Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions
pki3hack.h File Reference
#include "nssdevt.h"
#include "devt.h"
#include "nsspkit.h"
#include "base.h"
#include "cert.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define NSSITEM_FROM_SECITEM(nssit, secit)
#define SECITEM_FROM_NSSITEM(secit, nssit)

Functions

NSS_EXTERN NSSTrustDomain * STAN_GetDefaultTrustDomain ()
NSS_EXTERN NSSCryptoContext * STAN_GetDefaultCryptoContext ()
NSS_EXTERN PRStatus STAN_InitTokenForSlotInfo (NSSTrustDomain *td, PK11SlotInfo *slot)
NSS_EXTERN PRStatus STAN_ResetTokenInterator (NSSTrustDomain *td)
NSS_EXTERN PRStatus STAN_LoadDefaultNSS3TrustDomain (void)
NSS_EXTERN PRStatus STAN_Shutdown ()
NSS_EXTERN SECStatus STAN_AddModuleToDefaultTrustDomain (SECMODModule *module)
NSS_EXTERN SECStatus STAN_RemoveModuleFromDefaultTrustDomain (SECMODModule *module)
NSS_EXTERN CERTCertificate * STAN_ForceCERTCertificateUpdate (NSSCertificate *c)
NSS_EXTERN CERTCertificate * STAN_GetCERTCertificate (NSSCertificate *c)
NSS_EXTERN CERTCertificate * STAN_GetCERTCertificateOrRelease (NSSCertificate *c)
NSS_EXTERN NSSCertificate * STAN_GetNSSCertificate (CERTCertificate *c)
NSS_EXTERN CERTCertTrust * nssTrust_GetCERTCertTrustForCert (NSSCertificate *c, CERTCertificate *cc)
NSS_EXTERN PRStatus STAN_ChangeCertTrust (CERTCertificate *cc, CERTCertTrust *trust)
NSS_EXTERN PRStatus nssPKIX509_GetIssuerAndSerialFromDER (NSSDER *der, NSSArena *arena, NSSDER *issuer, NSSDER *serial)
NSS_EXTERN char * STAN_GetCERTCertificateName (PLArenaPool *arenaOpt, NSSCertificate *c)
NSS_EXTERN char * STAN_GetCERTCertificateNameForInstance (PLArenaPool *arenaOpt, NSSCertificate *c, nssCryptokiInstance *instance)
NSS_EXTERN NSSCertificate * NSSCertificate_Create (NSSArena *arenaOpt)
NSS_EXTERN NSSCertificate * nssTrustDomain_FindBestCertificateByNicknameForToken (NSSTrustDomain *td, NSSToken *token, NSSUTF8 *name, NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt)
NSS_EXTERN NSSCertificate ** nssTrustDomain_FindCertificatesByNicknameForToken (NSSTrustDomain *td, NSSToken *token, NSSUTF8 *name, NSSCertificate *rvOpt[], PRUint32 maximumOpt, NSSArena *arenaOpt)
NSS_EXTERN PRStatus nssTrustDomain_TraverseCertificatesBySubject (NSSTrustDomain *td, NSSDER *subject, PRStatus(*callback)(NSSCertificate *c, void *arg), void *arg)
NSS_EXTERN PRStatus nssTrustDomain_TraverseCertificatesByNickname (NSSTrustDomain *td, NSSUTF8 *nickname, PRStatus(*callback)(NSSCertificate *c, void *arg), void *arg)
NSS_EXTERN PRStatus nssTrustDomain_TraverseCertificates (NSSTrustDomain *td, PRStatus(*callback)(NSSCertificate *c, void *arg), void *arg)
NSS_EXTERN PRStatus nssTrustDomain_AddTempCertToPerm (NSSCertificate *c)

Define Documentation

#define NSSITEM_FROM_SECITEM (   nssit,
  secit 
)
Value:
(nssit)->data = (void *)(secit)->data;  \
    (nssit)->size = (PRUint32)(secit)->len;

Definition at line 62 of file pki3hack.h.

#define SECITEM_FROM_NSSITEM (   secit,
  nssit 
)
Value:
(secit)->data = (unsigned char *)(nssit)->data; \
    (secit)->len  = (unsigned int)(nssit)->size;

Definition at line 66 of file pki3hack.h.


