| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 #include "pkcs11.h" | 5 #include "pkcs11.h" |
| 6 | 6 |
| 7 #ifndef DEVM_H | 7 #ifndef DEVM_H |
| 8 #include "devm.h" | 8 #include "devm.h" |
| 9 #endif /* DEVM_H */ | 9 #endif /* DEVM_H */ |
| 10 | 10 |
| 11 #ifndef CKHELPER_H | 11 #ifndef CKHELPER_H |
| 12 #include "ckhelper.h" | 12 #include "ckhelper.h" |
| 13 #endif /* CKHELPER_H */ | 13 #endif /* CKHELPER_H */ |
| 14 | 14 |
| 15 extern const NSSError NSS_ERROR_DEVICE_ERROR; | 15 extern const NSSError NSS_ERROR_DEVICE_ERROR; |
| 16 | 16 |
| 17 static const CK_BBOOL s_true = CK_TRUE; | 17 static const CK_BBOOL s_true = CK_TRUE; |
| 18 NSS_IMPLEMENT_DATA const NSSItem | 18 NSS_IMPLEMENT_DATA const NSSItem |
| 19 g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) }; | 19 g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) }; |
| 20 | 20 |
| 21 static const CK_BBOOL s_false = CK_FALSE; | 21 static const CK_BBOOL s_false = CK_FALSE; |
| 22 NSS_IMPLEMENT_DATA const NSSItem | 22 NSS_IMPLEMENT_DATA const NSSItem |
| 23 g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) }; | 23 g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) }; |
| 24 | 24 |
| 25 static const CK_OBJECT_CLASS s_class_cert = CKO_CERTIFICATE; | 25 static const CK_OBJECT_CLASS s_class_cert = CKO_CERTIFICATE; |
| 26 NSS_IMPLEMENT_DATA const NSSItem | 26 NSS_IMPLEMENT_DATA const NSSItem |
| 27 g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) }; | 27 g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) }; |
| 28 | 28 |
| 29 static const CK_OBJECT_CLASS s_class_pubkey = CKO_PUBLIC_KEY; | 29 static const CK_OBJECT_CLASS s_class_pubkey = CKO_PUBLIC_KEY; |
| 30 NSS_IMPLEMENT_DATA const NSSItem | 30 NSS_IMPLEMENT_DATA const NSSItem |
| 31 g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) }; | 31 g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) }
; |
| 32 | 32 |
| 33 static const CK_OBJECT_CLASS s_class_privkey = CKO_PRIVATE_KEY; | 33 static const CK_OBJECT_CLASS s_class_privkey = CKO_PRIVATE_KEY; |
| 34 NSS_IMPLEMENT_DATA const NSSItem | 34 NSS_IMPLEMENT_DATA const NSSItem |
| 35 g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey) }; | 35 g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey
) }; |
| 36 | 36 |
| 37 static PRBool | 37 static PRBool |
| 38 is_string_attribute ( | 38 is_string_attribute( |
| 39 CK_ATTRIBUTE_TYPE aType | 39 CK_ATTRIBUTE_TYPE aType) |
| 40 ) | |
| 41 { | 40 { |
| 42 PRBool isString; | 41 PRBool isString; |
| 43 switch (aType) { | 42 switch (aType) { |
| 44 case CKA_LABEL: | 43 case CKA_LABEL: |
| 45 case CKA_NSS_EMAIL: | 44 case CKA_NSS_EMAIL: |
| 46 » isString = PR_TRUE; | 45 isString = PR_TRUE; |
| 47 » break; | 46 break; |
| 48 default: | 47 default: |
| 49 » isString = PR_FALSE; | 48 isString = PR_FALSE; |
| 50 » break; | 49 break; |
| 51 } | 50 } |
| 52 return isString; | 51 return isString; |
| 53 } | 52 } |
| 54 | 53 |
| 55 NSS_IMPLEMENT PRStatus | 54 NSS_IMPLEMENT PRStatus |
| 56 nssCKObject_GetAttributes ( | 55 nssCKObject_GetAttributes( |
| 57 CK_OBJECT_HANDLE object, | 56 CK_OBJECT_HANDLE object, |
| 58 CK_ATTRIBUTE_PTR obj_template, | 57 CK_ATTRIBUTE_PTR obj_template, |
| 59 CK_ULONG count, | 58 CK_ULONG count, |
| 60 NSSArena *arenaOpt, | 59 NSSArena *arenaOpt, |
| 61 nssSession *session, | 60 nssSession *session, |
| 62 NSSSlot *slot | 61 NSSSlot *slot) |
| 63 ) | |
| 64 { | 62 { |
| 65 nssArenaMark *mark = NULL; | 63 nssArenaMark *mark = NULL; |
| 66 CK_SESSION_HANDLE hSession; | 64 CK_SESSION_HANDLE hSession; |
| 67 CK_ULONG i = 0; | 65 CK_ULONG i = 0; |
| 68 CK_RV ckrv; | 66 CK_RV ckrv; |
| 69 PRStatus nssrv; | 67 PRStatus nssrv; |
| 70 PRBool alloced = PR_FALSE; | 68 PRBool alloced = PR_FALSE; |
| 71 void *epv = nssSlot_GetCryptokiEPV(slot); | 69 void *epv = nssSlot_GetCryptokiEPV(slot); |
| 72 hSession = session->handle; | 70 hSession = session->handle; |
| 73 if (arenaOpt) { | 71 if (arenaOpt) { |
| 74 » mark = nssArena_Mark(arenaOpt); | 72 mark = nssArena_Mark(arenaOpt); |
| 75 » if (!mark) { | 73 if (!mark) { |
| 76 » goto loser; | 74 goto loser; |
| 77 » } | 75 } |
| 78 } | 76 } |
| 79 nssSession_EnterMonitor(session); | 77 nssSession_EnterMonitor(session); |
| 80 /* XXX kinda hacky, if the storage size is already in the first template | 78 /* XXX kinda hacky, if the storage size is already in the first template |
| 81 * item, then skip the alloc portion | 79 * item, then skip the alloc portion |
| 82 */ | 80 */ |
| 83 if (obj_template[0].ulValueLen == 0) { | 81 if (obj_template[0].ulValueLen == 0) { |
| 84 » /* Get the storage size needed for each attribute */ | 82 /* Get the storage size needed for each attribute */ |
| 85 » ckrv = CKAPI(epv)->C_GetAttributeValue(hSession, | 83 ckrv = CKAPI(epv)->C_GetAttributeValue(hSession, |
| 86 » object, obj_template, count); | 84 object, obj_template, count); |
| 87 » if (ckrv != CKR_OK && | 85 if (ckrv != CKR_OK && |
| 88 » ckrv != CKR_ATTRIBUTE_TYPE_INVALID && | 86 ckrv != CKR_ATTRIBUTE_TYPE_INVALID && |
| 89 » ckrv != CKR_ATTRIBUTE_SENSITIVE) | 87 ckrv != CKR_ATTRIBUTE_SENSITIVE) { |
| 90 » { | 88 nssSession_ExitMonitor(session); |
| 91 » nssSession_ExitMonitor(session); | 89 nss_SetError(NSS_ERROR_DEVICE_ERROR); |
| 92 » nss_SetError(NSS_ERROR_DEVICE_ERROR); | 90 goto loser; |
| 93 » goto loser; | 91 } |
| 94 » } | 92 /* Allocate memory for each attribute. */ |
| 95 » /* Allocate memory for each attribute. */ | 93 for (i = 0; i < count; i++) { |
| 96 » for (i=0; i<count; i++) { | 94 CK_ULONG ulValueLen = obj_template[i].ulValueLen; |
| 97 » CK_ULONG ulValueLen = obj_template[i].ulValueLen; | 95 if (ulValueLen == 0 || ulValueLen == (CK_ULONG)-1) { |
| 98 » if (ulValueLen == 0 || ulValueLen == (CK_ULONG) -1) { | 96 obj_template[i].pValue = NULL; |
| 99 » » obj_template[i].pValue = NULL; | 97 obj_template[i].ulValueLen = 0; |
| 100 » » obj_template[i].ulValueLen = 0; | 98 continue; |
| 101 » » continue; | 99 } |
| 102 » } | 100 if (is_string_attribute(obj_template[i].type)) { |
| 103 » if (is_string_attribute(obj_template[i].type)) { | 101 ulValueLen++; |
| 104 » » ulValueLen++; | 102 } |
| 105 » } | 103 obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen); |
| 106 » obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen); | 104 if (!obj_template[i].pValue) { |
| 107 » if (!obj_template[i].pValue) { | 105 nssSession_ExitMonitor(session); |
| 108 » » nssSession_ExitMonitor(session); | 106 goto loser; |
| 109 » » goto loser; | 107 } |
| 110 » } | 108 } |
| 111 » } | 109 alloced = PR_TRUE; |
| 112 » alloced = PR_TRUE; | |
| 113 } | 110 } |
| 114 /* Obtain the actual attribute values. */ | 111 /* Obtain the actual attribute values. */ |
| 115 ckrv = CKAPI(epv)->C_GetAttributeValue(hSession, | 112 ckrv = CKAPI(epv)->C_GetAttributeValue(hSession, |
| 116 object, obj_template, count); | 113 object, obj_template, count); |
| 117 nssSession_ExitMonitor(session); | 114 nssSession_ExitMonitor(session); |
| 118 if (ckrv != CKR_OK && | 115 if (ckrv != CKR_OK && |
| 119 ckrv != CKR_ATTRIBUTE_TYPE_INVALID && | 116 ckrv != CKR_ATTRIBUTE_TYPE_INVALID && |
| 120 ckrv != CKR_ATTRIBUTE_SENSITIVE) | 117 ckrv != CKR_ATTRIBUTE_SENSITIVE) { |
| 121 { | 118 nss_SetError(NSS_ERROR_DEVICE_ERROR); |
| 122 » nss_SetError(NSS_ERROR_DEVICE_ERROR); | 119 goto loser; |
| 123 » goto loser; | |
| 124 } | 120 } |
| 125 if (alloced && arenaOpt) { | 121 if (alloced && arenaOpt) { |
| 126 » nssrv = nssArena_Unmark(arenaOpt, mark); | 122 nssrv = nssArena_Unmark(arenaOpt, mark); |
| 127 » if (nssrv != PR_SUCCESS) { | 123 if (nssrv != PR_SUCCESS) { |
| 128 » goto loser; | 124 goto loser; |
| 129 » } | 125 } |
| 130 } | 126 } |
| 131 | 127 |
| 132 if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) || | 128 if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) || |
| 133 » » » » » (ckrv == CKR_ATTRIBUTE_SENSITIVE))) { | 129 (ckrv == CKR_ATTRIBUTE_SENSITIVE))) { |
| 134 » /* old tokens would keep the length of '0' and not deal with any | 130 /* old tokens would keep the length of '0' and not deal with any |
| 135 » * of the attributes we passed. For those tokens read them one at | 131 * of the attributes we passed. For those tokens read them one at |
| 136 » * a time */ | 132 * a time */ |
| 137 » for (i=0; i < count; i++) { | 133 for (i = 0; i < count; i++) { |
| 138 » if ((obj_template[i].ulValueLen == 0) | 134 if ((obj_template[i].ulValueLen == 0) || |
| 139 » » » » || (obj_template[i].ulValueLen == -1)) { | 135 (obj_template[i].ulValueLen == -1)) { |
| 140 » » obj_template[i].ulValueLen=0; | 136 obj_template[i].ulValueLen = 0; |
| 141 » » (void) nssCKObject_GetAttributes(object,&obj_template[i], 1, | 137 (void)nssCKObject_GetAttributes(object, &obj_template[i], 1, |
| 142 » » » arenaOpt, session, slot); | 138 arenaOpt, session, slot); |
| 143 » } | 139 } |
| 144 » } | 140 } |
| 145 } | 141 } |
| 146 return PR_SUCCESS; | 142 return PR_SUCCESS; |
| 147 loser: | 143 loser: |
| 148 if (alloced) { | 144 if (alloced) { |
| 149 » if (arenaOpt) { | 145 if (arenaOpt) { |
| 150 » /* release all arena memory allocated before the failure. */ | 146 /* release all arena memory allocated before the failure. */ |
| 151 » (void)nssArena_Release(arenaOpt, mark); | 147 (void)nssArena_Release(arenaOpt, mark); |
| 152 » } else { | 148 } else { |
| 153 » CK_ULONG j; | 149 CK_ULONG j; |
| 154 » /* free each heap object that was allocated before the failure. */ | 150 /* free each heap object that was allocated before the failure. */ |
| 155 » for (j=0; j<i; j++) { | 151 for (j = 0; j < i; j++) { |
| 156 » » nss_ZFreeIf(obj_template[j].pValue); | 152 nss_ZFreeIf(obj_template[j].pValue); |
| 157 » } | 153 } |
| 158 » } | 154 } |
| 159 } | 155 } |
| 160 return PR_FAILURE; | 156 return PR_FAILURE; |
| 161 } | 157 } |
| 162 | 158 |
| 163 NSS_IMPLEMENT PRStatus | 159 NSS_IMPLEMENT PRStatus |
| 164 nssCKObject_GetAttributeItem ( | 160 nssCKObject_GetAttributeItem( |
| 165 CK_OBJECT_HANDLE object, | 161 CK_OBJECT_HANDLE object, |
| 166 CK_ATTRIBUTE_TYPE attribute, | 162 CK_ATTRIBUTE_TYPE attribute, |
| 167 NSSArena *arenaOpt, | 163 NSSArena *arenaOpt, |
| 168 nssSession *session, | 164 nssSession *session, |
| 169 NSSSlot *slot, | 165 NSSSlot *slot, |
| 170 NSSItem *rvItem | 166 NSSItem *rvItem) |
| 171 ) | |
| 172 { | 167 { |
| 173 CK_ATTRIBUTE attr = { 0, NULL, 0 }; | 168 CK_ATTRIBUTE attr = { 0, NULL, 0 }; |
| 174 PRStatus nssrv; | 169 PRStatus nssrv; |
| 175 attr.type = attribute; | 170 attr.type = attribute; |
| 176 nssrv = nssCKObject_GetAttributes(object, &attr, 1, | 171 nssrv = nssCKObject_GetAttributes(object, &attr, 1, |
| 177 arenaOpt, session, slot); | 172 arenaOpt, session, slot); |
| 178 if (nssrv != PR_SUCCESS) { | 173 if (nssrv != PR_SUCCESS) { |
| 179 » return nssrv; | 174 return nssrv; |
| 180 } | 175 } |
| 181 rvItem->data = (void *)attr.pValue; | 176 rvItem->data = (void *)attr.pValue; |
| 182 rvItem->size = (PRUint32)attr.ulValueLen; | 177 rvItem->size = (PRUint32)attr.ulValueLen; |
| 183 return PR_SUCCESS; | 178 return PR_SUCCESS; |
| 184 } | 179 } |
| 185 | 180 |
| 186 NSS_IMPLEMENT PRBool | 181 NSS_IMPLEMENT PRBool |
| 187 nssCKObject_IsAttributeTrue ( | 182 nssCKObject_IsAttributeTrue( |
| 188 CK_OBJECT_HANDLE object, | 183 CK_OBJECT_HANDLE object, |
| 189 CK_ATTRIBUTE_TYPE attribute, | 184 CK_ATTRIBUTE_TYPE attribute, |
| 190 nssSession *session, | 185 nssSession *session, |
| 191 NSSSlot *slot, | 186 NSSSlot *slot, |
| 192 PRStatus *rvStatus | 187 PRStatus *rvStatus) |
| 193 ) | |
| 194 { | 188 { |
| 195 CK_BBOOL bool; | 189 CK_BBOOL bool; |
| 196 CK_ATTRIBUTE_PTR attr; | 190 CK_ATTRIBUTE_PTR attr; |
| 197 CK_ATTRIBUTE atemplate = { 0, NULL, 0 }; | 191 CK_ATTRIBUTE atemplate = { 0, NULL, 0 }; |
| 198 CK_RV ckrv; | 192 CK_RV ckrv; |
| 199 void *epv = nssSlot_GetCryptokiEPV(slot); | 193 void *epv = nssSlot_GetCryptokiEPV(slot); |
| 200 attr = &atemplate; | 194 attr = &atemplate; |
| 201 NSS_CK_SET_ATTRIBUTE_VAR(attr, attribute, bool); | 195 NSS_CK_SET_ATTRIBUTE_VAR(attr, attribute, bool); |
| 202 nssSession_EnterMonitor(session); | 196 nssSession_EnterMonitor(session); |
| 203 ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object, | 197 ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object, |
| 204 &atemplate, 1); | 198 &atemplate, 1); |
| 205 nssSession_ExitMonitor(session); | 199 nssSession_ExitMonitor(session); |
| 206 if (ckrv != CKR_OK) { | 200 if (ckrv != CKR_OK) { |
| 207 » *rvStatus = PR_FAILURE; | 201 *rvStatus = PR_FAILURE; |
| 208 » return PR_FALSE; | 202 return PR_FALSE; |
| 209 } | 203 } |
| 210 *rvStatus = PR_SUCCESS; | 204 *rvStatus = PR_SUCCESS; |
| 211 return (PRBool)(bool == CK_TRUE); | 205 return (PRBool)(bool == CK_TRUE); |
| 212 } | 206 } |
| 213 | 207 |
| 214 NSS_IMPLEMENT PRStatus | 208 NSS_IMPLEMENT PRStatus |
| 215 nssCKObject_SetAttributes ( | 209 nssCKObject_SetAttributes( |
| 216 CK_OBJECT_HANDLE object, | 210 CK_OBJECT_HANDLE object, |
| 217 CK_ATTRIBUTE_PTR obj_template, | 211 CK_ATTRIBUTE_PTR obj_template, |
| 218 CK_ULONG count, | 212 CK_ULONG count, |
| 219 nssSession *session, | 213 nssSession *session, |
| 220 NSSSlot *slot | 214 NSSSlot *slot) |
| 221 ) | |
| 222 { | 215 { |
| 223 CK_RV ckrv; | 216 CK_RV ckrv; |
| 224 void *epv = nssSlot_GetCryptokiEPV(slot); | 217 void *epv = nssSlot_GetCryptokiEPV(slot); |
| 225 nssSession_EnterMonitor(session); | 218 nssSession_EnterMonitor(session); |
| 226 ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object, | 219 ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object, |
| 227 obj_template, count); | 220 obj_template, count); |
| 228 nssSession_ExitMonitor(session); | 221 nssSession_ExitMonitor(session); |
| 229 if (ckrv == CKR_OK) { | 222 if (ckrv == CKR_OK) { |
| 230 » return PR_SUCCESS; | 223 return PR_SUCCESS; |
| 231 } else { | 224 } else { |
