diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c index 460104f8d266..9cae3cad1802 100644 --- a/security/nss/lib/dev/ckhelper.c +++ b/security/nss/lib/dev/ckhelper.c @@ -32,20 +32,24 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.3 $ $Date: 2001/09/19 21:47:22 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.4 $ $Date: 2001/10/08 20:19:29 $ $Name: $"; #endif /* DEBUG */ #ifndef PKIT_H #include "pkit.h" #endif /* PKIT_H */ -#ifndef DEVT_H -#include "devt.h" -#endif /* DEVT_H */ +#ifndef DEV_H +#include "dev.h" +#endif /* DEV_H */ +#ifdef NSS_3_4_CODE +#include "pkcs11.h" +#else #ifndef NSSCKEPV_H #include "nssckepv.h" #endif /* NSSCKEPV_H */ +#endif /* NSS_3_4_CODE */ #ifndef CKHELPER_H #include "ckhelper.h" @@ -83,7 +87,7 @@ nssCKObject_GetAttributes CK_ULONG count, NSSArena *arenaOpt, nssSession *session, - NSSSlot *slot + NSSSlot *slot ) { nssArenaMark *mark; @@ -92,18 +96,18 @@ nssCKObject_GetAttributes CK_RV ckrv; PRStatus nssrv; hSession = session->handle; -#ifdef arena_mark_bug_fixed if (arenaOpt) { - mark = nssArenaMark(arenaOpt); + mark = nssArena_Mark(arenaOpt); if (!mark) { goto loser; } } -#endif /* Get the storage size needed for each attribute */ + nssSession_EnterMonitor(session); ckrv = CKAPI(slot)->C_GetAttributeValue(hSession, object, obj_template, count); if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); /* set an error here */ goto loser; } @@ -112,31 +116,29 @@ nssCKObject_GetAttributes obj_template[i].pValue = nss_ZAlloc(arenaOpt, obj_template[i].ulValueLen); if (!obj_template[i].pValue) { + nssSession_ExitMonitor(session); goto loser; } } /* Obtain the actual attribute values. */ ckrv = CKAPI(slot)->C_GetAttributeValue(hSession, object, obj_template, count); + nssSession_ExitMonitor(session); if (ckrv != CKR_OK) { /* set an error here */ goto loser; } -#ifdef arena_mark_bug_fixed if (arenaOpt) { nssrv = nssArena_Unmark(arenaOpt, mark); if (nssrv != PR_SUCCESS) { goto loser; } } -#endif return PR_SUCCESS; loser: if (arenaOpt) { /* release all arena memory allocated before the failure. */ -#ifdef arena_mark_bug_fixed (void)nssArena_Release(arenaOpt, mark); -#endif } else { CK_ULONG j; /* free each heap object that was allocated before the failure. */ @@ -146,3 +148,52 @@ loser: } return PR_FAILURE; } + +NSS_IMPLEMENT PRStatus +nssCKObject_GetAttributeItem +( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_TYPE attribute, + NSSArena *arenaOpt, + nssSession *session, + NSSSlot *slot, + NSSItem *rvItem +) +{ + CK_ATTRIBUTE attr = { 0, NULL, 0 }; + PRStatus nssrv; + attr.type = attribute; + nssrv = nssCKObject_GetAttributes(object, &attr, 1, + arenaOpt, session, slot); + if (nssrv != PR_SUCCESS) { + return nssrv; + } + rvItem->data = (void *)attr.pValue; + rvItem->size = (PRUint32)attr.ulValueLen; + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRBool +nssCKObject_IsAttributeTrue +( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_TYPE attribute, + NSSArena *arenaOpt, + nssSession *session, + NSSSlot *slot, + PRStatus *rvStatus +) +{ + CK_ATTRIBUTE attr = { attribute, g_ck_true.data, g_ck_true.size }; + CK_RV ckrv; + nssSession_EnterMonitor(session); + ckrv = CKAPI(slot)->C_GetAttributeValue(session->handle, object, &attr, 1); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + *rvStatus = PR_FAILURE; + return PR_FALSE; + } + *rvStatus = PR_SUCCESS; + return (PRBool)(*((CK_BBOOL *)attr.pValue) == CK_TRUE); +} + diff --git a/security/nss/lib/dev/ckhelper.h b/security/nss/lib/dev/ckhelper.h index 1c54d6fe6910..dd9cd8515c96 100644 --- a/security/nss/lib/dev/ckhelper.h +++ b/security/nss/lib/dev/ckhelper.h @@ -41,12 +41,16 @@ #define CKHELPER_H #ifdef DEBUG -static const char CKHELPER_CVS_ID[] = "@(#) $RCSfile: ckhelper.h,v $ $Revision: 1.3 $ $Date: 2001/09/19 21:47:23 $ $Name: $"; +static const char CKHELPER_CVS_ID[] = "@(#) $RCSfile: ckhelper.h,v $ $Revision: 1.4 $ $Date: 2001/10/08 20:19:30 $ $Name: $"; #endif /* DEBUG */ +#ifdef NSS_3_4_CODE +#include "pkcs11t.h" +#else #ifndef NSSCKT_H #include "nssckt.h" #endif /* NSSCKT_H */ +#endif /* NSS_3_4_CODE */ PR_BEGIN_EXTERN_C @@ -75,6 +79,21 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey; (item)->data = (void *)(attrib)->pValue; \ (item)->size = (PRUint32)(attrib)->ulValueLen; \ +/* NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) + * + * Convert a CK_ATTRIBUTE to a string. + */ +#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) \ + str = (NSSUTF8 *)((attrib)->pValue); + +/* NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib) + * + * Convert an NSSItem to a CK_ATTRIBUTE. + */ +#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib) \ + (attrib)->pValue = (CK_VOID_PTR)(item)->data; \ + (attrib)->ulValueLen = (CK_ULONG)(item)->size; \ + /* Get an array of attributes from an object. */ NSS_EXTERN PRStatus nssCKObject_GetAttributes diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h index 1cc57fa322ce..38efec346a19 100644 --- a/security/nss/lib/dev/dev.h +++ b/security/nss/lib/dev/dev.h @@ -35,16 +35,20 @@ #define DEV_H #ifdef DEBUG -static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.6 $ $Date: 2001/09/20 20:38:07 $ $Name: $"; +static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.7 $ $Date: 2001/10/08 20:19:30 $ $Name: $"; #endif /* DEBUG */ #ifndef DEVT_H #include "devt.h" #endif /* DEVT_H */ +#ifdef NSS_3_4_CODE +#include "pkcs11t.h" +#else #ifndef NSSCKT_H #include "nssckt.h" #endif /* NSSCKT_H */ +#endif /* NSS_3_4_CODE */ #ifndef NSSPKIT_H #include "nsspkit.h" @@ -93,6 +97,12 @@ nssModule_Destroy NSSModule *mod ); +NSS_EXTERN NSSModule * +nssModule_AddRef +( + NSSModule *mod +); + NSS_EXTERN PRStatus nssModule_Load ( @@ -124,6 +134,13 @@ nssModule_FindSlotByName NSSUTF8 *slotName ); +NSS_EXTERN NSSToken * +nssModule_FindTokenByName +( + NSSModule *mod, + NSSUTF8 *tokenName +); + /* This descends from NSSTrustDomain_TraverseCertificates, a questionable * function. Do we want NSS to have access to this at the module level? */ @@ -149,6 +166,12 @@ nssSlot_Destroy NSSSlot *slot ); +NSS_EXTERN NSSSlot * +nssSlot_AddRef +( + NSSSlot *slot +); + NSS_EXTERN NSSUTF8 * nssSlot_GetName ( @@ -161,7 +184,7 @@ nssSlot_Login ( NSSSlot *slot, PRBool asSO, - NSSCallback pwcb + NSSCallback *pwcb ); extern const NSSError NSS_ERROR_INVALID_PASSWORD; extern