Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions | Variables
dev.h File Reference
#include "nssckt.h"
#include "nssdev.h"
#include "devt.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define NSSSLOT_ASK_PASSWORD_FIRST_TIME   -1
#define NSSSLOT_ASK_PASSWORD_EVERY_TIME   0

Functions

PR_BEGIN_EXTERN_C NSS_EXTERN
PRStatus 
nss_InitializeGlobalModuleList (void)
NSS_EXTERN PRStatus nss_DestroyGlobalModuleList (void)
NSS_EXTERN NSSModule ** nss_GetLoadedModules (void)
NSS_EXTERN PRStatus nssGlobalModuleList_Add (NSSModule *module)
NSS_EXTERN PRStatus nssGlobalModuleList_Remove (NSSModule *module)
NSS_EXTERN NSSModule * nssGlobalModuleList_FindModuleByName (NSSUTF8 *moduleName)
NSS_EXTERN NSSSlot * nssGlobalModuleList_FindSlotByName (NSSUTF8 *slotName)
NSS_EXTERN NSSToken * nssGlobalModuleList_FindTokenByName (NSSUTF8 *tokenName)
NSS_EXTERN NSSToken * nss_GetDefaultCryptoToken (void)
NSS_EXTERN NSSToken * nss_GetDefaultDatabaseToken (void)
NSS_EXTERN NSSModule * nssModule_Create (NSSUTF8 *moduleOpt, NSSUTF8 *uriOpt, NSSUTF8 *opaqueOpt, void *reserved)
NSS_EXTERN NSSModule * nssModule_CreateFromSpec (NSSUTF8 *moduleSpec, NSSModule *parent, PRBool loadSubModules)
NSS_EXTERN PRStatus nssModule_Destroy (NSSModule *mod)
NSS_EXTERN NSSModule * nssModule_AddRef (NSSModule *mod)
NSS_EXTERN NSSUTF8nssModule_GetName (NSSModule *mod)
NSS_EXTERN NSSSlot ** nssModule_GetSlots (NSSModule *mod)
NSS_EXTERN NSSSlot * nssModule_FindSlotByName (NSSModule *mod, NSSUTF8 *slotName)
NSS_EXTERN NSSToken * nssModule_FindTokenByName (NSSModule *mod, NSSUTF8 *tokenName)
NSS_EXTERN PRInt32 nssModule_GetCertOrder (NSSModule *module)
NSS_EXTERN PRStatus nssSlot_Destroy (NSSSlot *slot)
NSS_EXTERN NSSSlot * nssSlot_AddRef (NSSSlot *slot)
NSS_EXTERN void nssSlot_ResetDelay (NSSSlot *slot)
NSS_EXTERN NSSUTF8nssSlot_GetName (NSSSlot *slot)
NSS_EXTERN NSSUTF8nssSlot_GetTokenName (NSSSlot *slot)
NSS_EXTERN NSSModule * nssSlot_GetModule (NSSSlot *slot)
NSS_EXTERN NSSToken * nssSlot_GetToken (NSSSlot *slot)
NSS_EXTERN PRBool nssSlot_IsTokenPresent (NSSSlot *slot)
NSS_EXTERN PRBool nssSlot_IsPermanent (NSSSlot *slot)
NSS_EXTERN PRBool nssSlot_IsFriendly (NSSSlot *slot)
NSS_EXTERN PRBool nssSlot_IsHardware (NSSSlot *slot)
NSS_EXTERN PRBool nssSlot_IsLoggedIn (NSSSlot *slot)
NSS_EXTERN PRStatus nssSlot_Refresh (NSSSlot *slot)
NSS_EXTERN PRStatus nssSlot_Login (NSSSlot *slot, NSSCallback *pwcb)
NSS_EXTERN PRStatus nssSlot_Logout (NSSSlot *slot, nssSession *sessionOpt)
NSS_EXTERN void nssSlot_EnterMonitor (NSSSlot *slot)
NSS_EXTERN void nssSlot_ExitMonitor (NSSSlot *slot)
NSS_EXTERN void nssSlot_SetPasswordDefaults (NSSSlot *slot, PRInt32 askPasswordTimeout)
NSS_EXTERN PRStatus nssSlot_SetPassword (NSSSlot *slot, NSSUTF8 *oldPasswordOpt, NSSUTF8 *newPassword)
NSS_EXTERN nssSession * nssSlot_CreateSession (NSSSlot *slot, NSSArena *arenaOpt, PRBool readWrite)
NSS_EXTERN PRStatus nssToken_Destroy (NSSToken *tok)
NSS_EXTERN NSSToken * nssToken_AddRef (NSSToken *tok)
NSS_EXTERN NSSUTF8nssToken_GetName (NSSToken *tok)
NSS_EXTERN NSSModule * nssToken_GetModule (NSSToken *token)
NSS_EXTERN NSSSlot * nssToken_GetSlot (NSSToken *tok)
NSS_EXTERN PRBool nssToken_NeedsPINInitialization (NSSToken *token)
NSS_EXTERN nssCryptokiObject * nssToken_ImportCertificate (NSSToken *tok, nssSession *sessionOpt, NSSCertificateType certType, NSSItem *id, NSSUTF8 *nickname, NSSDER *encoding, NSSDER *issuer, NSSDER *subject, NSSDER *serial, NSSASCII7 *emailAddr, PRBool asTokenObject)
NSS_EXTERN nssCryptokiObject * nssToken_ImportTrust (NSSToken *tok, nssSession *sessionOpt, NSSDER *certEncoding, NSSDER *certIssuer, NSSDER *certSerial, nssTrustLevel serverAuth, nssTrustLevel clientAuth, nssTrustLevel codeSigning, nssTrustLevel emailProtection, PRBool stepUpApproved, PRBool asTokenObject)
NSS_EXTERN nssCryptokiObject * nssToken_ImportCRL (NSSToken *token, nssSession *sessionOpt, NSSDER *subject, NSSDER *encoding, PRBool isKRL, NSSUTF8 *url, PRBool asTokenObject)
NSS_EXTERN PRStatus nssToken_DeleteStoredObject (nssCryptokiObject *instance)
NSS_EXTERN nssCryptokiObject ** nssToken_FindCertificates (NSSToken *token, nssSession *sessionOpt, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject ** nssToken_FindCertificatesBySubject (NSSToken *token, nssSession *sessionOpt, NSSDER *subject, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject ** nssToken_FindCertificatesByNickname (NSSToken *token, nssSession *sessionOpt, NSSUTF8 *name, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject ** nssToken_FindCertificatesByEmail (NSSToken *token, nssSession *sessionOpt, NSSASCII7 *email, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject ** nssToken_FindCertificatesByID (NSSToken *token, nssSession *sessionOpt, NSSItem *id, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject * nssToken_FindCertificateByIssuerAndSerialNumber (NSSToken *token, nssSession *sessionOpt, NSSDER *issuer, NSSDER *serial, nssTokenSearchType searchType, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject * nssToken_FindCertificateByEncodedCertificate (NSSToken *token, nssSession *sessionOpt, NSSBER *encodedCertificate, nssTokenSearchType searchType, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject ** nssToken_FindTrustObjects (NSSToken *token, nssSession *sessionOpt, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject * nssToken_FindTrustForCertificate (NSSToken *token, nssSession *sessionOpt, NSSDER *certEncoding, NSSDER *certIssuer, NSSDER *certSerial, nssTokenSearchType searchType)
NSS_EXTERN nssCryptokiObject ** nssToken_FindCRLs (NSSToken *token, nssSession *sessionOpt, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject ** nssToken_FindCRLsBySubject (NSSToken *token, nssSession *sessionOpt, NSSDER *subject, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject ** nssToken_FindPrivateKeys (NSSToken *token, nssSession *sessionOpt, nssTokenSearchType searchType, PRUint32 maximumOpt, PRStatus *statusOpt)
NSS_EXTERN nssCryptokiObject * nssToken_FindPrivateKeyByID (NSSToken *token, nssSession *sessionOpt, NSSItem *keyID)
NSS_EXTERN nssCryptokiObject * nssToken_FindPublicKeyByID (NSSToken *token, nssSession *sessionOpt, NSSItem *keyID)
NSS_EXTERN NSSItem * nssToken_Digest (NSSToken *tok, nssSession *sessionOpt, NSSAlgorithmAndParameters *ap, NSSItem *data, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_EXTERN PRStatus nssToken_BeginDigest (NSSToken *tok, nssSession *sessionOpt, NSSAlgorithmAndParameters *ap)
NSS_EXTERN PRStatus nssToken_ContinueDigest (NSSToken *tok, nssSession *sessionOpt, NSSItem *item)
NSS_EXTERN NSSItem * nssToken_FinishDigest (NSSToken *tok, nssSession *sessionOpt, NSSItem *rvOpt, NSSArena *arenaOpt)
NSS_EXTERN PRStatus nssSession_Destroy (nssSession *s)
NSS_EXTERN PRStatus nssSession_EnterMonitor (nssSession *s)
NSS_EXTERN PRStatus nssSession_ExitMonitor (nssSession *s)
NSS_EXTERN PRBool nssSession_IsReadWrite (nssSession *s)
NSS_EXTERN void nssCryptokiObject_Destroy (nssCryptokiObject *object)
NSS_EXTERN PRBool nssCryptokiObject_Equal (nssCryptokiObject *object1, nssCryptokiObject *object2)
NSS_EXTERN nssCryptokiObject * nssCryptokiObject_Clone (nssCryptokiObject *object)
NSS_EXTERN PRStatus nssCryptokiCertificate_GetAttributes (nssCryptokiObject *object, nssSession *sessionOpt, NSSArena *arenaOpt, NSSCertificateType *certTypeOpt, NSSItem *idOpt, NSSDER *encodingOpt, NSSDER *issuerOpt, NSSDER *serialOpt, NSSDER *subjectOpt)
NSS_EXTERN PRStatus nssCryptokiTrust_GetAttributes (nssCryptokiObject *trustObject, nssSession *sessionOpt, NSSItem *sha1_hash, nssTrustLevel *serverAuth, nssTrustLevel *clientAuth, nssTrustLevel *codeSigning, nssTrustLevel *emailProtection, PRBool *stepUpApproved)
NSS_EXTERN PRStatus nssCryptokiCRL_GetAttributes (nssCryptokiObject *crlObject, nssSession *sessionOpt, NSSArena *arenaOpt, NSSItem *encodingOpt, NSSItem *subjectOpt, CK_ULONG *crl_class, NSSUTF8 **urlOpt, PRBool *isKRLOpt)
NSS_EXTERN PRStatus nssCryptokiPrivateKey_SetCertificate (nssCryptokiObject *keyObject, nssSession *sessionOpt, NSSUTF8 *nickname, NSSItem *id, NSSDER *subject)
NSS_EXTERN void nssModuleArray_Destroy (NSSModule **modules)
NSS_EXTERN void nssSlotArray_Destroy (NSSSlot **slots)
NSS_EXTERN void nssTokenArray_Destroy (NSSToken **tokens)
NSS_EXTERN void nssCryptokiObjectArray_Destroy (nssCryptokiObject **object)
NSS_EXTERN nssSlotList * nssSlotList_Create (NSSArena *arenaOpt)
NSS_EXTERN void nssSlotList_Destroy (nssSlotList *slotList)
NSS_EXTERN PRStatus nssSlotList_Add (nssSlotList *slotList, NSSSlot *slot, PRUint32 order)
NSS_EXTERN PRStatus nssSlotList_AddModuleSlots (nssSlotList *slotList, NSSModule *module, PRUint32 order)
NSS_EXTERN NSSSlot ** nssSlotList_GetSlots (nssSlotList *slotList)
NSS_EXTERN NSSSlot * nssSlotList_FindSlotByName (nssSlotList *slotList, NSSUTF8 *slotName)
NSS_EXTERN NSSToken * nssSlotList_FindTokenByName (nssSlotList *slotList, NSSUTF8 *tokenName)
NSS_EXTERN NSSSlot * nssSlotList_GetBestSlot (nssSlotList *slotList)
NSS_EXTERN NSSSlot * nssSlotList_GetBestSlotForAlgorithmAndParameters (nssSlotList *slotList, NSSAlgorithmAndParameters *ap)
NSS_EXTERN NSSSlot * nssSlotList_GetBestSlotForAlgorithmsAndParameters (nssSlotList *slotList, NSSAlgorithmAndParameters **ap)
NSS_EXTERN PRBool nssToken_IsPresent (NSSToken *token)
NSS_EXTERN nssSession * nssToken_GetDefaultSession (NSSToken *token)
NSS_EXTERN PRStatus nssToken_GetTrustOrder (NSSToken *tok)
NSS_EXTERN PRStatus nssToken_NotifyCertsNotVisible (NSSToken *tok)
NSS_EXTERN PRStatus nssToken_TraverseCertificates (NSSToken *token, nssSession *sessionOpt, nssTokenSearchType searchType, PRStatus(*callback)(nssCryptokiObject *instance, void *arg), void *arg)
NSS_EXTERN PRBool nssToken_IsPrivateKeyAvailable (NSSToken *token, NSSCertificate *c, nssCryptokiObject *instance)

Variables

const NSSError NSS_ERROR_INVALID_PASSWORD
const NSSError NSS_ERROR_USER_CANCELED

Define Documentation

Definition at line 348 of file dev.h.

Definition at line 347 of file dev.h.


Function Documentation

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssCryptokiCertificate_GetAttributes ( nssCryptokiObject *  object,
nssSession *  sessionOpt,
NSSArena *  arenaOpt,
NSSCertificateType certTypeOpt,
NSSItem *  idOpt,
NSSDER encodingOpt,
NSSDER issuerOpt,
NSSDER serialOpt,
NSSDER subjectOpt 
)

Definition at line 309 of file ckhelper.c.

{
    PRStatus status;
    PRUint32 i;
    nssSession *session;
    NSSSlot *slot;
    CK_ULONG template_size;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE cert_template[6];
    /* Set up a template of all options chosen by caller */
    NSS_CK_TEMPLATE_START(cert_template, attr, template_size);
    if (certTypeOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE);
    }
    if (idOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID);
    }
    if (encodingOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
    }
    if (issuerOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER);
    }
    if (serialOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER);
    }
    if (subjectOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
    }
    NSS_CK_TEMPLATE_FINISH(cert_template, attr, template_size);
    if (template_size == 0) {
       /* caller didn't want anything */
       return PR_SUCCESS;
    }

    status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt,
                                                certObject, CKO_CERTIFICATE,
                                                cert_template, template_size);
    if (status != PR_SUCCESS) {

       session = sessionOpt ? 
                 sessionOpt : 
                 nssToken_GetDefaultSession(certObject->token);

       slot = nssToken_GetSlot(certObject->token);
       status = nssCKObject_GetAttributes(certObject->handle, 
                                          cert_template, template_size,
                                          arenaOpt, session, slot);
       nssSlot_Destroy(slot);
       if (status != PR_SUCCESS) {
           return status;
       }
    }

    i=0;
    if (certTypeOpt) {
       *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]); i++;
    }
    if (idOpt) {
       NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt); i++;
    }
    if (encodingOpt) {
       NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt); i++;
    }
    if (issuerOpt) {
       NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt); i++;
    }
    if (serialOpt) {
       NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt); i++;
    }
    if (subjectOpt) {
       NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt); i++;
    }
    return PR_SUCCESS;
}
NSS_EXTERN PRStatus nssCryptokiCRL_GetAttributes ( nssCryptokiObject *  crlObject,
nssSession *  sessionOpt,
NSSArena *  arenaOpt,
NSSItem *  encodingOpt,
NSSItem *  subjectOpt,
CK_ULONG crl_class,
NSSUTF8 **  urlOpt,
PRBool isKRLOpt 
)

Definition at line 480 of file ckhelper.c.

{
    PRStatus status;
    NSSSlot *slot;
    nssSession *session;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE crl_template[7];
    CK_ULONG crl_size;
    PRUint32 i;

    NSS_CK_TEMPLATE_START(crl_template, attr, crl_size);
    if (crl_class) {
        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CLASS);
    }
    if (encodingOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
    }
    if (urlOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NETSCAPE_URL);
    }
    if (isKRLOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NETSCAPE_KRL);
    }
    if (subjectOpt) {
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
    }
    NSS_CK_TEMPLATE_FINISH(crl_template, attr, crl_size);

    status = nssToken_GetCachedObjectAttributes(crlObject->token, NULL,
                                                crlObject, 
                                                CKO_NETSCAPE_CRL,
                                                crl_template, crl_size);
    if (status != PR_SUCCESS) {
       session = sessionOpt ? 
                 sessionOpt : 
                 nssToken_GetDefaultSession(crlObject->token);

       slot = nssToken_GetSlot(crlObject->token);
       status = nssCKObject_GetAttributes(crlObject->handle, 
                                          crl_template, crl_size,
                                          arenaOpt, session, slot);
       nssSlot_Destroy(slot);
       if (status != PR_SUCCESS) {
           return status;
       }
    }

    i=0;
    if (crl_class) {
        NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class); i++;
    }
    if (encodingOpt) {
       NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt); i++;
    }
    if (urlOpt) {
       NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt); i++;
    }
    if (isKRLOpt) {
       NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt); i++;
    }
    if (subjectOpt) {
       NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt); i++;
    }
    return PR_SUCCESS;
}
NSS_EXTERN nssCryptokiObject* nssCryptokiObject_Clone ( nssCryptokiObject *  object)

Definition at line 98 of file devutil.c.

{
    nssCryptokiObject *rvObject;
    rvObject = nss_ZNEW(NULL, nssCryptokiObject);
    if (rvObject) {
       rvObject->handle = object->handle;
       rvObject->token = nssToken_AddRef(object->token);
       rvObject->isTokenObject = object->isTokenObject;
       if (object->label) {
           rvObject->label = nssUTF8_Duplicate(object->label, NULL);
       }
    }
    return rvObject;
}

Here is the caller graph for this function:

NSS_EXTERN void nssCryptokiObject_Destroy ( nssCryptokiObject *  object)

Definition at line 86 of file devutil.c.

{
    if (object) {
       nssToken_Destroy(object->token);
       nss_ZFreeIf(object->label);
       nss_ZFreeIf(object);
    }
}

Here is the caller graph for this function:

NSS_EXTERN PRBool nssCryptokiObject_Equal ( nssCryptokiObject *  object1,
nssCryptokiObject *  object2 
)

Definition at line 116 of file devutil.c.

{
    return (o1->token == o2->token && o1->handle == o2->handle);
}

Here is the caller graph for this function:

NSS_EXTERN void nssCryptokiObjectArray_Destroy ( nssCryptokiObject **  object)

Definition at line 206 of file devutil.c.

{
    if (objects) {
       nssCryptokiObject **op;
       for (op = objects; *op; op++) {
           nssCryptokiObject_Destroy(*op);
       }
       nss_ZFreeIf(objects);
    }
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssCryptokiPrivateKey_SetCertificate ( nssCryptokiObject *  keyObject,
nssSession *  sessionOpt,
NSSUTF8 nickname,
NSSItem *  id,
NSSDER subject 
)

Definition at line 556 of file ckhelper.c.

{
    CK_RV ckrv;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE key_template[3];
    CK_ULONG key_size;
    void *epv = nssToken_GetCryptokiEPV(keyObject->token);
    nssSession *session;
    NSSToken *token = keyObject->token;
    nssSession *defaultSession = nssToken_GetDefaultSession(token);
    PRBool createdSession = PR_FALSE;

    NSS_CK_TEMPLATE_START(key_template, attr, key_size);
    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
    NSS_CK_TEMPLATE_FINISH(key_template, attr, key_size);

    if (sessionOpt) {
       if (!nssSession_IsReadWrite(sessionOpt)) {
           return PR_FAILURE;
       } else {
           session = sessionOpt;
       }
    } else if (nssSession_IsReadWrite(defaultSession)) {
       session = defaultSession;
    } else {
       NSSSlot *slot = nssToken_GetSlot(token);
       session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
       createdSession = PR_TRUE;
       nssSlot_Destroy(slot);
    }

    ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle,
                                           keyObject->handle,
                                           key_template,
                                           key_size);

    if (createdSession) {
       nssSession_Destroy(session);
    }

    return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}
NSS_EXTERN PRStatus nssCryptokiTrust_GetAttributes ( nssCryptokiObject *  trustObject,
nssSession *  sessionOpt,
NSSItem *  sha1_hash,
nssTrustLevel serverAuth,
nssTrustLevel clientAuth,
nssTrustLevel codeSigning,
nssTrustLevel emailProtection,
PRBool stepUpApproved 
)

Definition at line 417 of file ckhelper.c.

{
    PRStatus status;
    NSSSlot *slot;
    nssSession *session;
    CK_BBOOL isToken = PR_FALSE;
    CK_BBOOL stepUp = PR_FALSE;
    CK_TRUST saTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
    CK_TRUST caTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
    CK_TRUST epTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
    CK_TRUST csTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE trust_template[7];
    CK_ULONG trust_size;

    /* Use the trust object to find the trust settings */
    NSS_CK_TEMPLATE_START(trust_template, attr, trust_size);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN,                  isToken);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH,      saTrust);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH,      caTrust);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING,     csTrust);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH,     sha1_hash);
    NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size);

    status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL,
                                                trustObject, 
                                                CKO_NETSCAPE_TRUST,
                                                trust_template, trust_size);
    if (status != PR_SUCCESS) {
       session = sessionOpt ? 
                 sessionOpt : 
                 nssToken_GetDefaultSession(trustObject->token);

       slot = nssToken_GetSlot(trustObject->token);
       status = nssCKObject_GetAttributes(trustObject->handle,
                                          trust_template, trust_size,
                                          NULL, session, slot);
       nssSlot_Destroy(slot);
       if (status != PR_SUCCESS) {
           return status;
       }
    }

    *serverAuth = get_nss_trust(saTrust);
    *clientAuth = get_nss_trust(caTrust);
    *emailProtection = get_nss_trust(epTrust);
    *codeSigning = get_nss_trust(csTrust);
    *stepUpApproved = stepUp;
    return PR_SUCCESS;
}
NSS_EXTERN PRStatus nssGlobalModuleList_Add ( NSSModule *  module)
NSS_EXTERN NSSModule* nssModule_AddRef ( NSSModule *  mod)
NSS_EXTERN NSSModule* nssModule_Create ( NSSUTF8 moduleOpt,
NSSUTF8 uriOpt,
NSSUTF8 opaqueOpt,
void reserved 
)
NSS_EXTERN NSSModule* nssModule_CreateFromSpec ( NSSUTF8 moduleSpec,
NSSModule *  parent,
PRBool  loadSubModules 
)
NSS_EXTERN PRStatus nssModule_Destroy ( NSSModule *  mod)
NSS_EXTERN NSSSlot* nssModule_FindSlotByName ( NSSModule *  mod,
NSSUTF8 slotName 
)
NSS_EXTERN NSSToken* nssModule_FindTokenByName ( NSSModule *  mod,
NSSUTF8 tokenName 
)
NSS_EXTERN PRInt32 nssModule_GetCertOrder ( NSSModule *  module)
NSS_EXTERN NSSUTF8* nssModule_GetName ( NSSModule *  mod)
NSS_EXTERN NSSSlot** nssModule_GetSlots ( NSSModule *  mod)
NSS_EXTERN void nssModuleArray_Destroy ( NSSModule **  modules)
NSS_EXTERN PRStatus nssSession_Destroy ( nssSession *  s)

Definition at line 120 of file dev3hack.c.

{
    CK_RV ckrv = CKR_OK;
    if (s) {
       if (s->isRW) {
           PK11_RestoreROSession(s->slot->pk11slot, s->handle);
       }
       nss_ZFreeIf(s);
    }
    return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}

Here is the caller graph for this function:

Definition at line 269 of file devslot.c.

{
    if (s->lock) PZ_Lock(s->lock);
    return PR_SUCCESS;
}

Here is the caller graph for this function:

Definition at line 278 of file devslot.c.

{
    return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS;
}

Here is the caller graph for this function:

Definition at line 286 of file devslot.c.

{
    return s->isRW;
}

Here is the caller graph for this function:

NSS_EXTERN NSSSlot* nssSlot_AddRef ( NSSSlot *  slot)

Definition at line 106 of file devslot.c.

{
    PR_AtomicIncrement(&slot->base.refCount);
    return slot;
}

Here is the caller graph for this function:

NSS_EXTERN nssSession* nssSlot_CreateSession ( NSSSlot *  slot,
NSSArena *  arenaOpt,
PRBool  readWrite 
)

Definition at line 76 of file dev3hack.c.

{
    nssSession *rvSession;
    rvSession = nss_ZNEW(arenaOpt, nssSession);
    if (!rvSession) {
       return (nssSession *)NULL;
    }
    if (readWrite) {
       rvSession->handle = PK11_GetRWSession(slot->pk11slot);
       if (rvSession->handle == CK_INVALID_HANDLE) {
           nss_ZFreeIf(rvSession);
           return NULL;
       }
       rvSession->isRW = PR_TRUE;
       rvSession->slot = slot;
        /*
         * The session doesn't need its own lock.  Here's why.
         * 1. If we are reusing the default RW session of the slot,
         *    the slot lock is already locked to protect the session.
         * 2. If the module is not thread safe, the slot (or rather
         *    module) lock is already locked.
         * 3. If the module is thread safe and we are using a new
         *    session, no higher-level lock has been locked and we
         *    would need a lock for the new session.  However, the
         *    current usage of the session is that it is always
         *    used and destroyed within the same function and never
         *    shared with another thread.
         * So the session is either already protected by another
         * lock or only used by one thread.
         */
        rvSession->lock = NULL;
        rvSession->ownLock = PR_FALSE;
       return rvSession;
    } else {
       return NULL;
    }
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssSlot_Destroy ( NSSSlot *  slot)

Definition at line 68 of file devslot.c.

{
    if (slot) {
       if (PR_AtomicDecrement(&slot->base.refCount) == 0) {
           PZ_DestroyLock(slot->base.lock);
           return nssArena_Destroy(slot->base.arena);
       }
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_EXTERN void nssSlot_EnterMonitor ( NSSSlot *  slot)

Definition at line 82 of file devslot.c.

{
    if (slot->lock) {
       PZ_Lock(slot->lock);
    }
}

Here is the caller graph for this function:

NSS_EXTERN void nssSlot_ExitMonitor ( NSSSlot *  slot)

Definition at line 90 of file devslot.c.

{
    if (slot->lock) {
       PZ_Unlock(slot->lock);
    }
}

Here is the caller graph for this function:

NSS_EXTERN NSSModule* nssSlot_GetModule ( NSSSlot *  slot)
NSS_EXTERN NSSUTF8* nssSlot_GetName ( NSSSlot *  slot)

Definition at line 115 of file devslot.c.

{
    return slot->base.name;
}
NSS_EXTERN NSSToken* nssSlot_GetToken ( NSSSlot *  slot)

Definition at line 258 of file devslot.c.

{
    if (nssSlot_IsTokenPresent(slot)) {
       return nssToken_AddRef(slot->token);
    }
    return (NSSToken *)NULL;
}

Here is the caller graph for this function:

NSS_EXTERN NSSUTF8* nssSlot_GetTokenName ( NSSSlot *  slot)

Definition at line 123 of file devslot.c.

{
    return nssToken_GetName(slot->token);
}
NSS_EXTERN PRBool nssSlot_IsFriendly ( NSSSlot *  slot)

Definition at line 221 of file dev3hack.c.

{
    return PK11_IsFriendly(slot->pk11slot);
}

Here is the caller graph for this function:

NSS_EXTERN PRBool nssSlot_IsHardware ( NSSSlot *  slot)
NSS_EXTERN PRBool nssSlot_IsLoggedIn ( NSSSlot *  slot)

Definition at line 280 of file dev3hack.c.

{
    if (!slot->pk11slot->needLogin) {
       return PR_TRUE;
    }
    return PK11_IsLoggedIn(slot->pk11slot, NULL);
}

Here is the caller graph for this function:

NSS_EXTERN PRBool nssSlot_IsPermanent ( NSSSlot *  slot)

Definition at line 212 of file dev3hack.c.

{
    return slot->pk11slot->isPerm;
}

Here is the caller graph for this function:

Definition at line 156 of file devslot.c.

{
    CK_RV ckrv;
    PRStatus nssrv;
    /* XXX */
    nssSession *session;
    CK_SLOT_INFO slotInfo;
    void *epv;
    /* permanent slots are always present */
    if (nssSlot_IsPermanent(slot)) {
       return PR_TRUE;
    }
    /* avoid repeated calls to check token status within set interval */
    if (within_token_delay_period(slot)) {
       return (PRBool)((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
    }

    /* First obtain the slot info */
    epv = slot->epv;
    if (!epv) {
       return PR_FALSE;
    }
    nssSlot_EnterMonitor(slot);
    ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
    nssSlot_ExitMonitor(slot);
    if (ckrv != CKR_OK) {
       slot->token->base.name[0] = 0; /* XXX */
       return PR_FALSE;
    }
    slot->ckFlags = slotInfo.flags;
    /* check for the presence of the token */
    if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
       if (!slot->token) {
           /* token was ne'er present */
           return PR_FALSE;
       }
       session = nssToken_GetDefaultSession(slot->token);
       nssSession_EnterMonitor(session);
       /* token is not present */
       if (session->handle != CK_INVALID_SESSION) {
           /* session is valid, close and invalidate it */
           CKAPI(epv)->C_CloseSession(session->handle);
           session->handle = CK_INVALID_SESSION;
       }
       nssSession_ExitMonitor(session);
       if (slot->token->base.name[0] != 0) {
           /* notify the high-level cache that the token is removed */
           slot->token->base.name[0] = 0; /* XXX */
           nssToken_NotifyCertsNotVisible(slot->token);
       }
       slot->token->base.name[0] = 0; /* XXX */
       /* clear the token cache */
       nssToken_Remove(slot->token);
       return PR_FALSE;
    }
    /* token is present, use the session info to determine if the card
     * has been removed and reinserted.
     */
    session = nssToken_GetDefaultSession(slot->token);
    nssSession_EnterMonitor(session);
    if (session->handle != CK_INVALID_SESSION) {
       CK_SESSION_INFO sessionInfo;
       ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
       if (ckrv != CKR_OK) {
           /* session is screwy, close and invalidate it */
           CKAPI(epv)->C_CloseSession(session->handle);
           session->handle = CK_INVALID_SESSION;
       }
    }
    nssSession_ExitMonitor(session);
    /* token not removed, finished */
    if (session->handle != CK_INVALID_SESSION) {
       return PR_TRUE;
    } else {
       /* the token has been removed, and reinserted, or the slot contains
        * a token it doesn't recognize. invalidate all the old
        * information we had on this token, if we can't refresh, clear
        * the present flag */
       nssToken_NotifyCertsNotVisible(slot->token);
       nssToken_Remove(slot->token);
       /* token has been removed, need to refresh with new session */
       nssrv = nssSlot_Refresh(slot);
       if (nssrv != PR_SUCCESS) {
           slot->token->base.name[0] = 0; /* XXX */
           slot->ckFlags &= ~CKF_TOKEN_PRESENT;
           return PR_FALSE;
       }
       return PR_TRUE;
    }
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssSlot_Login ( NSSSlot *  slot,
NSSCallback *  pwcb 
)

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssSlot_Logout ( NSSSlot *  slot,
nssSession *  sessionOpt 
)
NSS_EXTERN PRStatus nssSlot_Refresh ( NSSSlot *  slot)

Definition at line 246 of file dev3hack.c.

{
    PK11SlotInfo *nss3slot = slot->pk11slot;
    PRBool doit = PR_FALSE;
    if (slot->token->base.name[0] == 0) {
       doit = PR_TRUE;
    }
    if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
       return PR_FAILURE;
    }
    if (doit) {
       nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain, 
                                             slot->token);
    }
    return nssToken_Refresh(slot->token);
}

Here is the caller graph for this function:

NSS_EXTERN void nssSlot_ResetDelay ( NSSSlot *  slot)

Definition at line 131 of file devslot.c.

