Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
#ifndef PKIT_H
#include "pkit.h"
#endif /* PKIT_H */
#ifndef DEVM_H
#include "devm.h"
#endif /* DEVM_H */
#include "pki3hack.h"
#include "dev3hack.h"
#include "pkim.h"
#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */
#include "pk11func.h"
#include "secmodti.h"
#include "secerr.h"
NSS_IMPLEMENT nssSession *
nssSession_ImportNSS3Session(NSSArena *arenaOpt,
CK_SESSION_HANDLE session,
PZLock *lock, PRBool rw)
{
nssSession *rvSession = NULL;
if (session != CK_INVALID_HANDLE) {
rvSession = nss_ZNEW(arenaOpt, nssSession);
if (rvSession) {
rvSession->handle = session;
rvSession->lock = lock;
rvSession->ownLock = PR_FALSE;
rvSession->isRW = rw;
}
}
return rvSession;
}
NSS_IMPLEMENT nssSession *
nssSlot_CreateSession(
NSSSlot *slot,
NSSArena *arenaOpt,
PRBool readWrite)
{
nssSession *rvSession;
if (!readWrite) {
/* nss3hack version only returns rw swssions */
return NULL;
}
rvSession = nss_ZNEW(arenaOpt, nssSession);
if (!rvSession) {
return (nssSession *)NULL;
}
rvSession->handle = PK11_GetRWSession(slot->pk11slot);
if (rvSession->handle == CK_INVALID_HANDLE) {
nss_ZFreeIf(rvSession);
return NULL;
}
rvSession->isRW = PR_TRUE;
rvSession->slot = slot;
/*
* The session doesn't need its own lock. Here's why.
* 1. If we are reusing the default RW session of the slot,
* the slot lock is already locked to protect the session.
* 2. If the module is not thread safe, the slot (or rather
* module) lock is already locked.
* 3. If the module is thread safe and we are using a new
* session, no higher-level lock has been locked and we
* would need a lock for the new session. However, the
* current usage of the session is that it is always
* used and destroyed within the same function and never
* shared with another thread.
* So the session is either already protected by another
* lock or only used by one thread.
*/
rvSession->lock = NULL;
rvSession->ownLock = PR_FALSE;
return rvSession;
}
NSS_IMPLEMENT PRStatus
nssSession_Destroy(nssSession *s)
{
PRStatus rv = PR_SUCCESS;
if (s) {
if (s->isRW) {
PK11_RestoreROSession(s->slot->pk11slot, s->handle);
}
rv = nss_ZFreeIf(s);
}
return rv;
}
static NSSSlot *
nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
{
NSSSlot *rvSlot;
NSSArena *arena;
arena = nssArena_Create();
if (!arena) {
return NULL;
}
rvSlot = nss_ZNEW(arena, NSSSlot);
if (!rvSlot) {
nssArena_Destroy(arena);
return NULL;
}
rvSlot->base.refCount = 1;
rvSlot->base.lock = PZ_NewLock(nssILockOther);
rvSlot->base.arena = arena;
rvSlot->pk11slot = PK11_ReferenceSlot(nss3slot);
rvSlot->epv = nss3slot->functionList;
rvSlot->slotID = nss3slot->slotID;
/* Grab the slot name from the PKCS#11 fixed-length buffer */
rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name, td->arena);
rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
rvSlot->isPresentLock = PZ_NewLock(nssiLockOther);
rvSlot->isPresentCondition = PR_NewCondVar(rvSlot->isPresentLock);
rvSlot->isPresentThread = NULL;
rvSlot->lastTokenPingState = nssSlotLastPingState_Reset;
return rvSlot;
}
NSSToken *
nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
{
NSSToken *rvToken;
NSSArena *arena;
/* Don't create a token object for a disabled slot */
if (nss3slot->disabled) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return NULL;
}
arena = nssArena_Create();
if (!arena) {
return NULL;
}
rvToken = nss_ZNEW(arena, NSSToken);
if (!rvToken) {
nssArena_Destroy(arena);
return NULL;
}
rvToken->base.refCount = 1;
rvToken->base.lock = PZ_NewLock(nssILockOther);
if (!rvToken->base.lock) {
nssArena_Destroy(arena);
return NULL;
}
rvToken->base.arena = arena;
rvToken->pk11slot = PK11_ReferenceSlot(nss3slot);
rvToken->epv = nss3slot->functionList;
rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
nss3slot->session,
nss3slot->sessionLock,
nss3slot->defRWSession);
#if 0 /* we should do this instead of blindly continuing. */
if (!rvToken->defaultSession) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
goto loser;
}
#endif
if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
rvToken->cache = nssTokenObjectCache_Create(rvToken,
PR_TRUE, PR_TRUE, PR_TRUE);
if (!rvToken->cache)
goto loser;
}
rvToken->trustDomain = td;
/* Grab the token name from the PKCS#11 fixed-length buffer */
rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name, td->arena);
rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
if (!rvToken->slot) {
goto loser;
}
if (rvToken->defaultSession)
rvToken->defaultSession->slot = rvToken->slot;
return rvToken;
loser:
PZ_DestroyLock(rvToken->base.lock);
nssArena_Destroy(arena);
return NULL;
}
NSS_IMPLEMENT void
nssToken_UpdateName(NSSToken *token)
{
if (!token) {
return;
}
token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name, token->base.arena);
}
NSS_IMPLEMENT PRBool
nssSlot_IsPermanent(NSSSlot *slot)
{
return slot->pk11slot->isPerm;
}
NSS_IMPLEMENT PRBool
nssSlot_IsFriendly(NSSSlot *slot)
{
return PK11_IsFriendly(slot->pk11slot);
}
NSS_IMPLEMENT PRStatus
nssToken_Refresh(NSSToken *token)
{
PK11SlotInfo *nss3slot;
if (!token) {
return PR_SUCCESS;
}
nss3slot = token->pk11slot;
token->defaultSession =
nssSession_ImportNSS3Session(token->slot->base.arena,
nss3slot->session,
nss3slot->sessionLock,
nss3slot->defRWSession);
return token->defaultSession ? PR_SUCCESS : PR_FAILURE;
}
NSS_IMPLEMENT PRStatus
nssToken_GetTrustOrder(NSSToken *tok)
{
PK11SlotInfo *slot;
SECMODModule *module;
slot = tok->pk11slot;
module = PK11_GetModule(slot);
return module->trustOrder;
}
NSS_IMPLEMENT PRBool
nssSlot_IsLoggedIn(NSSSlot *slot)
{
if (!slot->pk11slot->needLogin) {
return PR_TRUE;
}
return PK11_IsLoggedIn(slot->pk11slot, NULL);
}
NSSTrustDomain *
nssToken_GetTrustDomain(NSSToken *token)
{
return token->trustDomain;
}
NSS_EXTERN PRStatus
nssTrustDomain_RemoveTokenCertsFromCache(
NSSTrustDomain *td,
NSSToken *token);
NSS_IMPLEMENT PRStatus
nssToken_NotifyCertsNotVisible(
NSSToken *tok)
{
return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
}