNeeded(CK_OBJECT_CLASS objClass, pemObjectType type,
-                  SECItem *certDER, SECItem *keyDER, char *filename, int objid,
+                  SECItem *certDER, SECItem *keyDER, const char *nickname, int objid,
                   CK_SLOT_ID slotID);

 void pem_DestroyInternalObject (pemInternalObject *io);
diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pinst.c nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pinst.c
--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pinst.c	2012-04-02 18:27:20.000000000 +0200
+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pinst.c	2012-06-12 11:00:38.075787540 +0200
@@ -177,10 +177,28 @@ GetCertFields(unsigned char *cert, int c
     return SECSuccess;
 }

+char *
+pem_ObjectNickname(char *filename, char *certname)
+{
+    char *nickname = NULL;
+
+    if (certname) {
+        nickname = certname;
+    } else if (filename) {
+        nickname = strrchr(filename, '/');
+        if (nickname)
+            nickname++;
+        else
+            nickname = filename;
+    }
+
+    return nickname;
+}
+
 static pemInternalObject *
 CreateObject(CK_OBJECT_CLASS objClass,
              pemObjectType type, SECItem * certDER,
-             SECItem * keyDER, char *filename,
+             SECItem * keyDER, const char *nickname,
              int objid, CK_SLOT_ID slotID)
 {
     pemInternalObject *o;
@@ -191,7 +209,6 @@ CreateObject(CK_OBJECT_CLASS objClass,
     SECItem valid;
     SECItem subjkey;
     char id[16];
-    char *nickname;
     int len;

     o = nss_ZNEW(NULL, pemInternalObject);
@@ -199,12 +216,6 @@ CreateObject(CK_OBJECT_CLASS objClass,
         return NULL;
     }

-    nickname = strrchr(filename, '/');
-    if (nickname)
-        nickname++;
-    else
-        nickname = filename;
-
     switch (objClass) {
     case CKO_CERTIFICATE:
         plog("Creating cert nick %s id %d in slot %ld\n", nickname, objid, slotID);
@@ -213,7 +224,6 @@ CreateObject(CK_OBJECT_CLASS objClass,
     case CKO_PRIVATE_KEY:
         plog("Creating key id %d in slot %ld\n", objid, slotID);
         memset(&o->u.key, 0, sizeof(o->u.key));
-        nickname = filename;
         break;
     case CKO_NETSCAPE_TRUST:
         plog("Creating trust nick %s id %d in slot %ld\n", nickname, objid, slotID);
@@ -312,18 +322,11 @@ fail:
 pemInternalObject *
 AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
                   pemObjectType type, SECItem * certDER,
-                  SECItem * keyDER, char *filename,
+                  SECItem * keyDER, const char *nickname,
                   int objid, CK_SLOT_ID slotID)
 {
     int i;

-    /* FIXME: copy-pasted from CreateObject */
-    const char *nickname = strrchr(filename, '/');
-    if (nickname && CKO_PRIVATE_KEY != objClass)
-        nickname++;
-    else
-        nickname = filename;
-
     /* first look for the object in gobj, it might be already there */
     for (i = 0; i < pem_nobjs; i++) {
         if (NULL == gobj[i])
@@ -346,7 +349,7 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla

     /* object not found, we need to create it */
     pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER,
-                                         filename, objid, slotID);
+                                         nickname, objid, slotID);
     if (io == NULL)
         return NULL;

@@ -385,6 +388,7 @@ AddCertificate(char *certfile, char *key
     int nobjs = 0;
     SECItem **objs = NULL;
     char *ivstring = NULL;
+    char *nickname;
     int cipher;

     nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
@@ -393,16 +397,18 @@ AddCertificate(char *certfile, char *key
         return CKR_GENERAL_ERROR;
     }

+    nickname = pem_ObjectNickname(certfile, NULL);
+
     /* For now load as many certs as are in the file for CAs only */
     if (cacert) {
         for (i = 0; i < nobjs; i++) {
-            char nickname[1024];
+            char nicknameCA[1024];
             objid = pem_nobjs + 1;

-            snprintf(nickname, 1024, "%s - %d", certfile, i);
+            snprintf(nicknameCA, 1024, "%s - %d", nickname, i);

             o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
-                                   nickname, 0, slotID);
+                                   nicknameCA, 0, slotID);
             if (o == NULL) {
                 error = CKR_GENERAL_ERROR;
                 goto loser;
@@ -410,7 +416,7 @@ AddCertificate(char *certfile, char *key

             /* Add the CA trust object */
             o = AddObjectIfNeeded(CKO_NETSCAPE_TRUST, pemTrust, objs[i], NULL,
-                                   nickname, 0, slotID);
+                                   nicknameCA, 0, slotID);
             if (o == NULL) {
                 error = CKR_GENERAL_ERROR;
                 goto loser;
@@ -418,7 +424,7 @@ AddCertificate(char *certfile, char *key
         }                       /* for */
     } else {
         objid = pem_nobjs + 1;
-        o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[0], NULL, certfile,
+        o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[0], NULL, nickname,
                               objid, slotID);
         if (o == NULL) {
             error = CKR_GENERAL_ERROR;
@@ -437,8 +443,9 @@ AddCertificate(char *certfile, char *key
                 error = CKR_GENERAL_ERROR;
                 goto loser;
             }
+            /* keyfile used as a nickname for private keys */
             o = AddObjectIfNeeded(CKO_PRIVATE_KEY, pemBareKey, objs[0],
-                                  keyobjs[0], certfile, objid, slotID);
+                                  keyobjs[0], keyfile, objid, slotID);
             if (o == NULL) {
                 error = CKR_GENERAL_ERROR;
                 goto loser;
diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pobject.c nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pobject.c
--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pobject.c	2012-04-02 18:27:20.000000000 +0200
+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pobject.c	2012-06-12 11:09:40.238009579 +0200
@@ -1039,6 +1039,7 @@ pem_CreateObject
     CK_SLOT_ID slotID;
     CK_BBOOL cacert;
     char *filename;
+    char *certname;
     SECItem **derlist = NULL;
     int nobjs = 0;
     int i;
@@ -1092,6 +1093,9 @@ pem_CreateObject
         return (NSSCKMDObject *) NULL;
     }

+    certname = pem_GetStringAttribute(CKA_VALUE, pTemplate,
+                                      ulAttributeCount, pError);
+
 #ifdef notdef
     if (objClass == CKO_PUBLIC_KEY) {
         return CKR_OK;  /* fake public key creation, happens as a side effect of
@@ -1102,6 +1106,7 @@ pem_CreateObject
     listObj = nss_ZNEW(NULL, pemInternalObject);
     if (NULL == listObj) {
         nss_ZFreeIf(filename);
+        nss_ZFreeIf(certname);
         return NULL;
     }

@@ -1109,6 +1114,7 @@ pem_CreateObject
     if (NULL == listItem) {
         nss_ZFreeIf(listObj);
         nss_ZFreeIf(filename);
+        nss_ZFreeIf(certname);
         return NULL;
     }

@@ -1120,19 +1126,21 @@ pem_CreateObject
         /* We're just adding a cert, we'll assume the key is next */
         objid = pem_nobjs + 1;

+        char *nickname = pem_ObjectNickname(filename, certname);
+
         if (cacert) {
             /* Add the certificate. There may be more than one */
             int c;
             for (c = 0; c < nobjs; c++) {
-                char nickname[1024];
+                char nicknameCA[1024];
                 objid = pem_nobjs + 1;