| 232 » return PR_FAILURE; | 225 return PR_FAILURE; |
| 233 } | 226 } |
| 234 } | 227 } |
| 235 | 228 |
| 236 NSS_IMPLEMENT PRBool | 229 NSS_IMPLEMENT PRBool |
| 237 nssCKObject_IsTokenObjectTemplate ( | 230 nssCKObject_IsTokenObjectTemplate( |
| 238 CK_ATTRIBUTE_PTR objectTemplate, | 231 CK_ATTRIBUTE_PTR objectTemplate, |
| 239 CK_ULONG otsize | 232 CK_ULONG otsize) |
| 240 ) | |
| 241 { | 233 { |
| 242 CK_ULONG ul; | 234 CK_ULONG ul; |
| 243 for (ul=0; ul<otsize; ul++) { | 235 for (ul = 0; ul < otsize; ul++) { |
| 244 » if (objectTemplate[ul].type == CKA_TOKEN) { | 236 if (objectTemplate[ul].type == CKA_TOKEN) { |
| 245 » return (*((CK_BBOOL*)objectTemplate[ul].pValue) == CK_TRUE); | 237 return (*((CK_BBOOL *)objectTemplate[ul].pValue) == CK_TRUE); |
| 246 » } | 238 } |
| 247 } | 239 } |
| 248 return PR_FALSE; | 240 return PR_FALSE; |
| 249 } | 241 } |
| 250 | 242 |
| 251 static NSSCertificateType | 243 static NSSCertificateType |
| 252 nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib) | 244 nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib) |
| 253 { | 245 { |
| 254 CK_CERTIFICATE_TYPE ckCertType; | 246 CK_CERTIFICATE_TYPE ckCertType; |
| 255 if (!attrib->pValue) { | 247 if (!attrib->pValue) { |
| 256 » /* default to PKIX */ | 248 /* default to PKIX */ |
| 257 » return NSSCertificateType_PKIX; | 249 return NSSCertificateType_PKIX; |
| 258 } | 250 } |
| 259 ckCertType = *((CK_ULONG *)attrib->pValue); | 251 ckCertType = *((CK_ULONG *)attrib->pValue); |
| 260 switch (ckCertType) { | 252 switch (ckCertType) { |
| 261 case CKC_X_509: | 253 case CKC_X_509: |
| 262 » return NSSCertificateType_PKIX; | 254 return NSSCertificateType_PKIX; |
| 263 default: | 255 default: |
| 264 » break; | 256 break; |
| 265 } | 257 } |
| 266 return NSSCertificateType_Unknown; | 258 return NSSCertificateType_Unknown; |
| 267 } | 259 } |
| 268 | 260 |
| 269 /* incoming pointers must be valid */ | 261 /* incoming pointers must be valid */ |
| 270 NSS_IMPLEMENT PRStatus | 262 NSS_IMPLEMENT PRStatus |
| 271 nssCryptokiCertificate_GetAttributes ( | 263 nssCryptokiCertificate_GetAttributes( |
| 272 nssCryptokiObject *certObject, | 264 nssCryptokiObject *certObject, |
| 273 nssSession *sessionOpt, | 265 nssSession *sessionOpt, |
| 274 NSSArena *arenaOpt, | 266 NSSArena *arenaOpt, |
| 275 NSSCertificateType *certTypeOpt, | 267 NSSCertificateType *certTypeOpt, |
| 276 NSSItem *idOpt, | 268 NSSItem *idOpt, |
| 277 NSSDER *encodingOpt, | 269 NSSDER *encodingOpt, |
| 278 NSSDER *issuerOpt, | 270 NSSDER *issuerOpt, |
| 279 NSSDER *serialOpt, | 271 NSSDER *serialOpt, |
| 280 NSSDER *subjectOpt | 272 NSSDER *subjectOpt) |
| 281 ) | |
| 282 { | 273 { |
| 283 PRStatus status; | 274 PRStatus status; |
| 284 PRUint32 i; | 275 PRUint32 i; |
| 285 nssSession *session; | 276 nssSession *session; |
| 286 NSSSlot *slot; | 277 NSSSlot *slot; |
| 287 CK_ULONG template_size; | 278 CK_ULONG template_size; |
| 288 CK_ATTRIBUTE_PTR attr; | 279 CK_ATTRIBUTE_PTR attr; |
| 289 CK_ATTRIBUTE cert_template[6]; | 280 CK_ATTRIBUTE cert_template[6]; |
| 290 /* Set up a template of all options chosen by caller */ | 281 /* Set up a template of all options chosen by caller */ |
| 291 NSS_CK_TEMPLATE_START(cert_template, attr, template_size); | 282 NSS_CK_TEMPLATE_START(cert_template, attr, template_size); |
| 292 if (certTypeOpt) { | 283 if (certTypeOpt) { |
| 293 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE); | 284 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE); |
| 294 } | 285 } |
| 295 if (idOpt) { | 286 if (idOpt) { |
| 296 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID); | 287 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID); |
| 297 } | 288 } |
| 298 if (encodingOpt) { | 289 if (encodingOpt) { |
| 299 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); | 290 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); |
| 300 } | 291 } |
| 301 if (issuerOpt) { | 292 if (issuerOpt) { |
| 302 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER); | 293 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER); |
| 303 } | 294 } |
| 304 if (serialOpt) { | 295 if (serialOpt) { |
| 305 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER); | 296 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER); |
| 306 } | 297 } |
| 307 if (subjectOpt) { | 298 if (subjectOpt) { |
| 308 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT); | 299 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT); |
| 309 } | 300 } |
| 310 NSS_CK_TEMPLATE_FINISH(cert_template, attr, template_size); | 301 NSS_CK_TEMPLATE_FINISH(cert_template, attr, template_size); |
| 311 if (template_size == 0) { | 302 if (template_size == 0) { |
| 312 » /* caller didn't want anything */ | 303 /* caller didn't want anything */ |
| 313 » return PR_SUCCESS; | 304 return PR_SUCCESS; |
| 314 } | 305 } |
| 315 | 306 |
| 316 status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt, | 307 status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt, |
| 317 certObject, CKO_CERTIFICATE, | 308 certObject, CKO_CERTIFICATE, |
| 318 cert_template, template_size); | 309 cert_template, template_size); |
| 319 if (status != PR_SUCCESS) { | 310 if (status != PR_SUCCESS) { |
| 320 | 311 |
| 321 » session = sessionOpt ? | 312 session = sessionOpt ? sessionOpt |
| 322 » sessionOpt : | 313 : nssToken_GetDefaultSession(certObject->token); |
| 323 » nssToken_GetDefaultSession(certObject->token); | 314 if (!session) { |
| 324 » if (!session) { | 315 nss_SetError(NSS_ERROR_INVALID_ARGUMENT); |
| 325 » nss_SetError(NSS_ERROR_INVALID_ARGUMENT); | 316 return PR_FAILURE; |
| 326 » return PR_FAILURE; | 317 } |
| 327 » } | |
| 328 | 318 |
| 329 » slot = nssToken_GetSlot(certObject->token); | 319 slot = nssToken_GetSlot(certObject->token); |
| 330 » status = nssCKObject_GetAttributes(certObject->handle, | 320 status = nssCKObject_GetAttributes(certObject->handle, |
| 331 » cert_template, template_size, | 321 cert_template, template_size, |
| 332 » arenaOpt, session, slot); | 322 arenaOpt, session, slot); |
| 333 » nssSlot_Destroy(slot); | 323 nssSlot_Destroy(slot); |
| 334 » if (status != PR_SUCCESS) { | 324 if (status != PR_SUCCESS) { |
| 335 » return status; | 325 return status; |
| 336 » } | 326 } |
| 337 } | 327 } |
| 338 | 328 |
| 339 i=0; | 329 i = 0; |
| 340 if (certTypeOpt) { | 330 if (certTypeOpt) { |
| 341 » *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]); i++; | 331 *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]); |
| 332 i++; |
| 342 } | 333 } |
| 343 if (idOpt) { | 334 if (idOpt) { |
| 344 » NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt); i++; | 335 NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt); |
| 336 i++; |
| 345 } | 337 } |
| 346 if (encodingOpt) { | 338 if (encodingOpt) { |
| 347 » NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt); i++; | 339 NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt); |
| 340 i++; |
| 348 } | 341 } |
| 349 if (issuerOpt) { | 342 if (issuerOpt) { |
| 350 » NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt); i++; | 343 NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt); |
| 344 i++; |
| 351 } | 345 } |
| 352 if (serialOpt) { | 346 if (serialOpt) { |
| 353 » NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt); i++; | 347 NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt); |
| 348 i++; |
| 354 } | 349 } |
| 355 if (subjectOpt) { | 350 if (subjectOpt) { |
| 356 » NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt); i++; | 351 NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt); |
| 352 i++; |
| 357 } | 353 } |
| 358 return PR_SUCCESS; | 354 return PR_SUCCESS; |
| 359 } | 355 } |
| 360 | 356 |
| 361 static nssTrustLevel | 357 static nssTrustLevel |
| 362 get_nss_trust ( | 358 get_nss_trust( |
| 363 CK_TRUST ckt | 359 CK_TRUST ckt) |
| 364 ) | |
| 365 { | 360 { |
| 366 nssTrustLevel t; | 361 nssTrustLevel t; |
| 367 switch (ckt) { | 362 switch (ckt) { |
| 368 case CKT_NSS_NOT_TRUSTED: t = nssTrustLevel_NotTrusted; break; | 363 case CKT_NSS_NOT_TRUSTED: |
| 369 case CKT_NSS_TRUSTED_DELEGATOR: t = nssTrustLevel_TrustedDelegator; | 364 t = nssTrustLevel_NotTrusted; |
| 370 » break; | 365 break; |
| 371 case CKT_NSS_VALID_DELEGATOR: t = nssTrustLevel_ValidDelegator; break; | 366 case CKT_NSS_TRUSTED_DELEGATOR: |
| 372 case CKT_NSS_TRUSTED: t = nssTrustLevel_Trusted; break; | 367 t = nssTrustLevel_TrustedDelegator; |
| 373 case CKT_NSS_MUST_VERIFY_TRUST: t = nssTrustLevel_MustVerify; break; | 368 break; |
| 374 case CKT_NSS_TRUST_UNKNOWN: | 369 case CKT_NSS_VALID_DELEGATOR: |
| 375 default: | 370 t = nssTrustLevel_ValidDelegator; |
| 376 » t = nssTrustLevel_Unknown; break; | 371 break; |
| 372 case CKT_NSS_TRUSTED: |
| 373 t = nssTrustLevel_Trusted; |
| 374 break; |
| 375 case CKT_NSS_MUST_VERIFY_TRUST: |
| 376 t = nssTrustLevel_MustVerify; |
| 377 break; |
| 378 case CKT_NSS_TRUST_UNKNOWN: |
| 379 default: |
| 380 t = nssTrustLevel_Unknown; |
| 381 break; |
| 377 } | 382 } |
| 378 return t; | 383 return t; |
| 379 } | 384 } |
| 380 | 385 |
| 381 NSS_IMPLEMENT PRStatus | 386 NSS_IMPLEMENT PRStatus |
| 382 nssCryptokiTrust_GetAttributes ( | 387 nssCryptokiTrust_GetAttributes( |
| 383 nssCryptokiObject *trustObject, | 388 nssCryptokiObject *trustObject, |
| 384 nssSession *sessionOpt, | 389 nssSession *sessionOpt, |
| 385 NSSItem *sha1_hash, | 390 NSSItem *sha1_hash, |
| 386 nssTrustLevel *serverAuth, | 391 nssTrustLevel *serverAuth, |
| 387 nssTrustLevel *clientAuth, | 392 nssTrustLevel *clientAuth, |
| 388 nssTrustLevel *codeSigning, | 393 nssTrustLevel *codeSigning, |
| 389 nssTrustLevel *emailProtection, | 394 nssTrustLevel *emailProtection, |
| 390 PRBool *stepUpApproved | 395 PRBool *stepUpApproved) |
| 391 ) | |
| 392 { | 396 { |
| 393 PRStatus status; | 397 PRStatus status; |
| 394 NSSSlot *slot; | 398 NSSSlot *slot; |
| 395 nssSession *session; | 399 nssSession *session; |
| 396 CK_BBOOL isToken = PR_FALSE; | 400 CK_BBOOL isToken = PR_FALSE; |
| 397 CK_BBOOL stepUp = PR_FALSE; | 401 CK_BBOOL stepUp = PR_FALSE; |
| 398 CK_TRUST saTrust = CKT_NSS_TRUST_UNKNOWN; | 402 CK_TRUST saTrust = CKT_NSS_TRUST_UNKNOWN; |
| 399 CK_TRUST caTrust = CKT_NSS_TRUST_UNKNOWN; | 403 CK_TRUST caTrust = CKT_NSS_TRUST_UNKNOWN; |
| 400 CK_TRUST epTrust = CKT_NSS_TRUST_UNKNOWN; | 404 CK_TRUST epTrust = CKT_NSS_TRUST_UNKNOWN; |
| 401 CK_TRUST csTrust = CKT_NSS_TRUST_UNKNOWN; | 405 CK_TRUST csTrust = CKT_NSS_TRUST_UNKNOWN; |
| 402 CK_ATTRIBUTE_PTR attr; | 406 CK_ATTRIBUTE_PTR attr; |
| 403 CK_ATTRIBUTE trust_template[7]; | 407 CK_ATTRIBUTE trust_template[7]; |
| 404 CK_ATTRIBUTE_PTR sha1_hash_attr; | 408 CK_ATTRIBUTE_PTR sha1_hash_attr; |
| 405 CK_ULONG trust_size; | 409 CK_ULONG trust_size; |
| 406 | 410 |
| 407 /* Use the trust object to find the trust settings */ | 411 /* Use the trust object to find the trust settings */ |
| 408 NSS_CK_TEMPLATE_START(trust_template, attr, trust_size); | 412 NSS_CK_TEMPLATE_START(trust_template, attr, trust_size); |
| 409 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); | 413 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); |
| 410 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust); | 414 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust); |
| 411 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust); | 415 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust); |
| 412 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust); | 416 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust); |
| 413 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); | 417 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); |
| 414 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp); | 418 NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp); |
| 415 sha1_hash_attr = attr; | 419 sha1_hash_attr = attr; |
| 416 NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash); | 420 NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash); |
| 417 NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size); | 421 NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size); |
| 418 | 422 |
| 419 status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL, | 423 status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL, |
| 420 trustObject, | 424 trustObject, |
| 421 CKO_NSS_TRUST, | 425 CKO_NSS_TRUST, |
| 422 trust_template, trust_size); | 426 trust_template, trust_size); |
| 423 if (status != PR_SUCCESS) { | 427 if (status != PR_SUCCESS) { |
| 424 » session = sessionOpt ? | 428 session = sessionOpt ? sessionOpt |
| 425 » sessionOpt : | 429 : nssToken_GetDefaultSession(trustObject->token); |
| 426 » nssToken_GetDefaultSession(trustObject->token); | 430 if (!session) { |
| 427 » if (!session) { | 431 nss_SetError(NSS_ERROR_INVALID_ARGUMENT); |
| 428 » nss_SetError(NSS_ERROR_INVALID_ARGUMENT); | 432 return PR_FAILURE; |
| 429 » return PR_FAILURE; | 433 } |
| 430 » } | |
| 431 | 434 |
| 432 » slot = nssToken_GetSlot(trustObject->token); | 435 slot = nssToken_GetSlot(trustObject->token); |
| 433 » status = nssCKObject_GetAttributes(trustObject->handle, | 436 status = nssCKObject_GetAttributes(trustObject->handle, |
| 434 » trust_template, trust_size, | 437 trust_template, trust_size, |
| 435 » NULL, session, slot); | 438 NULL, session, slot); |
| 436 » nssSlot_Destroy(slot); | 439 nssSlot_Destroy(slot); |
| 437 » if (status != PR_SUCCESS) { | 440 if (status != PR_SUCCESS) { |
| 438 » return status; | 441 return status; |
| 439 » } | 442 } |
| 440 } | 443 } |
| 441 | 444 |
| 442 if (sha1_hash_attr->ulValueLen == -1) { | 445 if (sha1_hash_attr->ulValueLen == -1) { |
| 443 » /* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */ | 446 /* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */ |
| 444 » sha1_hash_attr->ulValueLen = 0; | 447 sha1_hash_attr->ulValueLen = 0; |
| 445 } | 448 } |
| 446 sha1_hash->size = sha1_hash_attr->ulValueLen; | 449 sha1_hash->size = sha1_hash_attr->ulValueLen; |
| 447 *serverAuth = get_nss_trust(saTrust); | 450 *serverAuth = get_nss_trust(saTrust); |
| 448 *clientAuth = get_nss_trust(caTrust); | 451 *clientAuth = get_nss_trust(caTrust); |
| 449 *emailProtection = get_nss_trust(epTrust); | 452 *emailProtection = get_nss_trust(epTrust); |
| 450 *codeSigning = get_nss_trust(csTrust); | 453 *codeSigning = get_nss_trust(csTrust); |
| 451 *stepUpApproved = stepUp; | 454 *stepUpApproved = stepUp; |
| 452 return PR_SUCCESS; | 455 return PR_SUCCESS; |
| 453 } | 456 } |
| 454 | 457 |
| 455 NSS_IMPLEMENT PRStatus | 458 NSS_IMPLEMENT PRStatus |
| 456 nssCryptokiCRL_GetAttributes ( | 459 nssCryptokiCRL_GetAttributes( |
| 457 nssCryptokiObject *crlObject, | 460 nssCryptokiObject *crlObject, |
| 458 nssSession *sessionOpt, | 461 nssSession *sessionOpt, |
| 459 NSSArena *arenaOpt, | 462 NSSArena *arenaOpt, |
| 460 NSSItem *encodingOpt, | 463 NSSItem *encodingOpt, |
| 461 NSSItem *subjectOpt, | 464 NSSItem *subjectOpt, |
| 462 CK_ULONG* crl_class, | 465 CK_ULONG *crl_class, |
| 463 NSSUTF8 **urlOpt, | 466 NSSUTF8 **urlOpt, |
| 464 PRBool *isKRLOpt | 467 PRBool *isKRLOpt) |
| 465 ) | |
| 466 { | 468 { |
| 467 PRStatus status; | 469 PRStatus status; |
| 468 NSSSlot *slot; | 470 NSSSlot *slot; |
| 469 nssSession *session; | 471 nssSession *session; |
| 470 CK_ATTRIBUTE_PTR attr; | 472 CK_ATTRIBUTE_PTR attr; |
| 471 CK_ATTRIBUTE crl_template[7]; | 473 CK_ATTRIBUTE crl_template[7]; |
| 472 CK_ULONG crl_size; | 474 CK_ULONG crl_size; |
| 473 PRUint32 i; | 475 PRUint32 i; |
| 474 | 476 |
| 475 NSS_CK_TEMPLATE_START(crl_template, attr, crl_size); | 477 NSS_CK_TEMPLATE_START(crl_template, attr, crl_size); |
| 476 if (crl_class) { | 478 if (crl_class) { |
| 477 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CLASS); | 479 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CLASS); |
| 478 } | 480 } |
| 479 if (encodingOpt) { | 481 if (encodingOpt) { |
| 480 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); | 482 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); |
| 481 } | 483 } |
| 482 if (urlOpt) { | 484 if (urlOpt) { |
| 483 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL); | 485 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL); |
| 484 } | 486 } |
| 485 if (isKRLOpt) { | 487 if (isKRLOpt) { |
| 486 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL); | 488 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL); |
| 487 } | 489 } |
| 488 if (subjectOpt) { | 490 if (subjectOpt) { |
| 489 » NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT); | 491 NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT); |
| 490 } | 492 } |
| 491 NSS_CK_TEMPLATE_FINISH(crl_template, attr, crl_size); | 493 NSS_CK_TEMPLATE_FINISH(crl_template, attr, crl_size); |
| 492 | 494 |
| 493 status = nssToken_GetCachedObjectAttributes(crlObject->token, NULL, | 495 status = nssToken_GetCachedObjectAttributes(crlObject->token, NULL, |
| 494 crlObject, | 496 crlObject, |
| 495 CKO_NSS_CRL, | 497 CKO_NSS_CRL, |
| 496 crl_template, crl_size); | 498 crl_template, crl_size); |
| 497 if (status != PR_SUCCESS) { | 499 if (status != PR_SUCCESS) { |
| 498 » session = sessionOpt ? | 500 session = sessionOpt ? sessionOpt |
| 499 » sessionOpt : | 501 : nssToken_GetDefaultSession(crlObject->token); |
| 500 » nssToken_GetDefaultSession(crlObject->token); | 502 if (session == NULL) { |
| 501 » if (session == NULL) { | 503 nss_SetError(NSS_ERROR_INVALID_ARGUMENT); |
| 502 » nss_SetError(NSS_ERROR_INVALID_ARGUMENT); | 504 return PR_FAILURE; |
| 503 » return PR_FAILURE; | 505 } |
| 504 » } | |
| 505 | 506 |
| 506 » slot = nssToken_GetSlot(crlObject->token); | 507 slot = nssToken_GetSlot(crlObject->token); |
| 507 » status = nssCKObject_GetAttributes(crlObject->handle, | 508 status = nssCKObject_GetAttributes(crlObject->handle, |
| 508 » crl_template, crl_size, | 509 crl_template, crl_size, |
| 509 » arenaOpt, session, slot); | 510 arenaOpt, session, slot); |
| 510 » nssSlot_Destroy(slot); | 511 nssSlot_Destroy(slot); |
| 511 » if (status != PR_SUCCESS) { | 512 if (status != PR_SUCCESS) { |
| 512 » return status; | 513 return status; |
| 513 » } | 514 } |
| 514 } | 515 } |
| 515 | 516 |
| 516 i=0; | 517 i = 0; |
| 517 if (crl_class) { | 518 if (crl_class) { |
| 518 NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class); i++; | 519 NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class); |
| 520 i++; |
| 519 } | 521 } |
