/*
* must be called holding the ModuleListLock (either read or write).
*/
NSS_IMPLEMENT SECStatus
STAN_RemoveModuleFromDefaultTrustDomain(
SECMODModule *module)
{
NSSToken *token;
NSSTrustDomain *td;
int i;
td = STAN_GetDefaultTrustDomain();
for (i = 0; i < module->slotCount; i++) {
token = PK11Slot_GetNSSToken(module->slots[i]);
if (token) {
nssToken_NotifyCertsNotVisible(token);
NSSRWLock_LockWrite(td->tokensLock);
nssList_Remove(td->tokenList, token);
NSSRWLock_UnlockWrite(td->tokensLock);
PK11Slot_SetNSSToken(module->slots[i], NULL);
nssToken_Destroy(token);
}
}
NSSRWLock_LockWrite(td->tokensLock);
nssListIterator_Destroy(td->tokens);
td->tokens = nssList_CreateIterator(td->tokenList);
NSSRWLock_UnlockWrite(td->tokensLock);
return SECSuccess;
}
NSS_IMPLEMENT PRBool
nssSlot_IsTokenPresent (
NSSSlot *slot
)
{
CK_RV ckrv;
PRStatus nssrv;
/* XXX */
nssSession *session;
CK_SLOT_INFO slotInfo;
void *epv;
/* permanent slots are always present unless they're disabled */
if (nssSlot_IsPermanent(slot)) {
return !PK11_IsDisabled(slot->pk11slot);
}
/* avoid repeated calls to check token status within set interval */
if (within_token_delay_period(slot)) {
return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
}
/* First obtain the slot info */
epv = slot->epv;
if (!epv) {
return PR_FALSE;
}
nssSlot_EnterMonitor(slot);
ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
nssSlot_ExitMonitor(slot);
if (ckrv != CKR_OK) {
slot->token->base.name[0] = 0; /* XXX */
return PR_FALSE;
}
slot->ckFlags = slotInfo.flags;
/* check for the presence of the token */
if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
if (!slot->token) {
/* token was never present */
return PR_FALSE;
}
session = nssToken_GetDefaultSession(slot->token);
if (session) {
nssSession_EnterMonitor(session);
/* token is not present */
if (session->handle != CK_INVALID_SESSION) {
/* session is valid, close and invalidate it */
CKAPI(epv)->C_CloseSession(session->handle);
session->handle = CK_INVALID_SESSION;
}
nssSession_ExitMonitor(session);
}
if (slot->token->base.name[0] != 0) {
/* notify the high-level cache that the token is removed */
slot->token->base.name[0] = 0; /* XXX */
nssToken_NotifyCertsNotVisible(slot->token);
}
slot->token->base.name[0] = 0; /* XXX */
/* clear the token cache */
nssToken_Remove(slot->token);
return PR_FALSE;
}
/* token is present, use the session info to determine if the card
* has been removed and reinserted.
*/
session = nssToken_GetDefaultSession(slot->token);
if (session) {
PRBool isPresent = PR_FALSE;
nssSession_EnterMonitor(session);
if (session->handle != CK_INVALID_SESSION) {
CK_SESSION_INFO sessionInfo;
ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
if (ckrv != CKR_OK) {
/* session is screwy, close and invalidate it */
CKAPI(epv)->C_CloseSession(session->handle);
session->handle = CK_INVALID_SESSION;
}
}
isPresent = session->handle != CK_INVALID_SESSION;
nssSession_ExitMonitor(session);
/* token not removed, finished */
if (isPresent)
return PR_TRUE;
}
/* the token has been removed, and reinserted, or the slot contains
* a token it doesn't recognize. invalidate all the old
* information we had on this token, if we can't refresh, clear
* the present flag */
nssToken_NotifyCertsNotVisible(slot->token);
nssToken_Remove(slot->token);
/* token has been removed, need to refresh with new session */
nssrv = nssSlot_Refresh(slot);
if (nssrv != PR_SUCCESS) {
slot->token->base.name[0] = 0; /* XXX */
slot->ckFlags &= ~CKF_TOKEN_PRESENT;
return PR_FALSE;
}
return PR_TRUE;
}