Coverage Report

Created: 2024-11-21 07:03

/src/nss-nspr/nss/lib/pki/trustdomain.c
Line
Count
Source (jump to first uncovered line)
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5
#ifndef DEV_H
6
#include "dev.h"
7
#endif /* DEV_H */
8
9
#ifndef PKIM_H
10
#include "pkim.h"
11
#endif /* PKIM_H */
12
13
#include "cert.h"
14
#include "dev3hack.h"
15
#include "pki3hack.h"
16
#include "pk11pub.h"
17
#include "nssrwlk.h"
18
#include "pk11priv.h"
19
20
2
#define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
21
22
extern const NSSError NSS_ERROR_NOT_FOUND;
23
24
typedef PRUint32 nssUpdateLevel;
25
26
NSS_IMPLEMENT NSSTrustDomain *
27
NSSTrustDomain_Create(
28
    NSSUTF8 *moduleOpt,
29
    NSSUTF8 *uriOpt,
30
    NSSUTF8 *opaqueOpt,
31
    void *reserved)
32
2
{
33
2
    NSSArena *arena;
34
2
    NSSTrustDomain *rvTD;
35
2
    arena = NSSArena_Create();
36
2
    if (!arena) {
37
0
        return (NSSTrustDomain *)NULL;
38
0
    }
39
2
    rvTD = nss_ZNEW(arena, NSSTrustDomain);
40
2
    if (!rvTD) {
41
0
        goto loser;
42
0
    }
43
    /* protect the token list and the token iterator */
44
2
    rvTD->tokensLock = NSSRWLock_New(100, "tokens");
45
2
    if (!rvTD->tokensLock) {
46
0
        goto loser;
47
0
    }
48
2
    nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
49
2
    rvTD->arena = arena;
50
2
    rvTD->refCount = 1;
51
2
    rvTD->statusConfig = NULL;
52
2
    return rvTD;
53
0
loser:
54
0
    if (rvTD && rvTD->tokensLock) {
55
0
        NSSRWLock_Destroy(rvTD->tokensLock);
56
0
    }
57
0
    nssArena_Destroy(arena);
58
0
    return (NSSTrustDomain *)NULL;
59
2
}
60
61
static void
62
token_destructor(void *t)
63
0
{
64
0
    NSSToken *tok = (NSSToken *)t;
65
    /* Remove the token list's reference to the token */
66
0
    (void)nssToken_Destroy(tok);
67
68
    /* Signal that the slot should not give out any more references to the
69
     * token. The token might still have a positive refcount after this call.
70
     * The token has a reference to the slot, so the slot will not be destroyed
71
     * until after the token's refcount drops to 0. */
72
0
    PK11Slot_SetNSSToken(tok->pk11slot, NULL);
73
0
}
74
75
NSS_IMPLEMENT PRStatus
76
NSSTrustDomain_Destroy(
77
    NSSTrustDomain *td)
78
0
{
79
0
    PRStatus status = PR_SUCCESS;
80
0
    if (--td->refCount == 0) {
81
        /* Destroy each token in the list of tokens */
82
0
        if (td->tokens) {
83
0
            nssListIterator_Destroy(td->tokens);
84
0
            td->tokens = NULL;
85
0
        }
86
0
        if (td->tokenList) {
87
0
            nssList_Clear(td->tokenList, token_destructor);
88
0
            nssList_Destroy(td->tokenList);
89
0
            td->tokenList = NULL;
90
0
        }
91
0
        NSSRWLock_Destroy(td->tokensLock);
92
0
        td->tokensLock = NULL;
93
0
        status = nssTrustDomain_DestroyCache(td);
94
0
        if (status == PR_FAILURE) {
95
0
            return status;
96
0
        }
97
0
        if (td->statusConfig) {
98
0
            td->statusConfig->statusDestroy(td->statusConfig);
99
0
            td->statusConfig = NULL;
100
0
        }
101
        /* Destroy the trust domain */
102
0
        nssArena_Destroy(td->arena);
103
0
    }
104
0
    return status;
105
0
}
106
107
/* XXX uses tokens until slot list is in place */
108
static NSSSlot **
109
nssTrustDomain_GetActiveSlots(
110
    NSSTrustDomain *td,
111
    nssUpdateLevel *updateLevel)
112
0
{
113
0
    PRUint32 count;
114
0
    NSSSlot **slots = NULL;
115
0
    NSSToken **tp, **tokens;
116
0
    *updateLevel = 1;
117
0
    if (!td->tokenList) {
118
0
        return NULL;
119
0
    }
120
0
    NSSRWLock_LockRead(td->tokensLock);
121
0
    count = nssList_Count(td->tokenList);
122
0
    tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
123
0
    if (!tokens) {
124
0
        NSSRWLock_UnlockRead(td->tokensLock);
125
0
        return NULL;
126
0
    }
127
0
    slots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
128
0
    if (!slots) {
129
0
        NSSRWLock_UnlockRead(td->tokensLock);
130
0
        nss_ZFreeIf(tokens);
131
0
        return NULL;
132
0
    }
133
0
    nssList_GetArray(td->tokenList, (void **)tokens, count);
134
0
    count = 0;
135
0
    for (tp = tokens; *tp; tp++) {
136
0
        NSSSlot *slot = nssToken_GetSlot(*tp);
137
0
        if (!PK11_IsDisabled(slot->pk11slot)) {
138
0