-                snprintf(nickname, 1024, "%s - %d", filename, c);
+                snprintf(nicknameCA, 1024, "%s - %d", nickname, c);

                 if (c)
                     APPEND_LIST_ITEM(listItem);
                 listItem->io = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert,
-                                                 derlist[c], NULL, nickname, 0,
+                                                 derlist[c], NULL, nicknameCA, 0,
                                                  slotID);
                 if (listItem->io == NULL)
                     goto loser;
@@ -1140,14 +1148,14 @@ pem_CreateObject
                 /* Add the trust object */
                 APPEND_LIST_ITEM(listItem);
                 listItem->io = AddObjectIfNeeded(CKO_NETSCAPE_TRUST, pemTrust,
-                                                 derlist[c], NULL, nickname, 0,
+                                                 derlist[c], NULL, nicknameCA, 0,
                                                  slotID);
                 if (listItem->io == NULL)
                     goto loser;
             }
         } else {
             listItem->io = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert,
-                                             derlist[0], NULL, filename, objid,
+                                             derlist[0], NULL, nickname, objid,
                                              slotID);
             if (listItem->io == NULL)
                 goto loser;
@@ -1184,6 +1192,7 @@ pem_CreateObject
         if (objid == -1)
             objid = pem_nobjs + 1;

+        /* filename used as a nickname for private key */
         listItem->io =  AddObjectIfNeeded(CKO_PRIVATE_KEY, pemBareKey, &certDER,
                                           derlist[0], filename, objid, slotID);
         if (listItem->io == NULL)
@@ -1223,6 +1232,7 @@ pem_CreateObject
         free(derlist[i]);
     }
     nss_ZFreeIf(filename);
+    nss_ZFreeIf(certname);
     nss_ZFreeIf(derlist);
     if ((pemInternalObject *) NULL == listItem->io) {
         pem_DestroyInternalObject(listObj);
	diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/ckpem.h nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/ckpem.h
	--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/ckpem.h 2012-04-02 18:27:20.000000000 +0200
	+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/ckpem.h 2012-06-12 12:24:28.289901209 +0200
	@@ -243,9 +243,11 @@ PRBool pem_ParseString(const char* input
	PRInt32* numStrings, char*** returnedstrings);
	PRBool pem_FreeParsedStrings(PRInt32 numStrings, char** instrings);

	+char * pem_ObjectNickname(char filename, char certname);
	+
	pemInternalObject *
	AddObjectIfNeeded(CK_OBJECT_CLASS objClass, pemObjectType type,
	- SECItem certDER, SECItem keyDER, char *filename, int objid,
	+ SECItem certDER, SECItem keyDER, const char *nickname, int objid,
	CK_SLOT_ID slotID);

	void pem_DestroyInternalObject (pemInternalObject *io);
	diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pinst.c nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pinst.c
	--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pinst.c 2012-04-02 18:27:20.000000000 +0200
	+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pinst.c 2012-06-12 11:00:38.075787540 +0200
	@@ -177,10 +177,28 @@ GetCertFields(unsigned char *cert, int c
	return SECSuccess;
	}

	+char *
	+pem_ObjectNickname(char filename, char certname)
	+{
	+ char *nickname = NULL;
	+
	+ if (certname) {
	+ nickname = certname;
	+ } else if (filename) {
	+ nickname = strrchr(filename, '/');
	+ if (nickname)
	+ nickname++;
	+ else
	+ nickname = filename;
	+ }
	+
	+ return nickname;
	+}
	+
	static pemInternalObject *
	CreateObject(CK_OBJECT_CLASS objClass,
	pemObjectType type, SECItem * certDER,
	- SECItem * keyDER, char *filename,
	+ SECItem * keyDER, const char *nickname,
	int objid, CK_SLOT_ID slotID)
	{
	pemInternalObject *o;
	@@ -191,7 +209,6 @@ CreateObject(CK_OBJECT_CLASS objClass,
	SECItem valid;
	SECItem subjkey;
	char id[16];
	- char *nickname;
	int len;

	o = nss_ZNEW(NULL, pemInternalObject);
	@@ -199,12 +216,6 @@ CreateObject(CK_OBJECT_CLASS objClass,
	return NULL;
	}

