Mercurial > trustbridge > nss-cmake-static
annotate nss/lib/softoken/legacydb/lgdestroy.c @ 3:150b72113545
Add DBM and legacydb support
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 05 Aug 2014 18:32:02 +0200 |
| parents | |
| children |
| rev | line source |
|---|---|
|
3
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 /* This Source Code Form is subject to the terms of the Mozilla Public |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 /* |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 * Internal PKCS #11 functions. Should only be called by pkcs11.c |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 */ |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 #include "pkcs11.h" |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 #include "lgdb.h" |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 #include "pcert.h" |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 #include "lowkeyi.h" |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 /* |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 * remove an object. |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 */ |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 CK_RV |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id) |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 CK_RV crv = CKR_OK; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 SECStatus rv; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 NSSLOWCERTCertificate *cert; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 NSSLOWCERTCertTrust tmptrust; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 PRBool isKrl; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 NSSLOWKEYDBHandle *keyHandle; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 NSSLOWCERTCertDBHandle *certHandle; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 const SECItem *dbKey; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 object_id &= ~LG_TOKEN_MASK; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 dbKey = lg_lookupTokenKeyByHandle(sdb,object_id); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 if (dbKey == NULL) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 return CKR_OBJECT_HANDLE_INVALID; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 /* remove the objects from the real data base */ |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 switch (object_id & LG_TOKEN_TYPE_MASK) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 case LG_TOKEN_TYPE_PRIV: |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 case LG_TOKEN_TYPE_KEY: |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 /* KEYID is the public KEY for DSA and DH, and the MODULUS for |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 * RSA */ |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 keyHandle = lg_getKeyDB(sdb); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 if (!keyHandle) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 crv = CKR_TOKEN_WRITE_PROTECTED; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 rv = nsslowkey_DeleteKey(keyHandle, dbKey); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 if (rv != SECSuccess) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 crv = CKR_DEVICE_ERROR; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 case LG_TOKEN_TYPE_PUB: |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 break; /* public keys only exist at the behest of the priv key */ |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 case LG_TOKEN_TYPE_CERT: |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
52 certHandle = lg_getCertDB(sdb); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 if (!certHandle) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 crv = CKR_TOKEN_WRITE_PROTECTED; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 cert = nsslowcert_FindCertByKey(certHandle,dbKey); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 if (cert == NULL) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 crv = CKR_DEVICE_ERROR; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 rv = nsslowcert_DeletePermCertificate(cert); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 if (rv != SECSuccess) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 crv = CKR_DEVICE_ERROR; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 nsslowcert_DestroyCertificate(cert); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 case LG_TOKEN_TYPE_CRL: |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 certHandle = lg_getCertDB(sdb); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 if (!certHandle) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 crv = CKR_TOKEN_WRITE_PROTECTED; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 if (rv == SECFailure) crv = CKR_DEVICE_ERROR; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 case LG_TOKEN_TYPE_TRUST: |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 certHandle = lg_getCertDB(sdb); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 if (!certHandle) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 crv = CKR_TOKEN_WRITE_PROTECTED; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
83 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
84 cert = nsslowcert_FindCertByKey(certHandle, dbKey); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
85 if (cert == NULL) { |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
86 crv = CKR_DEVICE_ERROR; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
87 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
88 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
89 tmptrust = *cert->trust; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
90 tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
91 tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
92 tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
93 tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
94 tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
95 tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
96 rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
97 if (rv != SECSuccess) crv = CKR_DEVICE_ERROR; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
98 nsslowcert_DestroyCertificate(cert); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
99 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
100 default: |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
101 break; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
102 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
103 lg_DBLock(sdb); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 lg_deleteTokenKeyByHandle(sdb,object_id); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 lg_DBUnlock(sdb); |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
106 |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
107 return crv; |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
108 } |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
109 |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
110 |
|
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
111 |