summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranziskus Kiefer <franziskuskiefer@gmail.com>2016-02-05 22:55:59 +0100
committerFranziskus Kiefer <franziskuskiefer@gmail.com>2016-02-05 22:55:59 +0100
commitac260f7767f05afb1b79b27e46353499fdbddaa2 (patch)
tree633c98bbfb8ab71ba3bdf76cf08bfcc28e428348
parent39d0f24cad325d64cb2d989cb42590e4079d2ae1 (diff)
downloadnss-hg-NSS_3_23_BETA3.tar.gz
Bug 1244152 - NSS clang-format: lib/dev, r=kaieNSS_3_23_BETA3
Diffstat
-rw-r--r--lib/dev/ckhelper.c596
-rw-r--r--lib/dev/ckhelper.h153
-rw-r--r--lib/dev/dev.h873
-rw-r--r--lib/dev/devm.h202
-rw-r--r--lib/dev/devslot.c178
-rw-r--r--lib/dev/devt.h89
-rw-r--r--lib/dev/devtm.h2
-rw-r--r--lib/dev/devtoken.c1539
-rw-r--r--lib/dev/devutil.c1013
-rw-r--r--lib/dev/nssdev.h12
10 files changed, 2205 insertions, 2452 deletions
diff --git a/lib/dev/ckhelper.c b/lib/dev/ckhelper.c
index 0ca56547d..f58594228 100644
--- a/lib/dev/ckhelper.c
+++ b/lib/dev/ckhelper.c
@@ -16,51 +16,49 @@ extern const NSSError NSS_ERROR_DEVICE_ERROR;
static const CK_BBOOL s_true = CK_TRUE;
NSS_IMPLEMENT_DATA const NSSItem
-g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) };
+ g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) };
static const CK_BBOOL s_false = CK_FALSE;
NSS_IMPLEMENT_DATA const NSSItem
-g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) };
+ g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) };
static const CK_OBJECT_CLASS s_class_cert = CKO_CERTIFICATE;
NSS_IMPLEMENT_DATA const NSSItem
-g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) };
+ g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) };
static const CK_OBJECT_CLASS s_class_pubkey = CKO_PUBLIC_KEY;
NSS_IMPLEMENT_DATA const NSSItem
-g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) };
+ g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) };
static const CK_OBJECT_CLASS s_class_privkey = CKO_PRIVATE_KEY;
NSS_IMPLEMENT_DATA const NSSItem
-g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey) };
+ g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey) };
static PRBool
-is_string_attribute (
- CK_ATTRIBUTE_TYPE aType
-)
+is_string_attribute(
+ CK_ATTRIBUTE_TYPE aType)
{
PRBool isString;
switch (aType) {
- case CKA_LABEL:
- case CKA_NSS_EMAIL:
- isString = PR_TRUE;
- break;
- default:
- isString = PR_FALSE;
- break;
+ case CKA_LABEL:
+ case CKA_NSS_EMAIL:
+ isString = PR_TRUE;
+ break;
+ default:
+ isString = PR_FALSE;
+ break;
}
return isString;
}
-NSS_IMPLEMENT PRStatus
-nssCKObject_GetAttributes (
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR obj_template,
- CK_ULONG count,
- NSSArena *arenaOpt,
- nssSession *session,
- NSSSlot *slot
-)
+NSS_IMPLEMENT PRStatus
+nssCKObject_GetAttributes(
+ CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_PTR obj_template,
+ CK_ULONG count,
+ NSSArena *arenaOpt,
+ nssSession *session,
+ NSSSlot *slot)
{
nssArenaMark *mark = NULL;
CK_SESSION_HANDLE hSession;
@@ -69,114 +67,112 @@ nssCKObject_GetAttributes (
PRStatus nssrv;
PRBool alloced = PR_FALSE;
void *epv = nssSlot_GetCryptokiEPV(slot);
- hSession = session->handle;
+ hSession = session->handle;
if (arenaOpt) {
- mark = nssArena_Mark(arenaOpt);
- if (!mark) {
- goto loser;
- }
+ mark = nssArena_Mark(arenaOpt);
+ if (!mark) {
+ goto loser;
+ }
}
nssSession_EnterMonitor(session);
/* XXX kinda hacky, if the storage size is already in the first template
* item, then skip the alloc portion
*/
if (obj_template[0].ulValueLen == 0) {
- /* Get the storage size needed for each attribute */
- ckrv = CKAPI(epv)->C_GetAttributeValue(hSession,
- object, obj_template, count);
- if (ckrv != CKR_OK &&
- ckrv != CKR_ATTRIBUTE_TYPE_INVALID &&
- ckrv != CKR_ATTRIBUTE_SENSITIVE)
- {
- nssSession_ExitMonitor(session);
- nss_SetError(NSS_ERROR_DEVICE_ERROR);
- goto loser;
- }
- /* Allocate memory for each attribute. */
- for (i=0; i<count; i++) {
- CK_ULONG ulValueLen = obj_template[i].ulValueLen;
- if (ulValueLen == 0 || ulValueLen == (CK_ULONG) -1) {
- obj_template[i].pValue = NULL;
- obj_template[i].ulValueLen = 0;
- continue;
- }
- if (is_string_attribute(obj_template[i].type)) {
- ulValueLen++;
- }
- obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen);
- if (!obj_template[i].pValue) {
- nssSession_ExitMonitor(session);
- goto loser;
- }
- }
- alloced = PR_TRUE;
+ /* Get the storage size needed for each attribute */
+ ckrv = CKAPI(epv)->C_GetAttributeValue(hSession,
+ object, obj_template, count);
+ if (ckrv != CKR_OK &&
+ ckrv != CKR_ATTRIBUTE_TYPE_INVALID &&
+ ckrv != CKR_ATTRIBUTE_SENSITIVE) {
+ nssSession_ExitMonitor(session);
+ nss_SetError(NSS_ERROR_DEVICE_ERROR);
+ goto loser;
+ }
+ /* Allocate memory for each attribute. */
+ for (i = 0; i < count; i++) {
+ CK_ULONG ulValueLen = obj_template[i].ulValueLen;
+ if (ulValueLen == 0 || ulValueLen == (CK_ULONG)-1) {
+ obj_template[i].pValue = NULL;
+ obj_template[i].ulValueLen = 0;
+ continue;
+ }
+ if (is_string_attribute(obj_template[i].type)) {
+ ulValueLen++;
+ }
+ obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen);
+ if (!obj_template[i].pValue) {
+ nssSession_ExitMonitor(session);
+ goto loser;
+ }
+ }
+ alloced = PR_TRUE;
}
/* Obtain the actual attribute values. */
ckrv = CKAPI(epv)->C_GetAttributeValue(hSession,
object, obj_template, count);
nssSession_ExitMonitor(session);
- if (ckrv != CKR_OK &&
+ if (ckrv != CKR_OK &&
ckrv != CKR_ATTRIBUTE_TYPE_INVALID &&
- ckrv != CKR_ATTRIBUTE_SENSITIVE)
- {
- nss_SetError(NSS_ERROR_DEVICE_ERROR);
- goto loser;
+ ckrv != CKR_ATTRIBUTE_SENSITIVE) {
+ nss_SetError(NSS_ERROR_DEVICE_ERROR);
+ goto loser;
}
if (alloced && arenaOpt) {
- nssrv = nssArena_Unmark(arenaOpt, mark);
- if (nssrv != PR_SUCCESS) {
- goto loser;
- }
- }
-
- if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
- (ckrv == CKR_ATTRIBUTE_SENSITIVE))) {
- /* old tokens would keep the length of '0' and not deal with any
- * of the attributes we passed. For those tokens read them one at
- * a time */
- for (i=0; i < count; i++) {
- if ((obj_template[i].ulValueLen == 0)
- || (obj_template[i].ulValueLen == -1)) {
- obj_template[i].ulValueLen=0;
- (void) nssCKObject_GetAttributes(object,&obj_template[i], 1,
- arenaOpt, session, slot);
- }
- }
+ nssrv = nssArena_Unmark(arenaOpt, mark);
+ if (nssrv != PR_SUCCESS) {
+ goto loser;
+ }
+ }
+
+ if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
+ (ckrv == CKR_ATTRIBUTE_SENSITIVE))) {
+ /* old tokens would keep the length of '0' and not deal with any
+ * of the attributes we passed. For those tokens read them one at
+ * a time */
+ for (i = 0; i < count; i++) {
+ if ((obj_template[i].ulValueLen == 0) ||
+ (obj_template[i].ulValueLen == -1)) {
+ obj_template[i].ulValueLen = 0;
+ (void)nssCKObject_GetAttributes(object, &obj_template[i], 1,
+ arenaOpt, session, slot);
+ }
+ }
}
return PR_SUCCESS;
loser:
if (alloced) {
- if (arenaOpt) {
- /* release all arena memory allocated before the failure. */
- (void)nssArena_Release(arenaOpt, mark);
- } else {
- CK_ULONG j;
- /* free each heap object that was allocated before the failure. */
- for (j=0; j<i; j++) {
- nss_ZFreeIf(obj_template[j].pValue);
- }
- }
+ if (arenaOpt) {
+ /* release all arena memory allocated before the failure. */
+ (void)nssArena_Release(arenaOpt, mark);
+ }
+ else {
+ CK_ULONG j;
+ /* free each heap object that was allocated before the failure. */
+ for (j = 0; j < i; j++) {
+ nss_ZFreeIf(obj_template[j].pValue);
+ }
+ }
}
return PR_FAILURE;
}
NSS_IMPLEMENT PRStatus
-nssCKObject_GetAttributeItem (
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_TYPE attribute,
- NSSArena *arenaOpt,
- nssSession *session,
- NSSSlot *slot,
- NSSItem *rvItem
-)
+nssCKObject_GetAttributeItem(
+ CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSArena *arenaOpt,
+ nssSession *session,
+ NSSSlot *slot,
+ NSSItem *rvItem)
{
CK_ATTRIBUTE attr = { 0, NULL, 0 };
PRStatus nssrv;
attr.type = attribute;
- nssrv = nssCKObject_GetAttributes(object, &attr, 1,
+ nssrv = nssCKObject_GetAttributes(object, &attr, 1,
arenaOpt, session, slot);
if (nssrv != PR_SUCCESS) {
- return nssrv;
+ return nssrv;
}
rvItem->data = (void *)attr.pValue;
rvItem->size = (PRUint32)attr.ulValueLen;
@@ -184,13 +180,12 @@ nssCKObject_GetAttributeItem (
}
NSS_IMPLEMENT PRBool
-nssCKObject_IsAttributeTrue (
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_TYPE attribute,
- nssSession *session,
- NSSSlot *slot,
- PRStatus *rvStatus
-)
+nssCKObject_IsAttributeTrue(
+ CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_TYPE attribute,
+ nssSession *session,
+ NSSSlot *slot,
+ PRStatus *rvStatus)
{
CK_BBOOL bool;
CK_ATTRIBUTE_PTR attr;
@@ -200,50 +195,49 @@ nssCKObject_IsAttributeTrue (
attr = &atemplate;
NSS_CK_SET_ATTRIBUTE_VAR(attr, attribute, bool);
nssSession_EnterMonitor(session);
- ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object,
+ ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object,
&atemplate, 1);
nssSession_ExitMonitor(session);
if (ckrv != CKR_OK) {
- *rvStatus = PR_FAILURE;
- return PR_FALSE;
+ *rvStatus = PR_FAILURE;
+ return PR_FALSE;
}
*rvStatus = PR_SUCCESS;
return (PRBool)(bool == CK_TRUE);
}
-NSS_IMPLEMENT PRStatus
-nssCKObject_SetAttributes (
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR obj_template,
- CK_ULONG count,
- nssSession *session,
- NSSSlot *slot
-)
+NSS_IMPLEMENT PRStatus
+nssCKObject_SetAttributes(
+ CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_PTR obj_template,
+ CK_ULONG count,
+ nssSession *session,
+ NSSSlot *slot)
{
CK_RV ckrv;
void *epv = nssSlot_GetCryptokiEPV(slot);
nssSession_EnterMonitor(session);
- ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object,
+ ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object,
obj_template, count);
nssSession_ExitMonitor(session);
if (ckrv == CKR_OK) {
- return PR_SUCCESS;
- } else {
- return PR_FAILURE;
+ return PR_SUCCESS;
+ }
+ else {
+ return PR_FAILURE;
}
}
NSS_IMPLEMENT PRBool
-nssCKObject_IsTokenObjectTemplate (
- CK_ATTRIBUTE_PTR objectTemplate,
- CK_ULONG otsize
-)
+nssCKObject_IsTokenObjectTemplate(
+ CK_ATTRIBUTE_PTR objectTemplate,
+ CK_ULONG otsize)
{
CK_ULONG ul;
- for (ul=0; ul<otsize; ul++) {
- if (objectTemplate[ul].type == CKA_TOKEN) {
- return (*((CK_BBOOL*)objectTemplate[ul].pValue) == CK_TRUE);
- }
+ for (ul = 0; ul < otsize; ul++) {
+ if (objectTemplate[ul].type == CKA_TOKEN) {
+ return (*((CK_BBOOL *)objectTemplate[ul].pValue) == CK_TRUE);
+ }
}
return PR_FALSE;
}
@@ -253,32 +247,31 @@ nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib)
{
CK_CERTIFICATE_TYPE ckCertType;
if (!attrib->pValue) {
- /* default to PKIX */
- return NSSCertificateType_PKIX;
+ /* default to PKIX */
+ return NSSCertificateType_PKIX;
}
ckCertType = *((CK_ULONG *)attrib->pValue);
switch (ckCertType) {
- case CKC_X_509:
- return NSSCertificateType_PKIX;
- default:
- break;
+ case CKC_X_509:
+ return NSSCertificateType_PKIX;
+ default:
+ break;
}
return NSSCertificateType_Unknown;
}
/* incoming pointers must be valid */
NSS_IMPLEMENT PRStatus
-nssCryptokiCertificate_GetAttributes (
- nssCryptokiObject *certObject,
- nssSession *sessionOpt,
- NSSArena *arenaOpt,
- NSSCertificateType *certTypeOpt,
- NSSItem *idOpt,
- NSSDER *encodingOpt,
- NSSDER *issuerOpt,
- NSSDER *serialOpt,
- NSSDER *subjectOpt
-)
+nssCryptokiCertificate_GetAttributes(
+ nssCryptokiObject *certObject,
+ nssSession *sessionOpt,
+ NSSArena *arenaOpt,
+ NSSCertificateType *certTypeOpt,
+ NSSItem *idOpt,
+ NSSDER *encodingOpt,
+ NSSDER *issuerOpt,
+ NSSDER *serialOpt,
+ NSSDER *subjectOpt)
{
PRStatus status;
PRUint32 i;
@@ -290,27 +283,27 @@ nssCryptokiCertificate_GetAttributes (
/* Set up a template of all options chosen by caller */
NSS_CK_TEMPLATE_START(cert_template, attr, template_size);
if (certTypeOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE);
}
if (idOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID);
}
if (encodingOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
}
if (issuerOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER);
}
if (serialOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER);
}
if (subjectOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
}
NSS_CK_TEMPLATE_FINISH(cert_template, attr, template_size);
if (template_size == 0) {
- /* caller didn't want anything */
- return PR_SUCCESS;
+ /* caller didn't want anything */
+ return PR_SUCCESS;
}
status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt,
@@ -318,77 +311,92 @@ nssCryptokiCertificate_GetAttributes (
cert_template, template_size);
if (status != PR_SUCCESS) {
- session = sessionOpt ?
- sessionOpt :
- nssToken_GetDefaultSession(certObject->token);
- if (!session) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FAILURE;
- }
-
- slot = nssToken_GetSlot(certObject->token);
- status = nssCKObject_GetAttributes(certObject->handle,
- cert_template, template_size,
- arenaOpt, session, slot);
- nssSlot_Destroy(slot);
- if (status != PR_SUCCESS) {
- return status;
- }
- }
-
- i=0;
+ session = sessionOpt ?
+ sessionOpt
+ :
+ nssToken_GetDefaultSession(certObject->token);
+ if (!session) {
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return PR_FAILURE;
+ }
+
+ slot = nssToken_GetSlot(certObject->token);
+ status = nssCKObject_GetAttributes(certObject->handle,
+ cert_template, template_size,
+ arenaOpt, session, slot);
+ nssSlot_Destroy(slot);
+ if (status != PR_SUCCESS) {
+ return status;
+ }
+ }
+
+ i = 0;
if (certTypeOpt) {
- *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]); i++;
+ *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]);
+ i++;
}
if (idOpt) {
- NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt);
+ i++;
}
if (encodingOpt) {
- NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt);
+ i++;
}
if (issuerOpt) {
- NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt);
+ i++;
}
if (serialOpt) {
- NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt);
+ i++;
}
if (subjectOpt) {
- NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt);
+ i++;
}
return PR_SUCCESS;
}
-static nssTrustLevel
-get_nss_trust (
- CK_TRUST ckt
-)
+static nssTrustLevel
+get_nss_trust(
+ CK_TRUST ckt)
{
nssTrustLevel t;
switch (ckt) {
- case CKT_NSS_NOT_TRUSTED: t = nssTrustLevel_NotTrusted; break;
- case CKT_NSS_TRUSTED_DELEGATOR: t = nssTrustLevel_TrustedDelegator;
- break;
- case CKT_NSS_VALID_DELEGATOR: t = nssTrustLevel_ValidDelegator; break;
- case CKT_NSS_TRUSTED: t = nssTrustLevel_Trusted; break;
- case CKT_NSS_MUST_VERIFY_TRUST: t = nssTrustLevel_MustVerify; break;
- case CKT_NSS_TRUST_UNKNOWN:
- default:
- t = nssTrustLevel_Unknown; break;
+ case CKT_NSS_NOT_TRUSTED:
+ t = nssTrustLevel_NotTrusted;
+ break;
+ case CKT_NSS_TRUSTED_DELEGATOR:
+ t = nssTrustLevel_TrustedDelegator;
+ break;
+ case CKT_NSS_VALID_DELEGATOR:
+ t = nssTrustLevel_ValidDelegator;
+ break;
+ case CKT_NSS_TRUSTED:
+ t = nssTrustLevel_Trusted;
+ break;
+ case CKT_NSS_MUST_VERIFY_TRUST:
+ t = nssTrustLevel_MustVerify;
+ break;
+ case CKT_NSS_TRUST_UNKNOWN:
+ default:
+ t = nssTrustLevel_Unknown;
+ break;
}
return t;
}
NSS_IMPLEMENT PRStatus
-nssCryptokiTrust_GetAttributes (
- nssCryptokiObject *trustObject,
- nssSession *sessionOpt,
- NSSItem *sha1_hash,
- nssTrustLevel *serverAuth,
- nssTrustLevel *clientAuth,
- nssTrustLevel *codeSigning,
- nssTrustLevel *emailProtection,
- PRBool *stepUpApproved
-)
+nssCryptokiTrust_GetAttributes(
+ nssCryptokiObject *trustObject,
+ nssSession *sessionOpt,
+ NSSItem *sha1_hash,
+ nssTrustLevel *serverAuth,
+ nssTrustLevel *clientAuth,
+ nssTrustLevel *codeSigning,
+ nssTrustLevel *emailProtection,
+ PRBool *stepUpApproved)
{
PRStatus status;
NSSSlot *slot;
@@ -406,42 +414,43 @@ nssCryptokiTrust_GetAttributes (
/* Use the trust object to find the trust settings */
NSS_CK_TEMPLATE_START(trust_template, attr, trust_size);
- NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken);
- NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust);
- NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust);
- NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp);
sha1_hash_attr = attr;
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash);
NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size);
status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL,
- trustObject,
+ trustObject,
CKO_NSS_TRUST,
trust_template, trust_size);
if (status != PR_SUCCESS) {
- session = sessionOpt ?
- sessionOpt :
- nssToken_GetDefaultSession(trustObject->token);
- if (!session) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FAILURE;
- }
-
- slot = nssToken_GetSlot(trustObject->token);
- status = nssCKObject_GetAttributes(trustObject->handle,
- trust_template, trust_size,
- NULL, session, slot);
- nssSlot_Destroy(slot);
- if (status != PR_SUCCESS) {
- return status;
- }
+ session = sessionOpt ?
+ sessionOpt
+ :
+ nssToken_GetDefaultSession(trustObject->token);
+ if (!session) {
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return PR_FAILURE;
+ }
+
+ slot = nssToken_GetSlot(trustObject->token);
+ status = nssCKObject_GetAttributes(trustObject->handle,
+ trust_template, trust_size,
+ NULL, session, slot);
+ nssSlot_Destroy(slot);
+ if (status != PR_SUCCESS) {
+ return status;
+ }
}
if (sha1_hash_attr->ulValueLen == -1) {
- /* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */
- sha1_hash_attr->ulValueLen = 0;
+ /* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */
+ sha1_hash_attr->ulValueLen = 0;
}
sha1_hash->size = sha1_hash_attr->ulValueLen;
*serverAuth = get_nss_trust(saTrust);
@@ -453,16 +462,15 @@ nssCryptokiTrust_GetAttributes (
}
NSS_IMPLEMENT PRStatus
-nssCryptokiCRL_GetAttributes (
- nssCryptokiObject *crlObject,
- nssSession *sessionOpt,
- NSSArena *arenaOpt,
- NSSItem *encodingOpt,
- NSSItem *subjectOpt,
- CK_ULONG* crl_class,
- NSSUTF8 **urlOpt,
- PRBool *isKRLOpt
-)
+nssCryptokiCRL_GetAttributes(
+ nssCryptokiObject *crlObject,
+ nssSession *sessionOpt,
+ NSSArena *arenaOpt,
+ NSSItem *encodingOpt,
+ NSSItem *subjectOpt,
+ CK_ULONG *crl_class,
+ NSSUTF8 **urlOpt,
+ PRBool *isKRLOpt)
{
PRStatus status;
NSSSlot *slot;
@@ -477,69 +485,74 @@ nssCryptokiCRL_GetAttributes (
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CLASS);
}
if (encodingOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
}
if (urlOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL);
}
if (isKRLOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL);
}
if (subjectOpt) {
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
}
NSS_CK_TEMPLATE_FINISH(crl_template, attr, crl_size);
status = nssToken_GetCachedObjectAttributes(crlObject->token, NULL,
- crlObject,
+ crlObject,
CKO_NSS_CRL,
crl_template, crl_size);
if (status != PR_SUCCESS) {
- session = sessionOpt ?
- sessionOpt :
- nssToken_GetDefaultSession(crlObject->token);
- if (session == NULL) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FAILURE;
- }
-
- slot = nssToken_GetSlot(crlObject->token);
- status = nssCKObject_GetAttributes(crlObject->handle,
- crl_template, crl_size,
- arenaOpt, session, slot);
- nssSlot_Destroy(slot);
- if (status != PR_SUCCESS) {
- return status;
- }
- }
-
- i=0;
+ session = sessionOpt ?
+ sessionOpt
+ :
+ nssToken_GetDefaultSession(crlObject->token);
+ if (session == NULL) {
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return PR_FAILURE;
+ }
+
+ slot = nssToken_GetSlot(crlObject->token);
+ status = nssCKObject_GetAttributes(crlObject->handle,
+ crl_template, crl_size,
+ arenaOpt, session, slot);
+ nssSlot_Destroy(slot);
+ if (status != PR_SUCCESS) {
+ return status;
+ }
+ }
+
+ i = 0;
if (crl_class) {
- NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class); i++;
+ NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class);
+ i++;
}
if (encodingOpt) {
- NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt);
+ i++;
}
if (urlOpt) {
- NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt);
+ i++;
}
if (isKRLOpt) {
- NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt);
+ i++;
}
if (subjectOpt) {
- NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt); i++;
+ NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt);
+ i++;
}
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
-nssCryptokiPrivateKey_SetCertificate (
- nssCryptokiObject *keyObject,
- nssSession *sessionOpt,
- const NSSUTF8 *nickname,
- NSSItem *id,
- NSSDER *subject
-)
+nssCryptokiPrivateKey_SetCertificate(
+ nssCryptokiObject *keyObject,
+ nssSession *sessionOpt,
+ const NSSUTF8 *nickname,
+ NSSItem *id,
+ NSSDER *subject)
{
CK_RV ckrv;
CK_ATTRIBUTE_PTR attr;
@@ -558,20 +571,22 @@ nssCryptokiPrivateKey_SetCertificate (
NSS_CK_TEMPLATE_FINISH(key_template, attr, key_size);
if (sessionOpt) {
- if (!nssSession_IsReadWrite(sessionOpt)) {
- return PR_FAILURE;
- }
- session = sessionOpt;
- } else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
- session = defaultSession;
- } else {
- NSSSlot *slot = nssToken_GetSlot(token);
- session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
- nssSlot_Destroy(slot);
- if (!session) {
- return PR_FAILURE;
- }
- createdSession = PR_TRUE;
+ if (!nssSession_IsReadWrite(sessionOpt)) {
+ return PR_FAILURE;
+ }
+ session = sessionOpt;
+ }
+ else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
+ session = defaultSession;
+ }
+ else {
+ NSSSlot *slot = nssToken_GetSlot(token);
+ session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
+ nssSlot_Destroy(slot);
+ if (!session) {
+ return PR_FAILURE;
+ }
+ createdSession = PR_TRUE;
}
ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle,
@@ -580,9 +595,8 @@ nssCryptokiPrivateKey_SetCertificate (
key_size);
if (createdSession) {
- nssSession_Destroy(session);
+ nssSession_Destroy(session);
}
return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}
-
diff --git a/lib/dev/ckhelper.h b/lib/dev/ckhelper.h
index cb4b662e1..a2927f8cb 100644
--- a/lib/dev/ckhelper.h
+++ b/lib/dev/ckhelper.h
@@ -26,38 +26,39 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_cert;
NSS_EXTERN_DATA const NSSItem g_ck_class_pubkey;
NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
-#define NSS_CK_TEMPLATE_START(_template, attr, size) \
- attr = _template; \
+#define NSS_CK_TEMPLATE_START(_template, attr, size) \
+ attr = _template; \
size = 0;
-#define NSS_CK_SET_ATTRIBUTE_ITEM(pattr, kind, item) \
- (pattr)->type = kind; \
- (pattr)->pValue = (CK_VOID_PTR)(item)->data; \
- (pattr)->ulValueLen = (CK_ULONG)(item)->size; \
+#define NSS_CK_SET_ATTRIBUTE_ITEM(pattr, kind, item) \
+ (pattr)->type = kind; \
+ (pattr)->pValue = (CK_VOID_PTR)(item)->data; \
+ (pattr)->ulValueLen = (CK_ULONG)(item)->size; \
(pattr)++;
-#define NSS_CK_SET_ATTRIBUTE_UTF8(pattr, kind, utf8) \
- (pattr)->type = kind; \
- (pattr)->pValue = (CK_VOID_PTR)utf8; \
+#define NSS_CK_SET_ATTRIBUTE_UTF8(pattr, kind, utf8) \
+ (pattr)->type = kind; \
+ (pattr)->pValue = (CK_VOID_PTR)utf8; \
(pattr)->ulValueLen = (CK_ULONG)nssUTF8_Size(utf8, NULL); \
- if ((pattr)->ulValueLen) ((pattr)->ulValueLen)--; \
+ if ((pattr)->ulValueLen) \
+ ((pattr)->ulValueLen)--; \
(pattr)++;
-#define NSS_CK_SET_ATTRIBUTE_VAR(pattr, kind, var) \
- (pattr)->type = kind; \
- (pattr)->pValue = (CK_VOID_PTR)&var; \
- (pattr)->ulValueLen = (CK_ULONG)sizeof(var); \
+#define NSS_CK_SET_ATTRIBUTE_VAR(pattr, kind, var) \
+ (pattr)->type = kind; \
+ (pattr)->pValue = (CK_VOID_PTR)&var; \
+ (pattr)->ulValueLen = (CK_ULONG)sizeof(var); \
(pattr)++;
-#define NSS_CK_SET_ATTRIBUTE_NULL(pattr, kind) \
- (pattr)->type = kind; \
- (pattr)->pValue = (CK_VOID_PTR)NULL; \
- (pattr)->ulValueLen = 0; \
+#define NSS_CK_SET_ATTRIBUTE_NULL(pattr, kind) \
+ (pattr)->type = kind; \
+ (pattr)->pValue = (CK_VOID_PTR)NULL; \
+ (pattr)->ulValueLen = 0; \
(pattr)++;
#define NSS_CK_TEMPLATE_FINISH(_template, attr, size) \
size = (attr) - (_template); \
- PR_ASSERT(size <= sizeof(_template)/sizeof(_template[0]));
+ PR_ASSERT(size <= sizeof(_template) / sizeof(_template[0]));
/* NSS_CK_ATTRIBUTE_TO_ITEM(attrib, item)
*
@@ -65,92 +66,84 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
*/
#define NSS_CK_ATTRIBUTE_TO_ITEM(attrib, item) \
if ((CK_LONG)(attrib)->ulValueLen > 0) { \
- (item)->data = (void *)(attrib)->pValue; \
- (item)->size = (PRUint32)(attrib)->ulValueLen; \
- } else { \
- (item)->data = 0; \
- (item)->size = 0; \
+ (item)->data = (void *)(attrib)->pValue; \
+ (item)->size = (PRUint32)(attrib)->ulValueLen; \
+ } \
+ else { \
+ (item)->data = 0; \
+ (item)->size = 0; \
}
-#define NSS_CK_ATTRIBUTE_TO_BOOL(attrib, boolvar) \
- if ((attrib)->ulValueLen > 0) { \
- if (*((CK_BBOOL*)(attrib)->pValue) == CK_TRUE) { \
- boolvar = PR_TRUE; \
- } else { \
- boolvar = PR_FALSE; \
- } \
+#define NSS_CK_ATTRIBUTE_TO_BOOL(attrib, boolvar) \
+ if ((attrib)->ulValueLen > 0) { \
+ if (*((CK_BBOOL *)(attrib)->pValue) == CK_TRUE) { \
+ boolvar = PR_TRUE; \
+ } \
+ else { \
+ boolvar = PR_FALSE; \
+ } \
}
-#define NSS_CK_ATTRIBUTE_TO_ULONG(attrib, ulongvar) \
- if ((attrib)->ulValueLen > 0) { \
- ulongvar = *((CK_ULONG*)(attrib)->pValue); \
+#define NSS_CK_ATTRIBUTE_TO_ULONG(attrib, ulongvar) \
+ if ((attrib)->ulValueLen > 0) { \
+ ulongvar = *((CK_ULONG *)(attrib)->pValue); \
}
/* NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str)
*
* Convert a CK_ATTRIBUTE to a string.
*/
-#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) \
+#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) \
str = (NSSUTF8 *)((attrib)->pValue);
/* NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib)
*
* Convert an NSSItem to a CK_ATTRIBUTE.
*/
-#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib) \
- (attrib)->pValue = (CK_VOID_PTR)(item)->data; \
- (attrib)->ulValueLen = (CK_ULONG)(item)->size; \
+#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib) \
+ (attrib)->pValue = (CK_VOID_PTR)(item)->data; \
+ (attrib)->ulValueLen = (CK_ULONG)(item)->size;
/* Get an array of attributes from an object. */
-NSS_EXTERN PRStatus
-nssCKObject_GetAttributes
-(
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR obj_template,
- CK_ULONG count,
- NSSArena *arenaOpt,
- nssSession *session,
- NSSSlot *slot
-);
+NSS_EXTERN PRStatus
+nssCKObject_GetAttributes(
+ CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_PTR obj_template,
+ CK_ULONG count,
+ NSSArena *arenaOpt,
+ nssSession *session,
+ NSSSlot *slot);
/* Get a single attribute as an item. */
NSS_EXTERN PRStatus
-nssCKObject_GetAttributeItem
-(
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_TYPE attribute,
- NSSArena *arenaOpt,
- nssSession *session,
- NSSSlot *slot,
- NSSItem *rvItem
-);
+nssCKObject_GetAttributeItem(
+ CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSArena *arenaOpt,
+ nssSession *session,
+ NSSSlot *slot,
+ NSSItem *rvItem);
NSS_EXTERN PRBool
-nssCKObject_IsAttributeTrue
-(
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_TYPE attribute,
- nssSession *session,
- NSSSlot *slot,
- PRStatus *rvStatus
-);
-
-NSS_EXTERN PRStatus
-nssCKObject_SetAttributes
-(
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR obj_template,
- CK_ULONG count,
- nssSession *session,
- NSSSlot *slot
-);
+nssCKObject_IsAttributeTrue(
+ CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_TYPE attribute,
+ nssSession *session,
+ NSSSlot *slot,
+ PRStatus *rvStatus);
+
+NSS_EXTERN PRStatus
+nssCKObject_SetAttributes(
+ CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_PTR obj_template,
+ CK_ULONG count,
+ nssSession *session,
+ NSSSlot *slot);
NSS_EXTERN PRBool
-nssCKObject_IsTokenObjectTemplate
-(
- CK_ATTRIBUTE_PTR objectTemplate,
- CK_ULONG otsize
-);
+nssCKObject_IsTokenObjectTemplate(
+ CK_ATTRIBUTE_PTR objectTemplate,
+ CK_ULONG otsize);
PR_END_EXTERN_C
diff --git a/lib/dev/dev.h b/lib/dev/dev.h
index fa6242abc..7e64e7612 100644
--- a/lib/dev/dev.h
+++ b/lib/dev/dev.h
@@ -40,64 +40,44 @@ PR_BEGIN_EXTERN_C
*/
NSS_EXTERN PRStatus
-nss_InitializeGlobalModuleList
-(
- void
-);
+nss_InitializeGlobalModuleList(
+ void);
NSS_EXTERN PRStatus
-nss_DestroyGlobalModuleList
-(
- void
-);
+nss_DestroyGlobalModuleList(
+ void);
NSS_EXTERN NSSModule **
-nss_GetLoadedModules
-(
- void
-);
+nss_GetLoadedModules(
+ void);
NSS_EXTERN PRStatus
-nssGlobalModuleList_Add
-(
- NSSModule *module
-);
+nssGlobalModuleList_Add(
+ NSSModule *module);
NSS_EXTERN PRStatus
-nssGlobalModuleList_Remove
-(
- NSSModule *module
-);
+nssGlobalModuleList_Remove(
+ NSSModule *module);
NSS_EXTERN NSSModule *
-nssGlobalModuleList_FindModuleByName
-(
- NSSUTF8 *moduleName
-);
+nssGlobalModuleList_FindModuleByName(
+ NSSUTF8 *moduleName);
NSS_EXTERN NSSSlot *
-nssGlobalModuleList_FindSlotByName
-(
- NSSUTF8 *slotName
-);
+nssGlobalModuleList_FindSlotByName(
+ NSSUTF8 *slotName);
NSS_EXTERN NSSToken *
-nssGlobalModuleList_FindTokenByName
-(
- NSSUTF8 *tokenName
-);
+nssGlobalModuleList_FindTokenByName(
+ NSSUTF8 *tokenName);
NSS_EXTERN NSSToken *
-nss_GetDefaultCryptoToken
-(
- void
-);
+nss_GetDefaultCryptoToken(
+ void);
NSS_EXTERN NSSToken *
-nss_GetDefaultDatabaseToken
-(
- void
-);
+nss_GetDefaultDatabaseToken(
+ void);
/*
* |-----------|<---> NSSSlot <--> NSSToken
@@ -118,66 +98,48 @@ nss_GetDefaultDatabaseToken
*/
NSS_EXTERN NSSModule *
-nssModule_Create
-(
- NSSUTF8 *moduleOpt,
- NSSUTF8 *uriOpt,
- NSSUTF8 *opaqueOpt,
- void *reserved
-);
+nssModule_Create(
+ NSSUTF8 *moduleOpt,
+ NSSUTF8 *uriOpt,
+ NSSUTF8 *opaqueOpt,
+ void *reserved);
/* This is to use the new loading mechanism. */
NSS_EXTERN NSSModule *
-nssModule_CreateFromSpec
-(
- NSSUTF8 *moduleSpec,
- NSSModule *parent,
- PRBool loadSubModules
-);
+nssModule_CreateFromSpec(
+ NSSUTF8 *moduleSpec,
+ NSSModule *parent,
+ PRBool loadSubModules);
NSS_EXTERN PRStatus
-nssModule_Destroy
-(
- NSSModule *mod
-);
+nssModule_Destroy(
+ NSSModule *mod);
NSS_EXTERN NSSModule *
-nssModule_AddRef
-(
- NSSModule *mod
-);
+nssModule_AddRef(
+ NSSModule *mod);
NSS_EXTERN NSSUTF8 *
-nssModule_GetName
-(
- NSSModule *mod
-);
+nssModule_GetName(
+ NSSModule *mod);
NSS_EXTERN NSSSlot **
-nssModule_GetSlots
-(
- NSSModule *mod
-);
+nssModule_GetSlots(
+ NSSModule *mod);
NSS_EXTERN NSSSlot *
-nssModule_FindSlotByName
-(
- NSSModule *mod,
- NSSUTF8 *slotName
-);
+nssModule_FindSlotByName(
+ NSSModule *mod,
+ NSSUTF8 *slotName);
NSS_EXTERN NSSToken *
-nssModule_FindTokenByName
-(
- NSSModule *mod,
- NSSUTF8 *tokenName
-);
+nssModule_FindTokenByName(
+ NSSModule *mod,
+ NSSUTF8 *tokenName);
NSS_EXTERN PRInt32
-nssModule_GetCertOrder
-(
- NSSModule *module
-);
+nssModule_GetCertOrder(
+ NSSModule *module);
/* NSSSlot
*
@@ -199,127 +161,89 @@ nssModule_GetCertOrder
*/
NSS_EXTERN PRStatus
-nssSlot_Destroy
-(
- NSSSlot *slot
-);
+nssSlot_Destroy(
+ NSSSlot *slot);
NSS_EXTERN NSSSlot *
-nssSlot_AddRef
-(
- NSSSlot *slot
-);
+nssSlot_AddRef(
+ NSSSlot *slot);
NSS_EXTERN void
-nssSlot_ResetDelay
-(
- NSSSlot *slot
-);
+nssSlot_ResetDelay(
+ NSSSlot *slot);
NSS_EXTERN NSSUTF8 *
-nssSlot_GetName
-(
- NSSSlot *slot
-);
+nssSlot_GetName(
+ NSSSlot *slot);
NSS_EXTERN NSSUTF8 *
-nssSlot_GetTokenName
-(
- NSSSlot *slot
-);
+nssSlot_GetTokenName(
+ NSSSlot *slot);
NSS_EXTERN NSSModule *
-nssSlot_GetModule
-(
- NSSSlot *slot
-);
+nssSlot_GetModule(
+ NSSSlot *slot);
NSS_EXTERN NSSToken *
-nssSlot_GetToken
-(
- NSSSlot *slot
-);
+nssSlot_GetToken(
+ NSSSlot *slot);
NSS_EXTERN PRBool
-nssSlot_IsTokenPresent
-(
- NSSSlot *slot
-);
+nssSlot_IsTokenPresent(
+ NSSSlot *slot);
NSS_EXTERN PRBool
-nssSlot_IsPermanent
-(
- NSSSlot *slot
-);
+nssSlot_IsPermanent(
+ NSSSlot *slot);
NSS_EXTERN PRBool
-nssSlot_IsFriendly
-(
- NSSSlot *slot
-);
+nssSlot_IsFriendly(
+ NSSSlot *slot);
NSS_EXTERN PRBool
-nssSlot_IsHardware
-(
- NSSSlot *slot
-);
+nssSlot_IsHardware(
+ NSSSlot *slot);
NSS_EXTERN PRBool
-nssSlot_IsLoggedIn
-(
- NSSSlot *slot
-);
+nssSlot_IsLoggedIn(
+ NSSSlot *slot);
NSS_EXTERN PRStatus
-nssSlot_Refresh
-(
- NSSSlot *slot
-);
+nssSlot_Refresh(
+ NSSSlot *slot);
NSS_EXTERN PRStatus
-nssSlot_Login
-(
- NSSSlot *slot,
- NSSCallback *pwcb
-);
+nssSlot_Login(
+ NSSSlot *slot,
+ NSSCallback *pwcb);
extern const NSSError NSS_ERROR_INVALID_PASSWORD;
extern const NSSError NSS_ERROR_USER_CANCELED;
NSS_EXTERN PRStatus
-nssSlot_Logout
-(
- NSSSlot *slot,
- nssSession *sessionOpt
-);
+nssSlot_Logout(
+ NSSSlot *slot,
+ nssSession *sessionOpt);
NSS_EXTERN void
-nssSlot_EnterMonitor
-(
- NSSSlot *slot
-);
+nssSlot_EnterMonitor(
+ NSSSlot *slot);
NSS_EXTERN void
-nssSlot_ExitMonitor
-(
- NSSSlot *slot
-);
+nssSlot_ExitMonitor(
+ NSSSlot *slot);
#define NSSSLOT_ASK_PASSWORD_FIRST_TIME -1
-#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0
+#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0
NSS_EXTERN void
-nssSlot_SetPasswordDefaults
-(
- NSSSlot *slot,
- PRInt32 askPasswordTimeout
-);
+nssSlot_SetPasswordDefaults(
+ NSSSlot *slot,
+ PRInt32 askPasswordTimeout);
NSS_EXTERN PRStatus
-nssSlot_SetPassword
-(
- NSSSlot *slot,
- NSSUTF8 *oldPasswordOpt,
- NSSUTF8 *newPassword
-);
+nssSlot_SetPassword(
+ NSSSlot *slot,
+ NSSUTF8 *oldPasswordOpt,
+ NSSUTF8 *newPassword);
extern const NSSError NSS_ERROR_INVALID_PASSWORD;
extern const NSSError NSS_ERROR_USER_CANCELED;
@@ -328,12 +252,11 @@ extern const NSSError NSS_ERROR_USER_CANCELED;
*/
NSS_EXTERN nssSession *
-nssSlot_CreateSession
-(
- NSSSlot *slot,
- NSSArena *arenaOpt,
- PRBool readWrite /* so far, this is the only flag used */
-);
+nssSlot_CreateSession(
+ NSSSlot *slot,
+ NSSArena *arenaOpt,
+ PRBool readWrite /* so far, this is the only flag used */
+ );
/* NSSToken
*
@@ -366,251 +289,199 @@ nssSlot_CreateSession
*/
NSS_EXTERN PRStatus
-nssToken_Destroy
-(
- NSSToken *tok
-);
+nssToken_Destroy(
+ NSSToken *tok);
NSS_EXTERN NSSToken *
-nssToken_AddRef
-(
- NSSToken *tok
-);
+nssToken_AddRef(
+ NSSToken *tok);
NSS_EXTERN NSSUTF8 *
-nssToken_GetName
-(
- NSSToken *tok
-);
+nssToken_GetName(
+ NSSToken *tok);
NSS_EXTERN NSSModule *
-nssToken_GetModule
-(
- NSSToken *token
-);
+nssToken_GetModule(
+ NSSToken *token);
NSS_EXTERN NSSSlot *
-nssToken_GetSlot
-(
- NSSToken *tok
-);
+nssToken_GetSlot(
+ NSSToken *tok);
NSS_EXTERN PRBool
-nssToken_NeedsPINInitialization
-(
- NSSToken *token
-);
+nssToken_NeedsPINInitialization(
+ NSSToken *token);
NSS_EXTERN nssCryptokiObject *
-nssToken_ImportCertificate
-(
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSCertificateType certType,
- NSSItem *id,
- const NSSUTF8 *nickname,
- NSSDER *encoding,
- NSSDER *issuer,
- NSSDER *subject,
- NSSDER *serial,
- NSSASCII7 *emailAddr,
- PRBool asTokenObject
-);
+nssToken_ImportCertificate(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSCertificateType certType,
+ NSSItem *id,
+ const NSSUTF8 *nickname,
+ NSSDER *encoding,
+ NSSDER *issuer,
+ NSSDER *subject,
+ NSSDER *serial,
+ NSSASCII7 *emailAddr,
+ PRBool asTokenObject);
NSS_EXTERN nssCryptokiObject *
-nssToken_ImportTrust
-(
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSDER *certEncoding,
- NSSDER *certIssuer,
- NSSDER *certSerial,
- nssTrustLevel serverAuth,
- nssTrustLevel clientAuth,
- nssTrustLevel codeSigning,
- nssTrustLevel emailProtection,
- PRBool stepUpApproved,
- PRBool asTokenObject
-);
+nssToken_ImportTrust(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSDER *certEncoding,
+ NSSDER *certIssuer,
+ NSSDER *certSerial,
+ nssTrustLevel serverAuth,
+ nssTrustLevel clientAuth,
+ nssTrustLevel codeSigning,
+ nssTrustLevel emailProtection,
+ PRBool stepUpApproved,
+ PRBool asTokenObject);
NSS_EXTERN nssCryptokiObject *
-nssToken_ImportCRL
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *subject,
- NSSDER *encoding,
- PRBool isKRL,
- NSSUTF8 *url,
- PRBool asTokenObject
-);
+nssToken_ImportCRL(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *subject,
+ NSSDER *encoding,
+ PRBool isKRL,
+ NSSUTF8 *url,
+ PRBool asTokenObject);
/* Permanently remove an object from the token. */
NSS_EXTERN PRStatus
-nssToken_DeleteStoredObject
-(
- nssCryptokiObject *instance
-);
+nssToken_DeleteStoredObject(
+ nssCryptokiObject *instance);
NSS_EXTERN nssCryptokiObject **
-nssToken_FindObjects
-(
- NSSToken *token,
- nssSession *sessionOpt,
- CK_OBJECT_CLASS objclass,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-);
+nssToken_FindObjects(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ CK_OBJECT_CLASS objclass,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
-nssToken_FindCertificatesBySubject
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *subject,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-);
+nssToken_FindCertificatesBySubject(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *subject,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
-nssToken_FindCertificatesByNickname
-(
- NSSToken *token,
- nssSession *sessionOpt,
- const NSSUTF8 *name,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-);
+nssToken_FindCertificatesByNickname(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ const NSSUTF8 *name,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
-nssToken_FindCertificatesByEmail
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSASCII7 *email,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-);
+nssToken_FindCertificatesByEmail(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSASCII7 *email,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
-nssToken_FindCertificatesByID
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSItem *id,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-);
+nssToken_FindCertificatesByID(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSItem *id,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
-nssToken_FindCertificateByIssuerAndSerialNumber
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *issuer,
- NSSDER *serial,
- nssTokenSearchType searchType,
- PRStatus *statusOpt
-);
+nssToken_FindCertificateByIssuerAndSerialNumber(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *issuer,
+ NSSDER *serial,
+ nssTokenSearchType searchType,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
-nssToken_FindCertificateByEncodedCertificate
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSBER *encodedCertificate,
- nssTokenSearchType searchType,
- PRStatus *statusOpt
-);
+nssToken_FindCertificateByEncodedCertificate(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSBER *encodedCertificate,
+ nssTokenSearchType searchType,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
-nssToken_FindTrustForCertificate
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *certEncoding,
- NSSDER *certIssuer,
- NSSDER *certSerial,
- nssTokenSearchType searchType
-);
+nssToken_FindTrustForCertificate(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *certEncoding,
+ NSSDER *certIssuer,
+ NSSDER *certSerial,
+ nssTokenSearchType searchType);
NSS_EXTERN nssCryptokiObject **
-nssToken_FindCRLsBySubject
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *subject,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-);
+nssToken_FindCRLsBySubject(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *subject,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
-nssToken_FindPrivateKeys
-(
- NSSToken *token,
- nssSession *sessionOpt,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-);
+nssToken_FindPrivateKeys(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
-nssToken_FindPrivateKeyByID
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSItem *keyID
-);
+nssToken_FindPrivateKeyByID(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSItem *keyID);
NSS_EXTERN nssCryptokiObject *
-nssToken_FindPublicKeyByID
-(
- NSSToken *token,
- nssSession *sessionOpt,
- NSSItem *keyID
-);
+nssToken_FindPublicKeyByID(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSItem *keyID);
NSS_EXTERN NSSItem *
-nssToken_Digest
-(
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSAlgorithmAndParameters *ap,
- NSSItem *data,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
+nssToken_Digest(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSAlgorithmAndParameters *ap,
+ NSSItem *data,
+ NSSItem *rvOpt,
+ NSSArena *arenaOpt);
NSS_EXTERN PRStatus
-nssToken_BeginDigest
-(
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSAlgorithmAndParameters *ap
-);
+nssToken_BeginDigest(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSAlgorithmAndParameters *ap);
NSS_EXTERN PRStatus
-nssToken_ContinueDigest
-(
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSItem *item
-);
+nssToken_ContinueDigest(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSItem *item);
NSS_EXTERN NSSItem *
-nssToken_FinishDigest
-(
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-);
+nssToken_FinishDigest(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSItem *rvOpt,
+ NSSArena *arenaOpt);
/* nssSession
*
@@ -621,36 +492,28 @@ nssToken_FinishDigest
*/
NSS_EXTERN PRStatus
-nssSession_Destroy
-(
- nssSession *s
-);
+nssSession_Destroy(
+ nssSession *s);
/* would like to inline */
NSS_EXTERN PRStatus
-nssSession_EnterMonitor
-(
- nssSession *s
-);
+nssSession_EnterMonitor(
+ nssSession *s);
/* would like to inline */
NSS_EXTERN PRStatus
-nssSession_ExitMonitor
-(
- nssSession *s
-);
+nssSession_ExitMonitor(
+ nssSession *s);
/* would like to inline */
NSS_EXTERN PRBool
-nssSession_IsReadWrite
-(
- nssSession *s
-);
+nssSession_IsReadWrite(
+ nssSession *s);
/* nssCryptokiObject
*
* An object living on a cryptoki token.
- * Not really proper to mix up the object types just because
+ * Not really proper to mix up the object types just because
* nssCryptokiObject itself is generic, but doing so anyway.
*
* nssCryptokiObject_Destroy
@@ -664,83 +527,67 @@ nssSession_IsReadWrite
*/
NSS_EXTERN void
-nssCryptokiObject_Destroy
-(
- nssCryptokiObject *object
-);
+nssCryptokiObject_Destroy(
+ nssCryptokiObject *object);
NSS_EXTERN PRBool
-nssCryptokiObject_Equal
-(
- nssCryptokiObject *object1,
- nssCryptokiObject *object2
-);
+nssCryptokiObject_Equal(
+ nssCryptokiObject *object1,
+ nssCryptokiObject *object2);
NSS_EXTERN nssCryptokiObject *
-nssCryptokiObject_Clone
-(
- nssCryptokiObject *object
-);
+nssCryptokiObject_Clone(
+ nssCryptokiObject *object);
NSS_EXTERN PRStatus
-nssCryptokiCertificate_GetAttributes
-(
- nssCryptokiObject *object,
- nssSession *sessionOpt,
- NSSArena *arenaOpt,
- NSSCertificateType *certTypeOpt,
- NSSItem *idOpt,
- NSSDER *encodingOpt,
- NSSDER *issuerOpt,
- NSSDER *serialOpt,
- NSSDER *subjectOpt
-);
+nssCryptokiCertificate_GetAttributes(
+ nssCryptokiObject *object,
+ nssSession *sessionOpt,
+ NSSArena *arenaOpt,
+ NSSCertificateType *certTypeOpt,
+ NSSItem *idOpt,
+ NSSDER *encodingOpt,
+ NSSDER *issuerOpt,
+ NSSDER *serialOpt,
+ NSSDER *subjectOpt);
NSS_EXTERN PRStatus
-nssCryptokiTrust_GetAttributes
-(
- nssCryptokiObject *trustObject,
- nssSession *sessionOpt,
- NSSItem *sha1_hash,
- nssTrustLevel *serverAuth,
- nssTrustLevel *clientAuth,
- nssTrustLevel *codeSigning,
- nssTrustLevel *emailProtection,
- PRBool *stepUpApproved
-);
+nssCryptokiTrust_GetAttributes(
+ nssCryptokiObject *trustObject,
+ nssSession *sessionOpt,
+ NSSItem *sha1_hash,
+ nssTrustLevel *serverAuth,
+ nssTrustLevel *clientAuth,
+ nssTrustLevel *codeSigning,
+ nssTrustLevel *emailProtection,
+ PRBool *stepUpApproved);
NSS_EXTERN PRStatus
-nssCryptokiCRL_GetAttributes
-(
- nssCryptokiObject *crlObject,
- nssSession *sessionOpt,
- NSSArena *arenaOpt,
- NSSItem *encodingOpt,
- NSSItem * subjectOpt,
- CK_ULONG * crl_class,
- NSSUTF8 **urlOpt,
- PRBool *isKRLOpt
-);
+nssCryptokiCRL_GetAttributes(
+ nssCryptokiObject *crlObject,
+ nssSession *sessionOpt,
+ NSSArena *arenaOpt,
+ NSSItem *encodingOpt,
+ NSSItem *subjectOpt,
+ CK_ULONG *crl_class,
+ NSSUTF8 **urlOpt,
+ PRBool *isKRLOpt);
/* I'm including this to handle import of certificates in NSS 3.5. This
* function will set the cert-related attributes of a key, in order to
* associate it with a cert. Does it stay like this for 4.0?
*/
NSS_EXTERN PRStatus
-nssCryptokiPrivateKey_SetCertificate
-(
- nssCryptokiObject *keyObject,
- nssSession *sessionOpt,
- const NSSUTF8 *nickname,
- NSSItem *id,
- NSSDER *subject
-);
+nssCryptokiPrivateKey_SetCertificate(
+ nssCryptokiObject *keyObject,
+ nssSession *sessionOpt,
+ const NSSUTF8 *nickname,
+ NSSItem *id,
+ NSSDER *subject);
NSS_EXTERN void
-nssModuleArray_Destroy
-(
- NSSModule **modules
-);
+nssModuleArray_Destroy(
+ NSSModule **modules);
/* nssSlotArray
*
@@ -748,10 +595,8 @@ nssModuleArray_Destroy
*/
NSS_EXTERN void
-nssSlotArray_Destroy
-(
- NSSSlot **slots
-);
+nssSlotArray_Destroy(
+ NSSSlot **slots);
/* nssTokenArray
*
@@ -759,23 +604,19 @@ nssSlotArray_Destroy
*/
NSS_EXTERN void
-nssTokenArray_Destroy
-(
- NSSToken **tokens
-);
+nssTokenArray_Destroy(
+ NSSToken **tokens);
/* nssCryptokiObjectArray
*
* nssCryptokiObjectArray_Destroy
*/
NSS_EXTERN void
-nssCryptokiObjectArray_Destroy
-(
- nssCryptokiObject **object
-);
+nssCryptokiObjectArray_Destroy(
+ nssCryptokiObject **object);
/* nssSlotList
-*
+ *
* An ordered list of slots. The order can be anything, it is set in the
* Add methods. Perhaps it should be CreateInCertOrder, ...?
*
@@ -794,30 +635,24 @@ nssCryptokiObjectArray_Destroy
/* nssSlotList_Create
*/
NSS_EXTERN nssSlotList *
-nssSlotList_Create
-(
- NSSArena *arenaOpt
-);
+nssSlotList_Create(
+ NSSArena *arenaOpt);
/* nssSlotList_Destroy
*/
NSS_EXTERN void
-nssSlotList_Destroy
-(
- nssSlotList *slotList
-);
+nssSlotList_Destroy(
+ nssSlotList *slotList);
/* nssSlotList_Add
*
* Add the given slot in the given order.
*/
NSS_EXTERN PRStatus
-nssSlotList_Add
-(
- nssSlotList *slotList,
- NSSSlot *slot,
- PRUint32 order
-);
+nssSlotList_Add(
+ nssSlotList *slotList,
+ NSSSlot *slot,
+ PRUint32 order);
/* nssSlotList_AddModuleSlots
*
@@ -825,38 +660,30 @@ nssSlotList_Add
* equal weight).
*/
NSS_EXTERN PRStatus
-nssSlotList_AddModuleSlots
-(
- nssSlotList *slotList,
- NSSModule *module,
- PRUint32 order
-);
+nssSlotList_AddModuleSlots(
+ nssSlotList *slotList,
+ NSSModule *module,
+ PRUint32 order);
/* nssSlotList_GetSlots
*/
NSS_EXTERN NSSSlot **
-nssSlotList_GetSlots
-(
- nssSlotList *slotList
-);
+nssSlotList_GetSlots(
+ nssSlotList *slotList);
/* nssSlotList_FindSlotByName
*/
NSS_EXTERN NSSSlot *
-nssSlotList_FindSlotByName
-(
- nssSlotList *slotList,
- NSSUTF8 *slotName
-);
+nssSlotList_FindSlotByName(
+ nssSlotList *slotList,
+ NSSUTF8 *slotName);
/* nssSlotList_FindTokenByName
*/
NSS_EXTERN NSSToken *
-nssSlotList_FindTokenByName
-(
- nssSlotList *slotList,
- NSSUTF8 *tokenName
-);
+nssSlotList_FindTokenByName(
+ nssSlotList *slotList,
+ NSSUTF8 *tokenName);
/* nssSlotList_GetBestSlot
*
@@ -864,74 +691,56 @@ nssSlotList_FindTokenByName
* list.
*/
NSS_EXTERN NSSSlot *
-nssSlotList_GetBestSlot
-(
- nssSlotList *slotList
-);
+nssSlotList_GetBestSlot(
+ nssSlotList *slotList);
/* nssSlotList_GetBestSlotForAlgorithmAndParameters
*
* Highest-ranking slot than can handle algorithm/parameters.
*/
NSS_EXTERN NSSSlot *
-nssSlotList_GetBestSlotForAlgorithmAndParameters
-(
- nssSlotList *slotList,
- NSSAlgorithmAndParameters *ap
-);
+nssSlotList_GetBestSlotForAlgorithmAndParameters(
+ nssSlotList *slotList,
+ NSSAlgorithmAndParameters *ap);
/* nssSlotList_GetBestSlotForAlgorithmsAndParameters
*
* Highest-ranking slot than can handle all algorithms/parameters.
*/
NSS_EXTERN NSSSlot *
-nssSlotList_GetBestSlotForAlgorithmsAndParameters
-(
- nssSlotList *slotList,
- NSSAlgorithmAndParameters **ap
-);
+nssSlotList_GetBestSlotForAlgorithmsAndParameters(
+ nssSlotList *slotList,
+ NSSAlgorithmAndParameters **ap);
NSS_EXTERN PRBool
-nssToken_IsPresent
-(
- NSSToken *token
-);
+nssToken_IsPresent(
+ NSSToken *token);
NSS_EXTERN nssSession *
-nssToken_GetDefaultSession
-(
- NSSToken *token
-);
+nssToken_GetDefaultSession(
+ NSSToken *token);
NSS_EXTERN PRStatus
-nssToken_GetTrustOrder
-(
- NSSToken *tok
-);
+nssToken_GetTrustOrder(
+ NSSToken *tok);
NSS_EXTERN PRStatus
-nssToken_NotifyCertsNotVisible
-(
- NSSToken *tok
-);
+nssToken_NotifyCertsNotVisible(
+ NSSToken *tok);
NSS_EXTERN PRStatus
-nssToken_TraverseCertificates
-(
- NSSToken *token,
- nssSession *sessionOpt,
- nssTokenSearchType searchType,
- PRStatus (* callback)(nssCryptokiObject *instance, void *arg),
- void *arg
-);
+nssToken_TraverseCertificates(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ nssTokenSearchType searchType,
+ PRStatus (*callback)(nssCryptokiObject *instance, void *arg),
+ void *arg);
NSS_EXTERN PRBool
-nssToken_IsPrivateKeyAvailable
-(
- NSSToken *token,
- NSSCertificate *c,
- nssCryptokiObject *instance
-);
+nssToken_IsPrivateKeyAvailable(
+ NSSToken *token,
+ NSSCertificate *c,
+ nssCryptokiObject *instance);
PR_END_EXTERN_C
diff --git a/lib/dev/devm.h b/lib/dev/devm.h
index 6485ae2ad..16acf649f 100644
--- a/lib/dev/devm.h
+++ b/lib/dev/devm.h
@@ -24,181 +24,133 @@ PR_BEGIN_EXTERN_C
((CK_FUNCTION_LIST_PTR)(epv))
NSS_EXTERN void
-nssDevice_AddRef
-(
- struct nssDeviceBaseStr *device
-);
+nssDevice_AddRef(
+ struct nssDeviceBaseStr *device);
NSS_EXTERN PRBool
-nssDevice_Destroy
-(
- struct nssDeviceBaseStr *device
-);
+nssDevice_Destroy(
+ struct nssDeviceBaseStr *device);
NSS_EXTERN PRBool
-nssModule_IsThreadSafe
-(
- NSSModule *module
-);
+nssModule_IsThreadSafe(
+ NSSModule *module);
NSS_EXTERN PRBool
-nssModule_IsInternal
-(
- NSSModule *mod
-);
+nssModule_IsInternal(
+ NSSModule *mod);
NSS_EXTERN PRBool
-nssModule_IsModuleDBOnly
-(
- NSSModule *mod
-);
+nssModule_IsModuleDBOnly(
+ NSSModule *mod);
NSS_EXTERN void *
-nssModule_GetCryptokiEPV
-(
- NSSModule *mod
-);
+nssModule_GetCryptokiEPV(
+ NSSModule *mod);
NSS_EXTERN NSSSlot *
-nssSlot_Create
-(
- CK_SLOT_ID slotId,
- NSSModule *parent
-);
+nssSlot_Create(
+ CK_SLOT_ID slotId,
+ NSSModule *parent);
NSS_EXTERN void *
-nssSlot_GetCryptokiEPV
-(
- NSSSlot *slot
-);
+nssSlot_GetCryptokiEPV(
+ NSSSlot *slot);
NSS_EXTERN NSSToken *
-nssToken_Create
-(
- CK_SLOT_ID slotID,
- NSSSlot *peer
-);
+nssToken_Create(
+ CK_SLOT_ID slotID,
+ NSSSlot *peer);
NSS_EXTERN void *
-nssToken_GetCryptokiEPV
-(
- NSSToken *token
-);
+nssToken_GetCryptokiEPV(
+ NSSToken *token);
NSS_EXTERN nssSession *
-nssToken_GetDefaultSession
-(
- NSSToken *token
-);
+nssToken_GetDefaultSession(
+ NSSToken *token);
NSS_EXTERN PRBool
-nssToken_IsLoginRequired
-(
- NSSToken *token
-);
+nssToken_IsLoginRequired(
+ NSSToken *token);
NSS_EXTERN void
-nssToken_Remove
-(
- NSSToken *token
-);
+nssToken_Remove(
+ NSSToken *token);
NSS_EXTERN nssCryptokiObject *
-nssCryptokiObject_Create
-(
- NSSToken *t,
- nssSession *session,
- CK_OBJECT_HANDLE h
-);
+nssCryptokiObject_Create(
+ NSSToken *t,
+ nssSession *session,
+ CK_OBJECT_HANDLE h);
NSS_EXTERN nssTokenObjectCache *
-nssTokenObjectCache_Create
-(
- NSSToken *token,
- PRBool cacheCerts,
- PRBool cacheTrust,
- PRBool cacheCRLs
-);
+nssTokenObjectCache_Create(
+ NSSToken *token,
+ PRBool cacheCerts,
+ PRBool cacheTrust,
+ PRBool cacheCRLs);
NSS_EXTERN void
-nssTokenObjectCache_Destroy
-(
- nssTokenObjectCache *cache
-);
+nssTokenObjectCache_Destroy(
+ nssTokenObjectCache *cache);
NSS_EXTERN void
-nssTokenObjectCache_Clear
-(
- nssTokenObjectCache *cache
-);
+nssTokenObjectCache_Clear(
+ nssTokenObjectCache *cache);
NSS_EXTERN PRBool
-nssTokenObjectCache_HaveObjectClass
-(
- nssTokenObjectCache *cache,
- CK_OBJECT_CLASS objclass
-);
+nssTokenObjectCache_HaveObjectClass(
+ nssTokenObjectCache *cache,
+ CK_OBJECT_CLASS objclass);
NSS_EXTERN nssCryptokiObject **
-nssTokenObjectCache_FindObjectsByTemplate
-(
- nssTokenObjectCache *cache,
- CK_OBJECT_CLASS objclass,
- CK_ATTRIBUTE_PTR otemplate,
- CK_ULONG otlen,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-);
+nssTokenObjectCache_FindObjectsByTemplate(
+ nssTokenObjectCache *cache,
+ CK_OBJECT_CLASS objclass,
+ CK_ATTRIBUTE_PTR otemplate,
+ CK_ULONG otlen,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt);
NSS_EXTERN PRStatus
-nssTokenObjectCache_GetObjectAttributes
-(
- nssTokenObjectCache *cache,
- NSSArena *arenaOpt,
- nssCryptokiObject *object,
- CK_OBJECT_CLASS objclass,
- CK_ATTRIBUTE_PTR atemplate,
- CK_ULONG atlen
-);
+nssTokenObjectCache_GetObjectAttributes(
+ nssTokenObjectCache *cache,
+ NSSArena *arenaOpt,
+ nssCryptokiObject *object,
+ CK_OBJECT_CLASS objclass,
+ CK_ATTRIBUTE_PTR atemplate,
+ CK_ULONG atlen);
NSS_EXTERN PRStatus
-nssTokenObjectCache_ImportObject
-(
- nssTokenObjectCache *cache,
- nssCryptokiObject *object,
- CK_OBJECT_CLASS objclass,
- CK_ATTRIBUTE_PTR ot,
- CK_ULONG otlen
-);
+nssTokenObjectCache_ImportObject(
+ nssTokenObjectCache *cache,
+ nssCryptokiObject *object,
+ CK_OBJECT_CLASS objclass,
+ CK_ATTRIBUTE_PTR ot,
+ CK_ULONG otlen);
NSS_EXTERN void
-nssTokenObjectCache_RemoveObject
-(
- nssTokenObjectCache *cache,
- nssCryptokiObject *object
-);
+nssTokenObjectCache_RemoveObject(
+ nssTokenObjectCache *cache,
+ nssCryptokiObject *object);
/* XXX allows peek back into token */
NSS_EXTERN PRStatus
-nssToken_GetCachedObjectAttributes
-(
- NSSToken *token,
- NSSArena *arenaOpt,
- nssCryptokiObject *object,
- CK_OBJECT_CLASS objclass,
- CK_ATTRIBUTE_PTR atemplate,
- CK_ULONG atlen
-);
+nssToken_GetCachedObjectAttributes(
+ NSSToken *token,
+ NSSArena *arenaOpt,
+ nssCryptokiObject *object,
+ CK_OBJECT_CLASS objclass,
+ CK_ATTRIBUTE_PTR atemplate,
+ CK_ULONG atlen);
/* PKCS#11 stores strings in a fixed-length buffer padded with spaces. This
* function gets the length of the actual string.
