NSS_IMPLEMENT NSSCKMDToken *
nss_dbm_mdToken_factory
(
nss_dbm_slot_t *slot,
CK_RV *pError
)
{
nss_dbm_token_t *token;
NSSCKMDToken *rv;
token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t);
if( (nss_dbm_token_t *)NULL == token ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDToken *)NULL;
}
rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken);
if( (NSSCKMDToken *)NULL == rv ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDToken *)NULL;
}
token->slot = slot;
rv->etc = (void *)token;
rv->Setup = nss_dbm_mdToken_Setup;
rv->Invalidate = nss_dbm_mdToken_Invalidate;
rv->InitToken = nss_dbm_mdToken_InitToken;
rv->GetLabel = nss_dbm_mdToken_GetLabel;
rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID;
rv->GetModel = nss_dbm_mdToken_GetModel;
/* GetSerialNumber is irrelevant */
/* GetHasRNG defaults to CK_FALSE */
rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected;
/* GetLoginRequired defaults to CK_FALSE */
/* GetUserPinInitialized defaults to CK_FALSE */
/* GetRestoreKeyNotNeeded is irrelevant */
/* GetHasClockOnToken defaults to CK_FALSE */
/* GetHasProtectedAuthenticationPath defaults to CK_FALSE */
/* GetSupportsDualCryptoOperations is irrelevant */
rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite;
rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite;
/* GetMaxPinLen is irrelevant */
/* GetMinPinLen is irrelevant */
/* GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */
/* GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */
/* GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */
/* GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */
rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion;
/* GetFirmwareVersion is irrelevant */
/* GetUTCTime is irrelevant */
rv->OpenSession = nss_dbm_mdToken_OpenSession;
rv->null = NULL;
return rv;
}
NSS_IMPLEMENT NSSCryptoContext *
nssCryptoContext_Create (
NSSTrustDomain *td,
NSSCallback *uhhOpt
)
{
NSSArena *arena;
NSSCryptoContext *rvCC;
arena = NSSArena_Create();
if (!arena) {
return NULL;
}
rvCC = nss_ZNEW(arena, NSSCryptoContext);
if (!rvCC) {
return NULL;
}
rvCC->td = td;
rvCC->arena = arena;
rvCC->certStore = nssCertificateStore_Create(rvCC->arena);
if (!rvCC->certStore) {
nssArena_Destroy(arena);
return NULL;
}
return rvCC;
}
static NSSSlot *
nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
{
NSSSlot *rvSlot;
NSSArena *arena;
arena = nssArena_Create();
if (!arena) {
return NULL;
}
rvSlot = nss_ZNEW(arena, NSSSlot);
if (!rvSlot) {
nssArena_Destroy(arena);
return NULL;
}
rvSlot->base.refCount = 1;
rvSlot->base.lock = PZ_NewLock(nssILockOther);
rvSlot->base.arena = arena;
rvSlot->pk11slot = nss3slot;
rvSlot->epv = nss3slot->functionList;
rvSlot->slotID = nss3slot->slotID;
/* Grab the slot name from the PKCS#11 fixed-length buffer */
rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name,td->arena);
rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
return rvSlot;
}
NSS_IMPLEMENT NSSCRL *
nssCRL_Create (
nssPKIObject *object
)
{
PRStatus status;
NSSCRL *rvCRL;
NSSArena *arena = object->arena;
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
rvCRL = nss_ZNEW(arena, NSSCRL);
if (!rvCRL) {
return (NSSCRL *)NULL;
}
rvCRL->object = *object;
/* XXX should choose instance based on some criteria */
status = nssCryptokiCRL_GetAttributes(object->instances[0],
NULL, /* XXX sessionOpt */
arena,
&rvCRL->encoding,
NULL, /* subject */
NULL, /* class */
&rvCRL->url,
&rvCRL->isKRL);
if (status != PR_SUCCESS) {
return (NSSCRL *)NULL;
}
return rvCRL;
}
NSS_IMPLEMENT NSSCKMDObject *
nss_dbm_mdObject_factory
(
nss_dbm_object_t *object,
CK_RV *pError
)
{
NSSCKMDObject *rv;
rv = nss_ZNEW(object->arena, NSSCKMDObject);
if( (NSSCKMDObject *)NULL == rv ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDObject *)NULL;
}
rv->etc = (void *)object;
rv->Finalize = nss_dbm_mdObject_Finalize;
rv->Destroy = nss_dbm_mdObject_Destroy;
/* IsTokenObject can be deferred */
rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount;
rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes;
rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize;
rv->GetAttribute = nss_dbm_mdObject_GetAttribute;
rv->SetAttribute = nss_dbm_mdObject_SetAttribute;
/* GetObjectSize can be deferred */
return rv;
}
NSS_IMPLEMENT NSSTrustDomain *
NSSTrustDomain_Create (
NSSUTF8 *moduleOpt,
NSSUTF8 *uriOpt,
NSSUTF8 *opaqueOpt,
void *reserved
)
{
NSSArena *arena;
NSSTrustDomain *rvTD;
arena = NSSArena_Create();
if(!arena) {
return (NSSTrustDomain *)NULL;
}
rvTD = nss_ZNEW(arena, NSSTrustDomain);
if (!rvTD) {
goto loser;
}
/* protect the token list and the token iterator */
rvTD->tokensLock = NSSRWLock_New(100, "tokens");
if (!rvTD->tokensLock) {
goto loser;
}
nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
rvTD->arena = arena;
rvTD->refCount = 1;
rvTD->statusConfig = NULL;
return rvTD;
loser:
if (rvTD && rvTD->tokensLock) {
NSSRWLock_Destroy(rvTD->tokensLock);
}
nssArena_Destroy(arena);
return (NSSTrustDomain *)NULL;
}
/*
* delete a crl.
*/
SECStatus
SEC_DeletePermCRL(CERTSignedCrl *crl)
{
PRStatus status;
NSSToken *token;
nssCryptokiObject *object;
PK11SlotInfo *slot = crl->slot;
if (slot == NULL) {
PORT_Assert(slot);
/* shouldn't happen */
PORT_SetError( SEC_ERROR_CRL_INVALID);
return SECFailure;
}
token = PK11Slot_GetNSSToken(slot);
object = nss_ZNEW(NULL, nssCryptokiObject);
if (!object) {
return SECFailure;
}
object->token = nssToken_AddRef(token);
object->handle = crl->pkcs11ID;
object->isTokenObject = PR_TRUE;
status = nssToken_DeleteStoredObject(object);
nssCryptokiObject_Destroy(object);
return (status == PR_SUCCESS) ? SECSuccess : SECFailure;
}
NSS_IMPLEMENT nssCryptokiObject *
nssCryptokiObject_Create (
NSSToken *t,
nssSession *session,
CK_OBJECT_HANDLE h
)
{
PRStatus status;
NSSSlot *slot;
nssCryptokiObject *object;
CK_BBOOL *isTokenObject;
CK_ATTRIBUTE cert_template[] = {
{ CKA_TOKEN, NULL, 0 },
{ CKA_LABEL, NULL, 0 }
};
slot = nssToken_GetSlot(t);
status = nssCKObject_GetAttributes(h, cert_template, 2,
NULL, session, slot);
nssSlot_Destroy(slot);
if (status != PR_SUCCESS) {
/* a failure here indicates a device error */
return (nssCryptokiObject *)NULL;
}
object = nss_ZNEW(NULL, nssCryptokiObject);
if (!object) {
return (nssCryptokiObject *)NULL;
}
object->handle = h;
object->token = nssToken_AddRef(t);
isTokenObject = (CK_BBOOL *)cert_template[0].pValue;
object->isTokenObject = *isTokenObject;
nss_ZFreeIf(isTokenObject);
NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label);
return object;
}
/*
* nssCKFWCrytoOperation_Create
*/
NSS_EXTERN NSSCKFWCryptoOperation *
nssCKFWCryptoOperation_Create(
NSSCKMDCryptoOperation *mdOperation,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSCKFWCryptoOperationType type,
CK_RV *pError
)
{
NSSCKFWCryptoOperation *fwOperation;
fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation);
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWCryptoOperation *)NULL;
}
fwOperation->mdOperation = mdOperation;
fwOperation->mdSession = mdSession;
fwOperation->fwSession = fwSession;
fwOperation->mdToken = mdToken;
fwOperation->fwToken = fwToken;
fwOperation->mdInstance = mdInstance;
fwOperation->fwInstance = fwInstance;
fwOperation->type = type;
return fwOperation;
}
/* Returns NULL if "encoding" cannot be decoded. */
NSS_IMPLEMENT nssDecodedCert *
nssDecodedPKIXCertificate_Create (
NSSArena *arenaOpt,
NSSDER *encoding
)
{
nssDecodedCert *rvDC = NULL;
CERTCertificate *cert;
SECItem secDER;
SECITEM_FROM_NSSITEM(&secDER, encoding);
cert = CERT_DecodeDERCertificate(&secDER, PR_TRUE, NULL);
if (cert) {
rvDC = nss_ZNEW(arenaOpt, nssDecodedCert);
if (rvDC) {
rvDC->type = NSSCertificateType_PKIX;
rvDC->data = (void *)cert;
rvDC->getIdentifier = nss3certificate_getIdentifier;
rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier;
rvDC->matchIdentifier = nss3certificate_matchIdentifier;
rvDC->isValidIssuer = nss3certificate_isValidIssuer;
rvDC->getUsage = nss3certificate_getUsage;
rvDC->isValidAtTime = nss3certificate_isValidAtTime;
rvDC->isNewerThan = nss3certificate_isNewerThan;
rvDC->matchUsage = nss3certificate_matchUsage;
rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage;
rvDC->getEmailAddress = nss3certificate_getEmailAddress;
rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber;
} else {
CERT_DestroyCertificate(cert);
}
}
return rvDC;
}
NSS_IMPLEMENT NSSCKMDSlot *
nss_dbm_mdSlot_factory
(
nss_dbm_instance_t *instance,
char *filename,
int flags,
CK_RV *pError
)
{
nss_dbm_slot_t *slot;
NSSCKMDSlot *rv;
slot = nss_ZNEW(instance->arena, nss_dbm_slot_t);
if( (nss_dbm_slot_t *)NULL == slot ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDSlot *)NULL;
}
slot->instance = instance;
slot->filename = filename;
slot->flags = flags;
slot->token_db = (nss_dbm_db_t *)NULL;
rv = nss_ZNEW(instance->arena, NSSCKMDSlot);
if( (NSSCKMDSlot *)NULL == rv ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDSlot *)NULL;
}
rv->etc = (void *)slot;
rv->Initialize = nss_dbm_mdSlot_Initialize;
rv->Destroy = nss_dbm_mdSlot_Destroy;
rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription;
rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID;
rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent;
rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice;
/* GetHardwareSlot */
/* GetHardwareVersion */
/* GetFirmwareVersion */
rv->GetToken = nss_dbm_mdSlot_GetToken;
rv->null = (void *)NULL;
return rv;
}
NSS_IMPLEMENT nssCertificateStore *
nssCertificateStore_Create (
NSSArena *arenaOpt
)
{
NSSArena *arena;
nssCertificateStore *store;
PRBool i_alloced_arena;
if (arenaOpt) {
arena = arenaOpt;
i_alloced_arena = PR_FALSE;
} else {
arena = nssArena_Create();
if (!arena) {
return NULL;
}
i_alloced_arena = PR_TRUE;
}
store = nss_ZNEW(arena, nssCertificateStore);
if (!store) {
goto loser;
}
store->lock = PZ_NewLock(nssILockOther);
if (!store->lock) {
goto loser;
}
/* Create the issuer/serial --> {cert, trust, S/MIME profile } hash */
store->issuer_and_serial = nssHash_CreateCertificate(arena, 0);
if (!store->issuer_and_serial) {
goto loser;
}
/* Create the subject DER --> subject list hash */
store->subject = nssHash_CreateItem(arena, 0);
if (!store->subject) {
goto loser;
}
store->arena = arena;
store->i_alloced_arena = i_alloced_arena;
return store;
loser:
if (store) {
if (store->lock) {
PZ_DestroyLock(store->lock);
}
if (store->issuer_and_serial) {
nssHash_Destroy(store->issuer_and_serial);
}
if (store->subject) {
nssHash_Destroy(store->subject);
}
}
if (i_alloced_arena) {
nssArena_Destroy(arena);
}
return NULL;
}
NSSToken *
nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
{
NSSToken *rvToken;
NSSArena *arena;
/* Don't create a token object for a disabled slot */
if (nss3slot->disabled) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return NULL;
}
arena = nssArena_Create();
if (!arena) {
return NULL;
}
rvToken = nss_ZNEW(arena, NSSToken);
if (!rvToken) {
nssArena_Destroy(arena);
return NULL;
}
rvToken->base.refCount = 1;
rvToken->base.lock = PZ_NewLock(nssILockOther);
if (!rvToken->base.lock) {
nssArena_Destroy(arena);
return NULL;
}
rvToken->base.arena = arena;
rvToken->pk11slot = nss3slot;
rvToken->epv = nss3slot->functionList;
rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
nss3slot->session,
nss3slot->sessionLock,
nss3slot->defRWSession);
/* continue, even if rvToken->defaultSession is NULL */
if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
rvToken->cache = nssTokenObjectCache_Create(rvToken,
PR_TRUE, PR_TRUE, PR_TRUE);
if (!rvToken->cache)
goto loser;
}
rvToken->trustDomain = td;
/* Grab the token name from the PKCS#11 fixed-length buffer */
rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name,td->arena);
rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
if (!rvToken->slot) {
goto loser;
}
rvToken->slot->token = rvToken;
if (rvToken->defaultSession)
rvToken->defaultSession->slot = rvToken->slot;
return rvToken;
loser:
PZ_DestroyLock(rvToken->base.lock);
nssArena_Destroy(arena);
return NULL;
}
/* find all the certs that represent the appropriate object (cert, priv key, or
* pub key) in the cert store.