{
    slot->lastTokenPing = 0;
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssSlot_SetPassword ( NSSSlot *  slot,
NSSUTF8 oldPasswordOpt,
NSSUTF8 newPassword 
)
NSS_EXTERN void nssSlot_SetPasswordDefaults ( NSSSlot *  slot,
PRInt32  askPasswordTimeout 
)
NSS_EXTERN void nssSlotArray_Destroy ( NSSSlot **  slots)

Definition at line 162 of file devutil.c.

{
    if (slots) {
       NSSSlot **slotp;
       for (slotp = slots; *slotp; slotp++) {
           nssSlot_Destroy(*slotp);
       }
       nss_ZFreeIf(slots);
    }
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssSlotList_Add ( nssSlotList *  slotList,
NSSSlot *  slot,
PRUint32  order 
)
NSS_EXTERN PRStatus nssSlotList_AddModuleSlots ( nssSlotList *  slotList,
NSSModule *  module,
PRUint32  order 
)
NSS_EXTERN nssSlotList* nssSlotList_Create ( NSSArena *  arenaOpt)
NSS_EXTERN void nssSlotList_Destroy ( nssSlotList *  slotList)
NSS_EXTERN NSSSlot* nssSlotList_FindSlotByName ( nssSlotList *  slotList,
NSSUTF8 slotName 
)
NSS_EXTERN NSSToken* nssSlotList_FindTokenByName ( nssSlotList *  slotList,
NSSUTF8 tokenName 
)
NSS_EXTERN NSSSlot* nssSlotList_GetBestSlot ( nssSlotList *  slotList)
NSS_EXTERN NSSSlot* nssSlotList_GetBestSlotForAlgorithmAndParameters ( nssSlotList *  slotList,
NSSAlgorithmAndParameters *  ap 
)
NSS_EXTERN NSSSlot* nssSlotList_GetBestSlotForAlgorithmsAndParameters ( nssSlotList *  slotList,
NSSAlgorithmAndParameters **  ap 
)
NSS_EXTERN NSSSlot** nssSlotList_GetSlots ( nssSlotList *  slotList)
NSS_EXTERN NSSToken* nssToken_AddRef ( NSSToken *  tok)

Definition at line 94 of file devtoken.c.

{
    PR_AtomicIncrement(&tok->base.refCount);
    return tok;
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssToken_BeginDigest ( NSSToken *  tok,
nssSession *  sessionOpt,
NSSAlgorithmAndParameters *  ap 
)

Definition at line 1383 of file devtoken.c.

{
    CK_RV ckrv;
    nssSession *session;
    void *epv = nssToken_GetCryptokiEPV(tok);
    session = (sessionOpt) ? sessionOpt : tok->defaultSession;
    nssSession_EnterMonitor(session);
    ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
    nssSession_ExitMonitor(session);
    return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssToken_ContinueDigest ( NSSToken *  tok,
nssSession *  sessionOpt,
NSSItem *  item 
)

Definition at line 1400 of file devtoken.c.

{
    CK_RV ckrv;
    nssSession *session;
    void *epv = nssToken_GetCryptokiEPV(tok);
    session = (sessionOpt) ? sessionOpt : tok->defaultSession;
    nssSession_EnterMonitor(session);
    ckrv = CKAPI(epv)->C_DigestUpdate(session->handle, 
                                      (CK_BYTE_PTR)item->data, 
                                      (CK_ULONG)item->size);
    nssSession_ExitMonitor(session);
    return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssToken_DeleteStoredObject ( nssCryptokiObject *  instance)

Definition at line 165 of file devtoken.c.

{
    CK_RV ckrv;
    PRStatus status;
    PRBool createdSession = PR_FALSE;
    NSSToken *token = instance->token;
    nssSession *session = NULL;
    void *epv = nssToken_GetCryptokiEPV(instance->token);
    if (token->cache) {
       nssTokenObjectCache_RemoveObject(token->cache, instance);
    }
    if (instance->isTokenObject) {
       if (nssSession_IsReadWrite(token->defaultSession)) {
          session = token->defaultSession;
       } else {
          session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
          createdSession = PR_TRUE;
       }
    }
    if (session == NULL) {
       return PR_FAILURE;
    }
    nssSession_EnterMonitor(session);
    ckrv = CKAPI(epv)->C_DestroyObject(session->handle, instance->handle);
    nssSession_ExitMonitor(session);
    if (createdSession) {
       nssSession_Destroy(session);
    }
    status = (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
    return status;
}

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssToken_Destroy ( NSSToken *  tok)

Definition at line 63 of file devtoken.c.

{
    if (tok) {
       if (PR_AtomicDecrement(&tok->base.refCount) == 0) {
           PZ_DestroyLock(tok->base.lock);
           nssTokenObjectCache_Destroy(tok->cache);
           return nssArena_Destroy(tok->base.arena);
       }
    }
    return PR_SUCCESS;
}

Here is the caller graph for this function:

NSS_EXTERN NSSItem* nssToken_Digest ( NSSToken *  tok,
nssSession *  sessionOpt,
NSSAlgorithmAndParameters *  ap,
NSSItem *  data,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 1316 of file devtoken.c.

{
    CK_RV ckrv;
    CK_ULONG digestLen;
    CK_BYTE_PTR digest;
    NSSItem *rvItem = NULL;
    void *epv = nssToken_GetCryptokiEPV(tok);
    nssSession *session;
    session = (sessionOpt) ? sessionOpt : tok->defaultSession;
    nssSession_EnterMonitor(session);
    ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
    if (ckrv != CKR_OK) {
       nssSession_ExitMonitor(session);
       return NULL;
    }
#if 0
    /* XXX the standard says this should work, but it doesn't */
    ckrv = CKAPI(epv)->C_Digest(session->handle, NULL, 0, NULL, &digestLen);
    if (ckrv != CKR_OK) {
       nssSession_ExitMonitor(session);
       return NULL;
    }
#endif
    digestLen = 0; /* XXX for now */
    digest = NULL;
    if (rvOpt) {
       if (rvOpt->size > 0 && rvOpt->size < digestLen) {
           nssSession_ExitMonitor(session);
           /* the error should be bad args */
           return NULL;
       }
       if (rvOpt->data) {
           digest = rvOpt->data;
       }
       digestLen = rvOpt->size;
    }
    if (!digest) {
       digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
       if (!digest) {
           nssSession_ExitMonitor(session);
           return NULL;
       }
    }
    ckrv = CKAPI(epv)->C_Digest(session->handle, 
                                (CK_BYTE_PTR)data->data, 
                                (CK_ULONG)data->size,
                                (CK_BYTE_PTR)digest,
                                &digestLen);
    nssSession_ExitMonitor(session);
    if (ckrv != CKR_OK) {
       nss_ZFreeIf(digest);
       return NULL;
    }
    if (!rvOpt) {
       rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
    }
    return rvItem;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject* nssToken_FindCertificateByEncodedCertificate ( NSSToken *  token,
nssSession *  sessionOpt,
NSSBER encodedCertificate,
nssTokenSearchType  searchType,
PRStatus statusOpt 
)

Definition at line 875 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE cert_template[3];
    CK_ULONG ctsize;
    nssCryptokiObject **objects;
    nssCryptokiObject *rvObject = NULL;
    NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
    /* Set the search to token/session only if provided */
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate);
    NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
    /* get the object handle */
    objects = find_objects_by_template(token, sessionOpt,
                                       cert_template, ctsize,
                                       1, statusOpt);
    if (objects) {
       rvObject = objects[0];
       nss_ZFreeIf(objects);
    }
    return rvObject;
}
NSS_EXTERN nssCryptokiObject* nssToken_FindCertificateByIssuerAndSerialNumber ( NSSToken *  token,
nssSession *  sessionOpt,
NSSDER issuer,
NSSDER serial,
nssTokenSearchType  searchType,
PRStatus statusOpt 
)

Definition at line 800 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE_PTR serialAttr;
    CK_ATTRIBUTE cert_template[4];
    CK_ULONG ctsize;
    nssCryptokiObject **objects;
    nssCryptokiObject *rvObject = NULL;
    NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
    /* Set the search to token/session only if provided */
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if ((searchType == nssTokenSearchType_TokenOnly) ||
               (searchType == nssTokenSearchType_TokenForced)) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    /* Set the unique id */
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS,         &g_ck_class_cert);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,         issuer);
    serialAttr = attr;
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER,  serial);
    NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
    /* get the object handle */
    if (searchType == nssTokenSearchType_TokenForced) {
       objects = find_objects(token, sessionOpt,
                              cert_template, ctsize,
                              1, statusOpt);
    } else {
       objects = find_objects_by_template(token, sessionOpt,
                                       cert_template, ctsize,
                                       1, statusOpt);
    }
    if (objects) {
       rvObject = objects[0];
       nss_ZFreeIf(objects);
    }

    /*
     * NSS used to incorrectly store serial numbers in their decoded form.
     * because of this old tokens have decoded serial numbers.
     */
    if (!objects) {
       NSSItem serialDecode;
       PRStatus status;

       status = nssToken_decodeSerialItem(serial, &serialDecode);
       if (status != PR_SUCCESS) {
           return NULL;
       }
       NSS_CK_SET_ATTRIBUTE_ITEM(serialAttr,CKA_SERIAL_NUMBER,&serialDecode);
       if (searchType == nssTokenSearchType_TokenForced) {
           objects = find_objects(token, sessionOpt,
                              cert_template, ctsize,
                              1, statusOpt);
       } else {
           objects = find_objects_by_template(token, sessionOpt,
                                       cert_template, ctsize,
                                       1, statusOpt);
       }
       if (objects) {
           rvObject = objects[0];
           nss_ZFreeIf(objects);
       }
    }
    return rvObject;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject** nssToken_FindCertificates ( NSSToken *  token,
nssSession *  sessionOpt,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 568 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE cert_template[2];
    CK_ULONG ctsize;
    nssCryptokiObject **objects;
    NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
    /* Set the search to token/session only if provided */
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly ||
               searchType == nssTokenSearchType_TokenForced) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
    NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);

    if (searchType == nssTokenSearchType_TokenForced) {
       objects = find_objects(token, sessionOpt,
                              cert_template, ctsize,
                              maximumOpt, statusOpt);
    } else {
       objects = find_objects_by_template(token, sessionOpt,
                                          cert_template, ctsize,
                                          maximumOpt, statusOpt);
    }
    return objects;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject** nssToken_FindCertificatesByEmail ( NSSToken *  token,
nssSession *  sessionOpt,
NSSASCII7 email,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 684 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE email_template[3];
    CK_ULONG etsize;
    nssCryptokiObject **objects;
    NSS_CK_TEMPLATE_START(email_template, attr, etsize);
    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL, email);
    /* Set the search to token/session only if provided */
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
    NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize);
    /* now locate the token certs matching this template */
    objects = find_objects(token, sessionOpt,
                           email_template, etsize,
                           maximumOpt, statusOpt);
    if (!objects) {
       /* This is to workaround the fact that PKCS#11 doesn't specify
        * whether the '\0' should be included.  XXX Is that still true?
        * im - this is not needed by the current softoken.  However, I'm 
        * leaving it in until I have surveyed more tokens to see if it needed.
        * well, its needed by the builtin token...
        */
       email_template[0].ulValueLen++;
       objects = find_objects(token, sessionOpt,
                              email_template, etsize,
                              maximumOpt, statusOpt);
    }
    return objects;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject** nssToken_FindCertificatesByID ( NSSToken *  token,
nssSession *  sessionOpt,
NSSItem *  id,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 727 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE id_template[3];
    CK_ULONG idtsize;
    nssCryptokiObject **objects;
    NSS_CK_TEMPLATE_START(id_template, attr, idtsize);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
    /* Set the search to token/session only if provided */
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
    NSS_CK_TEMPLATE_FINISH(id_template, attr, idtsize);
    /* now locate the token certs matching this template */
    objects = find_objects_by_template(token, sessionOpt,
                                       id_template, idtsize,
                                       maximumOpt, statusOpt);
    return objects;
}
NSS_EXTERN nssCryptokiObject** nssToken_FindCertificatesByNickname ( NSSToken *  token,
nssSession *  sessionOpt,
NSSUTF8 name,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 635 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE nick_template[3];
    CK_ULONG ntsize;
    nssCryptokiObject **objects;
    NSS_CK_TEMPLATE_START(nick_template, attr, ntsize);
    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, name);
    /* Set the search to token/session only if provided */
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
    NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize);
    /* now locate the token certs matching this template */
    objects = find_objects_by_template(token, sessionOpt,
                                       nick_template, ntsize, 
                                       maximumOpt, statusOpt);
    if (!objects) {
       /* This is to workaround the fact that PKCS#11 doesn't specify
        * whether the '\0' should be included.  XXX Is that still true?
        * im - this is not needed by the current softoken.  However, I'm 
        * leaving it in until I have surveyed more tokens to see if it needed.
        * well, its needed by the builtin token...
        */
       nick_template[0].ulValueLen++;
       objects = find_objects_by_template(token, sessionOpt,
                                          nick_template, ntsize, 
                                          maximumOpt, statusOpt);
    }
    return objects;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject** nssToken_FindCertificatesBySubject ( NSSToken *  token,
nssSession *  sessionOpt,
NSSDER subject,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 604 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE subj_template[3];
    CK_ULONG stsize;
    nssCryptokiObject **objects;
    NSS_CK_TEMPLATE_START(subj_template, attr, stsize);
    /* Set the search to token/session only if provided */
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
    NSS_CK_TEMPLATE_FINISH(subj_template, attr, stsize);
    /* now locate the token certs matching this template */
    objects = find_objects_by_template(token, sessionOpt,
                                       subj_template, stsize,
                                       maximumOpt, statusOpt);
    return objects;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject** nssToken_FindCRLs ( NSSToken *  token,
nssSession *  sessionOpt,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 1226 of file devtoken.c.

{
    CK_OBJECT_CLASS crlobjc = CKO_NETSCAPE_CRL;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE crlobj_template[2];
    CK_ULONG crlobj_size;
    nssCryptokiObject **objects;
    nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;

    NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly ||
               searchType == nssTokenSearchType_TokenForced) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, crlobjc);
    NSS_CK_TEMPLATE_FINISH(crlobj_template, attr, crlobj_size);

    if (searchType == nssTokenSearchType_TokenForced) {
       objects = find_objects(token, session,
                              crlobj_template, crlobj_size,
                              maximumOpt, statusOpt);
    } else {
       objects = find_objects_by_template(token, session,
                                          crlobj_template, crlobj_size,
                                          maximumOpt, statusOpt);
    }
    return objects;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject** nssToken_FindCRLsBySubject ( NSSToken *  token,
nssSession *  sessionOpt,
NSSDER subject,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 1264 of file devtoken.c.

{
    CK_OBJECT_CLASS crlobjc = CKO_NETSCAPE_CRL;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE crlobj_template[3];
    CK_ULONG crlobj_size;
    nssCryptokiObject **objects;
    nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;

    NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly ||
               searchType == nssTokenSearchType_TokenForced) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, crlobjc);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
    NSS_CK_TEMPLATE_FINISH(crlobj_template, attr, crlobj_size);

    objects = find_objects_by_template(token, session,
                                       crlobj_template, crlobj_size,
                                       maximumOpt, statusOpt);
    return objects;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject* nssToken_FindPrivateKeyByID ( NSSToken *  token,
nssSession *  sessionOpt,
NSSItem *  keyID 
)

Definition at line 940 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE key_template[3];
    CK_ULONG ktsize;
    nssCryptokiObject **objects;
    nssCryptokiObject *rvKey = NULL;

    NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
    NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);

    objects = find_objects_by_template(token, sessionOpt,
                                       key_template, ktsize, 
                                       1, NULL);
    if (objects) {
       rvKey = objects[0];
       nss_ZFreeIf(objects);
    }
    return rvKey;
}
NSS_EXTERN nssCryptokiObject** nssToken_FindPrivateKeys ( NSSToken *  token,
nssSession *  sessionOpt,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 910 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE key_template[2];
    CK_ULONG ktsize;
    nssCryptokiObject **objects;

    NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);

    objects = find_objects_by_template(token, sessionOpt,
                                       key_template, ktsize, 
                                       maximumOpt, statusOpt);
    return objects;
}
NSS_EXTERN nssCryptokiObject* nssToken_FindPublicKeyByID ( NSSToken *  token,
nssSession *  sessionOpt,
NSSItem *  keyID 
)

Definition at line 970 of file devtoken.c.

