Bug 966557: Add nsIX509CertDB.ConstructX509FromRawDER (r=bsmith)

2024-09-13 09:24:08 -07:00 · 2014-01-31 17:33:28 -08:00 · 2014-01-31 17:33:28 -08:00 · 0da87bcc7d
commit 0da87bcc7d
parent dc7e890088
2 changed files with 32 additions and 4 deletions
--- a/security/manager/ssl/public/nsIX509CertDB.idl
+++ b/security/manager/ssl/public/nsIX509CertDB.idl
@ -19,7 +19,7 @@ interface nsIX509CertList;
 #define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
 %}

-[scriptable, function, uuid(48411e2d-85a9-4b16-bec8-e30cde801f9e)]
+[scriptable, function, uuid(25a048e8-bb1c-4c33-ad3a-eacf2ad9e9ee)]
 interface nsIOpenSignedJARFileCallback : nsISupports
 {
  void openSignedJARFileFinished(in nsresult rv,
@ -261,6 +261,16 @@ interface nsIX509CertDB : nsISupports {
   */
  nsIX509Cert constructX509FromBase64(in string base64);

+  /*
+   *  Decode a raw data presentation and instantiate an object in memory.
+   *
+   *  @param certDER The raw representation of a certificate,
+   *                 encoded as raw DER.
+   *  @param length  The length of the DER string.
+   *  @return The new certificate object.
+   */
+  nsIX509Cert constructX509(in string certDER, in unsigned long length);
+
  /*
   *  Obtain a reference to the appropriate service for recent
   *  bad certificates. May only be called on the main thread.
--- a/security/manager/ssl/src/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/src/nsNSSCertificateDB.cpp
@ -1398,7 +1398,9 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
  if (isAlreadyShutDown()) {
    return NS_ERROR_NOT_AVAILABLE;
  }
-  NS_ENSURE_ARG_POINTER(_retval);
+  if (NS_WARN_IF(!_retval)) {
+    return NS_ERROR_INVALID_POINTER;
+  }

  // sure would be nice to have a smart pointer class for PL_ allocations
  // unfortunately, we cannot distinguish out-of-memory from bad-input here
@ -1421,6 +1423,24 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
      lengthDER--;
  }

+  nsresult rv = ConstructX509(certDER, lengthDER, _retval);
+  PL_strfree(certDER);
+  return rv;
+}
+
+/* nsIX509Cert constructX509 (in string certDER, unsigned long len); */
+NS_IMETHODIMP
+nsNSSCertificateDB::ConstructX509(const char* certDER,
+                                  uint32_t lengthDER,
+                                  nsIX509Cert** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  if (NS_WARN_IF(!_retval)) {
+    return NS_ERROR_INVALID_POINTER;
+  }

  SECItem secitem_cert;
  secitem_cert.type = siDERCertBuffer;
@ -1431,8 +1451,6 @@ nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
  cert =
    CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &secitem_cert,
                            nullptr, false, true);
-  PL_strfree(certDER);
-
  if (!cert)
    return (PORT_GetError() == SEC_ERROR_NO_MEMORY)
      ? NS_ERROR_OUT_OF_MEMORY : NS_ERROR_FAILURE;