	- nickname = strrchr(filename, '/');
	- if (nickname)
	- nickname++;
	- else
	- nickname = filename;
	-
	switch (objClass) {
	case CKO_CERTIFICATE:
	plog("Creating cert nick %s id %d in slot %ld\n", nickname, objid, slotID);
	@@ -213,7 +224,6 @@ CreateObject(CK_OBJECT_CLASS objClass,
	case CKO_PRIVATE_KEY:
	plog("Creating key id %d in slot %ld\n", objid, slotID);
	memset(&o->u.key, 0, sizeof(o->u.key));
	- nickname = filename;
	break;
	case CKO_NETSCAPE_TRUST:
	plog("Creating trust nick %s id %d in slot %ld\n", nickname, objid, slotID);
	@@ -312,18 +322,11 @@ fail:
	pemInternalObject *
	AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
	pemObjectType type, SECItem * certDER,
	- SECItem * keyDER, char *filename,
	+ SECItem * keyDER, const char *nickname,
	int objid, CK_SLOT_ID slotID)
	{
	int i;

	- /* FIXME: copy-pasted from CreateObject */
	- const char *nickname = strrchr(filename, '/');
	- if (nickname && CKO_PRIVATE_KEY != objClass)
	- nickname++;
	- else
	- nickname = filename;
	-
	/* first look for the object in gobj, it might be already there */
	for (i = 0; i < pem_nobjs; i++) {
	if (NULL == gobj[i])
	@@ -346,7 +349,7 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla

	/* object not found, we need to create it */
	pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER,
	- filename, objid, slotID);
	+ nickname, objid, slotID);
	if (io == NULL)
	return NULL;

	@@ -385,6 +388,7 @@ AddCertificate(char certfile, char key
	int nobjs = 0;
	SECItem **objs = NULL;
	char *ivstring = NULL;
	+ char *nickname;
	int cipher;

	nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
	@@ -393,16 +397,18 @@ AddCertificate(char certfile, char key
	return CKR_GENERAL_ERROR;
	}

	+ nickname = pem_ObjectNickname(certfile, NULL);
	+
	/* For now load as many certs as are in the file for CAs only */
	if (cacert) {
	for (i = 0; i < nobjs; i++) {
	- char nickname[1024];
	+ char nicknameCA[1024];
	objid = pem_nobjs + 1;

	- snprintf(nickname, 1024, "%s - %d", certfile, i);
	+ snprintf(nicknameCA, 1024, "%s - %d", nickname, i);

	o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
	- nickname, 0, slotID);
	+ nicknameCA, 0, slotID);
	if (o == NULL) {
	error = CKR_GENERAL_ERROR;
	goto loser;
	@@ -410,7 +416,7 @@ AddCertificate(char certfile, char key

	/* Add the CA trust object */
	o = AddObjectIfNeeded(CKO_NETSCAPE_TRUST, pemTrust, objs[i], NULL,
	- nickname, 0, slotID);
	+ nicknameCA, 0, slotID);
	if (o == NULL) {
	error = CKR_GENERAL_ERROR;
	goto loser;
	@@ -418,7 +424,7 @@ AddCertificate(char certfile, char key
	} /* for */
	} else {
	objid = pem_nobjs + 1;
	- o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[0], NULL, certfile,
	+ o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[0], NULL, nickname,
	objid, slotID);
	if (o == NULL) {
	error = CKR_GENERAL_ERROR;
	@@ -437,8 +443,9 @@ AddCertificate(char certfile, char key
	error = CKR_GENERAL_ERROR;
	goto loser;
	}
	+ /* keyfile used as a nickname for private keys */
	o = AddObjectIfNeeded(CKO_PRIVATE_KEY, pemBareKey, objs[0],
	- keyobjs[0], certfile, objid, slotID);
	+ keyobjs[0], keyfile, objid, slotID);
	if (o == NULL) {
	error = CKR_GENERAL_ERROR;
	goto loser;
	diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pobject.c nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pobject.c
	--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pobject.c 2012-04-02 18:27:20.000000000 +0200
	+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pobject.c 2012-06-12 11:09:40.238009579 +0200
	@@ -1039,6 +1039,7 @@ pem_CreateObject
	CK_SLOT_ID slotID;
	CK_BBOOL cacert;
	char *filename;
	+ char *certname;
	SECItem **derlist = NULL;
	int nobjs = 0;
	int i;
	@@ -1092,6 +1093,9 @@ pem_CreateObject
	return (NSSCKMDObject *) NULL;
	}

	+ certname = pem_GetStringAttribute(CKA_VALUE, pTemplate,
	+ ulAttributeCount, pError);
	+
	#ifdef notdef
	if (objClass == CKO_PUBLIC_KEY) {
	return CKR_OK; /* fake public key creation, happens as a side effect of
	@@ -1102,6 +1106,7 @@ pem_CreateObject
	listObj = nss_ZNEW(NULL, pemInternalObject);
	if (NULL == listObj) {
	nss_ZFreeIf(filename);
	+ nss_ZFreeIf(certname);
	return NULL;
	}

	@@ -1109,6 +1114,7 @@ pem_CreateObject
	if (NULL == listItem) {
	nss_ZFreeIf(listObj);
	nss_ZFreeIf(filename);
	+ nss_ZFreeIf(certname);
	return NULL;
	}

	@@ -1120,19 +1126,21 @@ pem_CreateObject
	/* We're just adding a cert, we'll assume the key is next */
	objid = pem_nobjs + 1;

	+ char *nickname = pem_ObjectNickname(filename, certname);
	+
	if (cacert) {
	/* Add the certificate. There may be more than one */
	int c;
	for (c = 0; c < nobjs; c++) {
	- char nickname[1024];
	+ char nicknameCA[1024];
	objid = pem_nobjs + 1;

	- snprintf(nickname, 1024, "%s - %d", filename, c);
	+ snprintf(nicknameCA, 1024, "%s - %d", nickname, c);

	if (c)
	APPEND_LIST_ITEM(listItem);
	listItem->io = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert,
	- derlist[c], NULL, nickname, 0,
	+ derlist[c], NULL, nicknameCA, 0,
	slotID);
	if (listItem->io == NULL)
	goto loser;
	@@ -1140,14 +1148,14 @@ pem_CreateObject
	/* Add the trust object */
	APPEND_LIST_ITEM(listItem);
	listItem->io = AddObjectIfNeeded(CKO_NETSCAPE_TRUST, pemTrust,
	- derlist[c], NULL, nickname, 0,
	+ derlist[c], NULL, nicknameCA, 0,
	slotID);
	if (listItem->io == NULL)
	goto loser;
	}
	} else {
	listItem->io = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert,
	- derlist[0], NULL, filename, objid,
	+ derlist[0], NULL, nickname, objid,
	slotID);
	if (listItem->io == NULL)
	goto loser;
	@@ -1184,6 +1192,7 @@ pem_CreateObject
	if (objid == -1)
	objid = pem_nobjs + 1;

	+ /* filename used as a nickname for private key */
	listItem->io = AddObjectIfNeeded(CKO_PRIVATE_KEY, pemBareKey, &certDER,
	derlist[0], filename, objid, slotID);
	if (listItem->io == NULL)
	@@ -1223,6 +1232,7 @@ pem_CreateObject
	free(derlist[i]);
	}
	nss_ZFreeIf(filename);
	+ nss_ZFreeIf(certname);
	nss_ZFreeIf(derlist);
	if ((pemInternalObject *) NULL == listItem->io) {
	pem_DestroyInternalObject(listObj);