{
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE key_template[3];
    CK_ULONG ktsize;
    nssCryptokiObject **objects;
    nssCryptokiObject *rvKey = NULL;

    NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_pubkey);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
    NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);

    objects = find_objects_by_template(token, sessionOpt,
                                       key_template, ktsize, 
                                       1, NULL);
    if (objects) {
       rvKey = objects[0];
       nss_ZFreeIf(objects);
    }
    return rvKey;
}
NSS_EXTERN nssCryptokiObject* nssToken_FindTrustForCertificate ( NSSToken *  token,
nssSession *  sessionOpt,
NSSDER certEncoding,
NSSDER certIssuer,
NSSDER certSerial,
nssTokenSearchType  searchType 
)

Definition at line 1145 of file devtoken.c.

{
    CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE tobj_template[5];
    CK_ULONG tobj_size;
    nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
    nssCryptokiObject *object, **objects;

    NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS,          tobjc);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,         certIssuer);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , certSerial);
    NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
    object = NULL;
    objects = find_objects_by_template(token, session,
                                       tobj_template, tobj_size,
                                       1, NULL);
    if (objects) {
       object = objects[0];
       nss_ZFreeIf(objects);
    }
    return object;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject** nssToken_FindTrustObjects ( NSSToken *  token,
nssSession *  sessionOpt,
nssTokenSearchType  searchType,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 1107 of file devtoken.c.

{
    CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE tobj_template[2];
    CK_ULONG tobj_size;
    nssCryptokiObject **objects;
    nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;

    NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly ||
               searchType == nssTokenSearchType_TokenForced) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc);
    NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);

    if (searchType == nssTokenSearchType_TokenForced) {
       objects = find_objects(token, session,
                              tobj_template, tobj_size,
                              maximumOpt, statusOpt);
    } else {
       objects = find_objects_by_template(token, session,
                                          tobj_template, tobj_size,
                                          maximumOpt, statusOpt);
    }
    return objects;
}

Here is the caller graph for this function:

NSS_EXTERN NSSItem* nssToken_FinishDigest ( NSSToken *  tok,
nssSession *  sessionOpt,
NSSItem *  rvOpt,
NSSArena *  arenaOpt 
)

Definition at line 1419 of file devtoken.c.

{
    CK_RV ckrv;
    CK_ULONG digestLen;
    CK_BYTE_PTR digest;
    NSSItem *rvItem = NULL;
    void *epv = nssToken_GetCryptokiEPV(tok);
    nssSession *session;
    session = (sessionOpt) ? sessionOpt : tok->defaultSession;
    nssSession_EnterMonitor(session);
    ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen);
    if (ckrv != CKR_OK || digestLen == 0) {
       nssSession_ExitMonitor(session);
       return NULL;
    }
    digest = NULL;
    if (rvOpt) {
       if (rvOpt->size > 0 && rvOpt->size < digestLen) {
           nssSession_ExitMonitor(session);
           /* the error should be bad args */
           return NULL;
       }
       if (rvOpt->data) {
           digest = rvOpt->data;
       }
       digestLen = rvOpt->size;
    }
    if (!digest) {
       digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
       if (!digest) {
           nssSession_ExitMonitor(session);
           return NULL;
       }
    }
    ckrv = CKAPI(epv)->C_DigestFinal(session->handle, digest, &digestLen);
    nssSession_ExitMonitor(session);
    if (ckrv != CKR_OK) {
       nss_ZFreeIf(digest);
       return NULL;
    }
    if (!rvOpt) {
       rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
    }
    return rvItem;
}

Here is the caller graph for this function:

NSS_EXTERN nssSession* nssToken_GetDefaultSession ( NSSToken *  token)

Definition at line 119 of file devtoken.c.

{
    return token->defaultSession;
}

Here is the caller graph for this function:

NSS_EXTERN NSSModule* nssToken_GetModule ( NSSToken *  token)
NSS_EXTERN NSSUTF8* nssToken_GetName ( NSSToken *  tok)

Definition at line 127 of file devtoken.c.

{
    if (tok == NULL) {
       return "";
    }
    if (tok->base.name[0] == 0) {
       (void) nssSlot_IsTokenPresent(tok->slot);
    } 
    return tok->base.name;
}

Here is the caller graph for this function:

NSS_EXTERN NSSSlot* nssToken_GetSlot ( NSSToken *  tok)

Definition at line 103 of file devtoken.c.

{
    return nssSlot_AddRef(tok->slot);
}

Here is the caller graph for this function:

Definition at line 267 of file dev3hack.c.

{
    PK11SlotInfo *slot;
    SECMODModule *module;
    slot = tok->pk11slot;
    module = PK11_GetModule(slot);
    return module->trustOrder;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject* nssToken_ImportCertificate ( NSSToken *  tok,
nssSession *  sessionOpt,
NSSCertificateType  certType,
NSSItem *  id,
NSSUTF8 nickname,
NSSDER encoding,
NSSDER issuer,
NSSDER subject,
NSSDER serial,
NSSASCII7 emailAddr,
PRBool  asTokenObject 
)

Definition at line 444 of file devtoken.c.

{
    PRStatus status;
    CK_CERTIFICATE_TYPE cert_type;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE cert_tmpl[10];
    CK_ULONG ctsize;
    nssTokenSearchType searchType;
    nssCryptokiObject *rvObject = NULL;

    if (certType == NSSCertificateType_PKIX) {
       cert_type = CKC_X_509;
    } else {
       return (nssCryptokiObject *)NULL;
    }
    NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
    if (asTokenObject) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
       searchType = nssTokenSearchType_TokenOnly;
    } else {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
       searchType = nssTokenSearchType_SessionOnly;
    }
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS,            &g_ck_class_cert);
    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CERTIFICATE_TYPE,  cert_type);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID,                id);
    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL,             nickname);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE,             encoding);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,            issuer);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT,           subject);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER,     serial);
    if (email) {
       NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL,    email);
    }
    NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
    /* see if the cert is already there */
    rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok,
                                                               sessionOpt,
                                                               issuer,
                                                               serial,
                                                               searchType,
                                                               NULL);
    if (rvObject) {
       NSSItem existingDER;
       NSSSlot *slot = nssToken_GetSlot(tok);
       nssSession *session = nssSlot_CreateSession(slot, NULL, PR_TRUE);
       if (!session) {
           nssCryptokiObject_Destroy(rvObject);
           nssSlot_Destroy(slot);
           return (nssCryptokiObject *)NULL;
       }
       /* Reject any attempt to import a new cert that has the same
        * issuer/serial as an existing cert, but does not have the
        * same encoding
        */
       NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
       NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
       NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
       status = nssCKObject_GetAttributes(rvObject->handle, 
                                          cert_tmpl, ctsize, NULL,
                                          session, slot);
       NSS_CK_ATTRIBUTE_TO_ITEM(cert_tmpl, &existingDER);
       if (status == PR_SUCCESS) {
           if (!nssItem_Equal(encoding, &existingDER, NULL)) {
              nss_SetError(NSS_ERROR_INVALID_CERTIFICATE);
              status = PR_FAILURE;
           }
           nss_ZFreeIf(existingDER.data);
       }
       if (status == PR_FAILURE) {
           nssCryptokiObject_Destroy(rvObject);
           nssSession_Destroy(session);
           nssSlot_Destroy(slot);
           return (nssCryptokiObject *)NULL;
       }
       /* according to PKCS#11, label, ID, issuer, and serial number 
        * may change after the object has been created.  For PKIX, the
        * last two attributes can't change, so for now we'll only worry
        * about the first two.
        */
       NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID,    id);
       NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
       NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
       /* reset the mutable attributes on the token */
       nssCKObject_SetAttributes(rvObject->handle, 
                                 cert_tmpl, ctsize,
                                 session, slot);
       if (!rvObject->label && nickname) {
           rvObject->label = nssUTF8_Duplicate(nickname, NULL);
       }
       nssSession_Destroy(session);
       nssSlot_Destroy(slot);
    } else {
       /* Import the certificate onto the token */
       rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize);
    }
    if (rvObject && tok->cache) {
       /* The cache will overwrite the attributes if the object already
        * exists.
        */
       nssTokenObjectCache_ImportObject(tok->cache, rvObject,
                                        CKO_CERTIFICATE,
                                        cert_tmpl, ctsize);
    }
    return rvObject;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject* nssToken_ImportCRL ( NSSToken *  token,
nssSession *  sessionOpt,
NSSDER subject,
NSSDER encoding,
PRBool  isKRL,
NSSUTF8 url,
PRBool  asTokenObject 
)

Definition at line 1183 of file devtoken.c.

