Back to index

lightning-sunbird  0.9+nobinonly
trustdomain.c
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifdef DEBUG
00038 static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.51.28.2 $ $Date: 2006/08/23 01:36:31 $";
00039 #endif /* DEBUG */
00040 
00041 #ifndef DEV_H
00042 #include "dev.h"
00043 #endif /* DEV_H */
00044 
00045 #ifndef PKIM_H
00046 #include "pkim.h"
00047 #endif /* PKIM_H */
00048 
00049 #ifndef PKI1T_H
00050 #include "pki1t.h"
00051 #endif /* PKI1T_H */
00052 
00053 #ifdef NSS_3_4_CODE
00054 #include "cert.h"
00055 #include "pki3hack.h"
00056 #endif
00057 
00058 #include "nssrwlk.h"
00059 
00060 #define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
00061 
00062 #ifdef PURE_STAN_BUILD
00063 struct NSSTrustDomainStr {
00064     PRInt32 refCount;
00065     NSSArena *arena;
00066     NSSCallback *defaultCallback;
00067     struct {
00068        nssSlotList *forCerts;
00069        nssSlotList *forCiphers;
00070        nssSlotList *forTrust;
00071     } slots;
00072     nssCertificateCache *cache;
00073 };
00074 #endif
00075 
00076 extern const NSSError NSS_ERROR_NOT_FOUND;
00077 
00078 typedef PRUint32 nssUpdateLevel;
00079 
00080 NSS_IMPLEMENT NSSTrustDomain *
00081 NSSTrustDomain_Create (
00082   NSSUTF8 *moduleOpt,
00083   NSSUTF8 *uriOpt,
00084   NSSUTF8 *opaqueOpt,
00085   void *reserved
00086 )
00087 {
00088     NSSArena *arena;
00089     NSSTrustDomain *rvTD;
00090     arena = NSSArena_Create();
00091     if(!arena) {
00092        return (NSSTrustDomain *)NULL;
00093     }
00094     rvTD = nss_ZNEW(arena, NSSTrustDomain);
00095     if (!rvTD) {
00096        goto loser;
00097     }
00098     /* protect the token list and the token iterator */
00099     rvTD->tokensLock = NSSRWLock_New(100, "tokens");
00100     if (!rvTD->tokensLock) {
00101        goto loser;
00102     }
00103     nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
00104     rvTD->arena = arena;
00105     rvTD->refCount = 1;
00106 #ifdef NSS_3_4_CODE
00107     rvTD->statusConfig = NULL;
00108 #endif
00109     return rvTD;
00110 loser:
00111     if (rvTD && rvTD->tokensLock) {
00112        NSSRWLock_Destroy(rvTD->tokensLock);
00113     }
00114     nssArena_Destroy(arena);
00115     return (NSSTrustDomain *)NULL;
00116 }
00117 
00118 static void
00119 token_destructor(void *t)
00120 {
00121     NSSToken *tok = (NSSToken *)t;
00122     /* in 3.4, also destroy the slot (managed separately) */
00123     (void)nssSlot_Destroy(tok->slot);
00124     nssToken_Destroy(tok);
00125 }
00126 
00127 NSS_IMPLEMENT PRStatus
00128 NSSTrustDomain_Destroy (
00129   NSSTrustDomain *td
00130 )
00131 {
00132     PRStatus status = PR_SUCCESS;
00133     if (--td->refCount == 0) {
00134        /* Destroy each token in the list of tokens */
00135        if (td->tokens) {
00136            nssListIterator_Destroy(td->tokens);
00137            td->tokens = NULL;
00138        }
00139        if (td->tokenList) {
00140            nssList_Clear(td->tokenList, token_destructor);
00141            nssList_Destroy(td->tokenList);
00142            td->tokenList = NULL;
00143        }
00144        NSSRWLock_Destroy(td->tokensLock);
00145        td->tokensLock = NULL;
00146        status = nssTrustDomain_DestroyCache(td);
00147        if (status == PR_FAILURE) {
00148            return status;
00149        }
00150        /* Destroy the trust domain */
00151        nssArena_Destroy(td->arena);
00152     }
00153     return status;
00154 }
00155 
00156 /* XXX uses tokens until slot list is in place */
00157 static NSSSlot **
00158 nssTrustDomain_GetActiveSlots (
00159   NSSTrustDomain *td,
00160   nssUpdateLevel *updateLevel
00161 )
00162 {
00163     PRUint32 count;
00164     NSSSlot **slots = NULL;
00165     NSSToken **tp, **tokens;
00166     *updateLevel = 1;
00167     NSSRWLock_LockRead(td->tokensLock);
00168     count = nssList_Count(td->tokenList);
00169     tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
00170     if (!tokens) {
00171        NSSRWLock_UnlockRead(td->tokensLock);
00172        return NULL;
00173     }
00174     slots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
00175     if (!slots) {
00176        NSSRWLock_UnlockRead(td->tokensLock);
00177        nss_ZFreeIf(tokens);
00178        return NULL;
00179     }
00180     nssList_GetArray(td->tokenList, (void **)tokens, count);
00181     NSSRWLock_UnlockRead(td->tokensLock);
00182     count = 0;
00183     for (tp = tokens; *tp; tp++) {
00184        slots[count++] = nssToken_GetSlot(*tp);
00185     }
00186     nss_ZFreeIf(tokens);
00187     return slots;
00188 }
00189 
00190 /* XXX */
00191 static nssSession *
00192 nssTrustDomain_GetSessionForToken (
00193   NSSTrustDomain *td,
00194   NSSToken *token
00195 )
00196 {
00197     return nssToken_GetDefaultSession(token);
00198 }
00199 
00200 NSS_IMPLEMENT PRStatus
00201 NSSTrustDomain_SetDefaultCallback (
00202   NSSTrustDomain *td,
00203   NSSCallback *newCallback,
00204   NSSCallback **oldCallbackOpt
00205 )
00206 {
00207     if (oldCallbackOpt) {
00208        *oldCallbackOpt = td->defaultCallback;
00209     }
00210     td->defaultCallback = newCallback;
00211     return PR_SUCCESS;
00212 }
00213 
00214 NSS_IMPLEMENT NSSCallback *
00215 nssTrustDomain_GetDefaultCallback (
00216   NSSTrustDomain *td,
00217   PRStatus *statusOpt
00218 )
00219 {
00220     if (statusOpt) {
00221        *statusOpt = PR_SUCCESS;
00222     }
00223     return td->defaultCallback;
00224 }
00225 
00226 NSS_IMPLEMENT NSSCallback *
00227 NSSTrustDomain_GetDefaultCallback (
00228   NSSTrustDomain *td,
00229   PRStatus *statusOpt
00230 )
00231 {
00232     return nssTrustDomain_GetDefaultCallback(td, statusOpt);
00233 }
00234 