const NSSError NSS_ERROR_USER_CANCELED; @@ -186,7 +209,7 @@ NSS_EXTERN PRStatus nssSlot_SetPassword ( NSSSlot *slot, - NSSCallback pwcb + NSSCallback *pwcb ); extern const NSSError NSS_ERROR_INVALID_PASSWORD; extern const NSSError NSS_ERROR_USER_CANCELED; @@ -217,40 +240,23 @@ nssToken_Destroy NSSToken *tok ); +NSS_EXTERN NSSToken * +nssToken_AddRef +( + NSSToken *tok +); + /* Given a raw attribute template, import an object * (certificate, public key, private key, symmetric key) - * Return the object as an NSS type. */ -NSS_EXTERN NSSCertificate * -nssToken_ImportCertificate +NSS_EXTERN PRStatus +nssToken_ImportObject ( NSSToken *tok, nssSession *sessionOpt, - CK_ATTRIBUTE_PTR cktemplate -); - -NSS_EXTERN NSSPublicKey * -nssToken_ImportPublicKey -( - NSSToken *tok, - nssSession *sessionOpt, - CK_ATTRIBUTE_PTR cktemplate -); - -NSS_EXTERN NSSPrivateKey * -nssToken_ImportPrivateKey -( - NSSToken *tok, - nssSession *sessionOpt, - CK_ATTRIBUTE_PTR cktemplate -); - -NSS_EXTERN NSSSymmetricKey * -nssToken_ImportSymmetricKey -( - NSSToken *tok, - nssSession *sessionOpt, - CK_ATTRIBUTE_PTR cktemplate + CK_ATTRIBUTE_PTR objectTemplate, + CK_ULONG otsize, + CK_OBJECT_HANDLE_PTR phObject ); NSS_EXTERN NSSPublicKey * @@ -278,6 +284,19 @@ nssToken_DeleteStoredObject CK_OBJECT_HANDLE object ); +NSS_IMPLEMENT PRStatus +nssToken_FindCertificatesByTemplate +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR cktemplate, + CK_ULONG ctsize, + PRStatus (*callback)(NSSToken *t, nssSession *session, + CK_OBJECT_HANDLE h, void *arg), + void *arg +); + +#if 0 NSS_EXTERN PRStatus nssToken_FindCertificatesByTemplate ( @@ -289,6 +308,7 @@ nssToken_FindCertificatesByTemplate CK_ATTRIBUTE_PTR cktemplate, CK_ULONG ctsize ); +#endif /* again, a questionable function. maybe some tokens allow this? */ NSS_EXTERN PRStatus * @@ -320,6 +340,13 @@ nssSession_ExitMonitor nssSession *s ); +/* would like to inline */ +NSS_EXTERN PRBool +nssSession_IsReadWrite +( + nssSession *s +); + #ifdef DEBUG void nssModule_Debug(NSSModule *m); #endif diff --git a/security/nss/lib/dev/devm.h b/security/nss/lib/dev/devm.h index 957286c03eb5..e1620299cea5 100644 --- a/security/nss/lib/dev/devm.h +++ b/security/nss/lib/dev/devm.h @@ -35,16 +35,16 @@ #define DEVM_H #ifdef DEBUG -static const char DEVM_CVS_ID[] = "@(#) $RCSfile: devm.h,v $ $Revision: 1.1 $ $Date: 2001/09/13 22:06:09 $ $Name: $"; +static const char DEVM_CVS_ID[] = "@(#) $RCSfile: devm.h,v $ $Revision: 1.2 $ $Date: 2001/10/08 20:19:30 $ $Name: $"; #endif /* DEBUG */ +#ifdef NSS_3_4_CODE +#include "pkcs11t.h" +#else #ifndef NSSCKT_H #include "nssckt.h" #endif /* NSSCKT_H */ - -#ifndef DEVM_H -#include "devm.h" -#endif /* DEVM_H */ +#endif /* NSS_3_4_CODE */ #ifndef BASE_H #include "base.h" diff --git a/security/nss/lib/dev/devt.h b/security/nss/lib/dev/devt.h index 90c575078e45..4ba90ed265d6 100644 --- a/security/nss/lib/dev/devt.h +++ b/security/nss/lib/dev/devt.h @@ -35,7 +35,7 @@ #define DEVT_H #ifdef DEBUG -static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.3 $ $Date: 2001/09/19 19:08:29 $ $Name: $"; +static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.4 $ $Date: 2001/10/08 20:19:30 $ $Name: $"; #endif /* DEBUG */ /* @@ -48,9 +48,13 @@ static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.3 $ $D #include "nssbaset.h" #endif /* NSSBASET_H */ +#ifdef NSS_3_4_CODE +#include "pkcs11t.h" +#else #ifndef NSSCKT_H #include "nssckt.h" #endif /* NSSCKT_H */ +#endif /* NSS_3_4_CODE */ PR_BEGIN_EXTERN_C @@ -126,6 +130,7 @@ struct nssSessionStr PZLock *lock; CK_SESSION_HANDLE handle; NSSSlot *slot; + PRBool isRW; }; PR_END_EXTERN_C diff --git a/security/nss/lib/dev/module.c b/security/nss/lib/dev/module.c index 38343792f86f..f3d204b70254 100644 --- a/security/nss/lib/dev/module.c +++ b/security/nss/lib/dev/module.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: module.c,v $ $Revision: 1.4 $ $Date: 2001/09/20 20:38:07 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: module.c,v $ $Revision: 1.5 $ $Date: 2001/10/08 20:19:30 $ $Name: $"; #endif /* DEBUG */ #ifndef DEV_H @@ -43,9 +43,13 @@ static const char CVS_ID[] = "@(#) $RCSfile: module.c,v $ $Revision: 1.4 $ $Date #include "devm.h" #endif /* DEVM_H */ +#ifdef NSS_3_4_CODE +#include "pkcs11.h" +#else #ifndef NSSCKEPV_H #include "nssckepv.h" #endif /* NSSCKEPV_H */ +#endif /* NSS_3_4_CODE */ #ifndef CKHELPER_H #include "ckhelper.h" @@ -178,12 +182,10 @@ module_load_slots(NSSModule *mod) goto loser; } /* Alloc memory for the array of slots, in the module's arena */ -#ifdef arena_mark_bug_fixed mark = nssArena_Mark(mod->arena); if (!mark) { return PR_FAILURE; } -#endif slots = nss_ZNEWARRAY(mod->arena, NSSSlot *, ulNumSlots); if (!slots) { goto loser; @@ -193,21 +195,17 @@ module_load_slots(NSSModule *mod) slots[i] = nssSlot_Create(mod->arena, slotIDs[i], mod); } nss_ZFreeIf(slotIDs); -#ifdef arena_mark_bug_fixed nssrv = nssArena_Unmark(mod->arena, mark); if (nssrv != PR_SUCCESS) { goto loser; } -#endif mod->slots = slots; mod->numSlots = ulNumSlots; return PR_SUCCESS; loser: -#ifdef arena_mark_bug_fixed if (mark) { nssArena_Release(mod->arena, mark); } -#endif nss_ZFreeIf(slotIDs); return PR_FAILURE; } @@ -234,6 +232,16 @@ nssModule_Destroy return PR_SUCCESS; } +NSS_IMPLEMENT NSSModule * +nssModule_AddRef +( + NSSModule *mod +) +{ + ++mod->refCount; + return mod; +} + NSS_IMPLEMENT PRStatus nssModule_Load ( @@ -311,6 +319,48 @@ nssModule_Unload return nssrv; } +NSS_IMPLEMENT NSSSlot * +nssModule_FindSlotByName +( + NSSModule *mod, + NSSUTF8 *slotName +) +{ + PRUint32 i; + PRStatus nssrv; + for (i=0; inumSlots; i++) { + if (nssUTF8_Equal(mod->slots[i]->name, slotName, &nssrv)) { + return nssSlot_AddRef(mod->slots[i]); + } + if (nssrv != PR_SUCCESS) { + break; + } + } + return (NSSSlot *)NULL; +} + +NSS_EXTERN NSSToken * +nssModule_FindTokenByName +( + NSSModule *mod, + NSSUTF8 *tokenName +) +{ + PRUint32 i; + PRStatus nssrv; + NSSToken *tok; + for (i=0; inumSlots; i++) { + tok = mod->slots[i]->token; + if (nssUTF8_Equal(tok->name, tokenName, &nssrv)) { + return nssToken_AddRef(tok); + } + if (nssrv != PR_SUCCESS) { + break; + } + } + return (NSSToken *)NULL; +} + NSS_IMPLEMENT PRStatus * nssModule_TraverseCertificates ( diff --git a/security/nss/lib/dev/slot.c b/security/nss/lib/dev/slot.c index 0d8372a4528c..9d93a8b6f8c8 100644 --- a/security/nss/lib/dev/slot.c +++ b/security/nss/lib/dev/slot.