/src/nss-nspr/nss/lib/pk11wrap/dev3hack.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | |
5 | | #ifndef PKIT_H |
6 | | #include "pkit.h" |
7 | | #endif /* PKIT_H */ |
8 | | |
9 | | #ifndef DEVM_H |
10 | | #include "devm.h" |
11 | | #endif /* DEVM_H */ |
12 | | |
13 | | #include "pki3hack.h" |
14 | | #include "dev3hack.h" |
15 | | #include "pkim.h" |
16 | | |
17 | | #ifndef BASE_H |
18 | | #include "base.h" |
19 | | #endif /* BASE_H */ |
20 | | |
21 | | #include "pk11func.h" |
22 | | #include "secmodti.h" |
23 | | #include "secerr.h" |
24 | | |
25 | | NSS_IMPLEMENT nssSession * |
26 | | nssSession_ImportNSS3Session(NSSArena *arenaOpt, |
27 | | CK_SESSION_HANDLE session, |
28 | | PZLock *lock, PRBool rw) |
29 | 4 | { |
30 | 4 | nssSession *rvSession = NULL; |
31 | 4 | if (session != CK_INVALID_HANDLE) { |
32 | 4 | rvSession = nss_ZNEW(arenaOpt, nssSession); |
33 | 4 | if (rvSession) { |
34 | 4 | rvSession->handle = session; |
35 | 4 | rvSession->lock = lock; |
36 | 4 | rvSession->ownLock = PR_FALSE; |
37 | 4 | rvSession->isRW = rw; |
38 | 4 | } |
39 | 4 | } |
40 | 4 | return rvSession; |
41 | 4 | } |
42 | | |
43 | | NSS_IMPLEMENT nssSession * |
44 | | nssSlot_CreateSession( |
45 | | NSSSlot *slot, |
46 | | NSSArena *arenaOpt, |
47 | | PRBool readWrite) |
48 | 0 | { |
49 | 0 | nssSession *rvSession; |
50 | |
|
51 | 0 | if (!readWrite) { |
52 | | /* nss3hack version only returns rw swssions */ |
53 | 0 | return NULL; |
54 | 0 | } |
55 | 0 | rvSession = nss_ZNEW(arenaOpt, nssSession); |
56 | 0 | if (!rvSession) { |
57 | 0 | return (nssSession *)NULL; |
58 | 0 | } |
59 | | |
60 | 0 | rvSession->handle = PK11_GetRWSession(slot->pk11slot); |
61 | 0 | if (rvSession->handle == CK_INVALID_HANDLE) { |
62 | 0 | nss_ZFreeIf(rvSession); |
63 | 0 | return NULL; |
64 | 0 | } |
65 | 0 | rvSession->isRW = PR_TRUE; |
66 | 0 | rvSession->slot = slot; |
67 | | /* |
68 | | * The session doesn't need its own lock. Here's why. |
69 | | * 1. If we are reusing the default RW session of the slot, |
70 | | * the slot lock is already locked to protect the session. |
71 | | * 2. If the module is not thread safe, the slot (or rather |
72 | | * module) lock is already locked. |
73 | | * 3. If the module is thread safe and we are using a new |
74 | | * session, no higher-level lock has been locked and we |
75 | | * would need a lock for the new session. However, the |
76 | | * current usage of the session is that it is always |
77 | | * used and destroyed within the same function and never |
78 | | * shared with another thread. |
79 | | * So the session is either already protected by another |
80 | | * lock or only used by one thread. |
81 | | */ |
82 | 0 | rvSession->lock = NULL; |
83 | 0 | rvSession->ownLock = PR_FALSE; |
84 | 0 | return rvSession; |
85 | 0 | } |
86 | | |
87 | | NSS_IMPLEMENT PRStatus |
88 | | nssSession_Destroy(nssSession *s) |
89 | 0 | { |
90 | 0 | PRStatus rv = PR_SUCCESS; |
91 | 0 | if (s) { |
