From 961c22bf4b327b5354a99bac8252324bbba54881 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Tue, 6 Aug 2024 10:22:42 -0500
Subject: [PATCH] Revert PK11Store.findCert()

The PK11Store.findCert() has been modified to use
CryptoManager.findCertByIssuerAndSerialNumber() since
the findCertFromDERCertItem() seems to have issues in
some cases.
---
 .../org/mozilla/jss/pkcs11/PK11Store.java     | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/base/src/main/java/org/mozilla/jss/pkcs11/PK11Store.java b/base/src/main/java/org/mozilla/jss/pkcs11/PK11Store.java
index 90d4bd4dc..fcd9a6a74 100644
--- a/base/src/main/java/org/mozilla/jss/pkcs11/PK11Store.java
+++ b/base/src/main/java/org/mozilla/jss/pkcs11/PK11Store.java
@@ -4,6 +4,7 @@
 
 package org.mozilla.jss.pkcs11;
 
+import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
 import java.security.PublicKey;
 import java.security.interfaces.RSAKey;
@@ -14,6 +15,8 @@
 
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NotInitializedException;
+import org.mozilla.jss.asn1.ASN1Util;
+import org.mozilla.jss.asn1.INTEGER;
 import org.mozilla.jss.crypto.Algorithm;
 import org.mozilla.jss.crypto.CryptoStore;
 import org.mozilla.jss.crypto.KeyAlreadyImportedException;
@@ -25,6 +28,9 @@
 import org.mozilla.jss.crypto.SymmetricKey;
 import org.mozilla.jss.crypto.TokenException;
 import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.pkix.cert.Certificate;
+import org.mozilla.jss.pkix.cert.CertificateInfo;
+import org.mozilla.jss.pkix.primitive.Name;
 import org.mozilla.jss.util.Password;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -196,7 +202,28 @@ public native void importEncryptedPrivateKeyInfo(
 
     @Override
     public X509Certificate findCert(byte[] certBytes) throws TokenException {
-        return findCertFromDERCertItem(certBytes);
+
+        // TODO: replace with findCertFromDERCertItem(certBytes);
+
+        try (ByteArrayInputStream is = new ByteArrayInputStream(certBytes)) {
+
+            Certificate pkixCert = (Certificate) Certificate.getTemplate().decode(is);
+            CertificateInfo certInfo = pkixCert.getInfo();
+
+            Name issuer = certInfo.getIssuer();
+            INTEGER serialNumber = certInfo.getSerialNumber();
+
+            CryptoManager cm = CryptoManager.getInstance();
+            return cm.findCertByIssuerAndSerialNumber(
+                    ASN1Util.encode(issuer),
+                    serialNumber);
+
+        } catch (ObjectNotFoundException e) {
+            return null;
+
+        } catch (Exception e) {
+            throw new TokenException("Unable to find certificate: " + e.getMessage(), e);
+        }
     }
 
     public native X509Certificate findCertFromDERCertItem(byte[] certBytes)