*/
static PRUint32
collect_class(
CK_OBJECT_CLASS objClass,
SecItemClass itemClass,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
ckmkInternalObject ***listp,
PRUint32 *sizep,
PRUint32 count,
CK_RV *pError
)
{
ckmkInternalObject *next = NULL;
SecKeychainSearchRef searchRef = 0;
SecKeychainItemRef itemRef = 0;
OSStatus error;
/* future, build the attribute list based on the template
* so we can refine the search */
error = SecKeychainSearchCreateFromAttributes(
NULL, itemClass, NULL, &searchRef);
while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) {
/* if we don't have an internal object structure, get one */
if ((ckmkInternalObject *)NULL == next) {
next = nss_ZNEW(NULL, ckmkInternalObject);
if ((ckmkInternalObject *)NULL == next) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
}
/* fill in the relevant object data */
next->type = ckmkItem;
next->objClass = objClass;
next->u.item.itemRef = itemRef;
next->u.item.itemClass = itemClass;
/* see if this is one of the objects we are looking for */
if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) {
/* yes, put it on the list */
PUT_OBJECT(next, *pError, *sizep, count, *listp);
next = NULL; /* this one is on the list, need to allocate a new one now */
} else {
/* no , release the current item and clear out the structure for reuse */
CFRelease(itemRef);
/* don't cache the values we just loaded */
nsslibc_memset(next, 0, sizeof(*next));
}
}
loser:
if (searchRef) {
CFRelease(searchRef);
}
nss_ZFreeIf(next);
return count;
}
/*
* nssHash_create
*
*/
NSS_IMPLEMENT nssHash *
nssHash_Create
(
NSSArena *arenaOpt,
PRUint32 numBuckets,
PLHashFunction keyHash,
PLHashComparator keyCompare,
PLHashComparator valueCompare
)
{
nssHash *rv;
NSSArena *arena;
PRBool i_alloced;
#ifdef NSSDEBUG
if( arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (nssHash *)NULL;
}
#endif /* NSSDEBUG */
if (arenaOpt) {
arena = arenaOpt;
i_alloced = PR_FALSE;
} else {
arena = nssArena_Create();
i_alloced = PR_TRUE;
}
rv = nss_ZNEW(arena, nssHash);
if( (nssHash *)NULL == rv ) {
goto loser;
}
rv->mutex = PZ_NewLock(nssILockOther);
if( (PZLock *)NULL == rv->mutex ) {
goto loser;
}
rv->plHashTable = PL_NewHashTable(numBuckets,
keyHash, keyCompare, valueCompare,
&nssArenaHashAllocOps, arena);
if( (PLHashTable *)NULL == rv->plHashTable ) {
(void)PZ_DestroyLock(rv->mutex);
goto loser;
}
rv->count = 0;
rv->arena = arena;
rv->i_alloced_arena = i_alloced;
return rv;
loser:
(void)nss_ZFreeIf(rv);
return (nssHash *)NULL;
}
static NSSCKMDObject *
nss_dbm_mdSession_CreateObject
(
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSArena *handyArenaPointer,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
{
nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
CK_ULONG i;
CK_BBOOL isToken = CK_FALSE; /* defaults to false */
NSSCKMDObject *rv;
struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL;
nss_dbm_object_t *object;
nss_dbm_db_t *which_db;
/* This framework should really pass this to me */
for( i = 0; i < ulAttributeCount; i++ ) {
if( CKA_TOKEN == pTemplate[i].type ) {
isToken = *(CK_BBOOL *)pTemplate[i].pValue;
break;
}
}
object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t);
if( (nss_dbm_object_t *)NULL == object ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDObject *)NULL;
}
object->arena = handyArenaPointer;
which_db = isToken ? token->slot->token_db : token->session_db;
/* Do this before the actual database call; it's easier to recover from */
rv = nss_dbm_mdObject_factory(object, pError);
if( (NSSCKMDObject *)NULL == rv ) {
return (NSSCKMDObject *)NULL;
}
if( CK_FALSE == isToken ) {
node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node);
if( (struct nss_dbm_dbt_node *)NULL == node ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDObject *)NULL;
}
}
NSS_IMPLEMENT NSSItem *
nssItem_Create
(
NSSArena *arenaOpt,
NSSItem *rvOpt,
PRUint32 length,
const void *data
)
{
NSSItem *rv = (NSSItem *)NULL;
#ifdef DEBUG
if( (NSSArena *)NULL != arenaOpt ) {
if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
return (NSSItem *)NULL;
}
}
if( (const void *)NULL == data ) {
if( length > 0 ) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (NSSItem *)NULL;
}
}
#endif /* DEBUG */
if( (NSSItem *)NULL == rvOpt ) {
rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
if( (NSSItem *)NULL == rv ) {
goto loser;
}
} else {
rv = rvOpt;
}
rv->size = length;
rv->data = nss_ZAlloc(arenaOpt, length);
if( (void *)NULL == rv->data ) {
goto loser;
}
if( length > 0 ) {
(void)nsslibc_memcpy(rv->data, data, length);
}
return rv;
loser:
if( rv != rvOpt ) {
nss_ZFreeIf(rv);
}
return (NSSItem *)NULL;
}
/*
* nssCKFWHash_Create
*
*/
NSS_IMPLEMENT nssCKFWHash *
nssCKFWHash_Create
(
NSSCKFWInstance *fwInstance,
NSSArena *arena,
CK_RV *pError
)
{
nssCKFWHash *rv;
#ifdef NSSDEBUG
if (!pError) {
return (nssCKFWHash *)NULL;
}
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
*pError = CKR_ARGUMENTS_BAD;
return (nssCKFWHash *)NULL;
}
#endif /* NSSDEBUG */
rv = nss_ZNEW(arena, nssCKFWHash);
if (!rv) {
*pError = CKR_HOST_MEMORY;
return (nssCKFWHash *)NULL;
}
rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
if (!rv->mutex) {
if( CKR_OK == *pError ) {
(void)nss_ZFreeIf(rv);
*pError = CKR_GENERAL_ERROR;
}
return (nssCKFWHash *)NULL;
}
rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
if (!rv->plHashTable) {
(void)nssCKFWMutex_Destroy(rv->mutex);
(void)nss_ZFreeIf(rv);
*pError = CKR_HOST_MEMORY;
return (nssCKFWHash *)NULL;
}
rv->count = 0;
return rv;
}
static cache_entry *
new_cache_entry(NSSArena *arena, void *value, PRBool ownArena)
{
cache_entry *ce = nss_ZNEW(arena, cache_entry);
if (ce) {
ce->entry.value = value;
ce->hits = 1;
ce->lastHit = PR_Now();
if (ownArena) {
ce->arena = arena;
}
ce->nickname = NULL;
}
return ce;
}
static CK_RV
nss_dbm_mdInstance_Initialize
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSUTF8 *configurationData
)
{
CK_RV rv = CKR_OK;
NSSArena *arena;
nss_dbm_instance_t *instance;
arena = NSSCKFWInstance_GetArena(fwInstance, &rv);
if( ((NSSArena *)NULL == arena) && (CKR_OK != rv) ) {
return rv;
}
instance = nss_ZNEW(arena, nss_dbm_instance_t);
if( (nss_dbm_instance_t *)NULL == instance ) {
return CKR_HOST_MEMORY;
}
instance->arena = arena;
/*
* This should parse the configuration data for information on
* number and locations of databases, modes (e.g. readonly), etc.
* But for now, we'll have one slot with a creatable read-write
* database called "cert8.db."
