/* * L i s t S e c M o d u l e s * * Print a list of the PKCS11 security modules that are * available. This is useful for smartcard people to * make sure they have the drivers loaded. * */ SECStatus TKS_ListSecModules( void ) { PK11SlotList *list; PK11SlotListElement *le; /* get them all! */ list = PK11_GetAllTokens( /* mechanism type */ CKM_INVALID_MECHANISM, /* need R/W */ PR_FALSE, /* load certs */ PR_FALSE, /* wincx */ NULL ); if( list == NULL ) { return SECFailure; } /* look at each slot */ for( le = list->head ; le ; le = le->next ) { PR_fprintf ( PR_STDOUT, "\n" ); PR_fprintf ( PR_STDOUT, " slot: %s\n", PK11_GetSlotName( /* slot */ le->slot ) ); PR_fprintf ( PR_STDOUT, " token: %s\n", PK11_GetTokenName( /* slot */ le->slot ) ); } PK11_FreeSlotList( /* slot list */ list ); return SECSuccess; }
NS_IMETHODIMP nsPK11TokenDB::ListTokens(nsISimpleEnumerator** _retval) { nsNSSShutDownPreventionLock locker; nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID); if (!array) { return NS_ERROR_FAILURE; } *_retval = nullptr; UniquePK11SlotList list( PK11_GetAllTokens(CKM_INVALID_MECHANISM, false, false, 0)); if (!list) { return NS_ERROR_FAILURE; } for (PK11SlotListElement* le = PK11_GetFirstSafe(list.get()); le; le = PK11_GetNextSafe(list.get(), le, false)) { nsCOMPtr<nsIPK11Token> token = new nsPK11Token(le->slot); nsresult rv = array->AppendElement(token, false); if (NS_FAILED(rv)) { return rv; } } return array->Enumerate(_retval); }
/* nsIEnumerator listTokens (); */ NS_IMETHODIMP nsPK11TokenDB::ListTokens(nsIEnumerator* *_retval) { nsNSSShutDownPreventionLock locker; nsCOMPtr<nsISupportsArray> array; PK11SlotList *list = 0; PK11SlotListElement *le; *_retval = nullptr; nsresult rv = NS_NewISupportsArray(getter_AddRefs(array)); if (NS_FAILED(rv)) { goto done; } /* List all tokens, creating PK11Token objects and putting them * into the array. */ list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, false, false, 0); if (!list) { rv = NS_ERROR_FAILURE; goto done; } for (le = PK11_GetFirstSafe(list); le; le = PK11_GetNextSafe(list, le, false)) { nsCOMPtr<nsIPK11Token> token = new nsPK11Token(le->slot); rv = array->AppendElement(token); if (NS_FAILED(rv)) { PK11_FreeSlotListElement(list, le); rv = NS_ERROR_OUT_OF_MEMORY; goto done; } } rv = array->Enumerate(_retval); done: if (list) PK11_FreeSlotList(list); return rv; }
static SECStatus nss_Init_Tokens(struct connectdata * conn) { PK11SlotList *slotList; PK11SlotListElement *listEntry; SECStatus ret, status = SECSuccess; pphrase_arg_t *parg = NULL; parg = (pphrase_arg_t *) malloc(sizeof(*parg)); parg->retryCount = 0; parg->data = conn->data; PK11_SetPasswordFunc(nss_get_password); slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL); for(listEntry = PK11_GetFirstSafe(slotList); listEntry; listEntry = listEntry->next) { PK11SlotInfo *slot = listEntry->slot; if(PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) { if(slot == PK11_GetInternalKeySlot()) { failf(conn->data, "The NSS database has not been initialized.\n"); } else { failf(conn->data, "The token %s has not been initialized.", PK11_GetTokenName(slot)); } PK11_FreeSlot(slot); continue; } ret = PK11_Authenticate(slot, PR_TRUE, parg); if(SECSuccess != ret) { if (PR_GetError() == SEC_ERROR_BAD_PASSWORD) infof(conn->data, "The password for token '%s' is incorrect\n", PK11_GetTokenName(slot)); status = SECFailure; break; } parg->retryCount = 0; /* reset counter to 0 for the next token */ PK11_FreeSlot(slot); } free(parg); return status; }
static SECStatus nss_Init_Tokens(struct connectdata * conn) { PK11SlotList *slotList; PK11SlotListElement *listEntry; SECStatus ret, status = SECSuccess; PK11_SetPasswordFunc(nss_get_password); slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL); for(listEntry = PK11_GetFirstSafe(slotList); listEntry; listEntry = listEntry->next) { PK11SlotInfo *slot = listEntry->slot; if(PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) { if(slot == PK11_GetInternalKeySlot()) { failf(conn->data, "The NSS database has not been initialized"); } else { failf(conn->data, "The token %s has not been initialized", PK11_GetTokenName(slot)); } PK11_FreeSlot(slot); continue; } ret = PK11_Authenticate(slot, PR_TRUE, conn->data->set.str[STRING_KEY_PASSWD]); if(SECSuccess != ret) { if(PR_GetError() == SEC_ERROR_BAD_PASSWORD) infof(conn->data, "The password for token '%s' is incorrect\n", PK11_GetTokenName(slot)); status = SECFailure; break; } PK11_FreeSlot(slot); } return status; }
nsresult GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx, PK11SlotInfo** aSlot, nsNSSShutDownPreventionLock& /*proofOfLock*/) { PK11SlotList * slotList = nullptr; char16_t** tokenNameList = nullptr; nsITokenDialogs * dialogs; char16_t *unicodeTokenChosen; PK11SlotListElement *slotElement, *tmpSlot; uint32_t numSlots = 0, i = 0; bool canceled; nsresult rv = NS_OK; *aSlot = nullptr; // Get the slot slotList = PK11_GetAllTokens(MapGenMechToAlgoMech(aMechanism), true, true, m_ctx); if (!slotList || !slotList->head) { rv = NS_ERROR_FAILURE; goto loser; } if (!slotList->head->next) { /* only one slot available, just return it */ *aSlot = slotList->head->slot; } else { // Gerenate a list of slots and ask the user to choose // tmpSlot = slotList->head; while (tmpSlot) { numSlots++; tmpSlot = tmpSlot->next; } // Allocate the slot name buffer // tokenNameList = static_cast<char16_t**>(moz_xmalloc(sizeof(char16_t *) * numSlots)); if (!tokenNameList) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; } i = 0; slotElement = PK11_GetFirstSafe(slotList); while (slotElement) { tokenNameList[i] = UTF8ToNewUnicode(nsDependentCString(PK11_GetTokenName(slotElement->slot))); slotElement = PK11_GetNextSafe(slotList, slotElement, false); if (tokenNameList[i]) i++; else { // OOM. adjust numSlots so we don't free unallocated memory. numSlots = i; PK11_FreeSlotListElement(slotList, slotElement); rv = NS_ERROR_OUT_OF_MEMORY; goto loser; } } /* Throw up the token list dialog and get back the token */ rv = getNSSDialogs((void**)&dialogs, NS_GET_IID(nsITokenDialogs), NS_TOKENDIALOGS_CONTRACTID); if (NS_FAILED(rv)) goto loser; if (!tokenNameList || !*tokenNameList) { rv = NS_ERROR_OUT_OF_MEMORY; } else { rv = dialogs->ChooseToken(m_ctx, (const char16_t**)tokenNameList, numSlots, &unicodeTokenChosen, &canceled); } NS_RELEASE(dialogs); if (NS_FAILED(rv)) goto loser; if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } // Get the slot // slotElement = PK11_GetFirstSafe(slotList); nsAutoString tokenStr(unicodeTokenChosen); while (slotElement) { if (tokenStr.Equals(NS_ConvertUTF8toUTF16(PK11_GetTokenName(slotElement->slot)))) { *aSlot = slotElement->slot; PK11_FreeSlotListElement(slotList, slotElement); break; } slotElement = PK11_GetNextSafe(slotList, slotElement, false); } if(!(*aSlot)) { rv = NS_ERROR_FAILURE; goto loser; } } // Get a reference to the slot // PK11_ReferenceSlot(*aSlot); loser: if (slotList) { PK11_FreeSlotList(slotList); } if (tokenNameList) { NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(numSlots, tokenNameList); } return rv; }
/* * return the certificate associated with a derCert */ SECItem * PK11_FindSMimeProfile(PK11SlotInfo **slot, char *emailAddr, SECItem *name, SECItem **profileTime) { CK_OBJECT_CLASS smimeClass = CKO_NETSCAPE_SMIME; CK_ATTRIBUTE theTemplate[] = { { CKA_SUBJECT, NULL, 0 }, { CKA_CLASS, NULL, 0 }, { CKA_NETSCAPE_EMAIL, NULL, 0 }, }; CK_ATTRIBUTE smimeData[] = { { CKA_SUBJECT, NULL, 0 }, { CKA_VALUE, NULL, 0 }, }; /* if you change the array, change the variable below as well */ int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]); CK_OBJECT_HANDLE smimeh = CK_INVALID_HANDLE; CK_ATTRIBUTE *attrs = theTemplate; CK_RV crv; SECItem *emailProfile = NULL; if (!emailAddr || !emailAddr[0]) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } PK11_SETATTRS(attrs, CKA_SUBJECT, name->data, name->len); attrs++; PK11_SETATTRS(attrs, CKA_CLASS, &smimeClass, sizeof(smimeClass)); attrs++; PK11_SETATTRS(attrs, CKA_NETSCAPE_EMAIL, emailAddr, strlen(emailAddr)); attrs++; if (*slot) { smimeh = pk11_FindObjectByTemplate(*slot,theTemplate,tsize); } else { PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE,PR_TRUE,NULL); PK11SlotListElement *le; if (!list) { return NULL; } /* loop through all the slots */ for (le = list->head; le; le = le->next) { smimeh = pk11_FindObjectByTemplate(le->slot,theTemplate,tsize); if (smimeh != CK_INVALID_HANDLE) { *slot = PK11_ReferenceSlot(le->slot); break; } } PK11_FreeSlotList(list); } if (smimeh == CK_INVALID_HANDLE) { PORT_SetError(SEC_ERROR_NO_KRL); return NULL; } if (profileTime) { PK11_SETATTRS(smimeData, CKA_NETSCAPE_SMIME_TIMESTAMP, NULL, 0); } crv = PK11_GetAttributes(NULL,*slot,smimeh,smimeData,2); if (crv != CKR_OK) { PORT_SetError(PK11_MapError (crv)); goto loser; } if (!profileTime) { SECItem profileSubject; profileSubject.data = (unsigned char*) smimeData[0].pValue; profileSubject.len = smimeData[0].ulValueLen; if (!SECITEM_ItemsAreEqual(&profileSubject,name)) { goto loser; } } emailProfile = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); if (emailProfile == NULL) { goto loser; } emailProfile->data = (unsigned char*) smimeData[1].pValue; emailProfile->len = smimeData[1].ulValueLen; if (profileTime) { *profileTime = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); if (*profileTime) { (*profileTime)->data = (unsigned char*) smimeData[0].pValue; (*profileTime)->len = smimeData[0].ulValueLen; } } loser: if (emailProfile == NULL) { if (smimeData[1].pValue) { PORT_Free(smimeData[1].pValue); } } if (profileTime == NULL || *profileTime == NULL) { if (smimeData[0].pValue) { PORT_Free(smimeData[0].pValue); } } return emailProfile; }
int find_slot_by_number(pkcs11_handle_t *h, unsigned int slot_num, unsigned int *slotID) { SECMODModule *module = h->module; int i; /* if module is null, * any of the PKCS #11 modules specified in the system config * is available, find one */ if (module == NULL) { PK11SlotList *list; PK11SlotListElement *le; PK11SlotInfo *slot = NULL; /* find a slot, we haven't specifically selected a module, * so find an appropriate one. */ /* get them all */ list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL); if (list == NULL) { return -1; } for (le = list->head; le; le = le->next) { CK_SLOT_INFO slInfo; SECStatus rv; slInfo.flags = 0; rv = PK11_GetSlotInfo(le->slot, &slInfo); if (rv == SECSuccess && (slInfo.flags & CKF_REMOVABLE_DEVICE)) { slot = PK11_ReferenceSlot(le->slot); module = SECMOD_ReferenceModule(PK11_GetModule(le->slot)); break; } } PK11_FreeSlotList(list); if (slot == NULL) { return -1; } h->slot = slot; h->module = module; *slotID = PK11_GetSlotID(slot); return 0; } /* * we're configured with a specific module, look for a present slot * on that module. */ if (slot_num == 0) { /* threaded applications should also acquire the * DefaultModuleListLock */ for (i=0; i < module->slotCount; i++) { if (module->slots[i] && PK11_IsPresent(module->slots[i])) { h->slot = PK11_ReferenceSlot(module->slots[i]); *slotID = PK11_GetSlotID(h->slot); return 0; } } } /* we're configured for a specific module and token, see if it's present */ slot_num--; if (slot_num < module->slotCount && module->slots && module->slots[slot_num] && PK11_IsPresent(module->slots[slot_num])) { h->slot = PK11_ReferenceSlot(module->slots[slot_num]); *slotID = PK11_GetSlotID(h->slot); return 0; } return -1; }