/*
* L i s t S e c M o d u l e s
*
* Print a list of the PKCS11 security modules that are
* available. This is useful for smartcard people to
* make sure they have the drivers loaded.
*
*/
SECStatus
TKS_ListSecModules( void )
{
PK11SlotList *list;
PK11SlotListElement *le;
/* get them all! */
list = PK11_GetAllTokens(
/* mechanism type */ CKM_INVALID_MECHANISM,
/* need R/W */ PR_FALSE,
/* load certs */ PR_FALSE,
/* wincx */ NULL );
if( list == NULL ) {
return SECFailure;
}
/* look at each slot */
for( le = list->head ; le ; le = le->next ) {
PR_fprintf ( PR_STDOUT,
"\n" );
PR_fprintf ( PR_STDOUT,
" slot: %s\n",
PK11_GetSlotName( /* slot */ le->slot ) );
PR_fprintf ( PR_STDOUT,
" token: %s\n",
PK11_GetTokenName( /* slot */ le->slot ) );
}
PK11_FreeSlotList( /* slot list */ list );
return SECSuccess;
}
NS_IMETHODIMP
nsPK11TokenDB::ListTokens(nsISimpleEnumerator** _retval)
{
nsNSSShutDownPreventionLock locker;
nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
if (!array) {
return NS_ERROR_FAILURE;
}
*_retval = nullptr;
UniquePK11SlotList list(
PK11_GetAllTokens(CKM_INVALID_MECHANISM, false, false, 0));
if (!list) {
return NS_ERROR_FAILURE;
}
for (PK11SlotListElement* le = PK11_GetFirstSafe(list.get()); le;
le = PK11_GetNextSafe(list.get(), le, false)) {
nsCOMPtr<nsIPK11Token> token = new nsPK11Token(le->slot);
nsresult rv = array->AppendElement(token, false);
if (NS_FAILED(rv)) {
return rv;
}
}
return array->Enumerate(_retval);
}
/* nsIEnumerator listTokens (); */
NS_IMETHODIMP nsPK11TokenDB::ListTokens(nsIEnumerator* *_retval)
{
nsNSSShutDownPreventionLock locker;
nsCOMPtr<nsISupportsArray> array;
PK11SlotList *list = 0;
PK11SlotListElement *le;
*_retval = nullptr;
nsresult rv = NS_NewISupportsArray(getter_AddRefs(array));
if (NS_FAILED(rv)) { goto done; }
/* List all tokens, creating PK11Token objects and putting them
* into the array.
*/
list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, false, false, 0);
if (!list) { rv = NS_ERROR_FAILURE; goto done; }
for (le = PK11_GetFirstSafe(list); le; le = PK11_GetNextSafe(list, le, false)) {
nsCOMPtr<nsIPK11Token> token = new nsPK11Token(le->slot);
rv = array->AppendElement(token);
if (NS_FAILED(rv)) {
PK11_FreeSlotListElement(list, le);
rv = NS_ERROR_OUT_OF_MEMORY;
goto done;
}
}
rv = array->Enumerate(_retval);
done:
if (list) PK11_FreeSlotList(list);
return rv;
}
static SECStatus nss_Init_Tokens(struct connectdata * conn)
{
PK11SlotList *slotList;
PK11SlotListElement *listEntry;
SECStatus ret, status = SECSuccess;
pphrase_arg_t *parg = NULL;
parg = (pphrase_arg_t *) malloc(sizeof(*parg));
parg->retryCount = 0;
parg->data = conn->data;
PK11_SetPasswordFunc(nss_get_password);
slotList =
PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL);
for(listEntry = PK11_GetFirstSafe(slotList);
listEntry; listEntry = listEntry->next) {
PK11SlotInfo *slot = listEntry->slot;
if(PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
if(slot == PK11_GetInternalKeySlot()) {
failf(conn->data, "The NSS database has not been initialized.\n");
}
else {
failf(conn->data, "The token %s has not been initialized.",
PK11_GetTokenName(slot));
}
PK11_FreeSlot(slot);
continue;
}
ret = PK11_Authenticate(slot, PR_TRUE, parg);
if(SECSuccess != ret) {
if (PR_GetError() == SEC_ERROR_BAD_PASSWORD)
infof(conn->data, "The password for token '%s' is incorrect\n",
PK11_GetTokenName(slot));
status = SECFailure;
break;
}
parg->retryCount = 0; /* reset counter to 0 for the next token */
PK11_FreeSlot(slot);
}
free(parg);
return status;
}
static SECStatus nss_Init_Tokens(struct connectdata * conn)
{
PK11SlotList *slotList;
PK11SlotListElement *listEntry;
SECStatus ret, status = SECSuccess;
PK11_SetPasswordFunc(nss_get_password);
slotList =
PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL);
for(listEntry = PK11_GetFirstSafe(slotList);
listEntry; listEntry = listEntry->next) {
PK11SlotInfo *slot = listEntry->slot;
if(PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
if(slot == PK11_GetInternalKeySlot()) {
failf(conn->data, "The NSS database has not been initialized");
}
else {
failf(conn->data, "The token %s has not been initialized",
PK11_GetTokenName(slot));
}
PK11_FreeSlot(slot);
continue;
}
ret = PK11_Authenticate(slot, PR_TRUE,
conn->data->set.str[STRING_KEY_PASSWD]);
if(SECSuccess != ret) {
if(PR_GetError() == SEC_ERROR_BAD_PASSWORD)
infof(conn->data, "The password for token '%s' is incorrect\n",
PK11_GetTokenName(slot));
status = SECFailure;
break;
}
PK11_FreeSlot(slot);
}
return status;
}
nsresult
GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx,
PK11SlotInfo** aSlot, nsNSSShutDownPreventionLock& /*proofOfLock*/)
{
PK11SlotList * slotList = nullptr;
char16_t** tokenNameList = nullptr;
nsITokenDialogs * dialogs;
char16_t *unicodeTokenChosen;
PK11SlotListElement *slotElement, *tmpSlot;
uint32_t numSlots = 0, i = 0;
bool canceled;
nsresult rv = NS_OK;
*aSlot = nullptr;
// Get the slot
slotList = PK11_GetAllTokens(MapGenMechToAlgoMech(aMechanism),
true, true, m_ctx);
if (!slotList || !slotList->head) {
rv = NS_ERROR_FAILURE;
goto loser;
}
if (!slotList->head->next) {
/* only one slot available, just return it */
*aSlot = slotList->head->slot;
} else {
// Gerenate a list of slots and ask the user to choose //
tmpSlot = slotList->head;
while (tmpSlot) {
numSlots++;
tmpSlot = tmpSlot->next;
}
// Allocate the slot name buffer //
tokenNameList = static_cast<char16_t**>(moz_xmalloc(sizeof(char16_t *) * numSlots));
if (!tokenNameList) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
i = 0;
slotElement = PK11_GetFirstSafe(slotList);
while (slotElement) {
tokenNameList[i] = UTF8ToNewUnicode(nsDependentCString(PK11_GetTokenName(slotElement->slot)));
slotElement = PK11_GetNextSafe(slotList, slotElement, false);
if (tokenNameList[i])
i++;
else {
// OOM. adjust numSlots so we don't free unallocated memory.
numSlots = i;
PK11_FreeSlotListElement(slotList, slotElement);
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
}
/* Throw up the token list dialog and get back the token */
rv = getNSSDialogs((void**)&dialogs,
NS_GET_IID(nsITokenDialogs),
NS_TOKENDIALOGS_CONTRACTID);
if (NS_FAILED(rv)) goto loser;
if (!tokenNameList || !*tokenNameList) {
rv = NS_ERROR_OUT_OF_MEMORY;
} else {
rv = dialogs->ChooseToken(m_ctx, (const char16_t**)tokenNameList,
numSlots, &unicodeTokenChosen, &canceled);
}
NS_RELEASE(dialogs);
if (NS_FAILED(rv)) goto loser;
if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
// Get the slot //
slotElement = PK11_GetFirstSafe(slotList);
nsAutoString tokenStr(unicodeTokenChosen);
while (slotElement) {
if (tokenStr.Equals(NS_ConvertUTF8toUTF16(PK11_GetTokenName(slotElement->slot)))) {
*aSlot = slotElement->slot;
PK11_FreeSlotListElement(slotList, slotElement);
break;
}
slotElement = PK11_GetNextSafe(slotList, slotElement, false);
}
if(!(*aSlot)) {
rv = NS_ERROR_FAILURE;
goto loser;
}
}
// Get a reference to the slot //
PK11_ReferenceSlot(*aSlot);
loser:
if (slotList) {
PK11_FreeSlotList(slotList);
}
if (tokenNameList) {
NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(numSlots, tokenNameList);
}
return rv;
}
/*
* return the certificate associated with a derCert
*/
SECItem *
PK11_FindSMimeProfile(PK11SlotInfo **slot, char *emailAddr,
SECItem *name, SECItem **profileTime)
{
CK_OBJECT_CLASS smimeClass = CKO_NETSCAPE_SMIME;
CK_ATTRIBUTE theTemplate[] = {
{ CKA_SUBJECT, NULL, 0 },
{ CKA_CLASS, NULL, 0 },
{ CKA_NETSCAPE_EMAIL, NULL, 0 },
};
CK_ATTRIBUTE smimeData[] = {
{ CKA_SUBJECT, NULL, 0 },
{ CKA_VALUE, NULL, 0 },
};
/* if you change the array, change the variable below as well */
int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
