Mercurial > trustbridge > nss-cmake-static
comparison nss/lib/pk11wrap/dev3hack.c @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 28 Jul 2014 10:47:06 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e5118fa0cb1 |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 #ifndef PKIT_H | |
| 6 #include "pkit.h" | |
| 7 #endif /* PKIT_H */ | |
| 8 | |
| 9 #ifndef DEVM_H | |
| 10 #include "devm.h" | |
| 11 #endif /* DEVM_H */ | |
| 12 | |
| 13 #include "pki3hack.h" | |
| 14 #include "dev3hack.h" | |
| 15 #include "pkim.h" | |
| 16 | |
| 17 #ifndef BASE_H | |
| 18 #include "base.h" | |
| 19 #endif /* BASE_H */ | |
| 20 | |
| 21 #include "pk11func.h" | |
| 22 #include "secmodti.h" | |
| 23 #include "secerr.h" | |
| 24 | |
| 25 NSS_IMPLEMENT nssSession * | |
| 26 nssSession_ImportNSS3Session(NSSArena *arenaOpt, | |
| 27 CK_SESSION_HANDLE session, | |
| 28 PZLock *lock, PRBool rw) | |
| 29 { | |
| 30 nssSession *rvSession = NULL; | |
| 31 if (session != CK_INVALID_SESSION) { | |
| 32 rvSession = nss_ZNEW(arenaOpt, nssSession); | |
| 33 if (rvSession) { | |
| 34 rvSession->handle = session; | |
| 35 rvSession->lock = lock; | |
| 36 rvSession->ownLock = PR_FALSE; | |
| 37 rvSession->isRW = rw; | |
| 38 } | |
| 39 } | |
| 40 return rvSession; | |
| 41 } | |
| 42 | |
| 43 NSS_IMPLEMENT nssSession * | |
| 44 nssSlot_CreateSession | |
| 45 ( | |
| 46 NSSSlot *slot, | |
| 47 NSSArena *arenaOpt, | |
| 48 PRBool readWrite | |
| 49 ) | |
| 50 { | |
| 51 nssSession *rvSession; | |
| 52 | |
| 53 if (!readWrite) { | |
| 54 /* nss3hack version only returns rw swssions */ | |
| 55 return NULL; | |
| 56 } | |
| 57 rvSession = nss_ZNEW(arenaOpt, nssSession); | |
| 58 if (!rvSession) { | |
| 59 return (nssSession *)NULL; | |
| 60 } | |
| 61 | |
| 62 rvSession->handle = PK11_GetRWSession(slot->pk11slot); | |
| 63 if (rvSession->handle == CK_INVALID_HANDLE) { | |
| 64 nss_ZFreeIf(rvSession); | |
| 65 return NULL; | |
| 66 } | |
| 67 rvSession->isRW = PR_TRUE; | |
| 68 rvSession->slot = slot; | |
| 69 /* | |
| 70 * The session doesn't need its own lock. Here's why. | |
| 71 * 1. If we are reusing the default RW session of the slot, | |
| 72 * the slot lock is already locked to protect the session. | |
| 73 * 2. If the module is not thread safe, the slot (or rather | |
| 74 * module) lock is already locked. | |
| 75 * 3. If the module is thread safe and we are using a new | |
| 76 * session, no higher-level lock has been locked and we | |
| 77 * would need a lock for the new session. However, the | |
| 78 * current usage of the session is that it is always | |
| 79 * used and destroyed within the same function and never | |
| 80 * shared with another thread. | |
| 81 * So the session is either already protected by another | |
| 82 * lock or only used by one thread. | |
| 83 */ | |
| 84 rvSession->lock = NULL; | |
| 85 rvSession->ownLock = PR_FALSE; | |
| 86 return rvSession; | |
| 87 } | |
| 88 | |
| 89 NSS_IMPLEMENT PRStatus | |
| 90 nssSession_Destroy | |
| 91 ( | |
| 92 nssSession *s | |
| 93 ) | |
| 94 { | |
| 95 CK_RV ckrv = CKR_OK; | |
| 96 if (s) { | |
| 97 if (s->isRW) { | |
