Coverage Report

Created: 2026-07-07 06:15

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/nss/lib/pki/trustdomain.c
Line
Count
Source
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5
#ifndef DEV_H
6
#include "dev.h"
7
#endif /* DEV_H */
8
9
#ifndef PKIM_H
10
#include "pkim.h"
11
#endif /* PKIM_H */
12
13
#include "cert.h"
14
#include "dev3hack.h"
15
#include "pki3hack.h"
16
#include "pk11pub.h"
17
#include "nssrwlk.h"
18
#include "pk11priv.h"
19
20
16
#define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
21
22
extern const NSSError NSS_ERROR_NOT_FOUND;
23
24
typedef PRUint32 nssUpdateLevel;
25
26
NSS_IMPLEMENT NSSTrustDomain *
27
NSSTrustDomain_Create(
28
    NSSUTF8 *moduleOpt,
29
    NSSUTF8 *uriOpt,
30
    NSSUTF8 *opaqueOpt,
31
    void *reserved)
32
16
{
33
16
    NSSArena *arena;
34
16
    NSSTrustDomain *rvTD;
35
16
    arena = NSSArena_Create();
36
16
    if (!arena) {
37
0
        return (NSSTrustDomain *)NULL;
38
0
    }
39
16
    rvTD = nss_ZNEW(arena, NSSTrustDomain);
40
16
    if (!rvTD) {
41
0
        goto loser;
42
0
    }
43
    /* protect the token list and the token iterator */
44
16
    rvTD->tokensLock = NSSRWLock_New(100, "tokens");
45
16
    if (!rvTD->tokensLock) {
46
0
        goto loser;
47
0
    }
48
16
    nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
49
16
    rvTD->arena = arena;
50
16
    rvTD->refCount = 1;
51
16
    rvTD->statusConfig = NULL;
52
16
    return rvTD;
53
0
loser:
54
0
    if (rvTD && rvTD->tokensLock) {
55
0
        NSSRWLock_Destroy(rvTD->tokensLock);
56
0
    }
57
0
    nssArena_Destroy(arena);
58
0
    return (NSSTrustDomain *)NULL;
59
16
}
60
61
static void
62
token_destructor(void *t)
63
28
{
64
28
    NSSToken *tok = (NSSToken *)t;
65
66
    /* Signal that the slot should not give out any more references to the
67
     * token. Do this first, while |tok| (and its reference to the slot) is
68
     * still alive: the list may hold the last reference, in which case
69
     * nssToken_Destroy() below frees the arena that contains |tok|. */
70
28
    PK11Slot_SetNSSToken(tok->pk11slot, NULL);
71
72
    /* Remove the token list's reference to the token */
73
28
    (void)nssToken_Destroy(tok);
74
28
}
75
76
NSS_IMPLEMENT PRStatus
77
NSSTrustDomain_Destroy(
78
    NSSTrustDomain *td)
79
14
{
80
14
    PRStatus status = PR_SUCCESS;
81
14
    if (--td->refCount == 0) {
82
        /* Destroy each token in the list of tokens */
83
14
        if (td->tokens) {
84
14
            nssListIterator_Destroy(td->tokens);
85
14
            td->tokens = NULL;
86
14
        }
87
14
        if (td->tokenList) {
88
14
            nssList_Clear(td->tokenList, token_destructor);
89
14
            nssList_Destroy(td->tokenList);
90
14
            td->tokenList = NULL;
91
14
        }
92
14
        NSSRWLock_Destroy(td->tokensLock);
93
14
        td->tokensLock = NULL;
94
14
        status = nssTrustDomain_DestroyCache(td);
95
14
        if (status == PR_FAILURE) {
96
0
            return status;
97
0
        }
98
14
        if (td->statusConfig) {
99
0
            td->statusConfig->statusDestroy(td->statusConfig);
100
0
            td->statusConfig = NULL;
101
0
        }
102
        /* Destroy the trust domain */
103
14
        nssArena_Destroy(td->arena);
104
14
    }
105
14
    return status;
106
14
}
107
108
/* XXX uses tokens until slot list is in place */
109
static NSSSlot **
110
nssTrustDomain_GetActiveSlots(
111
    NSSTrustDomain *td,
112
    nssUpdateLevel *updateLevel)
113
332k
{
114
332k
    PRUint32 count;
115
332k
    NSSSlot **slots = NULL;
116
332k
    NSSToken **tp, **tokens;
117
332k
    *updateLevel = 1;
118
332k
    if (!td->tokenList) {
119
0
        return NULL;
120
0
    }
121
332k
    NSSRWLock_LockRead(td->tokensLock);
122
332k
    count = nssList_Count(td->tokenList);
123
332k
    tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
124
332k
    if (!tokens) {
125
0
        NSSRWLock_UnlockRead(td->tokensLock);
126
0
        return NULL;
127
0
    }
128
332k
    slots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
129
332k
    if (!slots) {
130
0
        NSSRWLock_UnlockRead(td->tokensLock);
131
0
        nss_ZFreeIf(tokens);
132
0
        return NULL;
133
0
    }
134
332k
    nssList_GetArray(td->tokenList, (void **)tokens, count);
135
332k
    count = 0;
136
996k
    for (tp = tokens; *tp; tp++) {
137
664k
        NSSSlot *slot = nssToken_GetSlot(*tp);
138
664k
        if (!PK11_IsDisabled(slot->pk11slot)) {
139
664k
            slots[count++] = slot;
140
664k
        } else {
141
0
            nssSlot_Destroy(slot);
142
0
        }
143
664k
    }
144
332k
    NSSRWLock_UnlockRead(td->tokensLock);
145
332k
    nss_ZFreeIf(tokens);
146
332k
    if (!count) {
147
0
        nss_ZFreeIf(slots);
148
0
        slots = NULL;
149
0
    }
150
332k
    return slots;
151
332k
}
152
153
/* XXX */
154
static nssSession *
155
nssTrustDomain_GetSessionForToken(
156
    NSSTrustDomain *td,
157
    NSSToken *token)
158
203k
{
159
203k
    return nssToken_GetDefaultSession(token);
160
203k
}
161
162
NSS_IMPLEMENT PRStatus
163
NSSTrustDomain_SetDefaultCallback(
164
    NSSTrustDomain *td,
165
    NSSCallback *newCallback,
166
    NSSCallback **oldCallbackOpt)
167
0
{
168
0
    if (oldCallbackOpt) {
169
0
        *oldCallbackOpt = td->defaultCallback;
170
0
    }
171
0
    td->defaultCallback = newCallback;
172
0
    return PR_SUCCESS;
173
0
}
174
175
NSS_IMPLEMENT NSSCallback *
176
nssTrustDomain_GetDefaultCallback(
177
    NSSTrustDomain *td,
178
    PRStatus *statusOpt)
179
0
{
180
0
    if (statusOpt) {
181
0
        *statusOpt = PR_SUCCESS;
182
0
    }
183
0
    return td->defaultCallback;
184
0
}
185
186
NSS_IMPLEMENT NSSCallback *
187
NSSTrustDomain_GetDefaultCallback(
188
    NSSTrustDomain *td,
189
    PRStatus *statusOpt)
190
0
{
191
0
    return nssTrustDomain_GetDefaultCallback(td, statusOpt);
192
0
}
193
194
NSS_IMPLEMENT PRStatus
195
NSSTrustDomain_LoadModule(
196
    NSSTrustDomain *td,
197
    NSSUTF8 *moduleOpt,
198
    NSSUTF8 *uriOpt,
199
    NSSUTF8 *opaqueOpt,
200
    void *reserved)
201
0
{
202
0
    return PR_FAILURE;
203
0
}
204
205
NSS_IMPLEMENT PRStatus
206
NSSTrustDomain_DisableToken(
207
    NSSTrustDomain *td,
208
    NSSToken *token,
209
    NSSError why)
210
0
{
211
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
212
0
    return PR_FAILURE;
213
0
}
214
215
NSS_IMPLEMENT PRStatus
216
NSSTrustDomain_EnableToken(
217
    NSSTrustDomain *td,
218
    NSSToken *token)
219
0
{
220
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
221
0
    return PR_FAILURE;
222
0
}
223
224
NSS_IMPLEMENT PRStatus
225
NSSTrustDomain_IsTokenEnabled(
226
    NSSTrustDomain *td,
227
    NSSToken *token,
228
    NSSError *whyOpt)
229
0
{
230
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
231
0
    return PR_FAILURE;
232
0
}
233
234
NSS_IMPLEMENT NSSSlot *
235
NSSTrustDomain_FindSlotByName(
236
    NSSTrustDomain *td,
237
    NSSUTF8 *slotName)
238
0
{
239
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
240
0
    return NULL;
241
0
}
242
243
NSS_IMPLEMENT NSSToken **
244
NSSTrustDomain_FindTokensByURI(
245
    NSSTrustDomain *td,
246
    PK11URI *uri)
247
0
{
248
0
    NSSToken *tok = NULL;
249
0
    PK11SlotInfo *slotinfo;
250
0
    NSSToken **tokens;
251
0
    int count, i = 0;
252
253
0
    NSSRWLock_LockRead(td->tokensLock);
254
0
    count = nssList_Count(td->tokenList);
255
0
    tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
256
0
    if (!tokens) {
257
0
        NSSRWLock_UnlockRead(td->tokensLock);
258
0
        return NULL;
259
0
    }
260
0
    for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
261
0
         tok != (NSSToken *)NULL && i < count;
262
0
         tok = (NSSToken *)nssListIterator_Next(td->tokens)) {
263
0
        if (nssToken_IsPresent(tok)) {
264
0
            slotinfo = tok->pk11slot;
265
0
            if (pk11_MatchUriTokenInfo(slotinfo, uri))
266
0
                tokens[i++] = nssToken_AddRef(tok);
267
0
        }
268
0
    }
269
0
    tokens[i] = NULL;
270
0
    nssListIterator_Finish(td->tokens);
271
0
    NSSRWLock_UnlockRead(td->tokensLock);
272
0
    return tokens;
273
0
}
274
275
NSS_IMPLEMENT NSSToken *
276
NSSTrustDomain_FindTokenByName(
277
    NSSTrustDomain *td,
278
    NSSUTF8 *tokenName)
279
0
{
280
0
    PRStatus nssrv;
281
0
    NSSUTF8 *myName;
282
0
    NSSToken *tok = NULL;
283
0
    NSSRWLock_LockRead(td->tokensLock);
284
0
    for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
285
0
         tok != (NSSToken *)NULL;
286
0
         tok = (NSSToken *)nssListIterator_Next(td->tokens)) {
287
0
        if (nssToken_IsPresent(tok)) {
288
0
            myName = nssToken_GetName(tok);
289
0
            if (nssUTF8_Equal(tokenName, myName, &nssrv)) {
290
0
                tok = nssToken_AddRef(tok);
291
0
                break;
292
0
            }
293
0
        }
294
0
    }
295
0
    nssListIterator_Finish(td->tokens);
296
0
    NSSRWLock_UnlockRead(td->tokensLock);
297
0
    return tok;
298
0
}
299
300
NSS_IMPLEMENT NSSToken *
301
NSSTrustDomain_FindTokenBySlotName(
302
    NSSTrustDomain *td,
303
    NSSUTF8 *slotName)
304
0
{
305
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
306
0
    return NULL;
307
0
}
308
309
NSS_IMPLEMENT NSSToken *
310
NSSTrustDomain_FindTokenForAlgorithm(
311
    NSSTrustDomain *td,
312
    NSSOID *algorithm)
313
0
{
314
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
315
0
    return NULL;
316
0
}
317
318
NSS_IMPLEMENT NSSToken *
319
NSSTrustDomain_FindBestTokenForAlgorithms(
320
    NSSTrustDomain *td,
321
    NSSOID *algorithms[],   /* may be null-terminated */
322
    PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
323
)
324
0
{
325
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
326
0
    return NULL;
327
0
}
328
329
NSS_IMPLEMENT PRStatus
330
NSSTrustDomain_Login(
331
    NSSTrustDomain *td,
332
    NSSCallback *uhhOpt)
333
0
{
334
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
335
0
    return PR_FAILURE;
336
0
}
337
338
NSS_IMPLEMENT PRStatus
339
NSSTrustDomain_Logout(NSSTrustDomain *td)
340
0
{
341
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
342
0
    return PR_FAILURE;
343
0
}
344
345
NSS_IMPLEMENT NSSCertificate *
346
NSSTrustDomain_ImportCertificate(
347
    NSSTrustDomain *td,
348
    NSSCertificate *c)
349
0
{
350
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
351
0
    return NULL;
352
0
}
353
354
NSS_IMPLEMENT NSSCertificate *
355
NSSTrustDomain_ImportPKIXCertificate(
356
    NSSTrustDomain *td,
357
    /* declared as a struct until these "data types" are defined */
358
    struct NSSPKIXCertificateStr *pc)
359
0
{
360
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
361
0
    return NULL;
362
0
}
363
364
NSS_IMPLEMENT NSSCertificate *
365
NSSTrustDomain_ImportEncodedCertificate(
366
    NSSTrustDomain *td,
367
    NSSBER *ber)
368
0
{
369
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
370
0
    return NULL;
371
0
}
372
373
NSS_IMPLEMENT NSSCertificate **
374
NSSTrustDomain_ImportEncodedCertificateChain(
375
    NSSTrustDomain *td,
376
    NSSBER *ber,
377
    NSSCertificate *rvOpt[],
378
    PRUint32 maximumOpt, /* 0 for no max */
379
    NSSArena *arenaOpt)
380
0
{
381
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
382
0
    return NULL;
383
0
}
384
385
NSS_IMPLEMENT NSSPrivateKey *
386
NSSTrustDomain_ImportEncodedPrivateKey(
387
    NSSTrustDomain *td,
388
    NSSBER *ber,
389
    NSSItem *passwordOpt, /* NULL will cause a callback */
390
    NSSCallback *uhhOpt,
391
    NSSToken *destination)
392
0
{
393
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
394
0
    return NULL;
395
0
}
396
397
NSS_IMPLEMENT NSSPublicKey *
398
NSSTrustDomain_ImportEncodedPublicKey(
399
    NSSTrustDomain *td,
400
    NSSBER *ber)
401
0
{
402
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
403
0
    return NULL;
404
0
}
405
406
static NSSCertificate **
407
get_certs_from_list(nssList *list)
408
10.7k
{
409
10.7k
    PRUint32 count = nssList_Count(list);
410
10.7k
    NSSCertificate **certs = NULL;
411
10.7k
    if (count > 0) {
412
0
        certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
413
0
        if (certs) {
414
0
            nssList_GetArray(list, (void **)certs, count);
415
0
        }
416
0
    }
417
10.7k
    return certs;
418
10.7k
}
419
420
NSS_IMPLEMENT NSSCertificate **
421
nssTrustDomain_FindCertificatesByNickname(
422
    NSSTrustDomain *td,
423
    const NSSUTF8 *name,
424
    NSSCertificate *rvOpt[],
425
    PRUint32 maximumOpt, /* 0 for no max */
426
    NSSArena *arenaOpt)
427
0
{
428
0
    NSSToken *token = NULL;
429
0
    NSSSlot **slots = NULL;
430
0
    NSSSlot **slotp;
431
0
    NSSCertificate **rvCerts = NULL;
432
0
    nssPKIObjectCollection *collection = NULL;
433
0
    nssUpdateLevel updateLevel;
434
0
    nssList *nameList;
435
0
    PRUint32 numRemaining = maximumOpt;
436
0
    PRUint32 collectionCount = 0;
437
0
    PRUint32 errors = 0;
438
439
    /* First, grab from the cache */
440
0
    nameList = nssList_Create(NULL, PR_FALSE);
441
0
    if (!nameList) {
442
0
        return NULL;
443
0
    }
444
0
    (void)nssTrustDomain_GetCertsForNicknameFromCache(td, name, nameList);
445
0
    rvCerts = get_certs_from_list(nameList);
446
    /* initialize the collection of token certificates with the set of
447
     * cached certs (if any).
448
     */
449
0
    collection = nssCertificateCollection_Create(td, rvCerts);
450
0
    nssCertificateArray_Destroy(rvCerts);
451
0
    nssList_Destroy(nameList);
452
0
    if (!collection) {
453
0
        return (NSSCertificate **)NULL;
454
0
    }
455
    /* obtain the current set of active slots in the trust domain */
456
0
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
457
0
    if (!slots) {
458
0
        goto loser;
459
0
    }
460
    /* iterate over the slots */
461
0
    for (slotp = slots; *slotp; slotp++) {
462
0
        token = nssSlot_GetToken(*slotp);
463
0
        if (token) {
464
0
            nssSession *session;
465
0
            nssCryptokiObject **instances = NULL;
466
0
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
467
0
            PRStatus status = PR_FAILURE;
468
469
0
            session = nssTrustDomain_GetSessionForToken(td, token);
470
0
            if (session) {
471
0
                instances = nssToken_FindCertificatesByNickname(token,
472
0
                                                                session,
473
0
                                                                name,
474
0
                                                                tokenOnly,
475
0
                                                                numRemaining,
476
0
                                                                &status);
477
0
            }
478
0
            (void)nssToken_Destroy(token);
479
0
            if (status != PR_SUCCESS) {
480
0
                errors++;
481
0
                continue;
482
0
            }
483
0
            if (instances) {
484
0
                status = nssPKIObjectCollection_AddInstances(collection,
485
0
                                                             instances, 0);
486
0
                nss_ZFreeIf(instances);
487
0
                if (status != PR_SUCCESS) {
488
0
                    errors++;
489
0
                    continue;
490
0
                }
491
0
                collectionCount = nssPKIObjectCollection_Count(collection);
492
0
                if (maximumOpt > 0) {
493
0
                    if (collectionCount >= maximumOpt)
494
0
                        break;
495
0
                    numRemaining = maximumOpt - collectionCount;
496
0
                }
497
0
            }
498
0
        }
499
0
    }
500
0
    if (!collectionCount && errors)
501
0
        goto loser;
502
    /* Grab the certs collected in the search. */
503
0
    rvCerts = nssPKIObjectCollection_GetCertificates(collection,
504
0
                                                     rvOpt, maximumOpt,
505
0
                                                     arenaOpt);
506
    /* clean up */
507
0
    nssPKIObjectCollection_Destroy(collection);
508
0
    nssSlotArray_Destroy(slots);
509
0
    return rvCerts;
510
0
loser:
511
0
    if (slots) {
512
0
        nssSlotArray_Destroy(slots);
513
0
    }
514
0
    if (collection) {
515
0
        nssPKIObjectCollection_Destroy(collection);
516
0
    }
517
0
    return (NSSCertificate **)NULL;
518
0
}
519
520
NSS_IMPLEMENT NSSCertificate **
521
NSSTrustDomain_FindCertificatesByNickname(
522
    NSSTrustDomain *td,
523
    NSSUTF8 *name,
524
    NSSCertificate *rvOpt[],
525
    PRUint32 maximumOpt, /* 0 for no max */
526
    NSSArena *arenaOpt)
527
0
{
528
0
    return nssTrustDomain_FindCertificatesByNickname(td,
529
0
                                                     name,
530
0
                                                     rvOpt,
531
0
                                                     maximumOpt,
532
0
                                                     arenaOpt);
533
0
}
534
535
NSS_IMPLEMENT NSSCertificate *
536
nssTrustDomain_FindBestCertificateByNickname(
537
    NSSTrustDomain *td,
538
    const NSSUTF8 *name,
539
    NSSTime *timeOpt,
540
    NSSUsage *usage,
541
    NSSPolicies *policiesOpt)
542
0
{
543
0
    NSSCertificate **nicknameCerts;
544
0
    NSSCertificate *rvCert = NULL;
545
0
    nicknameCerts = nssTrustDomain_FindCertificatesByNickname(td, name,
546
0
                                                              NULL,
547
0
                                                              0,
548
0
                                                              NULL);
549
0
    if (nicknameCerts) {
550
0
        rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts,
551
0
                                                         timeOpt,
552
0
                                                         usage,
553
0
                                                         policiesOpt);
554
0
        nssCertificateArray_Destroy(nicknameCerts);
555
0
    }
556
0
    return rvCert;
557
0
}
558
559
NSS_IMPLEMENT NSSCertificate *
560
NSSTrustDomain_FindBestCertificateByNickname(
561
    NSSTrustDomain *td,
562
    const NSSUTF8 *name,
563
    NSSTime *timeOpt,
564
    NSSUsage *usage,
565
    NSSPolicies *policiesOpt)
566
0
{
567
0
    return nssTrustDomain_FindBestCertificateByNickname(td,
568
0
                                                        name,
569
0
                                                        timeOpt,
570
0
                                                        usage,
571
0
                                                        policiesOpt);
572
0
}
573
574
NSS_IMPLEMENT NSSCertificate **
575
nssTrustDomain_FindCertificatesBySubject(
576
    NSSTrustDomain *td,
577
    NSSDER *subject,
578
    NSSCertificate *rvOpt[],
579
    PRUint32 maximumOpt, /* 0 for no max */
580
    NSSArena *arenaOpt)
581
10.7k
{
582
10.7k
    NSSToken *token = NULL;
583
10.7k
    NSSSlot **slots = NULL;
584
10.7k
    NSSSlot **slotp;
585
10.7k
    NSSCertificate **rvCerts = NULL;
586
10.7k
    nssPKIObjectCollection *collection = NULL;
587
10.7k
    nssUpdateLevel updateLevel;
588
10.7k
    nssList *subjectList;
589
10.7k
    PRUint32 numRemaining = maximumOpt;
590
10.7k
    PRUint32 collectionCount = 0;
591
10.7k
    PRUint32 errors = 0;
592
593
    /* look in cache */
594
10.7k
    subjectList = nssList_Create(NULL, PR_FALSE);
595
10.7k
    if (!subjectList) {
596
0
        return NULL;
597
0
    }
598