CK_OBJECT_HANDLE smimeh = CK_INVALID_HANDLE;
CK_ATTRIBUTE *attrs = theTemplate;
CK_RV crv;
SECItem *emailProfile = NULL;
if (!emailAddr || !emailAddr[0]) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
PK11_SETATTRS(attrs, CKA_SUBJECT, name->data, name->len); attrs++;
PK11_SETATTRS(attrs, CKA_CLASS, &smimeClass, sizeof(smimeClass)); attrs++;
PK11_SETATTRS(attrs, CKA_NETSCAPE_EMAIL, emailAddr, strlen(emailAddr));
attrs++;
if (*slot) {
smimeh = pk11_FindObjectByTemplate(*slot,theTemplate,tsize);
} else {
PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
PR_FALSE,PR_TRUE,NULL);
PK11SlotListElement *le;
if (!list) {
return NULL;
}
/* loop through all the slots */
for (le = list->head; le; le = le->next) {
smimeh = pk11_FindObjectByTemplate(le->slot,theTemplate,tsize);
if (smimeh != CK_INVALID_HANDLE) {
*slot = PK11_ReferenceSlot(le->slot);
break;
}
}
PK11_FreeSlotList(list);
}
if (smimeh == CK_INVALID_HANDLE) {
PORT_SetError(SEC_ERROR_NO_KRL);
return NULL;
}
if (profileTime) {
PK11_SETATTRS(smimeData, CKA_NETSCAPE_SMIME_TIMESTAMP, NULL, 0);
}
crv = PK11_GetAttributes(NULL,*slot,smimeh,smimeData,2);
if (crv != CKR_OK) {
PORT_SetError(PK11_MapError (crv));
goto loser;
}
if (!profileTime) {
SECItem profileSubject;
profileSubject.data = (unsigned char*) smimeData[0].pValue;
profileSubject.len = smimeData[0].ulValueLen;
if (!SECITEM_ItemsAreEqual(&profileSubject,name)) {
goto loser;
}
}
emailProfile = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
if (emailProfile == NULL) {
goto loser;
}
emailProfile->data = (unsigned char*) smimeData[1].pValue;
emailProfile->len = smimeData[1].ulValueLen;
if (profileTime) {
*profileTime = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
if (*profileTime) {
(*profileTime)->data = (unsigned char*) smimeData[0].pValue;
(*profileTime)->len = smimeData[0].ulValueLen;
}
}
loser:
if (emailProfile == NULL) {
if (smimeData[1].pValue) {
PORT_Free(smimeData[1].pValue);
}
}
if (profileTime == NULL || *profileTime == NULL) {
if (smimeData[0].pValue) {
PORT_Free(smimeData[0].pValue);
}
}
return emailProfile;
}
int find_slot_by_number(pkcs11_handle_t *h, unsigned int slot_num, unsigned int *slotID)
{
SECMODModule *module = h->module;
int i;
/* if module is null,
* any of the PKCS #11 modules specified in the system config
* is available, find one */
if (module == NULL) {
PK11SlotList *list;
PK11SlotListElement *le;
PK11SlotInfo *slot = NULL;
/* find a slot, we haven't specifically selected a module,
* so find an appropriate one. */
/* get them all */
list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL);
if (list == NULL) {
return -1;
}
for (le = list->head; le; le = le->next) {
CK_SLOT_INFO slInfo;
SECStatus rv;
slInfo.flags = 0;
rv = PK11_GetSlotInfo(le->slot, &slInfo);
if (rv == SECSuccess && (slInfo.flags & CKF_REMOVABLE_DEVICE)) {
slot = PK11_ReferenceSlot(le->slot);
module = SECMOD_ReferenceModule(PK11_GetModule(le->slot));
break;
}
}
PK11_FreeSlotList(list);
if (slot == NULL) {
return -1;
}
h->slot = slot;
h->module = module;
*slotID = PK11_GetSlotID(slot);
return 0;
}
/*
* we're configured with a specific module, look for a present slot
* on that module. */
if (slot_num == 0) {
/* threaded applications should also acquire the
* DefaultModuleListLock */
for (i=0; i < module->slotCount; i++) {
if (module->slots[i] && PK11_IsPresent(module->slots[i])) {
h->slot = PK11_ReferenceSlot(module->slots[i]);
*slotID = PK11_GetSlotID(h->slot);
return 0;
}
}
}
/* we're configured for a specific module and token, see if it's present */
slot_num--;
if (slot_num < module->slotCount && module->slots &&
module->slots[slot_num] && PK11_IsPresent(module->slots[slot_num])) {
h->slot = PK11_ReferenceSlot(module->slots[slot_num]);
*slotID = PK11_GetSlotID(h->slot);
return 0;
}
return -1;
}
