/*
* must be called holding the ModuleListLock (either read or write).
*/
NSS_IMPLEMENT SECStatus
STAN_RemoveModuleFromDefaultTrustDomain(
SECMODModule *module)
{
NSSToken *token;
NSSTrustDomain *td;
int i;
td = STAN_GetDefaultTrustDomain();
for (i = 0; i < module->slotCount; i++) {
token = PK11Slot_GetNSSToken(module->slots[i]);
if (token) {
nssToken_NotifyCertsNotVisible(token);
NSSRWLock_LockWrite(td->tokensLock);
nssList_Remove(td->tokenList, token);
NSSRWLock_UnlockWrite(td->tokensLock);
PK11Slot_SetNSSToken(module->slots[i], NULL);
nssToken_Destroy(token);
}
}
NSSRWLock_LockWrite(td->tokensLock);
nssListIterator_Destroy(td->tokens);
td->tokens = nssList_CreateIterator(td->tokenList);
NSSRWLock_UnlockWrite(td->tokensLock);
return SECSuccess;
}
void
ssl3_SetSIDSessionTicket(sslSessionID *sid,
/*in/out*/ NewSessionTicket *newSessionTicket)
{
PORT_Assert(sid);
PORT_Assert(newSessionTicket);
PORT_Assert(newSessionTicket->ticket.data);
PORT_Assert(newSessionTicket->ticket.len != 0);
/* if sid->u.ssl3.lock, we are updating an existing entry that is already
* cached or was once cached, so we need to acquire and release the write
* lock. Otherwise, this is a new session that isn't shared with anything
* yet, so no locking is needed.
*/
if (sid->u.ssl3.lock) {
NSSRWLock_LockWrite(sid->u.ssl3.lock);
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
PR_FALSE);
}
}
PORT_Assert(!sid->u.ssl3.locked.sessionTicket.ticket.data);
/* Do a shallow copy, moving the ticket data. */
sid->u.ssl3.locked.sessionTicket = *newSessionTicket;
newSessionTicket->ticket.data = NULL;
newSessionTicket->ticket.len = 0;
if (sid->u.ssl3.lock) {
NSSRWLock_UnlockWrite(sid->u.ssl3.lock);
}
}
NSS_IMPLEMENT PRStatus
STAN_ResetTokenInterator(NSSTrustDomain *td)
{
if (!td) {
td = g_default_trust_domain;
}
NSSRWLock_LockWrite(td->tokensLock);
nssListIterator_Destroy(td->tokens);
td->tokens = nssList_CreateIterator(td->tokenList);
NSSRWLock_UnlockWrite(td->tokensLock);
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
STAN_LoadDefaultNSS3TrustDomain (
void
)
{
NSSTrustDomain *td;
SECMODModuleList *mlp;
SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
int i;
if (g_default_trust_domain || g_default_crypto_context) {
/* Stan is already initialized or a previous shutdown failed. */
nss_SetError(NSS_ERROR_ALREADY_INITIALIZED);
return PR_FAILURE;
}
td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL);
if (!td) {
return PR_FAILURE;
}
/*
* Deadlock warning: we should never acquire the moduleLock while
* we hold the tokensLock. We can use the NSSRWLock Rank feature to
* guarrentee this. tokensLock have a higher rank than module lock.
*/
td->tokenList = nssList_Create(td->arena, PR_TRUE);
if (!td->tokenList) {
goto loser;
}
SECMOD_GetReadLock(moduleLock);
NSSRWLock_LockWrite(td->tokensLock);
for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp=mlp->next) {
for (i=0; i < mlp->module->slotCount; i++) {
STAN_InitTokenForSlotInfo(td, mlp->module->slots[i]);
}
}
td->tokens = nssList_CreateIterator(td->tokenList);
NSSRWLock_UnlockWrite(td->tokensLock);
SECMOD_ReleaseReadLock(moduleLock);
if (!td->tokens) {
goto loser;
}
g_default_crypto_context = NSSTrustDomain_CreateCryptoContext(td, NULL);
if (!g_default_crypto_context) {
goto loser;
}
g_default_trust_domain = td;
return PR_SUCCESS;
loser:
NSSTrustDomain_Destroy(td);
return PR_FAILURE;
}
NSS_IMPLEMENT PRStatus
STAN_ResetTokenInterator(NSSTrustDomain *td)
{
if (!td) {
td = g_default_trust_domain;
if (!td) {
/* we're called while still initting. slot will get added
* appropriately through normal init processes */
return PR_SUCCESS;
}
}
NSSRWLock_LockWrite(td->tokensLock);
nssListIterator_Destroy(td->tokens);
td->tokens = nssList_CreateIterator(td->tokenList);
NSSRWLock_UnlockWrite(td->tokensLock);
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot)
{
NSSToken *token;
if (!td) {
td = g_default_trust_domain;
}
token = nssToken_CreateFromPK11SlotInfo(td, slot);
PK11Slot_SetNSSToken(slot, token);
/* Don't add non-existent token to TD's token list */
if (token) {
NSSRWLock_LockWrite(td->tokensLock);
nssList_Add(td->tokenList, token);
NSSRWLock_UnlockWrite(td->tokensLock);
}
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot)
{
NSSToken *token;
if (!td) {
td = g_default_trust_domain;
if (!td) {
/* we're called while still initting. slot will get added
* appropriately through normal init processes */
return PR_SUCCESS;
}
}
token = nssToken_CreateFromPK11SlotInfo(td, slot);
PK11Slot_SetNSSToken(slot, token);
/* Don't add nonexistent token to TD's token list */
if (token) {
NSSRWLock_LockWrite(td->tokensLock);
nssList_Add(td->tokenList, token);
NSSRWLock_UnlockWrite(td->tokensLock);
}
return PR_SUCCESS;
}
