diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2003-03-04 22:36:34 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2003-03-04 22:36:34 +0000 |
commit | e5f6b12be8cf09fb80617f548eb9a183f0118e71 (patch) | |
tree | 50c844749f10149745e513a9f30d7617af0bbcbd | |
parent | 66a2bc68e203a5e56e823fd02578cd586f495e5f (diff) | |
download | nss-hg-e5f6b12be8cf09fb80617f548eb9a183f0118e71.tar.gz |
support objects having multiple VD instances
-rw-r--r-- | security/nss/lib/pki/asymmkey.c | 12 | ||||
-rw-r--r-- | security/nss/lib/pki/cert.c | 178 | ||||
-rw-r--r-- | security/nss/lib/pki/cryptocontext.c | 8 | ||||
-rw-r--r-- | security/nss/lib/pki/pki.h | 14 | ||||
-rw-r--r-- | security/nss/lib/pki/pkibase.c | 123 | ||||
-rw-r--r-- | security/nss/lib/pki/pkim.h | 21 | ||||
-rw-r--r-- | security/nss/lib/pki/pkitm.h | 4 | ||||
-rw-r--r-- | security/nss/lib/pki/symkey.c | 19 | ||||
-rw-r--r-- | security/nss/lib/pki/volatiledomain.c | 4 |
9 files changed, 166 insertions, 217 deletions
diff --git a/security/nss/lib/pki/asymmkey.c b/security/nss/lib/pki/asymmkey.c index 04a8c67c0..515bcf368 100644 --- a/security/nss/lib/pki/asymmkey.c +++ b/security/nss/lib/pki/asymmkey.c @@ -232,7 +232,7 @@ nssPrivateKey_SetVolatileDomain ( NSSVolatileDomain *vd ) { - vk->object.vd = vd; /* volatile domain holds ref */ + nssPKIObject_SetVolatileDomain(&vk->object, vd); } NSS_IMPLEMENT PRStatus @@ -573,13 +573,17 @@ cleanup: return rvKey; } -NSS_IMPLEMENT NSSVolatileDomain * +NSS_IMPLEMENT NSSVolatileDomain ** nssPrivateKey_GetVolatileDomain ( NSSPrivateKey *vk, + NSSVolatileDomain **vdsOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt, PRStatus *statusOpt ) { - return nssPKIObject_GetVolatileDomain(&vk->object, statusOpt); + return nssPKIObject_GetVolatileDomains(&vk->object, vdsOpt, + maximumOpt, arenaOpt, statusOpt); } NSS_IMPLEMENT NSSTrustDomain * @@ -1148,7 +1152,7 @@ nssPublicKey_SetVolatileDomain ( NSSVolatileDomain *vd ) { - bk->object.vd = vd; /* volatile domain holds ref */ + nssPKIObject_SetVolatileDomain(&bk->object, vd); } NSS_IMPLEMENT PRStatus diff --git a/security/nss/lib/pki/cert.c b/security/nss/lib/pki/cert.c index f965b2f9b..fd49184cb 100644 --- a/security/nss/lib/pki/cert.c +++ b/security/nss/lib/pki/cert.c @@ -414,15 +414,6 @@ nssCert_GetNickname ( return nssPKIObject_GetNickname(&c->object, tokenOpt); } -NSS_IMPLEMENT NSSToken * -nssCert_GetWriteToken ( - NSSCert *c, - nssSession **rvSessionOpt -) -{ - return nssPKIObject_GetWriteToken(&c->object, rvSessionOpt); -} - NSS_IMPLEMENT NSSUTF8 * NSSCert_GetNickname ( NSSCert *c, @@ -687,17 +678,20 @@ nssCert_SetVolatileDomain ( NSSVolatileDomain *vd ) { - c->object.vd = vd; /* volatile domain holds ref to cert */ - c->object.td = nssVolatileDomain_GetTrustDomain(vd); + nssPKIObject_SetVolatileDomain(&c->object, vd); } -NSS_IMPLEMENT NSSVolatileDomain * -nssCert_GetVolatileDomain ( +NSS_IMPLEMENT NSSVolatileDomain ** +nssCert_GetVolatileDomains( NSSCert *c, + NSSVolatileDomain **vdsOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt, PRStatus *statusOpt ) { - return nssPKIObject_GetVolatileDomain(&c->object, statusOpt); + return nssPKIObject_GetVolatileDomains(&c->object, vdsOpt, + maximumOpt, arenaOpt, statusOpt); } NSS_IMPLEMENT NSSTrustDomain * @@ -1194,7 +1188,8 @@ find_cert_issuer ( NSSCert *issuer = NULL; NSSTrustDomain *td; NSSVolatileDomain *vd; - vd = nssCert_GetVolatileDomain(c, NULL); + /* XXX what to do with multiple vds? */ + nssCert_GetVolatileDomains(c, &vd, 1, NULL, NULL); td = nssCert_GetTrustDomain(c); if (vd) { issuers = nssVolatileDomain_FindCertsBySubject(vd, &c->issuer, @@ -1429,7 +1424,9 @@ nssCert_GetPublicKey ( { PRStatus status; NSSTrustDomain *td = nssCert_GetTrustDomain(c); - NSSVolatileDomain *vd = nssCert_GetVolatileDomain(c, NULL); + NSSVolatileDomain *vd; + /* XXX multiple vds? */ + nssCert_GetVolatileDomains(c, &vd, 1, NULL, NULL); if (!c->bk && c->id.size > 0) { /* first try looking for a persistent object */ @@ -1607,152 +1604,3 @@ NSSUserCert_DeriveSymKey ( return NULL; } -struct nssSMIMEProfileStr -{ - nssPKIObject object; - NSSCert *certificate; - NSSASCII7 *email; - NSSDER *subject; - NSSItem *profileTime; - NSSItem *profileData; -}; - -NSS_IMPLEMENT nssSMIMEProfile * -nssSMIMEProfile_Create ( - NSSCert *cert, - NSSItem *profileTime, - NSSItem *profileData -) -{ -#if 0 - NSSArena *arena; - nssSMIMEProfile *rvProfile; - nssPKIObject *object; - NSSTrustDomain *td = nssCert_GetTrustDomain(cert); - NSSCryptoContext *cc = nssCert_GetCryptoContext(cert); - arena = nssArena_Create(); - if (!arena) { - return NULL; - } - object = nssPKIObject_Create(arena, NULL, td, cc); - if (!object) { - goto loser; - } - rvProfile = nss_ZNEW(arena, nssSMIMEProfile); - if (!rvProfile) { - goto loser; - } - rvProfile->object = *object; - rvProfile->certificate = cert; - rvProfile->email = nssUTF8_Duplicate(cert->email, arena); - rvProfile->subject = nssItem_Duplicate(&cert->subject, arena, NULL); - if (profileTime) { - rvProfile->profileTime = nssItem_Duplicate(profileTime, arena, NULL); - } - if (profileData) { - rvProfile->profileData = nssItem_Duplicate(profileData, arena, NULL); - } - return rvProfile; -loser: - nssPKIObject_Destroy(object); -#endif - return (nssSMIMEProfile *)NULL; -} - -NSS_IMPLEMENT nssSMIMEProfile * -nssSMIMEProfile_AddRef ( - nssSMIMEProfile *profile -) -{ - if (profile) { - nssPKIObject_AddRef(&profile->object); - } - return profile; -} - -NSS_IMPLEMENT PRStatus -nssSMIMEProfile_Destroy ( - nssSMIMEProfile *profile -) -{ - if (profile) { - (void)nssPKIObject_Destroy(&profile->object); - } - return PR_SUCCESS; -} - -struct NSSCRLStr { - nssPKIObject object; - NSSDER encoding; - NSSUTF8 *url; - PRBool isKRL; -}; - -NSS_IMPLEMENT NSSCRL * -nssCRL_Create ( - nssPKIObject *object -) -{ - PRStatus status; - NSSCRL *rvCRL; - NSSArena *arena = object->arena; - PR_ASSERT(object->instances != NULL && object->numInstances > 0); - rvCRL = nss_ZNEW(arena, NSSCRL); - if (!rvCRL) { - return (NSSCRL *)NULL; - } - rvCRL->object = *object; - /* XXX should choose instance based on some criteria */ - status = nssCryptokiCRL_GetAttributes(object->instances[0], - arena, - &rvCRL->encoding, - &rvCRL->url, - &rvCRL->isKRL); - if (status != PR_SUCCESS) { - return (NSSCRL *)NULL; - } - return rvCRL; -} - -NSS_IMPLEMENT NSSCRL * -nssCRL_AddRef ( - NSSCRL *crl -) -{ - if (crl) { - nssPKIObject_AddRef(&crl->object); - } - return crl; -} - -NSS_IMPLEMENT PRStatus -nssCRL_Destroy ( - NSSCRL *crl -) -{ - if (crl) { - (void)nssPKIObject_Destroy(&crl->object); - } - return PR_SUCCESS; -} - -NSS_IMPLEMENT PRStatus -nssCRL_DeleteStoredObject ( - NSSCRL *crl, - NSSCallback *uhh -) -{ - return nssPKIObject_DeleteStoredObject(&crl->object, uhh, PR_TRUE); -} - -NSS_IMPLEMENT NSSDER * -nssCRL_GetEncoding ( - NSSCRL *crl -) -{ - if (crl->encoding.data != NULL && crl->encoding.size > 0) { - return &crl->encoding; - } else { - return (NSSDER *)NULL; - } -} diff --git a/security/nss/lib/pki/cryptocontext.c b/security/nss/lib/pki/cryptocontext.c index 7888b8957..659a469fe 100644 --- a/security/nss/lib/pki/cryptocontext.c +++ b/security/nss/lib/pki/cryptocontext.c @@ -122,7 +122,9 @@ nssCryptoContext_CreateForSymKey ( { NSSCryptoContext *rvCC; NSSTrustDomain *td = nssSymKey_GetTrustDomain(mkey, NULL); - NSSVolatileDomain *vd = nssSymKey_GetVolatileDomain(mkey, NULL); + /* XXX multiple vds? */ + NSSVolatileDomain *vd; + nssSymKey_GetVolatileDomains(mkey, &vd, 1, NULL, NULL); rvCC = nssCryptoContext_Create(td, vd, apOpt, uhhOpt); if (rvCC) { @@ -142,7 +144,9 @@ nssCryptoContext_CreateForPrivateKey ( { NSSCryptoContext *rvCC; NSSTrustDomain *td = nssPrivateKey_GetTrustDomain(vkey, NULL); - NSSVolatileDomain *vd = nssPrivateKey_GetVolatileDomain(vkey, NULL); + /* XXX multiple vds? */ + NSSVolatileDomain *vd; + nssPrivateKey_GetVolatileDomains(vkey, &vd, 1, NULL, NULL); rvCC = nssCryptoContext_Create(td, vd, apOpt, uhhOpt); if (rvCC) { diff --git a/security/nss/lib/pki/pki.h b/security/nss/lib/pki/pki.h index 54e35d6b8..22c459aa1 100644 --- a/security/nss/lib/pki/pki.h +++ b/security/nss/lib/pki/pki.h @@ -281,9 +281,12 @@ nssPrivateKey_GetTrustDomain ( PRStatus *statusOpt ); -NSS_EXTERN NSSVolatileDomain * -nssPrivateKey_GetVolatileDomain ( +NSS_EXTERN NSSVolatileDomain ** +nssPrivateKey_GetVolatileDomains ( NSSPrivateKey *vk, + NSSVolatileDomain **vdsOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt, PRStatus *statusOpt ); @@ -322,9 +325,12 @@ nssSymKey_AddRef ( NSSSymKey *mk ); -NSS_EXTERN NSSVolatileDomain * -nssSymKey_GetVolatileDomain ( +NSS_EXTERN NSSVolatileDomain ** +nssSymKey_GetVolatileDomains ( NSSSymKey *mk, + NSSVolatileDomain **vdsOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt, PRStatus *statusOpt ); diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index e3e240547..7c13cb600 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -43,6 +43,11 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #include "pkim.h" #endif /* PKIM_H */ +struct volatile_domain_instance_str { + PRCList link; + NSSVolatileDomain *vd; +}; + NSS_IMPLEMENT nssPKIObject * nssPKIObject_Create ( NSSTrustDomain *td, @@ -491,49 +496,109 @@ nssPKIObject_GetTrustDomain ( return object->td; } -NSS_IMPLEMENT NSSVolatileDomain * -nssPKIObject_GetVolatileDomain ( +static PRBool +object_is_in_vd(nssPKIObject *object, NSSVolatileDomain *vd) +{ + PRCList *link; + PRBool inVD = PR_FALSE; + struct volatile_domain_instance_str *vdInstance; + + link = PR_NEXT_LINK(&object->vds); + while (link != &object->vds) { + vdInstance = (struct volatile_domain_instance_str *)link; + if (vdInstance->vd == vd) { + inVD = PR_TRUE; + break; + } + link = PR_NEXT_LINK(link); + } + return inVD; +} + +NSS_IMPLEMENT void +nssPKIObject_SetVolatileDomain ( nssPKIObject *object, - PRStatus *statusOpt + NSSVolatileDomain *vd ) { - if (statusOpt) { - *statusOpt = PR_SUCCESS; + struct volatile_domain_instance_str *vdInstance; + + PZ_Lock(object->lock); + if (!object_is_in_vd(object, vd)) { + /* XXX in arena? */ + vdInstance = nss_ZNEW(object->arena, + struct volatile_domain_instance_str); + if (vdInstance) { + PR_INIT_CLIST(&vdInstance->link); + vdInstance->vd = vd; /* no addref */ + PR_INSERT_BEFORE(&object->vds, &vdInstance->link); + } } - return nssVolatileDomain_AddRef(object->vd); + PZ_Unlock(object->lock); + /* XXX probably should return error */ +} + +NSS_IMPLEMENT PRBool +nssPKIObject_IsInVolatileDomain ( + nssPKIObject *object, + NSSVolatileDomain *vd +) +{ + PRBool inVD; + PZ_Lock(object->lock); + inVD = object_is_in_vd(object, vd); + PZ_Unlock(object->lock); + return inVD; } -NSS_IMPLEMENT NSSToken * -nssPKIObject_GetWriteToken ( + +NSS_IMPLEMENT NSSVolatileDomain ** +nssPKIObject_GetVolatileDomains ( nssPKIObject *object, - nssSession **rvSessionOpt + NSSVolatileDomain **vdsOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt, + PRStatus *statusOpt ) { + PRCList *link; PRUint32 i; - NSSToken *token = NULL; - nssCryptokiObject *instance; - *rvSessionOpt = NULL; + struct volatile_domain_instance_str *vdInstance; + if (statusOpt) *statusOpt = PR_SUCCESS; + if (!vdsOpt) { + if (maximumOpt > 0) { + i = maximumOpt; + } else { + PZ_Lock(object->lock); + /* count the number of VD instances */ + for (link = PR_NEXT_LINK(&object->vds), i=0; + link != &object->vds; + link = PR_NEXT_LINK(link), i++); + PZ_Unlock(object->lock); + maximumOpt = i; + } + if (i == 0) { + return (NSSVolatileDomain **)NULL; + } + vdsOpt = nss_ZNEWARRAY(arenaOpt, NSSVolatileDomain *, i + 1); + if (!vdsOpt) { + if (statusOpt) *statusOpt = PR_FAILURE; + return (NSSVolatileDomain **)NULL; + } + } + i = 0; PZ_Lock(object->lock); - for (i=0; i<object->numInstances; i++) { - instance = object->instances[i]; - if (!nssToken_IsReadOnly(instance->token)) { - token = nssToken_AddRef(instance->token); - if (rvSessionOpt && nssSession_IsReadWrite(instance->session)) - { - *rvSessionOpt = nssSession_AddRef(instance->session); - } + link = PR_NEXT_LINK(&object->vds); + while (link != &object->vds) { + vdInstance = (struct volatile_domain_instance_str *)link; + vdsOpt[i++] = nssVolatileDomain_AddRef(vdInstance->vd); + if (i == maximumOpt) break; - } + link = PR_NEXT_LINK(link); } PZ_Unlock(object->lock); - if (token && rvSessionOpt && !*rvSessionOpt) { - *rvSessionOpt = nssToken_CreateSession(token, PR_TRUE); - if (!*rvSessionOpt) { - nssToken_Destroy(token); - token = NULL; - } - } - return token; + vdsOpt[i] = NULL; + return vdsOpt; } NSS_IMPLEMENT NSSCert ** diff --git a/security/nss/lib/pki/pkim.h b/security/nss/lib/pki/pkim.h index f3047db8d..1dd1dc1b1 100644 --- a/security/nss/lib/pki/pkim.h +++ b/security/nss/lib/pki/pkim.h @@ -209,16 +209,25 @@ nssPKIObject_GetTrustDomain ( PRStatus *statusOpt ); -NSS_EXTERN NSSVolatileDomain * -nssPKIObject_GetVolatileDomain ( +NSS_EXTERN void +nssPKIObject_SetVolatileDomain ( nssPKIObject *object, - PRStatus *statusOpt + NSSVolatileDomain *vd ); -NSS_EXTERN NSSToken * -nssPKIObject_GetWriteToken ( +NSS_EXTERN PRBool +nssPKIObject_IsInVolatileDomain ( + nssPKIObject *object, + NSSVolatileDomain *vd +); + +NSS_EXTERN NSSVolatileDomain ** +nssPKIObject_GetVolatileDomains ( nssPKIObject *object, - nssSession **rvSessionOpt + NSSVolatileDomain **vdsOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt, + PRStatus *statusOpt ); NSS_EXTERN nssCryptokiObject ** diff --git a/security/nss/lib/pki/pkitm.h b/security/nss/lib/pki/pkitm.h index 4c44c5f84..6606be06f 100644 --- a/security/nss/lib/pki/pkitm.h +++ b/security/nss/lib/pki/pkitm.h @@ -87,8 +87,8 @@ struct nssPKIObjectStr PRUint32 numInstances; /* The object must live in a trust domain */ NSSTrustDomain *td; - /* The object may live in a volatile domain */ - NSSVolatileDomain *vd; + /* The object may live in multiple volatile domains (or none at all) */ + PRCList vds; /* The "meta"-name of the object (token instance labels may differ) */ NSSUTF8 *nickname; /* The following data index the UID for the object. The UID is used diff --git a/security/nss/lib/pki/symkey.c b/security/nss/lib/pki/symkey.c index cb67a6c2e..9974876fa 100644 --- a/security/nss/lib/pki/symkey.c +++ b/security/nss/lib/pki/symkey.c @@ -283,7 +283,7 @@ nssSymKey_SetVolatileDomain ( NSSVolatileDomain *vd ) { - mk->object.vd = vd; /* volatile domain holds ref */ + nssPKIObject_SetVolatileDomain(&mk->object, vd); } NSS_IMPLEMENT NSSTrustDomain * @@ -304,13 +304,17 @@ NSSSymKey_GetTrustDomain ( return nssSymKey_GetTrustDomain(mk, statusOpt); } -NSS_IMPLEMENT NSSVolatileDomain * -nssSymKey_GetVolatileDomain ( +NSS_IMPLEMENT NSSVolatileDomain ** +nssSymKey_GetVolatileDomains ( NSSSymKey *mk, + NSSVolatileDomain **vdsOpt, + PRUint32 maximumOpt, + NSSArena *arenaOpt, PRStatus *statusOpt ) { - return nssPKIObject_GetVolatileDomain(&mk->object, statusOpt); + return nssPKIObject_GetVolatileDomains(&mk->object, vdsOpt, + maximumOpt, arenaOpt, statusOpt); } NSS_IMPLEMENT NSSToken * @@ -678,10 +682,15 @@ nssSymKey_DeriveSSLSessionKeys ( nssCryptokiObject *mso; /* only one instance of master secret */ nssCryptokiObject *skeys[4]; NSSTrustDomain *td = masterSecret->object.td; - NSSVolatileDomain *vd = masterSecret->object.vd; + NSSVolatileDomain *vd; PRStatus status; PRIntn i; + nssSymKey_GetVolatileDomains(masterSecret, &vd, 1, NULL, &status); + if (status == PR_FAILURE) { + return PR_FAILURE; + } + mso = masterSecret->object.instances[0]; status = nssToken_DeriveSSLSessionKeys(mso->token, mso->session, ap, mso, keySize, keyType, diff --git a/security/nss/lib/pki/volatiledomain.c b/security/nss/lib/pki/volatiledomain.c index f07a52688..a58aebc8f 100644 --- a/security/nss/lib/pki/volatiledomain.c +++ b/security/nss/lib/pki/volatiledomain.c @@ -225,6 +225,10 @@ nssVolatileDomain_ImportCert ( ) { PZ_Lock(vd->objectLock); + if (nssPKIObject_IsInVolatileDomain(c, vd)) { + PZ_Unlock(vd->objectLock); + return PR_SUCCESS; + } if (vd->certs.count == vd->certs.size) { if (vd->certs.size == 0) { /* need to alloc new array */ |