92 | 0 | if (s->isRW) { |
93 | 0 | PK11_RestoreROSession(s->slot->pk11slot, s->handle); |
94 | 0 | } |
95 | 0 | rv = nss_ZFreeIf(s); |
96 | 0 | } |
97 | 0 | return rv; |
98 | 0 | } |
99 | | |
100 | | static NSSSlot * |
101 | | nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot) |
102 | 4 | { |
103 | 4 | NSSSlot *rvSlot; |
104 | 4 | NSSArena *arena; |
105 | 4 | arena = nssArena_Create(); |
106 | 4 | if (!arena) { |
107 | 0 | return NULL; |
108 | 0 | } |
109 | 4 | rvSlot = nss_ZNEW(arena, NSSSlot); |
110 | 4 | if (!rvSlot) { |
111 | 0 | nssArena_Destroy(arena); |
112 | 0 | return NULL; |
113 | 0 | } |
114 | 4 | rvSlot->base.refCount = 1; |
115 | 4 | rvSlot->base.lock = PZ_NewLock(nssILockOther); |
116 | 4 | rvSlot->base.arena = arena; |
117 | 4 | rvSlot->pk11slot = PK11_ReferenceSlot(nss3slot); |
118 | 4 | rvSlot->epv = nss3slot->functionList; |
119 | 4 | rvSlot->slotID = nss3slot->slotID; |
120 | | /* Grab the slot name from the PKCS#11 fixed-length buffer */ |
121 | 4 | rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name, td->arena); |
122 | 4 | rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock; |
123 | 4 | rvSlot->isPresentLock = PZ_NewLock(nssiLockOther); |
124 | 4 | rvSlot->isPresentCondition = PR_NewCondVar(rvSlot->isPresentLock); |
125 | 4 | rvSlot->isPresentThread = NULL; |
126 | 4 | rvSlot->lastTokenPingState = nssSlotLastPingState_Reset; |
127 | 4 | return rvSlot; |
128 | 4 | } |
129 | | |
130 | | NSSToken * |
131 | | nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot) |
132 | 4 | { |
133 | 4 | NSSToken *rvToken; |
134 | 4 | NSSArena *arena; |
135 | | |
136 | | /* Don't create a token object for a disabled slot */ |
137 | 4 | if (nss3slot->disabled) { |
138 | 0 | PORT_SetError(SEC_ERROR_NO_TOKEN); |
139 | 0 | return NULL; |
140 | 0 | } |
141 | 4 | arena = nssArena_Create(); |
142 | 4 | if (!arena) { |
143 | 0 | return NULL; |
144 | 0 | } |
145 | 4 | rvToken = nss_ZNEW(arena, NSSToken); |
146 | 4 | if (!rvToken) { |
147 | 0 | nssArena_Destroy(arena); |
148 | 0 | return NULL; |
149 | 0 | } |
150 | 4 | rvToken->base.refCount = 1; |
151 | 4 | rvToken->base.lock = PZ_NewLock(nssILockOther); |
152 | 4 | if (!rvToken->base.lock) { |
153 | 0 | nssArena_Destroy(arena); |
154 | 0 | return NULL; |
155 | 0 | } |
156 | 4 | rvToken->base.arena = arena; |
157 | 4 | rvToken->pk11slot = PK11_ReferenceSlot(nss3slot); |
158 | 4 | rvToken->epv = nss3slot->functionList; |
159 | 4 | rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena, |
160 | 4 | nss3slot->session, |
161 | 4 | nss3slot->sessionLock, |
162 | 4 | nss3slot->defRWSession); |
163 | | #if 0 /* we should do this instead of blindly continuing. */ |
164 | | if (!rvToken->defaultSession) { |
165 | | PORT_SetError(SEC_ERROR_NO_TOKEN); |
166 | | goto loser; |
167 | | } |
168 | | #endif |
169 | 4 | if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) { |
170 | 0 | rvToken->cache = nssTokenObjectCache_Create(rvToken, |