*/
NSS_EXTERN PRUint32
-nssPKCS11String_Length
-(
- CK_CHAR *pkcs11str,
- PRUint32 bufLen
-);
+nssPKCS11String_Length(
+ CK_CHAR *pkcs11str,
+ PRUint32 bufLen);
PR_END_EXTERN_C
diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c
index f49915ee1..5b0bb371a 100644
--- a/lib/dev/devslot.c
+++ b/lib/dev/devslot.c
@@ -20,21 +20,20 @@
/* this should track global and per-transaction login information */
#define NSSSLOT_IS_FRIENDLY(slot) \
- (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
+ (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
/* measured as interval */
static PRIntervalTime s_token_delay_time = 0;
NSS_IMPLEMENT PRStatus
-nssSlot_Destroy (
- NSSSlot *slot
-)
+nssSlot_Destroy(
+ NSSSlot *slot)
{
if (slot) {
- if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) {
- PZ_DestroyLock(slot->base.lock);
- return nssArena_Destroy(slot->base.arena);
- }
+ if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) {
+ PZ_DestroyLock(slot->base.lock);
+ return nssArena_Destroy(slot->base.arena);
+ }
}
return PR_SUCCESS;
}
@@ -43,7 +42,7 @@ void
nssSlot_EnterMonitor(NSSSlot *slot)
{
if (slot->lock) {
- PZ_Lock(slot->lock);
+ PZ_Lock(slot->lock);
}
}
@@ -51,47 +50,42 @@ void
nssSlot_ExitMonitor(NSSSlot *slot)
{
if (slot->lock) {
- PZ_Unlock(slot->lock);
+ PZ_Unlock(slot->lock);
}
}
NSS_IMPLEMENT void
-NSSSlot_Destroy (
- NSSSlot *slot
-)
+NSSSlot_Destroy(
+ NSSSlot *slot)
{
(void)nssSlot_Destroy(slot);
}
NSS_IMPLEMENT NSSSlot *
-nssSlot_AddRef (
- NSSSlot *slot
-)
+nssSlot_AddRef(
+ NSSSlot *slot)
{
PR_ATOMIC_INCREMENT(&slot->base.refCount);
return slot;
}
NSS_IMPLEMENT NSSUTF8 *
-nssSlot_GetName (
- NSSSlot *slot
-)
+nssSlot_GetName(
+ NSSSlot *slot)
{
return slot->base.name;
}
NSS_IMPLEMENT NSSUTF8 *
-nssSlot_GetTokenName (
- NSSSlot *slot
-)
+nssSlot_GetTokenName(
+ NSSSlot *slot)
{
return nssToken_GetName(slot->token);
}
NSS_IMPLEMENT void
-nssSlot_ResetDelay (
- NSSSlot *slot
-)
+nssSlot_ResetDelay(
+ NSSSlot *slot)
{
slot->lastTokenPing = 0;
}
@@ -102,21 +96,20 @@ within_token_delay_period(NSSSlot *slot)
PRIntervalTime time, lastTime;
/* Set the delay time for checking the token presence */
if (s_token_delay_time == 0) {
- s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME);
+ s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME);
}
time = PR_IntervalNow();
lastTime = slot->lastTokenPing;
if ((lastTime) && ((time - lastTime) < s_token_delay_time)) {
- return PR_TRUE;
+ return PR_TRUE;
}
slot->lastTokenPing = time;
return PR_FALSE;
}
NSS_IMPLEMENT PRBool
-nssSlot_IsTokenPresent (
- NSSSlot *slot
-)
+nssSlot_IsTokenPresent(
+ NSSSlot *slot)
{
CK_RV ckrv;
PRStatus nssrv;
@@ -126,75 +119,77 @@ nssSlot_IsTokenPresent (
void *epv;
/* permanent slots are always present unless they're disabled */
if (nssSlot_IsPermanent(slot)) {
- return !PK11_IsDisabled(slot->pk11slot);
+ return !PK11_IsDisabled(slot->pk11slot);
}
/* avoid repeated calls to check token status within set interval */
if (within_token_delay_period(slot)) {
- return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
+ return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
}
/* First obtain the slot info */
epv = slot->epv;
if (!epv) {
- return PR_FALSE;
+ return PR_FALSE;
}
nssSlot_EnterMonitor(slot);
ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
nssSlot_ExitMonitor(slot);
if (ckrv != CKR_OK) {
- slot->token->base.name[0] = 0; /* XXX */
- return PR_FALSE;
+ slot->token->base.name[0] = 0; /* XXX */
+ return PR_FALSE;
}
slot->ckFlags = slotInfo.flags;
/* check for the presence of the token */
if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
- if (!slot->token) {
- /* token was never present */
- return PR_FALSE;
- }
- session = nssToken_GetDefaultSession(slot->token);
- if (session) {
- nssSession_EnterMonitor(session);
- /* token is not present */
- if (session->handle != CK_INVALID_SESSION) {
- /* session is valid, close and invalidate it */
- CKAPI(epv)->C_CloseSession(session->handle);
- session->handle = CK_INVALID_SESSION;
- }
- nssSession_ExitMonitor(session);
- }
- if (slot->token->base.name[0] != 0) {
- /* notify the high-level cache that the token is removed */
- slot->token->base.name[0] = 0; /* XXX */
- nssToken_NotifyCertsNotVisible(slot->token);
- }
- slot->token->base.name[0] = 0; /* XXX */
- /* clear the token cache */
- nssToken_Remove(slot->token);
- return PR_FALSE;
+ if (!slot->token) {
+ /* token was never present */
+ return PR_FALSE;
+ }
+ session = nssToken_GetDefaultSession(slot->token);
+ if (session) {
+ nssSession_EnterMonitor(session);
+ /* token is not present */
+ if (session->handle != CK_INVALID_SESSION) {
+ /* session is valid, close and invalidate it */
+ CKAPI(epv)
+ ->C_CloseSession(session->handle);
+ session->handle = CK_INVALID_SESSION;
+ }
+ nssSession_ExitMonitor(session);
+ }
+ if (slot->token->base.name[0] != 0) {
+ /* notify the high-level cache that the token is removed */
+ slot->token->base.name[0] = 0; /* XXX */
+ nssToken_NotifyCertsNotVisible(slot->token);
+ }
+ slot->token->base.name[0] = 0; /* XXX */
+ /* clear the token cache */
+ nssToken_Remove(slot->token);
+ return PR_FALSE;
}
/* token is present, use the session info to determine if the card
* has been removed and reinserted.
*/
session = nssToken_GetDefaultSession(slot->token);
if (session) {
- PRBool isPresent = PR_FALSE;
- nssSession_EnterMonitor(session);
- if (session->handle != CK_INVALID_SESSION) {
- CK_SESSION_INFO sessionInfo;
- ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
- if (ckrv != CKR_OK) {
- /* session is screwy, close and invalidate it */
- CKAPI(epv)->C_CloseSession(session->handle);
- session->handle = CK_INVALID_SESSION;
- }
- }
- isPresent = session->handle != CK_INVALID_SESSION;
- nssSession_ExitMonitor(session);
- /* token not removed, finished */
- if (isPresent)
- return PR_TRUE;
- }
+ PRBool isPresent = PR_FALSE;
+ nssSession_EnterMonitor(session);
+ if (session->handle != CK_INVALID_SESSION) {
+ CK_SESSION_INFO sessionInfo;
+ ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
+ if (ckrv != CKR_OK) {
+ /* session is screwy, close and invalidate it */
+ CKAPI(epv)
+ ->C_CloseSession(session->handle);
+ session->handle = CK_INVALID_SESSION;
+ }
+ }
+ isPresent = session->handle != CK_INVALID_SESSION;
+ nssSession_ExitMonitor(session);
+ /* token not removed, finished */
+ if (isPresent)
+ return PR_TRUE;
+ }
/* the token has been removed, and reinserted, or the slot contains
* a token it doesn't recognize. invalidate all the old
* information we had on this token, if we can't refresh, clear
@@ -212,46 +207,41 @@ nssSlot_IsTokenPresent (
}
NSS_IMPLEMENT void *
-nssSlot_GetCryptokiEPV (
- NSSSlot *slot
-)
+nssSlot_GetCryptokiEPV(
+ NSSSlot *slot)
{
return slot->epv;
}
NSS_IMPLEMENT NSSToken *
-nssSlot_GetToken (
- NSSSlot *slot
-)
+nssSlot_GetToken(
+ NSSSlot *slot)
{
if (nssSlot_IsTokenPresent(slot)) {
- return nssToken_AddRef(slot->token);
+ return nssToken_AddRef(slot->token);
}
return (NSSToken *)NULL;
}
NSS_IMPLEMENT PRStatus
-nssSession_EnterMonitor (
- nssSession *s
-)
+nssSession_EnterMonitor(
+ nssSession *s)
{
- if (s->lock) PZ_Lock(s->lock);
+ if (s->lock)
+ PZ_Lock(s->lock);
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
-nssSession_ExitMonitor (
- nssSession *s
-)
+nssSession_ExitMonitor(
+ nssSession *s)
{
return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS;
}
NSS_EXTERN PRBool
-nssSession_IsReadWrite (
- nssSession *s
-)
+nssSession_IsReadWrite(
+ nssSession *s)
{
return s->isRW;
}
-
diff --git a/lib/dev/devt.h b/lib/dev/devt.h
index c67811418..db93deb12 100644
--- a/lib/dev/devt.h
+++ b/lib/dev/devt.h
@@ -34,22 +34,20 @@ PR_BEGIN_EXTERN_C
typedef struct nssSessionStr nssSession;
/* XXX until NSSTokenStr is moved */
-struct nssDeviceBaseStr
-{
- NSSArena *arena;
- PZLock *lock;
- PRInt32 refCount;
- NSSUTF8 *name;
- PRUint32 flags;
+struct nssDeviceBaseStr {
+ NSSArena *arena;
+ PZLock *lock;
+ PRInt32 refCount;
+ NSSUTF8 *name;
+ PRUint32 flags;
};
typedef struct nssTokenObjectCacheStr nssTokenObjectCache;
/* XXX until devobject.c goes away */
-struct NSSTokenStr
-{
+struct NSSTokenStr {
struct nssDeviceBaseStr base;
- NSSSlot *slot; /* Parent (or peer, if you will) */
+ NSSSlot *slot; /* Parent (or peer, if you will) */
CK_FLAGS ckFlags; /* from CK_TOKEN_INFO.flags */
PRUint32 flags;
void *epv;
@@ -61,40 +59,36 @@ struct NSSTokenStr
};
typedef enum {
- nssSlotAskPasswordTimes_FirstTime = 0,
- nssSlotAskPasswordTimes_EveryTime = 1,
- nssSlotAskPasswordTimes_Timeout = 2
-}
-nssSlotAskPasswordTimes;
-
-struct nssSlotAuthInfoStr
-{
- PRTime lastLogin;
- nssSlotAskPasswordTimes askTimes;
- PRIntervalTime askPasswordTimeout;
+ nssSlotAskPasswordTimes_FirstTime = 0,
+ nssSlotAskPasswordTimes_EveryTime = 1,
+ nssSlotAskPasswordTimes_Timeout = 2
+} nssSlotAskPasswordTimes;
+
+struct nssSlotAuthInfoStr {
+ PRTime lastLogin;
+ nssSlotAskPasswordTimes askTimes;
+ PRIntervalTime askPasswordTimeout;
};
-struct NSSSlotStr
-{
- struct nssDeviceBaseStr base;
- NSSModule *module; /* Parent */
- NSSToken *token; /* Peer */
- CK_SLOT_ID slotID;
- CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */
- struct nssSlotAuthInfoStr authInfo;
- PRIntervalTime lastTokenPing;
- PZLock *lock;
- void *epv;
- PK11SlotInfo *pk11slot;
+struct NSSSlotStr {
+ struct nssDeviceBaseStr base;
+ NSSModule *module; /* Parent */
+ NSSToken *token; /* Peer */
+ CK_SLOT_ID slotID;
+ CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */
+ struct nssSlotAuthInfoStr authInfo;
+ PRIntervalTime lastTokenPing;
+ PZLock *lock;
+ void *epv;
+ PK11SlotInfo *pk11slot;
};
-struct nssSessionStr
-{
- PZLock *lock;
- CK_SESSION_HANDLE handle;
- NSSSlot *slot;
- PRBool isRW;
- PRBool ownLock;
+struct nssSessionStr {
+ PZLock *lock;
+ CK_SESSION_HANDLE handle;
+ NSSSlot *slot;
+ PRBool isRW;
+ PRBool ownLock;
};
typedef enum {
@@ -113,8 +107,7 @@ typedef enum {
typedef struct nssCryptokiInstanceStr nssCryptokiInstance;
-struct nssCryptokiInstanceStr
-{
+struct nssCryptokiInstanceStr {
CK_OBJECT_HANDLE handle;
NSSToken *token;
PRBool isTokenObject;
@@ -132,22 +125,20 @@ typedef enum {
nssTokenSearchType_TokenForced = 3
} nssTokenSearchType;
-struct nssTokenCertSearchStr
-{
+struct nssTokenCertSearchStr {
nssTokenSearchType searchType;
- PRStatus (* callback)(NSSCertificate *c, void *arg);
+ PRStatus (*callback)(NSSCertificate *c, void *arg);
void *cbarg;
nssList *cached;
- /* TODO: add a cache query callback if the list would be large
- * (traversal)
+ /* TODO: add a cache query callback if the list would be large
+ * (traversal)
*/
};
struct nssSlotListStr;
typedef struct nssSlotListStr nssSlotList;
-struct NSSAlgorithmAndParametersStr
-{
+struct NSSAlgorithmAndParametersStr {
CK_MECHANISM mechanism;
};
diff --git a/lib/dev/devtm.h b/lib/dev/devtm.h
index f55c45b2a..ef3c4c076 100644
--- a/lib/dev/devtm.h
+++ b/lib/dev/devtm.h
@@ -8,7 +8,7 @@
/*
* devtm.h
*
- * This file contains module-private definitions for the low-level
+ * This file contains module-private definitions for the low-level
* cryptoki devices.
*/
diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c
index 7223e489b..ded7b51d6 100644
--- a/lib/dev/devtoken.c
+++ b/lib/dev/devtoken.c
@@ -24,115 +24,103 @@ extern const NSSError NSS_ERROR_PKCS11;
#define OBJECT_STACK_SIZE 16
NSS_IMPLEMENT PRStatus
-nssToken_Destroy (
- NSSToken *tok
-)
+nssToken_Destroy(
+ NSSToken *tok)
{
if (tok) {
- if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) {
- PZ_DestroyLock(tok->base.lock);
- nssTokenObjectCache_Destroy(tok->cache);
- /* The token holds the first/last reference to the slot.
- * When the token is actually destroyed, that ref must go too.
- */
- (void)nssSlot_Destroy(tok->slot);
- return nssArena_Destroy(tok->base.arena);
- }
+ if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) {
+ PZ_DestroyLock(tok->base.lock);
+ nssTokenObjectCache_Destroy(tok->cache);
+ /* The token holds the first/last reference to the slot.
+ * When the token is actually destroyed, that ref must go too.
+ */
+ (void)nssSlot_Destroy(tok->slot);
+ return nssArena_Destroy(tok->base.arena);
+ }
}
return PR_SUCCESS;
}
NSS_IMPLEMENT void
-nssToken_Remove (
- NSSToken *tok
-)
+nssToken_Remove(
+ NSSToken *tok)
{
nssTokenObjectCache_Clear(tok->cache);
}
NSS_IMPLEMENT void
-NSSToken_Destroy (
- NSSToken *tok
-)
+NSSToken_Destroy(
+ NSSToken *tok)
{
(void)nssToken_Destroy(tok);
}
NSS_IMPLEMENT NSSToken *
-nssToken_AddRef (
- NSSToken *tok
-)
+nssToken_AddRef(
+ NSSToken *tok)
{
PR_ATOMIC_INCREMENT(&tok->base.refCount);
return tok;
}
NSS_IMPLEMENT NSSSlot *
-nssToken_GetSlot (
- NSSToken *tok
-)
+nssToken_GetSlot(
+ NSSToken *tok)
{
return nssSlot_AddRef(tok->slot);
}
NSS_IMPLEMENT void *
-nssToken_GetCryptokiEPV (
- NSSToken *token
-)
+nssToken_GetCryptokiEPV(
+ NSSToken *token)
{
return nssSlot_GetCryptokiEPV(token->slot);
}
NSS_IMPLEMENT nssSession *
-nssToken_GetDefaultSession (
- NSSToken *token
-)
+nssToken_GetDefaultSession(
+ NSSToken *token)
{
return token->defaultSession;
}
NSS_IMPLEMENT NSSUTF8 *
-nssToken_GetName (
- NSSToken *tok
-)
+nssToken_GetName(
+ NSSToken *tok)
{
if (tok == NULL) {
- return "";
+ return "";
}
if (tok->base.name[0] == 0) {
- (void) nssSlot_IsTokenPresent(tok->slot);
- }
+ (void)nssSlot_IsTokenPresent(tok->slot);
+ }
return tok->base.name;
}
NSS_IMPLEMENT NSSUTF8 *
-NSSToken_GetName (
- NSSToken *token
-)
+NSSToken_GetName(
+ NSSToken *token)
{
return nssToken_GetName(token);
}
NSS_IMPLEMENT PRBool
-nssToken_IsLoginRequired (
- NSSToken *token
-)
+nssToken_IsLoginRequired(
+ NSSToken *token)
{
return (token->ckFlags & CKF_LOGIN_REQUIRED);
}
NSS_IMPLEMENT PRBool
-nssToken_NeedsPINInitialization (
- NSSToken *token
-)
+nssToken_NeedsPINInitialization(
+ NSSToken *token)
{
return (!(token->ckFlags & CKF_USER_PIN_INITIALIZED));
}
NSS_IMPLEMENT PRStatus
-nssToken_DeleteStoredObject (
- nssCryptokiObject *instance
-)
+nssToken_DeleteStoredObject(
+ nssCryptokiObject *instance)
{
CK_RV ckrv;
PRStatus status;
@@ -141,43 +129,43 @@ nssToken_DeleteStoredObject (
nssSession *session = NULL;
void *epv = nssToken_GetCryptokiEPV(instance->token);
if (token->cache) {
- nssTokenObjectCache_RemoveObject(token->cache, instance);
+ nssTokenObjectCache_RemoveObject(token->cache, instance);
}
if (instance->isTokenObject) {
- if (token->defaultSession &&
- nssSession_IsReadWrite(token->defaultSession)) {
- session = token->defaultSession;
- } else {
- session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
- createdSession = PR_TRUE;
- }
+ if (token->defaultSession &&
+ nssSession_IsReadWrite(token->defaultSession)) {
+ session = token->defaultSession;
+ }
+ else {
+ session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
+ createdSession = PR_TRUE;
+ }
}
if (session == NULL) {
- return PR_FAILURE;
+ return PR_FAILURE;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_DestroyObject(session->handle, instance->handle);
nssSession_ExitMonitor(session);
if (createdSession) {
- nssSession_Destroy(session);
+ nssSession_Destroy(session);
}
status = PR_SUCCESS;
if (ckrv != CKR_OK) {
- status = PR_FAILURE;
- /* use the error stack to pass the PKCS #11 error out */
- nss_SetError(ckrv);
- nss_SetError(NSS_ERROR_PKCS11);
+ status = PR_FAILURE;
+ /* use the error stack to pass the PKCS #11 error out */
+ nss_SetError(ckrv);
+ nss_SetError(NSS_ERROR_PKCS11);
}
return status;
}
static nssCryptokiObject *
-import_object (
- NSSToken *tok,
- nssSession *sessionOpt,
- CK_ATTRIBUTE_PTR objectTemplate,
- CK_ULONG otsize
-)
+import_object(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ CK_ATTRIBUTE_PTR objectTemplate,
+ CK_ULONG otsize)
{
nssSession *session = NULL;
PRBool createdSession = PR_FALSE;
@@ -186,79 +174,81 @@ import_object (
CK_RV ckrv;
void *epv = nssToken_GetCryptokiEPV(tok);
if (nssCKObject_IsTokenObjectTemplate(objectTemplate, otsize)) {
- if (sessionOpt) {
- if (!nssSession_IsReadWrite(sessionOpt)) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return NULL;
- }
- session = sessionOpt;
- } else if (tok->defaultSession &&
- nssSession_IsReadWrite(tok->defaultSession)) {
- session = tok->defaultSession;
- } else {
- session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
- createdSession = PR_TRUE;
- }
- } else {
- session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+ if (sessionOpt) {
+ if (!nssSession_IsReadWrite(sessionOpt)) {
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return NULL;
+ }
+ session = sessionOpt;
+ }
+ else if (tok->defaultSession &&
+ nssSession_IsReadWrite(tok->defaultSession)) {
+ session = tok->defaultSession;
+ }
+ else {
+ session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
+ createdSession = PR_TRUE;
+ }
+ }
+ else {
+ session = (sessionOpt) ? sessionOpt : tok->defaultSession;
}
if (session == NULL) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return NULL;
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return NULL;
}
nssSession_EnterMonitor(session);
- ckrv = CKAPI(epv)->C_CreateObject(session->handle,
+ ckrv = CKAPI(epv)->C_CreateObject(session->handle,
objectTemplate, otsize,
&handle);
nssSession_ExitMonitor(session);
if (ckrv == CKR_OK) {
- object = nssCryptokiObject_Create(tok, session, handle);
- } else {
- nss_SetError(ckrv);
- nss_SetError(NSS_ERROR_PKCS11);
+ object = nssCryptokiObject_Create(tok, session, handle);
+ }
+ else {
+ nss_SetError(ckrv);
+ nss_SetError(NSS_ERROR_PKCS11);
}
if (createdSession) {
- nssSession_Destroy(session);
+ nssSession_Destroy(session);
}
return object;
}
static nssCryptokiObject **
-create_objects_from_handles (
- NSSToken *tok,
- nssSession *session,
- CK_OBJECT_HANDLE *handles,
- PRUint32 numH
-)
+create_objects_from_handles(
+ NSSToken *tok,
+ nssSession *session,
+ CK_OBJECT_HANDLE *handles,
+ PRUint32 numH)
{
nssCryptokiObject **objects;
objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numH + 1);
if (objects) {
- PRInt32 i;
- for (i=0; i<(PRInt32)numH; i++) {
- objects[i] = nssCryptokiObject_Create(tok, session, handles[i]);
- if (!objects[i]) {
- for (--i; i>0; --i) {
- nssCryptokiObject_Destroy(objects[i]);
- }
- nss_ZFreeIf(objects);
- objects = NULL;
- break;
- }
- }
+ PRInt32 i;
+ for (i = 0; i < (PRInt32)numH; i++) {
+ objects[i] = nssCryptokiObject_Create(tok, session, handles[i]);
+ if (!objects[i]) {
+ for (--i; i > 0; --i) {
+ nssCryptokiObject_Destroy(objects[i]);
+ }
+ nss_ZFreeIf(objects);
+ objects = NULL;
+ break;
+ }
+ }
}
return objects;
}
static nssCryptokiObject **
-find_objects (
- NSSToken *tok,
- nssSession *sessionOpt,
- CK_ATTRIBUTE_PTR obj_template,
- CK_ULONG otsize,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+find_objects(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ CK_ATTRIBUTE_PTR obj_template,
+ CK_ULONG otsize,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_RV ckrv = CKR_OK;
CK_ULONG count;
@@ -271,166 +261,174 @@ find_objects (
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
- ckrv = CKR_SESSION_HANDLE_INVALID;
- goto loser;
+ ckrv = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
}
/* the arena is only for the array of object handles */
if (maximumOpt > 0) {
- arraySize = maximumOpt;
- } else {
- arraySize = OBJECT_STACK_SIZE;
+ arraySize = maximumOpt;
+ }
+ else {
+ arraySize = OBJECT_STACK_SIZE;
}
numHandles = 0;
if (arraySize <= OBJECT_STACK_SIZE) {
- objectHandles = staticObjects;
- } else {
- objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
+ objectHandles = staticObjects;
+ }
+ else {
+ objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
}
if (!objectHandles) {
- ckrv = CKR_HOST_MEMORY;
- goto loser;
+ ckrv = CKR_HOST_MEMORY;
+ goto loser;
}
nssSession_EnterMonitor(session); /* ==== session lock === */
/* Initialize the find with the template */
- ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle,
+ ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle,
obj_template, otsize);
if (ckrv != CKR_OK) {
- nssSession_ExitMonitor(session);
- goto loser;
+ nssSession_ExitMonitor(session);
+ goto loser;
}
while (PR_TRUE) {
- /* Issue the find for up to arraySize - numHandles objects */
- ckrv = CKAPI(epv)->C_FindObjects(session->handle,
- objectHandles + numHandles,
- arraySize - numHandles,
- &count);
- if (ckrv != CKR_OK) {
- nssSession_ExitMonitor(session);
- goto loser;
- }
- /* bump the number of found objects */
- numHandles += count;
- if (maximumOpt > 0 || numHandles < arraySize) {
- /* When a maximum is provided, the search is done all at once,
- * so the search is finished. If the number returned was less
- * than the number sought, the search is finished.
- */
- break;
- }
- /* the array is filled, double it and continue */
- arraySize *= 2;
- if (objectHandles == staticObjects) {
- objectHandles = nss_ZNEWARRAY(NULL,CK_OBJECT_HANDLE, arraySize);
- if (objectHandles) {
- PORT_Memcpy(objectHandles, staticObjects,
- OBJECT_STACK_SIZE * sizeof(objectHandles[1]));
- }
- } else {
- objectHandles = nss_ZREALLOCARRAY(objectHandles,
- CK_OBJECT_HANDLE,
- arraySize);
- }
- if (!objectHandles) {
- nssSession_ExitMonitor(session);
- ckrv = CKR_HOST_MEMORY;
- goto loser;
- }
+ /* Issue the find for up to arraySize - numHandles objects */
+ ckrv = CKAPI(epv)->C_FindObjects(session->handle,
+ objectHandles + numHandles,
+ arraySize - numHandles,
+ &count);
+ if (ckrv != CKR_OK) {
+ nssSession_ExitMonitor(session);
+ goto loser;
+ }
+ /* bump the number of found objects */
+ numHandles += count;
+ if (maximumOpt > 0 || numHandles < arraySize) {
+ /* When a maximum is provided, the search is done all at once,
+ * so the search is finished. If the number returned was less
+ * than the number sought, the search is finished.
+ */
+ break;
+ }
+ /* the array is filled, double it and continue */
+ arraySize *= 2;
+ if (objectHandles == staticObjects) {
+ objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
+ if (objectHandles) {
+ PORT_Memcpy(objectHandles, staticObjects,
+ OBJECT_STACK_SIZE * sizeof(objectHandles[1]));
+ }
+ }
+ else {
+ objectHandles = nss_ZREALLOCARRAY(objectHandles,
+ CK_OBJECT_HANDLE,
+ arraySize);
+ }
+ if (!objectHandles) {
+ nssSession_ExitMonitor(session);
+ ckrv = CKR_HOST_MEMORY;
+ goto loser;
+ }
}
ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle);
nssSession_ExitMonitor(session); /* ==== end session lock === */
if (ckrv != CKR_OK) {
- goto loser;
+ goto loser;
}
if (numHandles > 0) {
- objects = create_objects_from_handles(tok, session,
- objectHandles, numHandles);
- } else {
- nss_SetError(NSS_ERROR_NOT_FOUND);
- objects = NULL;
+ objects = create_objects_from_handles(tok, session,
+ objectHandles, numHandles);
+ }
+ else {
+ nss_SetError(NSS_ERROR_NOT_FOUND);
+ objects = NULL;
}
if (objectHandles && objectHandles != staticObjects) {
- nss_ZFreeIf(objectHandles);
+ nss_ZFreeIf(objectHandles);
}
- if (statusOpt) *statusOpt = PR_SUCCESS;
+ if (statusOpt)
+ *statusOpt = PR_SUCCESS;
return objects;
loser:
if (objectHandles && objectHandles != staticObjects) {
- nss_ZFreeIf(objectHandles);
+ nss_ZFreeIf(objectHandles);
}
/*
* These errors should be treated the same as if the objects just weren't
* found..
*/
if ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
- (ckrv == CKR_ATTRIBUTE_VALUE_INVALID) ||
- (ckrv == CKR_DATA_INVALID) ||
- (ckrv == CKR_DATA_LEN_RANGE) ||
- (ckrv == CKR_FUNCTION_NOT_SUPPORTED) ||
- (ckrv == CKR_TEMPLATE_INCOMPLETE) ||
- (ckrv == CKR_TEMPLATE_INCONSISTENT)) {
-
- nss_SetError(NSS_ERROR_NOT_FOUND);
- if (statusOpt) *statusOpt = PR_SUCCESS;
- } else {
- nss_SetError(ckrv);
- nss_SetError(NSS_ERROR_PKCS11);
- if (statusOpt) *statusOpt = PR_FAILURE;
+ (ckrv == CKR_ATTRIBUTE_VALUE_INVALID) ||
+ (ckrv == CKR_DATA_INVALID) ||
+ (ckrv == CKR_DATA_LEN_RANGE) ||
+ (ckrv == CKR_FUNCTION_NOT_SUPPORTED) ||
+ (ckrv == CKR_TEMPLATE_INCOMPLETE) ||
+ (ckrv == CKR_TEMPLATE_INCONSISTENT)) {
+
+ nss_SetError(NSS_ERROR_NOT_FOUND);
+ if (statusOpt)
+ *statusOpt = PR_SUCCESS;
+ }
+ else {
+ nss_SetError(ckrv);
+ nss_SetError(NSS_ERROR_PKCS11);
+ if (statusOpt)
+ *statusOpt = PR_FAILURE;
}
return (nssCryptokiObject **)NULL;
}
static nssCryptokiObject **
-find_objects_by_template (
- NSSToken *token,
- nssSession *sessionOpt,
- CK_ATTRIBUTE_PTR obj_template,
- CK_ULONG otsize,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+find_objects_by_template(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ CK_ATTRIBUTE_PTR obj_template,
+ CK_ULONG otsize,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_OBJECT_CLASS objclass = (CK_OBJECT_CLASS)-1;
nssCryptokiObject **objects = NULL;
PRUint32 i;
if (!token) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- if (statusOpt)
- *statusOpt = PR_FAILURE;
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ if (statusOpt)
+ *statusOpt = PR_FAILURE;
+ return NULL;
}
- for (i=0; i<otsize; i++) {
- if (obj_template[i].type == CKA_CLASS) {
- objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue;
- break;
- }
+ for (i = 0; i < otsize; i++) {
+ if (obj_template[i].type == CKA_CLASS) {
+ objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue;
+ break;
+ }
}
PR_ASSERT(i < otsize);
if (i == otsize) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- if (statusOpt) *statusOpt = PR_FAILURE;
- return NULL;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ if (statusOpt)
+ *statusOpt = PR_FAILURE;
+ return NULL;
}
/* If these objects are being cached, try looking there first */
- if (token->cache &&
- nssTokenObjectCache_HaveObjectClass(token->cache, objclass))
- {
- PRStatus status;
- objects = nssTokenObjectCache_FindObjectsByTemplate(token->cache,
- objclass,
- obj_template,
- otsize,
- maximumOpt,
- &status);
- if (status == PR_SUCCESS) {
- if (statusOpt) *statusOpt = status;
- return objects;
- }
+ if (token->cache &&
+ nssTokenObjectCache_HaveObjectClass(token->cache, objclass)) {
+ PRStatus status;
+ objects = nssTokenObjectCache_FindObjectsByTemplate(token->cache,
+ objclass,
+ obj_template,
+ otsize,
+ maximumOpt,
+ &status);
+ if (status == PR_SUCCESS) {
+ if (statusOpt)
+ *statusOpt = status;
+ return objects;
+ }
}
/* Either they are not cached, or cache failed; look on token. */
- objects = find_objects(token, sessionOpt,
- obj_template, otsize,
+ objects = find_objects(token, sessionOpt,
+ obj_template, otsize,
maximumOpt, statusOpt);
return objects;
}
@@ -438,19 +436,18 @@ find_objects_by_template (
extern const NSSError NSS_ERROR_INVALID_CERTIFICATE;
NSS_IMPLEMENT nssCryptokiObject *
-nssToken_ImportCertificate (
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSCertificateType certType,
- NSSItem *id,
- const NSSUTF8 *nickname,
- NSSDER *encoding,
- NSSDER *issuer,
- NSSDER *subject,
- NSSDER *serial,
- NSSASCII7 *email,
- PRBool asTokenObject
-)
+nssToken_ImportCertificate(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSCertificateType certType,
+ NSSItem *id,
+ const NSSUTF8 *nickname,
+ NSSDER *encoding,
+ NSSDER *issuer,
+ NSSDER *subject,
+ NSSDER *serial,
+ NSSASCII7 *email,
+ PRBool asTokenObject)
{
PRStatus status;
CK_CERTIFICATE_TYPE cert_type;
@@ -461,32 +458,34 @@ nssToken_ImportCertificate (
nssCryptokiObject *rvObject = NULL;
if (!tok) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ return NULL;
}
if (certType == NSSCertificateType_PKIX) {
- cert_type = CKC_X_509;
- } else {
- return (nssCryptokiObject *)NULL;
+ cert_type = CKC_X_509;
+ }
+ else {
+ return (nssCryptokiObject *)NULL;
}
NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
if (asTokenObject) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
- searchType = nssTokenSearchType_TokenOnly;
- } else {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- searchType = nssTokenSearchType_SessionOnly;
- }
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
- NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CERTIFICATE_TYPE, cert_type);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
- NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ searchType = nssTokenSearchType_TokenOnly;
+ }
+ else {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ searchType = nssTokenSearchType_SessionOnly;
+ }
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CERTIFICATE_TYPE, cert_type);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+ NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
if (email) {
- NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email);
+ NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email);
}
NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
/* see if the cert is already there */
@@ -497,67 +496,68 @@ nssToken_ImportCertificate (
searchType,
NULL);
if (rvObject) {
- NSSItem existingDER;
- NSSSlot *slot = nssToken_GetSlot(tok);
- nssSession *session = nssSlot_CreateSession(slot, NULL, PR_TRUE);
- if (!session) {
- nssCryptokiObject_Destroy(rvObject);
- nssSlot_Destroy(slot);
- return (nssCryptokiObject *)NULL;
- }
- /* Reject any attempt to import a new cert that has the same
- * issuer/serial as an existing cert, but does not have the
- * same encoding
- */
- NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
- NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
- NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
- status = nssCKObject_GetAttributes(rvObject->handle,
- cert_tmpl, ctsize, NULL,
- session, slot);
- NSS_CK_ATTRIBUTE_TO_ITEM(cert_tmpl, &existingDER);
- if (status == PR_SUCCESS) {
- if (!nssItem_Equal(encoding, &existingDER, NULL)) {
- nss_SetError(NSS_ERROR_INVALID_CERTIFICATE);
- status = PR_FAILURE;
- }
- nss_ZFreeIf(existingDER.data);
- }
- if (status == PR_FAILURE) {
- nssCryptokiObject_Destroy(rvObject);
- nssSession_Destroy(session);
- nssSlot_Destroy(slot);
- return (nssCryptokiObject *)NULL;
- }
- /* according to PKCS#11, label, ID, issuer, and serial number
- * may change after the object has been created. For PKIX, the
- * last two attributes can't change, so for now we'll only worry
- * about the first two.
- */
- NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
- NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
- NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
- /* reset the mutable attributes on the token */
- nssCKObject_SetAttributes(rvObject->handle,
- cert_tmpl, ctsize,
- session, slot);
- if (!rvObject->label && nickname) {
- rvObject->label = nssUTF8_Duplicate(nickname, NULL);
- }
- nssSession_Destroy(session);
- nssSlot_Destroy(slot);
- } else {
- /* Import the certificate onto the token */
- rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize);
+ NSSItem existingDER;
+ NSSSlot *slot = nssToken_GetSlot(tok);
+ nssSession *session = nssSlot_CreateSession(slot, NULL, PR_TRUE);
+ if (!session) {
+ nssCryptokiObject_Destroy(rvObject);
+ nssSlot_Destroy(slot);
+ return (nssCryptokiObject *)NULL;
+ }
+ /* Reject any attempt to import a new cert that has the same
+ * issuer/serial as an existing cert, but does not have the
+ * same encoding
+ */
+ NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
+ NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+ NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
+ status = nssCKObject_GetAttributes(rvObject->handle,
+ cert_tmpl, ctsize, NULL,
+ session, slot);
+ NSS_CK_ATTRIBUTE_TO_ITEM(cert_tmpl, &existingDER);
+ if (status == PR_SUCCESS) {
+ if (!nssItem_Equal(encoding, &existingDER, NULL)) {
+ nss_SetError(NSS_ERROR_INVALID_CERTIFICATE);
+ status = PR_FAILURE;
+ }
+ nss_ZFreeIf(existingDER.data);
+ }
+ if (status == PR_FAILURE) {
+ nssCryptokiObject_Destroy(rvObject);
+ nssSession_Destroy(session);
+ nssSlot_Destroy(slot);
+ return (nssCryptokiObject *)NULL;
+ }
+ /* according to PKCS#11, label, ID, issuer, and serial number
+ * may change after the object has been created. For PKIX, the
+ * last two attributes can't change, so for now we'll only worry
+ * about the first two.
+ */
+ NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+ NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+ NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
+ /* reset the mutable attributes on the token */
+ nssCKObject_SetAttributes(rvObject->handle,
+ cert_tmpl, ctsize,
+ session, slot);
+ if (!rvObject->label && nickname) {
+ rvObject->label = nssUTF8_Duplicate(nickname, NULL);
+ }
+ nssSession_Destroy(session);
+ nssSlot_Destroy(slot);
+ }
+ else {
+ /* Import the certificate onto the token */
+ rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize);
}
if (rvObject && tok->cache) {
- /* The cache will overwrite the attributes if the object already
- * exists.
- */
- nssTokenObjectCache_ImportObject(tok->cache, rvObject,
- CKO_CERTIFICATE,
- cert_tmpl, ctsize);
+ /* The cache will overwrite the attributes if the object already
+ * exists.
+ */
+ nssTokenObjectCache_ImportObject(tok->cache, rvObject,
+ CKO_CERTIFICATE,
+ cert_tmpl, ctsize);
}
return rvObject;
}
@@ -566,14 +566,13 @@ nssToken_ImportCertificate (
* if the token has been marked as "traversable"
*/
NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindObjects (
- NSSToken *token,
- nssSession *sessionOpt,
- CK_OBJECT_CLASS objclass,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+nssToken_FindObjects(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ CK_OBJECT_CLASS objclass,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE obj_template[2];
@@ -582,35 +581,36 @@ nssToken_FindObjects (
NSS_CK_TEMPLATE_START(obj_template, attr, obj_size);
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly ||
- searchType == nssTokenSearchType_TokenForced) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly ||
+ searchType == nssTokenSearchType_TokenForced) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
- NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, objclass);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, objclass);
NSS_CK_TEMPLATE_FINISH(obj_template, attr, obj_size);
if (searchType == nssTokenSearchType_TokenForced) {
- objects = find_objects(token, sessionOpt,
- obj_template, obj_size,
- maximumOpt, statusOpt);
- } else {
- objects = find_objects_by_template(token, sessionOpt,
- obj_template, obj_size,
- maximumOpt, statusOpt);
+ objects = find_objects(token, sessionOpt,
+ obj_template, obj_size,
+ maximumOpt, statusOpt);
+ }
+ else {
+ objects = find_objects_by_template(token, sessionOpt,
+ obj_template, obj_size,
+ maximumOpt, statusOpt);
}
return objects;
}
NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCertificatesBySubject (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *subject,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+nssToken_FindCertificatesBySubject(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *subject,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE subj_template[3];
@@ -619,9 +619,10 @@ nssToken_FindCertificatesBySubject (
NSS_CK_TEMPLATE_START(subj_template, attr, stsize);
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
@@ -634,14 +635,13 @@ nssToken_FindCertificatesBySubject (
}
NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCertificatesByNickname (
- NSSToken *token,
- nssSession *sessionOpt,
- const NSSUTF8 *name,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+nssToken_FindCertificatesByNickname(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ const NSSUTF8 *name,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE nick_template[3];
@@ -651,27 +651,28 @@ nssToken_FindCertificatesByNickname (
NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, name);
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize);
/* now locate the token certs matching this template */
objects = find_objects_by_template(token, sessionOpt,
- nick_template, ntsize,
+ nick_template, ntsize,
maximumOpt, statusOpt);
if (!objects) {
- /* This is to workaround the fact that PKCS#11 doesn't specify
- * whether the '\0' should be included. XXX Is that still true?
- * im - this is not needed by the current softoken. However, I'm
- * leaving it in until I have surveyed more tokens to see if it needed.
- * well, its needed by the builtin token...
- */
- nick_template[0].ulValueLen++;
- objects = find_objects_by_template(token, sessionOpt,
- nick_template, ntsize,
- maximumOpt, statusOpt);
+ /* This is to workaround the fact that PKCS#11 doesn't specify
+ * whether the '\0' should be included. XXX Is that still true?
+ * im - this is not needed by the current softoken. However, I'm
+ * leaving it in until I have surveyed more tokens to see if it needed.
+ * well, its needed by the builtin token...
+ */
+ nick_template[0].ulValueLen++;
+ objects = find_objects_by_template(token, sessionOpt,
+ nick_template, ntsize,
+ maximumOpt, statusOpt);
}
return objects;
}
@@ -683,14 +684,13 @@ nssToken_FindCertificatesByNickname (
* it just won't return a value for it.
*/
NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCertificatesByEmail (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSASCII7 *email,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+nssToken_FindCertificatesByEmail(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSASCII7 *email,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE email_template[3];
@@ -700,9 +700,10 @@ nssToken_FindCertificatesByEmail (
NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email);
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize);
@@ -711,29 +712,28 @@ nssToken_FindCertificatesByEmail (
email_template, etsize,
maximumOpt, statusOpt);
if (!objects) {
- /* This is to workaround the fact that PKCS#11 doesn't specify
- * whether the '\0' should be included. XXX Is that still true?
- * im - this is not needed by the current softoken. However, I'm
- * leaving it in until I have surveyed more tokens to see if it needed.
- * well, its needed by the builtin token...
- */
- email_template[0].ulValueLen++;
- objects = find_objects(token, sessionOpt,
- email_template, etsize,
- maximumOpt, statusOpt);
+ /* This is to workaround the fact that PKCS#11 doesn't specify
+ * whether the '\0' should be included. XXX Is that still true?
+ * im - this is not needed by the current softoken. However, I'm
+ * leaving it in until I have surveyed more tokens to see if it needed.
+ * well, its needed by the builtin token...
+ */
+ email_template[0].ulValueLen++;
+ objects = find_objects(token, sessionOpt,
+ email_template, etsize,
+ maximumOpt, statusOpt);
}
return objects;
}
NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCertificatesByID (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSItem *id,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+nssToken_FindCertificatesByID(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSItem *id,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE id_template[3];
@@ -743,9 +743,10 @@ nssToken_FindCertificatesByID (
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_TEMPLATE_FINISH(id_template, attr, idtsize);
@@ -767,46 +768,45 @@ nssToken_decodeSerialItem(NSSItem *serial, NSSItem *serialDecode)
int data_left, data_len, index;
if ((serial->size >= 3) && (data[0] == 0x2)) {
- /* remove the der encoding of the serial number before generating the
- * key.. */
- data_left = serial->size-2;
- data_len = data[1];
- index = 2;
-
- /* extended length ? (not very likely for a serial number) */
- if (data_len & 0x80) {
- int len_count = data_len & 0x7f;
-
- data_len = 0;
- data_left -= len_count;
- if (data_left > 0) {
- while (len_count --) {
- data_len = (data_len << 8) | data[index++];
- }
- }
- }
- /* XXX leaving any leading zeros on the serial number for backwards
- * compatibility
- */
- /* not a valid der, must be just an unlucky serial number value */
- if (data_len == data_left) {
- serialDecode->size = data_len;
- serialDecode->data = &data[index];
- return PR_SUCCESS;
- }
+ /* remove the der encoding of the serial number before generating the
+ * key.. */
+ data_left = serial->size - 2;
+ data_len = data[1];
+ index = 2;
+
+ /* extended length ? (not very likely for a serial number) */
+ if (data_len & 0x80) {
+ int len_count = data_len & 0x7f;
+
+ data_len = 0;
+ data_left -= len_count;
+ if (data_left > 0) {
+ while (len_count--) {
+ data_len = (data_len << 8) | data[index++];
+ }
+ }
+ }
+ /* XXX leaving any leading zeros on the serial number for backwards
+ * compatibility
+ */
+ /* not a valid der, must be just an unlucky serial number value */
+ if (data_len == data_left) {
+ serialDecode->size = data_len;
+ serialDecode->data = &data[index];
+ return PR_SUCCESS;
+ }
}
return PR_FAILURE;
}
NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindCertificateByIssuerAndSerialNumber (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *issuer,
- NSSDER *serial,
- nssTokenSearchType searchType,
- PRStatus *statusOpt
-)
+nssToken_FindCertificateByIssuerAndSerialNumber(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *issuer,
+ NSSDER *serial,
+ nssTokenSearchType searchType,
+ PRStatus *statusOpt)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE_PTR serialAttr;
@@ -817,37 +817,39 @@ nssToken_FindCertificateByIssuerAndSerialNumber (
NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
if (!token) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- if (statusOpt)
- *statusOpt = PR_FAILURE;
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ if (statusOpt)
+ *statusOpt = PR_FAILURE;
+ return NULL;
}
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if ((searchType == nssTokenSearchType_TokenOnly) ||
- (searchType == nssTokenSearchType_TokenForced)) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if ((searchType == nssTokenSearchType_TokenOnly) ||
+ (searchType == nssTokenSearchType_TokenForced)) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
/* Set the unique id */
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
serialAttr = attr;
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
/* get the object handle */
if (searchType == nssTokenSearchType_TokenForced) {
- objects = find_objects(token, sessionOpt,
- cert_template, ctsize,
- 1, statusOpt);
- } else {
- objects = find_objects_by_template(token, sessionOpt,
- cert_template, ctsize,
- 1, statusOpt);
+ objects = find_objects(token, sessionOpt,
+ cert_template, ctsize,
+ 1, statusOpt);
+ }
+ else {
+ objects = find_objects_by_template(token, sessionOpt,
+ cert_template, ctsize,
+ 1, statusOpt);
}
if (objects) {
- rvObject = objects[0];
- nss_ZFreeIf(objects);
+ rvObject = objects[0];
+ nss_ZFreeIf(objects);
}
/*
@@ -855,39 +857,39 @@ nssToken_FindCertificateByIssuerAndSerialNumber (
* because of this old tokens have decoded serial numbers.
*/
if (!objects) {
- NSSItem serialDecode;
- PRStatus status;
-
- status = nssToken_decodeSerialItem(serial, &serialDecode);
- if (status != PR_SUCCESS) {
- return NULL;
- }
- NSS_CK_SET_ATTRIBUTE_ITEM(serialAttr,CKA_SERIAL_NUMBER,&serialDecode);
- if (searchType == nssTokenSearchType_TokenForced) {
- objects = find_objects(token, sessionOpt,
- cert_template, ctsize,
- 1, statusOpt);
- } else {
- objects = find_objects_by_template(token, sessionOpt,
- cert_template, ctsize,
- 1, statusOpt);
- }
- if (objects) {
- rvObject = objects[0];
- nss_ZFreeIf(objects);
- }
+ NSSItem serialDecode;
+ PRStatus status;
+
+ status = nssToken_decodeSerialItem(serial, &serialDecode);
+ if (status != PR_SUCCESS) {
+ return NULL;
+ }
+ NSS_CK_SET_ATTRIBUTE_ITEM(serialAttr, CKA_SERIAL_NUMBER, &serialDecode);
+ if (searchType == nssTokenSearchType_TokenForced) {
+ objects = find_objects(token, sessionOpt,
+ cert_template, ctsize,
+ 1, statusOpt);
+ }
+ else {
+ objects = find_objects_by_template(token, sessionOpt,
+ cert_template, ctsize,
+ 1, statusOpt);
+ }
+ if (objects) {
+ rvObject = objects[0];
+ nss_ZFreeIf(objects);
+ }
}
return rvObject;
}
NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindCertificateByEncodedCertificate (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSBER *encodedCertificate,
- nssTokenSearchType searchType,
- PRStatus *statusOpt
-)
+nssToken_FindCertificateByEncodedCertificate(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSBER *encodedCertificate,
+ nssTokenSearchType searchType,
+ PRStatus *statusOpt)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE cert_template[3];
@@ -897,9 +899,10 @@ nssToken_FindCertificateByEncodedCertificate (
NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate);
@@ -909,20 +912,19 @@ nssToken_FindCertificateByEncodedCertificate (
cert_template, ctsize,
1, statusOpt);
if (objects) {
- rvObject = objects[0];
- nss_ZFreeIf(objects);
+ rvObject = objects[0];
+ nss_ZFreeIf(objects);
}
return rvObject;
}
NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindPrivateKeys (
- NSSToken *token,
- nssSession *sessionOpt,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+nssToken_FindPrivateKeys(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE key_template[2];
@@ -932,25 +934,25 @@ nssToken_FindPrivateKeys (
NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
objects = find_objects_by_template(token, sessionOpt,
- key_template, ktsize,
+ key_template, ktsize,
maximumOpt, statusOpt);
return objects;
}
/* XXX ?there are no session cert objects, so only search token objects */
NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindPrivateKeyByID (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSItem *keyID
-)
+nssToken_FindPrivateKeyByID(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSItem *keyID)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE key_template[3];
@@ -965,22 +967,21 @@ nssToken_FindPrivateKeyByID (
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
objects = find_objects_by_template(token, sessionOpt,
- key_template, ktsize,
+ key_template, ktsize,
1, NULL);
if (objects) {
- rvKey = objects[0];
- nss_ZFreeIf(objects);
+ rvKey = objects[0];
+ nss_ZFreeIf(objects);
}
return rvKey;
}
/* XXX ?there are no session cert objects, so only search token objects */
NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindPublicKeyByID (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSItem *keyID
-)
+nssToken_FindPublicKeyByID(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSItem *keyID)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE key_template[3];
@@ -995,11 +996,11 @@ nssToken_FindPublicKeyByID (
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
objects = find_objects_by_template(token, sessionOpt,
- key_template, ktsize,
+ key_template, ktsize,
1, NULL);
if (objects) {
- rvKey = objects[0];
- nss_ZFreeIf(objects);
+ rvKey = objects[0];
+ nss_ZFreeIf(objects);
}
return rvKey;
}
@@ -1029,38 +1030,47 @@ md5_hash(NSSItem *input, NSSItem *output)
}
static CK_TRUST
-get_ck_trust (
- nssTrustLevel nssTrust
-)
+get_ck_trust(
+ nssTrustLevel nssTrust)
{
CK_TRUST t;
switch (nssTrust) {
- case nssTrustLevel_NotTrusted: t = CKT_NSS_NOT_TRUSTED; break;
- case nssTrustLevel_TrustedDelegator: t = CKT_NSS_TRUSTED_DELEGATOR;
- break;
- case nssTrustLevel_ValidDelegator: t = CKT_NSS_VALID_DELEGATOR; break;
- case nssTrustLevel_Trusted: t = CKT_NSS_TRUSTED; break;
- case nssTrustLevel_MustVerify: t = CKT_NSS_MUST_VERIFY_TRUST; break;
- case nssTrustLevel_Unknown:
- default: t = CKT_NSS_TRUST_UNKNOWN; break;
+ case nssTrustLevel_NotTrusted:
+ t = CKT_NSS_NOT_TRUSTED;
+ break;
+ case nssTrustLevel_TrustedDelegator:
+ t = CKT_NSS_TRUSTED_DELEGATOR;
+ break;
+ case nssTrustLevel_ValidDelegator:
+ t = CKT_NSS_VALID_DELEGATOR;
+ break;
+ case nssTrustLevel_Trusted:
+ t = CKT_NSS_TRUSTED;
+ break;
+ case nssTrustLevel_MustVerify:
+ t = CKT_NSS_MUST_VERIFY_TRUST;
+ break;
+ case nssTrustLevel_Unknown:
+ default:
+ t = CKT_NSS_TRUST_UNKNOWN;
+ break;
}
return t;
}
-
+
NSS_IMPLEMENT nssCryptokiObject *
-nssToken_ImportTrust (
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSDER *certEncoding,
- NSSDER *certIssuer,
- NSSDER *certSerial,
- nssTrustLevel serverAuth,
- nssTrustLevel clientAuth,
- nssTrustLevel codeSigning,
- nssTrustLevel emailProtection,
- PRBool stepUpApproved,
- PRBool asTokenObject
-)
+nssToken_ImportTrust(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSDER *certEncoding,
+ NSSDER *certIssuer,
+ NSSDER *certSerial,
+ nssTrustLevel serverAuth,
+ nssTrustLevel clientAuth,
+ nssTrustLevel codeSigning,
+ nssTrustLevel emailProtection,
+ PRBool stepUpApproved,
+ PRBool asTokenObject)
{
nssCryptokiObject *object;
CK_OBJECT_CLASS tobjc = CKO_NSS_TRUST;
@@ -1071,8 +1081,10 @@ nssToken_ImportTrust (
PRUint8 sha1[20]; /* this is cheating... */
PRUint8 md5[16];
NSSItem sha1_result, md5_result;
- sha1_result.data = sha1; sha1_result.size = sizeof sha1;
- md5_result.data = md5; md5_result.size = sizeof md5;
+ sha1_result.data = sha1;
+ sha1_result.size = sizeof sha1;
+ md5_result.data = md5;
+ md5_result.size = sizeof md5;
sha1_hash(certEncoding, &sha1_result);
md5_hash(certEncoding, &md5_result);
ckSA = get_ck_trust(serverAuth);
@@ -1081,46 +1093,47 @@ nssToken_ImportTrust (
ckEP = get_ck_trust(emailProtection);
NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize);
if (asTokenObject) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
- } else {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ }
+ else {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
- NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result);
/* now set the trust values */
- NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, ckSA);
- NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, ckCA);
- NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, ckCS);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, ckSA);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, ckCA);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, ckCS);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, ckEP);
if (stepUpApproved) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
- &g_ck_true);
- } else {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
- &g_ck_false);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
+ &g_ck_true);
+ }
+ else {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
+ &g_ck_false);
}
NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize);
/* import the trust object onto the token */
object = import_object(tok, sessionOpt, trust_tmpl, tsize);
if (object && tok->cache) {
- nssTokenObjectCache_ImportObject(tok->cache, object, tobjc,
- trust_tmpl, tsize);
+ nssTokenObjectCache_ImportObject(tok->cache, object, tobjc,
+ trust_tmpl, tsize);
}
return object;
}
NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindTrustForCertificate (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *certEncoding,
- NSSDER *certIssuer,
- NSSDER *certSerial,
- nssTokenSearchType searchType
-)
+nssToken_FindTrustForCertificate(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *certEncoding,
+ NSSDER *certIssuer,
+ NSSDER *certSerial,
+ nssTokenSearchType searchType)
{
CK_OBJECT_CLASS tobjc = CKO_NSS_TRUST;
CK_ATTRIBUTE_PTR attr;
@@ -1131,38 +1144,37 @@ nssToken_FindTrustForCertificate (
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return object;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ return object;
}
NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
if (searchType == nssTokenSearchType_TokenOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
- NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , certSerial);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial);
NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
objects = find_objects_by_template(token, session,
tobj_template, tobj_size,
1, NULL);
if (objects) {
- object = objects[0];
- nss_ZFreeIf(objects);
+ object = objects[0];
+ nss_ZFreeIf(objects);
}
return object;
}
-
+
NSS_IMPLEMENT nssCryptokiObject *
-nssToken_ImportCRL (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *subject,
- NSSDER *encoding,
- PRBool isKRL,
- NSSUTF8 *url,
- PRBool asTokenObject
-)
+nssToken_ImportCRL(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *subject,
+ NSSDER *encoding,
+ PRBool isKRL,
+ NSSUTF8 *url,
+ PRBool asTokenObject)
{
nssCryptokiObject *object;
CK_OBJECT_CLASS crlobjc = CKO_NSS_CRL;
@@ -1172,39 +1184,40 @@ nssToken_ImportCRL (
NSS_CK_TEMPLATE_START(crl_tmpl, attr, crlsize);
if (asTokenObject) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
- } else {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ }
+ else {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
}
- NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, crlobjc);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding);
NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_URL, url);
if (isKRL) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true);
- } else {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true);
+ }
+ else {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false);
}
NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize);
/* import the crl object onto the token */
object = import_object(token, sessionOpt, crl_tmpl, crlsize);
if (object && token->cache) {
- nssTokenObjectCache_ImportObject(token->cache, object, crlobjc,
- crl_tmpl, crlsize);
+ nssTokenObjectCache_ImportObject(token->cache, object, crlobjc,
+ crl_tmpl, crlsize);
}
return object;
}
NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCRLsBySubject (
- NSSToken *token,
- nssSession *sessionOpt,
- NSSDER *subject,
- nssTokenSearchType searchType,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+nssToken_FindCRLsBySubject(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ NSSDER *subject,
+ nssTokenSearchType searchType,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
CK_OBJECT_CLASS crlobjc = CKO_NSS_CRL;
CK_ATTRIBUTE_PTR attr;
@@ -1215,18 +1228,19 @@ nssToken_FindCRLsBySubject (
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return objects;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ return objects;
}
NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly ||
- searchType == nssTokenSearchType_TokenForced) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly ||
+ searchType == nssTokenSearchType_TokenForced) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
- NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, crlobjc);
+ NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
NSS_CK_TEMPLATE_FINISH(crlobj_template, attr, crlobj_size);
@@ -1237,17 +1251,16 @@ nssToken_FindCRLsBySubject (
}
NSS_IMPLEMENT PRStatus
-nssToken_GetCachedObjectAttributes (
- NSSToken *token,
- NSSArena *arenaOpt,
- nssCryptokiObject *object,
- CK_OBJECT_CLASS objclass,
- CK_ATTRIBUTE_PTR atemplate,
- CK_ULONG atlen
-)
+nssToken_GetCachedObjectAttributes(
+ NSSToken *token,
+ NSSArena *arenaOpt,
+ nssCryptokiObject *object,
+ CK_OBJECT_CLASS objclass,
+ CK_ATTRIBUTE_PTR atemplate,
+ CK_ULONG atlen)
{
if (!token->cache) {
- return PR_FAILURE;
+ return PR_FAILURE;
}
return nssTokenObjectCache_GetObjectAttributes(token->cache, arenaOpt,
object, objclass,
@@ -1255,14 +1268,13 @@ nssToken_GetCachedObjectAttributes (
}
NSS_IMPLEMENT NSSItem *
-nssToken_Digest (
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSAlgorithmAndParameters *ap,
- NSSItem *data,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-)
+nssToken_Digest(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSAlgorithmAndParameters *ap,
+ NSSItem *data,
+ NSSItem *rvOpt,
+ NSSArena *arenaOpt)
{
CK_RV ckrv;
CK_ULONG digestLen;
@@ -1273,15 +1285,15 @@ nssToken_Digest (
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return rvItem;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ return rvItem;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
if (ckrv != CKR_OK) {
- nssSession_ExitMonitor(session);
- return NULL;
+ nssSession_ExitMonitor(session);
+ return NULL;
}
#if 0
/* XXX the standard says this should work, but it doesn't */
@@ -1294,45 +1306,44 @@ nssToken_Digest (
digestLen = 0; /* XXX for now */
digest = NULL;
if (rvOpt) {
- if (rvOpt->size > 0 && rvOpt->size < digestLen) {
- nssSession_ExitMonitor(session);
- /* the error should be bad args */
- return NULL;
- }
- if (rvOpt->data) {
- digest = rvOpt->data;
- }
- digestLen = rvOpt->size;
+ if (rvOpt->size > 0 && rvOpt->size < digestLen) {
+ nssSession_ExitMonitor(session);
+ /* the error should be bad args */
+ return NULL;
+ }
+ if (rvOpt->data) {
+ digest = rvOpt->data;
+ }
+ digestLen = rvOpt->size;
}
if (!digest) {
- digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
- if (!digest) {
- nssSession_ExitMonitor(session);
- return NULL;
- }
- }
- ckrv = CKAPI(epv)->C_Digest(session->handle,
- (CK_BYTE_PTR)data->data,
+ digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
+ if (!digest) {
+ nssSession_ExitMonitor(session);
+ return NULL;
+ }
+ }
+ ckrv = CKAPI(epv)->C_Digest(session->handle,
+ (CK_BYTE_PTR)data->data,
(CK_ULONG)data->size,
(CK_BYTE_PTR)digest,
&digestLen);
nssSession_ExitMonitor(session);
if (ckrv != CKR_OK) {
- nss_ZFreeIf(digest);
- return NULL;
+ nss_ZFreeIf(digest);
+ return NULL;
}
if (!rvOpt) {
- rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
+ rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
}
return rvItem;
}
NSS_IMPLEMENT PRStatus
-nssToken_BeginDigest (
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSAlgorithmAndParameters *ap
-)
+nssToken_BeginDigest(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSAlgorithmAndParameters *ap)
{
CK_RV ckrv;
void *epv = nssToken_GetCryptokiEPV(tok);
@@ -1340,8 +1351,8 @@ nssToken_BeginDigest (
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return PR_FAILURE;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ return PR_FAILURE;
}
nssSession_EnterMonitor(session);
@@ -1351,11 +1362,10 @@ nssToken_BeginDigest (
}
NSS_IMPLEMENT PRStatus
-nssToken_ContinueDigest (
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSItem *item
-)
+nssToken_ContinueDigest(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSItem *item)
{
CK_RV ckrv;
void *epv = nssToken_GetCryptokiEPV(tok);
@@ -1363,25 +1373,24 @@ nssToken_ContinueDigest (
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return PR_FAILURE;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ return PR_FAILURE;
}
nssSession_EnterMonitor(session);
- ckrv = CKAPI(epv)->C_DigestUpdate(session->handle,
- (CK_BYTE_PTR)item->data,
+ ckrv = CKAPI(epv)->C_DigestUpdate(session->handle,
+ (CK_BYTE_PTR)item->data,
(CK_ULONG)item->size);
nssSession_ExitMonitor(session);
return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}
NSS_IMPLEMENT NSSItem *
-nssToken_FinishDigest (
- NSSToken *tok,
- nssSession *sessionOpt,
- NSSItem *rvOpt,
- NSSArena *arenaOpt
-)
+nssToken_FinishDigest(
+ NSSToken *tok,
+ nssSession *sessionOpt,
+ NSSItem *rvOpt,
+ NSSArena *arenaOpt)
{
CK_RV ckrv;
CK_ULONG digestLen;
@@ -1392,72 +1401,70 @@ nssToken_FinishDigest (
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ return NULL;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen);
if (ckrv != CKR_OK || digestLen == 0) {
- nssSession_ExitMonitor(session);
- return NULL;
+ nssSession_ExitMonitor(session);
+ return NULL;
}
digest = NULL;
if (rvOpt) {
- if (rvOpt->size > 0 && rvOpt->size < digestLen) {
- nssSession_ExitMonitor(session);
- /* the error should be bad args */
- return NULL;
- }
- if (rvOpt->data) {
- digest = rvOpt->data;
- }
- digestLen = rvOpt->size;
+ if (rvOpt->size > 0 && rvOpt->size < digestLen) {
+ nssSession_ExitMonitor(session);
+ /* the error should be bad args */
+ return NULL;
+ }
+ if (rvOpt->data) {
+ digest = rvOpt->data;
+ }
+ digestLen = rvOpt->size;
}
if (!digest) {
- digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
- if (!digest) {
- nssSession_ExitMonitor(session);
- return NULL;
- }
+ digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
+ if (!digest) {
+ nssSession_ExitMonitor(session);
+ return NULL;
+ }
}
ckrv = CKAPI(epv)->C_DigestFinal(session->handle, digest, &digestLen);
nssSession_ExitMonitor(session);
if (ckrv != CKR_OK) {
- nss_ZFreeIf(digest);
- return NULL;
+ nss_ZFreeIf(digest);
+ return NULL;
}
if (!rvOpt) {
- rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
+ rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
}
return rvItem;
}
NSS_IMPLEMENT PRBool
-nssToken_IsPresent (
- NSSToken *token
-)
+nssToken_IsPresent(
+ NSSToken *token)
{
return nssSlot_IsTokenPresent(token->slot);
}
/* Sigh. The methods to find objects declared above cause problems with
- * the low-level object cache in the softoken -- the objects are found in
- * toto, then one wave of GetAttributes is done, then another. Having a
- * large number of objects causes the cache to be thrashed, as the objects
+ * the low-level object cache in the softoken -- the objects are found in
+ * toto, then one wave of GetAttributes is done, then another. Having a
+ * large number of objects causes the cache to be thrashed, as the objects
* are gone before there's any chance to ask for their attributes.
- * So, for now, bringing back traversal methods for certs. This way all of
+ * So, for now, bringing back traversal methods for certs. This way all of
* the cert's attributes can be grabbed immediately after finding it,
* increasing the likelihood that the cache takes care of it.
*/
NSS_IMPLEMENT PRStatus
-nssToken_TraverseCertificates (
- NSSToken *token,
- nssSession *sessionOpt,
- nssTokenSearchType searchType,
- PRStatus (* callback)(nssCryptokiObject *instance, void *arg),
- void *arg
-)
+nssToken_TraverseCertificates(
+ NSSToken *token,
+ nssSession *sessionOpt,
+ nssTokenSearchType searchType,
+ PRStatus (*callback)(nssCryptokiObject *instance, void *arg),
+ void *arg)
{
CK_RV ckrv;
CK_ULONG count;
@@ -1473,17 +1480,18 @@ nssToken_TraverseCertificates (
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
- PORT_SetError(SEC_ERROR_NO_TOKEN);
- return PR_FAILURE;
+ PORT_SetError(SEC_ERROR_NO_TOKEN);
+ return PR_FAILURE;
}
/* template for all certs */
NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
if (searchType == nssTokenSearchType_SessionOnly) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
- } else if (searchType == nssTokenSearchType_TokenOnly ||
- searchType == nssTokenSearchType_TokenForced) {
- NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+ }
+ else if (searchType == nssTokenSearchType_TokenOnly ||
+ searchType == nssTokenSearchType_TokenForced) {
+ NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
@@ -1491,62 +1499,62 @@ nssToken_TraverseCertificates (
/* the arena is only for the array of object handles */
arena = nssArena_Create();
if (!arena) {
- return PR_FAILURE;
+ return PR_FAILURE;
}
arraySize = OBJECT_STACK_SIZE;
numHandles = 0;
objectHandles = nss_ZNEWARRAY(arena, CK_OBJECT_HANDLE, arraySize);
if (!objectHandles) {
- goto loser;
+ goto loser;
}
nssSession_EnterMonitor(session); /* ==== session lock === */
/* Initialize the find with the template */
- ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle,
+ ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle,
cert_template, ctsize);
if (ckrv != CKR_OK) {
- nssSession_ExitMonitor(session);
- goto loser;
+ nssSession_ExitMonitor(session);
+ goto loser;
}
while (PR_TRUE) {
- /* Issue the find for up to arraySize - numHandles objects */
- ckrv = CKAPI(epv)->C_FindObjects(session->handle,
- objectHandles + numHandles,
- arraySize - numHandles,
- &count);
- if (ckrv != CKR_OK) {
- nssSession_ExitMonitor(session);
- goto loser;
- }
- /* bump the number of found objects */
- numHandles += count;
- if (numHandles < arraySize) {
- break;
- }
- /* the array is filled, double it and continue */
- arraySize *= 2;
- objectHandles = nss_ZREALLOCARRAY(objectHandles,
- CK_OBJECT_HANDLE,
- arraySize);
- if (!objectHandles) {
- nssSession_ExitMonitor(session);
- goto loser;
- }
+ /* Issue the find for up to arraySize - numHandles objects */
+ ckrv = CKAPI(epv)->C_FindObjects(session->handle,
+ objectHandles + numHandles,
+ arraySize - numHandles,
+ &count);
+ if (ckrv != CKR_OK) {
+ nssSession_ExitMonitor(session);
+ goto loser;
+ }
+ /* bump the number of found objects */
+ numHandles += count;
+ if (numHandles < arraySize) {
+ break;
+ }
+ /* the array is filled, double it and continue */
+ arraySize *= 2;
+ objectHandles = nss_ZREALLOCARRAY(objectHandles,
+ CK_OBJECT_HANDLE,
+ arraySize);
+ if (!objectHandles) {
+ nssSession_ExitMonitor(session);
+ goto loser;
+ }
}
ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle);
nssSession_ExitMonitor(session); /* ==== end session lock === */
if (ckrv != CKR_OK) {
- goto loser;
+ goto loser;
}
if (numHandles > 0) {
- objects = create_objects_from_handles(token, session,
- objectHandles, numHandles);
- if (objects) {
- nssCryptokiObject **op;
- for (op = objects; *op; op++) {
- (void)(*callback)(*op, arg);
- }
- nss_ZFreeIf(objects);
- }
+ objects = create_objects_from_handles(token, session,
+ objectHandles, numHandles);
+ if (objects) {
+ nssCryptokiObject **op;
+ for (op = objects; *op; op++) {
+ (void)(*callback)(*op, arg);
+ }
+ nss_ZFreeIf(objects);
+ }
}
nssArena_Destroy(arena);
return PR_SUCCESS;
@@ -1556,24 +1564,25 @@ loser:
}
NSS_IMPLEMENT PRBool
-nssToken_IsPrivateKeyAvailable (
- NSSToken *token,
- NSSCertificate *c,
- nssCryptokiObject *instance
-)
+nssToken_IsPrivateKeyAvailable(
+ NSSToken *token,
+ NSSCertificate *c,
+ nssCryptokiObject *instance)
{
CK_OBJECT_CLASS theClass;
- if (token == NULL) return PR_FALSE;
- if (c == NULL) return PR_FALSE;
+ if (token == NULL)
+ return PR_FALSE;
+ if (c == NULL)
+ return PR_FALSE;
theClass = CKO_PRIVATE_KEY;
if (!nssSlot_IsLoggedIn(token->slot)) {
- theClass = CKO_PUBLIC_KEY;
+ theClass = CKO_PUBLIC_KEY;
}
- if (PK11_MatchItem(token->pk11slot, instance->handle, theClass)
- != CK_INVALID_HANDLE) {
- return PR_TRUE;
+ if (PK11_MatchItem(token->pk11slot, instance->handle, theClass) !=
+ CK_INVALID_HANDLE) {
+ return PR_TRUE;
}
return PR_FALSE;
}
diff --git a/lib/dev/devutil.c b/lib/dev/devutil.c
index 400b69d7c..980aa2852 100644
--- a/lib/dev/devutil.c
+++ b/lib/dev/devutil.c
@@ -11,31 +11,30 @@
#endif /* CKHELPER_H */
NSS_IMPLEMENT nssCryptokiObject *
-nssCryptokiObject_Create (
- NSSToken *t,
- nssSession *session,
- CK_OBJECT_HANDLE h
-)
+nssCryptokiObject_Create(
+ NSSToken *t,
+ nssSession *session,
+ CK_OBJECT_HANDLE h)
{
PRStatus status;
NSSSlot *slot;
nssCryptokiObject *object;
CK_BBOOL *isTokenObject;
CK_ATTRIBUTE cert_template[] = {
- { CKA_TOKEN, NULL, 0 },
- { CKA_LABEL, NULL, 0 }
+ { CKA_TOKEN, NULL, 0 },
+ { CKA_LABEL, NULL, 0 }
};
slot = nssToken_GetSlot(t);
status = nssCKObject_GetAttributes(h, cert_template, 2,
NULL, session, slot);
nssSlot_Destroy(slot);
if (status != PR_SUCCESS) {
- /* a failure here indicates a device error */
- return (nssCryptokiObject *)NULL;
+ /* a failure here indicates a device error */
+ return (nssCryptokiObject *)NULL;
}
object = nss_ZNEW(NULL, nssCryptokiObject);
if (!object) {
- return (nssCryptokiObject *)NULL;
+ return (nssCryptokiObject *)NULL;
}
object->handle = h;
object->token = nssToken_AddRef(t);
@@ -47,40 +46,37 @@ nssCryptokiObject_Create (
}
NSS_IMPLEMENT void
-nssCryptokiObject_Destroy (
- nssCryptokiObject *object
-)
+nssCryptokiObject_Destroy(
+ nssCryptokiObject *object)
{
if (object) {
- nssToken_Destroy(object->token);
- nss_ZFreeIf(object->label);
- nss_ZFreeIf(object);
+ nssToken_Destroy(object->token);
+ nss_ZFreeIf(object->label);
+ nss_ZFreeIf(object);
}
}
NSS_IMPLEMENT nssCryptokiObject *
-nssCryptokiObject_Clone (
- nssCryptokiObject *object
-)
+nssCryptokiObject_Clone(
+ nssCryptokiObject *object)
{
nssCryptokiObject *rvObject;
rvObject = nss_ZNEW(NULL, nssCryptokiObject);
if (rvObject) {
- rvObject->handle = object->handle;
- rvObject->token = nssToken_AddRef(object->token);
- rvObject->isTokenObject = object->isTokenObject;
- if (object->label) {
- rvObject->label = nssUTF8_Duplicate(object->label, NULL);
- }
+ rvObject->handle = object->handle;
+ rvObject->token = nssToken_AddRef(object->token);
+ rvObject->isTokenObject = object->isTokenObject;
+ if (object->label) {
+ rvObject->label = nssUTF8_Duplicate(object->label, NULL);
+ }
}
return rvObject;
}
NSS_EXTERN PRBool
-nssCryptokiObject_Equal (
- nssCryptokiObject *o1,
- nssCryptokiObject *o2
-)
+nssCryptokiObject_Equal(
+ nssCryptokiObject *o1,
+ nssCryptokiObject *o2)
{
return (o1->token == o2->token && o1->handle == o2->handle);
}
@@ -89,9 +85,10 @@ NSS_IMPLEMENT PRUint32
nssPKCS11String_Length(CK_CHAR *pkcs11Str, PRUint32 bufLen)
{
PRInt32 i;
- for (i = bufLen - 1; i>=0; ) {
- if (pkcs11Str[i] != ' ' && pkcs11Str[i] != '\0') break;
- --i;
+ for (i = bufLen - 1; i >= 0;) {
+ if (pkcs11Str[i] != ' ' && pkcs11Str[i] != '\0')
+ break;
+ --i;
}
return (PRUint32)(i + 1);
}
@@ -101,126 +98,118 @@ nssPKCS11String_Length(CK_CHAR *pkcs11Str, PRUint32 bufLen)
*/
NSS_IMPLEMENT NSSSlot **
-nssSlotArray_Clone (
- NSSSlot **slots
-)
+nssSlotArray_Clone(
+ NSSSlot **slots)
{
NSSSlot **rvSlots = NULL;
NSSSlot **sp = slots;
PRUint32 count = 0;
- while (sp && *sp) count++;
+ while (sp && *sp)
+ count++;
if (count > 0) {
- rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
- if (rvSlots) {
- for (sp = slots, count = 0; *sp; sp++) {
- rvSlots[count++] = nssSlot_AddRef(*sp);
- }
- }
+ rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
+ if (rvSlots) {
+ for (sp = slots, count = 0; *sp; sp++) {
+ rvSlots[count++] = nssSlot_AddRef(*sp);
+ }
+ }
}
return rvSlots;
}
NSS_IMPLEMENT void
-nssSlotArray_Destroy (
- NSSSlot **slots
-)
+nssSlotArray_Destroy(
+ NSSSlot **slots)
{
if (slots) {
- NSSSlot **slotp;
- for (slotp = slots; *slotp; slotp++) {
- nssSlot_Destroy(*slotp);
- }
- nss_ZFreeIf(slots);
+ NSSSlot **slotp;
+ for (slotp = slots; *slotp; slotp++) {
+ nssSlot_Destroy(*slotp);
+ }
+ nss_ZFreeIf(slots);
}
}
NSS_IMPLEMENT void
-NSSSlotArray_Destroy (
- NSSSlot **slots
-)
+NSSSlotArray_Destroy(
+ NSSSlot **slots)
{
nssSlotArray_Destroy(slots);
}
NSS_IMPLEMENT void
-nssTokenArray_Destroy (
- NSSToken **tokens
-)
+nssTokenArray_Destroy(
+ NSSToken **tokens)
{
if (tokens) {
- NSSToken **tokenp;
- for (tokenp = tokens; *tokenp; tokenp++) {
- nssToken_Destroy(*tokenp);
- }
- nss_ZFreeIf(tokens);
+ NSSToken **tokenp;
+ for (tokenp = tokens; *tokenp; tokenp++) {
+ nssToken_Destroy(*tokenp);
+ }
+ nss_ZFreeIf(tokens);
}
}
NSS_IMPLEMENT void
-NSSTokenArray_Destroy (
- NSSToken **tokens
-)
+NSSTokenArray_Destroy(
+ NSSToken **tokens)
{
nssTokenArray_Destroy(tokens);
}
NSS_IMPLEMENT void
-nssCryptokiObjectArray_Destroy (
- nssCryptokiObject **objects
-)
+nssCryptokiObjectArray_Destroy(
+ nssCryptokiObject **objects)
{
if (objects) {
- nssCryptokiObject **op;
- for (op = objects; *op; op++) {
- nssCryptokiObject_Destroy(*op);
- }
- nss_ZFreeIf(objects);
+ nssCryptokiObject **op;
+ for (op = objects; *op; op++) {
+ nssCryptokiObject_Destroy(*op);
+ }
+ nss_ZFreeIf(objects);
}
}
/* object cache for token */
typedef struct
-{
- NSSArena *arena;
- nssCryptokiObject *object;
- CK_ATTRIBUTE_PTR attributes;
- CK_ULONG numAttributes;
-}
-nssCryptokiObjectAndAttributes;
+ {
+ NSSArena *arena;
+ nssCryptokiObject *object;
+ CK_ATTRIBUTE_PTR attributes;
+ CK_ULONG numAttributes;
+} nssCryptokiObjectAndAttributes;
enum {
- cachedCerts = 0,
- cachedTrust = 1,
- cachedCRLs = 2
+ cachedCerts = 0,
+ cachedTrust = 1,
+ cachedCRLs = 2
} cachedObjectType;
-struct nssTokenObjectCacheStr
-{
- NSSToken *token;
- PZLock *lock;
- PRBool loggedIn;
- PRBool doObjectType[3];
- PRBool searchedObjectType[3];
- nssCryptokiObjectAndAttributes **objects[3];
+struct nssTokenObjectCacheStr {
+ NSSToken *token;
+ PZLock *lock;
+ PRBool loggedIn;
+ PRBool doObjectType[3];
+ PRBool searchedObjectType[3];
+ nssCryptokiObjectAndAttributes **objects[3];
};
NSS_IMPLEMENT nssTokenObjectCache *
-nssTokenObjectCache_Create (
- NSSToken *token,
- PRBool cacheCerts,
- PRBool cacheTrust,
- PRBool cacheCRLs
-)
+nssTokenObjectCache_Create(
+ NSSToken *token,
+ PRBool cacheCerts,
+ PRBool cacheTrust,
+ PRBool cacheCRLs)
{
nssTokenObjectCache *rvCache;
rvCache = nss_ZNEW(NULL, nssTokenObjectCache);
if (!rvCache) {
- goto loser;
+ goto loser;
}
rvCache->lock = PZ_NewLock(nssILockOther); /* XXX */
if (!rvCache->lock) {
- goto loser;
+ goto loser;
}
rvCache->doObjectType[cachedCerts] = cacheCerts;
rvCache->doObjectType[cachedTrust] = cacheTrust;
@@ -233,112 +222,115 @@ loser:
}
static void
-clear_cache (
- nssTokenObjectCache *cache
-)
+clear_cache(
+ nssTokenObjectCache *cache)
{
nssCryptokiObjectAndAttributes **oa;
PRUint32 objectType;
for (objectType = cachedCerts; objectType <= cachedCRLs; objectType++) {
- cache->searchedObjectType[objectType] = PR_FALSE;
- if (!cache->objects[objectType]) {
- continue;
- }
- for (oa = cache->objects[objectType]; *oa; oa++) {
- /* prevent the token from being destroyed */
- (*oa)->object->token = NULL;
- nssCryptokiObject_Destroy((*oa)->object);
- nssArena_Destroy((*oa)->arena);
- }
- nss_ZFreeIf(cache->objects[objectType]);
- cache->objects[objectType] = NULL;
+ cache->searchedObjectType[objectType] = PR_FALSE;
+ if (!cache->objects[objectType]) {
+ continue;
+ }
+ for (oa = cache->objects[objectType]; *oa; oa++) {
+ /* prevent the token from being destroyed */
+ (*oa)->object->token = NULL;
+ nssCryptokiObject_Destroy((*oa)->object);
+ nssArena_Destroy((*oa)->arena);
+ }
+ nss_ZFreeIf(cache->objects[objectType]);
+ cache->objects[objectType] = NULL;
}
}
NSS_IMPLEMENT void
-nssTokenObjectCache_Clear (
- nssTokenObjectCache *cache
-)
+nssTokenObjectCache_Clear(
+ nssTokenObjectCache *cache)
{
if (cache) {
- PZ_Lock(cache->lock);
- clear_cache(cache);
- PZ_Unlock(cache->lock);
+ PZ_Lock(cache->lock);
+ clear_cache(cache);
+ PZ_Unlock(cache->lock);
}
}
NSS_IMPLEMENT void
-nssTokenObjectCache_Destroy (
- nssTokenObjectCache *cache
-)
+nssTokenObjectCache_Destroy(
+ nssTokenObjectCache *cache)
{
if (cache) {
- clear_cache(cache);
- if (cache->lock) {
- PZ_DestroyLock(cache->lock);
- }
- nss_ZFreeIf(cache);
+ clear_cache(cache);
+ if (cache->lock) {
+ PZ_DestroyLock(cache->lock);
+ }
+ nss_ZFreeIf(cache);
}
}
NSS_IMPLEMENT PRBool
-nssTokenObjectCache_HaveObjectClass (
- nssTokenObjectCache *cache,
- CK_OBJECT_CLASS objclass
-)
+nssTokenObjectCache_HaveObjectClass(
+ nssTokenObjectCache *cache,
+ CK_OBJECT_CLASS objclass)
{
PRBool haveIt;
PZ_Lock(cache->lock);
switch (objclass) {
- case CKO_CERTIFICATE: haveIt = cache->doObjectType[cachedCerts]; break;
- case CKO_NETSCAPE_TRUST: haveIt = cache->doObjectType[cachedTrust]; break;
- case CKO_NETSCAPE_CRL: haveIt = cache->doObjectType[cachedCRLs]; break;
- default: haveIt = PR_FALSE;
+ case CKO_CERTIFICATE:
+ haveIt = cache->doObjectType[cachedCerts];
+ break;
+ case CKO_NETSCAPE_TRUST:
+ haveIt = cache->doObjectType[cachedTrust];
+ break;
+ case CKO_NETSCAPE_CRL:
+ haveIt = cache->doObjectType[cachedCRLs];
+ break;
+ default:
+ haveIt = PR_FALSE;
}
PZ_Unlock(cache->lock);
return haveIt;
}
static nssCryptokiObjectAndAttributes **
-create_object_array (
- nssCryptokiObject **objects,
- PRBool *doObjects,
- PRUint32 *numObjects,
- PRStatus *status
-)
+create_object_array(
+ nssCryptokiObject **objects,
+ PRBool *doObjects,
+ PRUint32 *numObjects,
+ PRStatus *status)
{
nssCryptokiObjectAndAttributes **rvOandA = NULL;
*numObjects = 0;
/* There are no objects for this type */
if (!objects || !*objects) {
- *status = PR_SUCCESS;
- return rvOandA;
+ *status = PR_SUCCESS;
+ return rvOandA;
}
- while (*objects++) (*numObjects)++;
+ while (*objects++)
+ (*numObjects)++;
if (*numObjects >= MAX_LOCAL_CACHE_OBJECTS) {
- /* Hit the maximum allowed, so don't use a cache (there are
- * too many objects to make caching worthwhile, presumably, if
- * the token can handle that many objects, it can handle searching.
- */
- *doObjects = PR_FALSE;
- *status = PR_FAILURE;
- *numObjects = 0;
- } else {
- rvOandA = nss_ZNEWARRAY(NULL,
- nssCryptokiObjectAndAttributes *,
- *numObjects + 1);
- *status = rvOandA ? PR_SUCCESS : PR_FAILURE;
+ /* Hit the maximum allowed, so don't use a cache (there are
+ * too many objects to make caching worthwhile, presumably, if
+ * the token can handle that many objects, it can handle searching.
+ */
+ *doObjects = PR_FALSE;
+ *status = PR_FAILURE;
+ *numObjects = 0;
+ }
+ else {
+ rvOandA = nss_ZNEWARRAY(NULL,
+ nssCryptokiObjectAndAttributes *,
+ *numObjects + 1);
+ *status = rvOandA ? PR_SUCCESS : PR_FAILURE;
}
return rvOandA;
}
static nssCryptokiObjectAndAttributes *
-create_object (
- nssCryptokiObject *object,
- const CK_ATTRIBUTE_TYPE *types,
- PRUint32 numTypes,
- PRStatus *status
-)
+create_object(
+ nssCryptokiObject *object,
+ const CK_ATTRIBUTE_TYPE *types,
+ PRUint32 numTypes,
+ PRStatus *status)
{
PRUint32 j;
NSSArena *arena = NULL;
@@ -358,11 +350,11 @@ create_object (
}
arena = nssArena_Create();
if (!arena) {
- goto loser;
+ goto loser;
}
rvCachedObject = nss_ZNEW(arena, nssCryptokiObjectAndAttributes);
if (!rvCachedObject) {
- goto loser;
+ goto loser;
}
rvCachedObject->arena = arena;
/* The cache is tied to the token, and therefore the objects
@@ -372,10 +364,10 @@ create_object (
rvCachedObject->object = object;
rvCachedObject->attributes = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, numTypes);
if (!rvCachedObject->attributes) {
- goto loser;
+ goto loser;
}
- for (j=0; j<numTypes; j++) {
- rvCachedObject->attributes[j].type = types[j];
+ for (j = 0; j < numTypes; j++) {
+ rvCachedObject->attributes[j].type = types[j];
}
*status = nssCKObject_GetAttributes(object->handle,
rvCachedObject->attributes,
@@ -384,7 +376,7 @@ create_object (
session,
slot);
if (*status != PR_SUCCESS) {
- goto loser;
+ goto loser;
}
rvCachedObject->numAttributes = numTypes;
*status = PR_SUCCESS;
@@ -394,10 +386,10 @@ create_object (
loser:
*status = PR_FAILURE;
if (slot) {
- nssSlot_Destroy(slot);
+ nssSlot_Destroy(slot);
}
if (arena)
- nssArena_Destroy(arena);
+ nssArena_Destroy(arena);
return (nssCryptokiObjectAndAttributes *)NULL;
}
@@ -409,7 +401,7 @@ loser:
* +-------------------------+<----------------------+
* | ^ |
* v | |
- * +----------+ slot friendly | token present +----------+
+ * +----------+ slot friendly | token present +----------+
* | cache | -----------------> % ---------------> | cache |
* | unloaded | | loaded |
* +----------+ +----------+
@@ -424,9 +416,8 @@ loser:
/* This function must not be called with cache->lock locked. */
static PRBool
-token_is_present (
- nssTokenObjectCache *cache
-)
+token_is_present(
+ nssTokenObjectCache *cache)
{
NSSSlot *slot = nssToken_GetSlot(cache->token);
PRBool tokenPresent = nssSlot_IsTokenPresent(slot);
@@ -435,92 +426,90 @@ token_is_present (
}
static PRBool
-search_for_objects (
- nssTokenObjectCache *cache
-)
+search_for_objects(
+ nssTokenObjectCache *cache)
{
PRBool doSearch = PR_FALSE;
NSSSlot *slot = nssToken_GetSlot(cache->token);
/* Handle non-friendly slots (slots which require login for objects) */
if (!nssSlot_IsFriendly(slot)) {
- if (nssSlot_IsLoggedIn(slot)) {
- /* Either no state change, or went from !logged in -> logged in */
- cache->loggedIn = PR_TRUE;
- doSearch = PR_TRUE;
- } else {
- if (cache->loggedIn) {
- /* went from logged in -> !logged in, destroy cached objects */
- clear_cache(cache);
- cache->loggedIn = PR_FALSE;
- } /* else no state change, still not logged in, so exit */
- }
- } else {
- /* slot is friendly, thus always available for search */
- doSearch = PR_TRUE;
+ if (nssSlot_IsLoggedIn(slot)) {
+ /* Either no state change, or went from !logged in -> logged in */
+ cache->loggedIn = PR_TRUE;
+ doSearch = PR_TRUE;
+ }
+ else {
+ if (cache->loggedIn) {
+ /* went from logged in -> !logged in, destroy cached objects */
+ clear_cache(cache);
+ cache->loggedIn = PR_FALSE;
+ } /* else no state change, still not logged in, so exit */
+ }
+ }
+ else {
+ /* slot is friendly, thus always available for search */
+ doSearch = PR_TRUE;
}
nssSlot_Destroy(slot);
return doSearch;
}
static nssCryptokiObjectAndAttributes *
-create_cert (
- nssCryptokiObject *object,
- PRStatus *status
-)
+create_cert(
+ nssCryptokiObject *object,
+ PRStatus *status)
{
static const CK_ATTRIBUTE_TYPE certAttr[] = {
- CKA_CLASS,
- CKA_TOKEN,
- CKA_LABEL,
- CKA_CERTIFICATE_TYPE,
- CKA_ID,
- CKA_VALUE,
- CKA_ISSUER,
- CKA_SERIAL_NUMBER,
- CKA_SUBJECT,
- CKA_NETSCAPE_EMAIL
+ CKA_CLASS,
+ CKA_TOKEN,
+ CKA_LABEL,
+ CKA_CERTIFICATE_TYPE,
+ CKA_ID,
+ CKA_VALUE,
+ CKA_ISSUER,
+ CKA_SERIAL_NUMBER,
+ CKA_SUBJECT,
+ CKA_NETSCAPE_EMAIL
};
static const PRUint32 numCertAttr = sizeof(certAttr) / sizeof(certAttr[0]);
return create_object(object, certAttr, numCertAttr, status);
}
static nssCryptokiObjectAndAttributes *
-create_trust (
- nssCryptokiObject *object,
- PRStatus *status
-)
+create_trust(
+ nssCryptokiObject *object,
+ PRStatus *status)
{
static const CK_ATTRIBUTE_TYPE trustAttr[] = {
- CKA_CLASS,
- CKA_TOKEN,
- CKA_LABEL,
- CKA_CERT_SHA1_HASH,
- CKA_CERT_MD5_HASH,
- CKA_ISSUER,
- CKA_SUBJECT,
- CKA_TRUST_SERVER_AUTH,
- CKA_TRUST_CLIENT_AUTH,
- CKA_TRUST_EMAIL_PROTECTION,
- CKA_TRUST_CODE_SIGNING
+ CKA_CLASS,
+ CKA_TOKEN,
+ CKA_LABEL,
+ CKA_CERT_SHA1_HASH,
+ CKA_CERT_MD5_HASH,
+ CKA_ISSUER,
+ CKA_SUBJECT,
+ CKA_TRUST_SERVER_AUTH,
+ CKA_TRUST_CLIENT_AUTH,
+ CKA_TRUST_EMAIL_PROTECTION,
+ CKA_TRUST_CODE_SIGNING
};
static const PRUint32 numTrustAttr = sizeof(trustAttr) / sizeof(trustAttr[0]);
return create_object(object, trustAttr, numTrustAttr, status);
}
static nssCryptokiObjectAndAttributes *
-create_crl (
- nssCryptokiObject *object,
- PRStatus *status
-)
+create_crl(
+ nssCryptokiObject *object,
+ PRStatus *status)
{
static const CK_ATTRIBUTE_TYPE crlAttr[] = {
- CKA_CLASS,
- CKA_TOKEN,
- CKA_LABEL,
- CKA_VALUE,
- CKA_SUBJECT,
- CKA_NETSCAPE_KRL,
- CKA_NETSCAPE_URL
+ CKA_CLASS,
+ CKA_TOKEN,
+ CKA_LABEL,
+ CKA_VALUE,
+ CKA_SUBJECT,
+ CKA_NETSCAPE_KRL,
+ CKA_NETSCAPE_URL
};
static const PRUint32 numCRLAttr = sizeof(crlAttr) / sizeof(crlAttr[0]);
return create_object(object, crlAttr, numCRLAttr, status);
@@ -528,108 +517,104 @@ create_crl (
/* Dispatch to the create function for the object type */
static nssCryptokiObjectAndAttributes *
-create_object_of_type (
- nssCryptokiObject *object,
- PRUint32 objectType,
- PRStatus *status
-)
+create_object_of_type(
+ nssCryptokiObject *object,
+ PRUint32 objectType,
+ PRStatus *status)
{
if (objectType == cachedCerts) {
- return create_cert(object, status);
+ return create_cert(object, status);
}
if (objectType == cachedTrust) {
- return create_trust(object, status);
+ return create_trust(object, status);
}
if (objectType == cachedCRLs) {
- return create_crl(object, status);
+ return create_crl(object, status);
}
return (nssCryptokiObjectAndAttributes *)NULL;
}
static PRStatus
-get_token_objects_for_cache (
- nssTokenObjectCache *cache,
- PRUint32 objectType,
- CK_OBJECT_CLASS objclass
-)
+get_token_objects_for_cache(
+ nssTokenObjectCache *cache,
+ PRUint32 objectType,
+ CK_OBJECT_CLASS objclass)
{
PRStatus status;
nssCryptokiObject **objects;
PRBool *doIt = &cache->doObjectType[objectType];
PRUint32 i, numObjects;
- if (!search_for_objects(cache) ||
- cache->searchedObjectType[objectType] ||
- !cache->doObjectType[objectType])
- {
- /* Either there was a state change that prevents a search
- * (token logged out), or the search was already done,
- * or objects of this type are not being cached.
- */
- return PR_SUCCESS;
+ if (!search_for_objects(cache) ||
+ cache->searchedObjectType[objectType] ||
+ !cache->doObjectType[objectType]) {
+ /* Either there was a state change that prevents a search
+ * (token logged out), or the search was already done,
+ * or objects of this type are not being cached.
+ */
+ return PR_SUCCESS;
}
objects = nssToken_FindObjects(cache->token, NULL, objclass,
nssTokenSearchType_TokenForced,
MAX_LOCAL_CACHE_OBJECTS, &status);
if (status != PR_SUCCESS) {
- return status;
+ return status;
}
cache->objects[objectType] = create_object_array(objects,
doIt,
&numObjects,
&status);
if (status != PR_SUCCESS) {
- nss_ZFreeIf(objects);
- return status;
+ nss_ZFreeIf(objects);
+ return status;
}
- for (i=0; i<numObjects; i++) {
- cache->objects[objectType][i] = create_object_of_type(objects[i],
- objectType,
- &status);
- if (status != PR_SUCCESS) {
- break;
- }
+ for (i = 0; i < numObjects; i++) {
+ cache->objects[objectType][i] = create_object_of_type(objects[i],
+ objectType,
+ &status);
+ if (status != PR_SUCCESS) {
+ break;
+ }
}
if (status == PR_SUCCESS) {
- nss_ZFreeIf(objects);
- } else {
- PRUint32 j;
- for (j=0; j<i; j++) {
- /* sigh */
- nssToken_AddRef(cache->objects[objectType][j]->object->token);
- nssArena_Destroy(cache->objects[objectType][j]->arena);
- }
- nss_ZFreeIf(cache->objects[objectType]);
- cache->objects[objectType] = NULL;
- nssCryptokiObjectArray_Destroy(objects);
+ nss_ZFreeIf(objects);
+ }
+ else {
+ PRUint32 j;
+ for (j = 0; j < i; j++) {
+ /* sigh */
+ nssToken_AddRef(cache->objects[objectType][j]->object->token);
+ nssArena_Destroy(cache->objects[objectType][j]->arena);
+ }
+ nss_ZFreeIf(cache->objects[objectType]);
+ cache->objects[objectType] = NULL;
+ nssCryptokiObjectArray_Destroy(objects);
}
cache->searchedObjectType[objectType] = PR_TRUE;
return status;
}
static CK_ATTRIBUTE_PTR
-find_attribute_in_object (
- nssCryptokiObjectAndAttributes *obj,
- CK_ATTRIBUTE_TYPE attrType
-)
+find_attribute_in_object(
+ nssCryptokiObjectAndAttributes *obj,
+ CK_ATTRIBUTE_TYPE attrType)
{
PRUint32 j;
- for (j=0; j<obj->numAttributes; j++) {
- if (attrType == obj->attributes[j].type) {
- return &obj->attributes[j];
- }
+ for (j = 0; j < obj->numAttributes; j++) {
+ if (attrType == obj->attributes[j].type) {
+ return &obj->attributes[j];
+ }
}
return (CK_ATTRIBUTE_PTR)NULL;
}
/* Find all objects in the array that match the supplied template */
static nssCryptokiObject **
-find_objects_in_array (
- nssCryptokiObjectAndAttributes **objArray,
- CK_ATTRIBUTE_PTR ot,
- CK_ULONG otlen,
- PRUint32 maximumOpt
-)
+find_objects_in_array(
+ nssCryptokiObjectAndAttributes **objArray,
+ CK_ATTRIBUTE_PTR ot,
+ CK_ULONG otlen,
+ PRUint32 maximumOpt)
{
PRIntn oi = 0;
PRUint32 i;
@@ -641,65 +626,65 @@ find_objects_in_array (
CK_ATTRIBUTE_PTR attr;
if (!objArray) {
- return (nssCryptokiObject **)NULL;
+ return (nssCryptokiObject **)NULL;
}
arena = nssArena_Create();
if (!arena) {
- return (nssCryptokiObject **)NULL;
+ return (nssCryptokiObject **)NULL;
}
matches = nss_ZNEWARRAY(arena, nssCryptokiObjectAndAttributes *, size);
if (!matches) {
- goto loser;
+ goto loser;
}
- if (maximumOpt == 0) maximumOpt = ~0;
+ if (maximumOpt == 0)
+ maximumOpt = ~0;
/* loop over the cached objects */
for (; *objArray && numMatches < maximumOpt; objArray++) {
- nssCryptokiObjectAndAttributes *obj = *objArray;
- /* loop over the test template */
- for (i=0; i<otlen; i++) {
- /* see if the object has the attribute */
- attr = find_attribute_in_object(obj, ot[i].type);
- if (!attr) {
- /* nope, match failed */
- break;
- }
- /* compare the attribute against the test value */
- if (ot[i].ulValueLen != attr->ulValueLen ||
- !nsslibc_memequal(ot[i].pValue,
- attr->pValue,
- attr->ulValueLen, NULL))
- {
- /* nope, match failed */
- break;
- }
- }
- if (i == otlen) {
- /* all of the attributes in the test template were found
- * in the object's template, and they all matched
- */
- matches[numMatches++] = obj;
- if (numMatches == size) {
- size *= 2;
- matches = nss_ZREALLOCARRAY(matches,
- nssCryptokiObjectAndAttributes *,
- size);
- if (!matches) {
- goto loser;
- }
- }
- }
+ nssCryptokiObjectAndAttributes *obj = *objArray;
+ /* loop over the test template */
+ for (i = 0; i < otlen; i++) {
+ /* see if the object has the attribute */
+ attr = find_attribute_in_object(obj, ot[i].type);
+ if (!attr) {
+ /* nope, match failed */
+ break;
+ }
+ /* compare the attribute against the test value */
+ if (ot[i].ulValueLen != attr->ulValueLen ||
+ !nsslibc_memequal(ot[i].pValue,
+ attr->pValue,
+ attr->ulValueLen, NULL)) {
+ /* nope, match failed */
+ break;
+ }
+ }
+ if (i == otlen) {
+ /* all of the attributes in the test template were found
+ * in the object's template, and they all matched
+ */
+ matches[numMatches++] = obj;
+ if (numMatches == size) {
+ size *= 2;
+ matches = nss_ZREALLOCARRAY(matches,
+ nssCryptokiObjectAndAttributes *,
+ size);
+ if (!matches) {
+ goto loser;
+ }
+ }
+ }
}
if (numMatches > 0) {
- objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numMatches + 1);
- if (!objects) {
- goto loser;
- }
- for (oi=0; oi<(PRIntn)numMatches; oi++) {
- objects[oi] = nssCryptokiObject_Clone(matches[oi]->object);
- if (!objects[oi]) {
- goto loser;
- }
- }
+ objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numMatches + 1);
+ if (!objects) {
+ goto loser;
+ }
+ for (oi = 0; oi < (PRIntn)numMatches; oi++) {
+ objects[oi] = nssCryptokiObject_Clone(matches[oi]->object);
+ if (!objects[oi]) {
+ goto loser;
+ }
+ }
}
nssArena_Destroy(arena);
return objects;
@@ -710,74 +695,78 @@ loser:
}
NSS_IMPLEMENT nssCryptokiObject **
-nssTokenObjectCache_FindObjectsByTemplate (
- nssTokenObjectCache *cache,
- CK_OBJECT_CLASS objclass,
- CK_ATTRIBUTE_PTR otemplate,
- CK_ULONG otlen,
- PRUint32 maximumOpt,
- PRStatus *statusOpt
-)
+nssTokenObjectCache_FindObjectsByTemplate(
+ nssTokenObjectCache *cache,
+ CK_OBJECT_CLASS objclass,
+ CK_ATTRIBUTE_PTR otemplate,
+ CK_ULONG otlen,
+ PRUint32 maximumOpt,
+ PRStatus *statusOpt)
{
PRStatus status = PR_FAILURE;
nssCryptokiObject **rvObjects = NULL;
PRUint32 objectType;
if (!token_is_present(cache)) {
- status = PR_SUCCESS;
- goto finish;
+ status = PR_SUCCESS;
+ goto finish;
}
switch (objclass) {
- case CKO_CERTIFICATE: objectType = cachedCerts; break;
- case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break;
- case CKO_NETSCAPE_CRL: objectType = cachedCRLs; break;
- default: goto finish;
+ case CKO_CERTIFICATE:
+ objectType = cachedCerts;
+ break;
+ case CKO_NETSCAPE_TRUST:
+ objectType = cachedTrust;
+ break;
+ case CKO_NETSCAPE_CRL:
+ objectType = cachedCRLs;
+ break;
+ default:
+ goto finish;
}
PZ_Lock(cache->lock);
if (cache->doObjectType[objectType]) {
- status = get_token_objects_for_cache(cache, objectType, objclass);
- if (status == PR_SUCCESS) {
- rvObjects = find_objects_in_array(cache->objects[objectType],
- otemplate, otlen, maximumOpt);
- }
+ status = get_token_objects_for_cache(cache, objectType, objclass);
+ if (status == PR_SUCCESS) {
+ rvObjects = find_objects_in_array(cache->objects[objectType],
+ otemplate, otlen, maximumOpt);
+ }
}
PZ_Unlock(cache->lock);
finish:
if (statusOpt) {
- *statusOpt = status;
+ *statusOpt = status;
}
return rvObjects;
}
static PRBool
-cache_available_for_object_type (
- nssTokenObjectCache *cache,
- PRUint32 objectType
-)
+cache_available_for_object_type(
+ nssTokenObjectCache *cache,
+ PRUint32 objectType)
{
if (!cache->doObjectType[objectType]) {
- /* not caching this object kind */
- return PR_FALSE;
+ /* not caching this object kind */
+ return PR_FALSE;
}
if (!cache->searchedObjectType[objectType]) {
- /* objects are not cached yet */
- return PR_FALSE;
+ /* objects are not cached yet */
+ return PR_FALSE;
}
if (!search_for_objects(cache)) {
- /* not logged in */
- return PR_FALSE;
+ /* not logged in */
+ return PR_FALSE;
}
return PR_TRUE;
}
NSS_IMPLEMENT PRStatus
-nssTokenObjectCache_GetObjectAttributes (
- nssTokenObjectCache *cache,
- NSSArena *arenaOpt,
- nssCryptokiObject *object,
- CK_OBJECT_CLASS objclass,
- CK_ATTRIBUTE_PTR atemplate,
- CK_ULONG atlen
-)
+nssTokenObjectCache_GetObjectAttributes(
+ nssTokenObjectCache *cache,
+ NSSArena *arenaOpt,
+ nssCryptokiObject *object,
+ CK_OBJECT_CLASS objclass,
+ CK_ATTRIBUTE_PTR atemplate,
+ CK_ULONG atlen)
{
PRUint32 i, j;
NSSArena *arena = NULL;
@@ -786,87 +775,92 @@ nssTokenObjectCache_GetObjectAttributes (
nssCryptokiObjectAndAttributes **oa = NULL;
PRUint32 objectType;
if (!token_is_present(cache)) {
- return PR_FAILURE;
+ return PR_FAILURE;
}
PZ_Lock(cache->lock);
switch (objclass) {
- case CKO_CERTIFICATE: objectType = cachedCerts; break;
- case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break;
- case CKO_NETSCAPE_CRL: objectType = cachedCRLs; break;
- default: goto loser;
+ case CKO_CERTIFICATE:
+ objectType = cachedCerts;
+ break;
+ case CKO_NETSCAPE_TRUST:
+ objectType = cachedTrust;
+ break;
+ case CKO_NETSCAPE_CRL:
+ objectType = cachedCRLs;
+ break;
+ default:
+ goto loser;
}
if (!cache_available_for_object_type(cache, objectType)) {
- goto loser;
+ goto loser;
}
oa = cache->objects[objectType];
if (!oa) {
- goto loser;
+ goto loser;
}
for (; *oa; oa++) {
- if (nssCryptokiObject_Equal((*oa)->object, object)) {
- cachedOA = *oa;
- break;
- }
+ if (nssCryptokiObject_Equal((*oa)->object, object)) {
+ cachedOA = *oa;
+ break;
+ }
}
if (!cachedOA) {
- goto loser; /* don't have this object */
+ goto loser; /* don't have this object */
}
if (arenaOpt) {
- arena = arenaOpt;
- mark = nssArena_Mark(arena);
- }
- for (i=0; i<atlen; i++) {
- for (j=0; j<cachedOA->numAttributes; j++) {
- if (atemplate[i].type == cachedOA->attributes[j].type) {
- CK_ATTRIBUTE_PTR attr = &cachedOA->attributes[j];
- if (cachedOA->attributes[j].ulValueLen == 0 ||
- cachedOA->attributes[j].ulValueLen == (CK_ULONG)-1)
- {
- break; /* invalid attribute */
- }
- if (atemplate[i].ulValueLen > 0) {
- if (atemplate[i].pValue == NULL ||
- atemplate[i].ulValueLen < attr->ulValueLen)
- {
- goto loser;
- }
- } else {
- atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen);
- if (!atemplate[i].pValue) {
- goto loser;
- }
- }
- nsslibc_memcpy(atemplate[i].pValue,
- attr->pValue, attr->ulValueLen);
- atemplate[i].ulValueLen = attr->ulValueLen;
- break;
- }
- }
- if (j == cachedOA->numAttributes) {
- atemplate[i].ulValueLen = (CK_ULONG)-1;
- }
+ arena = arenaOpt;
+ mark = nssArena_Mark(arena);
+ }
+ for (i = 0; i < atlen; i++) {
+ for (j = 0; j < cachedOA->numAttributes; j++) {
+ if (atemplate[i].type == cachedOA->attributes[j].type) {
+ CK_ATTRIBUTE_PTR attr = &cachedOA->attributes[j];
+ if (cachedOA->attributes[j].ulValueLen == 0 ||
+ cachedOA->attributes[j].ulValueLen == (CK_ULONG)-1) {
+ break; /* invalid attribute */
+ }
+ if (atemplate[i].ulValueLen > 0) {
+ if (atemplate[i].pValue == NULL ||
+ atemplate[i].ulValueLen < attr->ulValueLen) {
+ goto loser;
+ }
+ }
+ else {
+ atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen);
+ if (!atemplate[i].pValue) {
+ goto loser;
+ }
+ }
+ nsslibc_memcpy(atemplate[i].pValue,
+ attr->pValue, attr->ulValueLen);
+ atemplate[i].ulValueLen = attr->ulValueLen;
+ break;
+ }
+ }
+ if (j == cachedOA->numAttributes) {
+ atemplate[i].ulValueLen = (CK_ULONG)-1;
+ }
}
PZ_Unlock(cache->lock);
if (mark) {
- nssArena_Unmark(arena, mark);
+ nssArena_Unmark(arena, mark);
}
return PR_SUCCESS;
loser:
PZ_Unlock(cache->lock);
if (mark) {
- nssArena_Release(arena, mark);
+ nssArena_Release(arena, mark);
}
return PR_FAILURE;
}
NSS_IMPLEMENT PRStatus
-nssTokenObjectCache_ImportObject (
- nssTokenObjectCache *cache,
- nssCryptokiObject *object,
- CK_OBJECT_CLASS objclass,
- CK_ATTRIBUTE_PTR ot,
- CK_ULONG otlen
-)
+nssTokenObjectCache_ImportObject(
+ nssTokenObjectCache *cache,
+ nssCryptokiObject *object,
+ CK_OBJECT_CLASS objclass,
+ CK_ATTRIBUTE_PTR ot,
+ CK_ULONG otlen)
{
PRStatus status = PR_SUCCESS;
PRUint32 count;
@@ -875,133 +869,138 @@ nssTokenObjectCache_ImportObject (
PRBool haveIt = PR_FALSE;
if (!token_is_present(cache)) {
- return PR_SUCCESS; /* cache not active, ignored */
+ return PR_SUCCESS; /* cache not active, ignored */
}
PZ_Lock(cache->lock);
switch (objclass) {
- case CKO_CERTIFICATE: objectType = cachedCerts; break;
- case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break;
- case CKO_NETSCAPE_CRL: objectType = cachedCRLs; break;
- default:
- PZ_Unlock(cache->lock);
- return PR_SUCCESS; /* don't need to import it here */
+ case CKO_CERTIFICATE:
+ objectType = cachedCerts;
+ break;
+ case CKO_NETSCAPE_TRUST:
+ objectType = cachedTrust;
+ break;
+ case CKO_NETSCAPE_CRL:
+ objectType = cachedCRLs;
+ break;
+ default:
+ PZ_Unlock(cache->lock);
+ return PR_SUCCESS; /* don't need to import it here */
}
if (!cache_available_for_object_type(cache, objectType)) {
- PZ_Unlock(cache->lock);
- return PR_SUCCESS; /* cache not active, ignored */
+ PZ_Unlock(cache->lock);
+ return PR_SUCCESS; /* cache not active, ignored */
}
count = 0;
otype = &cache->objects[objectType]; /* index into array of types */
- oa = *otype; /* the array of objects for this type */
+ oa = *otype; /* the array of objects for this type */
while (oa && *oa) {
- if (nssCryptokiObject_Equal((*oa)->object, object)) {
- haveIt = PR_TRUE;
- break;
- }
- count++;
- oa++;
+ if (nssCryptokiObject_Equal((*oa)->object, object)) {
+ haveIt = PR_TRUE;
+ break;
+ }
+ count++;
+ oa++;
}
if (haveIt) {
- /* Destroy the old entry */
- (*oa)->object->token = NULL;
- nssCryptokiObject_Destroy((*oa)->object);
- nssArena_Destroy((*oa)->arena);
- } else {
- /* Create space for a new entry */
- if (count > 0) {
- *otype = nss_ZREALLOCARRAY(*otype,
- nssCryptokiObjectAndAttributes *,
- count + 2);
- } else {
- *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2);
- }
+ /* Destroy the old entry */
+ (*oa)->object->token = NULL;
+ nssCryptokiObject_Destroy((*oa)->object);
+ nssArena_Destroy((*oa)->arena);
+ }
+ else {
+ /* Create space for a new entry */
+ if (count > 0) {
+ *otype = nss_ZREALLOCARRAY(*otype,
+ nssCryptokiObjectAndAttributes *,
+ count + 2);
+ }
+ else {
+ *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2);
+ }
}
if (*otype) {
- nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object);
- (*otype)[count] = create_object_of_type(copyObject, objectType,
- &status);
- } else {
- status = PR_FAILURE;
+ nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object);
+ (*otype)[count] = create_object_of_type(copyObject, objectType,
+ &status);
+ }
+ else {
+ status = PR_FAILURE;
}
PZ_Unlock(cache->lock);
return status;
}
NSS_IMPLEMENT void
-nssTokenObjectCache_RemoveObject (
- nssTokenObjectCache *cache,
- nssCryptokiObject *object
-)
+nssTokenObjectCache_RemoveObject(
+ nssTokenObjectCache *cache,
+ nssCryptokiObject *object)
{
PRUint32 oType;
nssCryptokiObjectAndAttributes **oa, **swp = NULL;
if (!token_is_present(cache)) {
- return;
+ return;
}
PZ_Lock(cache->lock);
- for (oType=0; oType<3; oType++) {
- if (!cache_available_for_object_type(cache, oType) ||
- !cache->objects[oType])
- {
- continue;
- }
- for (oa = cache->objects[oType]; *oa; oa++) {
- if (nssCryptokiObject_Equal((*oa)->object, object)) {
- swp = oa; /* the entry to remove */
- while (oa[1]) oa++; /* go to the tail */
- (*swp)->object->token = NULL;
- nssCryptokiObject_Destroy((*swp)->object);
- nssArena_Destroy((*swp)->arena); /* destroy it */
- *swp = *oa; /* swap the last with the removed */
- *oa = NULL; /* null-terminate the array */
- break;
- }
- }
- if (swp) {
- break;
- }
- }
- if ((oType <3) &&
- cache->objects[oType] && cache->objects[oType][0] == NULL) {
- nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */
- cache->objects[oType] = NULL;
+ for (oType = 0; oType < 3; oType++) {
+ if (!cache_available_for_object_type(cache, oType) ||
+ !cache->objects[oType]) {
+ continue;
+ }
+ for (oa = cache->objects[oType]; *oa; oa++) {
+ if (nssCryptokiObject_Equal((*oa)->object, object)) {
+ swp = oa; /* the entry to remove */
+ while (oa[1])
+ oa++; /* go to the tail */
+ (*swp)->object->token = NULL;
+ nssCryptokiObject_Destroy((*swp)->object);
+ nssArena_Destroy((*swp)->arena); /* destroy it */
+ *swp = *oa; /* swap the last with the removed */
+ *oa = NULL; /* null-terminate the array */
+ break;
+ }
+ }
+ if (swp) {
+ break;
+ }
+ }
+ if ((oType < 3) &&
+ cache->objects[oType] && cache->objects[oType][0] == NULL) {
+ nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */
+ cache->objects[oType] = NULL;
}
PZ_Unlock(cache->lock);
}
/* These two hash algorithms are presently sufficient.
-** They are used for fingerprints of certs which are stored as the
+** They are used for fingerprints of certs which are stored as the
** CKA_CERT_SHA1_HASH and CKA_CERT_MD5_HASH attributes.
** We don't need to add SHAxxx to these now.
*/
/* XXX of course this doesn't belong here */
NSS_IMPLEMENT NSSAlgorithmAndParameters *
-NSSAlgorithmAndParameters_CreateSHA1Digest (
- NSSArena *arenaOpt
-)
+NSSAlgorithmAndParameters_CreateSHA1Digest(
+ NSSArena *arenaOpt)
{
NSSAlgorithmAndParameters *rvAP = NULL;
rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters);
if (rvAP) {
- rvAP->mechanism.mechanism = CKM_SHA_1;
- rvAP->mechanism.pParameter = NULL;
- rvAP->mechanism.ulParameterLen = 0;
+ rvAP->mechanism.mechanism = CKM_SHA_1;
+ rvAP->mechanism.pParameter = NULL;
+ rvAP->mechanism.ulParameterLen = 0;
}
return rvAP;
}
NSS_IMPLEMENT NSSAlgorithmAndParameters *
-NSSAlgorithmAndParameters_CreateMD5Digest (
- NSSArena *arenaOpt
-)
+NSSAlgorithmAndParameters_CreateMD5Digest(
+ NSSArena *arenaOpt)
{
NSSAlgorithmAndParameters *rvAP = NULL;
rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters);
if (rvAP) {
- rvAP->mechanism.mechanism = CKM_MD5;
- rvAP->mechanism.pParameter = NULL;
- rvAP->mechanism.ulParameterLen = 0;
+ rvAP->mechanism.mechanism = CKM_MD5;
+ rvAP->mechanism.pParameter = NULL;
+ rvAP->mechanism.ulParameterLen = 0;
}
return rvAP;
}
-
diff --git a/lib/dev/nssdev.h b/lib/dev/nssdev.h
index 4b3d9a330..1066ec6cd 100644
--- a/lib/dev/nssdev.h
+++ b/lib/dev/nssdev.h
@@ -24,16 +24,12 @@ PR_BEGIN_EXTERN_C
*/
NSS_EXTERN NSSAlgorithmAndParameters *
-NSSAlgorithmAndParameters_CreateSHA1Digest
-(
- NSSArena *arenaOpt
-);
+NSSAlgorithmAndParameters_CreateSHA1Digest(
+ NSSArena *arenaOpt);
NSS_EXTERN NSSAlgorithmAndParameters *
-NSSAlgorithmAndParameters_CreateMD5Digest
-(
- NSSArena *arenaOpt
-);
+NSSAlgorithmAndParameters_CreateMD5Digest(
+ NSSArena *arenaOpt);
PR_END_EXTERN_C
View Lorry Controller Status