| 520 if (encodingOpt) { | 522 if (encodingOpt) { |
| 521 » NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt); i++; | 523 NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt); |
| 524 i++; |
| 522 } | 525 } |
| 523 if (urlOpt) { | 526 if (urlOpt) { |
| 524 » NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt); i++; | 527 NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt); |
| 528 i++; |
| 525 } | 529 } |
| 526 if (isKRLOpt) { | 530 if (isKRLOpt) { |
| 527 » NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt); i++; | 531 NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt); |
| 532 i++; |
| 528 } | 533 } |
| 529 if (subjectOpt) { | 534 if (subjectOpt) { |
| 530 » NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt); i++; | 535 NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt); |
| 536 i++; |
| 531 } | 537 } |
| 532 return PR_SUCCESS; | 538 return PR_SUCCESS; |
| 533 } | 539 } |
| 534 | 540 |
| 535 NSS_IMPLEMENT PRStatus | 541 NSS_IMPLEMENT PRStatus |
| 536 nssCryptokiPrivateKey_SetCertificate ( | 542 nssCryptokiPrivateKey_SetCertificate( |
| 537 nssCryptokiObject *keyObject, | 543 nssCryptokiObject *keyObject, |
| 538 nssSession *sessionOpt, | 544 nssSession *sessionOpt, |
| 539 const NSSUTF8 *nickname, | 545 const NSSUTF8 *nickname, |
| 540 NSSItem *id, | 546 NSSItem *id, |
| 541 NSSDER *subject | 547 NSSDER *subject) |
| 542 ) | |
| 543 { | 548 { |
| 544 CK_RV ckrv; | 549 CK_RV ckrv; |
| 545 CK_ATTRIBUTE_PTR attr; | 550 CK_ATTRIBUTE_PTR attr; |
| 546 CK_ATTRIBUTE key_template[3]; | 551 CK_ATTRIBUTE key_template[3]; |
| 547 CK_ULONG key_size; | 552 CK_ULONG key_size; |
| 548 void *epv = nssToken_GetCryptokiEPV(keyObject->token); | 553 void *epv = nssToken_GetCryptokiEPV(keyObject->token); |
| 549 nssSession *session; | 554 nssSession *session; |
| 550 NSSToken *token = keyObject->token; | 555 NSSToken *token = keyObject->token; |
| 551 nssSession *defaultSession = nssToken_GetDefaultSession(token); | 556 nssSession *defaultSession = nssToken_GetDefaultSession(token); |
| 552 PRBool createdSession = PR_FALSE; | 557 PRBool createdSession = PR_FALSE; |
| 553 | 558 |
| 554 NSS_CK_TEMPLATE_START(key_template, attr, key_size); | 559 NSS_CK_TEMPLATE_START(key_template, attr, key_size); |
| 555 NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); | 560 NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); |
| 556 NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); | 561 NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); |
| 557 NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); | 562 NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); |
| 558 NSS_CK_TEMPLATE_FINISH(key_template, attr, key_size); | 563 NSS_CK_TEMPLATE_FINISH(key_template, attr, key_size); |
| 559 | 564 |
| 560 if (sessionOpt) { | 565 if (sessionOpt) { |
| 561 » if (!nssSession_IsReadWrite(sessionOpt)) { | 566 if (!nssSession_IsReadWrite(sessionOpt)) { |
| 562 » return PR_FAILURE; | 567 return PR_FAILURE; |
| 563 » } | 568 } |
| 564 » session = sessionOpt; | 569 session = sessionOpt; |
| 565 } else if (defaultSession && nssSession_IsReadWrite(defaultSession)) { | 570 } else if (defaultSession && nssSession_IsReadWrite(defaultSession)) { |
| 566 » session = defaultSession; | 571 session = defaultSession; |
| 567 } else { | 572 } else { |
| 568 » NSSSlot *slot = nssToken_GetSlot(token); | 573 NSSSlot *slot = nssToken_GetSlot(token); |
| 569 » session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); | 574 session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); |
| 570 » nssSlot_Destroy(slot); | 575 nssSlot_Destroy(slot); |
| 571 » if (!session) { | 576 if (!session) { |
| 572 » return PR_FAILURE; | 577 return PR_FAILURE; |
| 573 » } | 578 } |
| 574 » createdSession = PR_TRUE; | 579 createdSession = PR_TRUE; |
| 575 } | 580 } |
| 576 | 581 |
| 577 ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, | 582 ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, |
| 578 keyObject->handle, | 583 keyObject->handle, |
| 579 key_template, | 584 key_template, |
| 580 key_size); | 585 key_size); |
| 581 | 586 |
| 582 if (createdSession) { | 587 if (createdSession) { |
| 583 » nssSession_Destroy(session); | 588 nssSession_Destroy(session); |
| 584 } | 589 } |
| 585 | 590 |
| 586 return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE; | 591 return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE; |
| 587 } | 592 } |
| 588 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1843333003:
Update NSPR to 4.12 and NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@master