{
    nssCryptokiObject *object;
    CK_OBJECT_CLASS crlobjc = CKO_NETSCAPE_CRL;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE crl_tmpl[6];
    CK_ULONG crlsize;

    NSS_CK_TEMPLATE_START(crl_tmpl, attr, crlsize);
    if (asTokenObject) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    } else {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    }
    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS,        crlobjc);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT,      subject);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE,        encoding);
    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_URL, url);
    if (isKRL) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NETSCAPE_KRL, &g_ck_true);
    } else {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NETSCAPE_KRL, &g_ck_false);
    }
    NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize);

    /* import the crl object onto the token */
    object = import_object(token, sessionOpt, crl_tmpl, crlsize);
    if (object && token->cache) {
       nssTokenObjectCache_ImportObject(token->cache, object, crlobjc,
                                        crl_tmpl, crlsize);
    }
    return object;
}

Here is the caller graph for this function:

NSS_EXTERN nssCryptokiObject* nssToken_ImportTrust ( NSSToken *  tok,
nssSession *  sessionOpt,
NSSDER certEncoding,
NSSDER certIssuer,
NSSDER certSerial,
nssTrustLevel  serverAuth,
nssTrustLevel  clientAuth,
nssTrustLevel  codeSigning,
nssTrustLevel  emailProtection,
PRBool  stepUpApproved,
PRBool  asTokenObject 
)

Definition at line 1042 of file devtoken.c.

{
    nssCryptokiObject *object;
    CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST;
    CK_TRUST ckSA, ckCA, ckCS, ckEP;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE trust_tmpl[11];
    CK_ULONG tsize;
    PRUint8 sha1[20]; /* this is cheating... */
    PRUint8 md5[16];
    NSSItem sha1_result, md5_result;
    sha1_result.data = sha1; sha1_result.size = sizeof sha1;
    md5_result.data = md5; md5_result.size = sizeof md5;
    sha1_hash(certEncoding, &sha1_result);
    md5_hash(certEncoding, &md5_result);
    ckSA = get_ck_trust(serverAuth);
    ckCA = get_ck_trust(clientAuth);
    ckCS = get_ck_trust(codeSigning);
    ckEP = get_ck_trust(emailProtection);
    NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize);
    if (asTokenObject) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    } else {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    }
    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS,           tobjc);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,          certIssuer);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER,   certSerial);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result);
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH,  &md5_result);
    /* now set the trust values */
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH,      ckSA);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH,      ckCA);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING,     ckCS);
    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, ckEP);
    if (stepUpApproved) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, 
                                 &g_ck_true);
    } else {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, 
                                 &g_ck_false);
    }
    NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize);
    /* import the trust object onto the token */
    object = import_object(tok, sessionOpt, trust_tmpl, tsize);
    if (object && tok->cache) {
       nssTokenObjectCache_ImportObject(tok->cache, object, tobjc,
                                        trust_tmpl, tsize);
    }
    return object;
}

Here is the caller graph for this function:

NSS_EXTERN PRBool nssToken_IsPresent ( NSSToken *  token)

Definition at line 1471 of file devtoken.c.

{
    return nssSlot_IsTokenPresent(token->slot);
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_EXTERN PRBool nssToken_IsPrivateKeyAvailable ( NSSToken *  token,
NSSCertificate *  c,
nssCryptokiObject *  instance 
)

Definition at line 1588 of file devtoken.c.

{
    CK_OBJECT_CLASS theClass;

    if (token == NULL) return PR_FALSE;
    if (c == NULL) return PR_FALSE;

    theClass = CKO_PRIVATE_KEY;
    if (!nssSlot_IsLoggedIn(token->slot)) {
       theClass = CKO_PUBLIC_KEY;
    }
    if (PK11_MatchItem(token->pk11slot, instance->handle, theClass) 
                                          != CK_INVALID_HANDLE) {
       return PR_TRUE;
    }
    return PR_FALSE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 157 of file devtoken.c.

{
    return (!(token->ckFlags & CKF_USER_PIN_INITIALIZED));
}

Definition at line 306 of file dev3hack.c.

{
    return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_EXTERN PRStatus nssToken_TraverseCertificates ( NSSToken *  token,
nssSession *  sessionOpt,
nssTokenSearchType  searchType,
PRStatus(*)(nssCryptokiObject *instance, void *arg callback,
void arg 
)

Definition at line 1488 of file devtoken.c.

{
    CK_RV ckrv;
    CK_ULONG count;
    CK_OBJECT_HANDLE *objectHandles;
    CK_ATTRIBUTE_PTR attr;
    CK_ATTRIBUTE cert_template[2];
    CK_ULONG ctsize;
    NSSArena *arena;
    PRStatus status;
    PRUint32 arraySize, numHandles;
    nssCryptokiObject **objects;
    void *epv = nssToken_GetCryptokiEPV(token);
    nssSession *session = (sessionOpt) ? sessionOpt : token->defaultSession;

    /* template for all certs */
    NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
    if (searchType == nssTokenSearchType_SessionOnly) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
    } else if (searchType == nssTokenSearchType_TokenOnly ||
               searchType == nssTokenSearchType_TokenForced) {
       NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
    }
    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
    NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);

    /* the arena is only for the array of object handles */
    arena = nssArena_Create();
    if (!arena) {
       return PR_FAILURE;
    }
    arraySize = OBJECT_STACK_SIZE;
    numHandles = 0;
    objectHandles = nss_ZNEWARRAY(arena, CK_OBJECT_HANDLE, arraySize);
    if (!objectHandles) {
       goto loser;
    }
    nssSession_EnterMonitor(session); /* ==== session lock === */
    /* Initialize the find with the template */
    ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle, 
                                         cert_template, ctsize);
    if (ckrv != CKR_OK) {
       nssSession_ExitMonitor(session);
       goto loser;
    }
    while (PR_TRUE) {
       /* Issue the find for up to arraySize - numHandles objects */
       ckrv = CKAPI(epv)->C_FindObjects(session->handle, 
                                        objectHandles + numHandles, 
                                        arraySize - numHandles, 
                                        &count);
       if (ckrv != CKR_OK) {
           nssSession_ExitMonitor(session);
           goto loser;
       }
       /* bump the number of found objects */
       numHandles += count;
       if (numHandles < arraySize) {
           break;
       }
       /* the array is filled, double it and continue */
       arraySize *= 2;
       objectHandles = nss_ZREALLOCARRAY(objectHandles, 
                                         CK_OBJECT_HANDLE, 
                                         arraySize);
       if (!objectHandles) {
           nssSession_ExitMonitor(session);
           goto loser;
       }
    }
    ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle);
    nssSession_ExitMonitor(session); /* ==== end session lock === */
    if (ckrv != CKR_OK) {
       goto loser;
    }
    if (numHandles > 0) {
       objects = create_objects_from_handles(token, session,
                                             objectHandles, numHandles);
       if (objects) {
           nssCryptokiObject **op;
           for (op = objects; *op; op++) {
              status = (*callback)(*op, arg);
           }
           nss_ZFreeIf(objects);
       }
    }
    nssArena_Destroy(arena);
    return PR_SUCCESS;
loser:
    nssArena_Destroy(arena);
    return PR_FAILURE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_EXTERN void nssTokenArray_Destroy ( NSSToken **  tokens)

Definition at line 184 of file devutil.c.

{
    if (tokens) {
       NSSToken **tokenp;
       for (tokenp = tokens; *tokenp; tokenp++) {
           nssToken_Destroy(*tokenp);
       }
       nss_ZFreeIf(tokens);
    }
}

Here is the caller graph for this function:


Variable Documentation

Definition at line 363 of file dev.h.

Definition at line 364 of file dev.h.