Back to index

lightning-sunbird  0.9+nobinonly
trustdomain.c
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifdef DEBUG
00038 static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.51.28.4 $ $Date: 2007/11/21 18:22:11 $";
00039 #endif /* DEBUG */
00040 
00041 #ifndef DEV_H
00042 #include "dev.h"
00043 #endif /* DEV_H */
00044 
00045 #ifndef PKIM_H
00046 #include "pkim.h"
00047 #endif /* PKIM_H */
00048 
00049 #ifndef PKI1T_H
00050 #include "pki1t.h"
00051 #endif /* PKI1T_H */
00052 
00053 #include "cert.h"
00054 #include "pki3hack.h"
00055 
00056 #include "nssrwlk.h"
00057 
00058 #define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
00059 
00060 extern const NSSError NSS_ERROR_NOT_FOUND;
00061 
00062 typedef PRUint32 nssUpdateLevel;
00063 
00064 NSS_IMPLEMENT NSSTrustDomain *
00065 NSSTrustDomain_Create (
00066   NSSUTF8 *moduleOpt,
00067   NSSUTF8 *uriOpt,
00068   NSSUTF8 *opaqueOpt,
00069   void *reserved
00070 )
00071 {
00072     NSSArena *arena;
00073     NSSTrustDomain *rvTD;
00074     arena = NSSArena_Create();
00075     if(!arena) {
00076        return (NSSTrustDomain *)NULL;
00077     }
00078     rvTD = nss_ZNEW(arena, NSSTrustDomain);
00079     if (!rvTD) {
00080        goto loser;
00081     }
00082     /* protect the token list and the token iterator */
00083     rvTD->tokensLock = NSSRWLock_New(100, "tokens");
00084     if (!rvTD->tokensLock) {
00085        goto loser;
00086     }
00087     nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
00088     rvTD->arena = arena;
00089     rvTD->refCount = 1;
00090     rvTD->statusConfig = NULL;
00091     return rvTD;
00092 loser:
00093     if (rvTD && rvTD->tokensLock) {
00094        NSSRWLock_Destroy(rvTD->tokensLock);
00095     }
00096     nssArena_Destroy(arena);
00097     return (NSSTrustDomain *)NULL;
00098 }
00099 
00100 static void
00101 token_destructor(void *t)
00102 {
00103     NSSToken *tok = (NSSToken *)t;
00104     /* in 3.4, also destroy the slot (managed separately) */
00105     (void)nssSlot_Destroy(tok->slot);
00106     nssToken_Destroy(tok);
00107 }
00108 
00109 NSS_IMPLEMENT PRStatus
00110 NSSTrustDomain_Destroy (
00111   NSSTrustDomain *td
00112 )
00113 {
00114     PRStatus status = PR_SUCCESS;
00115     if (--td->refCount == 0) {
00116        /* Destroy each token in the list of tokens */
00117        if (td->tokens) {
00118            nssListIterator_Destroy(td->tokens);
00119            td->tokens = NULL;
00120        }
00121        if (td->tokenList) {
00122            nssList_Clear(td->tokenList, token_destructor);
00123            nssList_Destroy(td->tokenList);
00124            td->tokenList = NULL;
00125        }
00126        NSSRWLock_Destroy(td->tokensLock);
00127        td->tokensLock = NULL;
00128        status = nssTrustDomain_DestroyCache(td);
00129        if (status == PR_FAILURE) {
00130            return status;
00131        }
00132        /* Destroy the trust domain */
00133        nssArena_Destroy(td->arena);
00134     }
00135     return status;
00136 }
00137 
00138 /* XXX uses tokens until slot list is in place */
00139 static NSSSlot **
00140 nssTrustDomain_GetActiveSlots (
00141   NSSTrustDomain *td,
00142   nssUpdateLevel *updateLevel
00143 )
00144 {
00145     PRUint32 count;
00146     NSSSlot **slots = NULL;
00147     NSSToken **tp, **tokens;
00148     *updateLevel = 1;
00149     NSSRWLock_LockRead(td->tokensLock);
00150     count = nssList_Count(td->tokenList);
00151     tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
00152     if (!tokens) {
00153        NSSRWLock_UnlockRead(td->tokensLock);
00154        return NULL;
00155     }
00156     slots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
00157     if (!slots) {
00158        NSSRWLock_UnlockRead(td->tokensLock);
00159        nss_ZFreeIf(tokens);
00160        return NULL;
00161     }
00162     nssList_GetArray(td->tokenList, (void **)tokens, count);
00163     NSSRWLock_UnlockRead(td->tokensLock);
00164     count = 0;
00165     for (tp = tokens; *tp; tp++) {
00166        slots[count++] = nssToken_GetSlot(*tp);
00167     }
00168     nss_ZFreeIf(tokens);
00169     return slots;
00170 }
00171 
00172 /* XXX */
00173 static nssSession *
00174 nssTrustDomain_GetSessionForToken (
00175   NSSTrustDomain *td,
00176   NSSToken *token
00177 )
00178 {
00179     return nssToken_GetDefaultSession(token);
00180 }
00181 
00182 NSS_IMPLEMENT PRStatus
00183 NSSTrustDomain_SetDefaultCallback (
00184   NSSTrustDomain *td,
00185   NSSCallback *newCallback,
00186   NSSCallback **oldCallbackOpt
00187 )
00188 {
00189     if (oldCallbackOpt) {
00190        *oldCallbackOpt = td->defaultCallback;
00191     }
00192     td->defaultCallback = newCallback;
00193     return PR_SUCCESS;
00194 }
00195 
00196 NSS_IMPLEMENT NSSCallback *
00197 nssTrustDomain_GetDefaultCallback (
00198   NSSTrustDomain *td,
00199   PRStatus *statusOpt
00200 )
00201 {
00202     if (statusOpt) {
00203        *statusOpt = PR_SUCCESS;
00204     }
00205     return td->defaultCallback;
00206 }
00207 
00208 NSS_IMPLEMENT NSSCallback *
00209 NSSTrustDomain_GetDefaultCallback (
00210   NSSTrustDomain *td,
00211   PRStatus *statusOpt
00212 )
00213 {
00214     return nssTrustDomain_GetDefaultCallback(td, statusOpt);
00215 }
00216 
00217 NSS_IMPLEMENT PRStatus
00218 NSSTrustDomain_LoadModule (
00219   NSSTrustDomain *td,
00220   NSSUTF8 *moduleOpt,
00221   NSSUTF8 *uriOpt,
00222   NSSUTF8 *opaqueOpt,
00223   void *reserved
00224 )
00225 {
00226     return PR_FAILURE;
00227 }
00228 
00229 NSS_IMPLEMENT PRStatus
00230 NSSTrustDomain_DisableToken (
00231   NSSTrustDomain *td,
00232   NSSToken *token,
00233   NSSError why
00234 )
