Created
June 12, 2012 11:50
-
-
Save fcelda/2917086 to your computer and use it in GitHub Desktop.
Patch for Mozilla NSS PEM module adding support for custom certificate nicknames.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/ckpem.h nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/ckpem.h | |
--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/ckpem.h 2012-04-02 18:27:20.000000000 +0200 | |
+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/ckpem.h 2012-06-12 12:24:28.289901209 +0200 | |
@@ -243,9 +243,11 @@ PRBool pem_ParseString(const char* input | |
PRInt32* numStrings, char*** returnedstrings); | |
PRBool pem_FreeParsedStrings(PRInt32 numStrings, char** instrings); | |
+char * pem_ObjectNickname(char *filename, char *certname); | |
+ | |
pemInternalObject * | |
AddObjectIfNeeded(CK_OBJECT_CLASS objClass, pemObjectType type, | |
- SECItem *certDER, SECItem *keyDER, char *filename, int objid, | |
+ SECItem *certDER, SECItem *keyDER, const char *nickname, int objid, | |
CK_SLOT_ID slotID); | |
void pem_DestroyInternalObject (pemInternalObject *io); | |
diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pinst.c nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pinst.c | |
--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pinst.c 2012-04-02 18:27:20.000000000 +0200 | |
+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pinst.c 2012-06-12 11:00:38.075787540 +0200 | |
@@ -177,10 +177,28 @@ GetCertFields(unsigned char *cert, int c | |
return SECSuccess; | |
} | |
+char * | |
+pem_ObjectNickname(char *filename, char *certname) | |
+{ | |
+ char *nickname = NULL; | |
+ | |
+ if (certname) { | |
+ nickname = certname; | |
+ } else if (filename) { | |
+ nickname = strrchr(filename, '/'); | |
+ if (nickname) | |
+ nickname++; | |
+ else | |
+ nickname = filename; | |
+ } | |
+ | |
+ return nickname; | |
+} | |
+ | |
static pemInternalObject * | |
CreateObject(CK_OBJECT_CLASS objClass, | |
pemObjectType type, SECItem * certDER, | |
- SECItem * keyDER, char *filename, | |
+ SECItem * keyDER, const char *nickname, | |
int objid, CK_SLOT_ID slotID) | |
{ | |
pemInternalObject *o; | |
@@ -191,7 +209,6 @@ CreateObject(CK_OBJECT_CLASS objClass, | |
SECItem valid; | |
SECItem subjkey; | |
char id[16]; | |
- char *nickname; | |
int len; | |
o = nss_ZNEW(NULL, pemInternalObject); | |
@@ -199,12 +216,6 @@ CreateObject(CK_OBJECT_CLASS objClass, | |
return NULL; | |
} | |
- nickname = strrchr(filename, '/'); | |
- if (nickname) | |
- nickname++; | |
- else | |
- nickname = filename; | |
- | |
switch (objClass) { | |
case CKO_CERTIFICATE: | |
plog("Creating cert nick %s id %d in slot %ld\n", nickname, objid, slotID); | |
@@ -213,7 +224,6 @@ CreateObject(CK_OBJECT_CLASS objClass, | |
case CKO_PRIVATE_KEY: | |
plog("Creating key id %d in slot %ld\n", objid, slotID); | |
memset(&o->u.key, 0, sizeof(o->u.key)); | |
- nickname = filename; | |
break; | |
case CKO_NETSCAPE_TRUST: | |
plog("Creating trust nick %s id %d in slot %ld\n", nickname, objid, slotID); | |
@@ -312,18 +322,11 @@ fail: | |
pemInternalObject * | |
AddObjectIfNeeded(CK_OBJECT_CLASS objClass, | |
pemObjectType type, SECItem * certDER, | |
- SECItem * keyDER, char *filename, | |
+ SECItem * keyDER, const char *nickname, | |
int objid, CK_SLOT_ID slotID) | |
{ | |
int i; | |
- /* FIXME: copy-pasted from CreateObject */ | |
- const char *nickname = strrchr(filename, '/'); | |
- if (nickname && CKO_PRIVATE_KEY != objClass) | |
- nickname++; | |
- else | |
- nickname = filename; | |
- | |
/* first look for the object in gobj, it might be already there */ | |
for (i = 0; i < pem_nobjs; i++) { | |
if (NULL == gobj[i]) | |
@@ -346,7 +349,7 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla | |
/* object not found, we need to create it */ | |
pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER, | |
- filename, objid, slotID); | |
+ nickname, objid, slotID); | |
if (io == NULL) | |
return NULL; | |
@@ -385,6 +388,7 @@ AddCertificate(char *certfile, char *key | |
int nobjs = 0; | |
SECItem **objs = NULL; | |
char *ivstring = NULL; | |
+ char *nickname; | |
int cipher; | |
nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); | |
@@ -393,16 +397,18 @@ AddCertificate(char *certfile, char *key | |
return CKR_GENERAL_ERROR; | |
} | |
+ nickname = pem_ObjectNickname(certfile, NULL); | |
+ | |
/* For now load as many certs as are in the file for CAs only */ | |
if (cacert) { | |
for (i = 0; i < nobjs; i++) { | |
- char nickname[1024]; | |
+ char nicknameCA[1024]; | |
objid = pem_nobjs + 1; | |
- snprintf(nickname, 1024, "%s - %d", certfile, i); | |
+ snprintf(nicknameCA, 1024, "%s - %d", nickname, i); | |
o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL, | |
- nickname, 0, slotID); | |
+ nicknameCA, 0, slotID); | |
if (o == NULL) { | |
error = CKR_GENERAL_ERROR; | |
goto loser; | |
@@ -410,7 +416,7 @@ AddCertificate(char *certfile, char *key | |
/* Add the CA trust object */ | |
o = AddObjectIfNeeded(CKO_NETSCAPE_TRUST, pemTrust, objs[i], NULL, | |
- nickname, 0, slotID); | |
+ nicknameCA, 0, slotID); | |
if (o == NULL) { | |
error = CKR_GENERAL_ERROR; | |
goto loser; | |
@@ -418,7 +424,7 @@ AddCertificate(char *certfile, char *key | |
} /* for */ | |
} else { | |
objid = pem_nobjs + 1; | |
- o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[0], NULL, certfile, | |
+ o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[0], NULL, nickname, | |
objid, slotID); | |
if (o == NULL) { | |
error = CKR_GENERAL_ERROR; | |
@@ -437,8 +443,9 @@ AddCertificate(char *certfile, char *key | |
error = CKR_GENERAL_ERROR; | |
goto loser; | |
} | |
+ /* keyfile used as a nickname for private keys */ | |
o = AddObjectIfNeeded(CKO_PRIVATE_KEY, pemBareKey, objs[0], | |
- keyobjs[0], certfile, objid, slotID); | |
+ keyobjs[0], keyfile, objid, slotID); | |
if (o == NULL) { | |
error = CKR_GENERAL_ERROR; | |
goto loser; | |
diff -uNPrp nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pobject.c nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pobject.c | |
--- nss-3.13.4.orig/mozilla/security/nss/lib/ckfw/pem/pobject.c 2012-04-02 18:27:20.000000000 +0200 | |
+++ nss-3.13.4/mozilla/security/nss/lib/ckfw/pem/pobject.c 2012-06-12 11:09:40.238009579 +0200 | |
@@ -1039,6 +1039,7 @@ pem_CreateObject | |
CK_SLOT_ID slotID; | |
CK_BBOOL cacert; | |
char *filename; | |
+ char *certname; | |
SECItem **derlist = NULL; | |
int nobjs = 0; | |
int i; | |
@@ -1092,6 +1093,9 @@ pem_CreateObject | |
return (NSSCKMDObject *) NULL; | |
} | |
+ certname = pem_GetStringAttribute(CKA_VALUE, pTemplate, | |
+ ulAttributeCount, pError); | |
+ | |
#ifdef notdef | |
if (objClass == CKO_PUBLIC_KEY) { | |
return CKR_OK; /* fake public key creation, happens as a side effect of | |
@@ -1102,6 +1106,7 @@ pem_CreateObject | |
listObj = nss_ZNEW(NULL, pemInternalObject); | |
if (NULL == listObj) { | |
nss_ZFreeIf(filename); | |
+ nss_ZFreeIf(certname); | |
return NULL; | |
} | |
@@ -1109,6 +1114,7 @@ pem_CreateObject | |
if (NULL == listItem) { | |
nss_ZFreeIf(listObj); | |
nss_ZFreeIf(filename); | |
+ nss_ZFreeIf(certname); | |
return NULL; | |
} | |
@@ -1120,19 +1126,21 @@ pem_CreateObject | |
/* We're just adding a cert, we'll assume the key is next */ | |
objid = pem_nobjs + 1; | |
+ char *nickname = pem_ObjectNickname(filename, certname); | |
+ | |
if (cacert) { | |
/* Add the certificate. There may be more than one */ | |
int c; | |
for (c = 0; c < nobjs; c++) { | |
- char nickname[1024]; | |
+ char nicknameCA[1024]; | |
objid = pem_nobjs + 1; | |
- snprintf(nickname, 1024, "%s - %d", filename, c); | |
+ snprintf(nicknameCA, 1024, "%s - %d", nickname, c); | |
if (c) | |
APPEND_LIST_ITEM(listItem); | |
listItem->io = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, | |
- derlist[c], NULL, nickname, 0, | |
+ derlist[c], NULL, nicknameCA, 0, | |
slotID); | |
if (listItem->io == NULL) | |
goto loser; | |
@@ -1140,14 +1148,14 @@ pem_CreateObject | |
/* Add the trust object */ | |
APPEND_LIST_ITEM(listItem); | |
listItem->io = AddObjectIfNeeded(CKO_NETSCAPE_TRUST, pemTrust, | |
- derlist[c], NULL, nickname, 0, | |
+ derlist[c], NULL, nicknameCA, 0, | |
slotID); | |
if (listItem->io == NULL) | |
goto loser; | |
} | |
} else { | |
listItem->io = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, | |
- derlist[0], NULL, filename, objid, | |
+ derlist[0], NULL, nickname, objid, | |
slotID); | |
if (listItem->io == NULL) | |
goto loser; | |
@@ -1184,6 +1192,7 @@ pem_CreateObject | |
if (objid == -1) | |
objid = pem_nobjs + 1; | |
+ /* filename used as a nickname for private key */ | |
listItem->io = AddObjectIfNeeded(CKO_PRIVATE_KEY, pemBareKey, &certDER, | |
derlist[0], filename, objid, slotID); | |
if (listItem->io == NULL) | |
@@ -1223,6 +1232,7 @@ pem_CreateObject | |
free(derlist[i]); | |
} | |
nss_ZFreeIf(filename); | |
+ nss_ZFreeIf(certname); | |
nss_ZFreeIf(derlist); | |
if ((pemInternalObject *) NULL == listItem->io) { | |
pem_DestroyInternalObject(listObj); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment