mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-10 18:00:15 +01:00
98d377b37b
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
306 lines
7.2 KiB
C
306 lines
7.2 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef PKIT_H
|
|
#include "pkit.h"
|
|
#endif /* PKIT_H */
|
|
|
|
#ifndef DEVM_H
|
|
#include "devm.h"
|
|
#endif /* DEVM_H */
|
|
|
|
#include "pki3hack.h"
|
|
#include "dev3hack.h"
|
|
#include "pkim.h"
|
|
|
|
#ifndef BASE_H
|
|
#include "base.h"
|
|
#endif /* BASE_H */
|
|
|
|
#include "pk11func.h"
|
|
#include "secmodti.h"
|
|
#include "secerr.h"
|
|
|
|
NSS_IMPLEMENT nssSession *
|
|
nssSession_ImportNSS3Session(NSSArena *arenaOpt,
|
|
CK_SESSION_HANDLE session,
|
|
PZLock *lock, PRBool rw)
|
|
{
|
|
nssSession *rvSession = NULL;
|
|
if (session != CK_INVALID_SESSION) {
|
|
rvSession = nss_ZNEW(arenaOpt, nssSession);
|
|
if (rvSession) {
|
|
rvSession->handle = session;
|
|
rvSession->lock = lock;
|
|
rvSession->ownLock = PR_FALSE;
|
|
rvSession->isRW = rw;
|
|
}
|
|
}
|
|
return rvSession;
|
|
}
|
|
|
|
NSS_IMPLEMENT nssSession *
|
|
nssSlot_CreateSession
|
|
(
|
|
NSSSlot *slot,
|
|
NSSArena *arenaOpt,
|
|
PRBool readWrite
|
|
)
|
|
{
|
|
nssSession *rvSession;
|
|
|
|
if (!readWrite) {
|
|
/* nss3hack version only returns rw swssions */
|
|
return NULL;
|
|
}
|
|
rvSession = nss_ZNEW(arenaOpt, nssSession);
|
|
if (!rvSession) {
|
|
return (nssSession *)NULL;
|
|
}
|
|
|
|
rvSession->handle = PK11_GetRWSession(slot->pk11slot);
|
|
if (rvSession->handle == CK_INVALID_HANDLE) {
|
|
nss_ZFreeIf(rvSession);
|
|
return NULL;
|
|
}
|
|
rvSession->isRW = PR_TRUE;
|
|
rvSession->slot = slot;
|
|
/*
|
|
* The session doesn't need its own lock. Here's why.
|
|
* 1. If we are reusing the default RW session of the slot,
|
|
* the slot lock is already locked to protect the session.
|
|
* 2. If the module is not thread safe, the slot (or rather
|
|
* module) lock is already locked.
|
|
* 3. If the module is thread safe and we are using a new
|
|
* session, no higher-level lock has been locked and we
|
|
* would need a lock for the new session. However, the
|
|
* current usage of the session is that it is always
|
|
* used and destroyed within the same function and never
|
|
* shared with another thread.
|
|
* So the session is either already protected by another
|
|
* lock or only used by one thread.
|
|
*/
|
|
rvSession->lock = NULL;
|
|
rvSession->ownLock = PR_FALSE;
|
|
return rvSession;
|
|
}
|
|
|
|
NSS_IMPLEMENT PRStatus
|
|
nssSession_Destroy
|
|
(
|
|
nssSession *s
|
|
)
|
|
{
|
|
PRStatus rv = PR_SUCCESS;
|
|
if (s) {
|
|
if (s->isRW) {
|
|
PK11_RestoreROSession(s->slot->pk11slot, s->handle);
|
|
}
|
|
rv = nss_ZFreeIf(s);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
static NSSSlot *
|
|
nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
|
|
{
|
|
NSSSlot *rvSlot;
|
|
NSSArena *arena;
|
|
arena = nssArena_Create();
|
|
if (!arena) {
|
|
return NULL;
|
|
}
|
|
rvSlot = nss_ZNEW(arena, NSSSlot);
|
|
if (!rvSlot) {
|
|
nssArena_Destroy(arena);
|
|
return NULL;
|
|
}
|
|
rvSlot->base.refCount = 1;
|
|
rvSlot->base.lock = PZ_NewLock(nssILockOther);
|
|
rvSlot->base.arena = arena;
|
|
rvSlot->pk11slot = nss3slot;
|
|
rvSlot->epv = nss3slot->functionList;
|
|
rvSlot->slotID = nss3slot->slotID;
|
|
/* Grab the slot name from the PKCS#11 fixed-length buffer */
|
|
rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name,td->arena);
|
|
rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
|
|
return rvSlot;
|
|
}
|
|
|
|
NSSToken *
|
|
nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
|
|
{
|
|
NSSToken *rvToken;
|
|
NSSArena *arena;
|
|
|
|
/* Don't create a token object for a disabled slot */
|
|
if (nss3slot->disabled) {
|
|
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