00235 NSS_IMPLEMENT PRStatus
00236 NSSTrustDomain_LoadModule (
00237   NSSTrustDomain *td,
00238   NSSUTF8 *moduleOpt,
00239   NSSUTF8 *uriOpt,
00240   NSSUTF8 *opaqueOpt,
00241   void *reserved
00242 )
00243 {
00244     return PR_FAILURE;
00245 }
00246 
00247 NSS_IMPLEMENT PRStatus
00248 NSSTrustDomain_DisableToken (
00249   NSSTrustDomain *td,
00250   NSSToken *token,
00251   NSSError why
00252 )
00253 {
00254     nss_SetError(NSS_ERROR_NOT_FOUND);
00255     return PR_FAILURE;
00256 }
00257 
00258 NSS_IMPLEMENT PRStatus
00259 NSSTrustDomain_EnableToken (
00260   NSSTrustDomain *td,
00261   NSSToken *token
00262 )
00263 {
00264     nss_SetError(NSS_ERROR_NOT_FOUND);
00265     return PR_FAILURE;
00266 }
00267 
00268 NSS_IMPLEMENT PRStatus
00269 NSSTrustDomain_IsTokenEnabled (
00270   NSSTrustDomain *td,
00271   NSSToken *token,
00272   NSSError *whyOpt
00273 )
00274 {
00275     nss_SetError(NSS_ERROR_NOT_FOUND);
00276     return PR_FAILURE;
00277 }
00278 
00279 NSS_IMPLEMENT NSSSlot *
00280 NSSTrustDomain_FindSlotByName (
00281   NSSTrustDomain *td,
00282   NSSUTF8 *slotName
00283 )
00284 {
00285     nss_SetError(NSS_ERROR_NOT_FOUND);
00286     return NULL;
00287 }
00288 
00289 NSS_IMPLEMENT NSSToken *
00290 NSSTrustDomain_FindTokenByName (
00291   NSSTrustDomain *td,
00292   NSSUTF8 *tokenName
00293 )
00294 {
00295     PRStatus nssrv;
00296     NSSUTF8 *myName;
00297     NSSToken *tok = NULL;
00298     NSSRWLock_LockRead(td->tokensLock);
00299     for (tok  = (NSSToken *)nssListIterator_Start(td->tokens);
00300          tok != (NSSToken *)NULL;
00301          tok  = (NSSToken *)nssListIterator_Next(td->tokens))
00302     {
00303        if (nssToken_IsPresent(tok)) {
00304            myName = nssToken_GetName(tok);
00305            if (nssUTF8_Equal(tokenName, myName, &nssrv)) break;
00306        }
00307     }
00308     nssListIterator_Finish(td->tokens);
00309     NSSRWLock_UnlockRead(td->tokensLock);
00310     return tok;
00311 }
00312 
00313 NSS_IMPLEMENT NSSToken *
00314 NSSTrustDomain_FindTokenBySlotName (
00315   NSSTrustDomain *td,
00316   NSSUTF8 *slotName
00317 )
00318 {
00319     nss_SetError(NSS_ERROR_NOT_FOUND);
00320     return NULL;
00321 }
00322 
00323 NSS_IMPLEMENT NSSToken *
00324 NSSTrustDomain_FindTokenForAlgorithm (
00325   NSSTrustDomain *td,
00326   NSSOID *algorithm
00327 )
00328 {
00329     nss_SetError(NSS_ERROR_NOT_FOUND);
00330     return NULL;
00331 }
00332 
00333 NSS_IMPLEMENT NSSToken *
00334 NSSTrustDomain_FindBestTokenForAlgorithms (
00335   NSSTrustDomain *td,
00336   NSSOID *algorithms[], /* may be null-terminated */
00337   PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
00338 )
00339 {
00340     nss_SetError(NSS_ERROR_NOT_FOUND);
00341     return NULL;
00342 }
00343 
00344 NSS_IMPLEMENT PRStatus
00345 NSSTrustDomain_Login (
00346   NSSTrustDomain *td,
00347   NSSCallback *uhhOpt
00348 )
00349 {
00350     nss_SetError(NSS_ERROR_NOT_FOUND);
00351     return PR_FAILURE;
00352 }
00353 
00354 NSS_IMPLEMENT PRStatus
00355 NSSTrustDomain_Logout (
00356   NSSTrustDomain *td
00357 )
00358 {
00359     nss_SetError(NSS_ERROR_NOT_FOUND);
00360     return PR_FAILURE;
00361 }
00362 
00363 NSS_IMPLEMENT NSSCertificate *
00364 NSSTrustDomain_ImportCertificate (
00365   NSSTrustDomain *td,
00366   NSSCertificate *c
00367 )
00368 {
00369     nss_SetError(NSS_ERROR_NOT_FOUND);
00370     return NULL;
00371 }
00372 
00373 NSS_IMPLEMENT NSSCertificate *
00374 NSSTrustDomain_ImportPKIXCertificate (
00375   NSSTrustDomain *td,
00376   /* declared as a struct until these "data types" are defined */
00377   struct NSSPKIXCertificateStr *pc
00378 )
00379 {
00380     nss_SetError(NSS_ERROR_NOT_FOUND);
00381     return NULL;
00382 }
00383 
00384 NSS_IMPLEMENT NSSCertificate *
00385 NSSTrustDomain_ImportEncodedCertificate (
00386   NSSTrustDomain *td,
00387   NSSBER *ber
00388 )
00389 {
00390     nss_SetError(NSS_ERROR_NOT_FOUND);
00391     return NULL;
00392 }
00393 
00394 NSS_IMPLEMENT NSSCertificate **
00395 NSSTrustDomain_ImportEncodedCertificateChain (
00396   NSSTrustDomain *td,
00397   NSSBER *ber,
00398   NSSCertificate *rvOpt[],
00399   PRUint32 maximumOpt, /* 0 for no max */
00400   NSSArena *arenaOpt
00401 )
00402 {
00403     nss_SetError(NSS_ERROR_NOT_FOUND);
00404     return NULL;
00405 }
00406 
00407 NSS_IMPLEMENT NSSPrivateKey *
00408 NSSTrustDomain_ImportEncodedPrivateKey (
00409   NSSTrustDomain *td,
00410   NSSBER *ber,
00411   NSSItem *passwordOpt, /* NULL will cause a callback */
00412   NSSCallback *uhhOpt,
00413   NSSToken *destination
00414 )
00415 {
00416     nss_SetError(NSS_ERROR_NOT_FOUND);
00417     return NULL;
00418 }
00419 
00420 NSS_IMPLEMENT NSSPublicKey *
00421 NSSTrustDomain_ImportEncodedPublicKey (
00422   NSSTrustDomain *td,
00423   NSSBER *ber
00424 )
00425 {
00426     nss_SetError(NSS_ERROR_NOT_FOUND);
00427     return NULL;
00428 }
00429 
00430 static NSSCertificate **
00431 get_certs_from_list(nssList *list)
00432 {
00433     PRUint32 count = nssList_Count(list);
00434     NSSCertificate **certs = NULL;
00435     if (count > 0) {
00436        certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
00437        if (certs) {
00438            nssList_GetArray(list, (void **)certs, count);
00439        }
00440     }
00441     return certs;
00442 }
00443 
00444 NSS_IMPLEMENT NSSCertificate **
00445 nssTrustDomain_FindCertificatesByNickname (
00446   NSSTrustDomain *td,
00447   NSSUTF8 *name,
00448   NSSCertificate *rvOpt[],
00449   PRUint32 maximumOpt, /* 0 for no max */
00450   NSSArena *arenaOpt
00451 )
00452 {
00453     PRStatus status;
00454     PRUint32 numRemaining;
00455     NSSToken *token = NULL;
00456     NSSSlot **slots = NULL;
00457     NSSSlot **slotp;
00458     NSSCertificate **rvCerts = NULL;
00459     nssPKIObjectCollection *collection = NULL;
00460     nssUpdateLevel updateLevel;
00461     nssList *nameList;
00462     /* First, grab from the cache */
00463     nameList = nssList_Create(NULL, PR_FALSE);
00464     if (!nameList) {
00465        return NULL;
00466     }
00467     (void)nssTrustDomain_GetCertsForNicknameFromCache(td, name, nameList);
00468     rvCerts = get_certs_from_list(nameList);
00469     /* initialize the collection of token certificates with the set of
00470      * cached certs (if any).
00471      */
00472     collection = nssCertificateCollection_Create(td, rvCerts);
00473     nssCertificateArray_Destroy(rvCerts);
00474     nssList_Destroy(nameList);
00475     if (!collection) {
00476        return (NSSCertificate **)NULL;
00477     }
00478     /* obtain the current set of active slots in the trust domain */
00479     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
00480     if (!slots) {
00481        goto loser;
00482     }
00483     /* iterate over the slots */
00484     numRemaining = maximumOpt;
00485     for (slotp = slots; *slotp; slotp++) {
00486        token = nssSlot_GetToken(*slotp);
00487        if (token) {
00488            nssSession *session;
00489            nssCryptokiObject **instances;
00490            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
00491            session = nssTrustDomain_GetSessionForToken(td, token);
00492            if (!session) {
00493               nssToken_Destroy(token);
00494               goto loser;
00495            }
00496            instances = nssToken_FindCertificatesByNickname(token,
00497                                                            session,
00498                                                            name,
00499                                                            tokenOnly,
00500                                                            numRemaining,
00501                                                            &status);
00502            nssToken_Destroy(token);
00503            if (status != PR_SUCCESS) {
00504               goto loser;
00505            }
00506            if (instances) {
00507               status = nssPKIObjectCollection_AddInstances(collection, 
00508                                                            instances, 0);
00509               nss_ZFreeIf(instances);
00510               if (status != PR_SUCCESS) {
00511                   goto loser;
00512               }
00513               if (maximumOpt > 0) {
00514                    PRUint32 count;
00515                    count = nssPKIObjectCollection_Count(collection);
00516                   numRemaining = maximumOpt - count;
00517                   if (numRemaining == 0) break;
00518               }
00519            }
00520        }
00521     }
00522     /* Grab the certs collected in the search. */
00523     rvCerts = nssPKIObjectCollection_GetCertificates(collection,
00524                                                      rvOpt, maximumOpt,
00525                                                      arenaOpt);
00526     /* clean up */
00527     nssPKIObjectCollection_Destroy(collection);
00528     nssSlotArray_Destroy(slots);
00529     return rvCerts;
00530 loser:
00531     if (slots) {
00532        nssSlotArray_Destroy(slots);
00533     }
00534     if (collection) {
00535        nssPKIObjectCollection_Destroy(collection);
00536     }
00537     return (NSSCertificate **)NULL;
00538 }
00539 
00540 NSS_IMPLEMENT NSSCertificate **
00541 NSSTrustDomain_FindCertificatesByNickname (
00542   NSSTrustDomain *td,
00543   NSSUTF8 *name,
00544   NSSCertificate *rvOpt[],
00545   PRUint32 maximumOpt, /* 0 for no max */
00546   NSSArena *arenaOpt
00547 )
00548 {
00549     return nssTrustDomain_FindCertificatesByNickname(td,
00550                                                      name,
00551                                                      rvOpt,
00552                                                      maximumOpt,
00553                                                      arenaOpt);
00554 }
00555 
00556 NSS_IMPLEMENT NSSCertificate *
00557 nssTrustDomain_FindBestCertificateByNickname (
00558   NSSTrustDomain *td,
00559   NSSUTF8 *name,
00560   NSSTime *timeOpt,
00561   NSSUsage *usage,
00562   NSSPolicies *policiesOpt
00563 )
00564 {
00565     NSSCertificate **nicknameCerts;
00566     NSSCertificate *rvCert = NULL;
00567     nicknameCerts = nssTrustDomain_FindCertificatesByNickname(td, name,
00568                                                               NULL,
00569                                                               0,
00570                                                               NULL);
00571     if (nicknameCerts) {
00572        rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts,
00573                                                          timeOpt,
00574                                                          usage,
00575                                                          policiesOpt);
00576        nssCertificateArray_Destroy(nicknameCerts);
00577     }
00578     return rvCert;
00579 }
00580 
00581 NSS_IMPLEMENT NSSCertificate *
00582 NSSTrustDomain_FindBestCertificateByNickname (
00583   NSSTrustDomain *td,
00584   NSSUTF8 *name,
00585   NSSTime *timeOpt,
00586   NSSUsage *usage,
00587   NSSPolicies *policiesOpt
00588 )
00589 {
00590     return nssTrustDomain_FindBestCertificateByNickname(td,
00591                                                         name,
00592                                                         timeOpt,
00593                                                         usage,
00594                                                         policiesOpt);
00595 }
00596 
00597 NSS_IMPLEMENT NSSCertificate **
00598 nssTrustDomain_FindCertificatesBySubject (
00599   NSSTrustDomain *td,
00600   NSSDER *subject,
00601   NSSCertificate *rvOpt[],
00602   PRUint32 maximumOpt,
00603   NSSArena *arenaOpt
00604 )
00605 {
00606     PRStatus status;
00607     PRUint32 numRemaining;
00608     NSSToken *token = NULL;
00609     NSSSlot **slots = NULL;
00610     NSSSlot **slotp;
00611     NSSCertificate **rvCerts = NULL;
00612     nssPKIObjectCollection *collection = NULL;
00613     nssUpdateLevel updateLevel;
00614     nssList *subjectList;
00615     /* look in cache */
00616     subjectList = nssList_Create(NULL, PR_FALSE);
00617     if (!subjectList) {
00618        return NULL;
00619     }
00620     (void)nssTrustDomain_GetCertsForSubjectFromCache(td, subject, subjectList);
00621     rvCerts = get_certs_from_list(subjectList);
00622     collection = nssCertificateCollection_Create(td, rvCerts);
00623     nssCertificateArray_Destroy(rvCerts);
00624     nssList_Destroy(subjectList);
00625     if (!collection) {
00626        return (NSSCertificate **)NULL;
00627     }
00628     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
00629     if (!slots) {
00630        goto loser;
00631     }
00632     numRemaining = maximumOpt;
00633     for (slotp = slots; *slotp; slotp++) {
00634        token = nssSlot_GetToken(*slotp);
00635        if (token) {
00636            nssSession *session;
00637            nssCryptokiObject **instances;
00638            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
00639            session = nssTrustDomain_GetSessionForToken(td, token);
00640            if (!session) {
00641               nssToken_Destroy(token);
00642               goto loser;
00643            }
00644            instances = nssToken_FindCertificatesBySubject(token,
00645                                                           session,
00646                                                           subject,
00647                                                           tokenOnly,
00648                                                           numRemaining,
00649                                                           &status);
00650            nssToken_Destroy(token);
00651            if (status != PR_SUCCESS) {
00652               goto loser;
00653            }
00654            if (instances) {
00655               status = nssPKIObjectCollection_AddInstances(collection, 
00656                                                            instances, 0);
00657               nss_ZFreeIf(instances);
00658               if (status != PR_SUCCESS) {
00659                   goto loser;
00660               }
00661               if (maximumOpt > 0) {
00662                   PRUint32 count;
00663                   count = nssPKIObjectCollection_Count(collection);
00664                   numRemaining = maximumOpt - count;
00665                   if (numRemaining == 0) break;
00666               }
00667            }
00668        }
00669     }
00670     rvCerts = nssPKIObjectCollection_GetCertificates(collection,
00671                                                      rvOpt, maximumOpt,
00672                                                      arenaOpt);
00673     nssPKIObjectCollection_Destroy(collection);
00674     nssSlotArray_Destroy(slots);
00675     return rvCerts;
00676 loser:
00677     if (slots) {
00678        nssSlotArray_Destroy(slots);
00679     }
00680     if (collection) {
00681        nssPKIObjectCollection_Destroy(collection);
00682     }
00683     return (NSSCertificate **)NULL;
00684 }
00685 
00686 NSS_IMPLEMENT NSSCertificate **
00687 NSSTrustDomain_FindCertificatesBySubject (
00688   NSSTrustDomain *td,
00689   NSSDER *subject,
00690   NSSCertificate *rvOpt[],
00691   PRUint32 maximumOpt,
00692   NSSArena *arenaOpt
00693 )
00694 {
00695     return nssTrustDomain_FindCertificatesBySubject(td, 
00696                                                     subject,
00697                                                     rvOpt,
00698                                                     maximumOpt,
00699                                                     arenaOpt);
00700 }
00701 
00702 NSS_IMPLEMENT NSSCertificate *
00703 nssTrustDomain_FindBestCertificateBySubject (
00704   NSSTrustDomain *td,
00705   NSSDER *subject,
00706   NSSTime *timeOpt,
00707   NSSUsage *usage,
00708   NSSPolicies *policiesOpt
00709 )
00710 {
00711     NSSCertificate **subjectCerts;
00712     NSSCertificate *rvCert = NULL;
00713     subjectCerts = nssTrustDomain_FindCertificatesBySubject(td, subject,
00714                                                             NULL,
00715                                                             0,
00716                                                             NULL);
00717     if (subjectCerts) {
00718        rvCert = nssCertificateArray_FindBestCertificate(subjectCerts,
00719                                                          timeOpt,
00720                                                          usage,
00721                                                          policiesOpt);
00722        nssCertificateArray_Destroy(subjectCerts);
00723     }
00724     return rvCert;
00725 }
00726 
00727 NSS_IMPLEMENT NSSCertificate *
00728 NSSTrustDomain_FindBestCertificateBySubject (
00729   NSSTrustDomain *td,
00730   NSSDER *subject,
00731   NSSTime *timeOpt,
00732   NSSUsage *usage,
00733   NSSPolicies *policiesOpt
00734 )
00735 {
00736     return nssTrustDomain_FindBestCertificateBySubject(td,
00737                                                        subject,
00738                                                        timeOpt,
00739                                                        usage,
00740                                                        policiesOpt);
00741 }
00742 
00743 NSS_IMPLEMENT NSSCertificate *
00744 NSSTrustDomain_FindBestCertificateByNameComponents (
00745   NSSTrustDomain *td,
00746   NSSUTF8 *nameComponents,
00747   NSSTime *timeOpt,
00748   NSSUsage *usage,
00749   NSSPolicies *policiesOpt
00750 )
00751 {
00752     nss_SetError(NSS_ERROR_NOT_FOUND);
00753     return NULL;
00754 }
00755 
00756 NSS_IMPLEMENT NSSCertificate **
00757 NSSTrustDomain_FindCertificatesByNameComponents (
00758   NSSTrustDomain *td,
00759   NSSUTF8 *nameComponents,
00760   NSSCertificate *rvOpt[],
00761   PRUint32 maximumOpt, /* 0 for no max */
00762   NSSArena *arenaOpt
00763 )
00764 {
00765     nss_SetError(NSS_ERROR_NOT_FOUND);
00766     return NULL;
00767 }
00768 
00769 NSS_IMPLEMENT NSSCertificate *
00770 nssTrustDomain_FindCertificateByIssuerAndSerialNumber (
00771   NSSTrustDomain *td,
00772   NSSDER *issuer,
00773   NSSDER *serial
00774 )
00775 {
00776     PRStatus status;
00777     NSSToken *token = NULL;
00778     NSSSlot **slots = NULL;
00779     NSSSlot **slotp;
00780     NSSCertificate *rvCert = NULL;
00781     nssPKIObjectCollection *collection = NULL;
00782     nssUpdateLevel updateLevel;
00783     /* see if this search is already cached */
00784     rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
00785                                                            issuer, 
00786                                                            serial);
00787     if (rvCert) {
00788        return rvCert;
00789     }
00790     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
00791     if (!slots) {
00792        goto loser;
00793     }
00794     for (slotp = slots; *slotp; slotp++) {
00795        token = nssSlot_GetToken(*slotp);
00796        if (token) {
00797            nssSession *session;
00798            nssCryptokiObject *instance;
00799            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
00800            session = nssTrustDomain_GetSessionForToken(td, token);
00801            if (!session) {
00802               nssToken_Destroy(token);
00803               goto loser;
00804            }
00805            instance = nssToken_FindCertificateByIssuerAndSerialNumber(
00806                                                                    token,
00807                                                                    session,
00808                                                                    issuer,
00809                                                                    serial,
00810                                                                    tokenOnly,
00811                                                                    &status);
00812            nssToken_Destroy(token);
00813            if (status != PR_SUCCESS) {
00814               goto loser;
00815            }
00816            if (instance) {
00817               if (!collection) {
00818                   collection = nssCertificateCollection_Create(td, NULL);
00819                   if (!collection) {
00820                      goto loser;
00821                   }
00822               }
00823               nssPKIObjectCollection_AddInstances(collection, 
00824                                                   &instance, 1);
00825            }
00826        }
00827     }
00828     if (collection) {
00829        (void)nssPKIObjectCollection_GetCertificates(collection, 
00830                                                     &rvCert, 1, NULL);
00831        if (!rvCert) {
00832            goto loser;
00833        }
00834        nssPKIObjectCollection_Destroy(collection);
00835     }
00836     nssSlotArray_Destroy(slots);
00837     return rvCert;
00838 loser:
00839     if (collection) {
00840        nssPKIObjectCollection_Destroy(collection);
00841     }
00842     if (slots) {
00843        nssSlotArray_Destroy(slots);
00844     }
00845     return (NSSCertificate *)NULL;
00846 }
00847 
00848 NSS_IMPLEMENT NSSCertificate *
00849 NSSTrustDomain_FindCertificateByIssuerAndSerialNumber (
00850   NSSTrustDomain *td,
00851   NSSDER *issuer,
00852   NSSDER *serial
00853 )
00854 {
00855     return nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
00856                                                                  issuer,
00857                                                                  serial);
00858 }
00859 
00860 NSS_IMPLEMENT NSSCertificate *
00861 nssTrustDomain_FindCertificateByEncodedCertificate (
00862   NSSTrustDomain *td,
00863   NSSBER *ber
00864 )
00865 {
00866     PRStatus status;
00867     NSSCertificate *rvCert = NULL;
00868     NSSDER issuer = { 0 };
00869     NSSDER serial = { 0 };
00870     NSSArena *arena = nssArena_Create();
00871     if (!arena) {
00872        return (NSSCertificate *)NULL;
00873     }
00874     /* XXX this is not generic...  will any cert crack into issuer/serial? */
00875     status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial);
00876     if (status != PR_SUCCESS) {
00877        goto finish;
00878     }
00879     rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
00880                                                                    &issuer,
00881                                                                    &serial);
00882 finish:
00883     nssArena_Destroy(arena);
00884     return rvCert;
00885 }
00886 
00887 NSS_IMPLEMENT NSSCertificate *
00888 NSSTrustDomain_FindCertificateByEncodedCertificate (
00889   NSSTrustDomain *td,
00890   NSSBER *ber
00891 )
00892 {
00893     return nssTrustDomain_FindCertificateByEncodedCertificate(td, ber);
00894 }
00895 
00896 NSS_IMPLEMENT NSSCertificate *
00897 NSSTrustDomain_FindBestCertificateByEmail (
00898   NSSTrustDomain *td,
00899   NSSASCII7 *email,
00900   NSSTime *timeOpt,
00901   NSSUsage *usage,
00902   NSSPolicies *policiesOpt
00903 )
00904 {
00905     return 0;
00906 }
00907 
00908 NSS_IMPLEMENT NSSCertificate **
00909 NSSTrustDomain_FindCertificatesByEmail (
00910   NSSTrustDomain *td,
00911   NSSASCII7 *email,
00912   NSSCertificate *rvOpt[],
00913   PRUint32 maximumOpt, /* 0 for no max */
00914   NSSArena *arenaOpt
00915 )
00916 {
00917     nss_SetError(NSS_ERROR_NOT_FOUND);
00918     return NULL;
00919 }
00920 
00921 NSS_IMPLEMENT NSSCertificate *
00922 NSSTrustDomain_FindCertificateByOCSPHash (
00923   NSSTrustDomain *td,
00924   NSSItem *hash
00925 )
00926 {
00927     nss_SetError(NSS_ERROR_NOT_FOUND);
00928     return NULL;
00929 }
00930 
00931 NSS_IMPLEMENT NSSCertificate *
00932 NSSTrustDomain_FindBestUserCertificate (
00933   NSSTrustDomain *td,
00934   NSSTime *timeOpt,
00935   NSSUsage *usage,
00936   NSSPolicies *policiesOpt
00937 )
00938 {
00939     nss_SetError(NSS_ERROR_NOT_FOUND);
00940     return NULL;
00941 }
00942 
00943 NSS_IMPLEMENT NSSCertificate **
00944 NSSTrustDomain_FindUserCertificates (
00945   NSSTrustDomain *td,
00946   NSSTime *timeOpt,
00947   NSSUsage *usageOpt,
00948   NSSPolicies *policiesOpt,
00949   NSSCertificate **rvOpt,
00950   PRUint32 rvLimit, /* zero for no limit */
00951   NSSArena *arenaOpt
00952 )
00953 {
00954     nss_SetError(NSS_ERROR_NOT_FOUND);
00955     return NULL;
00956 }
00957 
00958 NSS_IMPLEMENT NSSCertificate *
00959 NSSTrustDomain_FindBestUserCertificateForSSLClientAuth (
00960   NSSTrustDomain *td,
00961   NSSUTF8 *sslHostOpt,
00962   NSSDER *rootCAsOpt[], /* null pointer for none */
00963   PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
00964   NSSAlgorithmAndParameters *apOpt,
00965   NSSPolicies *policiesOpt
00966 )
00967 {
00968     nss_SetError(NSS_ERROR_NOT_FOUND);
00969     return NULL;
00970 }
00971 
00972 NSS_IMPLEMENT NSSCertificate **
00973 NSSTrustDomain_FindUserCertificatesForSSLClientAuth (
00974   NSSTrustDomain *td,
00975   NSSUTF8 *sslHostOpt,
00976   NSSDER *rootCAsOpt[], /* null pointer for none */
00977   PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
00978   NSSAlgorithmAndParameters *apOpt,
00979   NSSPolicies *policiesOpt,
00980   NSSCertificate **rvOpt,
00981   PRUint32 rvLimit, /* zero for no limit */
00982   NSSArena *arenaOpt
00983 )
00984 {
00985     nss_SetError(NSS_ERROR_NOT_FOUND);
00986     return NULL;
00987 }
00988 
00989 NSS_IMPLEMENT NSSCertificate *
00990 NSSTrustDomain_FindBestUserCertificateForEmailSigning (
00991   NSSTrustDomain *td,
00992   NSSASCII7 *signerOpt,
00993   NSSASCII7 *recipientOpt,
00994   /* anything more here? */
00995   NSSAlgorithmAndParameters *apOpt,
00996   NSSPolicies *policiesOpt
00997 )
00998 {
00999     nss_SetError(NSS_ERROR_NOT_FOUND);
01000     return NULL;
01001 }
01002 
01003 NSS_IMPLEMENT NSSCertificate **
01004 NSSTrustDomain_FindUserCertificatesForEmailSigning (
01005   NSSTrustDomain *td,
01006   NSSASCII7 *signerOpt,
01007   NSSASCII7 *recipientOpt,
01008   /* anything more here? */
01009   NSSAlgorithmAndParameters *apOpt,
01010   NSSPolicies *policiesOpt,
01011   NSSCertificate **rvOpt,
01012   PRUint32 rvLimit, /* zero for no limit */
01013   NSSArena *arenaOpt
01014 )
01015 {
01016     nss_SetError(NSS_ERROR_NOT_FOUND);
01017     return NULL;
01018 }
01019 
01020 static PRStatus
01021 collector(nssCryptokiObject *instance, void *arg)
01022 {
01023     nssPKIObjectCollection *collection = (nssPKIObjectCollection *)arg;
01024     return nssPKIObjectCollection_AddInstanceAsObject(collection, instance);
01025 }
01026 
01027 NSS_IMPLEMENT PRStatus *
01028 NSSTrustDomain_TraverseCertificates (
01029   NSSTrustDomain *td,
01030   PRStatus (*callback)(NSSCertificate *c, void *arg),
01031   void *arg
01032 )
01033 {
01034     PRStatus status;
01035     NSSToken *token = NULL;
01036     NSSSlot **slots = NULL;
01037     NSSSlot **slotp;
01038     nssPKIObjectCollection *collection = NULL;
01039     nssPKIObjectCallback pkiCallback;
01040     nssUpdateLevel updateLevel;
01041     NSSCertificate **cached = NULL;
01042     nssList *certList;
01043 
01044     certList = nssList_Create(NULL, PR_FALSE);
01045     if (!certList) return NULL;
01046     (void *)nssTrustDomain_GetCertsFromCache(td, certList);
01047     cached = get_certs_from_list(certList);
01048     collection = nssCertificateCollection_Create(td, cached);
01049     nssCertificateArray_Destroy(cached);
01050     nssList_Destroy(certList);
01051     if (!collection) {
01052        return (PRStatus *)NULL;
01053     }
01054     /* obtain the current set of active slots in the trust domain */
01055     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
01056     if (!slots) {
01057        goto loser;
01058     }
01059     /* iterate over the slots */
01060     for (slotp = slots; *slotp; slotp++) {
01061        /* get the token for the slot, if present */
01062        token = nssSlot_GetToken(*slotp);
01063        if (token) {
01064            nssSession *session;
01065            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
01066            /* get a session for the token */
01067            session = nssTrustDomain_GetSessionForToken(td, token);
01068            if (!session) {
01069               nssToken_Destroy(token);
01070               goto loser;
01071            }
01072            /* perform the traversal */
01073            status = nssToken_TraverseCertificates(token,
01074                                                   session,
01075                                                   tokenOnly,
01076                                                   collector,
01077                                                   collection);
01078            nssToken_Destroy(token);
01079        }
01080     }
01081 
01082     /* Traverse the collection */
01083     pkiCallback.func.cert = callback;
01084     pkiCallback.arg = arg;
01085     status = nssPKIObjectCollection_Traverse(collection, &pkiCallback);
01086     /* clean up */
01087     nssPKIObjectCollection_Destroy(collection);
01088     nssSlotArray_Destroy(slots);
01089     return NULL;
01090 loser:
01091     if (slots) {
01092        nssSlotArray_Destroy(slots);
01093     }
01094     if (collection) {
01095        nssPKIObjectCollection_Destroy(collection);
01096     }
01097     return NULL;
01098 }
01099 
01100 #ifdef notdef
01101 /*
01102  * search for Public and Private keys first
01103  */
01104 NSS_IMPLEMENT PRStatus *
01105 NSSTrustDomain_TraverseUserCertificates (
01106   NSSTrustDomain *td,
01107   PRStatus (*callback)(NSSCertificate *c, void *arg),
01108   void *arg
01109 )
01110 {
01111     PRStatus status;
01112     NSSToken *token = NULL;
01113     NSSSlot **slots = NULL;
01114     NSSSlot **slotp;
01115     nssPKIObjectCollection *collection = NULL;
01116     nssPKIObjectCallback pkiCallback;
01117     nssUpdateLevel updateLevel;
01118     NSSCertificate **cached = NULL;
01119     nssList *certList;
01120     certList = nssList_Create(NULL, PR_FALSE);
01121     if (!certList) return NULL;
01122     (void *)nssTrustDomain_GetCertsFromCache(td, certList);
01123     cached = get_certs_from_list(certList);
01124     collection = nssCertificateCollection_Create(td, cached);
01125     nssCertificateArray_Destroy(cached);
01126     nssList_Destroy(certList);
01127     if (!collection) {
01128        return (PRStatus *)NULL;
01129     }
01130     /* obtain the current set of active slots in the trust domain */
01131     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
01132     if (!slots) {
01133        goto loser;
01134     }
01135     /* iterate over the slots */
01136     for (slotp = slots; *slotp; slotp++) {
01137        /* get the token for the slot, if present */
01138        token = nssSlot_GetToken(*slotp);
01139        if (token) {
01140            nssSession *session;
01141            nssCryptokiObject **instances;
01142            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
01143            /* get a session for the token */
01144            session = nssTrustDomain_GetSessionForToken(td, token);
01145            if (!session) {
01146               nssToken_Destroy(token);
01147               goto loser;
01148            }
01149            /* perform the traversal */
01150            if (!isLoggedIn(tok)) {
01151               instances = nssToken_FindPublicKeys(token,
01152                                                  session,
01153                                                  tokenOnly,
01154                                                  0, &status);
01155            } else {
01156               instances = nssToken_FindPrivateKeys(token,
01157                                                  session,
01158                                                  tokenOnly,
01159                                                  0, &status);
01160            }
01161            nssToken_Destroy(token);
01162            if (status != PR_SUCCESS) {
01163               goto loser;
01164            }
01165            /* add the found certificates to the collection */
01166            status = nssPKIObjectCollection_AddInstances(collection, 
01167                                                         instances, 0);
01168            nss_ZFreeIf(instances);
01169            if (status != PR_SUCCESS) {
01170               goto loser;
01171            }
01172        }
01173     }
01174     status = nssPKIObjectCollection_MatchCerts(collection);
01175     if (status != PR_SUCCESS) {
01176        goto loser;
01177     }
01178     /* Traverse the collection */
01179     pkiCallback.func.cert = callback;
01180     pkiCallback.arg = arg;
01181     status = nssPKIObjectCollection_Traverse(collection, &pkiCallback);
01182     /* clean up */
01183     nssPKIObjectCollection_Destroy(collection);
01184     nssSlotArray_Destroy(slots);
01185     return NULL;
01186 loser:
01187     if (slots) {
01188        nssSlotArray_Destroy(slots);
01189     }
01190     if (collection) {
01191        nssPKIObjectCollection_Destroy(collection);
01192     }
01193     return NULL;
01194 }
01195 #endif
01196 
01197 NSS_IMPLEMENT NSSTrust *
01198 nssTrustDomain_FindTrustForCertificate (
01199   NSSTrustDomain *td,
01200   NSSCertificate *c
01201 )
01202 {
01203     PRStatus status;
01204     NSSSlot **slots;
01205     NSSSlot **slotp;
01206     NSSToken *token;
01207     nssCryptokiObject *to = NULL;
01208     nssPKIObject *pkio = NULL;
01209     NSSTrust *rvt = NULL;
01210     nssUpdateLevel updateLevel;
01211     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
01212     if (!slots) {
01213        return (NSSTrust *)NULL;
01214     }
01215     for (slotp = slots; *slotp; slotp++) {
01216        token = nssSlot_GetToken(*slotp);
01217        if (token) {
01218            to = nssToken_FindTrustForCertificate(token, NULL, 
01219                                                  &c->encoding,
01220                                                  &c->issuer,
01221                                                  &c->serial,
01222                                              nssTokenSearchType_TokenOnly);
01223            if (to) {
01224               if (!pkio) {
