fixup commit for branch 'MOZILLA_0_9_5_BRANCH'

author: cvs2hg <devnull@localhost> 2001-09-25 01:25:14 +0000
committer: cvs2hg <devnull@localhost> 2001-09-25 01:25:14 +0000
commit: 5cfae887105e10f83af4c625d248c9d4b3c79e62 (patch)
tree: 13a4a9059ae8d4684f1133bf64ab0253fbe2873e /security
parent: 6a923669b9f5e85a0831ca73ff975b009eabb7a9 (diff)
download: nss-hg-5cfae887105e10f83af4c625d248c9d4b3c79e62.tar.gz
13 files changed, 653 insertions, 46 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index 02350a903..286da745e 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -969,6 +969,7 @@ Usage(char *progName)
 #define FPS fprintf(stderr, 
     FPS "Type %s -H for more detailed descriptions\n", progName);
     FPS "Usage:  %s -N [-d certdir] [-P dbprefix] [-f pwfile]\n", progName);
+    FPS "Usage:  %s -T [-d certdir] [-P dbprefix] [-h token-name] [-f pwfile]\n", progName);
     FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", 
     	progName);
     FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n"
@@ -1160,6 +1161,16 @@ static void LongUsage(char *progName)
 	"   -P dbprefix");
     FPS "\n");
 
+    FPS "%-15s Reset the Key database or token\n",
+	"-T");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+	"   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+	"   -P dbprefix");
+    FPS "%-20s Token to reset (default is internal)\n"
+	"   -h token-name");
+    FPS "\n");
+
     FPS "%-15s Generate a certificate request (stdout)\n",
 	"-R");
     FPS "%-20s Specify the subject name (using RFC1485)\n",
@@ -2036,6 +2047,7 @@ enum {
     cmd_NewDBs,
     cmd_CertReq,
     cmd_CreateAndAddCert,
+    cmd_TokenReset,
     cmd_ListModules,
     cmd_CheckCertValidity,
     cmd_ChangePassword,
@@ -2044,7 +2056,8 @@ enum {
 
 /*  Certutil options */
 enum {
-    opt_AddKeyUsageExt = 0,
+    opt_SSOPass = 0,
+    opt_AddKeyUsageExt,
     opt_AddBasicConstraintExt,
     opt_AddAuthorityKeyIDExt,
     opt_AddCRLDistPtsExt,
@@ -2094,6 +2107,7 @@ static secuCommandFlag certutil_commands[] =
 	{ /* cmd_NewDBs              */  'N', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CertReq             */  'R', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CreateAndAddCert    */  'S', PR_FALSE, 0, PR_FALSE },
+	{ /* cmd_TokenReset          */  'T', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ListModules         */  'U', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CheckCertValidity   */  'V', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ChangePassword      */  'W', PR_FALSE, 0, PR_FALSE },
@@ -2102,6 +2116,7 @@ static secuCommandFlag certutil_commands[] =
 
 static secuCommandFlag certutil_options[] =
 {
+	{ /* opt_SSOPass             */  '0', PR_TRUE,  0, PR_FALSE },
 	{ /* opt_AddKeyUsageExt      */  '1', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddAuthorityKeyIDExt*/  '3', PR_FALSE, 0, PR_FALSE },
@@ -2535,6 +2550,17 @@ main(int argc, char **argv)
 	rv = SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg);
 	return !rv - 1;
     }
+    /*  Reset the a token */
+    if (certutil.commands[cmd_TokenReset].activated) {
+	char *sso_pass = "";
+
+	if (certutil.options[opt_SSOPass].activated) {
+	    sso_pass = certutil.options[opt_SSOPass].arg;
+ 	}
+	rv = PK11_ResetToken(slot,sso_pass);
+
+	return !rv - 1;
+    }
     /*  Check cert validity against current time (-V)  */
     if (certutil.commands[cmd_CheckCertValidity].activated) {
 	rv = ValidateCert(certHandle, name, 
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
index 807c0a9e0..ef5d49270 100644
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -1556,20 +1556,41 @@ loser:
 CERTCertList *
 CERT_GetCertChainFromCert(CERTCertificate *cert, int64 time, SECCertUsage usage)
 {
-    CERTCertList *chain;
-
-    if (cert != NULL) {
-	chain = CERT_NewCertList();
-	cert = CERT_DupCertificate(cert);
-	while (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) 
-	       != SECEqual) {
-	    CERT_AddCertToListTail(chain, cert);
-	    cert = CERT_FindCertIssuer(cert, time, usage);
-	}
-	CERT_AddCertToListTail(chain, cert);
-	return chain;
+    CERTCertList *chain = NULL;
+
+    if (NULL == cert) {
+        return NULL;
+    }
+    
+    cert = CERT_DupCertificate(cert);
+    if (NULL == cert) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    chain = CERT_NewCertList();
+    if (NULL == chain) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
     }
-    return NULL;
-}
 
+    while (cert != NULL) {
+	if (SECSuccess != CERT_AddCertToListTail(chain, cert)) {
+            /* return partial chain */
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return chain;
+        }
 
+	if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject)
+	    == SECEqual) {
+            /* return complete chain */
+	    return chain;
+	}
+
+	cert = CERT_FindCertIssuer(cert, time, usage);
+    }
+
+    /* return partial chain */
+    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+    return chain;
+}
diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c
index 5e3c848ab..0f41fb0d3 100644
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -590,6 +590,18 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_178 [] = {
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_179 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_180 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_181 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_182 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_183 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
+};
 #ifdef DEBUG
 static const NSSItem nss_builtins_items_0 [] = {
   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
@@ -9959,6 +9971,259 @@ static const NSSItem nss_builtins_items_179 [] = {
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
+static const NSSItem nss_builtins_items_180 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125"
+"\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157"
+"\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155"
+"\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003"
+"\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156"
+"\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145"
+"\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162"
+"\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123"
+"\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171"
+, (PRUint32)189 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125"
+"\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157"
+"\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155"
+"\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003"
+"\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156"
+"\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145"
+"\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162"
+"\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123"
+"\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171"
+, (PRUint32)189 },
+  { (void *)"\070\233\021\074"
+, (PRUint32)4 },
+  { (void *)"\060\202\004\225\060\202\003\376\240\003\002\001\002\002\004\070"
+"\233\021\074\060\015\006\011\052\206\110\206\367\015\001\001\004"
+"\005\000\060\201\272\061\024\060\022\006\003\125\004\012\023\013"
+"\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075\006"
+"\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165\163"
+"\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151\156"
+"\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154"
+"\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043"
+"\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040"
+"\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151"
+"\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105\156"
+"\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162\145"
+"\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151\143"
+"\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060"
+"\036\027\015\060\060\060\062\060\064\061\067\062\060\060\060\132"
+"\027\015\062\060\060\062\060\064\061\067\065\060\060\060\132\060"
+"\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156\164"
+"\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125\004"
+"\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056\156"
+"\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157\162"
+"\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155\151"
+"\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003\125"
+"\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156\164"
+"\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145\144"
+"\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162\165"
+"\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123\145"
+"\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164\151"
+"\157\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060"
+"\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201"
+"\215\000\060\201\211\002\201\201\000\307\301\137\116\161\361\316"
+"\360\140\206\017\322\130\177\323\063\227\055\027\242\165\060\265"
+"\226\144\046\057\150\303\104\253\250\165\346\000\147\064\127\236"
+"\145\307\042\233\163\346\323\335\010\016\067\125\252\045\106\201"
+"\154\275\376\250\366\165\127\127\214\220\154\112\303\076\213\113"
+"\103\012\311\021\126\232\232\047\042\231\317\125\236\141\331\002"
+"\342\174\266\174\070\007\334\343\177\117\232\271\003\101\200\266"
+"\165\147\023\013\237\350\127\066\310\135\000\066\336\146\024\332"
+"\156\166\037\117\067\214\202\023\211\002\003\001\000\001\243\202"
+"\001\244\060\202\001\240\060\021\006\011\140\206\110\001\206\370"
+"\102\001\001\004\004\003\002\000\007\060\201\343\006\003\125\035"
+"\037\004\201\333\060\201\330\060\201\325\240\201\322\240\201\317"
+"\244\201\314\060\201\311\061\024\060\022\006\003\125\004\012\023"
+"\013\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075"
+"\006\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165"
+"\163\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151"
+"\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050"
+"\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060"
+"\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060"
+"\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155"
+"\151\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105"
+"\156\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162"
+"\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\061\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060"
+"\053\006\003\125\035\020\004\044\060\042\200\017\062\060\060\060"
+"\060\062\060\064\061\067\062\060\060\060\132\201\017\062\060\062"
+"\060\060\062\060\064\061\067\065\060\060\060\132\060\013\006\003"
+"\125\035\017\004\004\003\002\001\006\060\037\006\003\125\035\043"
+"\004\030\060\026\200\024\313\154\300\153\343\273\076\313\374\042"
+"\234\376\373\213\222\234\260\362\156\042\060\035\006\003\125\035"
+"\016\004\026\004\024\313\154\300\153\343\273\076\313\374\042\234"
+"\376\373\213\222\234\260\362\156\042\060\014\006\003\125\035\023"
+"\004\005\060\003\001\001\377\060\035\006\011\052\206\110\206\366"
+"\175\007\101\000\004\020\060\016\033\010\126\065\056\060\072\064"
+"\056\060\003\002\004\220\060\015\006\011\052\206\110\206\367\015"
+"\001\001\004\005\000\003\201\201\000\142\333\201\221\316\310\232"
+"\167\102\057\354\275\047\243\123\017\120\033\352\116\222\360\251"
+"\257\251\240\272\110\141\313\357\311\006\357\037\325\364\356\337"
+"\126\055\346\312\152\031\163\252\123\276\222\263\120\002\266\205"
+"\046\162\143\330\165\120\142\165\024\267\263\120\032\077\312\021"
+"\000\013\205\105\151\155\266\245\256\121\341\112\334\202\077\154"
+"\214\064\262\167\153\331\002\366\177\016\352\145\004\361\315\124"
+"\312\272\311\314\340\204\367\310\076\021\227\323\140\011\030\274"
+"\005\377\154\211\063\360\354\025\017"
+, (PRUint32)1177 }
+};
+static const NSSItem nss_builtins_items_181 [] = {
+  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
+  { (void *)"\211\071\127\156\027\215\367\005\170\017\314\136\310\117\204\366"
+"\045\072\110\223"
+, (PRUint32)20 },
+  { (void *)"\235\146\152\314\377\325\365\103\264\277\214\026\321\053\250\231"
+, (PRUint32)16 },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
+static const NSSItem nss_builtins_items_182 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040"
+"\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165"
+"\164\150\157\162\151\164\171"
+, (PRUint32)183 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040"
+"\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165"
+"\164\150\157\162\151\164\171"
+, (PRUint32)183 },
+  { (void *)"\070\236\366\344"
+, (PRUint32)4 },
+  { (void *)"\060\202\004\203\060\202\003\354\240\003\002\001\002\002\004\070"
+"\236\366\344\060\015\006\011\052\206\110\206\367\015\001\001\004"
+"\005\000\060\201\264\061\024\060\022\006\003\125\004\012\023\013"
+"\105\156\164\162\165\163\164\056\156\145\164\061\100\060\076\006"
+"\003\125\004\013\024\067\167\167\167\056\145\156\164\162\165\163"
+"\164\056\156\145\164\057\107\103\103\101\137\103\120\123\040\151"
+"\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050"
+"\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060"
+"\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060"
+"\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155"
+"\151\164\145\144\061\063\060\061\006\003\125\004\003\023\052\105"
+"\156\164\162\165\163\164\056\156\145\164\040\103\154\151\145\156"
+"\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040"
+"\101\165\164\150\157\162\151\164\171\060\036\027\015\060\060\060"
+"\062\060\067\061\066\061\066\064\060\132\027\015\062\060\060\062"
+"\060\067\061\066\064\066\064\060\132\060\201\264\061\024\060\022"
+"\006\003\125\004\012\023\013\105\156\164\162\165\163\164\056\156"
+"\145\164\061\100\060\076\006\003\125\004\013\024\067\167\167\167"
+"\056\145\156\164\162\165\163\164\056\156\145\164\057\107\103\103"
+"\101\137\103\120\123\040\151\156\143\157\162\160\056\040\142\171"
+"\040\162\145\146\056\040\050\154\151\155\151\164\163\040\154\151"
+"\141\142\056\051\061\045\060\043\006\003\125\004\013\023\034\050"
+"\143\051\040\062\060\060\060\040\105\156\164\162\165\163\164\056"
+"\156\145\164\040\114\151\155\151\164\145\144\061\063\060\061\006"
+"\003\125\004\003\023\052\105\156\164\162\165\163\164\056\156\145"
+"\164\040\103\154\151\145\156\164\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
+"\005\000\003\201\215\000\060\201\211\002\201\201\000\223\164\264"
+"\266\344\305\113\326\241\150\177\142\325\354\367\121\127\263\162"
+"\112\230\365\320\211\311\255\143\315\115\065\121\152\204\324\255"
+"\311\150\171\157\270\353\021\333\207\256\134\044\121\023\361\124"
+"\045\204\257\051\053\237\343\200\342\331\313\335\306\105\111\064"
+"\210\220\136\001\227\357\352\123\246\335\374\301\336\113\052\045"
+"\344\351\065\372\125\005\006\345\211\172\352\244\021\127\073\374"
+"\174\075\066\315\147\065\155\244\251\045\131\275\146\365\371\047"
+"\344\225\147\326\077\222\200\136\362\064\175\053\205\002\003\001"
+"\000\001\243\202\001\236\060\202\001\232\060\021\006\011\140\206"
+"\110\001\206\370\102\001\001\004\004\003\002\000\007\060\201\335"
+"\006\003\125\035\037\004\201\325\060\201\322\060\201\317\240\201"
+"\314\240\201\311\244\201\306\060\201\303\061\024\060\022\006\003"
+"\125\004\012\023\013\105\156\164\162\165\163\164\056\156\145\164"
+"\061\100\060\076\006\003\125\004\013\024\067\167\167\167\056\145"
+"\156\164\162\165\163\164\056\156\145\164\057\107\103\103\101\137"
+"\103\120\123\040\151\156\143\157\162\160\056\040\142\171\040\162"
+"\145\146\056\040\050\154\151\155\151\164\163\040\154\151\141\142"
+"\056\051\061\045\060\043\006\003\125\004\013\023\034\050\143\051"
+"\040\062\060\060\060\040\105\156\164\162\165\163\164\056\156\145"
+"\164\040\114\151\155\151\164\145\144\061\063\060\061\006\003\125"
+"\004\003\023\052\105\156\164\162\165\163\164\056\156\145\164\040"
+"\103\154\151\145\156\164\040\103\145\162\164\151\146\151\143\141"
+"\164\151\157\156\040\101\165\164\150\157\162\151\164\171\061\015"
+"\060\013\006\003\125\004\003\023\004\103\122\114\061\060\053\006"
+"\003\125\035\020\004\044\060\042\200\017\062\060\060\060\060\062"
+"\060\067\061\066\061\066\064\060\132\201\017\062\060\062\060\060"
+"\062\060\067\061\066\064\066\064\060\132\060\013\006\003\125\035"
+"\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030"
+"\060\026\200\024\204\213\164\375\305\215\300\377\047\155\040\067"
+"\105\174\376\055\316\272\323\175\060\035\006\003\125\035\016\004"
+"\026\004\024\204\213\164\375\305\215\300\377\047\155\040\067\105"
+"\174\376\055\316\272\323\175\060\014\006\003\125\035\023\004\005"
+"\060\003\001\001\377\060\035\006\011\052\206\110\206\366\175\007"
+"\101\000\004\020\060\016\033\010\126\065\056\060\072\064\056\060"
+"\003\002\004\220\060\015\006\011\052\206\110\206\367\015\001\001"
+"\004\005\000\003\201\201\000\116\157\065\200\073\321\212\365\016"
+"\247\040\313\055\145\125\320\222\364\347\204\265\006\046\203\022"
+"\204\013\254\073\262\104\356\275\317\100\333\040\016\272\156\024"
+"\352\060\340\073\142\174\177\213\153\174\112\247\325\065\074\276"
+"\250\134\352\113\273\223\216\200\146\253\017\051\375\115\055\277"
+"\032\233\012\220\305\253\332\321\263\206\324\057\044\122\134\172"
+"\155\306\362\376\345\115\032\060\214\220\362\272\327\112\076\103"
+"\176\324\310\120\032\207\370\117\201\307\166\013\204\072\162\235"
+"\316\145\146\227\256\046\136"
+, (PRUint32)1159 }
+};
+static const NSSItem nss_builtins_items_183 [] = {
+  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
+  { (void *)"\317\164\277\377\233\206\201\133\010\063\124\100\066\076\207\266"
+"\266\360\277\163"
+, (PRUint32)20 },
+  { (void *)"\232\167\031\030\355\226\317\337\033\267\016\365\215\271\210\056"
+, (PRUint32)16 },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
 
