diff --git a/security/nss/lib/pki/certificate.c b/security/nss/lib/pki/certificate.c index 33c0f6808ccb..b0f7c35c3f96 100644 --- a/security/nss/lib/pki/certificate.c +++ b/security/nss/lib/pki/certificate.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.3 $ $Date: 2001/09/18 20:54:57 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.4 $ $Date: 2001/09/20 20:40:03 $ $Name: $"; #endif /* DEBUG */ #ifndef NSSPKI_H @@ -76,11 +76,15 @@ NSSCertificate_GetID static NSSCertificate * NSSCertificate_Create ( - /* blah blah blah */ + NSSArena *arenaOpt ) { NSSArena *arena; NSSCertificate *rvCert; + arena = (arenaOpt) ? arenaOpt : nssArena_Create(); + if (!arena) { + goto loser; + } arena = NSSArena_Create(); if(!arena) { return (NSSCertificate *)NULL; @@ -90,10 +94,12 @@ NSSCertificate_Create goto loser; } rvCert->refCount = 1; - rvCert->arena = arena; + if (!arenaOpt) { + rvCert->arena = arena; + } return rvCert; loser: - if (arena) { + if (!arenaOpt && arena) { nssArena_Destroy(arena); } return (NSSCertificate *)NULL; @@ -103,12 +109,14 @@ loser: NSS_IMPLEMENT NSSCertificate * NSSCertificate_CreateFromHandle ( + NSSArena *arenaOpt, CK_OBJECT_HANDLE object, nssSession *session, NSSSlot *slot ) { NSSCertificate *rvCert; + NSSArena *arena; PRStatus nssrv; CK_ULONG template_size; CK_ATTRIBUTE cert_template[] = { @@ -117,13 +125,13 @@ NSSCertificate_CreateFromHandle { CKA_LABEL, NULL, 0 }, }; template_size = sizeof(cert_template) / sizeof(cert_template[0]); - rvCert = NSSCertificate_Create(); + rvCert = NSSCertificate_Create(arenaOpt); if (!rvCert) { return (NSSCertificate *)NULL; } rvCert->handle = object; rvCert->slot = slot; - nssrv = NSSCKObject_GetAttributes(object, cert_template, template_size, + nssrv = nssCKObject_GetAttributes(object, cert_template, template_size, rvCert->arena, session, rvCert->slot); if (nssrv) { /* okay, but if failed because one of the attributes could not be diff --git a/security/nss/lib/pki/pki.h b/security/nss/lib/pki/pki.h index 7f811ce2af64..adeb36d923e2 100644 --- a/security/nss/lib/pki/pki.h +++ b/security/nss/lib/pki/pki.h @@ -35,7 +35,7 @@ #define PKI_H #ifdef DEBUG -static const char PKI_CVS_ID[] = "@(#) $RCSfile: pki.h,v $ $Revision: 1.2 $ $Date: 2001/09/18 20:54:57 $ $Name: $"; +static const char PKI_CVS_ID[] = "@(#) $RCSfile: pki.h,v $ $Revision: 1.3 $ $Date: 2001/09/20 20:40:03 $ $Name: $"; #endif /* DEBUG */ PR_BEGIN_EXTERN_C @@ -47,6 +47,7 @@ PR_BEGIN_EXTERN_C NSS_EXTERN NSSCertificate * NSSCertificate_CreateFromHandle ( + NSSArena *arenaOpt, CK_OBJECT_HANDLE object, nssSession *session, NSSSlot *slot diff --git a/security/nss/lib/pki/pkit.h b/security/nss/lib/pki/pkit.h index faf3992dd8d8..34f4b67ba133 100644 --- a/security/nss/lib/pki/pkit.h +++ b/security/nss/lib/pki/pkit.h @@ -35,7 +35,7 @@ #define PKIT_H #ifdef DEBUG -static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.1 $ $Date: 2001/09/13 22:16:22 $ $Name: $"; +static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.2 $ $Date: 2001/09/20 20:40:03 $ $Name: $"; #endif /* DEBUG */ /* @@ -48,6 +48,10 @@ static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.1 $ $D #include "nssbaset.h" #endif /* NSSBASET_H */ +#ifndef BASET_H +#include "baset.h" +#endif /* BASET_H */ + #ifndef NSSCKT_H #include "nssckt.h" #endif /* NSSCKT_H */ @@ -60,23 +64,26 @@ static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.1 $ $D #include "devt.h" #endif /* DEVT_H */ +#ifndef DEVT_H +#include "devt.h" +#endif /* DEVT_H */ + PR_BEGIN_EXTERN_C #define NSSPTR_ADD_REF(p) ((p)->refCount++) struct NSSCertificateStr { - PRInt32 refCount; - NSSArena *arena; - /*NSSDecodedCert certData;*/ - NSSItem id; - NSSItem der; - NSSItem label; - CK_OBJECT_HANDLE handle; - NSSSlot *slot; - NSSTrustDomain *trustDomain; + PRInt32 refCount; + NSSArena *arena; + NSSItem id; + NSSItem der; + NSSItem label; + CK_OBJECT_HANDLE handle; + NSSSlot *slot; + NSSTrustDomain *trustDomain; NSSCryptoContext *cryptoContext; - NSSTrust *trust; + NSSTrust *trust; }; struct NSSPrivateKeyStr; @@ -86,22 +93,18 @@ struct NSSPublicKeyStr; struct NSSSymmetricKeyStr; struct NSSTrustDomainStr { - PRInt32 refCount; + PRInt32 refCount; NSSArena *arena; - NSSModule *module; /* XXX NSSList *modules; */ - /* (list not defined yet) */ + NSSCallback defaultCallback; + nssList *moduleList; + nssListIterator *modules; + nssHash *certCache; }; struct NSSCryptoContextStr { - PRInt32 refCount; - NSSArena *arena; - CK_SESSION_HANDLE session; - void *epv; - NSSTrustDomain *trustDomain; - NSSCallback *defaultCallback; - NSSCertificate **certificates; - PRInt32 numCertificates; + PRInt32 refCount; + NSSArena *arena; }; struct NSSTimeStr; diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index a4bd603b71ac..996b0e0c11fc 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.4 $ $Date: 2001/09/19 21:49:52 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.5 $ $Date: 2001/09/20 20:40:03 $ $Name: $"; #endif /* DEBUG */ #ifndef NSSPKI_H @@ -68,12 +68,34 @@ NSSTrustDomain_Create } rvTD = nss_ZNEW(arena, NSSTrustDomain); if (!rvTD) { - nssArena_Destroy(arena); - return (NSSTrustDomain *)NULL; + goto loser; + } + rvTD->moduleList = nssList_Create(arena, PR_TRUE); + if (!rvTD->moduleList) { + goto loser; + } + rvTD->modules = nssList_CreateIterator(rvTD->moduleList); + if (!rvTD->modules) { + goto loser; } rvTD->arena = arena; rvTD->refCount = 1; return rvTD; +loser: + nssArena_Destroy(arena); + return (NSSTrustDomain *)NULL; +} + +static void +token_destructor(void *tok) +{ + (void)nssToken_Destroy((NSSToken *)tok); +} + +static void +module_destructor(void *mod) +{ + (void)nssModule_Destroy((NSSModule *)mod); } NSS_IMPLEMENT PRStatus @@ -83,7 +105,11 @@ NSSTrustDomain_Destroy ) { if (--td->refCount == 0) { - nssModule_Destroy(td->module); + /* Destroy each module in the list of modules */ + if (td->moduleList) { + nssList_DestroyElements(td->moduleList, module_destructor); + } + /* Destroy the trust domain */ nssArena_Destroy(td->arena); } return PR_SUCCESS; @@ -129,9 +155,9 @@ NSSTrustDomain_LoadModule if (moduleOpt) { module = nssModule_Create(moduleOpt, uriOpt, opaqueOpt, reserved); nssModule_Load(module); - td->module = module; + nssList_AddElement(td->moduleList, (void *)module); #ifdef DEBUG - nssModule_Debug(td->module); + nssModule_Debug(module); #endif } return PR_SUCCESS; @@ -348,8 +374,11 @@ NSSTrustDomain_FindCertificatesByNickname ) { PRStatus nssrv; + PRUint32 i, count; NSSCertificate **certs; - NSSToken *tok = td->module->slots[0]->token; + NSSToken *tok; + NSSModule *mod; + nssList *foundCerts; CK_ATTRIBUTE cert_template[] = { { CKA_CLASS, g_ck_class_cert.data, g_ck_class_cert.size }, @@ -359,13 +388,41 @@ NSSTrustDomain_FindCertificatesByNickname ctsize = (CK_ULONG)(sizeof(cert_template) / sizeof(cert_template[0])); cert_template[1].pValue = (CK_VOID_PTR)name; cert_template[1].ulValueLen = (CK_ULONG)nssUTF8_Length(name, &nssrv); - certs = nssToken_FindCertificatesByTemplate(tok, NULL, NULL, 0, NULL, - cert_template, ctsize); - if (!certs) { - cert_template[1].ulValueLen++; - certs = nssToken_FindCertificatesByTemplate(tok, NULL, NULL, 0, NULL, - cert_template, ctsize); + foundCerts = nssList_Create(NULL, PR_FALSE); + /* This will really be done through the search order, probably a + * token array + */ + for (mod = (NSSModule *)nssListIterator_Start(td->modules); + mod != (NSSModule *)NULL; + mod = (NSSModule *)nssListIterator_Next(td->modules)) + { + for (i=0; inumSlots; i++) { + /* XXX not right at all */ + tok = mod->slots[i]->token; + nssrv = nssToken_FindCertificatesByTemplate(tok, NULL, + foundCerts, maximumOpt, + arenaOpt, + cert_template, ctsize); + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + */ + cert_template[1].ulValueLen++; + nssrv = nssToken_FindCertificatesByTemplate(tok, NULL, + foundCerts, maximumOpt, + arenaOpt, + cert_template, ctsize); + cert_template[1].ulValueLen--; + } } + nssListIterator_Finish(td->modules); + if (rvOpt) { + certs = rvOpt; + } else { + count = nssList_Count(foundCerts); + certs = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, count + 1); + } + nssrv = nssList_GetArray(foundCerts, (void **)certs, count); + nssList_Destroy(foundCerts); return certs; } @@ -590,8 +647,16 @@ NSSTrustDomain_TraverseCertificates void *arg ) { + NSSModule *mod; /* Do module->slot->token, or just slotarray->tokens? */ - return nssModule_TraverseCertificates(td->module, callback, arg); + for (mod = (NSSModule *)nssListIterator_Start(td->modules); + mod != (NSSModule *)NULL; + mod = (NSSModule *)nssListIterator_Next(td->modules)) + { + nssModule_TraverseCertificates(mod, callback, arg); + } + nssListIterator_Finish(td->modules); + return PR_SUCCESS; } NSS_IMPLEMENT PRStatus