More NSS integration.

2025-01-22 12:04:38 +00:00 · 2001-06-12 21:11:33 +00:00 · 2001-06-12 21:11:33 +00:00 · 24458f0ff3
commit 24458f0ff3
parent c022363108
5 changed files with 32 additions and 220 deletions
--- a/security/jss/org/mozilla/jss/manage/CryptoManager.c
+++ b/security/jss/org/mozilla/jss/manage/CryptoManager.c
@ -216,126 +216,6 @@ loser:

 }

-#if 0
-/***********************************************************************
- * simpleInitialize
- *
- * Initializes NSPR and the RNG only.
- *
- * RETURNS
- *  PR_SUCCESS for success, PR_FAILURE otherwise.  If not successful,
- *  an exception will be thrown.
- */
-static PRStatus
-simpleInitialize(JNIEnv *env)
-{
-    /* initialize is synchronized, so this is thread-safe */
-    static PRBool initialized = PR_FALSE;
-
-    /* initialize values used to calculate concurrency */
-    PRUint32 mask = 0;
-    PRUint32 template = 0x00000001;
-    PRUintn  cpus = 0;
-    PRUintn  concurrency = 0;
-
-    if(initialized) {
-        return PR_SUCCESS;
-    }
-
-    /* On AIX, HP, and Linux, we need to do nasty signal handling in order
-     * to have NSPR play nice with the JVM and kernel.
-     */
-#if defined(AIX) || defined(HPUX) || defined(LINUX)
-    if( handleSigChild(env) != PR_SUCCESS ) {
-        return PR_FAILURE;
-    }
-#endif
-
-    /* NOTE:  Removed PR_Init() function since NSPR now self-initializes. */
-    /* PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 0); */
-
-    /* Obtain the mask containing the number of CPUs */
-    if( PR_GetThreadAffinityMask( PR_GetCurrentThread(), &mask ) ) {
-        JSS_throwMsg( env, SECURITY_EXCEPTION,
-                      "Failed to calculate number of CPUs" );
-        return PR_FAILURE;
-    }
-
-    /* Count the bits to calculate the number of CPUs in the machine */
-    while( mask != 0 ) {
-        cpus  += ( mask & template );
-        mask >>= 1;
-    }
-
-    /* Specify the concurrency */
-#if defined(WIN32) && !defined(WIN95)  /* WINNT (fiberous) */
-    /* Always specify at least a concurrency of 2 for (fiberous) Windows NT */
-    if( cpus <= 1 ) {
-        concurrency = 2;
-    } else {
-        concurrency = cpus;
-    }
-#else
-    if( cpus <= 1 ) {
-        concurrency = 1;
-    } else {
-        concurrency = cpus;
-    }
-#endif
-
-    /* Set the concurrency */
-    PR_SetConcurrency( concurrency );
-
-    RNG_RNGInit();
-    RNG_SystemInfoForRNG();
-
-    initialized = PR_TRUE;
-
-    return PR_SUCCESS;
-}
-
-/*
- * CryptoManager.initialize
- *
- * Initializes NSPR and the RNG only.
- */
-JNIEXPORT void JNICALL
-Java_org_mozilla_jss_CryptoManager_initializeNative
-  (JNIEnv *env, jclass clazz)
-{
-    if(simpleInitialize(env) != PR_SUCCESS ) {
-        PR_ASSERT( (*env)->ExceptionOccurred(env) );
-        return;
-    }
-}
-#endif
-
-#if 0
-/*
- * Callback for key database name.  Name is passed in through void* argument.
- */
-static char*
-keyDBNameCallback(void *arg, int dbVersion)
-{
-    PR_ASSERT(arg!=NULL);
-    if(dbVersion==3) {
-        return PL_strdup((char*)arg);
-    } else {
-        return PL_strdup("");
-    }
-}
-
-static char*
-certDBNameCallback(void *arg, int dbVersion)
-{
-    PR_ASSERT(arg!=NULL);
-    if(dbVersion == 7) {
-        return PL_strdup((char*)arg);
-    } else {
-        return PL_strdup("");
-    }
-}
-#endif

 /**********************************************************************
 * This is the PasswordCallback object that will be used to login
@ -445,39 +325,40 @@ Java_org_mozilla_jss_CryptoManager_initializeAllNative
                        );


-    szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL);
-    if( certPrefix != NULL && keyPrefix != NULL && secmodName != NULL ) {
-        /*
-        * Set up arguments to NSS_Initialize
-        */
-        szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL);
-        szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL);
-        szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL);
-        initFlags = 0;
-        if( readOnly ) {
-            initFlags |= NSS_INIT_READONLY;
-        }
+    if( ! NSS_IsInitialized() ) {
+        szConfigDir = (char*) (*env)->GetStringUTFChars(env, configDir, NULL);
+        if( certPrefix != NULL && keyPrefix != NULL && secmodName != NULL ) {
+            /*
+            * Set up arguments to NSS_Initialize
+            */
+            szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL);
+            szKeyPrefix = (char*) (*env)->GetStringUTFChars(env, keyPrefix, NULL);
+            szSecmodName = (char*) (*env)->GetStringUTFChars(env, secmodName, NULL);
+            initFlags = 0;
+            if( readOnly ) {
+                initFlags |= NSS_INIT_READONLY;
+            }

-        /*
-        * Initialize NSS.
-        */
-        rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix,
-                szSecmodName, initFlags);
-    } else {
-        if( readOnly ) {
-            rv = NSS_Init(szConfigDir);
+            /*
+            * Initialize NSS.
+            */
+            rv = NSS_Initialize(szConfigDir, szCertPrefix, szKeyPrefix,
+                    szSecmodName, initFlags);
        } else {
-            rv = NSS_InitReadWrite(szConfigDir);
+            if( readOnly ) {
+                rv = NSS_Init(szConfigDir);
+            } else {
+                rv = NSS_InitReadWrite(szConfigDir);
+            }
+        }
+
+        if( rv != SECSuccess ) {
+            JSS_throwMsg(env, SECURITY_EXCEPTION,
+                "Unable to initialize security library");
+            goto finish;
        }
    }

-    if( rv != SECSuccess ) {
-        JSS_throwMsg(env, SECURITY_EXCEPTION,
-            "Unable to initialize security library");
-        goto finish;
-    }
-        
-
 	/*
 	 * Set default password callback.  This is the only place this
 	 * should ever be called if you are using Ninja.
@ -516,13 +397,6 @@ Java_org_mozilla_jss_CryptoManager_initializeAllNative
    }
    JSS_javaVM = VMs[0];

-#if 0
-    if( NSS_SetDomesticPolicy() != SECSuccess ) {
-        JSS_throwMsg(env, SECURITY_EXCEPTION, "Unable to set domestic policy");
-        goto finish;
-    }
-#endif
-
    initialized = PR_TRUE;

 finish:
--- a/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
+++ b/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
@ -97,8 +97,7 @@ Java_org_mozilla_jss_pkcs11_PK11MessageDigest_initHMAC
    }

    /* copy the key, setting the CKA_SIGN attribute */
-    newKey = pk11_CopyToSlot(PK11_GetSlotFromKey(origKey), mech, CKA_SIGN,
-                origKey);
+    newKey = PK11_CopySymKeyForSigning(origKey, mech);
    if( newKey == NULL ) {
        JSS_throwMsg(env, DIGEST_EXCEPTION,
                        "Unable to set CKA_SIGN attribute on symmetric key");
--- a/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
+++ b/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
@ -56,64 +56,6 @@ typedef struct pk11KeyCallbackStr {
        void *wincx;
 } pk11KeyCallback;

-/* Traverse slots callback */
-typedef struct pk11TraverseSlotStr {
-    SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *);
-    void *callbackArg;
-    CK_ATTRIBUTE *findTemplate;
-    int templateCount;
-} pk11TraverseSlot;
-
-SECStatus pk11_DoKeys(PK11SlotInfo*, CK_OBJECT_HANDLE, void*);
-SECStatus PK11_TraverseSlot(PK11SlotInfo *, void*);
-
-/***********************************************************************
- * PK11_TraversePrivateKeysInSlot
- *
- * This is an HCL hack that traverses all the private keys on a slot.
- *
- * INPUTS
- *      slot
- *          The PKCS #11 slot whose private keys you want to traverse.
- *      callback
- *          A callback function that will be called for each key.
- *      arg
- *          An argument that will be passed to the callback function.
- */
-static SECStatus
-PK11_TraversePrivateKeysInSlot( PK11SlotInfo *slot,
-    SECStatus(* callback)(SECKEYPrivateKey*, void*), void *arg)
-{
-    pk11KeyCallback perKeyCB;
-    pk11TraverseSlot perObjectCB;
-    CK_OBJECT_CLASS privkClass = CKO_PRIVATE_KEY;
-    CK_ATTRIBUTE theTemplate[1];
-    int templateSize = 1;
-
-    theTemplate[0].type = CKA_CLASS;
-    theTemplate[0].pValue = &privkClass;
-    theTemplate[0].ulValueLen = sizeof(privkClass);
-
-    if(slot==NULL) {
-#ifdef DEBUG
-        PR_fprintf(PR_STDERR,
-            "Null slot passed to PK11_TraversePrivateKeysInSlot\n");
-        PR_ASSERT(PR_FALSE);
-#endif
-        return SECSuccess;
-    }
-
-    perObjectCB.callback = pk11_DoKeys;
-    perObjectCB.callbackArg = &perKeyCB;
-    perObjectCB.findTemplate = theTemplate;
-    perObjectCB.templateCount = templateSize;
-    perKeyCB.callback = callback;
-    perKeyCB.callbackArg = arg;
-    perKeyCB.wincx = NULL;
-
-    return PK11_TraverseSlot(slot, &perObjectCB);
-}
-
 /**********************************************************************
 * Callback information for keyTraversalCallback
 */
--- a/security/jss/samples/SigTest.java
+++ b/security/jss/samples/SigTest.java
@ -78,8 +78,7 @@ public class SigTest {

 		try {
            CryptoManager.InitializationValues vals = new
-                CryptoManager.InitializationValues(args[0], "foobar-", "foobar-",
-                "../secmodule.db");
+                CryptoManager.InitializationValues(args[0]);
            CryptoManager.initialize(vals);
 		    manager = CryptoManager.getInstance();

--- a/security/jss/samples/TokenAccessTest.java
+++ b/security/jss/samples/TokenAccessTest.java
@ -65,9 +65,7 @@ public class TokenAccessTest {
        }

        CryptoManager.InitializationValues vals = new
-            CryptoManager.InitializationValues( args[0]+"/secmodule.db",
-                                                args[0]+"/key3.db",
-				                                args[0]+"/cert7.db");
+            CryptoManager.InitializationValues( args[0] );
        CryptoManager.initialize(vals);
        try {
            manager = CryptoManager.getInstance();