andre@3: /* This Source Code Form is subject to the terms of the Mozilla Public andre@3: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@3: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@3: /* andre@3: * Internal PKCS #11 functions. Should only be called by pkcs11.c andre@3: */ andre@3: #include "pkcs11.h" andre@3: #include "lgdb.h" andre@3: #include "pcert.h" andre@3: #include "lowkeyi.h" andre@3: andre@3: /* andre@3: * remove an object. andre@3: */ andre@3: CK_RV andre@3: lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id) andre@3: { andre@3: CK_RV crv = CKR_OK; andre@3: SECStatus rv; andre@3: NSSLOWCERTCertificate *cert; andre@3: NSSLOWCERTCertTrust tmptrust; andre@3: PRBool isKrl; andre@3: NSSLOWKEYDBHandle *keyHandle; andre@3: NSSLOWCERTCertDBHandle *certHandle; andre@3: const SECItem *dbKey; andre@3: andre@3: object_id &= ~LG_TOKEN_MASK; andre@3: dbKey = lg_lookupTokenKeyByHandle(sdb,object_id); andre@3: if (dbKey == NULL) { andre@3: return CKR_OBJECT_HANDLE_INVALID; andre@3: } andre@3: andre@3: /* remove the objects from the real data base */ andre@3: switch (object_id & LG_TOKEN_TYPE_MASK) { andre@3: case LG_TOKEN_TYPE_PRIV: andre@3: case LG_TOKEN_TYPE_KEY: andre@3: /* KEYID is the public KEY for DSA and DH, and the MODULUS for andre@3: * RSA */ andre@3: keyHandle = lg_getKeyDB(sdb); andre@3: if (!keyHandle) { andre@3: crv = CKR_TOKEN_WRITE_PROTECTED; andre@3: break; andre@3: } andre@3: rv = nsslowkey_DeleteKey(keyHandle, dbKey); andre@3: if (rv != SECSuccess) { andre@3: crv = CKR_DEVICE_ERROR; andre@3: } andre@3: break; andre@3: case LG_TOKEN_TYPE_PUB: andre@3: break; /* public keys only exist at the behest of the priv key */ andre@3: case LG_TOKEN_TYPE_CERT: andre@3: certHandle = lg_getCertDB(sdb); andre@3: if (!certHandle) { andre@3: crv = CKR_TOKEN_WRITE_PROTECTED; andre@3: break; andre@3: } andre@3: cert = nsslowcert_FindCertByKey(certHandle,dbKey); andre@3: if (cert == NULL) { andre@3: crv = CKR_DEVICE_ERROR; andre@3: break; andre@3: } andre@3: rv = nsslowcert_DeletePermCertificate(cert); andre@3: if (rv != SECSuccess) { andre@3: crv = CKR_DEVICE_ERROR; andre@3: } andre@3: nsslowcert_DestroyCertificate(cert); andre@3: break; andre@3: case LG_TOKEN_TYPE_CRL: andre@3: certHandle = lg_getCertDB(sdb); andre@3: if (!certHandle) { andre@3: crv = CKR_TOKEN_WRITE_PROTECTED; andre@3: break; andre@3: } andre@3: isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE); andre@3: rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl); andre@3: if (rv == SECFailure) crv = CKR_DEVICE_ERROR; andre@3: break; andre@3: case LG_TOKEN_TYPE_TRUST: andre@3: certHandle = lg_getCertDB(sdb); andre@3: if (!certHandle) { andre@3: crv = CKR_TOKEN_WRITE_PROTECTED; andre@3: break; andre@3: } andre@3: cert = nsslowcert_FindCertByKey(certHandle, dbKey); andre@3: if (cert == NULL) { andre@3: crv = CKR_DEVICE_ERROR; andre@3: break; andre@3: } andre@3: tmptrust = *cert->trust; andre@3: tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS; andre@3: tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS; andre@3: tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS; andre@3: tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN; andre@3: tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN; andre@3: tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN; andre@3: rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust); andre@3: if (rv != SECSuccess) crv = CKR_DEVICE_ERROR; andre@3: nsslowcert_DestroyCertificate(cert); andre@3: break; andre@3: default: andre@3: break; andre@3: } andre@3: lg_DBLock(sdb); andre@3: lg_deleteTokenKeyByHandle(sdb,object_id); andre@3: lg_DBUnlock(sdb); andre@3: andre@3: return crv; andre@3: } andre@3: andre@3: andre@3: