Mercurial > trustbridge > nss-cmake-static
view nss/lib/softoken/legacydb/lgdestroy.c @ 4:b513267f632f tip
Build DBM module
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 05 Aug 2014 18:58:03 +0200 |
parents | 150b72113545 |
children |
line wrap: on
line source
/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * Internal PKCS #11 functions. Should only be called by pkcs11.c */ #include "pkcs11.h" #include "lgdb.h" #include "pcert.h" #include "lowkeyi.h" /* * remove an object. */ CK_RV lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id) { CK_RV crv = CKR_OK; SECStatus rv; NSSLOWCERTCertificate *cert; NSSLOWCERTCertTrust tmptrust; PRBool isKrl; NSSLOWKEYDBHandle *keyHandle; NSSLOWCERTCertDBHandle *certHandle; const SECItem *dbKey; object_id &= ~LG_TOKEN_MASK; dbKey = lg_lookupTokenKeyByHandle(sdb,object_id); if (dbKey == NULL) { return CKR_OBJECT_HANDLE_INVALID; } /* remove the objects from the real data base */ switch (object_id & LG_TOKEN_TYPE_MASK) { case LG_TOKEN_TYPE_PRIV: case LG_TOKEN_TYPE_KEY: /* KEYID is the public KEY for DSA and DH, and the MODULUS for * RSA */ keyHandle = lg_getKeyDB(sdb); if (!keyHandle) { crv = CKR_TOKEN_WRITE_PROTECTED; break; } rv = nsslowkey_DeleteKey(keyHandle, dbKey); if (rv != SECSuccess) { crv = CKR_DEVICE_ERROR; } break; case LG_TOKEN_TYPE_PUB: break; /* public keys only exist at the behest of the priv key */ case LG_TOKEN_TYPE_CERT: certHandle = lg_getCertDB(sdb); if (!certHandle) { crv = CKR_TOKEN_WRITE_PROTECTED; break; } cert = nsslowcert_FindCertByKey(certHandle,dbKey); if (cert == NULL) { crv = CKR_DEVICE_ERROR; break; } rv = nsslowcert_DeletePermCertificate(cert); if (rv != SECSuccess) { crv = CKR_DEVICE_ERROR; } nsslowcert_DestroyCertificate(cert); break; case LG_TOKEN_TYPE_CRL: certHandle = lg_getCertDB(sdb); if (!certHandle) { crv = CKR_TOKEN_WRITE_PROTECTED; break; } isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE); rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl); if (rv == SECFailure) crv = CKR_DEVICE_ERROR; break; case LG_TOKEN_TYPE_TRUST: certHandle = lg_getCertDB(sdb); if (!certHandle) { crv = CKR_TOKEN_WRITE_PROTECTED; break; } cert = nsslowcert_FindCertByKey(certHandle, dbKey); if (cert == NULL) { crv = CKR_DEVICE_ERROR; break; } tmptrust = *cert->trust; tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS; tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS; tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS; tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN; tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN; tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN; rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust); if (rv != SECSuccess) crv = CKR_DEVICE_ERROR; nsslowcert_DestroyCertificate(cert); break; default: break; } lg_DBLock(sdb); lg_deleteTokenKeyByHandle(sdb,object_id); lg_DBUnlock(sdb); return crv; }