            slots[count++] = slot;
139
0
        } else {
140
0
            nssSlot_Destroy(slot);
141
0
        }
142
0
    }
143
0
    NSSRWLock_UnlockRead(td->tokensLock);
144
0
    nss_ZFreeIf(tokens);
145
0
    if (!count) {
146
0
        nss_ZFreeIf(slots);
147
0
        slots = NULL;
148
0
    }
149
0
    return slots;
150
0
}
151
152
/* XXX */
153
static nssSession *
154
nssTrustDomain_GetSessionForToken(
155
    NSSTrustDomain *td,
156
    NSSToken *token)
157
0
{
158
0
    return nssToken_GetDefaultSession(token);
159
0
}
160
161
NSS_IMPLEMENT PRStatus
162
NSSTrustDomain_SetDefaultCallback(
163
    NSSTrustDomain *td,
164
    NSSCallback *newCallback,
165
    NSSCallback **oldCallbackOpt)
166
0
{
167
0
    if (oldCallbackOpt) {
168
0
        *oldCallbackOpt = td->defaultCallback;
169
0
    }
170
0
    td->defaultCallback = newCallback;
171
0
    return PR_SUCCESS;
172
0
}
173
174
NSS_IMPLEMENT NSSCallback *
175
nssTrustDomain_GetDefaultCallback(
176
    NSSTrustDomain *td,
177
    PRStatus *statusOpt)
178
0
{
179
0
    if (statusOpt) {
180
0
        *statusOpt = PR_SUCCESS;
181
0
    }
182
0
    return td->defaultCallback;
183
0
}
184
185
NSS_IMPLEMENT NSSCallback *
186
NSSTrustDomain_GetDefaultCallback(
187
    NSSTrustDomain *td,
188
    PRStatus *statusOpt)
189
0
{
190
0
    return nssTrustDomain_GetDefaultCallback(td, statusOpt);
191
0
}
192
193
NSS_IMPLEMENT PRStatus
194
NSSTrustDomain_LoadModule(
195
    NSSTrustDomain *td,
196
    NSSUTF8 *moduleOpt,
197
    NSSUTF8 *uriOpt,
198
    NSSUTF8 *opaqueOpt,
199
    void *reserved)
200
0
{
201
0
    return PR_FAILURE;
202
0
}
203
204
NSS_IMPLEMENT PRStatus
205
NSSTrustDomain_DisableToken(
206
    NSSTrustDomain *td,
207
    NSSToken *token,
208
    NSSError why)
209
0
{
210
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
211
0
    return PR_FAILURE;
212
0
}
213
214
NSS_IMPLEMENT PRStatus
215
NSSTrustDomain_EnableToken(
216
    NSSTrustDomain *td,
217
    NSSToken *token)
218
0
{
219
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
220
0
    return PR_FAILURE;
221
0
}
222
223
NSS_IMPLEMENT PRStatus
224
NSSTrustDomain_IsTokenEnabled(
225
    NSSTrustDomain *td,
226
    NSSToken *token,
227
    NSSError *whyOpt)
228
0
{
229
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
230
0
    return PR_FAILURE;
231
0
}
232
233
NSS_IMPLEMENT NSSSlot *
234
NSSTrustDomain_FindSlotByName(
235
    NSSTrustDomain *td,
236
    NSSUTF8 *slotName)
237
0
{
238
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
239
0
    return NULL;
240
0
}
241
242
NSS_IMPLEMENT NSSToken **
243
NSSTrustDomain_FindTokensByURI(
244
    NSSTrustDomain *td,
245
    PK11URI *uri)
246
0
{
247
0
    NSSToken *tok = NULL;
248
0
    PK11SlotInfo *slotinfo;
249
0
    NSSToken **tokens;
250
0
    int count, i = 0;
251
252
0
    NSSRWLock_LockRead(td->tokensLock);
253
0
    count = nssList_Count(td->tokenList);
254
0
    tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
255
0
    if (!tokens) {
256
0
        return NULL;
257
0
    }
258
0
    for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
259
0
         tok != (NSSToken *)NULL;
260
0
         tok = (NSSToken *)nssListIterator_Next(td->tokens)) {
261
0
        if (nssToken_IsPresent(tok)) {
262
0
            slotinfo = tok->pk11slot;
263
0
            if (pk11_MatchUriTokenInfo(slotinfo, uri))
264
0
                tokens[i++] = nssToken_AddRef(tok);
265
0
        }
266
0
    }
267
0
    tokens[i] = NULL;
268
0
    nssListIterator_Finish(td->tokens);
269
0
    NSSRWLock_UnlockRead(td->tokensLock);
270
0
    return tokens;
271
0
}
272
273
NSS_IMPLEMENT NSSToken *
274
NSSTrustDomain_FindTokenByName(
275
    NSSTrustDomain *td,
276
    NSSUTF8 *tokenName)
277
0
{
278
0
    PRStatus nssrv;
279
0
    NSSUTF8 *myName;
280
0
    NSSToken *tok = NULL;
281
0
    NSSRWLock_LockRead(td->tokensLock);
282
0
    for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
283
0
         tok != (NSSToken *)NULL;
284
0
         tok = (NSSToken *)nssListIterator_Next(td->tokens)) {
285
0
        if (nssToken_IsPresent(tok)) {
286
0
            myName = nssToken_GetName(tok);
287
0
            if (nssUTF8_Equal(tokenName, myName, &nssrv)) {
288
0
                tok = nssToken_AddRef(tok);
289
0
                break;
290
0
            }
291
0
        }
292
0
    }
293
0
    nssListIterator_Finish(td->tokens);
294
0
    NSSRWLock_UnlockRead(td->tokensLock);
