# HG changeset patch
# User Raimund Renkert <rrenkert@intevation.de>
# Date 1396438762 -7200
# Node ID e265431f3e9281c2c61140613a3b9615cf31e8d0
# Parent  90432cb1f37493e4d78c649f8dcef1597dbe76f8# Parent  9d2ac9b6a5b052d75c18e36a2423e2ac596b1129
merged.

diff -r 90432cb1f374 -r e265431f3e92 cinst/mozilla.c
--- a/cinst/mozilla.c	Wed Apr 02 13:38:56 2014 +0200
+++ b/cinst/mozilla.c	Wed Apr 02 13:39:22 2014 +0200
@@ -43,9 +43,10 @@
 /* REMOVEME: */
 #include <unistd.h>
 
+#include <cert.h>
+#include <certdb.h>
+#include <certt.h>
 #include <dirent.h>
-#include <cert.h>
-#include <certt.h>
 #include <nss.h>
 #include <pk11pub.h>
 #include <stdbool.h>
@@ -445,8 +446,8 @@
   SECItem *secitemp;
   SECStatus rv;
   PK11SlotInfo *pk11slot = NULL;
+  char *cert_name;
   CERTCertificate *cert = NULL;
-  char *cert_name;
 
   pdirs =
     get_all_profile_dirs();
@@ -458,7 +459,38 @@
       while ((secitemp = seciteml_pop(&certs_to_remove)) != NULL)
         {
           cert_name = nss_cert_name(secitemp);
-          printf("Request to REMOVE cert: %s\n", cert_name);
+          for (int i=0; pdirs[i] != NULL; i++)
+            {
+              puts(pdirs[i]);
+              nss_list_certs(pdirs[i]);
+
+              printf("Will now DELETE cert: '%s' from %s\n", cert_name, pdirs[i]);
+              if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0)
+                  == SECSuccess)
+                {
+                  pk11slot = PK11_GetInternalKeySlot();
+                  cert = PK11_FindCertFromDERCertItem(pk11slot,
+                                                      secitemp, NULL);
+                  if (cert != NULL)
+                    {
+                      rv = SEC_DeletePermCertificate(cert);
+                      if (rv != SECSuccess)
+                        {
+                          DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdirs[i]);
+                          DEBUGPRINTF("Error was %d\n", rv);
+                        }
+                    }
+                  else
+                    {
+                      DEBUGPRINTF("Could not find Certificate %s in store.\n", cert_name);
+                    }
+                  CERT_DestroyCertificate(cert);
+                  PK11_FreeSlot(pk11slot);
+                  NSS_Shutdown();
+                }
+              puts("List new:");
+              nss_list_certs(pdirs[i]);
+            }
           free(cert_name);
           free(secitemp->data);
           free(secitemp);
@@ -477,14 +509,11 @@
                   == SECSuccess)
                 {
                   pk11slot = PK11_GetInternalKeySlot();
-                  cert = CERT_DecodeCertFromPackage((char *)secitemp->data, (int)secitemp->len);
-                  rv = PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, cert_name, PR_FALSE);
+                  rv = PK11_ImportDERCert(pk11slot, secitemp, CK_INVALID_HANDLE, cert_name, PR_FALSE);
                   if (rv != SECSuccess) {
                     DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdirs[i]);
                     DEBUGPRINTF("Error was %d\n", rv);
                   }
-                  CERT_DestroyCertificate(cert);
-                  cert = NULL;
                   PK11_FreeSlot(pk11slot);
                   NSS_Shutdown();
                 }