2001-07-20 00:41:38 +04:00
|
|
|
/*
|
|
|
|
* The contents of this file are subject to the Mozilla Public
|
|
|
|
* License Version 1.1 (the "License"); you may not use this file
|
|
|
|
* except in compliance with the License. You may obtain a copy of
|
|
|
|
* the License at http://www.mozilla.org/MPL/
|
|
|
|
*
|
|
|
|
* Software distributed under the License is distributed on an "AS
|
|
|
|
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
|
|
* implied. See the License for the specific language governing
|
|
|
|
* rights and limitations under the License.
|
|
|
|
*
|
|
|
|
* The Original Code is the Netscape security libraries.
|
|
|
|
*
|
|
|
|
* The Initial Developer of the Original Code is Netscape
|
|
|
|
* Communications Corporation. Portions created by Netscape are
|
|
|
|
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
|
|
|
* Rights Reserved.
|
|
|
|
*
|
|
|
|
* Contributor(s):
|
|
|
|
*
|
|
|
|
* Alternatively, the contents of this file may be used under the
|
|
|
|
* terms of the GNU General Public License Version 2 or later (the
|
|
|
|
* "GPL"), in which case the provisions of the GPL are applicable
|
|
|
|
* instead of those above. If you wish to allow use of your
|
|
|
|
* version of this file only under the terms of the GPL and not to
|
|
|
|
* allow others to use your version of this file under the MPL,
|
|
|
|
* indicate your decision by deleting the provisions above and
|
|
|
|
* replace them with the notice and other provisions required by
|
|
|
|
* the GPL. If you do not delete the provisions above, a recipient
|
|
|
|
* may use your version of this file under either the MPL or the
|
|
|
|
* GPL.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
2001-10-11 22:40:34 +04:00
|
|
|
static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.7 $ $Date: 2001-10-11 18:40:34 $ $Name: $";
|
2001-07-20 00:41:38 +04:00
|
|
|
#endif /* DEBUG */
|
|
|
|
|
|
|
|
#ifndef NSSPKI_H
|
|
|
|
#include "nsspki.h"
|
|
|
|
#endif /* NSSPKI_H */
|
|
|
|
|
2001-10-11 20:34:49 +04:00
|
|
|
#ifndef PKI_H
|
|
|
|
#include "pki.h"
|
|
|
|
#endif /* PKI_H */
|
|
|
|
|
|
|
|
#ifndef PKIM_H
|
|
|
|
#include "pkim.h"
|
|
|
|
#endif /* PKIM_H */
|
2001-09-14 02:16:22 +04:00
|
|
|
|
|
|
|
#ifndef DEV_H
|
|
|
|
#include "dev.h"
|
|
|
|
#endif /* DEV_H */
|
|
|
|
|
2001-09-20 01:49:52 +04:00
|
|
|
#ifndef CKHELPER_H
|
|
|
|
#include "ckhelper.h"
|
|
|
|
#endif /* CKHELPER_H */
|
|
|
|
|
2001-10-11 20:34:49 +04:00
|
|
|
#define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
|
|
|
|
|
|
|
|
NSS_EXTERN PRStatus
|
|
|
|
nssTrustDomain_InitializeCache
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
PRUint32 cacheSize
|
|
|
|
);
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSTrustDomain *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_Create
|
|
|
|
(
|
|
|
|
NSSUTF8 *moduleOpt,
|
|
|
|
NSSUTF8 *uriOpt,
|
|
|
|
NSSUTF8 *opaqueOpt,
|
|
|
|
void *reserved
|
|
|
|
)
|
|
|
|
{
|
2001-09-14 02:16:22 +04:00
|
|
|
NSSArena *arena;
|
|
|
|
NSSTrustDomain *rvTD;
|
|
|
|
arena = NSSArena_Create();
|
|
|
|
if(!arena) {
|
|
|
|
return (NSSTrustDomain *)NULL;
|
|
|
|
}
|
|
|
|
rvTD = nss_ZNEW(arena, NSSTrustDomain);
|
|
|
|
if (!rvTD) {
|
2001-09-21 00:40:03 +04:00
|
|
|
goto loser;
|
|
|
|
}
|
2001-09-14 02:16:22 +04:00
|
|
|
rvTD->arena = arena;
|
2001-09-19 00:55:01 +04:00
|
|
|
rvTD->refCount = 1;
|
2001-10-11 20:34:49 +04:00
|
|
|
nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
|
2001-09-14 02:16:22 +04:00
|
|
|
return rvTD;
|
2001-09-21 00:40:03 +04:00
|
|
|
loser:
|
|
|
|
nssArena_Destroy(arena);
|
|
|
|
return (NSSTrustDomain *)NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
token_destructor(void *tok)
|
|
|
|
{
|
|
|
|
(void)nssToken_Destroy((NSSToken *)tok);
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_Destroy
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td
|
|
|
|
)
|
|
|
|
{
|
2001-09-19 00:55:01 +04:00
|
|
|
if (--td->refCount == 0) {
|
2001-10-11 20:34:49 +04:00
|
|
|
/* Destroy each token in the list of tokens */
|
|
|
|
if (td->tokens) {
|
|
|
|
nssList_DestroyElements(td->tokenList, token_destructor);
|
2001-09-21 00:40:03 +04:00
|
|
|
}
|
|
|
|
/* Destroy the trust domain */
|
2001-09-19 00:55:01 +04:00
|
|
|
nssArena_Destroy(td->arena);
|
|
|
|
}
|
|
|
|
return PR_SUCCESS;
|
2001-07-20 00:41:38 +04:00
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_SetDefaultCallback
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSCallback *newCallback,
|
|
|
|
NSSCallback **oldCallbackOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return PR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCallback *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_GetDefaultCallback
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
PRStatus *statusOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_LoadModule
|
|
|
|
(
|
2001-09-14 02:16:22 +04:00
|
|
|
NSSTrustDomain *td,
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSUTF8 *moduleOpt,
|
|
|
|
NSSUTF8 *uriOpt,
|
|
|
|
NSSUTF8 *opaqueOpt,
|
|
|
|
void *reserved
|
|
|
|
)
|
|
|
|
{
|
2001-10-11 20:34:49 +04:00
|
|
|
return PR_FAILURE;
|
2001-07-20 00:41:38 +04:00
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_DisableToken
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSToken *token,
|
|
|
|
NSSError why
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return PR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_EnableToken
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSToken *token
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return PR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_IsTokenEnabled
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSToken *token,
|
|
|
|
NSSError *whyOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return PR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSSlot *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindSlotByName
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *slotName
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSToken *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindTokenByName
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *tokenName
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSToken *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindTokenBySlotName
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *slotName
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSToken *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindTokenForAlgorithm
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSOID *algorithm
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSToken *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindBestTokenForAlgorithms
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSOID *algorithms[], /* may be null-terminated */
|
|
|
|
PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_Login
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSCallback *uhhOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return PR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_Logout
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return PR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_ImportCertificate
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSCertificate *c
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_ImportPKIXCertificate
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
/* declared as a struct until these "data types" are defined */
|
|
|
|
struct NSSPKIXCertificateStr *pc
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_ImportEncodedCertificate
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSBER *ber
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate **
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_ImportEncodedCertificateChain
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSBER *ber,
|
|
|
|
NSSCertificate *rvOpt[],
|
|
|
|
PRUint32 maximumOpt, /* 0 for no max */
|
|
|
|
NSSArena *arenaOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSPrivateKey *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_ImportEncodedPrivateKey
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSBER *ber,
|
|
|
|
NSSItem *passwordOpt, /* NULL will cause a callback */
|
|
|
|
NSSCallback *uhhOpt,
|
|
|
|
NSSToken *destination
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSPublicKey *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_ImportEncodedPublicKey
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSBER *ber
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-10-11 20:34:49 +04:00
|
|
|
struct get_best_cert_arg_str {
|
|
|
|
NSSTrustDomain *td;
|
|
|
|
NSSCertificate *cert;
|
|
|
|
NSSTime *time;
|
|
|
|
NSSUsage *usage;
|
|
|
|
NSSPolicies *policies;
|
|
|
|
};
|
|
|
|
|
|
|
|
static PRStatus
|
|
|
|
get_best_cert(NSSCertificate *c, void *arg)
|
|
|
|
{
|
|
|
|
struct get_best_cert_arg_str *best = (struct get_best_cert_arg_str *)arg;
|
|
|
|
if (!best->cert) {
|
|
|
|
/* This is the first matching cert found, so it is the best so far */
|
|
|
|
best->cert = c;
|
|
|
|
return PR_SUCCESS;
|
|
|
|
}
|
|
|
|
/* usage */
|
|
|
|
/* time */
|
|
|
|
/* policies */
|
|
|
|
return PR_SUCCESS;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindBestCertificateByNickname
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *name,
|
|
|
|
NSSTime *timeOpt, /* NULL for "now" */
|
|
|
|
NSSUsage *usage,
|
|
|
|
NSSPolicies *policiesOpt /* NULL for none */
|
|
|
|
)
|
|
|
|
{
|
2001-10-11 20:34:49 +04:00
|
|
|
PRStatus nssrv;
|
|
|
|
NSSToken *tok;
|
|
|
|
CK_ATTRIBUTE cert_template[] =
|
|
|
|
{
|
2001-10-11 22:40:34 +04:00
|
|
|
{ CKA_CLASS, NULL, 0 },
|
|
|
|
{ CKA_LABEL, NULL, 0 }
|
2001-10-11 20:34:49 +04:00
|
|
|
};
|
|
|
|
struct get_best_cert_arg_str best;
|
|
|
|
CK_ULONG ctsize;
|
|
|
|
ctsize = (CK_ULONG)(sizeof(cert_template) / sizeof(cert_template[0]));
|
2001-10-11 22:40:34 +04:00
|
|
|
NSS_CK_SET_ATTRIBUTE_ITEM(cert_template, 0, &g_ck_class_cert);
|
2001-10-11 20:34:49 +04:00
|
|
|
cert_template[1].pValue = (CK_VOID_PTR)name;
|
|
|
|
cert_template[1].ulValueLen = (CK_ULONG)nssUTF8_Length(name, &nssrv);
|
|
|
|
best.td = td;
|
|
|
|
best.cert = NULL;
|
|
|
|
best.time = (timeOpt) ? timeOpt : NSSTime_Now(NULL);
|
|
|
|
best.usage = usage;
|
|
|
|
best.policies = policiesOpt;
|
|
|
|
/* This will really be done through the search order, probably a
|
|
|
|
* token array
|
|
|
|
*/
|
|
|
|
for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
|
|
|
|
tok != (NSSToken *)NULL;
|
|
|
|
tok = (NSSToken *)nssListIterator_Next(td->tokens))
|
|
|
|
{
|
|
|
|
nssrv = nssToken_FindCertificatesByTemplate(tok, NULL,
|
|
|
|
cert_template, ctsize,
|
|
|
|
get_best_cert, &best);
|
|
|
|
/* This is to workaround the fact that PKCS#11 doesn't specify
|
|
|
|
* whether the '\0' should be included. XXX Is that still true?
|
|
|
|
*/
|
|
|
|
cert_template[1].ulValueLen++;
|
|
|
|
nssrv = nssToken_FindCertificatesByTemplate(tok, NULL,
|
|
|
|
cert_template, ctsize,
|
|
|
|
get_best_cert, &best);
|
|
|
|
cert_template[1].ulValueLen--;
|
|
|
|
}
|
|
|
|
nssListIterator_Finish(td->tokens);
|
|
|
|
return best.cert;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct collect_arg_str {
|
|
|
|
nssList *list;
|
|
|
|
PRUint32 maximum;
|
|
|
|
NSSArena *arena;
|
|
|
|
};
|
|
|
|
|
|
|
|
extern const NSSError NSS_ERROR_MAXIMUM_FOUND;
|
|
|
|
|
|
|
|
static PRStatus
|
|
|
|
collect_certs(NSSCertificate *c, void *arg)
|
|
|
|
{
|
|
|
|
struct collect_arg_str *ca = (struct collect_arg_str *)arg;
|
|
|
|
/* Add the cert to the return list */
|
|
|
|
nssList_Add(ca->list, (void *)c);
|
|
|
|
if (ca->maximum > 0 && nssList_Count(ca->list) >= ca->maximum) {
|
|
|
|
/* signal the end of collection) */
|
|
|
|
nss_SetError(NSS_ERROR_MAXIMUM_FOUND);
|
|
|
|
return PR_FAILURE;
|
|
|
|
}
|
|
|
|
return PR_SUCCESS;
|
2001-07-20 00:41:38 +04:00
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate **
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindCertificatesByNickname
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *name,
|
|
|
|
NSSCertificate *rvOpt[],
|
|
|
|
PRUint32 maximumOpt, /* 0 for no max */
|
|
|
|
NSSArena *arenaOpt
|
|
|
|
)
|
|
|
|
{
|
2001-09-20 01:49:52 +04:00
|
|
|
PRStatus nssrv;
|
2001-10-11 20:34:49 +04:00
|
|
|
PRUint32 count;
|
2001-09-20 01:49:52 +04:00
|
|
|
NSSCertificate **certs;
|
2001-09-21 00:40:03 +04:00
|
|
|
NSSToken *tok;
|
|
|
|
nssList *foundCerts;
|
2001-09-20 01:49:52 +04:00
|
|
|
CK_ATTRIBUTE cert_template[] =
|
|
|
|
{
|
2001-10-11 22:40:34 +04:00
|
|
|
{ CKA_CLASS, NULL, 0 },
|
|
|
|
{ CKA_LABEL, NULL, 0 }
|
2001-09-20 01:49:52 +04:00
|
|
|
};
|
2001-10-11 20:34:49 +04:00
|
|
|
struct collect_arg_str ca;
|
2001-09-20 01:49:52 +04:00
|
|
|
CK_ULONG ctsize;
|
|
|
|
ctsize = (CK_ULONG)(sizeof(cert_template) / sizeof(cert_template[0]));
|
2001-10-11 22:40:34 +04:00
|
|
|
NSS_CK_SET_ATTRIBUTE_ITEM(cert_template, 0, &g_ck_class_cert);
|
2001-09-20 01:49:52 +04:00
|
|
|
cert_template[1].pValue = (CK_VOID_PTR)name;
|
|
|
|
cert_template[1].ulValueLen = (CK_ULONG)nssUTF8_Length(name, &nssrv);
|
2001-09-21 00:40:03 +04:00
|
|
|
foundCerts = nssList_Create(NULL, PR_FALSE);
|
2001-10-11 20:34:49 +04:00
|
|
|
ca.list = foundCerts;
|
|
|
|
ca.maximum = maximumOpt;
|
|
|
|
ca.arena = arenaOpt;
|
2001-09-21 00:40:03 +04:00
|
|
|
/* This will really be done through the search order, probably a
|
|
|
|
* token array
|
|
|
|
*/
|
2001-10-11 20:34:49 +04:00
|
|
|
for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
|
|
|
|
tok != (NSSToken *)NULL;
|
|
|
|
tok = (NSSToken *)nssListIterator_Next(td->tokens))
|
2001-09-21 00:40:03 +04:00
|
|
|
{
|
2001-10-11 20:34:49 +04:00
|
|
|
nssrv = nssToken_FindCertificatesByTemplate(tok, NULL,
|
|
|
|
cert_template, ctsize,
|
|
|
|
collect_certs, &ca);
|
|
|
|
/* This is to workaround the fact that PKCS#11 doesn't specify
|
|
|
|
* whether the '\0' should be included. XXX Is that still true?
