re-sync the trust domain cache with token insertion/removal
This commit is contained in:
ian.mcgreer%sun.com
Родитель
f5f39048d3
Коммит
5f29c565cc
|
|
@ -41,7 +41,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.24 $ $Date: 2002-04-18 17:29:53 $ $Name: $";
|
||||
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.25 $ $Date: 2002-04-19 23:06:39 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKT_H
|
||||
|
|
@ -946,6 +946,12 @@ nssToken_GetTrustOrder
|
|||
NSSToken *tok
|
||||
);
|
||||
|
||||
NSS_EXTERN PRStatus
|
||||
nssToken_NofifyCertsNotVisible
|
||||
(
|
||||
NSSToken *tok
|
||||
);
|
||||
|
||||
#endif
|
||||
|
||||
PR_END_EXTERN_C
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.4 $ $Date: 2002-04-18 17:29:54 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.5 $ $Date: 2002-04-19 23:06:39 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKEPV_H
|
||||
|
|
@ -293,6 +293,13 @@ nssSlot_IsTokenPresent
|
|||
session->handle = CK_INVALID_SESSION;
|
||||
}
|
||||
nssSession_ExitMonitor(session);
|
||||
#ifdef NSS_3_4_CODE
|
||||
if (slot->token->base.name[0] != 0) {
|
||||
/* notify the high-level cache that the token is removed */
|
||||
slot->token->base.name[0] = 0; /* XXX */
|
||||
nssToken_NofifyCertsNotVisible(slot->token);
|
||||
}
|
||||
#endif
|
||||
slot->token->base.name[0] = 0; /* XXX */
|
||||
return PR_FALSE;
|
||||
#ifdef PURE_STAN_CODE
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.13 $ $Date: 2002-04-19 16:14:13 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.14 $ $Date: 2002-04-19 23:06:41 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSS_3_4_CODE
|
||||
|
|
@ -49,6 +49,7 @@ static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.13 $ $D
|
|||
|
||||
#include "pki3hack.h"
|
||||
#include "dev3hack.h"
|
||||
#include "pkim.h"
|
||||
|
||||
#ifndef BASE_H
|
||||
#include "base.h"
|
||||
|
|
@ -230,9 +231,17 @@ nssSlot_Refresh
|
|||
)
|
||||
{
|
||||
PK11SlotInfo *nss3slot = slot->pk11slot;
|
||||
PRBool doit = PR_FALSE;
|
||||
if (slot->token->base.name[0] == 0) {
|
||||
doit = PR_TRUE;
|
||||
}
|
||||
if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
if (doit) {
|
||||
nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain,
|
||||
slot->token);
|
||||
}
|
||||
return nssToken_Refresh(slot->token);
|
||||
}
|
||||
|
||||
|
|
@ -268,25 +277,19 @@ nssToken_GetTrustDomain(NSSToken *token)
|
|||
return token->trustDomain;
|
||||
}
|
||||
|
||||
typedef enum {
|
||||
nssPK11Event_DefaultSessionRO = 0,
|
||||
nssPK11Event_DefaultSessionRW = 1
|
||||
} nssPK11Event;
|
||||
NSS_EXTERN PRStatus
|
||||
nssTrustDomain_RemoveTokenCertsFromCache
|
||||
(
|
||||
NSSTrustDomain *td,
|
||||
NSSToken *token
|
||||
);
|
||||
|
||||
NSS_IMPLEMENT PRStatus
|
||||
nssToken_Nofify
|
||||
nssToken_NofifyCertsNotVisible
|
||||
(
|
||||
NSSToken *tok,
|
||||
nssPK11Event event
|
||||
NSSToken *tok
|
||||
)
|
||||
|
||||
{
|
||||
#ifdef notdef
|
||||
switch (event) {
|
||||
default:
|
||||
return PR_FAILURE;
|
||||
}
|
||||
#endif
|
||||
return PR_FAILURE;
|
||||
return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@
|
|||
#define PKIM_H
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char PKIM_CVS_ID[] = "@(#) $RCSfile: pkim.h,v $ $Revision: 1.18 $ $Date: 2002-04-18 17:30:04 $ $Name: $";
|
||||
static const char PKIM_CVS_ID[] = "@(#) $RCSfile: pkim.h,v $ $Revision: 1.19 $ $Date: 2002-04-19 23:06:43 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef BASE_H
|
||||
|
|
@ -610,6 +610,13 @@ nssTrustDomain_RemoveTokenCertsFromCache
|
|||
NSSToken *token
|
||||
);
|
||||
|
||||
NSS_EXTERN PRStatus
|
||||
nssTrustDomain_UpdateCachedTokenCerts
|
||||
(
|
||||
NSSTrustDomain *td,
|
||||
NSSToken *token
|
||||
);
|
||||
|
||||
/*
|
||||
* Find all cached certs with this nickname (label).
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.30 $ $Date: 2002-04-18 17:52:55 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.31 $ $Date: 2002-04-19 23:06:44 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef PKIM_H
|
||||
|
|
@ -61,6 +61,8 @@ static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.30 $ $Da
|
|||
|
||||
#ifdef NSS_3_4_CODE
|
||||
#include "cert.h"
|
||||
#include "dev.h"
|
||||
#include "pki3hack.h"
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_CACHE
|
||||
|
|
@ -447,23 +449,39 @@ nssTrustDomain_FlushCache
|
|||
{
|
||||
}
|
||||
|
||||
struct token_cert_destructor {
|
||||
nssTDCertificateCache *cache;
|
||||
struct token_cert_dtor {
|
||||
NSSToken *token;
|
||||
nssTDCertificateCache *cache;
|
||||
NSSCertificate **certs;
|
||||
PRUint32 numCerts, arrSize;
|
||||
};
|
||||
|
||||
static void
|
||||
remove_token_certs(const void *k, void *v, void *a)
|
||||
{
|
||||
#if 0
|
||||
struct NSSItem *identifier = (struct NSSItem *)k;
|
||||
NSSCertificate *c = (NSSCertificate *)v;
|
||||
struct token_cert_destructor *tcd = (struct token_cert_destructor *)a;
|
||||
if (c->token == tcd->token) {
|
||||
nssHash_Remove(tcd->cache->issuerAndSN, identifier);
|
||||
/* remove from the other hashes */
|
||||
NSSCertificate *c = (NSSCertificate *)k;
|
||||
nssPKIObject *object = &c->object;
|
||||
struct token_cert_dtor *dtor = a;
|
||||
PRUint32 i;
|
||||
PZ_Lock(object->lock);
|
||||
for (i=0; i<object->numInstances; i++) {
|
||||
if (object->instances[i]->token == dtor->token) {
|
||||
nssCryptokiObject_Destroy(object->instances[i]);
|
||||
object->instances[i] = object->instances[object->numInstances-1];
|
||||
object->instances[object->numInstances-1] = NULL;
|
||||
object->numInstances--;
|
||||
dtor->certs[dtor->numCerts++] = nssCertificate_AddRef(c);
|
||||
if (dtor->numCerts == dtor->arrSize) {
|
||||
dtor->arrSize *= 2;
|
||||
dtor->certs = nss_ZREALLOCARRAY(dtor->certs,
|
||||
NSSCertificate *,
|
||||
dtor->arrSize);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
PZ_Unlock(object->lock);
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -477,12 +495,72 @@ nssTrustDomain_RemoveTokenCertsFromCache
|
|||
NSSToken *token
|
||||
)
|
||||
{
|
||||
struct token_cert_destructor tcd;
|
||||
tcd.cache = td->cache;
|
||||
tcd.token = token;
|
||||
NSSCertificate **certs;
|
||||
PRUint32 i, arrSize = 10;
|
||||
struct token_cert_dtor dtor;
|
||||
certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize);
|
||||
if (!certs) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
dtor.cache = td->cache;
|
||||
dtor.token = token;
|
||||
dtor.certs = certs;
|
||||
dtor.numCerts = 0;
|
||||
dtor.arrSize = arrSize;
|
||||
PZ_Lock(td->cache->lock);
|
||||
nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, (void *)&tcd);
|
||||
nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, (void *)&dtor);
|
||||
PZ_Unlock(td->cache->lock);
|
||||
for (i=0; i<dtor.numCerts; i++) {
|
||||
if (dtor.certs[i]->object.numInstances == 0) {
|
||||
nssTrustDomain_RemoveCertFromCache(td, dtor.certs[i]);
|
||||
} else {
|
||||
STAN_ForceCERTCertificateUpdate(dtor.certs[i]);
|
||||
}
|
||||
nssCertificate_Destroy(dtor.certs[i]);
|
||||
}
|
||||
nss_ZFreeIf(dtor.certs);
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT PRStatus
|
||||
nssTrustDomain_UpdateCachedTokenCerts
|
||||
(
|
||||
NSSTrustDomain *td,
|
||||
NSSToken *token
|
||||
)
|
||||
{
|
||||
NSSCertificate **cp, **cached = NULL;
|
||||
nssList *certList;
|
||||
PRUint32 count;
|
||||
certList = nssList_Create(NULL, PR_FALSE);
|
||||
if (!certList) return PR_FAILURE;
|
||||
(void *)nssTrustDomain_GetCertsFromCache(td, certList);
|
||||
count = nssList_Count(certList);
|
||||
if (count > 0) {
|
||||
cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
|
||||
if (!cached) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
nssList_GetArray(certList, (void **)cached, count);
|
||||
nssList_Destroy(certList);
|
||||
for (cp = cached; *cp; cp++) {
|
||||
nssCryptokiObject *instance;
|
||||
NSSCertificate *c = *cp;
|
||||
nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
|
||||
instance = nssToken_FindCertificateByIssuerAndSerialNumber(
|
||||
token,
|
||||
NULL,
|
||||
&c->issuer,
|
||||
&c->serial,
|
||||
tokenOnly,
|
||||
NULL);
|
||||
if (instance) {
|
||||
nssPKIObject_AddInstance(&c->object, instance);
|
||||
STAN_ForceCERTCertificateUpdate(c);
|
||||
}
|
||||
}
|
||||
nssCertificateArray_Destroy(cached);
|
||||
}
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче