Add PK11Store.findCertFromDERCertItem()

The PK11Store.findCertFromDERCertItem() has been added to find
a cert in NSS database using PK11_FindCertFromDERCertItem().
The findCert() has been modified to use this method.

base/src/main/java/org/mozilla/jss/pkcs11/PK11Store.java

@@ -4,7 +4,6 @@
 
 package org.mozilla.jss.pkcs11;
 
-import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
 import java.security.PublicKey;
 import java.security.interfaces.RSAKey;
@@ -15,8 +14,6 @@
 
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NotInitializedException;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.INTEGER;
 import org.mozilla.jss.crypto.Algorithm;
 import org.mozilla.jss.crypto.CryptoStore;
 import org.mozilla.jss.crypto.KeyAlreadyImportedException;
@@ -28,9 +25,6 @@
 import org.mozilla.jss.crypto.SymmetricKey;
 import org.mozilla.jss.crypto.TokenException;
 import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.pkix.cert.Certificate;
-import org.mozilla.jss.pkix.cert.CertificateInfo;
-import org.mozilla.jss.pkix.primitive.Name;
 import org.mozilla.jss.util.Password;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -202,29 +196,12 @@ public native void importEncryptedPrivateKeyInfo(
 
     @Override
     public X509Certificate findCert(byte[] certBytes) throws TokenException {
-
-        try (ByteArrayInputStream is = new ByteArrayInputStream(certBytes)) {
-
-            Certificate pkixCert = (Certificate) Certificate.getTemplate().decode(is);
-            CertificateInfo certInfo = pkixCert.getInfo();
-
-            Name issuer = certInfo.getIssuer();
-            INTEGER serialNumber = certInfo.getSerialNumber();
-
-            // TODO: replace with PK11_FindCertFromDERCert()
-            CryptoManager cm = CryptoManager.getInstance();
-            return cm.findCertByIssuerAndSerialNumber(
-                    ASN1Util.encode(issuer),
-                    serialNumber);
-
-        } catch (ObjectNotFoundException e) {
-            return null;
-
-        } catch (Exception e) {
-            throw new TokenException("Unable to find certificate: " + e.getMessage(), e);
-        }
+        return findCertFromDERCertItem(certBytes);
     }
 
+    public native X509Certificate findCertFromDERCertItem(byte[] certBytes)
+            throws TokenException;
+
     @Override
     public native X509Certificate importCert(byte[] certBytes, String nickname)
             throws TokenException;

lib/jss.map

@@ -518,3 +518,9 @@ Java_org_mozilla_jss_pkcs11_PK11Store_importCert;
     local:
         *;
 };
+JSS_5.6.0 {
+    global:
+Java_org_mozilla_jss_pkcs11_PK11Store_findCertFromDERCertItem;
+    local:
+        *;
+};

native/src/main/native/org/mozilla/jss/pkcs11/PK11Store.c

@@ -385,6 +385,52 @@ JSS_PK11_getStoreSlotPtr(JNIEnv *env, jobject store, PK11SlotInfo **slot)
                 PK11STORE_PROXY_SIG, (void**)slot);
 }
 
+/**********************************************************************
+ * PK11Store.findCertFromDERCertItem
+ */
+JNIEXPORT jobject JNICALL
+Java_org_mozilla_jss_pkcs11_PK11Store_findCertFromDERCertItem(
+    JNIEnv *env,
+    jobject this,
+    jbyteArray certBytes)
+{
+    PK11SlotInfo *slot = NULL;
+    SECItem *derCert = NULL;
+    CERTCertificate *nssCert = NULL;
+    jobject cert = NULL;
+
+    if (certBytes == NULL) {
+        goto finish;
+    }
+
+    if (JSS_PK11_getStoreSlotPtr(env, this, &slot) != PR_SUCCESS) {
+        goto finish;
+    }
+
+    derCert = JSS_ByteArrayToSECItem(env, certBytes);
+    if (derCert == NULL) {
+        goto finish;
+    }
+
+    nssCert = PK11_FindCertFromDERCertItem(slot, derCert, NULL);
+    if (nssCert == NULL) {
+        goto finish;
+    }
+
+    cert = JSS_PK11_wrapCertAndSlot(env, &nssCert, &slot);
+
+finish:
+    if (nssCert != NULL) {
+        CERT_DestroyCertificate(nssCert);
+    }
+
+    if (derCert != NULL) {
+        SECITEM_FreeItem(derCert, PR_TRUE);
+    }
+
+    return cert;
+}
+
 /**********************************************************************
  * PK11Store.importCert
  */