171 | 0 | PR_TRUE, PR_TRUE, PR_TRUE); |
172 | 0 | if (!rvToken->cache) |
173 | 0 | goto loser; |
174 | 0 | } |
175 | 4 | rvToken->trustDomain = td; |
176 | | /* Grab the token name from the PKCS#11 fixed-length buffer */ |
177 | 4 | rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name, td->arena); |
178 | 4 | rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot); |
179 | 4 | if (!rvToken->slot) { |
180 | 0 | goto loser; |
181 | 0 | } |
182 | 4 | if (rvToken->defaultSession) |
183 | 4 | rvToken->defaultSession->slot = rvToken->slot; |
184 | 4 | return rvToken; |
185 | 0 | loser: |
186 | 0 | PZ_DestroyLock(rvToken->base.lock); |
187 | 0 | nssArena_Destroy(arena); |
188 | 0 | return NULL; |
189 | 4 | } |
190 | | |
191 | | NSS_IMPLEMENT void |
192 | | nssToken_UpdateName(NSSToken *token) |
193 | 4 | { |
194 | 4 | if (!token) { |
195 | 4 | return; |
196 | 4 | } |
197 | 0 | token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name, token->base.arena); |
198 | 0 | } |
199 | | |
200 | | NSS_IMPLEMENT PRBool |
201 | | nssSlot_IsPermanent(NSSSlot *slot) |
202 | 0 | { |
203 | 0 | return slot->pk11slot->isPerm; |
204 | 0 | } |
205 | | |
206 | | NSS_IMPLEMENT PRBool |
207 | | nssSlot_IsFriendly(NSSSlot *slot) |
208 | 0 | { |
209 | 0 | return PK11_IsFriendly(slot->pk11slot); |
210 | 0 | } |
211 | | |
212 | | NSS_IMPLEMENT PRStatus |
213 | | nssToken_Refresh(NSSToken *token) |
214 | 4 | { |
215 | 4 | PK11SlotInfo *nss3slot; |
216 | | |
217 | 4 | if (!token) { |
218 | 4 | return PR_SUCCESS; |
219 | 4 | } |
220 | 0 | nss3slot = token->pk11slot; |
221 | 0 | token->defaultSession = |
222 | 0 | nssSession_ImportNSS3Session(token->slot->base.arena, |
223 | 0 | nss3slot->session, |
224 | 0 | nss3slot->sessionLock, |
225 | 0 | nss3slot->defRWSession); |
226 | 0 | return token->defaultSession ? PR_SUCCESS : PR_FAILURE; |
227 | 4 | } |
228 | | |
229 | | NSS_IMPLEMENT PRStatus |
230 | | nssToken_GetTrustOrder(NSSToken *tok) |
231 | 0 | { |
232 | 0 | PK11SlotInfo *slot; |
233 | 0 | SECMODModule *module; |
234 | 0 | slot = tok->pk11slot; |
235 | 0 | module = PK11_GetModule(slot); |
236 | 0 | return module->trustOrder; |
237 | 0 | } |
238 | | |
239 | | NSS_IMPLEMENT PRBool |
240 | | nssSlot_IsLoggedIn(NSSSlot *slot) |
241 | 0 | { |
242 | 0 | if (!slot->pk11slot->needLogin) { |
243 | 0 | return PR_TRUE; |
244 | 0 | } |
245 | 0 | return PK11_IsLoggedIn(slot->pk11slot, NULL); |
246 | 0 | } |
247 | | |
248 | | NSSTrustDomain * |
249 | | nssToken_GetTrustDomain(NSSToken *token) |
250 | 0 | { |
251 | 0 | return token->trustDomain; |
252 | 0 | } |
253 | | |
254 | | NSS_EXTERN PRStatus |
255 | | nssTrustDomain_RemoveTokenCertsFromCache( |
256 | | NSSTrustDomain *td, |
257 | | NSSToken *token); |
258 | | |
259 | | NSS_IMPLEMENT PRStatus |
260 | | nssToken_NotifyCertsNotVisible( |
261 | | NSSToken *tok) |
262 | 0 | { |
263 | 0 | return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok); |
264 | 0 | } |