Function Documentation

NSS_EXTERN NSSCertificate* NSSCertificate_Create ( NSSArena *  arenaOpt)
NSS_EXTERN PRStatus nssPKIX509_GetIssuerAndSerialFromDER ( NSSDER der,
NSSArena *  arena,
NSSDER issuer,
NSSDER serial 
)

Definition at line 272 of file pki3hack.c.

{
    SECStatus secrv;
    SECItem derCert;
    SECItem derIssuer = { 0 };
    SECItem derSerial = { 0 };
    SECITEM_FROM_NSSITEM(&derCert, der);
    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
    if (secrv != SECSuccess) {
       return PR_FAILURE;
    }
    (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data);
    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
    if (secrv != SECSuccess) {
       PORT_Free(derSerial.data);
       return PR_FAILURE;
    }
    (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data);
    PORT_Free(derSerial.data);
    PORT_Free(derIssuer.data);
    return PR_SUCCESS;
}
NSS_EXTERN CERTCertTrust* nssTrust_GetCERTCertTrustForCert ( NSSCertificate *  c,
CERTCertificate *  cc 
)

Definition at line 602 of file pki3hack.c.

{
    CERTCertTrust *rvTrust = NULL;
    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
    NSSTrust *t;
    t = nssTrustDomain_FindTrustForCertificate(td, c);
    if (t) {
       rvTrust = cert_trust_from_stan_trust(t, cc->arena);
       if (!rvTrust) {
           nssTrust_Destroy(t);
           return NULL;
       }
       nssTrust_Destroy(t);
    } else {
       rvTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust));
       if (!rvTrust) {
           return NULL;
       }
       memset(rvTrust, 0, sizeof(*rvTrust));
    }
    if (NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL)) {
       rvTrust->sslFlags |= CERTDB_USER;
       rvTrust->emailFlags |= CERTDB_USER;
       rvTrust->objectSigningFlags |= CERTDB_USER;
    }
    return rvTrust;
}
NSS_EXTERN NSSCertificate* nssTrustDomain_FindBestCertificateByNicknameForToken ( NSSTrustDomain *  td,
NSSToken *  token,
NSSUTF8 name,
NSSTime *  timeOpt,
NSSUsage *  usage,
NSSPolicies *  policiesOpt 
)
NSS_EXTERN NSSCertificate** nssTrustDomain_FindCertificatesByNicknameForToken ( NSSTrustDomain *  td,
NSSToken *  token,
NSSUTF8 name,
NSSCertificate *  rvOpt[],
PRUint32  maximumOpt,
NSSArena *  arenaOpt 
)
NSS_EXTERN PRStatus nssTrustDomain_TraverseCertificates ( NSSTrustDomain *  td,
PRStatus(*)(NSSCertificate *c, void *arg callback,
void arg 
)
NSS_EXTERN PRStatus nssTrustDomain_TraverseCertificatesByNickname ( NSSTrustDomain *  td,
NSSUTF8 nickname,
PRStatus(*)(NSSCertificate *c, void *arg callback,
void arg 
)

Definition at line 1226 of file pki3hack.c.

{
    PRStatus nssrv = PR_SUCCESS;
    NSSArena *tmpArena;
    NSSCertificate **nickCerts;
    NSSCertificate *c;
    PRIntn i;
    tmpArena = NSSArena_Create();
    if (!tmpArena) {
        return PR_FAILURE;
    }
    nickCerts = NSSTrustDomain_FindCertificatesByNickname(td, nickname, NULL,
                                                          0, tmpArena);
    if (nickCerts) {
       for (i=0, c = nickCerts[i]; c; i++) {
           nssrv = callback(c, arg);
           if (nssrv != PR_SUCCESS) break;
       }
    }
    nssArena_Destroy(tmpArena);
    return nssrv;
}
NSS_EXTERN PRStatus nssTrustDomain_TraverseCertificatesBySubject ( NSSTrustDomain *  td,
NSSDER subject,
PRStatus(*)(NSSCertificate *c, void *arg callback,
void arg 
)

Definition at line 1196 of file pki3hack.c.

{
    PRStatus nssrv = PR_SUCCESS;
    NSSArena *tmpArena;
    NSSCertificate **subjectCerts;
    NSSCertificate *c;
    PRIntn i;
    tmpArena = NSSArena_Create();
    if (!tmpArena) {
        return PR_FAILURE;
    }
    subjectCerts = NSSTrustDomain_FindCertificatesBySubject(td, subject, NULL,
                                                            0, tmpArena);
    if (subjectCerts) {
       for (i=0, c = subjectCerts[i]; c; i++) {
           nssrv = callback(c, arg);
           if (nssrv != PR_SUCCESS) break;
       }
    }
    nssArena_Destroy(tmpArena);
    return nssrv;
}

Definition at line 182 of file pki3hack.c.

{
    NSSTrustDomain *td;
    int i;
    td = STAN_GetDefaultTrustDomain();
    for (i=0; i<module->slotCount; i++) {
       STAN_InitTokenForSlotInfo(td, module->slots[i]);
    }
    STAN_ResetTokenInterator(td);
    return SECSuccess;
}
NSS_EXTERN PRStatus STAN_ChangeCertTrust ( CERTCertificate *  cc,
CERTCertTrust *  trust 
)

Definition at line 1037 of file pki3hack.c.

{
    PRStatus nssrv;
    NSSCertificate *c = STAN_GetNSSCertificate(cc);
    NSSToken *tok;
    NSSTrustDomain *td;
    NSSTrust *nssTrust;
    NSSArena *arena;
    CERTCertTrust *oldTrust;
    nssListIterator *tokens;
    PRBool moving_object;
    nssCryptokiObject *newInstance;
    nssPKIObject *pkiob;
    oldTrust = nssTrust_GetCERTCertTrustForCert(c, cc);
    if (oldTrust) {
       if (memcmp(oldTrust, trust, sizeof (CERTCertTrust)) == 0) {
           /* ... and the new trust is no different, done) */
           return PR_SUCCESS;
       } else {
           /* take over memory already allocated in cc's arena */
           cc->trust = oldTrust;
       }
    } else {
       cc->trust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust));
    }
    memcpy(cc->trust, trust, sizeof(CERTCertTrust));
    /* Set the NSSCerticate's trust */
    arena = nssArena_Create();
    if (!arena) return PR_FAILURE;
    nssTrust = nss_ZNEW(arena, NSSTrust);
    pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKILock);
    if (!pkiob) {
       nssArena_Destroy(arena);
       return PR_FAILURE;
    }
    nssTrust->object = *pkiob;
    nssTrust->certificate = c;
    nssTrust->serverAuth = get_stan_trust(trust->sslFlags, PR_FALSE);
    nssTrust->clientAuth = get_stan_trust(trust->sslFlags, PR_TRUE);
    nssTrust->emailProtection = get_stan_trust(trust->emailFlags, PR_FALSE);
    nssTrust->codeSigning = get_stan_trust(trust->objectSigningFlags, PR_FALSE);
    nssTrust->stepUpApproved = 
                    (PRBool)(trust->sslFlags & CERTDB_GOVT_APPROVED_CA);
    if (c->object.cryptoContext != NULL) {
       /* The cert is in a context, set the trust there */
       NSSCryptoContext *cc = c->object.cryptoContext;
       nssrv = nssCryptoContext_ImportTrust(cc, nssTrust);
       if (nssrv != PR_SUCCESS) {
           goto done;
       }
       if (c->object.numInstances == 0) {
           /* The context is the only instance, finished */
           goto done;
       }
    }
    td = STAN_GetDefaultTrustDomain();
    tok = stan_GetTrustToken(c);
    moving_object = PR_FALSE;
    if (tok && PK11_IsReadOnly(tok->pk11slot))  {
       NSSRWLock_LockRead(td->tokensLock);
       tokens = nssList_CreateIterator(td->tokenList);
       if (!tokens) {
           nssrv = PR_FAILURE;
           NSSRWLock_UnlockRead(td->tokensLock);
           goto done;
       }
       for (tok  = (NSSToken *)nssListIterator_Start(tokens);
            tok != (NSSToken *)NULL;
            tok  = (NSSToken *)nssListIterator_Next(tokens))
       {
           if (!PK11_IsReadOnly(tok->pk11slot)) break;
       }
       nssListIterator_Finish(tokens);
       nssListIterator_Destroy(tokens);
       NSSRWLock_UnlockRead(td->tokensLock);
       moving_object = PR_TRUE;
    } 
    if (tok) {
       if (moving_object) {
           /* this is kind of hacky.  the softoken needs the cert
            * object in order to store trust.  forcing it to be perm
            */
           NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
           NSSASCII7 *email = NULL;

           if (PK11_IsInternal(tok->pk11slot)) {
              email = c->email;
           }
           newInstance = nssToken_ImportCertificate(tok, NULL,
                                                    NSSCertificateType_PKIX,
                                                    &c->id,
                                                    nickname,
                                                    &c->encoding,
                                                    &c->issuer,
                                                    &c->subject,
                                                    &c->serial,
                                               email,
                                                    PR_TRUE);
           if (!newInstance) {
              nssrv = PR_FAILURE;
              goto done;
           }
           nssPKIObject_AddInstance(&c->object, newInstance);
       }
       newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding,
                                          &c->issuer, &c->serial,
                                          nssTrust->serverAuth,
                                          nssTrust->clientAuth,
                                          nssTrust->codeSigning,
                                          nssTrust->emailProtection,
                                          nssTrust->stepUpApproved, PR_TRUE);
       /* If the selected token can't handle trust, dump the trust on 
        * the internal token */
       if (!newInstance && !PK11_IsInternal(tok->pk11slot)) {
           PK11SlotInfo *slot = PK11_GetInternalKeySlot();
           NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
           NSSASCII7 *email = c->email;
           tok = PK11Slot_GetNSSToken(slot);
           PK11_FreeSlot(slot);
       
           newInstance = nssToken_ImportCertificate(tok, NULL,
                                                    NSSCertificateType_PKIX,
                                                    &c->id,
                                                    nickname,
                                                    &c->encoding,
                                                    &c->issuer,
                                                    &c->subject,
                                                    &c->serial,
                                               email,
                                                    PR_TRUE);
           if (!newInstance) {
              nssrv = PR_FAILURE;
              goto done;
           }
           nssPKIObject_AddInstance(&c->object, newInstance);
           newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding,
                                          &c->issuer, &c->serial,
                                          nssTrust->serverAuth,
                                          nssTrust->clientAuth,
                                          nssTrust->codeSigning,
                                          nssTrust->emailProtection,
                                          nssTrust->stepUpApproved, PR_TRUE);
       }
       if (newInstance) {
           nssCryptokiObject_Destroy(newInstance);
           nssrv = PR_SUCCESS;
       } else {
           nssrv = PR_FAILURE;
       }
    } else {
       nssrv = PR_FAILURE;
    }
done:
    (void)nssTrust_Destroy(nssTrust);
    return nssrv;
}
NSS_EXTERN CERTCertificate* STAN_ForceCERTCertificateUpdate ( NSSCertificate *  c)

Definition at line 867 of file pki3hack.c.

{
    if (c->decoding) {
       return stan_GetCERTCertificate(c, PR_TRUE);
    }
    return NULL;
}
NSS_EXTERN CERTCertificate* STAN_GetCERTCertificate ( NSSCertificate *  c)

Definition at line 876 of file pki3hack.c.

NSS_EXTERN char* STAN_GetCERTCertificateName ( PLArenaPool arenaOpt,
NSSCertificate *  c 
)

Definition at line 707 of file pki3hack.c.

{
    char * result;
    nssCryptokiInstance *instance = get_cert_instance(c);
    /* It's OK to call this function, even if instance is NULL */
    result = STAN_GetCERTCertificateNameForInstance(arenaOpt, c, instance);
    if (instance)
       nssCryptokiObject_Destroy(instance);
    return result;
}
NSS_EXTERN char* STAN_GetCERTCertificateNameForInstance ( PLArenaPool arenaOpt,
NSSCertificate *  c,
nssCryptokiInstance *  instance 
)

Definition at line 659 of file pki3hack.c.

{
    NSSCryptoContext *context = c->object.cryptoContext;
    PRStatus nssrv;
    int nicklen, tokenlen, len;
    NSSUTF8 *tokenName = NULL;
    NSSUTF8 *stanNick = NULL;
    char *nickname = NULL;
    char *nick;

    if (instance) {
       stanNick = instance->label;
    } else if (context) {
       stanNick = c->object.tempName;
    }
    if (stanNick) {
       /* fill other fields needed by NSS3 functions using CERTCertificate */
       if (instance && !PK11_IsInternal(instance->token->pk11slot)) {
           tokenName = nssToken_GetName(instance->token);
           tokenlen = nssUTF8_Size(tokenName, &nssrv);
       } else {
       /* don't use token name for internal slot; 3.3 didn't */
           tokenlen = 0;
       }
       nicklen = nssUTF8_Size(stanNick, &nssrv);
       len = tokenlen + nicklen;
       if (arenaOpt) {
           nickname = PORT_ArenaAlloc(arenaOpt, len);
       } else {
           nickname = PORT_Alloc(len);
       }
       nick = nickname;
       if (tokenName) {
           memcpy(nick, tokenName, tokenlen-1);
           nick += tokenlen-1;
           *nick++ = ':';
       }
       memcpy(nick, stanNick, nicklen-1);
       nickname[len-1] = '\0';
    }
    return nickname;
}
NSS_EXTERN CERTCertificate* STAN_GetCERTCertificateOrRelease ( NSSCertificate *  c)

Definition at line 889 of file pki3hack.c.

{
    CERTCertificate *nss3cert = stan_GetCERTCertificate(c, PR_FALSE);
    if (!nss3cert) {
       nssCertificate_Destroy(c);
    }
    return nss3cert;
}

Definition at line 89 of file pki3hack.c.

Definition at line 83 of file pki3hack.c.

NSS_EXTERN NSSCertificate* STAN_GetNSSCertificate ( CERTCertificate *  c)

Definition at line 923 of file pki3hack.c.

{
    NSSCertificate *c;
    nssCryptokiInstance *instance;
    nssPKIObject *pkiob;
    NSSArena *arena;
    c = cc->nssCertificate;
    if (c) {
       return c;
    }
    /* i don't think this should happen.  but if it can, need to create
     * NSSCertificate from CERTCertificate values here.  */
    /* Yup, it can happen. */
    arena = NSSArena_Create();
    if (!arena) {
       return NULL;
    }
    c = nss_ZNEW(arena, NSSCertificate);
    if (!c) {
       nssArena_Destroy(arena);
       return NULL;
    }
    NSSITEM_FROM_SECITEM(&c->encoding, &cc->derCert);
    c->type = NSSCertificateType_PKIX;
    pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKIMonitor);
    if (!pkiob) {
       nssArena_Destroy(arena);
       return NULL;
    }
    c->object = *pkiob;
    nssItem_Create(arena,
                   &c->issuer, cc->derIssuer.len, cc->derIssuer.data);
    nssItem_Create(arena,
                   &c->subject, cc->derSubject.len, cc->derSubject.data);
    if (PR_TRUE) {
       /* CERTCertificate stores serial numbers decoded.  I need the DER
       * here.  sigh.
       */
       SECItem derSerial;
       SECStatus secrv;
       secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
       if (secrv == SECFailure) {
           nssArena_Destroy(arena);
           return NULL;
       }
       nssItem_Create(arena, &c->serial, derSerial.len, derSerial.data);
       PORT_Free(derSerial.data);
    }
    if (cc->emailAddr && cc->emailAddr[0]) {
        c->email = nssUTF8_Create(arena,
                                  nssStringType_PrintableString,
                                  (NSSUTF8 *)cc->emailAddr,
                                  PORT_Strlen(cc->emailAddr));
    }
    if (cc->slot) {
       instance = nss_ZNEW(arena, nssCryptokiInstance);
       instance->token = nssToken_AddRef(PK11Slot_GetNSSToken(cc->slot));
       instance->handle = cc->pkcs11ID;
       instance->isTokenObject = PR_TRUE;
       if (cc->nickname) {
           instance->label = nssUTF8_Create(arena,
                                            nssStringType_UTF8String,
                                            (NSSUTF8 *)cc->nickname,
                                            PORT_Strlen(cc->nickname));
       }
       nssPKIObject_AddInstance(&c->object, instance);
    }
    c->decoding = create_decoded_pkix_cert_from_nss3cert(NULL, cc);
    cc->nssCertificate = c;
    return c;
}
NSS_EXTERN PRStatus STAN_InitTokenForSlotInfo ( NSSTrustDomain *  td,
PK11SlotInfo *  slot 
)

Definition at line 98 of file pki3hack.c.

{
    NSSToken *token;
    if (!td) {
       td = g_default_trust_domain;
    }
    token = nssToken_CreateFromPK11SlotInfo(td, slot);
    PK11Slot_SetNSSToken(slot, token);
    NSSRWLock_LockWrite(td->tokensLock);
    nssList_Add(td->tokenList, token);
    NSSRWLock_UnlockWrite(td->tokensLock);
    return PR_SUCCESS;
}

Definition at line 126 of file pki3hack.c.

{
    NSSTrustDomain *td;
    SECMODModuleList *mlp;
    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
    int i;

    if (g_default_trust_domain || g_default_crypto_context) {
       /* Stan is already initialized or a previous shutdown failed. */
       nss_SetError(NSS_ERROR_ALREADY_INITIALIZED);
       return PR_FAILURE;
    }
    td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL);
    if (!td) {
       return PR_FAILURE;
    }
    /*
     * Deadlock warning: we should never acquire the moduleLock while
     * we hold the tokensLock. We can use the NSSRWLock Rank feature to
     * guarrentee this. tokensLock have a higher rank than module lock.
     */
    td->tokenList = nssList_Create(td->arena, PR_TRUE);
    if (!td->tokenList) {
       goto loser;
    }
    SECMOD_GetReadLock(moduleLock);
    NSSRWLock_LockWrite(td->tokensLock);
    for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp=mlp->next) {
       for (i=0; i < mlp->module->slotCount; i++) {
           STAN_InitTokenForSlotInfo(td, mlp->module->slots[i]);
       }
    }
    td->tokens = nssList_CreateIterator(td->tokenList);
    NSSRWLock_UnlockWrite(td->tokensLock);
    SECMOD_ReleaseReadLock(moduleLock);
    if (!td->tokens) {
       goto loser;
    }
    g_default_crypto_context = NSSTrustDomain_CreateCryptoContext(td, NULL);
    if (!g_default_crypto_context) {
       goto loser;
    }
    g_default_trust_domain = td;
    return PR_SUCCESS;

  loser:
    NSSTrustDomain_Destroy(td);
    return PR_FAILURE;
}

Definition at line 200 of file pki3hack.c.

{
    NSSToken *token;
    NSSTrustDomain *td;
    int i;
    td = STAN_GetDefaultTrustDomain();
    NSSRWLock_LockWrite(td->tokensLock);
    for (i=0; i<module->slotCount; i++) {
       token = PK11Slot_GetNSSToken(module->slots[i]);
       if (token) {
           nssToken_NotifyCertsNotVisible(token);
           nssList_Remove(td->tokenList, token);
           PK11Slot_SetNSSToken(module->slots[i], NULL);
           nssToken_Destroy(token);
       }
    }
    nssListIterator_Destroy(td->tokens);
    td->tokens = nssList_CreateIterator(td->tokenList);
    NSSRWLock_UnlockWrite(td->tokensLock);
    return SECSuccess;
}
NSS_EXTERN PRStatus STAN_ResetTokenInterator ( NSSTrustDomain *  td)

Definition at line 113 of file pki3hack.c.

{
    if (!td) {
       td = g_default_trust_domain;
    }
    NSSRWLock_LockWrite(td->tokensLock);
    nssListIterator_Destroy(td->tokens);
    td->tokens = nssList_CreateIterator(td->tokenList);
    NSSRWLock_UnlockWrite(td->tokensLock);
    return PR_SUCCESS;
}