Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea

Differential Revision: https://phabricator.services.mozilla.com/D139547
author: John M. Schanck <jschanck@mozilla.com> 2022-03-23 17:51:52 +0000
committer: John M. Schanck <jschanck@mozilla.com> 2022-03-23 17:51:52 +0000
commit: a02dc073b60adaf989c3c970b7282bfeb3933812 (patch)
tree: f2a2a1e19ae25177426dfd08c07e714b6d4318e3 /lib/dev/devslot.c
parent: a2685543cb64ad535bf46f3fcffe8c939f38599c (diff)
download: nss-hg-a02dc073b60adaf989c3c970b7282bfeb3933812.tar.gz
1 files changed, 40 insertions, 33 deletions
diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c
index 5021408bf..ccd90ac97 100644
--- a/lib/dev/devslot.c
+++ b/lib/dev/devslot.c
@@ -12,7 +12,9 @@
 #include "ckhelper.h"
 #endif /* CKHELPER_H */
 
-#include "pk11pub.h"
+#include "pkim.h"
+#include "dev3hack.h"
+#include "pk11func.h"
 
 /* measured in seconds */
 #define NSSSLOT_TOKEN_DELAY_TIME 1
@@ -79,13 +81,6 @@ nssSlot_GetName(
     return slot->base.name;
 }
 
-NSS_IMPLEMENT NSSUTF8 *
-nssSlot_GetTokenName(
-    NSSSlot *slot)
-{
-    return nssToken_GetName(slot->token);
-}
-
 NSS_IMPLEMENT void
 nssSlot_ResetDelay(
     NSSSlot *slot)
@@ -123,11 +118,13 @@ nssSlot_IsTokenPresent(
 {
     CK_RV ckrv;
     PRStatus nssrv;
+    NSSToken *nssToken = NULL;
     /* XXX */
     nssSession *session;
     CK_SLOT_INFO slotInfo;
     void *epv;
     PRBool isPresent = PR_FALSE;
+    PRBool doUpdateCachedCerts = PR_FALSE;
 
     /* permanent slots are always present unless they're disabled */
     if (nssSlot_IsPermanent(slot)) {
@@ -169,23 +166,24 @@ nssSlot_IsTokenPresent(
 
     PZ_Unlock(slot->isPresentLock);
 
+    nssToken = PK11Slot_GetNSSToken(slot->pk11slot);
+    if (!nssToken) {
+        isPresent = PR_FALSE;
+        goto done;
+    }
+
     nssSlot_EnterMonitor(slot);
     ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
     nssSlot_ExitMonitor(slot);
     if (ckrv != CKR_OK) {
-        slot->token->base.name[0] = 0; /* XXX */
+        nssToken->base.name[0] = 0; /* XXX */
         isPresent = PR_FALSE;
         goto done;
     }
     slot->ckFlags = slotInfo.flags;
     /* check for the presence of the token */
     if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
-        if (!slot->token) {
-            /* token was never present */
-            isPresent = PR_FALSE;
-            goto done;
-        }
-        session = nssToken_GetDefaultSession(slot->token);
+        session = nssToken_GetDefaultSession(nssToken);
         if (session) {
             nssSession_EnterMonitor(session);
             /* token is not present */
@@ -197,21 +195,21 @@ nssSlot_IsTokenPresent(
             }
             nssSession_ExitMonitor(session);
         }
-        if (slot->token->base.name[0] != 0) {
+        if (nssToken->base.name[0] != 0) {
             /* notify the high-level cache that the token is removed */
-            slot->token->base.name[0] = 0; /* XXX */
-            nssToken_NotifyCertsNotVisible(slot->token);
+            nssToken->base.name[0] = 0; /* XXX */
+            nssToken_NotifyCertsNotVisible(nssToken);
         }
-        slot->token->base.name[0] = 0; /* XXX */
+        nssToken->base.name[0] = 0; /* XXX */
         /* clear the token cache */
-        nssToken_Remove(slot->token);
+        nssToken_Remove(nssToken);
         isPresent = PR_FALSE;
         goto done;
     }
     /* token is present, use the session info to determine if the card
      * has been removed and reinserted.
      */
-    session = nssToken_GetDefaultSession(slot->token);
+    session = nssToken_GetDefaultSession(nssToken);
     if (session) {
         PRBool tokenRemoved;
         nssSession_EnterMonitor(session);
@@ -237,17 +235,31 @@ nssSlot_IsTokenPresent(
      * a token it doesn't recognize. invalidate all the old
      * information we had on this token, if we can't refresh, clear
      * the present flag */
-    nssToken_NotifyCertsNotVisible(slot->token);
-    nssToken_Remove(slot->token);
-    /* token has been removed, need to refresh with new session */
-    nssrv = nssSlot_Refresh(slot);
-    isPresent = PR_TRUE;
+    nssToken_NotifyCertsNotVisible(nssToken);
+    nssToken_Remove(nssToken);
+    if (nssToken->base.name[0] == 0) {
+        doUpdateCachedCerts = PR_TRUE;
+    }
+    if (PK11_InitToken(slot->pk11slot, PR_FALSE) != SECSuccess) {
+        isPresent = PR_FALSE;
+        goto done;
+    }
+    if (doUpdateCachedCerts) {
+        nssTrustDomain_UpdateCachedTokenCerts(nssToken->trustDomain,
+                                              nssToken);
+    }
+    nssrv = nssToken_Refresh(nssToken);
     if (nssrv != PR_SUCCESS) {
-        slot->token->base.name[0] = 0; /* XXX */
+        nssToken->base.name[0] = 0; /* XXX */
         slot->ckFlags &= ~CKF_TOKEN_PRESENT;
         isPresent = PR_FALSE;
+        goto done;
     }
+    isPresent = PR_TRUE;
 done:
+    if (nssToken) {
+        (void)nssToken_Destroy(nssToken);
+    }
     /* Once we've set up the condition variable,
      * Before returning, it's necessary to:
      *  1) Set the lastTokenPingTime so that any other threads waiting on this
@@ -283,12 +295,7 @@ nssSlot_GetToken(
     NSSToken *rvToken = NULL;
 
     if (nssSlot_IsTokenPresent(slot)) {
-        /* Even if a token should be present, check `slot->token` too as it
-         * might be gone already. This would happen mostly on shutdown. */
-        nssSlot_EnterMonitor(slot);
-        if (slot->token)
-            rvToken = nssToken_AddRef(slot->token);
-        nssSlot_ExitMonitor(slot);
+        rvToken = PK11Slot_GetNSSToken(slot->pk11slot);
     }
 
     return rvToken;
author	John M. Schanck <jschanck@mozilla.com>	2022-03-23 17:51:52 +0000
committer	John M. Schanck <jschanck@mozilla.com>	2022-03-23 17:51:52 +0000
commit	a02dc073b60adaf989c3c970b7282bfeb3933812 (patch)
tree	f2a2a1e19ae25177426dfd08c07e714b6d4318e3 /lib/dev/devslot.c
parent	a2685543cb64ad535bf46f3fcffe8c939f38599c (diff)
download	nss-hg-a02dc073b60adaf989c3c970b7282bfeb3933812.tar.gz