diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2022-04-28 12:39:23 +0200 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2022-05-14 16:27:38 +0200 |
commit | fae560a9348e43d4af55cce2e27586a5bcb170b8 (patch) | |
tree | 3c545b16ee9877592d1e9ac072687f68aca15872 | |
parent | e083f38ab8f2ee864b9e20829bf9fe45c415ddff (diff) |
xmlsecurity: fix testInsertCertificate_PEM_ODT with "dbm:" NSS DB
CentOS 7 system NSS defaults to legacy "dbm:" DB.
test_desktop_lib.cxx:2830:Assertion
Test name: DesktopLOKTest::testInsertCertificate_PEM_ODT
equality assertion failed
- Expected: 1
- Actual : 2
The problem is that getPrivateKey() doesn't work:
warn:xmlsecurity.xmlsec:624712:624712:xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:824: Can't get the private key from the certificate.
In this function, there is a check for trust flags, and the CERTDB_USER
flag is not set, which causes the failure.
The certificate was inserted here and the trust flags were set; this
does write something to cert8.db and it's not clear why it doesn't work
(if this call is omitted with the "sql:" backend, the test fails with
NOTVALIDATED = 4 - as expected).
Oddly enough, while PK11_FindPrivateKeyFromCert() fails, there's another
function PK11_FindKeyByDERCert() that does appear to work, so call it as
a fallback.
Change-Id: I9821966a086574374f4f6df0ac5db2f7376fe742
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133576
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit c9e758e3961b71c83a781da4cb12e454f09b094e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134290
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index 2d52134344fb..efb474a3326a 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -327,6 +327,13 @@ SECKEYPrivateKey* X509Certificate_NssImpl::getPrivateKey() SECKEYPrivateKey* pPrivateKey = PK11_FindPrivateKeyFromCert(m_pCert->slot, m_pCert, nullptr); if (pPrivateKey) return pPrivateKey; + pPrivateKey = PK11_FindKeyByDERCert(m_pCert->slot, m_pCert, nullptr); + if (pPrivateKey) + { + SAL_INFO("xmlsecurity.xmlsec", "fallback from PK11_FindPrivateKeyFromCert to PK11_FindKeyByDERCert needed"); + return pPrivateKey; + } + SAL_WARN("xmlsecurity.xmlsec", "X509Certificate_NssImpl::getPrivateKey() cannot find private key"); } return nullptr; } |