00235 {
00236     nss_SetError(NSS_ERROR_NOT_FOUND);
00237     return PR_FAILURE;
00238 }
00239 
00240 NSS_IMPLEMENT PRStatus
00241 NSSTrustDomain_EnableToken (
00242   NSSTrustDomain *td,
00243   NSSToken *token
00244 )
00245 {
00246     nss_SetError(NSS_ERROR_NOT_FOUND);
00247     return PR_FAILURE;
00248 }
00249 
00250 NSS_IMPLEMENT PRStatus
00251 NSSTrustDomain_IsTokenEnabled (
00252   NSSTrustDomain *td,
00253   NSSToken *token,
00254   NSSError *whyOpt
00255 )
00256 {
00257     nss_SetError(NSS_ERROR_NOT_FOUND);
00258     return PR_FAILURE;
00259 }
00260 
00261 NSS_IMPLEMENT NSSSlot *
00262 NSSTrustDomain_FindSlotByName (
00263   NSSTrustDomain *td,
00264   NSSUTF8 *slotName
00265 )
00266 {
00267     nss_SetError(NSS_ERROR_NOT_FOUND);
00268     return NULL;
00269 }
00270 
00271 NSS_IMPLEMENT NSSToken *
00272 NSSTrustDomain_FindTokenByName (
00273   NSSTrustDomain *td,
00274   NSSUTF8 *tokenName
00275 )
00276 {
00277     PRStatus nssrv;
00278     NSSUTF8 *myName;
00279     NSSToken *tok = NULL;
00280     NSSRWLock_LockRead(td->tokensLock);
00281     for (tok  = (NSSToken *)nssListIterator_Start(td->tokens);
00282          tok != (NSSToken *)NULL;
00283          tok  = (NSSToken *)nssListIterator_Next(td->tokens))
00284     {
00285        if (nssToken_IsPresent(tok)) {
00286            myName = nssToken_GetName(tok);
00287            if (nssUTF8_Equal(tokenName, myName, &nssrv)) break;
00288        }
00289     }
00290     nssListIterator_Finish(td->tokens);
00291     NSSRWLock_UnlockRead(td->tokensLock);
00292     return tok;
00293 }
00294 
00295 NSS_IMPLEMENT NSSToken *
00296 NSSTrustDomain_FindTokenBySlotName (
00297   NSSTrustDomain *td,
00298   NSSUTF8 *slotName
00299 )
00300 {
00301     nss_SetError(NSS_ERROR_NOT_FOUND);
00302     return NULL;
00303 }
00304 
00305 NSS_IMPLEMENT NSSToken *
00306 NSSTrustDomain_FindTokenForAlgorithm (
00307   NSSTrustDomain *td,
00308   NSSOID *algorithm
00309 )
00310 {
00311     nss_SetError(NSS_ERROR_NOT_FOUND);
00312     return NULL;
00313 }
00314 
00315 NSS_IMPLEMENT NSSToken *
00316 NSSTrustDomain_FindBestTokenForAlgorithms (
00317   NSSTrustDomain *td,
00318   NSSOID *algorithms[], /* may be null-terminated */
00319   PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
00320 )
00321 {
00322     nss_SetError(NSS_ERROR_NOT_FOUND);
00323     return NULL;
00324 }
00325 
00326 NSS_IMPLEMENT PRStatus
00327 NSSTrustDomain_Login (
00328   NSSTrustDomain *td,
00329   NSSCallback *uhhOpt
00330 )
00331 {
00332     nss_SetError(NSS_ERROR_NOT_FOUND);
00333     return PR_FAILURE;
00334 }
00335 
00336 NSS_IMPLEMENT PRStatus
00337 NSSTrustDomain_Logout (
00338   NSSTrustDomain *td
00339 )
00340 {
00341     nss_SetError(NSS_ERROR_NOT_FOUND);
00342     return PR_FAILURE;
00343 }
00344 
00345 NSS_IMPLEMENT NSSCertificate *
00346 NSSTrustDomain_ImportCertificate (
00347   NSSTrustDomain *td,
00348   NSSCertificate *c
00349 )
00350 {
00351     nss_SetError(NSS_ERROR_NOT_FOUND);
00352     return NULL;
00353 }
00354 
00355 NSS_IMPLEMENT NSSCertificate *
00356 NSSTrustDomain_ImportPKIXCertificate (
00357   NSSTrustDomain *td,
00358   /* declared as a struct until these "data types" are defined */
00359   struct NSSPKIXCertificateStr *pc
00360 )
00361 {
00362     nss_SetError(NSS_ERROR_NOT_FOUND);
00363     return NULL;
00364 }
00365 
00366 NSS_IMPLEMENT NSSCertificate *
00367 NSSTrustDomain_ImportEncodedCertificate (
00368   NSSTrustDomain *td,
00369   NSSBER *ber
00370 )
00371 {
00372     nss_SetError(NSS_ERROR_NOT_FOUND);
00373     return NULL;
00374 }
00375 
00376 NSS_IMPLEMENT NSSCertificate **
00377 NSSTrustDomain_ImportEncodedCertificateChain (
00378   NSSTrustDomain *td,
00379   NSSBER *ber,
00380   NSSCertificate *rvOpt[],
00381   PRUint32 maximumOpt, /* 0 for no max */
00382   NSSArena *arenaOpt
00383 )
00384 {
00385     nss_SetError(NSS_ERROR_NOT_FOUND);
00386     return NULL;
00387 }
00388 
00389 NSS_IMPLEMENT NSSPrivateKey *
00390 NSSTrustDomain_ImportEncodedPrivateKey (
00391   NSSTrustDomain *td,
00392   NSSBER *ber,
00393   NSSItem *passwordOpt, /* NULL will cause a callback */
00394   NSSCallback *uhhOpt,
00395   NSSToken *destination
00396 )
00397 {
00398     nss_SetError(NSS_ERROR_NOT_FOUND);
00399     return NULL;
00400 }
00401 
00402 NSS_IMPLEMENT NSSPublicKey *
00403 NSSTrustDomain_ImportEncodedPublicKey (
00404   NSSTrustDomain *td,
00405   NSSBER *ber
00406 )
00407 {
00408     nss_SetError(NSS_ERROR_NOT_FOUND);
00409     return NULL;
00410 }
00411 
00412 static NSSCertificate **
00413 get_certs_from_list(nssList *list)
00414 {
00415     PRUint32 count = nssList_Count(list);
00416     NSSCertificate **certs = NULL;
00417     if (count > 0) {
00418        certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
00419        if (certs) {
00420            nssList_GetArray(list, (void **)certs, count);
00421        }
00422     }
00423     return certs;
00424 }
00425 
00426 NSS_IMPLEMENT NSSCertificate **
00427 nssTrustDomain_FindCertificatesByNickname (
00428   NSSTrustDomain *td,
00429   NSSUTF8 *name,
00430   NSSCertificate *rvOpt[],
00431   PRUint32 maximumOpt, /* 0 for no max */
00432   NSSArena *arenaOpt
00433 )
00434 {
00435     PRStatus status;
00436     PRUint32 numRemaining;
00437     NSSToken *token = NULL;
00438     NSSSlot **slots = NULL;
00439     NSSSlot **slotp;
00440     NSSCertificate **rvCerts = NULL;
00441     nssPKIObjectCollection *collection = NULL;
00442     nssUpdateLevel updateLevel;
00443     nssList *nameList;
00444     /* First, grab from the cache */
00445     nameList = nssList_Create(NULL, PR_FALSE);
00446     if (!nameList) {
00447        return NULL;
00448     }
