static nssCryptokiInstance *
get_cert_instance(NSSCertificate *c)
{
nssCryptokiObject *instance, **ci;
nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
if (!instances) {
return NULL;
}
instance = NULL;
for (ci = instances; *ci; ci++) {
if (!instance) {
instance = nssCryptokiObject_Clone(*ci);
} else {
/* This only really works for two instances... But 3.4 can't
* handle more anyway. The logic is, if there are multiple
* instances, prefer the one that is not internal (e.g., on
* a hardware device.
*/
if (PK11_IsInternal(instance->token->pk11slot)) {
nssCryptokiObject_Destroy(instance);
instance = nssCryptokiObject_Clone(*ci);
}
}
}
nssCryptokiObjectArray_Destroy(instances);
return instance;
}
static NSSToken*
stan_GetTrustToken (
NSSCertificate *c
)
{
NSSToken *ttok = NULL;
NSSToken *rtok = NULL;
NSSToken *tok = NULL;
nssCryptokiObject **ip;
nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
if (!instances) {
return PR_FALSE;
}
for (ip = instances; *ip; ip++) {
nssCryptokiObject *instance = *ip;
nssCryptokiObject *to =
nssToken_FindTrustForCertificate(instance->token, NULL,
&c->encoding, &c->issuer, &c->serial,
nssTokenSearchType_TokenOnly);
NSSToken *ctok = instance->token;
PRBool ro = PK11_IsReadOnly(ctok->pk11slot);
if (to) {
nssCryptokiObject_Destroy(to);
ttok = ctok;
if (!ro) {
break;
}
} else {
if (!rtok && ro) {
rtok = ctok;
}
if (!tok && !ro) {
tok = ctok;
}
}
}
nssCryptokiObjectArray_Destroy(instances);
return ttok ? ttok : (tok ? tok : rtok);
}
NSS_IMPLEMENT PRBool
NSSCertificate_IsPrivateKeyAvailable (
NSSCertificate *c,
NSSCallback *uhh,
PRStatus *statusOpt
)
{
PRBool isUser = PR_FALSE;
nssCryptokiObject **ip;
nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
if (!instances) {
return PR_FALSE;
}
for (ip = instances; *ip; ip++) {
nssCryptokiObject *instance = *ip;
if (nssToken_IsPrivateKeyAvailable(instance->token, c, instance)) {
isUser = PR_TRUE;
}
}
nssCryptokiObjectArray_Destroy(instances);
return isUser;
}
