static nssCryptokiInstance * get_cert_instance(NSSCertificate *c) { nssCryptokiObject *instance, **ci; nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); if (!instances) { return NULL; } instance = NULL; for (ci = instances; *ci; ci++) { if (!instance) { instance = nssCryptokiObject_Clone(*ci); } else { /* This only really works for two instances... But 3.4 can't * handle more anyway. The logic is, if there are multiple * instances, prefer the one that is not internal (e.g., on * a hardware device. */ if (PK11_IsInternal(instance->token->pk11slot)) { nssCryptokiObject_Destroy(instance); instance = nssCryptokiObject_Clone(*ci); } } } nssCryptokiObjectArray_Destroy(instances); return instance; }
static NSSToken* stan_GetTrustToken ( NSSCertificate *c ) { NSSToken *ttok = NULL; NSSToken *rtok = NULL; NSSToken *tok = NULL; nssCryptokiObject **ip; nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); if (!instances) { return PR_FALSE; } for (ip = instances; *ip; ip++) { nssCryptokiObject *instance = *ip; nssCryptokiObject *to = nssToken_FindTrustForCertificate(instance->token, NULL, &c->encoding, &c->issuer, &c->serial, nssTokenSearchType_TokenOnly); NSSToken *ctok = instance->token; PRBool ro = PK11_IsReadOnly(ctok->pk11slot); if (to) { nssCryptokiObject_Destroy(to); ttok = ctok; if (!ro) { break; } } else { if (!rtok && ro) { rtok = ctok; } if (!tok && !ro) { tok = ctok; } } } nssCryptokiObjectArray_Destroy(instances); return ttok ? ttok : (tok ? tok : rtok); }
NSS_IMPLEMENT PRBool NSSCertificate_IsPrivateKeyAvailable ( NSSCertificate *c, NSSCallback *uhh, PRStatus *statusOpt ) { PRBool isUser = PR_FALSE; nssCryptokiObject **ip; nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); if (!instances) { return PR_FALSE; } for (ip = instances; *ip; ip++) { nssCryptokiObject *instance = *ip; if (nssToken_IsPrivateKeyAvailable(instance->token, c, instance)) { isUser = PR_TRUE; } } nssCryptokiObjectArray_Destroy(instances); return isUser; }