00449     (void)nssTrustDomain_GetCertsForNicknameFromCache(td, name, nameList);
00450     rvCerts = get_certs_from_list(nameList);
00451     /* initialize the collection of token certificates with the set of
00452      * cached certs (if any).
00453      */
00454     collection = nssCertificateCollection_Create(td, rvCerts);
00455     nssCertificateArray_Destroy(rvCerts);
00456     nssList_Destroy(nameList);
00457     if (!collection) {
00458        return (NSSCertificate **)NULL;
00459     }
00460     /* obtain the current set of active slots in the trust domain */
00461     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
00462     if (!slots) {
00463        goto loser;
00464     }
00465     /* iterate over the slots */
00466     numRemaining = maximumOpt;
00467     for (slotp = slots; *slotp; slotp++) {
00468        token = nssSlot_GetToken(*slotp);
00469        if (token) {
00470            nssSession *session;
00471            nssCryptokiObject **instances;
00472            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
00473            session = nssTrustDomain_GetSessionForToken(td, token);
00474            if (!session) {
00475               nssToken_Destroy(token);
00476               goto loser;
00477            }
00478            instances = nssToken_FindCertificatesByNickname(token,
00479                                                            session,
00480                                                            name,
00481                                                            tokenOnly,
00482                                                            numRemaining,
00483                                                            &status);
00484            nssToken_Destroy(token);
00485            if (status != PR_SUCCESS) {
00486               goto loser;
00487            }
00488            if (instances) {
00489               status = nssPKIObjectCollection_AddInstances(collection, 
00490                                                            instances, 0);
00491               nss_ZFreeIf(instances);
00492               if (status != PR_SUCCESS) {
00493                   goto loser;
00494               }
00495               if (maximumOpt > 0) {
00496                    PRUint32 count;
00497                    count = nssPKIObjectCollection_Count(collection);
00498                   numRemaining = maximumOpt - count;
00499                   if (numRemaining == 0) break;
00500               }
00501            }
00502        }
00503     }
00504     /* Grab the certs collected in the search. */
00505     rvCerts = nssPKIObjectCollection_GetCertificates(collection,
00506                                                      rvOpt, maximumOpt,
00507                                                      arenaOpt);
00508     /* clean up */
00509     nssPKIObjectCollection_Destroy(collection);
00510     nssSlotArray_Destroy(slots);
00511     return rvCerts;
00512 loser:
00513     if (slots) {
00514        nssSlotArray_Destroy(slots);
00515     }
00516     if (collection) {
00517        nssPKIObjectCollection_Destroy(collection);
00518     }
00519     return (NSSCertificate **)NULL;
00520 }
00521 
00522 NSS_IMPLEMENT NSSCertificate **
00523 NSSTrustDomain_FindCertificatesByNickname (
00524   NSSTrustDomain *td,
00525   NSSUTF8 *name,
00526   NSSCertificate *rvOpt[],
00527   PRUint32 maximumOpt, /* 0 for no max */
00528   NSSArena *arenaOpt
00529 )
00530 {
00531     return nssTrustDomain_FindCertificatesByNickname(td,
00532                                                      name,
00533                                                      rvOpt,
00534                                                      maximumOpt,
00535                                                      arenaOpt);
00536 }
00537 
00538 NSS_IMPLEMENT NSSCertificate *
00539 nssTrustDomain_FindBestCertificateByNickname (
00540   NSSTrustDomain *td,
00541   NSSUTF8 *name,
00542   NSSTime *timeOpt,
00543   NSSUsage *usage,
00544   NSSPolicies *policiesOpt
00545 )
00546 {
00547     NSSCertificate **nicknameCerts;
00548     NSSCertificate *rvCert = NULL;
00549     nicknameCerts = nssTrustDomain_FindCertificatesByNickname(td, name,
00550                                                               NULL,
00551                                                               0,
00552                                                               NULL);
00553     if (nicknameCerts) {
00554        rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts,
00555                                                          timeOpt,
00556                                                          usage,
00557                                                          policiesOpt);
00558        nssCertificateArray_Destroy(nicknameCerts);
00559     }
00560     return rvCert;
00561 }
00562 
00563 NSS_IMPLEMENT NSSCertificate *
00564 NSSTrustDomain_FindBestCertificateByNickname (
00565   NSSTrustDomain *td,
00566   NSSUTF8 *name,
00567   NSSTime *timeOpt,
00568   NSSUsage *usage,
00569   NSSPolicies *policiesOpt
00570 )
00571 {
00572     return nssTrustDomain_FindBestCertificateByNickname(td,
00573                                                         name,
00574                                                         timeOpt,
00575                                                         usage,
00576                                                         policiesOpt);
00577 }
00578 
00579 NSS_IMPLEMENT NSSCertificate **
00580 nssTrustDomain_FindCertificatesBySubject (
00581   NSSTrustDomain *td,
00582   NSSDER *subject,
00583   NSSCertificate *rvOpt[],
00584   PRUint32 maximumOpt,
00585   NSSArena *arenaOpt
00586 )
00587 {
00588     PRStatus status;
00589     PRUint32 numRemaining;
00590     NSSToken *token = NULL;
00591     NSSSlot **slots = NULL;
00592     NSSSlot **slotp;
00593     NSSCertificate **rvCerts = NULL;
00594     nssPKIObjectCollection *collection = NULL;
00595     nssUpdateLevel updateLevel;
00596     nssList *subjectList;
00597     /* look in cache */
00598     subjectList = nssList_Create(NULL, PR_FALSE);
00599     if (!subjectList) {
00600        return NULL;
00601     }
00602     (void)nssTrustDomain_GetCertsForSubjectFromCache(td, subject, subjectList);
00603     rvCerts = get_certs_from_list(subjectList);
00604     collection = nssCertificateCollection_Create(td, rvCerts);
00605     nssCertificateArray_Destroy(rvCerts);
00606     nssList_Destroy(subjectList);
00607     if (!collection) {
00608        return (NSSCertificate **)NULL;
00609     }
00610     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
00611     if (!slots) {
00612        goto loser;
00613     }
00614     numRemaining = maximumOpt;
00615     for (slotp = slots; *slotp; slotp++) {
00616        token = nssSlot_GetToken(*slotp);
00617        if (token) {
00618            nssSession *session;
00619            nssCryptokiObject **instances;
00620            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
00621            session = nssTrustDomain_GetSessionForToken(td, token);
00622            if (!session) {
00623               nssToken_Destroy(token);
00624               goto loser;
00625            }
00626            instances = nssToken_FindCertificatesBySubject(token,
00627                                                           session,
00628                                                           subject,
00629                                                           tokenOnly,
00630                                                           numRemaining,
00631                                                           &status);
00632            nssToken_Destroy(token);
00633            if (status != PR_SUCCESS) {
00634               goto loser;
00635            }
00636            if (instances) {
00637               status = nssPKIObjectCollection_AddInstances(collection, 
00638                                                            instances, 0);
00639               nss_ZFreeIf(instances);
00640               if (status != PR_SUCCESS) {
00641                   goto loser;
00642               }
00643               if (maximumOpt > 0) {
00644                   PRUint32 count;
00645                   count = nssPKIObjectCollection_Count(collection);
00646                   numRemaining = maximumOpt - count;
00647                   if (numRemaining == 0) break;
00648               }
00649            }
00650        }
00651     }
00652     rvCerts = nssPKIObjectCollection_GetCertificates(collection,
00653                                                      rvOpt, maximumOpt,
00654                                                      arenaOpt);
00655     nssPKIObjectCollection_Destroy(collection);
00656     nssSlotArray_Destroy(slots);
00657     return rvCerts;
00658 loser:
00659     if (slots) {
00660        nssSlotArray_Destroy(slots);
00661     }
00662     if (collection) {
00663        nssPKIObjectCollection_Destroy(collection);
00664     }
00665     return (NSSCertificate **)NULL;
00666 }
00667 
00668 NSS_IMPLEMENT NSSCertificate **
00669 NSSTrustDomain_FindCertificatesBySubject (
00670   NSSTrustDomain *td,
00671   NSSDER *subject,
00672   NSSCertificate *rvOpt[],
00673   PRUint32 maximumOpt,
00674   NSSArena *arenaOpt
00675 )
00676 {
00677     return nssTrustDomain_FindCertificatesBySubject(td, 
00678                                                     subject,
00679                                                     rvOpt,
00680                                                     maximumOpt,
00681                                                     arenaOpt);
00682 }
00683 
00684 NSS_IMPLEMENT NSSCertificate *
00685 nssTrustDomain_FindBestCertificateBySubject (
00686   NSSTrustDomain *td,
00687   NSSDER *subject,
00688   NSSTime *timeOpt,
00689   NSSUsage *usage,
00690   NSSPolicies *policiesOpt
00691 )
00692 {
00693     NSSCertificate **subjectCerts;
00694     NSSCertificate *rvCert = NULL;
00695     subjectCerts = nssTrustDomain_FindCertificatesBySubject(td, subject,
00696                                                             NULL,
00697                                                             0,
00698                                                             NULL);
00699     if (subjectCerts) {
00700        rvCert = nssCertificateArray_FindBestCertificate(subjectCerts,
00701                                                          timeOpt,
00702                                                          usage,
00703                                                          policiesOpt);
00704        nssCertificateArray_Destroy(subjectCerts);
00705     }
00706     return rvCert;
00707 }
00708 
00709 NSS_IMPLEMENT NSSCertificate *
00710 NSSTrustDomain_FindBestCertificateBySubject (
00711   NSSTrustDomain *td,
00712   NSSDER *subject,
00713   NSSTime *timeOpt,
00714   NSSUsage *usage,
00715   NSSPolicies *policiesOpt
00716 )
00717 {
00718     return nssTrustDomain_FindBestCertificateBySubject(td,
00719                                                        subject,
00720                                                        timeOpt,
00721                                                        usage,
00722                                                        policiesOpt);
00723 }
00724 
00725 NSS_IMPLEMENT NSSCertificate *
00726 NSSTrustDomain_FindBestCertificateByNameComponents (
00727   NSSTrustDomain *td,
00728   NSSUTF8 *nameComponents,
00729   NSSTime *timeOpt,
00730   NSSUsage *usage,
00731   NSSPolicies *policiesOpt
00732 )
00733 {
00734     nss_SetError(NSS_ERROR_NOT_FOUND);
00735     return NULL;
00736 }
00737 
00738 NSS_IMPLEMENT NSSCertificate **
00739 NSSTrustDomain_FindCertificatesByNameComponents (
00740   NSSTrustDomain *td,
00741   NSSUTF8 *nameComponents,
00742   NSSCertificate *rvOpt[],
00743   PRUint32 maximumOpt, /* 0 for no max */
00744   NSSArena *arenaOpt
00745 )
00746 {
00747     nss_SetError(NSS_ERROR_NOT_FOUND);
00748     return NULL;
00749 }
00750 
00751 NSS_IMPLEMENT NSSCertificate *
00752 nssTrustDomain_FindCertificateByIssuerAndSerialNumber (
00753   NSSTrustDomain *td,
00754   NSSDER *issuer,
00755   NSSDER *serial
00756 )
00757 {
00758     PRStatus status;
00759     NSSToken *token = NULL;
00760     NSSSlot **slots = NULL;
00761     NSSSlot **slotp;
00762     NSSCertificate *rvCert = NULL;
00763     nssPKIObjectCollection *collection = NULL;
00764     nssUpdateLevel updateLevel;
00765     /* see if this search is already cached */
00766     rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
00767                                                            issuer, 
00768                                                            serial);
00769     if (rvCert) {
00770        return rvCert;
00771     }
00772     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
00773     if (!slots) {
00774        goto loser;
00775     }
00776     for (slotp = slots; *slotp; slotp++) {
00777        token = nssSlot_GetToken(*slotp);
00778        if (token) {
00779            nssSession *session;
00780            nssCryptokiObject *instance;
00781            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
00782            session = nssTrustDomain_GetSessionForToken(td, token);
00783            if (!session) {
00784               nssToken_Destroy(token);
00785               goto loser;
00786            }
00787            instance = nssToken_FindCertificateByIssuerAndSerialNumber(
00788                                                                    token,
00789                                                                    session,
00790                                                                    issuer,
00791                                                                    serial,
00792                                                                    tokenOnly,
00793                                                                    &status);
00794            nssToken_Destroy(token);
00795            if (status != PR_SUCCESS) {
00796               goto loser;
00797            }
00798            if (instance) {
00799               if (!collection) {
00800                   collection = nssCertificateCollection_Create(td, NULL);
00801                   if (!collection) {
00802                      goto loser;
00803                   }
00804               }
00805               nssPKIObjectCollection_AddInstances(collection, 
00806                                                   &instance, 1);
00807            }
00808        }
00809     }
00810     if (collection) {
00811        (void)nssPKIObjectCollection_GetCertificates(collection, 
00812                                                     &rvCert, 1, NULL);
00813        if (!rvCert) {
00814            goto loser;
00815        }
00816        nssPKIObjectCollection_Destroy(collection);
00817     }
00818     nssSlotArray_Destroy(slots);
00819     return rvCert;
00820 loser:
00821     if (collection) {
00822        nssPKIObjectCollection_Destroy(collection);
00823     }
00824     if (slots) {
00825        nssSlotArray_Destroy(slots);
00826     }
00827     return (NSSCertificate *)NULL;
00828 }
00829 
00830 NSS_IMPLEMENT NSSCertificate *
00831 NSSTrustDomain_FindCertificateByIssuerAndSerialNumber (
00832   NSSTrustDomain *td,
00833   NSSDER *issuer,
00834   NSSDER *serial
00835 )
00836 {
00837     return nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
00838                                                                  issuer,
00839                                                                  serial);
00840 }
00841 
00842 NSS_IMPLEMENT NSSCertificate *
00843 nssTrustDomain_FindCertificateByEncodedCertificate (
00844   NSSTrustDomain *td,
00845   NSSBER *ber
00846 )
00847 {
00848     PRStatus status;
00849     NSSCertificate *rvCert = NULL;
00850     NSSDER issuer = { 0 };
00851     NSSDER serial = { 0 };
00852     NSSArena *arena = nssArena_Create();
00853     if (!arena) {
00854        return (NSSCertificate *)NULL;
00855     }
00856     /* XXX this is not generic...  will any cert crack into issuer/serial? */
00857     status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial);
00858     if (status != PR_SUCCESS) {
00859        goto finish;
00860     }
00861     rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
00862                                                                    &issuer,
00863                                                                    &serial);
00864 finish:
00865     nssArena_Destroy(arena);
00866     return rvCert;
00867 }
00868 
00869 NSS_IMPLEMENT NSSCertificate *
00870 NSSTrustDomain_FindCertificateByEncodedCertificate (
00871   NSSTrustDomain *td,
00872   NSSBER *ber
00873 )
00874 {
00875     return nssTrustDomain_FindCertificateByEncodedCertificate(td, ber);
00876 }
00877 
00878 NSS_IMPLEMENT NSSCertificate *
00879 NSSTrustDomain_FindBestCertificateByEmail (
00880   NSSTrustDomain *td,
00881   NSSASCII7 *email,
00882   NSSTime *timeOpt,
00883   NSSUsage *usage,
00884   NSSPolicies *policiesOpt
00885 )
00886 {
00887     return 0;
00888 }
00889 
00890 NSS_IMPLEMENT NSSCertificate **
00891 NSSTrustDomain_FindCertificatesByEmail (
00892   NSSTrustDomain *td,
00893   NSSASCII7 *email,
00894   NSSCertificate *rvOpt[],
00895   PRUint32 maximumOpt, /* 0 for no max */
00896   NSSArena *arenaOpt
00897 )
00898 {
00899     nss_SetError(NSS_ERROR_NOT_FOUND);
00900     return NULL;
00901 }
00902 
00903 NSS_IMPLEMENT NSSCertificate *
00904 NSSTrustDomain_FindCertificateByOCSPHash (
00905   NSSTrustDomain *td,
00906   NSSItem *hash
00907 )
00908 {
00909     nss_SetError(NSS_ERROR_NOT_FOUND);
00910     return NULL;
00911 }
00912 
00913 NSS_IMPLEMENT NSSCertificate *
00914 NSSTrustDomain_FindBestUserCertificate (
00915   NSSTrustDomain *td,
00916   NSSTime *timeOpt,
00917   NSSUsage *usage,
00918   NSSPolicies *policiesOpt
00919 )
00920 {
00921     nss_SetError(NSS_ERROR_NOT_FOUND);
00922     return NULL;
00923 }
00924 
00925 NSS_IMPLEMENT NSSCertificate **
00926 NSSTrustDomain_FindUserCertificates (
00927   NSSTrustDomain *td,
00928   NSSTime *timeOpt,
00929   NSSUsage *usageOpt,
00930   NSSPolicies *policiesOpt,
00931   NSSCertificate **rvOpt,
00932   PRUint32 rvLimit, /* zero for no limit */
00933   NSSArena *arenaOpt
00934 )
00935 {
00936     nss_SetError(NSS_ERROR_NOT_FOUND);
00937     return NULL;
00938 }
00939 
00940 NSS_IMPLEMENT NSSCertificate *
00941 NSSTrustDomain_FindBestUserCertificateForSSLClientAuth (
00942   NSSTrustDomain *td,
00943   NSSUTF8 *sslHostOpt,
00944   NSSDER *rootCAsOpt[], /* null pointer for none */
00945   PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
00946   NSSAlgorithmAndParameters *apOpt,
00947   NSSPolicies *policiesOpt
00948 )
00949 {
00950     nss_SetError(NSS_ERROR_NOT_FOUND);
00951     return NULL;
00952 }
00953 
00954 NSS_IMPLEMENT NSSCertificate **
00955 NSSTrustDomain_FindUserCertificatesForSSLClientAuth (
00956   NSSTrustDomain *td,
00957   NSSUTF8 *sslHostOpt,
00958   NSSDER *rootCAsOpt[], /* null pointer for none */
00959   PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
00960   NSSAlgorithmAndParameters *apOpt,
00961   NSSPolicies *policiesOpt,
00962   NSSCertificate **rvOpt,
00963   PRUint32 rvLimit, /* zero for no limit */
00964   NSSArena *arenaOpt
00965 )
00966 {
00967     nss_SetError(NSS_ERROR_NOT_FOUND);
00968     return NULL;
00969 }
00970 
00971 NSS_IMPLEMENT NSSCertificate *
00972 NSSTrustDomain_FindBestUserCertificateForEmailSigning (
00973   NSSTrustDomain *td,
00974   NSSASCII7 *signerOpt,
00975   NSSASCII7 *recipientOpt,
00976   /* anything more here? */
00977   NSSAlgorithmAndParameters *apOpt,
00978   NSSPolicies *policiesOpt
00979 )
00980 {
00981     nss_SetError(NSS_ERROR_NOT_FOUND);
00982     return NULL;
00983 }
00984 
00985 NSS_IMPLEMENT NSSCertificate **
00986 NSSTrustDomain_FindUserCertificatesForEmailSigning (
00987   NSSTrustDomain *td,
00988   NSSASCII7 *signerOpt,
00989   NSSASCII7 *recipientOpt,
00990   /* anything more here? */
00991   NSSAlgorithmAndParameters *apOpt,
00992   NSSPolicies *policiesOpt,
00993   NSSCertificate **rvOpt,
00994   PRUint32 rvLimit, /* zero for no limit */
00995   NSSArena *arenaOpt
00996 )
00997 {
00998     nss_SetError(NSS_ERROR_NOT_FOUND);
00999     return NULL;
01000 }
01001 
01002 static PRStatus
01003 collector(nssCryptokiObject *instance, void *arg)
01004 {
01005     nssPKIObjectCollection *collection = (nssPKIObjectCollection *)arg;
01006     return nssPKIObjectCollection_AddInstanceAsObject(collection, instance);
01007 }
01008 
01009 NSS_IMPLEMENT PRStatus *
01010 NSSTrustDomain_TraverseCertificates (
01011   NSSTrustDomain *td,
01012   PRStatus (*callback)(NSSCertificate *c, void *arg),
01013   void *arg
01014 )
01015 {
01016     PRStatus status;
01017     NSSToken *token = NULL;
01018     NSSSlot **slots = NULL;
01019     NSSSlot **slotp;
01020     nssPKIObjectCollection *collection = NULL;
01021     nssPKIObjectCallback pkiCallback;
01022     nssUpdateLevel updateLevel;
01023     NSSCertificate **cached = NULL;
01024     nssList *certList;
01025 
01026     certList = nssList_Create(NULL, PR_FALSE);
01027     if (!certList) return NULL;
01028     (void *)nssTrustDomain_GetCertsFromCache(td, certList);
01029     cached = get_certs_from_list(certList);
01030     collection = nssCertificateCollection_Create(td, cached);
01031     nssCertificateArray_Destroy(cached);
01032     nssList_Destroy(certList);
01033     if (!collection) {
01034        return (PRStatus *)NULL;
01035     }
01036     /* obtain the current set of active slots in the trust domain */
01037     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
01038     if (!slots) {
01039        goto loser;
01040     }
01041     /* iterate over the slots */
01042     for (slotp = slots; *slotp; slotp++) {
01043        /* get the token for the slot, if present */
01044        token = nssSlot_GetToken(*slotp);
01045        if (token) {
01046            nssSession *session;
01047            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
01048            /* get a session for the token */
01049            session = nssTrustDomain_GetSessionForToken(td, token);
01050            if (!session) {
01051               nssToken_Destroy(token);
01052               goto loser;
01053            }
01054            /* perform the traversal */
01055            status = nssToken_TraverseCertificates(token,
01056                                                   session,
01057                                                   tokenOnly,
01058                                                   collector,
01059                                                   collection);
01060            nssToken_Destroy(token);
01061        }
01062     }
01063 
01064     /* Traverse the collection */
01065     pkiCallback.func.cert = callback;
01066     pkiCallback.arg = arg;
01067     status = nssPKIObjectCollection_Traverse(collection, &pkiCallback);
01068     /* clean up */
01069     nssPKIObjectCollection_Destroy(collection);
01070     nssSlotArray_Destroy(slots);
01071     return NULL;
01072 loser:
01073     if (slots) {
01074        nssSlotArray_Destroy(slots);
01075     }
01076     if (collection) {
01077        nssPKIObjectCollection_Destroy(collection);
01078     }
01079     return NULL;
01080 }
01081 
01082 #ifdef notdef
01083 /*
01084  * search for Public and Private keys first
01085  */
01086 NSS_IMPLEMENT PRStatus *
01087 NSSTrustDomain_TraverseUserCertificates (
01088   NSSTrustDomain *td,
01089   PRStatus (*callback)(NSSCertificate *c, void *arg),
01090   void *arg
01091 )
01092 {
01093     PRStatus status;
01094     NSSToken *token = NULL;
01095     NSSSlot **slots = NULL;
01096     NSSSlot **slotp;
01097     nssPKIObjectCollection *collection = NULL;
01098     nssPKIObjectCallback pkiCallback;
01099     nssUpdateLevel updateLevel;
01100     NSSCertificate **cached = NULL;
01101     nssList *certList;
01102     certList = nssList_Create(NULL, PR_FALSE);
01103     if (!certList) return NULL;
01104     (void *)nssTrustDomain_GetCertsFromCache(td, certList);
01105     cached = get_certs_from_list(certList);
01106     collection = nssCertificateCollection_Create(td, cached);
01107     nssCertificateArray_Destroy(cached);
01108     nssList_Destroy(certList);
01109     if (!collection) {
01110        return (PRStatus *)NULL;
01111     }
01112     /* obtain the current set of active slots in the trust domain */
01113     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
01114     if (!slots) {
01115        goto loser;
01116     }
01117     /* iterate over the slots */
01118     for (slotp = slots; *slotp; slotp++) {
01119        /* get the token for the slot, if present */
01120        token = nssSlot_GetToken(*slotp);
01121        if (token) {
01122            nssSession *session;
01123            nssCryptokiObject **instances;
01124            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
01125            /* get a session for the token */
01126            session = nssTrustDomain_GetSessionForToken(td, token);
01127            if (!session) {
01128               nssToken_Destroy(token);
01129               goto loser;
01130            }
01131            /* perform the traversal */
01132            if (!isLoggedIn(tok)) {
01133               instances = nssToken_FindPublicKeys(token,
01134                                                  session,
01135                                                  tokenOnly,
01136                                                  0, &status);
01137            } else {
01138               instances = nssToken_FindPrivateKeys(token,
01139                                                  session,
01140                                                  tokenOnly,
01141                                                  0, &status);
01142            }
01143            nssToken_Destroy(token);
01144            if (status != PR_SUCCESS) {
01145               goto loser;
01146            }
01147            /* add the found certificates to the collection */
01148            status = nssPKIObjectCollection_AddInstances(collection, 
01149                                                         instances, 0);
01150            nss_ZFreeIf(instances);
01151            if (status != PR_SUCCESS) {
01152               goto loser;
01153            }
01154        }
01155     }
01156     status = nssPKIObjectCollection_MatchCerts(collection);
01157     if (status != PR_SUCCESS) {
01158        goto loser;
01159     }
01160     /* Traverse the collection */
01161     pkiCallback.func.cert = callback;
01162     pkiCallback.arg = arg;
01163     status = nssPKIObjectCollection_Traverse(collection, &pkiCallback);
01164     /* clean up */
01165     nssPKIObjectCollection_Destroy(collection);
01166     nssSlotArray_Destroy(slots);
01167     return NULL;
01168 loser:
01169     if (slots) {
01170        nssSlotArray_Destroy(slots);
01171     }
01172     if (collection) {
01173        nssPKIObjectCollection_Destroy(collection);
01174     }
01175     return NULL;
01176 }
01177 #endif
01178 
01179 NSS_IMPLEMENT NSSTrust *
01180 nssTrustDomain_FindTrustForCertificate (
01181   NSSTrustDomain *td,
01182   NSSCertificate *c
01183 )
01184 {
01185     PRStatus status;
01186     NSSSlot **slots;
01187     NSSSlot **slotp;
01188     NSSToken *token;
01189     nssCryptokiObject *to = NULL;
01190     nssPKIObject *pkio = NULL;
01191     NSSTrust *rvt = NULL;
01192     nssUpdateLevel updateLevel;
01193     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
01194     if (!slots) {
01195        return (NSSTrust *)NULL;
01196     }
01197     for (slotp = slots; *slotp; slotp++) {
01198        token = nssSlot_GetToken(*slotp);
01199        if (token) {
01200            to = nssToken_FindTrustForCertificate(token, NULL, 
01201                                                  &c->encoding,
01202                                                  &c->issuer,
01203                                                  &c->serial,
01204                                              nssTokenSearchType_TokenOnly);
01205            if (to) {
01206               if (!pkio) {
01207                   pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock);
01208                   if (!pkio) {
01209                      nssToken_Destroy(token);
01210                      nssCryptokiObject_Destroy(to);
01211                      goto loser;
01212                   }
01213               } else {
01214                   status = nssPKIObject_AddInstance(pkio, to);
01215                   if (status != PR_SUCCESS) {
01216                      nssToken_Destroy(token);
01217                      nssCryptokiObject_Destroy(to);
01218                      goto loser;
01219                   }
01220               }
01221            }
01222            nssToken_Destroy(token);
01223        }
01224     }
01225     if (pkio) {
01226        rvt = nssTrust_Create(pkio, &c->encoding);
01227        if (!rvt) {
01228            goto loser;
01229        }
01230     }
01231     nssSlotArray_Destroy(slots);
01232     return rvt;
01233 loser:
01234     nssSlotArray_Destroy(slots);
01235     if (pkio) {
01236        nssPKIObject_Destroy(pkio);
01237     }
01238     return (NSSTrust *)NULL;
01239 }
01240 
01241 NSS_IMPLEMENT NSSCRL **
01242 nssTrustDomain_FindCRLsBySubject (
01243   NSSTrustDomain *td,
01244   NSSDER *subject
01245 )
01246 {
01247     PRStatus status;
01248     NSSSlot **slots;
01249     NSSSlot **slotp;
01250     NSSToken *token;
01251     nssUpdateLevel updateLevel;
01252     nssPKIObjectCollection *collection;
01253     NSSCRL **rvCRLs = NULL;
01254     collection = nssCRLCollection_Create(td, NULL);
01255     if (!collection) {
01256        return (NSSCRL **)NULL;
01257     }
01258     slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
01259     if (!slots) {
01260        goto loser;
01261     }
01262     for (slotp = slots; *slotp; slotp++) {
01263        token = nssSlot_GetToken(*slotp);
01264        if (token) {
01265            nssSession *session;
01266            nssCryptokiObject **instances;
01267            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
01268            /* get a session for the token */
01269            session = nssTrustDomain_GetSessionForToken(td, token);
01270            if (!session) {
01271               nssToken_Destroy(token);
01272               goto loser;
01273            }
01274            /* perform the traversal */
01275            instances = nssToken_FindCRLsBySubject(token, session, subject,
01276                                                   tokenOnly, 0, &status);
01277            nssToken_Destroy(token);
01278            if (status != PR_SUCCESS) {
01279               goto loser;
01280            }
01281            /* add the found CRL's to the collection */
01282            status = nssPKIObjectCollection_AddInstances(collection, 
01283                                                         instances, 0);
01284            nss_ZFreeIf(instances);
01285            if (status != PR_SUCCESS) {
01286               goto loser;
01287            }
01288        }
01289     }
01290     rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
01291     nssPKIObjectCollection_Destroy(collection);
01292     nssSlotArray_Destroy(slots);
01293     return rvCRLs;
01294 loser:
01295     nssPKIObjectCollection_Destroy(collection);
01296     nssSlotArray_Destroy(slots);
01297     return (NSSCRL **)NULL;
01298 }
01299 
01300 NSS_IMPLEMENT PRStatus
01301 NSSTrustDomain_GenerateKeyPair (
01302   NSSTrustDomain *td,
01303   NSSAlgorithmAndParameters *ap,
01304   NSSPrivateKey **pvkOpt,
01305   NSSPublicKey **pbkOpt,
01306   PRBool privateKeyIsSensitive,
01307   NSSToken *destination,
01308   NSSCallback *uhhOpt
01309 )
01310 {
01311     nss_SetError(NSS_ERROR_NOT_FOUND);
01312     return PR_FAILURE;
01313 }
01314 
01315 NSS_IMPLEMENT NSSSymmetricKey *
01316 NSSTrustDomain_GenerateSymmetricKey (
01317   NSSTrustDomain *td,
01318   NSSAlgorithmAndParameters *ap,
01319   PRUint32 keysize,
01320   NSSToken *destination,
01321   NSSCallback *uhhOpt
01322 )
01323 {
01324     nss_SetError(NSS_ERROR_NOT_FOUND);
01325     return NULL;
01326 }
01327 
01328 NSS_IMPLEMENT NSSSymmetricKey *
01329 NSSTrustDomain_GenerateSymmetricKeyFromPassword (
01330   NSSTrustDomain *td,
01331   NSSAlgorithmAndParameters *ap,
01332   NSSUTF8 *passwordOpt, /* if null, prompt */
01333   NSSToken *destinationOpt,
01334   NSSCallback *uhhOpt
01335 )
01336 {
01337     nss_SetError(NSS_ERROR_NOT_FOUND);
01338     return NULL;
01339 }
01340 
01341 NSS_IMPLEMENT NSSSymmetricKey *
01342 NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID (
01343   NSSTrustDomain *td,
01344   NSSOID *algorithm,
01345   NSSItem *keyID,
01346   NSSCallback *uhhOpt
01347 )
01348 {
01349     nss_SetError(NSS_ERROR_NOT_FOUND);
01350     return NULL;
01351 }
01352 
01353 NSS_IMPLEMENT NSSCryptoContext *
01354 nssTrustDomain_CreateCryptoContext (
01355   NSSTrustDomain *td,
01356   NSSCallback *uhhOpt
01357 )
01358 {
01359     return nssCryptoContext_Create(td, uhhOpt);
01360 }
01361 
01362 NSS_IMPLEMENT NSSCryptoContext *
01363 NSSTrustDomain_CreateCryptoContext (
01364   NSSTrustDomain *td,
01365   NSSCallback *uhhOpt
01366 )
01367 {
01368     return nssTrustDomain_CreateCryptoContext(td, uhhOpt);
01369 }
01370 
01371 NSS_IMPLEMENT NSSCryptoContext *
01372 NSSTrustDomain_CreateCryptoContextForAlgorithm (
01373   NSSTrustDomain *td,
01374   NSSOID *algorithm
01375 )
01376 {
01377     nss_SetError(NSS_ERROR_NOT_FOUND);
01378     return NULL;
01379 }
01380 
01381 NSS_IMPLEMENT NSSCryptoContext *
01382 NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters (
01383   NSSTrustDomain *td,
01384   NSSAlgorithmAndParameters *ap
01385 )
01386 {
01387     nss_SetError(NSS_ERROR_NOT_FOUND);
01388     return NULL;
01389 }
01390