diff --git a/lib/pk11wrap/pk11priv.h b/lib/pk11wrap/pk11priv.h index 7567ecc342..9281923fac 100644 --- a/lib/pk11wrap/pk11priv.h +++ b/lib/pk11wrap/pk11priv.h @@ -14,6 +14,7 @@ #include "seccomon.h" #include "pkcs7t.h" #include "cmsreclist.h" +#include "pkcs11uri.h" /* * These are the private NSS functions. They are not exported by nss.def, and @@ -39,6 +40,7 @@ int PK11_GetMaxKeyLength(CK_MECHANISM_TYPE type); * Generic Slot Management ************************************************************/ CK_OBJECT_HANDLE PK11_CopyKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject); +PRBool pk11_MatchUriTokenInfo(PK11SlotInfo *slot, PK11URI *uri); SECStatus PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id, CK_ATTRIBUTE_TYPE type, PLArenaPool *arena, SECItem *result); CK_ULONG PK11_ReadULongAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id, diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c index 7efe9c3c4d..db805c14cd 100644 --- a/lib/pk11wrap/pk11slot.c +++ b/lib/pk11wrap/pk11slot.c @@ -1851,6 +1851,46 @@ PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info) return SECSuccess; } +PRBool +pk11_MatchUriTokenInfo(PK11SlotInfo *slot, PK11URI *uri) +{ + const char *value; + + value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_TOKEN); + if (value) { + if (!pk11_MatchString(value, (char *)slot->tokenInfo.label, + sizeof(slot->tokenInfo.label))) { + return PR_FALSE; + } + } + + value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_MANUFACTURER); + if (value) { + if (!pk11_MatchString(value, (char *)slot->tokenInfo.manufacturerID, + sizeof(slot->tokenInfo.manufacturerID))) { + return PR_FALSE; + } + } + + value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_SERIAL); + if (value) { + if (!pk11_MatchString(value, (char *)slot->tokenInfo.serialNumber, + sizeof(slot->tokenInfo.serialNumber))) { + return PR_FALSE; + } + } + + value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_MODEL); + if (value) { + if (!pk11_MatchString(value, (char *)slot->tokenInfo.model, + sizeof(slot->tokenInfo.model))) { + return PR_FALSE; + } + } + + return PR_TRUE; +} + /* Find out if we need to initialize the user's pin */ PRBool PK11_NeedUserInit(PK11SlotInfo *slot) diff --git a/lib/pki/nsspki.h b/lib/pki/nsspki.h index 28780c3757..0ecec08260 100644 --- a/lib/pki/nsspki.h +++ b/lib/pki/nsspki.h @@ -23,6 +23,8 @@ #include "base.h" #endif /* BASE_H */ +#include "pkcs11uri.h" + PR_BEGIN_EXTERN_C /* @@ -1301,6 +1303,16 @@ NSSTrustDomain_IsTokenEnabled( NSSToken *token, NSSError *whyOpt); +/* + * NSSTrustDomain_FindTokensByURI + * + */ + +NSS_EXTERN NSSToken ** +NSSTrustDomain_FindTokensByURI( + NSSTrustDomain *td, + PK11URI *uri); + /* * NSSTrustDomain_FindSlotByName * diff --git a/lib/pki/trustdomain.c b/lib/pki/trustdomain.c index 56bcaf8efd..151b888750 100644 --- a/lib/pki/trustdomain.c +++ b/lib/pki/trustdomain.c @@ -14,6 +14,7 @@ #include "pki3hack.h" #include "pk11pub.h" #include "nssrwlk.h" +#include "pk11priv.h" #define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32 @@ -234,6 +235,37 @@ NSSTrustDomain_FindSlotByName( return NULL; } +NSS_IMPLEMENT NSSToken ** +NSSTrustDomain_FindTokensByURI( + NSSTrustDomain *td, + PK11URI *uri) +{ + NSSToken *tok = NULL; + PK11SlotInfo *slotinfo; + NSSToken **tokens; + int count, i = 0; + + NSSRWLock_LockRead(td->tokensLock); + count = nssList_Count(td->tokenList); + tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1); + if (!tokens) { + return NULL; + } + for (tok = (NSSToken *)nssListIterator_Start(td->tokens); + tok != (NSSToken *)NULL; + tok = (NSSToken *)nssListIterator_Next(td->tokens)) { + if (nssToken_IsPresent(tok)) { + slotinfo = tok->pk11slot; + if (pk11_MatchUriTokenInfo(slotinfo, uri)) + tokens[i++] = nssToken_AddRef(tok); + } + } + tokens[i] = NULL; + nssListIterator_Finish(td->tokens); + NSSRWLock_UnlockRead(td->tokensLock); + return tokens; +} + NSS_IMPLEMENT NSSToken * NSSTrustDomain_FindTokenByName( NSSTrustDomain *td,