|
|
|
|
*/
|
|
|
|
cert_template[1].ulValueLen++;
|
|
|
|
nssrv = nssToken_FindCertificatesByTemplate(tok, NULL,
|
|
|
|
cert_template, ctsize,
|
|
|
|
collect_certs, &ca);
|
|
|
|
cert_template[1].ulValueLen--;
|
2001-09-21 00:40:03 +04:00
|
|
|
}
|
2001-10-11 20:34:49 +04:00
|
|
|
nssListIterator_Finish(td->tokens);
|
|
|
|
count = nssList_Count(foundCerts);
|
2001-09-21 00:40:03 +04:00
|
|
|
if (rvOpt) {
|
|
|
|
certs = rvOpt;
|
|
|
|
} else {
|
|
|
|
certs = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, count + 1);
|
2001-09-20 01:49:52 +04:00
|
|
|
}
|
2001-09-21 00:40:03 +04:00
|
|
|
nssrv = nssList_GetArray(foundCerts, (void **)certs, count);
|
|
|
|
nssList_Destroy(foundCerts);
|
2001-09-20 01:49:52 +04:00
|
|
|
return certs;
|
2001-07-20 00:41:38 +04:00
|
|
|
}
|
|
|
|
|
2001-10-11 20:34:49 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
|
|
|
nssTrustDomain_FindCertificateByIdentifier
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSItem *identifier
|
|
|
|
)
|
|
|
|
{
|
|
|
|
NSSCertificate *rvCert;
|
|
|
|
/* Try the cache */
|
|
|
|
rvCert = nssTrustDomain_GetCertForIdentifierFromCache(td, identifier);
|
|
|
|
if (!rvCert) {
|
|
|
|
/* uh, how to look up by id in PKCS#11? */
|
|
|
|
rvCert = NULL;
|
|
|
|
}
|
|
|
|
return rvCert;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSDER *issuer,
|
|
|
|
NSSDER *serialNumber
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindBestCertificateBySubject
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *subject,
|
|
|
|
NSSTime *timeOpt,
|
|
|
|
NSSUsage *usage,
|
|
|
|
NSSPolicies *policiesOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate **
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindCertificatesBySubject
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *subject,
|
|
|
|
NSSCertificate *rvOpt[],
|
|
|
|
PRUint32 maximumOpt, /* 0 for no max */
|
|
|
|
NSSArena *arenaOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindBestCertificateByNameComponents
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *nameComponents,
|
|
|
|
NSSTime *timeOpt,
|
|
|
|
NSSUsage *usage,
|
|
|
|
NSSPolicies *policiesOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate **
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindCertificatesByNameComponents
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *nameComponents,
|
|
|
|
NSSCertificate *rvOpt[],
|
|
|
|
PRUint32 maximumOpt, /* 0 for no max */
|
|
|
|
NSSArena *arenaOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindCertificateByEncodedCertificate
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSBER *encodedCertificate
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindCertificateByEmail
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSASCII7 *email,
|
|
|
|
NSSTime *timeOpt,
|
|
|
|
NSSUsage *usage,
|
|
|
|
NSSPolicies *policiesOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate **
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindCertificatesByEmail
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSASCII7 *email,
|
|
|
|
NSSCertificate *rvOpt[],
|
|
|
|
PRUint32 maximumOpt, /* 0 for no max */
|
|
|
|
NSSArena *arenaOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindCertificateByOCSPHash
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSItem *hash
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindBestUserCertificate
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSTime *timeOpt,
|
|
|
|
NSSUsage *usage,
|
|
|
|
NSSPolicies *policiesOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate **
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindUserCertificates
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSTime *timeOpt,
|
|
|
|
NSSUsage *usageOpt,
|
|
|
|
NSSPolicies *policiesOpt,
|
|
|
|
NSSCertificate **rvOpt,
|
|
|
|
PRUint32 rvLimit, /* zero for no limit */
|
|
|
|
NSSArena *arenaOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *sslHostOpt,
|
|
|
|
NSSDER *rootCAsOpt[], /* null pointer for none */
|
|
|
|
PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
|
|
|
|
NSSAlgorithmAndParameters *apOpt,
|
|
|
|
NSSPolicies *policiesOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate **
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindUserCertificatesForSSLClientAuth
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSUTF8 *sslHostOpt,
|
|
|
|
NSSDER *rootCAsOpt[], /* null pointer for none */
|
|
|
|
PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
|
|
|
|
NSSAlgorithmAndParameters *apOpt,
|
|
|
|
NSSPolicies *policiesOpt,
|
|
|
|
NSSCertificate **rvOpt,
|
|
|
|
PRUint32 rvLimit, /* zero for no limit */
|
|
|
|
NSSArena *arenaOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindBestUserCertificateForEmailSigning
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSASCII7 *signerOpt,
|
|
|
|
NSSASCII7 *recipientOpt,
|
|
|
|
/* anything more here? */
|
|
|
|
NSSAlgorithmAndParameters *apOpt,
|
|
|
|
NSSPolicies *policiesOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCertificate **
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindUserCertificatesForEmailSigning
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSASCII7 *signerOpt,
|
|
|
|
NSSASCII7 *recipientOpt,
|
|
|
|
/* anything more here? */
|
|
|
|
NSSAlgorithmAndParameters *apOpt,
|
|
|
|
NSSPolicies *policiesOpt,
|
|
|
|
NSSCertificate **rvOpt,
|
|
|
|
PRUint32 rvLimit, /* zero for no limit */
|
|
|
|
NSSArena *arenaOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
2001-09-14 02:16:22 +04:00
|
|
|
|
|
|
|
NSS_IMPLEMENT PRStatus *
|
|
|
|
NSSTrustDomain_TraverseCertificates
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
PRStatus (*callback)(NSSCertificate *c, void *arg),
|
|
|
|
void *arg
|
|
|
|
)
|
|
|
|
{
|
2001-10-11 20:34:49 +04:00
|
|
|
return NULL;
|
2001-09-14 02:16:22 +04:00
|
|
|
}
|
2001-07-20 00:41:38 +04:00
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT PRStatus
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_GenerateKeyPair
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSAlgorithmAndParameters *ap,
|
|
|
|
NSSPrivateKey **pvkOpt,
|
|
|
|
NSSPublicKey **pbkOpt,
|
|
|
|
PRBool privateKeyIsSensitive,
|
|
|
|
NSSToken *destination,
|
|
|
|
NSSCallback *uhhOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return PR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSSymmetricKey *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_GenerateSymmetricKey
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSAlgorithmAndParameters *ap,
|
|
|
|
PRUint32 keysize,
|
|
|
|
NSSToken *destination,
|
|
|
|
NSSCallback *uhhOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSSymmetricKey *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_GenerateSymmetricKeyFromPassword
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSAlgorithmAndParameters *ap,
|
|
|
|
NSSUTF8 *passwordOpt, /* if null, prompt */
|
|
|
|
NSSToken *destinationOpt,
|
|
|
|
NSSCallback *uhhOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSSymmetricKey *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSOID *algorithm,
|
|
|
|
NSSItem *keyID,
|
|
|
|
NSSCallback *uhhOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCryptoContext *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_CreateCryptoContext
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSCallback *uhhOpt
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCryptoContext *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_CreateCryptoContextForAlgorithm
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSOID *algorithm
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-09-14 02:16:22 +04:00
|
|
|
NSS_IMPLEMENT NSSCryptoContext *
|
2001-07-20 00:41:38 +04:00
|
|
|
NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
|
|
|
|
(
|
|
|
|
NSSTrustDomain *td,
|
|
|
|
NSSAlgorithmAndParameters *ap
|
|
|
|
)
|
|
|
|
{
|
|
|
|
nss_SetError(NSS_ERROR_NOT_FOUND);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|