mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-14 11:40:13 +01:00
112 lines
2.9 KiB
C
112 lines
2.9 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
/*
|
|
* Internal PKCS #11 functions. Should only be called by pkcs11.c
|
|
*/
|
|
#include "pkcs11.h"
|
|
#include "lgdb.h"
|
|
#include "pcert.h"
|
|
#include "lowkeyi.h"
|
|
|
|
/*
|
|
* remove an object.
|
|
*/
|
|
CK_RV
|
|
lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)
|
|
{
|
|
CK_RV crv = CKR_OK;
|
|
SECStatus rv;
|
|
NSSLOWCERTCertificate *cert;
|
|
NSSLOWCERTCertTrust tmptrust;
|
|
PRBool isKrl;
|
|
NSSLOWKEYDBHandle *keyHandle;
|
|
NSSLOWCERTCertDBHandle *certHandle;
|
|
const SECItem *dbKey;
|
|
|
|
object_id &= ~LG_TOKEN_MASK;
|
|
dbKey = lg_lookupTokenKeyByHandle(sdb,object_id);
|
|
if (dbKey == NULL) {
|
|
return CKR_OBJECT_HANDLE_INVALID;
|
|
}
|
|
|
|
/* remove the objects from the real data base */
|
|
switch (object_id & LG_TOKEN_TYPE_MASK) {
|
|
case LG_TOKEN_TYPE_PRIV:
|
|
case LG_TOKEN_TYPE_KEY:
|
|
/* KEYID is the public KEY for DSA and DH, and the MODULUS for
|
|
* RSA */
|
|
keyHandle = lg_getKeyDB(sdb);
|
|
if (!keyHandle) {
|
|
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
break;
|
|
}
|
|
rv = nsslowkey_DeleteKey(keyHandle, dbKey);
|
|
if (rv != SECSuccess) {
|
|
crv = CKR_DEVICE_ERROR;
|
|
}
|
|
break;
|
|
case LG_TOKEN_TYPE_PUB:
|
|
break; /* public keys only exist at the behest of the priv key */
|
|
case LG_TOKEN_TYPE_CERT:
|
|
certHandle = lg_getCertDB(sdb);
|
|
if (!certHandle) {
|
|
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
break;
|
|
}
|
|
cert = nsslowcert_FindCertByKey(certHandle,dbKey);
|
|
if (cert == NULL) {
|
|
crv = CKR_DEVICE_ERROR;
|
|
break;
|
|
}
|
|
rv = nsslowcert_DeletePermCertificate(cert);
|
|
if (rv != SECSuccess) {
|
|
crv = CKR_DEVICE_ERROR;
|
|
}
|
|
nsslowcert_DestroyCertificate(cert);
|
|
break;
|
|
case LG_TOKEN_TYPE_CRL:
|
|
certHandle = lg_getCertDB(sdb);
|
|
if (!certHandle) {
|
|
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
break;
|
|
}
|
|
isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE);
|
|
rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl);
|
|
if (rv == SECFailure) crv = CKR_DEVICE_ERROR;
|
|
break;
|
|
case LG_TOKEN_TYPE_TRUST:
|
|
certHandle = lg_getCertDB(sdb);
|
|
if (!certHandle) {
|
|
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
break;
|
|
}
|
|
cert = nsslowcert_FindCertByKey(certHandle, dbKey);
|
|
if (cert == NULL) {
|
|
crv = CKR_DEVICE_ERROR;
|
|
break;
|
|
}
|
|
tmptrust = *cert->trust;
|
|
tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust);
|
|
if (rv != SECSuccess) crv = CKR_DEVICE_ERROR;
|
|
nsslowcert_DestroyCertificate(cert);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
lg_DBLock(sdb);
|
|
lg_deleteTokenKeyByHandle(sdb,object_id);
|
|
lg_DBUnlock(sdb);
|
|
|
|
return crv;
|
|
}
|
|
|
|
|
|
|