 PR_IMPLEMENT_DATA(const builtinsInternalObject)
 nss_builtins_data[] = {
@@ -10143,11 +10408,15 @@ nss_builtins_data[] = {
   { 11, nss_builtins_types_176, nss_builtins_items_176 },
   { 10, nss_builtins_types_177, nss_builtins_items_177 },
   { 11, nss_builtins_types_178, nss_builtins_items_178 },
-  { 10, nss_builtins_types_179, nss_builtins_items_179 }
+  { 10, nss_builtins_types_179, nss_builtins_items_179 },
+  { 11, nss_builtins_types_180, nss_builtins_items_180 },
+  { 10, nss_builtins_types_181, nss_builtins_items_181 },
+  { 11, nss_builtins_types_182, nss_builtins_items_182 },
+  { 10, nss_builtins_types_183, nss_builtins_items_183 }
 };
 PR_IMPLEMENT_DATA(const PRUint32)
 #ifdef DEBUG
-  nss_builtins_nObjects = 179+1;
+  nss_builtins_nObjects = 183+1;
 #else
-  nss_builtins_nObjects = 179;
+  nss_builtins_nObjects = 183;
 #endif /* DEBUG */
diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt
index b4f78d59d..475b7f217 100644
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -10159,3 +10159,272 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "Entrust.net Global Secure Server CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Server CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125
+\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157
+\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155
+\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003
+\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156
+\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145
+\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162
+\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123
+\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125
+\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157
+\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155
+\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003
+\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156
+\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145
+\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162
+\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123
+\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\070\233\021\074
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\225\060\202\003\376\240\003\002\001\002\002\004\070
+\233\021\074\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\060\201\272\061\024\060\022\006\003\125\004\012\023\013
+\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075\006
+\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151\156
+\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154
+\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043
+\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040
+\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151
+\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105\156
+\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162\145
+\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060
+\036\027\015\060\060\060\062\060\064\061\067\062\060\060\060\132
+\027\015\062\060\060\062\060\064\061\067\065\060\060\060\132\060
+\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156\164
+\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125\004
+\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056\156
+\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157\162
+\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155\151
+\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003\125
+\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156\164
+\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145\144
+\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162\165
+\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123\145
+\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201
+\215\000\060\201\211\002\201\201\000\307\301\137\116\161\361\316
+\360\140\206\017\322\130\177\323\063\227\055\027\242\165\060\265
+\226\144\046\057\150\303\104\253\250\165\346\000\147\064\127\236
+\145\307\042\233\163\346\323\335\010\016\067\125\252\045\106\201
+\154\275\376\250\366\165\127\127\214\220\154\112\303\076\213\113
+\103\012\311\021\126\232\232\047\042\231\317\125\236\141\331\002
+\342\174\266\174\070\007\334\343\177\117\232\271\003\101\200\266
+\165\147\023\013\237\350\127\066\310\135\000\066\336\146\024\332
+\156\166\037\117\067\214\202\023\211\002\003\001\000\001\243\202
+\001\244\060\202\001\240\060\021\006\011\140\206\110\001\206\370
+\102\001\001\004\004\003\002\000\007\060\201\343\006\003\125\035
+\037\004\201\333\060\201\330\060\201\325\240\201\322\240\201\317
+\244\201\314\060\201\311\061\024\060\022\006\003\125\004\012\023
+\013\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075
+\006\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151
+\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050
+\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060
+\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060
+\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155
+\151\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105
+\156\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162
+\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\061\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060
+\053\006\003\125\035\020\004\044\060\042\200\017\062\060\060\060
+\060\062\060\064\061\067\062\060\060\060\132\201\017\062\060\062
+\060\060\062\060\064\061\067\065\060\060\060\132\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\037\006\003\125\035\043
+\004\030\060\026\200\024\313\154\300\153\343\273\076\313\374\042
+\234\376\373\213\222\234\260\362\156\042\060\035\006\003\125\035
+\016\004\026\004\024\313\154\300\153\343\273\076\313\374\042\234
+\376\373\213\222\234\260\362\156\042\060\014\006\003\125\035\023
+\004\005\060\003\001\001\377\060\035\006\011\052\206\110\206\366
+\175\007\101\000\004\020\060\016\033\010\126\065\056\060\072\064
+\056\060\003\002\004\220\060\015\006\011\052\206\110\206\367\015
+\001\001\004\005\000\003\201\201\000\142\333\201\221\316\310\232
+\167\102\057\354\275\047\243\123\017\120\033\352\116\222\360\251
+\257\251\240\272\110\141\313\357\311\006\357\037\325\364\356\337
+\126\055\346\312\152\031\163\252\123\276\222\263\120\002\266\205
+\046\162\143\330\165\120\142\165\024\267\263\120\032\077\312\021
+\000\013\205\105\151\155\266\245\256\121\341\112\334\202\077\154
+\214\064\262\167\153\331\002\366\177\016\352\145\004\361\315\124
+\312\272\311\314\340\204\367\310\076\021\227\323\140\011\030\274
+\005\377\154\211\063\360\354\025\017
+END
+
+# Trust for Certificate "Entrust.net Global Secure Server CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Server CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\211\071\127\156\027\215\367\005\170\017\314\136\310\117\204\366
+\045\072\110\223
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\235\146\152\314\377\325\365\103\264\277\214\026\321\053\250\231
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "Entrust.net Global Secure Personal CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Personal CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\070\236\366\344
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\203\060\202\003\354\240\003\002\001\002\002\004\070
+\236\366\344\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\060\201\264\061\024\060\022\006\003\125\004\012\023\013
+\105\156\164\162\165\163\164\056\156\145\164\061\100\060\076\006
+\003\125\004\013\024\067\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\107\103\103\101\137\103\120\123\040\151
+\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050
+\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060
+\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060
+\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155
+\151\164\145\144\061\063\060\061\006\003\125\004\003\023\052\105
+\156\164\162\165\163\164\056\156\145\164\040\103\154\151\145\156
+\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\060\036\027\015\060\060\060
+\062\060\067\061\066\061\066\064\060\132\027\015\062\060\060\062
+\060\067\061\066\064\066\064\060\132\060\201\264\061\024\060\022
+\006\003\125\004\012\023\013\105\156\164\162\165\163\164\056\156
+\145\164\061\100\060\076\006\003\125\004\013\024\067\167\167\167
+\056\145\156\164\162\165\163\164\056\156\145\164\057\107\103\103
+\101\137\103\120\123\040\151\156\143\157\162\160\056\040\142\171
+\040\162\145\146\056\040\050\154\151\155\151\164\163\040\154\151
+\141\142\056\051\061\045\060\043\006\003\125\004\013\023\034\050
+\143\051\040\062\060\060\060\040\105\156\164\162\165\163\164\056
+\156\145\164\040\114\151\155\151\164\145\144\061\063\060\061\006
+\003\125\004\003\023\052\105\156\164\162\165\163\164\056\156\145
+\164\040\103\154\151\145\156\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\201\215\000\060\201\211\002\201\201\000\223\164\264
+\266\344\305\113\326\241\150\177\142\325\354\367\121\127\263\162
+\112\230\365\320\211\311\255\143\315\115\065\121\152\204\324\255
+\311\150\171\157\270\353\021\333\207\256\134\044\121\023\361\124
+\045\204\257\051\053\237\343\200\342\331\313\335\306\105\111\064
+\210\220\136\001\227\357\352\123\246\335\374\301\336\113\052\045
+\344\351\065\372\125\005\006\345\211\172\352\244\021\127\073\374
+\174\075\066\315\147\065\155\244\251\045\131\275\146\365\371\047
+\344\225\147\326\077\222\200\136\362\064\175\053\205\002\003\001
+\000\001\243\202\001\236\060\202\001\232\060\021\006\011\140\206
+\110\001\206\370\102\001\001\004\004\003\002\000\007\060\201\335
+\006\003\125\035\037\004\201\325\060\201\322\060\201\317\240\201
+\314\240\201\311\244\201\306\060\201\303\061\024\060\022\006\003
+\125\004\012\023\013\105\156\164\162\165\163\164\056\156\145\164
+\061\100\060\076\006\003\125\004\013\024\067\167\167\167\056\145
+\156\164\162\165\163\164\056\156\145\164\057\107\103\103\101\137
+\103\120\123\040\151\156\143\157\162\160\056\040\142\171\040\162
+\145\146\056\040\050\154\151\155\151\164\163\040\154\151\141\142
+\056\051\061\045\060\043\006\003\125\004\013\023\034\050\143\051
+\040\062\060\060\060\040\105\156\164\162\165\163\164\056\156\145
+\164\040\114\151\155\151\164\145\144\061\063\060\061\006\003\125
+\004\003\023\052\105\156\164\162\165\163\164\056\156\145\164\040
+\103\154\151\145\156\164\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\061\015
+\060\013\006\003\125\004\003\023\004\103\122\114\061\060\053\006
+\003\125\035\020\004\044\060\042\200\017\062\060\060\060\060\062
+\060\067\061\066\061\066\064\060\132\201\017\062\060\062\060\060
+\062\060\067\061\066\064\066\064\060\132\060\013\006\003\125\035
+\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030
+\060\026\200\024\204\213\164\375\305\215\300\377\047\155\040\067
+\105\174\376\055\316\272\323\175\060\035\006\003\125\035\016\004
+\026\004\024\204\213\164\375\305\215\300\377\047\155\040\067\105
+\174\376\055\316\272\323\175\060\014\006\003\125\035\023\004\005
+\060\003\001\001\377\060\035\006\011\052\206\110\206\366\175\007
+\101\000\004\020\060\016\033\010\126\065\056\060\072\064\056\060
+\003\002\004\220\060\015\006\011\052\206\110\206\367\015\001\001
+\004\005\000\003\201\201\000\116\157\065\200\073\321\212\365\016
+\247\040\313\055\145\125\320\222\364\347\204\265\006\046\203\022
+\204\013\254\073\262\104\356\275\317\100\333\040\016\272\156\024
+\352\060\340\073\142\174\177\213\153\174\112\247\325\065\074\276
+\250\134\352\113\273\223\216\200\146\253\017\051\375\115\055\277
+\032\233\012\220\305\253\332\321\263\206\324\057\044\122\134\172
+\155\306\362\376\345\115\032\060\214\220\362\272\327\112\076\103
+\176\324\310\120\032\207\370\117\201\307\166\013\204\072\162\235
+\316\145\146\227\256\046\136
+END
+
+# Trust for Certificate "Entrust.net Global Secure Personal CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Personal CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\317\164\277\377\233\206\201\133\010\063\124\100\066\076\207\266
+\266\360\277\163
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\232\167\031\030\355\226\317\337\033\267\016\365\215\271\210\056
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
diff --git a/security/nss/lib/pk11wrap/pk11db.c b/security/nss/lib/pk11wrap/pk11db.c
index 4e5ab5706..79e704378 100644
--- a/security/nss/lib/pk11wrap/pk11db.c
+++ b/security/nss/lib/pk11wrap/pk11db.c
@@ -109,7 +109,7 @@ SECMODModuleList *SECMOD_NewModuleListElement(void) {
 static unsigned long internalFlags = SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|
 	SECMOD_RC2_FLAG| SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
 	SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|SECMOD_SSL_FLAG|
-	SECMOD_TLS_FLAG|SECMOD_AES_FLAG;
+	SECMOD_TLS_FLAG|SECMOD_AES_FLAG|SECMOD_DH_FLAG;
 
 /* create a Internal  module */
 SECMODModule *SECMOD_NewInternal(void) {
@@ -118,7 +118,8 @@ SECMODModule *SECMOD_NewInternal(void) {
 	{ 1, SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|SECMOD_RC2_FLAG|
 	SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
 	SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|
-	SECMOD_SSL_FLAG|SECMOD_TLS_FLAG|SECMOD_AES_FLAG, -1, 30, 0 };
+	SECMOD_SSL_FLAG|SECMOD_TLS_FLAG|SECMOD_AES_FLAG|SECMOD_DH_FLAG,
+	-1, 30, 0 };
 
     intern = SECMOD_NewModule();
     if (intern == NULL) {
@@ -315,9 +316,9 @@ struct secmodSlotDataStr {
 };
 
 #define SECMOD_DB_VERSION_MAJOR 0
-#define SECMOD_DB_VERSION_MINOR 4
+#define SECMOD_DB_VERSION_MINOR 5
 #define SECMOD_DB_NOUI_VERSION_MAJOR 0
-#define SECMOD_DB_NOUI_VERSION_MINOR 3
+#define SECMOD_DB_NOUI_VERSION_MINOR 4
 
 #define SECMOD_PUTSHORT(dest,src) \
 	(dest)[1] = (unsigned char) ((src)&0xff); \
diff --git a/security/nss/lib/pk11wrap/pk11kea.c b/security/nss/lib/pk11wrap/pk11kea.c
index 6006f6032..c50b9d8b6 100644
--- a/security/nss/lib/pk11wrap/pk11kea.c
+++ b/security/nss/lib/pk11wrap/pk11kea.c
@@ -99,18 +99,25 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
 	    privKeyHandle = PK11_MatchItem(slot,pubKeyHandle,CKO_PRIVATE_KEY);
 	}
 
-	/* if no key exits, generate a key pair */
+	/* if no key exists, generate a key pair */
 	if (privKeyHandle == CK_INVALID_KEY) {
-	    unsigned int     keyLength = PK11_GetKeyLength(symKey);
+	    unsigned int     symKeyLength = PK11_GetKeyLength(symKey);
 	    PK11RSAGenParams rsaParams;
 
+	    if (symKeyLength > 60) /* bytes */ {
+		/* we'd have to generate an RSA key pair > 512 bits long,
+		** and that's too costly.  Don't even try. 
+		*/
+		PORT_SetError( SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY );
+		goto rsa_failed;
+	    }
 	    rsaParams.keySizeInBits = 
-		((keyLength == 0) || (keyLength > 16)) ? 512 : 256;
+	        (symKeyLength > 28 || symKeyLength == 0) ? 512 : 256;
 	    rsaParams.pe  = 0x10001;
 	    privKey = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN, 
-		&rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
+			    &rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
 	} else {
-	    /* if key's exist, build SECKEY data structures for them */
+	    /* if keys exist, build SECKEY data structures for them */
 	    privKey = PK11_MakePrivKey(slot,nullKey, PR_TRUE, privKeyHandle,
 					symKey->cx);
 	    if (privKey != NULL) {
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index 607deeba8..83079c8ff 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -171,7 +171,7 @@ pk11_getKeyFromList(PK11SlotInfo *slot) {
     PK11_USE_THREADS(PZ_Unlock(slot->freeListLock);)
     if (symKey) {
 	symKey->next = NULL;
-	if (!symKey->sessionOwner)
+	if ((symKey->series != slot->series) || (!symKey->sessionOwner))
     	    symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner);
 	return symKey;
     }
diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c
index 076e722ec..6b28f816d 100644
--- a/security/nss/lib/pkcs12/p12d.c
+++ b/security/nss/lib/pkcs12/p12d.c
@@ -2142,8 +2142,6 @@ sec_pkcs12_validate_cert(sec_PKCS12SafeBag *cert,
     if(testCert) {
 	if(!testCert->nickname) {
 	    cert->removeExisting = PR_TRUE;
-	} else {
-	    cert->noInstall = PR_TRUE;
 	}
 	CERT_DestroyCertificate(testCert);
 	if(cert->noInstall && !cert->removeExisting) {
diff --git a/security/nss/lib/softoken/keydb.c b/security/nss/lib/softoken/keydb.c
index 90da85ac0..cfb9d3348 100644
--- a/security/nss/lib/softoken/keydb.c
+++ b/security/nss/lib/softoken/keydb.c
@@ -587,6 +587,9 @@ SECKEY_OpenKeyDB(PRBool readOnly, SECKEYDBNameFunc namecb, void *cbarg)
     if ( dbname == NULL ) {
 	goto loser;
     }
+
+    handle->dbname = PORT_Strdup(dbname);
+    handle->readOnly = readOnly;
     
     handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
 
@@ -720,6 +723,7 @@ SECKEY_CloseKeyDB(SECKEYKeyDBHandle *handle)
 	if (handle->db != NULL) {
 	    (* handle->db->close)(handle->db);
 	}
+	if (handle->dbname) PORT_Free(handle->dbname);
 	PORT_Free(handle);
     }
 }
@@ -2416,6 +2420,7 @@ done:
     return(SECSuccess);
 }
 
+#define MAX_DB_SIZE 0xffff 
 /*
  * Clear out all the keys in the existing database
  */
@@ -2432,20 +2437,24 @@ SECKEY_ResetKeyDB(SECKEYKeyDBHandle *handle)
 	return(SECSuccess);
     }
 
-    
-    /* now traverse the database */
-    ret = (* handle->db->seq)(handle->db, &key, &data, R_FIRST);
-    if ( ret ) {
-	goto done;
+    if (handle->readOnly) {
+	/* set an error code */
+	return SECFailure;
+     }
+
+    PORT_Assert(handle->dbname != NULL);
+    if (handle->dbname == NULL) {
+	return SECFailure;
     }
-    
-    do {
-        /* delete each entry */
-	ret = (* handle->db->del)(handle->db, &key, 0);
-	if ( ret ) errors++;
 
-    } while ( (* handle->db->seq)(handle->db, &key, &data,
-					R_NEXT) == 0 );
+    (* handle->db->close)(handle->db);
+    handle->db = dbopen( handle->dbname,
+			     O_RDWR | O_CREAT | O_TRUNC, 0600, DB_HASH, 0 );
+    if (handle->db == NULL) {
+	/* set an error code */
+	return SECFailure;
+    }
+    
     rv = makeGlobalVersion(handle);
     if ( rv != SECSuccess ) {
 	errors++;
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index f336ff38d..1d1c80aa0 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -667,8 +667,12 @@ pk11_handleCertObject(PK11Session *session,PK11Object *object)
 							!= SECSuccess) {
 	    return CKR_ATTRIBUTE_VALUE_INVALID;
 	}
-	if (CERT_AddTempCertToPerm(cert, label, &trust) != SECSuccess) {
-	    return CKR_HOST_MEMORY;
+	if (!cert->isperm) {
+	    if (CERT_AddTempCertToPerm(cert, label, &trust) != SECSuccess) {
+		return CKR_HOST_MEMORY;
+	    }
+	} else {
+	    CERT_ChangeCertTrust(cert->dbhandle,cert,&trust);
 	}
 	if(certUsage) {
 	    if(CERT_ChangeCertTrustByUsage(CERT_GetDefaultCertDB(),
@@ -2704,6 +2708,7 @@ CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin,
 	    if (object) pk11_FreeObject(object);
 	} while (object != NULL);
     }
+    slot->DB_loaded = PR_FALSE;
     PK11_USE_THREADS(PZ_Unlock(slot->objectLock);)
 
     /* then clear out the key database */
diff --git a/security/nss/lib/softoken/private.h b/security/nss/lib/softoken/private.h
index b90ceaaea..0125c7e7b 100644
--- a/security/nss/lib/softoken/private.h
+++ b/security/nss/lib/softoken/private.h
@@ -50,6 +50,8 @@ struct SECKEYKeyDBHandleStr {
     DB *updatedb;		/* used when updating an old version */
     SECItem *global_salt;	/* password hashing salt for this db */
     int version;		/* version of the database */
+    char *dbname;		/* name of the openned DB */
+    PRBool readOnly;		/* is the DB read only */
 };
 
 /*
diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h
index 8b152f8e4..ff9c784ee 100644
--- a/security/nss/lib/util/secerr.h
+++ b/security/nss/lib/util/secerr.h
@@ -149,7 +149,7 @@ SEC_ERROR_INVALID_PASSWORD 		    =	(SEC_ERROR_BASE + 101),
 SEC_ERROR_RETRY_OLD_PASSWORD 		    =	(SEC_ERROR_BASE + 102),
 SEC_ERROR_BAD_NICKNAME 			    =	(SEC_ERROR_BASE + 103),
 SEC_ERROR_NOT_FORTEZZA_ISSUER 		    = 	(SEC_ERROR_BASE + 104),
-/* UNUSED                                       (SEC_ERROR_BASE + 105) */
+SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY         =   (SEC_ERROR_BASE + 105),
 SEC_ERROR_JS_INVALID_MODULE_NAME 	    =	(SEC_ERROR_BASE + 106),
 SEC_ERROR_JS_INVALID_DLL 		    =	(SEC_ERROR_BASE + 107),
 SEC_ERROR_JS_ADD_MOD_FAILURE 		    =	(SEC_ERROR_BASE + 108),
diff --git a/security/nss/makefile.win b/security/nss/makefile.win
index 4710e1089..fcde6c6f7 100644
--- a/security/nss/makefile.win
+++ b/security/nss/makefile.win
@@ -43,7 +43,7 @@ include <$(DEPTH)\config\config.mak>
 GMAKE = gmake.exe
 
 GMAKE_FLAGS = OBJDIR_NAME=$(OBJDIR) MOZILLA_CLIENT=1
-GMAKE_FLAGS = $(GMAKE_FLAGS) SOURCE_MDHEADERS_DIR=$(MOZ_SRC:\=/)/mozilla/dist/include/nspr
+GMAKE_FLAGS = $(GMAKE_FLAGS) MOZILLA_INCLUDES="-I$(MOZ_SRC:\=/)/mozilla/dist/include/nspr -I$(MOZ_SRC:\=/)/mozilla/dist/include/dbm"
 
 #
 # The Client's debug build uses MSVC's debug runtime library (/MDd).
author	cvs2hg <devnull@localhost>	2001-09-25 01:25:14 +0000
committer	cvs2hg <devnull@localhost>	2001-09-25 01:25:14 +0000
commit	5cfae887105e10f83af4c625d248c9d4b3c79e62 (patch)
tree	13a4a9059ae8d4684f1133bf64ab0253fbe2873e /security
parent	6a923669b9f5e85a0831ca73ff975b009eabb7a9 (diff)
download	nss-hg-5cfae887105e10f83af4c625d248c9d4b3c79e62.tar.gz