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.7 $ $Date: 2001/09/20 20:38:08 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.8 $ $Date: 2001/10/08 20:19:30 $ $Name: $"; #endif /* DEBUG */ #ifndef DEV_H @@ -43,9 +43,13 @@ static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.7 $ $Date: #include "devm.h" #endif /* DEVM_H */ +#ifdef NSS_3_4_CODE +#include "pkcs11.h" +#else #ifndef NSSCKEPV_H #include "nssckepv.h" #endif /* NSSCKEPV_H */ +#endif /* NSS_3_4_CODE */ #ifndef CKHELPER_H #include "ckhelper.h" @@ -93,12 +97,10 @@ nssSlot_Create CK_RV ckrv; if (arenaOpt) { arena = arenaOpt; -#ifdef arena_mark_bug_fixed mark = nssArena_Mark(arena); if (!mark) { - return PR_FAILURE; + return (NSSSlot *)NULL; } -#endif newArena = PR_FALSE; } else { arena = NSSArena_Create(); @@ -148,22 +150,18 @@ nssSlot_Create } } rvSlot->token = token; -#ifdef arena_mark_bug_fixed nssrv = nssArena_Unmark(arena, mark); if (nssrv != PR_SUCCESS) { goto loser; } -#endif return rvSlot; loser: if (newArena) { nssArena_Destroy(arena); } else { -#ifdef arena_mark_bug_fixed if (mark) { nssArena_Release(arena, mark); } -#endif } /* everything was created in the arena, nothing to see here, move along */ return (NSSSlot *)NULL; @@ -182,6 +180,16 @@ nssSlot_Destroy return PR_SUCCESS; } +NSS_IMPLEMENT NSSSlot * +nssSlot_AddRef +( + NSSSlot *slot +) +{ + ++slot->refCount; + return slot; +} + NSS_IMPLEMENT NSSUTF8 * nssSlot_GetName ( @@ -197,7 +205,7 @@ nssSlot_GetName static PRStatus nssslot_login(NSSSlot *slot, nssSession *session, - CK_USER_TYPE userType, NSSCallback pwcb) + CK_USER_TYPE userType, NSSCallback *pwcb) { PRStatus nssrv; PRUint32 attempts; @@ -205,7 +213,7 @@ nssslot_login(NSSSlot *slot, nssSession *session, NSSUTF8 *password = NULL; CK_ULONG pwLen; CK_RV ckrv; - if (!pwcb.getPW) { + if (!pwcb->getPW) { /* set error INVALID_ARG */ return PR_FAILURE; } @@ -213,7 +221,7 @@ nssslot_login(NSSSlot *slot, nssSession *session, nssrv = PR_FAILURE; attempts = 0; while (keepTrying) { - nssrv = pwcb.getPW(slot->name, &attempts, pwcb.arg, &password); + nssrv = pwcb->getPW(slot->name, &attempts, pwcb->arg, &password); if (nssrv != PR_SUCCESS) { nss_SetError(NSS_ERROR_USER_CANCELED); break; @@ -251,19 +259,19 @@ nssslot_login(NSSSlot *slot, nssSession *session, } static PRStatus -nssslot_init_password(NSSSlot *slot, nssSession *rwSession, NSSCallback pwcb) +nssslot_init_password(NSSSlot *slot, nssSession *rwSession, NSSCallback *pwcb) { NSSUTF8 *userPW = NULL; NSSUTF8 *ssoPW = NULL; PRStatus nssrv; CK_ULONG userPWLen, ssoPWLen; CK_RV ckrv; - if (!pwcb.getInitPW) { + if (!pwcb->getInitPW) { /* set error INVALID_ARG */ return PR_FAILURE; } /* Get the SO and user passwords */ - nssrv = pwcb.getInitPW(slot->name, pwcb.arg, &ssoPW, &userPW); + nssrv = pwcb->getInitPW(slot->name, pwcb->arg, &ssoPW, &userPW); if (nssrv != PR_SUCCESS) goto loser; userPWLen = (CK_ULONG)nssUTF8_Length(userPW, &nssrv); if (nssrv != PR_SUCCESS) goto loser; @@ -293,7 +301,7 @@ loser: } static PRStatus -nssslot_change_password(NSSSlot *slot, nssSession *rwSession, NSSCallback pwcb) +nssslot_change_password(NSSSlot *slot, nssSession *rwSession, NSSCallback *pwcb) { NSSUTF8 *userPW = NULL; NSSUTF8 *newPW = NULL; @@ -302,14 +310,14 @@ nssslot_change_password(NSSSlot *slot, nssSession *rwSession, NSSCallback pwcb) PRBool keepTrying = PR_TRUE; CK_ULONG userPWLen, newPWLen; CK_RV ckrv; - if (!pwcb.getNewPW) { + if (!pwcb->getNewPW) { /* set error INVALID_ARG */ return PR_FAILURE; } attempts = 0; while (keepTrying) { - nssrv = pwcb.getNewPW(slot->name, &attempts, pwcb.arg, - &userPW, &newPW); + nssrv = pwcb->getNewPW(slot->name, &attempts, pwcb->arg, + &userPW, &newPW); if (nssrv != PR_SUCCESS) { nss_SetError(NSS_ERROR_USER_CANCELED); break; @@ -354,7 +362,7 @@ nssSlot_Login ( NSSSlot *slot, PRBool asSO, - NSSCallback pwcb + NSSCallback *pwcb ) { PRBool needsLogin, needsInit; @@ -406,7 +414,7 @@ NSS_IMPLEMENT PRStatus nssSlot_SetPassword ( NSSSlot *slot, - NSSCallback pwcb + NSSCallback *pwcb ) { PRStatus nssrv; @@ -469,6 +477,7 @@ nssSlot_CreateSession } rvSession->handle = session; rvSession->slot = slot; + rvSession->isRW = readWrite; return rvSession; } @@ -508,3 +517,12 @@ nssSession_ExitMonitor return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS; } +NSS_EXTERN PRBool +nssSession_IsReadWrite +( + nssSession *s +) +{ + return s->isRW; +} + diff --git a/security/nss/lib/dev/token.c b/security/nss/lib/dev/token.c index 8968e6e853c3..e2715e15b179 100644 --- a/security/nss/lib/dev/token.c +++ b/security/nss/lib/dev/token.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.6 $ $Date: 2001/09/20 20:38:08 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.7 $ $Date: 2001/10/08 20:19:30 $ $Name: $"; #endif /* DEBUG */ #ifndef DEV_H @@ -43,9 +43,13 @@ static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.6 $ $Date: #include "devm.h" #endif /* DEVM_H */ +#ifdef NSS_3_4_CODE +#include "pkcs11.h" +#else #ifndef NSSCKEPV_H #include "nssckepv.h" #endif /* NSSCKEPV_H */ +#endif /* NSS_3_4_CODE */ #ifndef NSSPKI_H #include "nsspki.h" @@ -81,17 +85,16 @@ nssToken_Create NSSUTF8 *tokenName = NULL; PRUint32 length; PRBool newArena; + PRBool readWrite; PRStatus nssrv; CK_TOKEN_INFO tokenInfo; CK_RV ckrv; if (arenaOpt) { arena = arenaOpt; -#ifdef arena_mark_bug_fixed mark = nssArena_Mark(arena); if (!mark) { - return PR_FAILURE; + return (NSSToken *)NULL; } -#endif newArena = PR_FALSE; } else { arena = NSSArena_Create(); @@ -120,7 +123,13 @@ nssToken_Create } } /* Open a default session handle for the token. */ - session = nssSlot_CreateSession(parent, arena, PR_FALSE); + if (tokenInfo.ulMaxSessionCount == 1) { + /* if the token can only handle one session, it must be RW. */ + readWrite = PR_TRUE; + } else { + readWrite = PR_FALSE; + } + session = nssSlot_CreateSession(parent, arena, readWrite); if (session == NULL) { goto loser; } @@ -137,12 +146,10 @@ nssToken_Create rvToken->name = tokenName; rvToken->ckFlags = tokenInfo.flags; rvToken->defaultSession = session; -#ifdef arena_mark_bug_fixed nssrv = nssArena_Unmark(arena, mark); if (nssrv != PR_SUCCESS) { goto loser; } -#endif return rvToken; loser: if (session) { @@ -151,11 +158,9 @@ loser: if (newArena) { nssArena_Destroy(arena); } else { -#ifdef arena_mark_bug_fixed if (mark) { nssArena_Release(arena, mark); } -#endif } return (NSSToken *)NULL; } @@ -175,6 +180,60 @@ nssToken_Destroy return PR_SUCCESS; } +NSS_IMPLEMENT NSSToken * +nssToken_AddRef +( + NSSToken *tok +) +{ + ++tok->refCount; + return tok; +} + +NSS_IMPLEMENT PRStatus +nssToken_DeleteStoredObject +( + NSSToken *tok, + nssSession *sessionOpt, + CK_OBJECT_HANDLE object +) +{ + nssSession *session; + CK_RV ckrv; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + nssSession_EnterMonitor(session); + ckrv = CKAPI(tok->slot)->C_DestroyObject(session->handle, object); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + return PR_FAILURE; + } + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRStatus +nssToken_ImportObject +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR objectTemplate, + CK_ULONG otsize, + CK_OBJECT_HANDLE_PTR phObject +) +{ + nssSession *session; + CK_RV ckrv; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + nssSession_EnterMonitor(session); + ckrv = CKAPI(tok->slot)->C_CreateObject(session->handle, + objectTemplate, otsize, + phObject); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + return PR_FAILURE; + } + return PR_SUCCESS; +} + /* This is only used by the Traverse function. If we ditch traversal, * ditch this. */ @@ -230,7 +289,8 @@ collect_certs_callback(NSSToken *t, nssSession *session, if (!cert) { goto loser; } - nssList_AddElement(ca->list, (void *)cert); + /* addref */ + nssList_Add(ca->list, (void *)cert); if (ca->maximum > 0 && nssList_Count(ca->list) >= ca->maximum) { /* signal the end of collection) */ nss_SetError(NSS_ERROR_MAXIMUM_FOUND); @@ -319,6 +379,37 @@ nssToken_TraverseCertificates return rvstack; } +NSS_IMPLEMENT PRStatus +nssToken_FindCertificatesByTemplate +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR cktemplate, + CK_ULONG ctsize, + PRStatus (*callback)(NSSToken *t, nssSession *session, + CK_OBJECT_HANDLE h, void *arg), + void *arg +) +{ + PRStatus *rvstack; + nssSession *session; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + nssSession_EnterMonitor(session); + /* this isn't really traversal, it's find by template ... */ + rvstack = nsstoken_TraverseObjects(tok, session, + cktemplate, ctsize, + callback, arg); + nssSession_ExitMonitor(session); + if (rvstack) { + /* examine the errors */ + goto loser; + } + return PR_SUCCESS; +loser: + return PR_FAILURE; +} + +#if 0 NSS_IMPLEMENT PRStatus nssToken_FindCertificatesByTemplate ( @@ -332,15 +423,14 @@ nssToken_FindCertificatesByTemplate ) { PRStatus *rvstack; - PRStatus nssrv; nssSession *session; - PRUint32 count; struct collect_arg_str collectArgs; session = (sessionOpt) ? sessionOpt : tok->defaultSession; collectArgs.arena = arenaOpt; collectArgs.list = certList; collectArgs.maximum = maximumOpt; nssSession_EnterMonitor(session); + /* this isn't really traversal, it's find by template ... */ rvstack = nsstoken_TraverseObjects(tok, session, cktemplate, ctsize, collect_certs_callback, (void *)&collectArgs); @@ -353,4 +443,5 @@ nssToken_FindCertificatesByTemplate loser: return PR_FAILURE; } +#endif