*/
instance->nSlots = 1;
instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots);
if( (char **)NULL == instance->filenames ) {
return CKR_HOST_MEMORY;
}
instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots);
if( (int *)NULL == instance->flags ) {
return CKR_HOST_MEMORY;
}
instance->filenames[0] = "cert8.db";
instance->flags[0] = O_RDWR|O_CREAT;
mdInstance->etc = (void *)instance;
return CKR_OK;
}
NSS_IMPLEMENT nssCryptokiObject *
nssCryptokiObject_Clone(
nssCryptokiObject *object)
{
nssCryptokiObject *rvObject;
rvObject = nss_ZNEW(NULL, nssCryptokiObject);
if (rvObject) {
rvObject->handle = object->handle;
rvObject->token = nssToken_AddRef(object->token);
rvObject->isTokenObject = object->isTokenObject;
if (object->label) {
rvObject->label = nssUTF8_Duplicate(object->label, NULL);
}
}
return rvObject;
}
NSS_IMPLEMENT nssSession *
nssSession_ImportNSS3Session(NSSArena *arenaOpt,
CK_SESSION_HANDLE session,
PZLock *lock, PRBool rw)
{
nssSession *rvSession = NULL;
if (session != CK_INVALID_SESSION) {
rvSession = nss_ZNEW(arenaOpt, nssSession);
if (rvSession) {
rvSession->handle = session;
rvSession->lock = lock;
rvSession->ownLock = PR_FALSE;
rvSession->isRW = rw;
}
}
return rvSession;
}
NSS_IMPLEMENT NSSCKMDSession *
nss_ckmk_CreateSession
(
NSSCKFWSession *fwSession,
CK_RV *pError
)
{
NSSArena *arena;
NSSCKMDSession *rv;
arena = NSSCKFWSession_GetArena(fwSession, pError);
if( (NSSArena *)NULL == arena ) {
return (NSSCKMDSession *)NULL;
}
rv = nss_ZNEW(arena, NSSCKMDSession);
if( (NSSCKMDSession *)NULL == rv ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDSession *)NULL;
}
/*
* rv was zeroed when allocated, so we only
* need to set the non-zero members.
*/
rv->etc = (void *)fwSession;
/* rv->Close */
/* rv->GetDeviceError */
/* rv->Login */
/* rv->Logout */
/* rv->InitPIN */
/* rv->SetPIN */
/* rv->GetOperationStateLen */
/* rv->GetOperationState */
/* rv->SetOperationState */
rv->CreateObject = ckmk_mdSession_CreateObject;
/* rv->CopyObject */
rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit;
/* rv->SeedRandom */
/* rv->GetRandom */
/* rv->null */
return rv;
}
NSS_IMPLEMENT nssSession *
nssSlot_CreateSession
(
NSSSlot *slot,
NSSArena *arenaOpt,
PRBool readWrite
)
{
nssSession *rvSession;
if (!readWrite) {
/* nss3hack version only returns rw swssions */
return NULL;
}
rvSession = nss_ZNEW(arenaOpt, nssSession);
if (!rvSession) {
return (nssSession *)NULL;
}
rvSession->handle = PK11_GetRWSession(slot->pk11slot);
if (rvSession->handle == CK_INVALID_HANDLE) {
nss_ZFreeIf(rvSession);
return NULL;
}
rvSession->isRW = PR_TRUE;
rvSession->slot = slot;
/*
* The session doesn't need its own lock. Here's why.
* 1. If we are reusing the default RW session of the slot,
* the slot lock is already locked to protect the session.
* 2. If the module is not thread safe, the slot (or rather
* module) lock is already locked.
* 3. If the module is thread safe and we are using a new
* session, no higher-level lock has been locked and we
* would need a lock for the new session. However, the
* current usage of the session is that it is always
* used and destroyed within the same function and never
* shared with another thread.
* So the session is either already protected by another
* lock or only used by one thread.