295
0
    return tok;
296
0
}
297
298
NSS_IMPLEMENT NSSToken *
299
NSSTrustDomain_FindTokenBySlotName(
300
    NSSTrustDomain *td,
301
    NSSUTF8 *slotName)
302
0
{
303
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
304
0
    return NULL;
305
0
}
306
307
NSS_IMPLEMENT NSSToken *
308
NSSTrustDomain_FindTokenForAlgorithm(
309
    NSSTrustDomain *td,
310
    NSSOID *algorithm)
311
0
{
312
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
313
0
    return NULL;
314
0
}
315
316
NSS_IMPLEMENT NSSToken *
317
NSSTrustDomain_FindBestTokenForAlgorithms(
318
    NSSTrustDomain *td,
319
    NSSOID *algorithms[],   /* may be null-terminated */
320
    PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
321
)
322
0
{
323
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
324
0
    return NULL;
325
0
}
326
327
NSS_IMPLEMENT PRStatus
328
NSSTrustDomain_Login(
329
    NSSTrustDomain *td,
330
    NSSCallback *uhhOpt)
331
0
{
332
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
333
0
    return PR_FAILURE;
334
0
}
335
336
NSS_IMPLEMENT PRStatus
337
NSSTrustDomain_Logout(NSSTrustDomain *td)
338
0
{
339
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
340
0
    return PR_FAILURE;
341
0
}
342
343
NSS_IMPLEMENT NSSCertificate *
344
NSSTrustDomain_ImportCertificate(
345
    NSSTrustDomain *td,
346
    NSSCertificate *c)
347
0
{
348
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
349
0
    return NULL;
350
0
}
351
352
NSS_IMPLEMENT NSSCertificate *
353
NSSTrustDomain_ImportPKIXCertificate(
354
    NSSTrustDomain *td,
355
    /* declared as a struct until these "data types" are defined */
356
    struct NSSPKIXCertificateStr *pc)
357
0
{
358
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
359
0
    return NULL;
360
0
}
361
362
NSS_IMPLEMENT NSSCertificate *
363
NSSTrustDomain_ImportEncodedCertificate(
364
    NSSTrustDomain *td,
365
    NSSBER *ber)
366
0
{
367
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
368
0
    return NULL;
369
0
}
370
371
NSS_IMPLEMENT NSSCertificate **
372
NSSTrustDomain_ImportEncodedCertificateChain(
373
    NSSTrustDomain *td,
374
    NSSBER *ber,
375
    NSSCertificate *rvOpt[],
376
    PRUint32 maximumOpt, /* 0 for no max */
377
    NSSArena *arenaOpt)
378
0
{
379
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
380
0
    return NULL;
381
0
}
382
383
NSS_IMPLEMENT NSSPrivateKey *
384
NSSTrustDomain_ImportEncodedPrivateKey(
385
    NSSTrustDomain *td,
386
    NSSBER *ber,
387
    NSSItem *passwordOpt, /* NULL will cause a callback */
388
    NSSCallback *uhhOpt,
389
    NSSToken *destination)
390
0
{
391
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
392
0
    return NULL;
393
0
}
394
395
NSS_IMPLEMENT NSSPublicKey *
396
NSSTrustDomain_ImportEncodedPublicKey(
397
    NSSTrustDomain *td,
398
    NSSBER *ber)
399
0
{
400
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
401
0
    return NULL;
402
0
}
403
404
static NSSCertificate **
405
get_certs_from_list(nssList *list)
406
0
{
407
0
    PRUint32 count = nssList_Count(list);
408
0
    NSSCertificate **certs = NULL;
409
0
    if (count > 0) {
410
0
        certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
411
0
        if (certs) {
412
0
            nssList_GetArray(list, (void **)certs, count);
413
0
        }
414
0
    }
415
0
    return certs;
416
0
}
417
418
NSS_IMPLEMENT NSSCertificate **
419
nssTrustDomain_FindCertificatesByNickname(
420
    NSSTrustDomain *td,
421
    const NSSUTF8 *name,
422
    NSSCertificate *rvOpt[],
423
    PRUint32 maximumOpt, /* 0 for no max */
424
    NSSArena *arenaOpt)
425
0
{
426
0
    NSSToken *token = NULL;
427
0
    NSSSlot **slots = NULL;
428
0
    NSSSlot **slotp;
429
0
    NSSCertificate **rvCerts = NULL;
430
0
    nssPKIObjectCollection *collection = NULL;
431
0
    nssUpdateLevel updateLevel;
432
0
    nssList *nameList;
433
0
    PRUint32 numRemaining = maximumOpt;
434
0
    PRUint32 collectionCount = 0;
435
0
    PRUint32 errors = 0;
436
437
    /* First, grab from the cache */
438
0
    nameList = nssList_Create(NULL, PR_FALSE);
439
0
    if (!nameList) {
440
0
        return NULL;
441
0
    }
442
0
    (void)nssTrustDomain_GetCertsForNicknameFromCache(td, name, nameList);
443
0
    rvCerts = get_certs_from_list(nameList);
444
    /* initialize the collection of token certificates with the set of
445
     * cached certs (if any).
446
     */
447
0
    collection = nssCertificateCollection_Create(td, rvCerts);
448
0
    nssCertificateArray_Destroy(rvCerts);
449
0
    nssList_Destroy(nameList);
450
0
    if (!collection) {
451
0
        return (NSSCertificate **)NULL;
452
0
    }
453
    /* obtain the current set of active slots in the trust domain */
454
0
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
455
0
    if (!slots) {
456
0
        goto loser;
457
0
    }
458
    /* iterate over the slots */
459
0
    for (slotp = slots; *slotp; slotp++) {
460
0
        token = nssSlot_GetToken(*slotp);
461
0
        if (token) {
462
0
            nssSession *session;
463
0
            nssCryptokiObject **instances = NULL;
464
0
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
465
0
            PRStatus status = PR_FAILURE;
466
467
0
            session = nssTrustDomain_GetSessionForToken(td, token);
468
0
            if (session) {
469
0
                instances = nssToken_FindCertificatesByNickname(token,
470
0
                                                                session,
471
0
                                                                name,
472
0
                                                                tokenOnly,
473
0
                                                                numRemaining,
474
0
                                                                &status);
475
0
            }
476
0
            (void)nssToken_Destroy(token);
477
0
            if (status != PR_SUCCESS) {
478
0
                errors++;
479
0
                continue;
480
0
            }
481
0
            if (instances) {
482
0
                status = nssPKIObjectCollection_AddInstances(collection,
483
0
                                                             instances, 0);
484
0
                nss_ZFreeIf(instances);
485
0
                if (status != PR_SUCCESS) {
486
0
                    errors++;
487
0
                    continue;
488
0
                }
489
0
                collectionCount = nssPKIObjectCollection_Count(collection);
490
0
                if (maximumOpt > 0) {
491
0
                    if (collectionCount >= maximumOpt)
492
0
                        break;
493
0
                    numRemaining = maximumOpt - collectionCount;
494
0
                }
495
0
            }
496
0
        }
497
0
    }
498
0
    if (!collectionCount && errors)
499
0
        goto loser;
500
    /* Grab the certs collected in the search. */
501
0
    rvCerts = nssPKIObjectCollection_GetCertificates(collection,
502
0
                                                     rvOpt, maximumOpt,
503
0
                                                     arenaOpt);
504
    /* clean up */
505
0
    nssPKIObjectCollection_Destroy(collection);
506
0
    nssSlotArray_Destroy(slots);
507
0
    return rvCerts;
508
0
loser:
509
0
    if (slots) {
510
0
        nssSlotArray_Destroy(slots);
511
0
    }
512
0
    if (collection) {
513
0
        nssPKIObjectCollection_Destroy(collection);
514
0
    }
515
0
    return (NSSCertificate **)NULL;
516
0
}
517
518
NSS_IMPLEMENT NSSCertificate **
519
NSSTrustDomain_FindCertificatesByNickname(
520
    NSSTrustDomain *td,
521
    NSSUTF8 *name,
522
    NSSCertificate *rvOpt[],
523
    PRUint32 maximumOpt, /* 0 for no max */
524
    NSSArena *arenaOpt)
525
0
{
526
0
    return nssTrustDomain_FindCertificatesByNickname(td,
527
0
                                                     name,
528
0
                                                     rvOpt,
529
0
                                                     maximumOpt,
530
0
                                                     arenaOpt);
531
0
}
532
533
NSS_IMPLEMENT NSSCertificate *
534
nssTrustDomain_FindBestCertificateByNickname(
535
    NSSTrustDomain *td,
536
    const NSSUTF8 *name,
537
    NSSTime *timeOpt,
538
    NSSUsage *usage,
539
    NSSPolicies *policiesOpt)
540
0
{
541
0
    NSSCertificate **nicknameCerts;
542
0
    NSSCertificate *rvCert = NULL;
543
0
    nicknameCerts = nssTrustDomain_FindCertificatesByNickname(td, name,
544
0
                                                              NULL,
545
0
                                                              0,
546
0
                                                              NULL);
547
0
    if (nicknameCerts) {
548
0
        rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts,
549
0
                                                         timeOpt,
550
0
                                                         usage,
551
0
                                                         policiesOpt);
552
0
        nssCertificateArray_Destroy(nicknameCerts);
553
0
    }
554
0
    return rvCert;
555
0
}
556
557
NSS_IMPLEMENT NSSCertificate *
558
NSSTrustDomain_FindBestCertificateByNickname(
559
    NSSTrustDomain *td,
560
    const NSSUTF8 *name,
561
    NSSTime *timeOpt,
562
    NSSUsage *usage,
563
    NSSPolicies *policiesOpt)
564
0
{
565
0
    return nssTrustDomain_FindBestCertificateByNickname(td,
566
0
                                                        name,
567
0
                                                        timeOpt,
568
0
                                                        usage,
569
0
                                                        policiesOpt);
570
0
}
571
572
NSS_IMPLEMENT NSSCertificate **
573
nssTrustDomain_FindCertificatesBySubject(
574
    NSSTrustDomain *td,
575
    NSSDER *subject,
576
    NSSCertificate *rvOpt[],
577
    PRUint32 maximumOpt, /* 0 for no max */
578
    NSSArena *arenaOpt)
579
0
{
580
0
    NSSToken *token = NULL;
581
0
    NSSSlot **slots = NULL;
582
0
    NSSSlot **slotp;
583
0
    NSSCertificate **rvCerts = NULL;
584
0
    nssPKIObjectCollection *collection = NULL;
585
0
    nssUpdateLevel updateLevel;
586
0
    nssList *subjectList;
587
0
    PRUint32 numRemaining = maximumOpt;
588
0
    PRUint32 collectionCount = 0;
589
0
    PRUint32 errors = 0;
590
591
    /* look in cache */
592
0
    subjectList = nssList_Create(NULL, PR_FALSE);
593
0
    if (!subjectList) {
594
0
        return NULL;
595
0
    }
596
0
    (void)nssTrustDomain_GetCertsForSubjectFromCache(td, subject, subjectList);
597
0
    rvCerts = get_certs_from_list(subjectList);
598
0
    collection = nssCertificateCollection_Create(td, rvCerts);
599
0
    nssCertificateArray_Destroy(rvCerts);
600
0
    nssList_Destroy(subjectList);
601
0
    if (!collection) {
602
0
        return (NSSCertificate **)NULL;
603
0
    }
604
0
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
605
0
    if (!slots) {
606
0
        goto loser;
607
0
    }
608
0
    for (slotp = slots; *slotp; slotp++) {
609
0
        token = nssSlot_GetToken(*slotp);
610
0
        if (token) {
611
0
            nssSession *session;
612
0
            nssCryptokiObject **instances = NULL;
613
0
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
614
0
            PRStatus status = PR_FAILURE;
615
616
0
            session = nssTrustDomain_GetSessionForToken(td, token);
617
0
            if (session) {
618
0
                instances = nssToken_FindCertificatesBySubject(token,
619
0
                                                               session,
620
0
                                                               subject,
621
0
                                                               tokenOnly,
622
0
                                                               numRemaining,
623
0
                                                               &status);
624
0
            }
625
0
            (void)nssToken_Destroy(token);
626
0
            if (status != PR_SUCCESS) {
627
0
                errors++;
628
0
                continue;
629
0
            }
630
0
            if (instances) {
631
0
                status = nssPKIObjectCollection_AddInstances(collection,
632
0
                                                             instances, 0);
633
0
                nss_ZFreeIf(instances);
634
0
                if (status != PR_SUCCESS) {
635
0
                    errors++;
636
0
                    continue;
637
0
                }
638
0
                collectionCount = nssPKIObjectCollection_Count(collection);
639
0
                if (maximumOpt > 0) {
640
0
                    if (collectionCount >= maximumOpt)
641
0
                        break;
642
0
                    numRemaining = maximumOpt - collectionCount;
643
0
                }
644
0
            }
645
0
        }
646
0
    }
647
0
    if (!collectionCount && errors)
648
0
        goto loser;
649
0
    rvCerts = nssPKIObjectCollection_GetCertificates(collection,
650
0
                                                     rvOpt, maximumOpt,
651
0
                                                     arenaOpt);
652
0
    nssPKIObjectCollection_Destroy(collection);
653
0
    nssSlotArray_Destroy(slots);
654
0
    return rvCerts;
655
0
loser:
656
0
    if (slots) {
657
0
        nssSlotArray_Destroy(slots);
658
0
    }
659
0
    if (collection) {
660
0
        nssPKIObjectCollection_Destroy(collection);
661
0
    }
662
0
    return (NSSCertificate **)NULL;
663
0
}
664
665
NSS_IMPLEMENT NSSCertificate **
666
NSSTrustDomain_FindCertificatesBySubject(
667
    NSSTrustDomain *td,
668
    NSSDER *subject,
669
    NSSCertificate *rvOpt[],
670
    PRUint32 maximumOpt,
671
    NSSArena *arenaOpt)
672
0
{
673
0
    return nssTrustDomain_FindCertificatesBySubject(td,
674
0
                                                    subject,
675
0
                                                    rvOpt,
676
0
                                                    maximumOpt,
677
0
                                                    arenaOpt);
678
0
}
679
680
NSS_IMPLEMENT NSSCertificate *
681
nssTrustDomain_FindBestCertificateBySubject(
682
    NSSTrustDomain *td,
683
    NSSDER *subject,
684
    NSSTime *timeOpt,
685
    NSSUsage *usage,
686
    NSSPolicies *policiesOpt)
687
0
{
688
0
    NSSCertificate **subjectCerts;
689
0
    NSSCertificate *rvCert = NULL;
690
0
    subjectCerts = nssTrustDomain_FindCertificatesBySubject(td, subject,
691
0
                                                            NULL,
692
0
                                                            0,
693
0
                                                            NULL);
694
0
    if (subjectCerts) {
695
0
        rvCert = nssCertificateArray_FindBestCertificate(subjectCerts,
696
0
                                                         timeOpt,
697
0
                                                         usage,
698
0
                                                         policiesOpt);
699
0
        nssCertificateArray_Destroy(subjectCerts);
700
0
    }
701
0
    return rvCert;
702
0
}
703
704
NSS_IMPLEMENT NSSCertificate *
705
NSSTrustDomain_FindBestCertificateBySubject(
706
    NSSTrustDomain *td,
707
    NSSDER *subject,
708
    NSSTime *timeOpt,
709
    NSSUsage *usage,
710
    NSSPolicies *policiesOpt)
711
0
{
712
0
    return nssTrustDomain_FindBestCertificateBySubject(td,
713
0
                                                       subject,
714
0
                                                       timeOpt,
715
0
                                                       usage,
716
0
                                                       policiesOpt);
717
0
}
718
719
NSS_IMPLEMENT NSSCertificate *
720
NSSTrustDomain_FindBestCertificateByNameComponents(
721
    NSSTrustDomain *td,
722
    NSSUTF8 *nameComponents,
723
    NSSTime *timeOpt,
724
    NSSUsage *usage,
725
    NSSPolicies *policiesOpt)
726
0
{
727
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
728
0
    return NULL;
729
0
}
730
731
NSS_IMPLEMENT NSSCertificate **
732
NSSTrustDomain_FindCertificatesByNameComponents(
733
    NSSTrustDomain *td,
734
    NSSUTF8 *nameComponents,
735
    NSSCertificate *rvOpt[],
736
    PRUint32 maximumOpt, /* 0 for no max */
737
    NSSArena *arenaOpt)
738
0
{
739
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
740
0
    return NULL;
741
0
}
742
743
/* This returns at most a single certificate, so it can stop the loop
744
 * when one is found.
745
 */
746
NSS_IMPLEMENT NSSCertificate *
747
nssTrustDomain_FindCertificateByIssuerAndSerialNumber(
748
    NSSTrustDomain *td,
749
    NSSDER *issuer,
750
    NSSDER *serial)
751
0
{
752
0
    NSSSlot **slots = NULL;
753
0
    NSSSlot **slotp;
754
0
    NSSCertificate *rvCert = NULL;
755
0
    nssPKIObjectCollection *collection = NULL;
756
0
    nssUpdateLevel updateLevel;
757
758
    /* see if this search is already cached */
759
0
    rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
760
0
                                                           issuer,
761
0
                                                           serial);
762
0
    if (rvCert) {
763
0
        return rvCert;
764
0
    }
765
0
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
766
0
    if (slots) {
767
0
        for (slotp = slots; *slotp; slotp++) {
768
0
            NSSToken *token = nssSlot_GetToken(*slotp);
769
0
            nssSession *session;
770
0
            nssCryptokiObject *instance;
771
0
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
772
0
            PRStatus status = PR_FAILURE;
773
774
0
            if (!token)
775
0
                continue;
776
0
            session = nssTrustDomain_GetSessionForToken(td, token);
777
0
            if (session) {
778
0
                instance = nssToken_FindCertificateByIssuerAndSerialNumber(
779
0
                    token,
780
0
                    session,
781
0
                    issuer,
782
0
                    serial,
783
0
                    tokenOnly,
784
0
                    &status);
785
0
            }
786
0
            (void)nssToken_Destroy(token);
787
0
            if (status != PR_SUCCESS) {
788
0
                continue;
789
0
            }
790
0
            if (instance) {
791
0
                if (!collection) {
792
0
                    collection = nssCertificateCollection_Create(td, NULL);
793
0
                    if (!collection) {
794
0
                        break; /* don't keep looping if out if memory */
795
0
                    }
796
0
                }
797
0
                status = nssPKIObjectCollection_AddInstances(collection,
798
0
                                                             &instance, 1);
799
0
                if (status == PR_SUCCESS) {
800
0
                    (void)nssPKIObjectCollection_GetCertificates(
801
0
                        collection, &rvCert, 1, NULL);
802
0
                }
803
0
                if (rvCert) {
804
0
                    break; /* found one cert, all done */
805
0
                }
806
0
            }
807
0
        }
808
0
    }
809
0
    if (collection) {
810
0
        nssPKIObjectCollection_Destroy(collection);
811
0
    }
812
0
    if (slots) {
813
0
        nssSlotArray_Destroy(slots);
814
0
    }
815
0
    return rvCert;
816
0
}
817
818
NSS_IMPLEMENT NSSCertificate *
819
NSSTrustDomain_FindCertificateByIssuerAndSerialNumber(
820
    NSSTrustDomain *td,
821
    NSSDER *issuer,
822
    NSSDER *serial)
823
0
{
824
0
    return nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
825
0
                                                                 issuer,
826
0
                                                                 serial);
827
0
}
828
829
NSS_IMPLEMENT NSSCertificate *
830
nssTrustDomain_FindCertificateByEncodedCertificate(
831
    NSSTrustDomain *td,
832
    NSSBER *ber)
833
0
{
834
0
    PRStatus status;
835
0
    NSSCertificate *rvCert = NULL;
836
0
    NSSDER issuer = { 0 };
837
0
    NSSDER serial = { 0 };
838
    /* XXX this is not generic...  will any cert crack into issuer/serial? */
839
0
    status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial);
840
0
    if (status != PR_SUCCESS) {
841
0
        return NULL;
842
0
    }
843
0
    rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
844
0
                                                                   &issuer,
845
0
                                                                   &serial);
846
0
    PORT_Free(issuer.data);
847
0
    PORT_Free(serial.data);
848
0
    return rvCert;
849
0
}
850
851
NSS_IMPLEMENT NSSCertificate *
852
NSSTrustDomain_FindCertificateByEncodedCertificate(
853
    NSSTrustDomain *td,
854
    NSSBER *ber)
855
0
{
856
0
    return nssTrustDomain_FindCertificateByEncodedCertificate(td, ber);
857
0
}
858
859
NSS_IMPLEMENT NSSCertificate *
860
NSSTrustDomain_FindBestCertificateByEmail(
861
    NSSTrustDomain *td,
862
    NSSASCII7 *email,
863
    NSSTime *timeOpt,
864
    NSSUsage *usage,
865
    NSSPolicies *policiesOpt)
866
0
{
867
0
    return 0;
868
0
}
869
870
NSS_IMPLEMENT NSSCertificate **
871
NSSTrustDomain_FindCertificatesByEmail(
872
    NSSTrustDomain *td,
873
    NSSASCII7 *email,
874
    NSSCertificate *rvOpt[],
875
    PRUint32 maximumOpt, /* 0 for no max */
876
    NSSArena *arenaOpt)
877
0
{
878
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
879
0
    return NULL;
880
0
}
881
882
NSS_IMPLEMENT NSSCertificate *
883
NSSTrustDomain_FindCertificateByOCSPHash(
884
    NSSTrustDomain *td,
885
    NSSItem *hash)
886
0
{
887
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
888
0
    return NULL;
889
0
}
890
891
NSS_IMPLEMENT NSSCertificate *
892
NSSTrustDomain_FindBestUserCertificate(
893
    NSSTrustDomain *td,
894
    NSSTime *timeOpt,
895
    NSSUsage *usage,
896
    NSSPolicies *policiesOpt)
897
0
{
898
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
899
0
    return NULL;
900
0
}
901
902
NSS_IMPLEMENT NSSCertificate **
903
NSSTrustDomain_FindUserCertificates(
904
    NSSTrustDomain *td,
905
    NSSTime *timeOpt,
906
    NSSUsage *usageOpt,
907
    NSSPolicies *policiesOpt,
908
