Beispiel #1
0
NS_IMETHODIMP
nsPKCS11Slot::GetStatus(uint32_t *_retval)
{
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown())
    return NS_ERROR_NOT_AVAILABLE;

  if (PK11_IsDisabled(mSlot))
    *_retval = SLOT_DISABLED;
  else if (!PK11_IsPresent(mSlot))
    *_retval = SLOT_NOT_PRESENT;
  else if (PK11_NeedLogin(mSlot) && PK11_NeedUserInit(mSlot))
    *_retval = SLOT_UNINITIALIZED;
  else if (PK11_NeedLogin(mSlot) && !PK11_IsLoggedIn(mSlot, nullptr))
    *_retval = SLOT_NOT_LOGGED_IN;
  else if (PK11_NeedLogin(mSlot))
    *_retval = SLOT_LOGGED_IN;
  else
    *_retval = SLOT_READY;
  return NS_OK;
}
Beispiel #2
0
NSS_IMPLEMENT PRBool
nssSlot_IsTokenPresent (
  NSSSlot *slot
)
{
    CK_RV ckrv;
    PRStatus nssrv;
    /* XXX */
    nssSession *session;
    CK_SLOT_INFO slotInfo;
    void *epv;
    /* permanent slots are always present unless they're disabled */
    if (nssSlot_IsPermanent(slot)) {
	return !PK11_IsDisabled(slot->pk11slot);
    }
    /* avoid repeated calls to check token status within set interval */
    if (within_token_delay_period(slot)) {
	return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
    }

    /* First obtain the slot info */
    epv = slot->epv;
    if (!epv) {
	return PR_FALSE;
    }
    nssSlot_EnterMonitor(slot);
    ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
    nssSlot_ExitMonitor(slot);
    if (ckrv != CKR_OK) {
	slot->token->base.name[0] = 0; /* XXX */
	return PR_FALSE;
    }
    slot->ckFlags = slotInfo.flags;
    /* check for the presence of the token */
    if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
	if (!slot->token) {
	    /* token was never present */
	    return PR_FALSE;
	}
	session = nssToken_GetDefaultSession(slot->token);
	if (session) {
	    nssSession_EnterMonitor(session);
	    /* token is not present */
	    if (session->handle != CK_INVALID_SESSION) {
		/* session is valid, close and invalidate it */
		CKAPI(epv)->C_CloseSession(session->handle);
		session->handle = CK_INVALID_SESSION;
	    }
	    nssSession_ExitMonitor(session);
	}
	if (slot->token->base.name[0] != 0) {
	    /* notify the high-level cache that the token is removed */
	    slot->token->base.name[0] = 0; /* XXX */
	    nssToken_NotifyCertsNotVisible(slot->token);
	}
	slot->token->base.name[0] = 0; /* XXX */
	/* clear the token cache */
	nssToken_Remove(slot->token);
	return PR_FALSE;
    }
    /* token is present, use the session info to determine if the card
     * has been removed and reinserted.
     */
    session = nssToken_GetDefaultSession(slot->token);
    if (session) {
	PRBool isPresent = PR_FALSE;
	nssSession_EnterMonitor(session);
	if (session->handle != CK_INVALID_SESSION) {
	    CK_SESSION_INFO sessionInfo;
	    ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
	    if (ckrv != CKR_OK) {
		/* session is screwy, close and invalidate it */
		CKAPI(epv)->C_CloseSession(session->handle);
		session->handle = CK_INVALID_SESSION;
	    }
	}
	isPresent = session->handle != CK_INVALID_SESSION;
	nssSession_ExitMonitor(session);
	/* token not removed, finished */
	if (isPresent)
	    return PR_TRUE;
    } 
    /* the token has been removed, and reinserted, or the slot contains
     * a token it doesn't recognize. invalidate all the old
     * information we had on this token, if we can't refresh, clear
     * the present flag */
    nssToken_NotifyCertsNotVisible(slot->token);
    nssToken_Remove(slot->token);
    /* token has been removed, need to refresh with new session */
    nssrv = nssSlot_Refresh(slot);
    if (nssrv != PR_SUCCESS) {
        slot->token->base.name[0] = 0; /* XXX */
        slot->ckFlags &= ~CKF_TOKEN_PRESENT;
        return PR_FALSE;
    }
    return PR_TRUE;
}
Beispiel #3
0
/***********************************************************************
 *
 * L i s t M o d u l e
 *
 * Lists detailed information about the named module.
 */
Error
ListModule(char *moduleName)
{
    SECMODModule *module = NULL;
    PK11SlotInfo *slot;
    int slotnum;
    CK_INFO modinfo;
    CK_SLOT_INFO slotinfo;
    CK_TOKEN_INFO tokeninfo;
    char *ciphers, *mechanisms;
    size_t reasonIdx;
    Error rv = SUCCESS;

    if (!moduleName) {
        return SUCCESS;
    }

    module = SECMOD_FindModule(moduleName);
    if (!module) {
        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
        rv = NO_SUCH_MODULE_ERR;
        goto loser;
    }

    if ((module->loaded) &&
        (PK11_GetModInfo(module, &modinfo) != SECSuccess)) {
        PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName);
        rv = MOD_INFO_ERR;
        goto loser;
    }