*/
rvSession->lock = NULL;
rvSession->ownLock = PR_FALSE;
return rvSession;
}
static PLHashEntry * PR_CALLBACK
nss_arena_hash_alloc_entry
(
void *pool,
const void *key
)
{
NSSArena *arena = NULL;
#ifdef NSSDEBUG
if( (void *)NULL != arena ) {
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
return (void *)NULL;
}
}
#endif /* NSSDEBUG */
return nss_ZNEW(arena, PLHashEntry);
}
static PRStatus
add_certificate_entry (
nssCertificateStore *store,
NSSCertificate *cert
)
{
PRStatus nssrv;
certificate_hash_entry *entry;
entry = nss_ZNEW(cert->object.arena, certificate_hash_entry);
if (!entry) {
return PR_FAILURE;
}
entry->cert = cert;
nssrv = nssHash_Add(store->issuer_and_serial, cert, entry);
if (nssrv != PR_SUCCESS) {
nss_ZFreeIf(entry);
}
return nssrv;
}
/* Creates a certificate from a base object */
NSS_IMPLEMENT NSSCertificate *
nssCertificate_Create (
nssPKIObject *object
)
{
PRStatus status;
NSSCertificate *rvCert;
nssArenaMark * mark;
NSSArena *arena = object->arena;
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
PR_ASSERT(object->lockType == nssPKIMonitor);
mark = nssArena_Mark(arena);
rvCert = nss_ZNEW(arena, NSSCertificate);
if (!rvCert) {
return (NSSCertificate *)NULL;
}
rvCert->object = *object;
/* XXX should choose instance based on some criteria */
status = nssCryptokiCertificate_GetAttributes(object->instances[0],
NULL, /* XXX sessionOpt */
arena,
&rvCert->type,
&rvCert->id,
&rvCert->encoding,
&rvCert->issuer,
&rvCert->serial,
&rvCert->subject);
if (status != PR_SUCCESS ||
!rvCert->encoding.data ||
!rvCert->encoding.size ||
!rvCert->issuer.data ||
!rvCert->issuer.size ||
!rvCert->serial.data ||
!rvCert->serial.size) {
if (mark)
nssArena_Release(arena, mark);
return (NSSCertificate *)NULL;
}
if (mark)
nssArena_Unmark(arena, mark);
return rvCert;
}
/*
* nssCKFWMechanism_Create
*
*/
NSS_IMPLEMENT NSSCKFWMechanism *
nssCKFWMechanism_Create(
NSSCKMDMechanism *mdMechanism,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance)
{
NSSCKFWMechanism *fwMechanism;
fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
if (!fwMechanism) {
return (NSSCKFWMechanism *)NULL;
}
fwMechanism->mdMechanism = mdMechanism;
fwMechanism->mdToken = mdToken;
fwMechanism->fwToken = fwToken;
fwMechanism->mdInstance = mdInstance;
fwMechanism->fwInstance = fwInstance;
return fwMechanism;
}
NSS_IMPLEMENT NSSCKMDFindObjects *
nss_dbm_mdFindObjects_factory
(
nss_dbm_find_t *find,
CK_RV *pError
)
{
NSSCKMDFindObjects *rv;
rv = nss_ZNEW(find->arena, NSSCKMDFindObjects);
if( (NSSCKMDFindObjects *)NULL == rv ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDFindObjects *)NULL;
}
rv->etc = (void *)find;
rv->Final = nss_dbm_mdFindObjects_Final;
rv->Next = nss_dbm_mdFindObjects_Next;
return rv;
}
NSS_IMPLEMENT nssSMIMEProfile *
nssSMIMEProfile_Create (
NSSCertificate *cert,
NSSItem *profileTime,
NSSItem *profileData
)
{
NSSArena *arena;
nssSMIMEProfile *rvProfile;
nssPKIObject *object;
NSSTrustDomain *td = nssCertificate_GetTrustDomain(cert);
NSSCryptoContext *cc = nssCertificate_GetCryptoContext(cert);
arena = nssArena_Create();
if (!arena) {
return NULL;
}
object = nssPKIObject_Create(arena, NULL, td, cc, nssPKILock);
if (!object) {
goto loser;
}
rvProfile = nss_ZNEW(arena, nssSMIMEProfile);
if (!rvProfile) {
goto loser;
}
rvProfile->object = *object;
rvProfile->certificate = cert;
rvProfile->email = nssUTF8_Duplicate(cert->email, arena);
rvProfile->subject = nssItem_Duplicate(&cert->subject, arena, NULL);
if (profileTime) {
rvProfile->profileTime = nssItem_Duplicate(profileTime, arena, NULL);
}
if (profileData) {
rvProfile->profileData = nssItem_Duplicate(profileData, arena, NULL);
}
return rvProfile;
loser:
if (object) nssPKIObject_Destroy(object);
else if (arena) nssArena_Destroy(arena);
return (nssSMIMEProfile *)NULL;
}