| 98 PK11_RestoreROSession(s->slot->pk11slot, s->handle); | |
| 99 } | |
| 100 nss_ZFreeIf(s); | |
| 101 } | |
| 102 return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE; | |
| 103 } | |
| 104 | |
| 105 static NSSSlot * | |
| 106 nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot) | |
| 107 { | |
| 108 NSSSlot *rvSlot; | |
| 109 NSSArena *arena; | |
| 110 arena = nssArena_Create(); | |
| 111 if (!arena) { | |
| 112 return NULL; | |
| 113 } | |
| 114 rvSlot = nss_ZNEW(arena, NSSSlot); | |
| 115 if (!rvSlot) { | |
| 116 nssArena_Destroy(arena); | |
| 117 return NULL; | |
| 118 } | |
| 119 rvSlot->base.refCount = 1; | |
| 120 rvSlot->base.lock = PZ_NewLock(nssILockOther); | |
| 121 rvSlot->base.arena = arena; | |
| 122 rvSlot->pk11slot = nss3slot; | |
| 123 rvSlot->epv = nss3slot->functionList; | |
| 124 rvSlot->slotID = nss3slot->slotID; | |
| 125 /* Grab the slot name from the PKCS#11 fixed-length buffer */ | |
| 126 rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name,td->arena); | |
| 127 rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock; | |
| 128 return rvSlot; | |
| 129 } | |
| 130 | |
| 131 NSSToken * | |
| 132 nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot) | |
| 133 { | |
| 134 NSSToken *rvToken; | |
| 135 NSSArena *arena; | |
| 136 | |
| 137 /* Don't create a token object for a disabled slot */ | |
| 138 if (nss3slot->disabled) { | |
| 139 PORT_SetError(SEC_ERROR_NO_TOKEN); | |
| 140 return NULL; | |
| 141 } | |
| 142 arena = nssArena_Create(); | |
| 143 if (!arena) { | |
| 144 return NULL; | |
| 145 } | |
| 146 rvToken = nss_ZNEW(arena, NSSToken); | |
| 147 if (!rvToken) { | |
| 148 nssArena_Destroy(arena); | |
| 149 return NULL; | |
| 150 } | |
| 151 rvToken->base.refCount = 1; | |
| 152 rvToken->base.lock = PZ_NewLock(nssILockOther); | |
| 153 if (!rvToken->base.lock) { | |
| 154 nssArena_Destroy(arena); | |
| 155 return NULL; | |
| 156 } | |
| 157 rvToken->base.arena = arena; | |
| 158 rvToken->pk11slot = nss3slot; | |
| 159 rvToken->epv = nss3slot->functionList; | |
| 160 rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena, | |
| 161 nss3slot->session, | |
| 162 nss3slot->sessionLock, | |
| 163 nss3slot->defRWSession); | |
| 164 #if 0 /* we should do this instead of blindly continuing. */ | |
| 165 if (!rvToken->defaultSession) { | |
| 166 PORT_SetError(SEC_ERROR_NO_TOKEN); | |
| 167 goto loser; | |
| 168 } | |
| 169 #endif | |
| 170 if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) { | |
| 171 rvToken->cache = nssTokenObjectCache_Create(rvToken, | |
| 172 PR_TRUE, PR_TRUE, PR_TRUE); | |
| 173 if (!rvToken->cache) | |
| 174 goto loser; | |
| 175 } | |
| 176 rvToken->trustDomain = td; | |
| 177 /* Grab the token name from the PKCS#11 fixed-length buffer */ | |
| 178 rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name,td->arena); | |
| 179 rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot); | |
| 180 if (!rvToken->slot) { | |
| 181 goto loser; | |
| 182 } | |
| 183 rvToken->slot->token = rvToken; | |
| 184 if (rvToken->defaultSession) | |
| 185 rvToken->defaultSession->slot = rvToken->slot; | |
| 186 return rvToken; | |
| 187 loser: | |
| 188 PZ_DestroyLock(rvToken->base.lock); | |
| 189 nssArena_Destroy(arena); | |
| 190 return NULL; | |
| 191 } | |
| 192 | |
| 193 NSS_IMPLEMENT void | |
| 194 nssToken_UpdateName(NSSToken *token) | |
| 195 { | |
| 196 if (!token) { | |
| 197 return; | |
| 198 } | |
| 199 token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name,token->base.arena); | |
| 200 } | |
| 201 | |
| 202 NSS_IMPLEMENT PRBool | |
| 203 nssSlot_IsPermanent | |
| 204 ( | |
| 205 NSSSlot *slot | |
| 206 ) | |
| 207 { | |
| 208 return slot->pk11slot->isPerm; | |
| 209 } | |
| 210 | |
| 211 NSS_IMPLEMENT PRBool | |
| 212 nssSlot_IsFriendly | |
| 213 ( | |
| 214 NSSSlot *slot | |
| 215 ) | |
| 216 { | |
| 217 return PK11_IsFriendly(slot->pk11slot); | |
| 218 } | |
| 219 | |
| 220 NSS_IMPLEMENT PRStatus | |
| 221 nssToken_Refresh(NSSToken *token) | |
| 222 { | |
| 223 PK11SlotInfo *nss3slot; | |
| 224 | |
| 225 if (!token) { | |
| 226 return PR_SUCCESS; | |
| 227 } | |
| 228 nss3slot = token->pk11slot; | |
| 229 token->defaultSession = | |
| 230 nssSession_ImportNSS3Session(token->slot->base.arena, | |
| 231 nss3slot->session, | |
| 232 nss3slot->sessionLock, | |
| 233 nss3slot->defRWSession); | |
| 234 return token->defaultSession ? PR_SUCCESS : PR_FAILURE; | |
| 235 } | |
| 236 | |
| 237 NSS_IMPLEMENT PRStatus | |
| 238 nssSlot_Refresh | |
| 239 ( | |
| 240 NSSSlot *slot | |
| 241 ) | |
| 242 { | |
| 243 PK11SlotInfo *nss3slot = slot->pk11slot; | |
| 244 PRBool doit = PR_FALSE; | |
| 245 if (slot->token && slot->token->base.name[0] == 0) { | |
| 246 doit = PR_TRUE; | |
| 247 } | |
| 248 if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) { | |
| 249 return PR_FAILURE; | |
| 250 } | |
| 251 if (doit) { | |
| 252 nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain, | |
| 253 slot->token); | |
| 254 } | |
| 255 return nssToken_Refresh(slot->token); | |
| 256 } | |
| 257 | |
| 258 NSS_IMPLEMENT PRStatus | |
| 259 nssToken_GetTrustOrder | |
| 260 ( | |
| 261 NSSToken *tok | |
| 262 ) | |
| 263 { | |
| 264 PK11SlotInfo *slot; | |
| 265 SECMODModule *module; | |
| 266 slot = tok->pk11slot; | |
| 267 module = PK11_GetModule(slot); | |
| 268 return module->trustOrder; | |
| 269 } | |
| 270 | |
| 271 NSS_IMPLEMENT PRBool | |
| 272 nssSlot_IsLoggedIn | |
| 273 ( | |
| 274 NSSSlot *slot | |
| 275 ) | |
| 276 { | |
| 277 if (!slot->pk11slot->needLogin) { | |
| 278 return PR_TRUE; | |
| 279 } | |
| 280 return PK11_IsLoggedIn(slot->pk11slot, NULL); | |
| 281 } | |
| 282 | |
| 283 | |
| 284 NSSTrustDomain * | |
| 285 nssToken_GetTrustDomain(NSSToken *token) | |
| 286 { | |
| 287 return token->trustDomain; | |
| 288 } | |
| 289 | |
| 290 NSS_EXTERN PRStatus | |
| 291 nssTrustDomain_RemoveTokenCertsFromCache | |
| 292 ( | |
| 293 NSSTrustDomain *td, | |
| 294 NSSToken *token | |
| 295 ); | |
| 296 | |
| 297 NSS_IMPLEMENT PRStatus | |
| 298 nssToken_NotifyCertsNotVisible | |
| 299 ( | |
| 300 NSSToken *tok | |
| 301 ) | |
| 302 { | |
| 303 return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok); | |
| 304 } | |
| 305 |