    /* Module info */
    PR_fprintf(PR_STDOUT,
               "\n-----------------------------------------------------------\n");
    PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName);
    if (module->internal || !module->dllName) {
        PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n");
    } else {
        PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName);
    }

    if (module->loaded) {
        PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID);
        PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription);
        PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n",
                   modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor);
        PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n",
                   modinfo.libraryVersion.major, modinfo.libraryVersion.minor);
    } else {
        PR_fprintf(PR_STDOUT, "* Module not loaded\n");
    }
    /* Get cipher and mechanism flags */
    ciphers = getStringFromFlags(module->ssl[0], cipherStrings,
                                 numCipherStrings);
    if (ciphers[0] == '\0') {
        ciphers = "None";
    }
    PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers);
    mechanisms = NULL;
    if (module->slotCount > 0) {
        mechanisms = getStringFromFlags(
            PK11_GetDefaultFlags(module->slots[0]),
            mechanismStrings, numMechanismStrings);
    }
    if ((mechanisms == NULL) || (mechanisms[0] == '\0')) {
        mechanisms = "None";
    }
    PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms);

#define PAD "  "

    /* Loop over each slot */
    for (slotnum = 0; slotnum < module->slotCount; slotnum++) {
        slot = module->slots[slotnum];
        if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) {
            PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR],
                       PK11_GetSlotName(slot));
            rv = SLOT_INFO_ERR;
            continue;
        }

        /* Slot Info */
        PR_fprintf(PR_STDOUT, "\n" PAD "Slot: %s\n", PK11_GetSlotName(slot));
        mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot),
                                        mechanismStrings, numMechanismStrings);
        if (mechanisms[0] == '\0') {
            mechanisms = "None";
        }
        PR_fprintf(PR_STDOUT, PAD "Slot Mechanism Flags: %s\n", mechanisms);
        PR_fprintf(PR_STDOUT, PAD "Manufacturer: %.32s\n",
                   slotinfo.manufacturerID);
        if (PK11_IsHW(slot)) {
            PR_fprintf(PR_STDOUT, PAD "Type: Hardware\n");
        } else {
            PR_fprintf(PR_STDOUT, PAD "Type: Software\n");
        }
        PR_fprintf(PR_STDOUT, PAD "Version Number: %d.%d\n",
                   slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor);
        PR_fprintf(PR_STDOUT, PAD "Firmware Version: %d.%d\n",
                   slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
        if (PK11_IsDisabled(slot)) {
            reasonIdx = PK11_GetDisabledReason(slot);
            if (reasonIdx < numDisableReasonStr) {
                PR_fprintf(PR_STDOUT, PAD "Status: DISABLED (%s)\n",
                           disableReasonStr[reasonIdx]);
            } else {
                PR_fprintf(PR_STDOUT, PAD "Status: DISABLED\n");
            }
        } else {
            PR_fprintf(PR_STDOUT, PAD "Status: Enabled\n");
        }

        if (PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) {
            PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR],
                       PK11_GetTokenName(slot));
            rv = TOKEN_INFO_ERR;
            continue;
        }

        /* Token Info */
        PR_fprintf(PR_STDOUT, PAD "Token Name: %.32s\n",
                   tokeninfo.label);
        PR_fprintf(PR_STDOUT, PAD "Token Manufacturer: %.32s\n",
                   tokeninfo.manufacturerID);
        PR_fprintf(PR_STDOUT, PAD "Token Model: %.16s\n", tokeninfo.model);
        PR_fprintf(PR_STDOUT, PAD "Token Serial Number: %.16s\n",
                   tokeninfo.serialNumber);
        PR_fprintf(PR_STDOUT, PAD "Token Version: %d.%d\n",
                   tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor);
        PR_fprintf(PR_STDOUT, PAD "Token Firmware Version: %d.%d\n",
                   tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor);
        if (tokeninfo.flags & CKF_WRITE_PROTECTED) {
            PR_fprintf(PR_STDOUT, PAD "Access: Write Protected\n");
        } else {
            PR_fprintf(PR_STDOUT, PAD "Access: NOT Write Protected\n");
        }
        if (tokeninfo.flags & CKF_LOGIN_REQUIRED) {
            PR_fprintf(PR_STDOUT, PAD "Login Type: Login required\n");
        } else {
            PR_fprintf(PR_STDOUT, PAD
                       "Login Type: Public (no login required)\n");
        }
        if (tokeninfo.flags & CKF_USER_PIN_INITIALIZED) {
            PR_fprintf(PR_STDOUT, PAD "User Pin: Initialized\n");
        } else {
            PR_fprintf(PR_STDOUT, PAD "User Pin: NOT Initialized\n");
        }
    }
    PR_fprintf(PR_STDOUT,
               "\n-----------------------------------------------------------\n");
loser:
    if (module) {
        SECMOD_DestroyModule(module);
    }
    return rv;
}