    NSSCertificate **rvOpt,
909
    PRUint32 rvLimit, /* zero for no limit */
910
    NSSArena *arenaOpt)
911
0
{
912
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
913
0
    return NULL;
914
0
}
915
916
NSS_IMPLEMENT NSSCertificate *
917
NSSTrustDomain_FindBestUserCertificateForSSLClientAuth(
918
    NSSTrustDomain *td,
919
    NSSUTF8 *sslHostOpt,
920
    NSSDER *rootCAsOpt[],   /* null pointer for none */
921
    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
922
    NSSAlgorithmAndParameters *apOpt,
923
    NSSPolicies *policiesOpt)
924
0
{
925
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
926
0
    return NULL;
927
0
}
928
929
NSS_IMPLEMENT NSSCertificate **
930
NSSTrustDomain_FindUserCertificatesForSSLClientAuth(
931
    NSSTrustDomain *td,
932
    NSSUTF8 *sslHostOpt,
933
    NSSDER *rootCAsOpt[],   /* null pointer for none */
934
    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
935
    NSSAlgorithmAndParameters *apOpt,
936
    NSSPolicies *policiesOpt,
937
    NSSCertificate **rvOpt,
938
    PRUint32 rvLimit, /* zero for no limit */
939
    NSSArena *arenaOpt)
940
0
{
941
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
942
0
    return NULL;
943
0
}
944
945
NSS_IMPLEMENT NSSCertificate *
946
NSSTrustDomain_FindBestUserCertificateForEmailSigning(
947
    NSSTrustDomain *td,
948
    NSSASCII7 *signerOpt,
949
    NSSASCII7 *recipientOpt,
950
    /* anything more here? */
951
    NSSAlgorithmAndParameters *apOpt,
952
    NSSPolicies *policiesOpt)
953
0
{
954
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
955
0
    return NULL;
956
0
}
957
958
NSS_IMPLEMENT NSSCertificate **
959
NSSTrustDomain_FindUserCertificatesForEmailSigning(
960
    NSSTrustDomain *td,
961
    NSSASCII7 *signerOpt,
962
    NSSASCII7 *recipientOpt,
963
    /* anything more here? */
964
    NSSAlgorithmAndParameters *apOpt,
965
    NSSPolicies *policiesOpt,
966
    NSSCertificate **rvOpt,
967
    PRUint32 rvLimit, /* zero for no limit */
968
    NSSArena *arenaOpt)
969
0
{
970
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
971
0
    return NULL;
972
0
}
973
974
static PRStatus
975
collector(nssCryptokiObject *instance, void *arg)
976
0
{
977
0
    nssPKIObjectCollection *collection = (nssPKIObjectCollection *)arg;
978
0
    return nssPKIObjectCollection_AddInstanceAsObject(collection, instance);
979
0
}
980
981
NSS_IMPLEMENT PRStatus *
982
NSSTrustDomain_TraverseCertificates(
983
    NSSTrustDomain *td,
984
    PRStatus (*callback)(NSSCertificate *c, void *arg),
985
    void *arg)
986
0
{
987
0
    NSSToken *token = NULL;
988
0
    NSSSlot **slots = NULL;
989
0
    NSSSlot **slotp;
990
0
    nssPKIObjectCollection *collection = NULL;
991
0
    nssPKIObjectCallback pkiCallback;
992
0
    nssUpdateLevel updateLevel;
993
0
    NSSCertificate **cached = NULL;
994
0
    nssList *certList;
995
996
0
    certList = nssList_Create(NULL, PR_FALSE);
997
0
    if (!certList)
998
0
        return NULL;
999
0
    (void)nssTrustDomain_GetCertsFromCache(td, certList);
1000
0
    cached = get_certs_from_list(certList);
1001
0
    collection = nssCertificateCollection_Create(td, cached);
1002
0
    nssCertificateArray_Destroy(cached);
1003
0
    nssList_Destroy(certList);
1004
0
    if (!collection) {
1005
0
        return (PRStatus *)NULL;
1006
0
    }
1007
    /* obtain the current set of active slots in the trust domain */
1008
0
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1009
0
    if (!slots) {
1010
0
        goto loser;
1011
0
    }
1012
    /* iterate over the slots */
1013
0
    for (slotp = slots; *slotp; slotp++) {
1014
        /* get the token for the slot, if present */
1015
0
        token = nssSlot_GetToken(*slotp);
1016
0
        if (token) {
1017
0
            nssSession *session;
1018
0
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1019
            /* get a session for the token */
1020
0
            session = nssTrustDomain_GetSessionForToken(td, token);
1021
0
            if (session) {
1022
                /* perform the traversal */
1023
0
                (void)nssToken_TraverseCertificates(token,
1024
0
                                                    session,
1025
0
                                                    tokenOnly,
1026
0
                                                    collector,
1027
0
                                                    collection);
1028
0
            }
1029
0
            (void)nssToken_Destroy(token);
1030
0
        }
1031
0
    }
1032
1033
    /* Traverse the collection */
1034
0
    pkiCallback.func.cert = callback;
1035
0
    pkiCallback.arg = arg;
1036
0
    (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback);
1037
0
loser:
1038
0
    if (slots) {
1039
0
        nssSlotArray_Destroy(slots);
1040
0
    }
1041
0
    if (collection) {
1042
0
        nssPKIObjectCollection_Destroy(collection);
1043
0
    }
1044
0
    return NULL;
1045
0
}
1046
1047
NSS_IMPLEMENT NSSTrust *
1048
nssTrustDomain_FindTrustForCertificate(
1049
    NSSTrustDomain *td,
1050
    NSSCertificate *c)
1051
0
{
1052
0
    NSSSlot **slots;
1053
0
    NSSSlot **slotp;
1054
0
    nssCryptokiObject *to = NULL;
1055
0
    nssPKIObject *pkio = NULL;
1056
0
    NSSTrust *rvt = NULL;
1057
0
    nssUpdateLevel updateLevel;
1058
0
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1059
0
    if (!slots) {
1060
0
        return (NSSTrust *)NULL;
1061
0
    }
1062
0
    for (slotp = slots; *slotp; slotp++) {
1063
0
        NSSToken *token = nssSlot_GetToken(*slotp);
1064
1065
0
        if (token) {
1066
0
            to = nssToken_FindTrustForCertificate(token, NULL,
1067
0