01225                   pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock);
01226                   if (!pkio) {
01227                      nssToken_Destroy(token);
01228                      nssCryptokiObject_Destroy(to);
01229                      goto loser;
01230                   }
01231               } else {
01232                   status = nssPKIObject_AddInstance(pkio, to);
01233                   if (status != PR_SUCCESS) {
01234                      nssToken_Destroy(token);
01235                      nssCryptokiObject_Destroy(to);
01236                      goto loser;
01237                   }
01238               }
01239            }
01240            nssToken_Destroy(token);
01241        }
01242     }
01243     if (pkio) {
01244        rvt = nssTrust_Create(pkio, &c->encoding);
01245        if (!rvt) {
01246            goto loser;
01247        }
01248     }
01249     nssSlotArray_Destroy(slots);
01250     return rvt;
01251 loser:
01252     nssSlotArray_Destroy(slots);
01253     if (pkio) {
01254        nssPKIObject_Destroy(pkio);
01255     }
01256     return (NSSTrust *)NULL;
01257 }
01258 
01259 NSS_IMPLEMENT NSSCRL **
01260 nssTrustDomain_FindCRLsBySubject (
01261   NSSTrustDomain *td,
01262   NSSDER *subject
01263 )
01264 {
01265     PRStatus status;
01266     NSSSlot **slots;
01267     NSSSlot **slotp;
01268     NSSToken *token;
01269     nssUpdateLevel updateLevel;
01270     nssPKIObjectCollection *collection;
01271     NSSCRL **rvCRLs = NULL;
01272     collection = nssCRLCollection_Create(td, NULL);
01273     if (!collection) {
01274        return (NSSCRL **)NULL;
01275     }
01276     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
01277     if (!slots) {
01278        goto loser;
01279     }
01280     for (slotp = slots; *slotp; slotp++) {
01281        token = nssSlot_GetToken(*slotp);
01282        if (token) {
01283            nssSession *session;
01284            nssCryptokiObject **instances;
01285            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
01286            /* get a session for the token */
01287            session = nssTrustDomain_GetSessionForToken(td, token);
01288            if (!session) {
01289               nssToken_Destroy(token);
01290               goto loser;
01291            }
01292            /* perform the traversal */
01293            instances = nssToken_FindCRLsBySubject(token, session, subject,
01294                                                   tokenOnly, 0, &status);
01295            nssToken_Destroy(token);
01296            if (status != PR_SUCCESS) {
01297               goto loser;
01298            }
01299            /* add the found CRL's to the collection */
01300            status = nssPKIObjectCollection_AddInstances(collection, 
01301                                                         instances, 0);
01302            nss_ZFreeIf(instances);
01303            if (status != PR_SUCCESS) {
01304               goto loser;
01305            }
01306        }
01307     }
01308     rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
01309     nssPKIObjectCollection_Destroy(collection);
01310     nssSlotArray_Destroy(slots);
01311     return rvCRLs;
01312 loser:
01313     nssPKIObjectCollection_Destroy(collection);
01314     nssSlotArray_Destroy(slots);
01315     return (NSSCRL **)NULL;
01316 }
01317 
01318 NSS_IMPLEMENT PRStatus
01319 NSSTrustDomain_GenerateKeyPair (
01320   NSSTrustDomain *td,
01321   NSSAlgorithmAndParameters *ap,
01322   NSSPrivateKey **pvkOpt,
01323   NSSPublicKey **pbkOpt,
01324   PRBool privateKeyIsSensitive,
01325   NSSToken *destination,
01326   NSSCallback *uhhOpt
01327 )
01328 {
01329     nss_SetError(NSS_ERROR_NOT_FOUND);
01330     return PR_FAILURE;
01331 }
01332 
01333 NSS_IMPLEMENT NSSSymmetricKey *
01334 NSSTrustDomain_GenerateSymmetricKey (
01335   NSSTrustDomain *td,
01336   NSSAlgorithmAndParameters *ap,
01337   PRUint32 keysize,
01338   NSSToken *destination,
01339   NSSCallback *uhhOpt
01340 )
01341 {
01342     nss_SetError(NSS_ERROR_NOT_FOUND);
01343     return NULL;
01344 }
01345 
01346 NSS_IMPLEMENT NSSSymmetricKey *
01347 NSSTrustDomain_GenerateSymmetricKeyFromPassword (
01348   NSSTrustDomain *td,
01349   NSSAlgorithmAndParameters *ap,
01350   NSSUTF8 *passwordOpt, /* if null, prompt */
01351   NSSToken *destinationOpt,
01352   NSSCallback *uhhOpt
01353 )
01354 {
01355     nss_SetError(NSS_ERROR_NOT_FOUND);
01356     return NULL;
01357 }
01358 
01359 NSS_IMPLEMENT NSSSymmetricKey *
01360 NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID (
01361   NSSTrustDomain *td,
01362   NSSOID *algorithm,
01363   NSSItem *keyID,
01364   NSSCallback *uhhOpt
01365 )
01366 {
01367     nss_SetError(NSS_ERROR_NOT_FOUND);
01368     return NULL;
01369 }
01370 
01371 NSS_IMPLEMENT NSSCryptoContext *
01372 nssTrustDomain_CreateCryptoContext (
01373   NSSTrustDomain *td,
01374   NSSCallback *uhhOpt
01375 )
01376 {
01377     return nssCryptoContext_Create(td, uhhOpt);
01378 }
01379 
01380 NSS_IMPLEMENT NSSCryptoContext *
01381 NSSTrustDomain_CreateCryptoContext (
01382   NSSTrustDomain *td,
01383   NSSCallback *uhhOpt
01384 )
01385 {
01386     return nssTrustDomain_CreateCryptoContext(td, uhhOpt);
01387 }
01388 
01389 NSS_IMPLEMENT NSSCryptoContext *
01390 NSSTrustDomain_CreateCryptoContextForAlgorithm (
01391   NSSTrustDomain *td,
01392   NSSOID *algorithm
01393 )
01394 {
01395     nss_SetError(NSS_ERROR_NOT_FOUND);
01396     return NULL;
01397 }
01398 
01399 NSS_IMPLEMENT NSSCryptoContext *
01400 NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters (
01401   NSSTrustDomain *td,
01402   NSSAlgorithmAndParameters *ap
01403 )
01404 {
01405     nss_SetError(NSS_ERROR_NOT_FOUND);
01406     return NULL;
01407 }
01408