/* parse a single slot specific parameter */
static void
nssutil_argDecodeSingleSlotInfo(char *name, char *params,
struct NSSUTILPreSlotInfoStr *slotInfo)
{
char *askpw;
slotInfo->slotID = NSSUTIL_ArgDecodeNumber(name);
slotInfo->defaultFlags = NSSUTIL_ArgParseSlotFlags("slotFlags", params);
slotInfo->timeout = NSSUTIL_ArgReadLong("timeout", params, 0, NULL);
askpw = NSSUTIL_ArgGetParamValue("askpw", params);
slotInfo->askpw = 0;
if (askpw) {
if (PORT_Strcasecmp(askpw, "every") == 0) {
slotInfo->askpw = -1;
} else if (PORT_Strcasecmp(askpw, "timeout") == 0) {
slotInfo->askpw = 1;
}
PORT_Free(askpw);
slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS;
}
slotInfo->hasRootCerts = NSSUTIL_ArgHasFlag("rootFlags", "hasRootCerts",
params);
slotInfo->hasRootTrust = NSSUTIL_ArgHasFlag("rootFlags", "hasRootTrust",
params);
}
/*
* for 3.4 we continue to use the old SECMODModule structure
*/
SECMODModule *
SECMOD_CreateModuleEx(const char *library, const char *moduleName,
const char *parameters, const char *nss,
const char *config)
{
SECMODModule *mod;
SECStatus rv;
char *slotParams,*ciphers;
/* pk11pars.h still does not have const char * interfaces */
char *nssc = (char *)nss;
char *configc = NULL;
if (config) {
configc = PORT_Strdup(config); /* no const */
}
rv = applyCryptoPolicy(configc);
if (configc) PORT_Free(configc);
/* do not load the module if policy parsing fails */
if (rv != SECSuccess) {
return NULL;
}
mod = secmod_NewModule();
if (mod == NULL) return NULL;
mod->commonName = PORT_ArenaStrdup(mod->arena,moduleName ? moduleName : "");
if (library) {
mod->dllName = PORT_ArenaStrdup(mod->arena,library);
}
/* new field */
if (parameters) {
mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters);
}
mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc);
mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc);
mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc);
slotParams = NSSUTIL_ArgGetParamValue("slotParams",nssc);
mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena,slotParams,
&mod->slotInfoCount);
if (slotParams) PORT_Free(slotParams);
/* new field */
mod->trustOrder = NSSUTIL_ArgReadLong("trustOrder",nssc,
NSSUTIL_DEFAULT_TRUST_ORDER,NULL);
/* new field */
mod->cipherOrder = NSSUTIL_ArgReadLong("cipherOrder",nssc,
NSSUTIL_DEFAULT_CIPHER_ORDER,NULL);
/* new field */
mod->isModuleDB = NSSUTIL_ArgHasFlag("flags","moduleDB",nssc);
mod->moduleDBOnly = NSSUTIL_ArgHasFlag("flags","moduleDBOnly",nssc);
if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE;
/* we need more bits, but we also want to preserve binary compatibility
* so we overload the isModuleDB PRBool with additional flags.
* These flags are only valid if mod->isModuleDB is already set.
* NOTE: this depends on the fact that PRBool is at least a char on
* all platforms. These flags are only valid if moduleDB is set, so
* code checking if (mod->isModuleDB) will continue to work correctly. */
if (mod->isModuleDB) {
char flags = SECMOD_FLAG_MODULE_DB_IS_MODULE_DB;
if (NSSUTIL_ArgHasFlag("flags","skipFirst",nssc)) {
flags |= SECMOD_FLAG_MODULE_DB_SKIP_FIRST;
}
if (NSSUTIL_ArgHasFlag("flags","defaultModDB",nssc)) {
flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
}
/* additional moduleDB flags could be added here in the future */
mod->isModuleDB = (PRBool) flags;
}
if (mod->internal) {
char flags = SECMOD_FLAG_INTERNAL_IS_INTERNAL;
if (NSSUTIL_ArgHasFlag("flags", "internalKeySlot", nssc)) {
flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT;
}
mod->internal = (PRBool) flags;
}
ciphers = NSSUTIL_ArgGetParamValue("ciphers",nssc);
NSSUTIL_ArgParseCipherFlags(&mod->ssl[0],ciphers);
if (ciphers) PORT_Free(ciphers);
secmod_PrivateModuleCount++;
return mod;
}