                                                  &c->encoding,
1068
0
                                                  &c->issuer,
1069
0
                                                  &c->serial,
1070
0
                                                  nssTokenSearchType_TokenOnly);
1071
0
            if (to) {
1072
0
                PRStatus status;
1073
0
                if (!pkio) {
1074
0
                    pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock);
1075
0
                    status = pkio ? PR_SUCCESS : PR_FAILURE;
1076
0
                } else {
1077
0
                    status = nssPKIObject_AddInstance(pkio, to);
1078
0
                }
1079
0
                if (status != PR_SUCCESS) {
1080
0
                    nssCryptokiObject_Destroy(to);
1081
0
                }
1082
0
            }
1083
0
            (void)nssToken_Destroy(token);
1084
0
        }
1085
0
    }
1086
0
    if (pkio) {
1087
0
        rvt = nssTrust_Create(pkio, &c->encoding);
1088
0
        if (rvt) {
1089
0
            pkio = NULL; /* rvt object now owns the pkio reference */
1090
0
        }
1091
0
    }
1092
0
    nssSlotArray_Destroy(slots);
1093
0
    if (pkio) {
1094
0
        nssPKIObject_Destroy(pkio);
1095
0
    }
1096
0
    return rvt;
1097
0
}
1098
1099
NSS_IMPLEMENT NSSCRL **
1100
nssTrustDomain_FindCRLsBySubject(
1101
    NSSTrustDomain *td,
1102
    NSSDER *subject)
1103
0
{
1104
0
    NSSSlot **slots;
1105
0
    NSSSlot **slotp;
1106
0
    NSSToken *token;
1107
0
    nssUpdateLevel updateLevel;
1108
0
    nssPKIObjectCollection *collection;
1109
0
    NSSCRL **rvCRLs = NULL;
1110
0
    collection = nssCRLCollection_Create(td, NULL);
1111
0
    if (!collection) {
1112
0
        return (NSSCRL **)NULL;
1113
0
    }
1114
0
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1115
0
    if (!slots) {
1116
0
        goto loser;
1117
0
    }
1118
0
    for (slotp = slots; *slotp; slotp++) {
1119
0
        token = nssSlot_GetToken(*slotp);
1120
0
        if (token) {
1121
0
            PRStatus status = PR_FAILURE;
1122
0
            nssSession *session;
1123
0
            nssCryptokiObject **instances = NULL;
1124
0
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1125
1126
            /* get a session for the token */
1127
0
            session = nssTrustDomain_GetSessionForToken(td, token);
1128
0
            if (session) {
1129
                /* perform the traversal */
1130
0
                instances = nssToken_FindCRLsBySubject(token, session, subject,
1131
0
                                                       tokenOnly, 0, &status);
1132
0
            }
1133
0
            (void)nssToken_Destroy(token);
1134
0
            if (status == PR_SUCCESS) {
1135
                /* add the found CRL's to the collection */
1136
0
                status = nssPKIObjectCollection_AddInstances(collection,
1137
0
                                                             instances, 0);
1138
0
            }
1139
0
            nss_ZFreeIf(instances);
1140
0
        }
1141
0
    }
1142
0
    rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
1143
0
loser:
1144
0
    nssPKIObjectCollection_Destroy(collection);
1145
0
    nssSlotArray_Destroy(slots);
1146
0
    return rvCRLs;
1147
0
}
1148
1149
NSS_IMPLEMENT PRStatus
1150
NSSTrustDomain_GenerateKeyPair(
1151
    NSSTrustDomain *td,
1152
    NSSAlgorithmAndParameters *ap,
1153
    NSSPrivateKey **pvkOpt,
1154
    NSSPublicKey **pbkOpt,
1155
    PRBool privateKeyIsSensitive,
1156
    NSSToken *destination,
1157
    NSSCallback *uhhOpt)
1158
0
{
1159
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1160
0
    return PR_FAILURE;
1161
0
}
1162
1163
NSS_IMPLEMENT NSSSymmetricKey *
1164
NSSTrustDomain_GenerateSymmetricKey(
1165
    NSSTrustDomain *td,
1166
    NSSAlgorithmAndParameters *ap,
1167
    PRUint32 keysize,
1168
    NSSToken *destination,
1169
    NSSCallback *uhhOpt)
1170
0
{
1171
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1172
0
    return NULL;
1173
0
}
1174
1175
NSS_IMPLEMENT NSSSymmetricKey *
1176
NSSTrustDomain_GenerateSymmetricKeyFromPassword(
1177
    NSSTrustDomain *td,
1178
    NSSAlgorithmAndParameters *ap,
1179
    NSSUTF8 *passwordOpt, /* if null, prompt */
1180
    NSSToken *destinationOpt,
1181
    NSSCallback *uhhOpt)
1182
0
{
1183
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1184
0
    return NULL;
1185
0
}
1186
1187
NSS_IMPLEMENT NSSSymmetricKey *
1188
NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID(
1189
    NSSTrustDomain *td,
1190
    NSSOID *algorithm,
1191
    NSSItem *keyID,
1192
    NSSCallback *uhhOpt)
1193
0
{
1194
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1195
0
    return NULL;
1196
0
}
1197
1198
NSS_IMPLEMENT NSSCryptoContext *
1199
nssTrustDomain_CreateCryptoContext(
1200
    NSSTrustDomain *td,
1201
    NSSCallback *uhhOpt)
1202
2
{
1203
2
    return nssCryptoContext_Create(td, uhhOpt);
1204
2
}
1205
1206
NSS_IMPLEMENT NSSCryptoContext *
1207
NSSTrustDomain_CreateCryptoContext(
1208
    NSSTrustDomain *td,
1209
    NSSCallback *uhhOpt)
1210
2
{
1211
2
    return nssTrustDomain_CreateCryptoContext(td, uhhOpt);
1212
2
}
1213
1214
NSS_IMPLEMENT NSSCryptoContext *
1215
NSSTrustDomain_CreateCryptoContextForAlgorithm(
1216
    NSSTrustDomain *td,
1217
    NSSOID *algorithm)
1218
0
{
1219
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1220
0
    return NULL;
1221
0
}
1222
1223
NSS_IMPLEMENT NSSCryptoContext *
1224
NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters(
1225
    NSSTrustDomain *td,
1226
    NSSAlgorithmAndParameters *ap)
1227
0
{
1228
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1229
0
    return NULL;
1230
0
}