10.7k
    (void)nssTrustDomain_GetCertsForSubjectFromCache(td, subject, subjectList);
599
10.7k
    rvCerts = get_certs_from_list(subjectList);
600
10.7k
    collection = nssCertificateCollection_Create(td, rvCerts);
601
10.7k
    nssCertificateArray_Destroy(rvCerts);
602
10.7k
    nssList_Destroy(subjectList);
603
10.7k
    if (!collection) {
604
0
        return (NSSCertificate **)NULL;
605
0
    }
606
10.7k
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
607
10.7k
    if (!slots) {
608
0
        goto loser;
609
0
    }
610
32.1k
    for (slotp = slots; *slotp; slotp++) {
611
21.4k
        token = nssSlot_GetToken(*slotp);
612
21.4k
        if (token) {
613
21.4k
            nssSession *session;
614
21.4k
            nssCryptokiObject **instances = NULL;
615
21.4k
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
616
21.4k
            PRStatus status = PR_FAILURE;
617
618
21.4k
            session = nssTrustDomain_GetSessionForToken(td, token);
619
21.4k
            if (session) {
620
21.4k
                instances = nssToken_FindCertificatesBySubject(token,
621
21.4k
                                                               session,
622
21.4k
                                                               subject,
623
21.4k
                                                               tokenOnly,
624
21.4k
                                                               numRemaining,
625
21.4k
                                                               &status);
626
21.4k
            }
627
21.4k
            (void)nssToken_Destroy(token);
628
21.4k
            if (status != PR_SUCCESS) {
629
0
                errors++;
630
0
                continue;
631
0
            }
632
21.4k
            if (instances) {
633
0
                status = nssPKIObjectCollection_AddInstances(collection,
634
0
                                                             instances, 0);
635
0
                nss_ZFreeIf(instances);
636
0
                if (status != PR_SUCCESS) {
637
0
                    errors++;
638
0
                    continue;
639
0
                }
640
0
                collectionCount = nssPKIObjectCollection_Count(collection);
641
0
                if (maximumOpt > 0) {
642
0
                    if (collectionCount >= maximumOpt)
643
0
                        break;
644
0
                    numRemaining = maximumOpt - collectionCount;
645
0
                }
646
0
            }
647
21.4k
        }
648
21.4k
    }
649
10.7k
    if (!collectionCount && errors)
650
0
        goto loser;
651
10.7k
    rvCerts = nssPKIObjectCollection_GetCertificates(collection,
652
10.7k
                                                     rvOpt, maximumOpt,
653
10.7k
                                                     arenaOpt);
654
10.7k
    nssPKIObjectCollection_Destroy(collection);
655
10.7k
    nssSlotArray_Destroy(slots);
656
10.7k
    return rvCerts;
657
0
loser:
658
0
    if (slots) {
659
0
        nssSlotArray_Destroy(slots);
660
0
    }
661
0
    if (collection) {
662
0
        nssPKIObjectCollection_Destroy(collection);
663
0
    }
664
0
    return (NSSCertificate **)NULL;
665
10.7k
}
666
667
NSS_IMPLEMENT NSSCertificate **
668
NSSTrustDomain_FindCertificatesBySubject(
669
    NSSTrustDomain *td,
670
    NSSDER *subject,
671
    NSSCertificate *rvOpt[],
672
    PRUint32 maximumOpt,
673
    NSSArena *arenaOpt)
674
0
{
675
0
    return nssTrustDomain_FindCertificatesBySubject(td,
676
0
                                                    subject,
677
0
                                                    rvOpt,
678
0
                                                    maximumOpt,
679
0
                                                    arenaOpt);
680
0
}
681
682
NSS_IMPLEMENT NSSCertificate *
683
nssTrustDomain_FindBestCertificateBySubject(
684
    NSSTrustDomain *td,
685
    NSSDER *subject,
686
    NSSTime *timeOpt,
687
    NSSUsage *usage,
688
    NSSPolicies *policiesOpt)
689
0
{
690
0
    NSSCertificate **subjectCerts;
691
0
    NSSCertificate *rvCert = NULL;
692
0
    subjectCerts = nssTrustDomain_FindCertificatesBySubject(td, subject,
693
0
                                                            NULL,
694
0
                                                            0,
695
0
                                                            NULL);
696
0
    if (subjectCerts) {
697
0
        rvCert = nssCertificateArray_FindBestCertificate(subjectCerts,
698
0
                                                         timeOpt,
699
0
                                                         usage,
700
0
                                                         policiesOpt);
701
0
        nssCertificateArray_Destroy(subjectCerts);
702
0
    }
703
0
    return rvCert;
704
0
}
705
706
NSS_IMPLEMENT NSSCertificate *
707
NSSTrustDomain_FindBestCertificateBySubject(
708
    NSSTrustDomain *td,
709
    NSSDER *subject,
710
    NSSTime *timeOpt,
711
    NSSUsage *usage,
712
    NSSPolicies *policiesOpt)
713
0
{
714
0
    return nssTrustDomain_FindBestCertificateBySubject(td,
715
0
                                                       subject,
716
0
                                                       timeOpt,
717
0
                                                       usage,
718
0
                                                       policiesOpt);
719
0
}
720
721
NSS_IMPLEMENT NSSCertificate *
722
NSSTrustDomain_FindBestCertificateByNameComponents(
723
    NSSTrustDomain *td,
724
    NSSUTF8 *nameComponents,
725
    NSSTime *timeOpt,
726
    NSSUsage *usage,
727
    NSSPolicies *policiesOpt)
728
0
{
729
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
730
0
    return NULL;
731
0
}
732
733
NSS_IMPLEMENT NSSCertificate **
734
NSSTrustDomain_FindCertificatesByNameComponents(
735
    NSSTrustDomain *td,
736
    NSSUTF8 *nameComponents,
737
    NSSCertificate *rvOpt[],
738
    PRUint32 maximumOpt, /* 0 for no max */
739
    NSSArena *arenaOpt)
740
0
{
741
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
742
0
    return NULL;
743
0
}
744
745
/* This returns at most a single certificate, so it can stop the loop
746
 * when one is found.
747
 */
748
NSS_IMPLEMENT NSSCertificate *
749
nssTrustDomain_FindCertificateByIssuerAndSerialNumber(
750
    NSSTrustDomain *td,
751
    NSSDER *issuer,
752
    NSSDER *serial)
753
90.8k
{
754
90.8k
    NSSSlot **slots = NULL;
755
90.8k
    NSSSlot **slotp;
756
90.8k
    NSSCertificate *rvCert = NULL;
757
90.8k
    nssPKIObjectCollection *collection = NULL;
758
90.8k
    nssUpdateLevel updateLevel;
759
760
    /* see if this search is already cached */
761
90.8k
    rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
762
90.8k
                                                           issuer,
763
90.8k
                                                           serial);
764
90.8k
    if (rvCert) {
765
0
        return rvCert;
766
0
    }
767
90.8k
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
768
90.8k
    if (slots) {
769
272k
        for (slotp = slots; *slotp; slotp++) {
770
181k
            NSSToken *token = nssSlot_GetToken(*slotp);
771
181k
            nssSession *session;
772
181k
            nssCryptokiObject *instance;
773
181k
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
774
181k
            PRStatus status = PR_FAILURE;
775
776
181k
            if (!token)
777
0
                continue;
778
181k
            session = nssTrustDomain_GetSessionForToken(td, token);
779
181k
            if (session) {
780
181k
                instance = nssToken_FindCertificateByIssuerAndSerialNumber(
781
181k
                    token,
782
181k
                    session,
783
181k
                    issuer,
784
181k
                    serial,
785
181k
                    tokenOnly,
786
181k
                    &status);
787
181k
            }
788
181k
            (void)nssToken_Destroy(token);
789
181k
            if (status != PR_SUCCESS) {
790
0
                continue;
791
0
            }
792
181k
            if (instance) {
793
0
                if (!collection) {
794
0
                    collection = nssCertificateCollection_Create(td, NULL);
795
0
                    if (!collection) {
796
0
                        break; /* don't keep looping if out if memory */
797
0
                    }
798
0
                }
799
0
                status = nssPKIObjectCollection_AddInstances(collection,
800
0
                                                             &instance, 1);
801
0
                if (status == PR_SUCCESS) {
802
0
                    (void)nssPKIObjectCollection_GetCertificates(
803
0
                        collection, &rvCert, 1, NULL);
804
0
                }
805
0
                if (rvCert) {
806
0
                    break; /* found one cert, all done */
807
0
                }
808
0
            }
809
181k
        }
810
90.8k
    }
811
90.8k
    if (collection) {
812
0
        nssPKIObjectCollection_Destroy(collection);
813
0
    }
814
90.8k
    if (slots) {
815
90.8k
        nssSlotArray_Destroy(slots);
816
90.8k
    }
817
90.8k
    return rvCert;
818
90.8k
}
819
820
NSS_IMPLEMENT NSSCertificate *
821
NSSTrustDomain_FindCertificateByIssuerAndSerialNumber(
822
    NSSTrustDomain *td,
823
    NSSDER *issuer,
824
    NSSDER *serial)
825
0
{
826
0
    return nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
827
0
                                                                 issuer,
828
0
                                                                 serial);
829
0
}
830
831
NSS_IMPLEMENT NSSCertificate *
832
nssTrustDomain_FindCertificateByEncodedCertificate(
833
    NSSTrustDomain *td,
834
    NSSBER *ber)
835
92.6k
{
836
92.6k
    PRStatus status;
837
92.6k
    NSSCertificate *rvCert = NULL;
838
92.6k
    NSSDER issuer = { 0 };
839
92.6k
    NSSDER serial = { 0 };
840
    /* XXX this is not generic...  will any cert crack into issuer/serial? */
841
92.6k
    status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial);
842
92.6k
    if (status != PR_SUCCESS) {
843
1.78k
        return NULL;
844
1.78k
    }
845
90.8k
    rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
846
90.8k
                                                                   &issuer,
847
90.8k
                                                                   &serial);
848
90.8k
    PORT_Free(issuer.data);
849
90.8k
    PORT_Free(serial.data);
850
90.8k
    return rvCert;
851
92.6k
}
852
853
NSS_IMPLEMENT NSSCertificate *
854
NSSTrustDomain_FindCertificateByEncodedCertificate(
855
    NSSTrustDomain *td,
856
    NSSBER *ber)
857
92.6k
{
858
92.6k
    return nssTrustDomain_FindCertificateByEncodedCertificate(td, ber);
859
92.6k
}
860
861
NSS_IMPLEMENT NSSCertificate *
862
NSSTrustDomain_FindBestCertificateByEmail(
863
    NSSTrustDomain *td,
864
    NSSASCII7 *email,
865
    NSSTime *timeOpt,
866
    NSSUsage *usage,
867
    NSSPolicies *policiesOpt)
868
0
{
869
0
    return 0;
870
0
}
871
872
NSS_IMPLEMENT NSSCertificate **
873
NSSTrustDomain_FindCertificatesByEmail(
874
    NSSTrustDomain *td,
875
    NSSASCII7 *email,
876
    NSSCertificate *rvOpt[],
877
    PRUint32 maximumOpt, /* 0 for no max */
878
    NSSArena *arenaOpt)
879
0
{
880
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
881
0
    return NULL;
882
0
}
883
884
NSS_IMPLEMENT NSSCertificate *
885
NSSTrustDomain_FindCertificateByOCSPHash(
886
    NSSTrustDomain *td,
887
    NSSItem *hash)
888
0
{
889
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
890
0
    return NULL;
891
0
}
892
893
NSS_IMPLEMENT NSSCertificate *
894
NSSTrustDomain_FindBestUserCertificate(
895
    NSSTrustDomain *td,
896
    NSSTime *timeOpt,
897
    NSSUsage *usage,
898
    NSSPolicies *policiesOpt)
899
0
{
900
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
901
0
    return NULL;
902
0
}
903
904
NSS_IMPLEMENT NSSCertificate **
905
NSSTrustDomain_FindUserCertificates(
906
    NSSTrustDomain *td,
907
    NSSTime *timeOpt,
908
    NSSUsage *usageOpt,
909
    NSSPolicies *policiesOpt,
910
    NSSCertificate **rvOpt,
911
    PRUint32 rvLimit, /* zero for no limit */
912
    NSSArena *arenaOpt)
913
0
{
914
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
915
0
    return NULL;
916
0
}
917
918
NSS_IMPLEMENT NSSCertificate *
919
NSSTrustDomain_FindBestUserCertificateForSSLClientAuth(
920
    NSSTrustDomain *td,
921
    NSSUTF8 *sslHostOpt,
922
    NSSDER *rootCAsOpt[],   /* null pointer for none */
923
    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
924
    NSSAlgorithmAndParameters *apOpt,
925
    NSSPolicies *policiesOpt)
926
0
{
927
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
928
0
    return NULL;
929
0
}
930
931
NSS_IMPLEMENT NSSCertificate **
932
NSSTrustDomain_FindUserCertificatesForSSLClientAuth(
933
    NSSTrustDomain *td,
934
    NSSUTF8 *sslHostOpt,
935
    NSSDER *rootCAsOpt[],   /* null pointer for none */
936
    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
937
    NSSAlgorithmAndParameters *apOpt,
938
    NSSPolicies *policiesOpt,
939
    NSSCertificate **rvOpt,
940
    PRUint32 rvLimit, /* zero for no limit */
941
    NSSArena *arenaOpt)
942
0
{
943
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
944
0
    return NULL;
945
0
}
946
947
NSS_IMPLEMENT NSSCertificate *
948
NSSTrustDomain_FindBestUserCertificateForEmailSigning(
949
    NSSTrustDomain *td,
950
    NSSASCII7 *signerOpt,
951
    NSSASCII7 *recipientOpt,
952
    /* anything more here? */
953
    NSSAlgorithmAndParameters *apOpt,
954
    NSSPolicies *policiesOpt)
955
0
{
956
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
957
0
    return NULL;
958
0
}
959
960
NSS_IMPLEMENT NSSCertificate **
961
NSSTrustDomain_FindUserCertificatesForEmailSigning(
962
    NSSTrustDomain *td,
963
    NSSASCII7 *signerOpt,
964
    NSSASCII7 *recipientOpt,
965
    /* anything more here? */
966
    NSSAlgorithmAndParameters *apOpt,
967
    NSSPolicies *policiesOpt,
968
    NSSCertificate **rvOpt,
969
    PRUint32 rvLimit, /* zero for no limit */
970
    NSSArena *arenaOpt)
971
0
{
972
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
973
0
    return NULL;
974
0
}
975
976
static PRStatus
977
collector(nssCryptokiObject *instance, void *arg)
978
0
{
979
0
    nssPKIObjectCollection *collection = (nssPKIObjectCollection *)arg;
980
0
    return nssPKIObjectCollection_AddInstanceAsObject(collection, instance);
981
0
}
982
983
NSS_IMPLEMENT PRStatus *
984
NSSTrustDomain_TraverseCertificates(
985
    NSSTrustDomain *td,
986
    PRStatus (*callback)(NSSCertificate *c, void *arg),
987
    void *arg)
988
5
{
989
5
    NSSToken *token = NULL;
990
5
    NSSSlot **slots = NULL;
991
5
    NSSSlot **slotp;
992
5
    nssPKIObjectCollection *collection = NULL;
993
5
    nssPKIObjectCallback pkiCallback;
994
5
    nssUpdateLevel updateLevel;
995
5
    NSSCertificate **cached = NULL;
996
5
    nssList *certList;
997
998
5
    certList = nssList_Create(NULL, PR_FALSE);
999
5
    if (!certList)
1000
0
        return NULL;
1001
5
    (void)nssTrustDomain_GetCertsFromCache(td, certList);
1002
5
    cached = get_certs_from_list(certList);
1003
5
    collection = nssCertificateCollection_Create(td, cached);
1004
5
    nssCertificateArray_Destroy(cached);
1005
5
    nssList_Destroy(certList);
1006
5
    if (!collection) {
1007
0
        return (PRStatus *)NULL;
1008
0
    }
1009
    /* obtain the current set of active slots in the trust domain */
1010
5
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1011
5
    if (!slots) {
1012
0
        goto loser;
1013
0
    }
1014
    /* iterate over the slots */
1015
15
    for (slotp = slots; *slotp; slotp++) {
1016
        /* get the token for the slot, if present */
1017
10
        token = nssSlot_GetToken(*slotp);
1018
10
        if (token) {
1019
10
            nssSession *session;
1020
10
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1021
            /* get a session for the token */
1022
10
            session = nssTrustDomain_GetSessionForToken(td, token);
1023
10
            if (session) {
1024
                /* perform the traversal */
1025
10
                (void)nssToken_TraverseCertificates(token,
1026
10
                                                    session,
1027
10
                                                    tokenOnly,
1028
10
                                                    collector,
1029
10
                                                    collection);
1030
10
            }
1031
10
            (void)nssToken_Destroy(token);
1032
10
        }
1033
10
    }
1034
1035
    /* Traverse the collection */
1036
5
    pkiCallback.func.cert = callback;
1037
5
    pkiCallback.arg = arg;
1038
5
    (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback);
1039
5
loser:
1040
5
    if (slots) {
1041
5
        nssSlotArray_Destroy(slots);
1042
5
    }
1043
5
    if (collection) {
1044
5
        nssPKIObjectCollection_Destroy(collection);
1045
5
    }
1046
5
    return NULL;
1047
5
}
1048
1049
NSS_IMPLEMENT NSSTrust *
1050
nssTrustDomain_FindTrustForCertificate(
1051
    NSSTrustDomain *td,
1052
    NSSCertificate *c)
1053
230k
{
1054
230k
    NSSSlot **slots;
1055
230k
    NSSSlot **slotp;
1056
230k
    nssCryptokiObject *to = NULL;
1057
230k
    nssPKIObject *pkio = NULL;
1058
230k
    NSSTrust *rvt = NULL;
1059
230k
    nssUpdateLevel updateLevel;
1060
230k
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1061
230k
    if (!slots) {
1062
0
        return (NSSTrust *)NULL;
1063
0
    }
1064
691k
    for (slotp = slots; *slotp; slotp++) {
1065
461k
        NSSToken *token = nssSlot_GetToken(*slotp);
1066
1067
461k
        if (token) {
1068
461k
            to = nssToken_FindTrustForCertificate(token, NULL,
1069
461k
                                                  &c->encoding,
1070
461k
                                                  &c->issuer,
1071
461k
                                                  &c->serial,
1072
461k
                                                  nssTokenSearchType_TokenOnly);
1073
461k
            if (to) {
1074
0
                PRStatus status;
1075
0
                if (!pkio) {
1076
0
                    pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock);
1077
0
                    status = pkio ? PR_SUCCESS : PR_FAILURE;
1078
0
                } else {
1079
0
                    status = nssPKIObject_AddInstance(pkio, to);
1080
0
                }
1081
0
                if (status != PR_SUCCESS) {
1082
0
                    nssCryptokiObject_Destroy(to);
1083
0
                }
1084
0
            }
1085
461k
            (void)nssToken_Destroy(token);
1086
461k
        }
1087
461k
    }
1088
230k
    if (pkio) {
1089
0
        rvt = nssTrust_Create(pkio, &c->encoding);
1090
0
        if (rvt) {
1091
0
            pkio = NULL; /* rvt object now owns the pkio reference */
1092
0
        }
1093
0
    }
1094
230k
    nssSlotArray_Destroy(slots);
1095
230k
    if (pkio) {
1096
0
        nssPKIObject_Destroy(pkio);
1097
0
    }
1098
230k
    return rvt;
1099
230k
}
1100
1101
NSS_IMPLEMENT NSSCRL **
1102
nssTrustDomain_FindCRLsBySubject(
1103
    NSSTrustDomain *td,
1104
    NSSDER *subject)
1105
0
{
1106
0
    NSSSlot **slots;
1107
0
    NSSSlot **slotp;
1108
0
    NSSToken *token;
1109
0
    nssUpdateLevel updateLevel;
1110
0
    nssPKIObjectCollection *collection;
1111
0
    NSSCRL **rvCRLs = NULL;
1112
0
    collection = nssCRLCollection_Create(td, NULL);
1113
0
    if (!collection) {
1114
0
        return (NSSCRL **)NULL;
1115
0
    }
1116
0
    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1117
0
    if (!slots) {
1118
0
        goto loser;
1119
0
    }
1120
0
    for (slotp = slots; *slotp; slotp++) {
1121
0
        token = nssSlot_GetToken(*slotp);
1122
0
        if (token) {
1123
0
            PRStatus status = PR_FAILURE;
1124
0
            nssSession *session;
1125
0
            nssCryptokiObject **instances = NULL;
1126
0
            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1127
1128
            /* get a session for the token */
1129
0
            session = nssTrustDomain_GetSessionForToken(td, token);
1130
0
            if (session) {
1131
                /* perform the traversal */
1132
0
                instances = nssToken_FindCRLsBySubject(token, session, subject,
1133
0
                                                       tokenOnly, 0, &status);
1134
0
            }
1135
0
            (void)nssToken_Destroy(token);
1136
0
            if (status == PR_SUCCESS) {
1137
                /* add the found CRL's to the collection */
1138
0
                status = nssPKIObjectCollection_AddInstances(collection,
1139
0
                                                             instances, 0);
1140
0
            }
1141
0
            nss_ZFreeIf(instances);
1142
0
        }
1143
0
    }
1144
0
    rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
1145
0
loser:
1146
0
    nssPKIObjectCollection_Destroy(collection);
1147
0
    nssSlotArray_Destroy(slots);
1148
0
    return rvCRLs;
1149
0
}
1150
1151
NSS_IMPLEMENT PRStatus
1152
NSSTrustDomain_GenerateKeyPair(
1153
    NSSTrustDomain *td,
1154
    NSSAlgorithmAndParameters *ap,
1155
    NSSPrivateKey **pvkOpt,
1156
    NSSPublicKey **pbkOpt,
1157
    PRBool privateKeyIsSensitive,
1158
    NSSToken *destination,
1159
    NSSCallback *uhhOpt)
1160
0
{
1161
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1162
0
    return PR_FAILURE;
1163
0
}
1164
1165
NSS_IMPLEMENT NSSSymmetricKey *
1166
NSSTrustDomain_GenerateSymmetricKey(
1167
    NSSTrustDomain *td,
1168
    NSSAlgorithmAndParameters *ap,
1169
    PRUint32 keysize,
1170
    NSSToken *destination,
1171
    NSSCallback *uhhOpt)
1172
0
{
1173
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1174
0
    return NULL;
1175
0
}
1176
1177
NSS_IMPLEMENT NSSSymmetricKey *
1178
NSSTrustDomain_GenerateSymmetricKeyFromPassword(
1179
    NSSTrustDomain *td,
1180
    NSSAlgorithmAndParameters *ap,
1181
    NSSUTF8 *passwordOpt, /* if null, prompt */
1182
    NSSToken *destinationOpt,
1183
    NSSCallback *uhhOpt)
1184
0
{
1185
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1186
0
    return NULL;
1187
0
}
1188
1189
NSS_IMPLEMENT NSSSymmetricKey *
1190
NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID(
1191
    NSSTrustDomain *td,
1192
    NSSOID *algorithm,
1193
    NSSItem *keyID,
1194
    NSSCallback *uhhOpt)
1195
0
{
1196
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1197
0
    return NULL;
1198
0
}
1199
1200
NSS_IMPLEMENT NSSCryptoContext *
1201
nssTrustDomain_CreateCryptoContext(
1202
    NSSTrustDomain *td,
1203
    NSSCallback *uhhOpt)
1204
16
{
1205
16
    return nssCryptoContext_Create(td, uhhOpt);
1206
16
}
1207
1208
NSS_IMPLEMENT NSSCryptoContext *
1209
NSSTrustDomain_CreateCryptoContext(
1210
    NSSTrustDomain *td,
1211
    NSSCallback *uhhOpt)
1212
16
{
1213
16
    return nssTrustDomain_CreateCryptoContext(td, uhhOpt);
1214
16
}
1215
1216
NSS_IMPLEMENT NSSCryptoContext *
1217
NSSTrustDomain_CreateCryptoContextForAlgorithm(
1218
    NSSTrustDomain *td,
1219
    NSSOID *algorithm)
1220
0
{
1221
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1222
0
    return NULL;
1223
0
}
1224
1225
NSS_IMPLEMENT NSSCryptoContext *
1226
NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters(
1227
    NSSTrustDomain *td,
1228
    NSSAlgorithmAndParameters *ap)
1229
0
{
1230
0
    nss_SetError(NSS_ERROR_NOT_FOUND);
1231
    return NULL;
1232
0
}