|
return NULL;
|
|
}
|
|
arena = nssArena_Create();
|
|
if (!arena) {
|
|
return NULL;
|
|
}
|
|
rvToken = nss_ZNEW(arena, NSSToken);
|
|
if (!rvToken) {
|
|
nssArena_Destroy(arena);
|
|
return NULL;
|
|
}
|
|
rvToken->base.refCount = 1;
|
|
rvToken->base.lock = PZ_NewLock(nssILockOther);
|
|
if (!rvToken->base.lock) {
|
|
nssArena_Destroy(arena);
|
|
return NULL;
|
|
}
|
|
rvToken->base.arena = arena;
|
|
rvToken->pk11slot = nss3slot;
|
|
rvToken->epv = nss3slot->functionList;
|
|
rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
|
|
nss3slot->session,
|
|
nss3slot->sessionLock,
|
|
nss3slot->defRWSession);
|
|
#if 0 /* we should do this instead of blindly continuing. */
|
|
if (!rvToken->defaultSession) {
|
|
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
|
goto loser;
|
|
}
|
|
#endif
|
|
if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
|
|
rvToken->cache = nssTokenObjectCache_Create(rvToken,
|
|
PR_TRUE, PR_TRUE, PR_TRUE);
|
|
if (!rvToken->cache)
|
|
goto loser;
|
|
}
|
|
rvToken->trustDomain = td;
|
|
/* Grab the token name from the PKCS#11 fixed-length buffer */
|
|
rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name,td->arena);
|
|
rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
|
|
if (!rvToken->slot) {
|
|
goto loser;
|
|
}
|
|
rvToken->slot->token = rvToken;
|
|
if (rvToken->defaultSession)
|
|
rvToken->defaultSession->slot = rvToken->slot;
|
|
return rvToken;
|
|
loser:
|
|
PZ_DestroyLock(rvToken->base.lock);
|
|
nssArena_Destroy(arena);
|
|
return NULL;
|
|
}
|
|
|
|
NSS_IMPLEMENT void
|
|
nssToken_UpdateName(NSSToken *token)
|
|
{
|
|
if (!token) {
|
|
return;
|
|
}
|
|
token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name,token->base.arena);
|
|
}
|
|
|
|
NSS_IMPLEMENT PRBool
|
|
nssSlot_IsPermanent
|
|
(
|
|
NSSSlot *slot
|
|
)
|
|
{
|
|
return slot->pk11slot->isPerm;
|
|
}
|
|
|
|
NSS_IMPLEMENT PRBool
|
|
nssSlot_IsFriendly
|
|
(
|
|
NSSSlot *slot
|
|
)
|
|
{
|
|
return PK11_IsFriendly(slot->pk11slot);
|
|
}
|
|
|
|
NSS_IMPLEMENT PRStatus
|
|
nssToken_Refresh(NSSToken *token)
|
|
{
|
|
PK11SlotInfo *nss3slot;
|
|
|
|
if (!token) {
|
|
return PR_SUCCESS;
|
|
}
|
|
nss3slot = token->pk11slot;
|
|
token->defaultSession =
|
|
nssSession_ImportNSS3Session(token->slot->base.arena,
|
|
nss3slot->session,
|
|
nss3slot->sessionLock,
|
|
nss3slot->defRWSession);
|
|
return token->defaultSession ? PR_SUCCESS : PR_FAILURE;
|
|
}
|
|
|
|
NSS_IMPLEMENT PRStatus
|
|
nssSlot_Refresh
|
|
(
|
|
NSSSlot *slot
|
|
)
|
|
{
|
|
PK11SlotInfo *nss3slot = slot->pk11slot;
|
|
PRBool doit = PR_FALSE;
|
|
if (slot->token && slot->token->base.name[0] == 0) {
|
|
doit = PR_TRUE;
|
|
}
|
|
if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
|
|
return PR_FAILURE;
|
|
}
|
|
if (doit) {
|
|
nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain,
|
|
slot->token);
|
|
}
|
|
return nssToken_Refresh(slot->token);
|
|
}
|
|
|
|
NSS_IMPLEMENT PRStatus
|
|
nssToken_GetTrustOrder
|
|
(
|
|
NSSToken *tok
|
|
)
|
|
{
|
|
PK11SlotInfo *slot;
|
|
SECMODModule *module;
|
|
slot = tok->pk11slot;
|
|
module = PK11_GetModule(slot);
|
|
return module->trustOrder;
|
|
}
|
|
|
|
NSS_IMPLEMENT PRBool
|
|
nssSlot_IsLoggedIn
|
|
(
|
|
NSSSlot *slot
|
|
)
|
|
{
|
|
if (!slot->pk11slot->needLogin) {
|
|
return PR_TRUE;
|
|
}
|
|
return PK11_IsLoggedIn(slot->pk11slot, NULL);
|
|
}
|
|
|
|
|
|
NSSTrustDomain *
|
|
nssToken_GetTrustDomain(NSSToken *token)
|
|
{
|
|
return token->trustDomain;
|
|
}
|
|
|
|
NSS_EXTERN PRStatus
|
|
nssTrustDomain_RemoveTokenCertsFromCache
|
|
(
|
|
NSSTrustDomain *td,
|
|
NSSToken *token
|
|
);
|
|
|
|
NSS_IMPLEMENT PRStatus
|
|
nssToken_NotifyCertsNotVisible
|
|
(
|
|
NSSToken *tok
|
|
)
|
|
{
|
|
return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
|
|
}
|
|
|