diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2002-04-15 15:22:11 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-04-15 15:22:11 +0000 |
commit | 46632f2256d6e706f8c3403a5e37a90216266bd9 (patch) | |
tree | 424bf6579cec5cd2e22141327851d693f1a20ccb /security/nss/lib/dev | |
parent | 2bab8ee7cbd377ea5fcef1da434e8424fe475c6e (diff) | |
download | nss-hg-46632f2256d6e706f8c3403a5e37a90216266bd9.tar.gz |
bug 135521, change cert lookups on tokens to be actual finds instead of traversals
Diffstat (limited to 'security/nss/lib/dev')
-rw-r--r-- | security/nss/lib/dev/ckhelper.c | 12 | ||||
-rw-r--r-- | security/nss/lib/dev/ckhelper.h | 8 | ||||
-rw-r--r-- | security/nss/lib/dev/dev.h | 116 | ||||
-rw-r--r-- | security/nss/lib/dev/devt.h | 5 | ||||
-rw-r--r-- | security/nss/lib/dev/devtoken.c | 136 | ||||
-rw-r--r-- | security/nss/lib/dev/devutil.c | 4 | ||||
-rw-r--r-- | security/nss/lib/dev/manifest.mn | 1 |
7 files changed, 158 insertions, 124 deletions
diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c index 6092128c6..c07afd649 100644 --- a/security/nss/lib/dev/ckhelper.c +++ b/security/nss/lib/dev/ckhelper.c @@ -287,7 +287,6 @@ nssCKObject_IsTokenObjectTemplate return PR_FALSE; } -#ifdef PURE_STAN_BUILD static NSSCertificateType nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib) { @@ -358,10 +357,14 @@ nssCryptokiCertificate_GetAttributes return PR_SUCCESS; } +#ifdef PURE_STAN_BUILD status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt, certObject, CKO_CERTIFICATE, cert_template, template_size); if (status != PR_SUCCESS) { +#else + if (PR_TRUE) { +#endif session = sessionOpt ? sessionOpt : @@ -402,6 +405,7 @@ nssCryptokiCertificate_GetAttributes return PR_SUCCESS; } +#ifdef PURE_STAN_BUILD static NSSKeyPairType nss_key_pair_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib) { @@ -523,6 +527,7 @@ nssCryptokiPublicKey_GetAttributes } return PR_SUCCESS; } +#endif /* PURE_STAN_BUILD */ static nssTrustLevel get_nss_trust @@ -572,11 +577,15 @@ nssCryptokiTrust_GetAttributes NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size); +#ifdef PURE_STAN_BUILD status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL, trustObject, CKO_NETSCAPE_TRUST, trust_template, trust_size); if (status != PR_SUCCESS) { +#else + if (PR_TRUE) { +#endif session = sessionOpt ? sessionOpt : nssToken_GetDefaultSession(trustObject->token); @@ -598,6 +607,7 @@ nssCryptokiTrust_GetAttributes return PR_SUCCESS; } +#ifdef PURE_STAN_BUILD NSS_IMPLEMENT PRStatus nssCryptokiCRL_GetAttributes ( diff --git a/security/nss/lib/dev/ckhelper.h b/security/nss/lib/dev/ckhelper.h index f09088041..fc64ea9b7 100644 --- a/security/nss/lib/dev/ckhelper.h +++ b/security/nss/lib/dev/ckhelper.h @@ -86,6 +86,12 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey; (pattr)->ulValueLen = (CK_ULONG)sizeof(var); \ (pattr)++; +#define NSS_CK_SET_ATTRIBUTE_NULL(pattr, kind) \ + (pattr)->type = kind; \ + (pattr)->pValue = (CK_VOID_PTR)NULL; \ + (pattr)->ulValueLen = 0; \ + (pattr)++; + #define NSS_CK_TEMPLATE_FINISH(_template, attr, size) \ size = (attr) - (_template); \ PR_ASSERT(size <= sizeof(_template)/sizeof(_template[0])); @@ -127,7 +133,7 @@ nssCKObject_GetAttributes CK_ULONG count, NSSArena *arenaOpt, nssSession *session, - NSSSlot *slot + NSSSlot *slot ); /* Get a single attribute as an item. */ diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h index ccce63c8a..2e7bc4cdd 100644 --- a/security/nss/lib/dev/dev.h +++ b/security/nss/lib/dev/dev.h @@ -421,7 +421,6 @@ nssToken_NeedsPINInitialization NSSToken *token ); -#ifdef PURE_STAN_BUILD NSS_EXTERN nssCryptokiObject * nssToken_ImportCertificate ( @@ -603,8 +602,6 @@ nssToken_FindPublicKeyByID NSSItem *keyID ); -#endif /* PURE_STAN_BUILD */ - NSS_EXTERN NSSItem * nssToken_Digest ( @@ -903,26 +900,18 @@ nssSlotList_GetBestSlotForAlgorithmsAndParameters NSSAlgorithmAndParameters **ap ); -#ifndef PURE_STAN_BUILD -/* XXX the following remain while merging new work */ +#ifdef NSS_3_4_CODE -NSS_EXTERN PRStatus -nssToken_ImportCertificate +NSS_EXTERN PRBool +nssToken_IsPresent ( - NSSToken *tok, - nssSession *sessionOpt, - NSSCertificate *cert, - NSSUTF8 *nickname, - PRBool asTokenObject + NSSToken *token ); - -NSS_EXTERN PRStatus -nssToken_ImportTrust + +NSS_EXTERN nssSession * +nssToken_GetDefaultSession ( - NSSToken *tok, - nssSession *sessionOpt, - NSSTrust *trust, - PRBool asTokenObject + NSSToken *token ); NSS_EXTERN PRStatus @@ -949,96 +938,13 @@ nssToken_SetHasCrls NSSToken *tok ); -/* Permanently remove an object from the token. */ -NSS_EXTERN PRStatus -nssToken_DeleteStoredObject -( - nssCryptokiInstance *instance -); - -NSS_EXTERN NSSTrust * -nssToken_FindTrustForCert -( - NSSToken *token, - nssSession *sessionOpt, - NSSCertificate *c, - nssTokenSearchType searchType -); - -NSS_EXTERN PRStatus -nssToken_TraverseCertificates -( - NSSToken *tok, - nssSession *sessionOpt, - nssTokenCertSearch *search -); - -NSS_EXTERN PRStatus -nssToken_TraverseCertificatesBySubject -( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *subject, - nssTokenCertSearch *search -); - -NSS_EXTERN PRStatus -nssToken_TraverseCertificatesByNickname -( - NSSToken *token, - nssSession *sessionOpt, - NSSUTF8 *name, - nssTokenCertSearch *search -); - NSS_EXTERN PRStatus -nssToken_TraverseCertificatesByEmail +nssToken_GetTrustOrder ( - NSSToken *token, - nssSession *sessionOpt, - NSSASCII7 *email, - nssTokenCertSearch *search -); - -NSS_EXTERN NSSCertificate * -nssToken_FindCertificateByIssuerAndSerialNumber -( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *issuer, - NSSDER *serial, - nssTokenSearchType searchType -); - -NSS_EXTERN NSSCertificate * -nssToken_FindCertificateByEncodedCertificate -( - NSSToken *token, - nssSession *sessionOpt, - NSSBER *encodedCertificate, - nssTokenSearchType searchType -); - -NSS_EXTERN NSSTrust * -nssToken_FindTrustForCert -( - NSSToken *token, - nssSession *session, - NSSCertificate *c, - nssTokenSearchType searchType -); - -/* exposing this for the smart card cache code */ -NSS_EXTERN nssCryptokiInstance * -nssCryptokiInstance_Create -( - NSSArena *arena, - NSSToken *t, - CK_OBJECT_HANDLE h, - PRBool isTokenObject + NSSToken *tok ); -#endif /* !PURE_STAN_BUILD */ +#endif PR_END_EXTERN_C diff --git a/security/nss/lib/dev/devt.h b/security/nss/lib/dev/devt.h index b712f644e..4d7b2feaf 100644 --- a/security/nss/lib/dev/devt.h +++ b/security/nss/lib/dev/devt.h @@ -144,7 +144,7 @@ typedef enum { NSSCertificateType_PKIX = 1 } NSSCertificateType; -#ifdef NSS_3_4_CODE +#ifdef nodef /* the current definition of NSSTrust depends on this value being CK_ULONG */ typedef CK_ULONG nssTrustLevel; #else @@ -175,7 +175,8 @@ typedef struct nssTokenCertSearchStr nssTokenCertSearch; typedef enum { nssTokenSearchType_AllObjects = 0, nssTokenSearchType_SessionOnly = 1, - nssTokenSearchType_TokenOnly = 2 + nssTokenSearchType_TokenOnly = 2, + nssTokenSearchType_TokenForced = 3 } nssTokenSearchType; struct nssTokenCertSearchStr diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index 5da32851f..52c3b9c4c 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -48,6 +48,8 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #endif /* CKHELPER_H */ #ifdef NSS_3_4_CODE +#include "pk11func.h" +#include "dev3hack.h" #endif /* The number of object handles to grab during each call to C_FindObjects */ @@ -254,7 +256,6 @@ nssToken_NeedsPINInitialization return (!(token->ckFlags & CKF_USER_PIN_INITIALIZED)); } -#ifdef PURE_STAN_BUILD NSS_IMPLEMENT PRStatus nssToken_DeleteStoredObject ( @@ -267,9 +268,11 @@ nssToken_DeleteStoredObject NSSToken *token = instance->token; nssSession *session = NULL; void *epv = nssToken_GetCryptokiEPV(instance->token); +#ifdef PURE_STAN_BUILD if (token->cache) { status = nssTokenObjectCache_RemoveObject(token->cache, instance); } +#endif if (instance->isTokenObject) { if (nssSession_IsReadWrite(token->defaultSession)) { session = token->defaultSession; @@ -304,6 +307,7 @@ import_object { nssSession *session = NULL; PRBool createdSession = PR_FALSE; + nssCryptokiObject *object = NULL; CK_OBJECT_HANDLE handle; CK_RV ckrv; void *epv = nssToken_GetCryptokiEPV(tok); @@ -331,13 +335,13 @@ import_object objectTemplate, otsize, &handle); nssSession_ExitMonitor(session); + if (ckrv == CKR_OK) { + object = nssCryptokiObject_Create(tok, session, handle); + } if (createdSession) { nssSession_Destroy(session); } - if (ckrv != CKR_OK) { - return CK_INVALID_HANDLE; - } - return nssCryptokiObject_Create(tok, session, handle); + return object; } static nssCryptokiObject ** @@ -421,8 +425,11 @@ find_objects } /* bump the number of found objects */ numHandles += count; - if (maximumOpt == 0 || numHandles < arraySize) { - /* either reached maximum, or no more objects to get */ + if (maximumOpt > 0 || numHandles < arraySize) { + /* When a maximum is provided, the search is done all at once, + * so the search is finished. If the number returned was less + * than the number sought, the search is finished. + */ break; } /* the array is filled, double it and continue */ @@ -469,6 +476,7 @@ find_objects_by_template CK_OBJECT_CLASS objclass; nssCryptokiObject **objects = NULL; PRUint32 i; +#ifdef PURE_STAN_BUILD for (i=0; i<otsize; i++) { if (obj_template[i].type == CKA_CLASS) { objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue; @@ -487,6 +495,7 @@ find_objects_by_template maximumOpt); if (statusOpt) *statusOpt = PR_SUCCESS; } +#endif /* PURE_STAN_BUILD */ /* Either they are not cached, or cache failed; look on token. */ if (!objects) { objects = find_objects(token, sessionOpt, @@ -538,11 +547,13 @@ nssToken_ImportCertificate NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); /* Import the certificate onto the token */ rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize); +#ifdef PURE_STAN_BUILD if (rvObject && tok->cache) { nssTokenObjectCache_ImportObject(tok->cache, rvObject, CKO_CERTIFICATE, cert_tmpl, ctsize); } +#endif return rvObject; } @@ -909,7 +920,12 @@ static void sha1_hash(NSSItem *input, NSSItem *output) { NSSAlgorithmAndParameters *ap; +#ifdef NSS_3_4_CODE + PK11SlotInfo *internal = PK11_GetInternalSlot(); + NSSToken *token = PK11Slot_GetNSSToken(internal); +#else NSSToken *token = nss_GetDefaultCryptoToken(); +#endif ap = NSSAlgorithmAndParameters_CreateSHA1Digest(NULL); (void)nssToken_Digest(token, NULL, ap, input, output, NULL); #ifdef NSS_3_4_CODE @@ -922,7 +938,12 @@ static void md5_hash(NSSItem *input, NSSItem *output) { NSSAlgorithmAndParameters *ap; +#ifdef NSS_3_4_CODE + PK11SlotInfo *internal = PK11_GetInternalSlot(); + NSSToken *token = PK11Slot_GetNSSToken(internal); +#else NSSToken *token = nss_GetDefaultCryptoToken(); +#endif ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL); (void)nssToken_Digest(token, NULL, ap, input, output, NULL); #ifdef NSS_3_4_CODE @@ -1001,16 +1022,13 @@ nssToken_ImportTrust NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize); /* import the trust object onto the token */ object = import_object(tok, sessionOpt, trust_tmpl, tsize); +#ifdef PURE_STAN_BUILD if (object && tok->cache) { nssTokenObjectCache_ImportObject(tok->cache, object, CKO_CERTIFICATE, trust_tmpl, tsize); } - /* XXX - if (object) { - tok->hasNoTrust = PR_FALSE; - } - */ +#endif return object; } @@ -1144,11 +1162,13 @@ nssToken_ImportCRL /* import the crl object onto the token */ object = import_object(token, sessionOpt, crl_tmpl, crlsize); +#ifdef PURE_STAN_BUILD if (object && token->cache) { nssTokenObjectCache_ImportObject(token->cache, object, CKO_CERTIFICATE, crl_tmpl, crlsize); } +#endif return object; } @@ -1191,6 +1211,7 @@ nssToken_FindCRLs return objects; } +#ifdef PURE_STAN_BUILD NSS_IMPLEMENT PRStatus nssToken_GetCachedObjectAttributes ( @@ -1209,7 +1230,7 @@ nssToken_GetCachedObjectAttributes object, objclass, atemplate, atlen); } -#endif /* PURE_STAN_BUILD */ +#endif NSS_IMPLEMENT NSSItem * nssToken_Digest @@ -1370,3 +1391,92 @@ nssToken_FinishDigest return rvItem; } +#ifdef NSS_3_4_CODE + +NSS_IMPLEMENT PRStatus +nssToken_SetTrustCache +( + NSSToken *token +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[2]; + CK_ULONG tobj_size; + nssCryptokiObject **objects; + nssSession *session = token->defaultSession; + + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + + objects = find_objects_by_template(token, session, + tobj_template, tobj_size, 1, NULL); + token->hasNoTrust = PR_FALSE; + if (objects) { + nssCryptokiObjectArray_Destroy(objects); + } else { + token->hasNoTrust = PR_TRUE; + } + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetCrlCache +( + NSSToken *token +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_CRL; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[2]; + CK_ULONG tobj_size; + nssCryptokiObject **objects; + nssSession *session = token->defaultSession; + + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + + objects = find_objects_by_template(token, session, + tobj_template, tobj_size, 1, NULL); + token->hasNoCrls = PR_TRUE; + if (objects) { + nssCryptokiObjectArray_Destroy(objects); + } else { + token->hasNoCrls = PR_TRUE; + } + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRBool +nssToken_HasCrls +( + NSSToken *tok +) +{ + return !tok->hasNoCrls; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetHasCrls +( + NSSToken *tok +) +{ + tok->hasNoCrls = PR_FALSE; + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRBool +nssToken_IsPresent +( + NSSToken *token +) +{ + return nssSlot_IsTokenPresent(token->slot); +} +#endif + diff --git a/security/nss/lib/dev/devutil.c b/security/nss/lib/dev/devutil.c index 955b79b28..083c898ab 100644 --- a/security/nss/lib/dev/devutil.c +++ b/security/nss/lib/dev/devutil.c @@ -43,7 +43,6 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #include "ckhelper.h" #endif /* CKHELPER_H */ -#ifdef PURE_STAN_BUILD NSS_IMPLEMENT nssCryptokiObject * nssCryptokiObject_Create ( @@ -161,6 +160,7 @@ nssSlotArray_Clone return rvSlots; } +#ifdef PURE_STAN_BUILD NSS_IMPLEMENT void nssModuleArray_Destroy ( @@ -175,6 +175,7 @@ nssModuleArray_Destroy nss_ZFreeIf(modules); } } +#endif NSS_IMPLEMENT void nssSlotArray_Destroy @@ -239,6 +240,7 @@ nssCryptokiObjectArray_Destroy } } +#ifdef PURE_STAN_BUILD /* * Slot lists */ diff --git a/security/nss/lib/dev/manifest.mn b/security/nss/lib/dev/manifest.mn index 7f7ac0101..df0151ef2 100644 --- a/security/nss/lib/dev/manifest.mn +++ b/security/nss/lib/dev/manifest.mn @@ -50,7 +50,6 @@ MODULE = security CSRCS = \ devmod.c \ devslot.c \ - devobject.c \ devtoken.c \ devutil.c \ ckhelper.c \ |