Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
landing new smart card cache, bug 135429
  • Loading branch information
ian.mcgreer%sun.com committed Apr 18, 2002
1 parent 69f08ed commit 417b04b
Show file tree
Hide file tree
Showing 22 changed files with 1,686 additions and 736 deletions.
95 changes: 76 additions & 19 deletions security/nss/lib/dev/ckhelper.c
Expand Up @@ -357,14 +357,10 @@ nssCryptokiCertificate_GetAttributes
return PR_SUCCESS;
}

#ifdef PURE_STAN_BUILD
status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt,
certObject, CKO_CERTIFICATE,
cert_template, template_size);
if (status != PR_SUCCESS) {
#else
if (PR_TRUE) {
#endif

session = sessionOpt ?
sessionOpt :
Expand Down Expand Up @@ -577,15 +573,11 @@ nssCryptokiTrust_GetAttributes
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust);
NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size);

#ifdef PURE_STAN_BUILD
status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL,
trustObject,
CKO_NETSCAPE_TRUST,
trust_template, trust_size);
if (status != PR_SUCCESS) {
#else
if (PR_TRUE) {
#endif
session = sessionOpt ?
sessionOpt :
nssToken_GetDefaultSession(trustObject->token);
Expand All @@ -607,16 +599,15 @@ nssCryptokiTrust_GetAttributes
return PR_SUCCESS;
}

#ifdef PURE_STAN_BUILD
NSS_IMPLEMENT PRStatus
nssCryptokiCRL_GetAttributes
(
nssCryptokiObject *crlObject,
nssSession *sessionOpt,
NSSArena *arenaOpt,
NSSItem *crl,
NSSItem *krl,
NSSItem *url
NSSItem *encodingOpt,
NSSUTF8 **urlOpt,
PRBool *isKRLOpt
)
{
PRStatus status;
Expand All @@ -626,12 +617,19 @@ nssCryptokiCRL_GetAttributes
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE crl_template[5];
CK_ULONG crl_size;
PRUint32 i;

NSS_CK_TEMPLATE_START(crl_template, attr, crl_size);
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken);
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NETSCAPE_KRL);
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NETSCAPE_URL);
if (encodingOpt) {
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
}
if (urlOpt) {
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NETSCAPE_URL);
}
if (isKRLOpt) {
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NETSCAPE_KRL);
}
NSS_CK_TEMPLATE_FINISH(crl_template, attr, crl_size);

status = nssToken_GetCachedObjectAttributes(crlObject->token, NULL,
Expand All @@ -653,10 +651,69 @@ nssCryptokiCRL_GetAttributes
}
}

NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[0], crl);
NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[1], krl);
NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[2], url);
i=0;
if (encodingOpt) {
NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt); i++;
}
if (urlOpt) {
NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt); i++;
}
if (isKRLOpt) {
NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt); i++;
}
return PR_SUCCESS;
}
#endif /* PURE_STAN_BUILD */

NSS_IMPLEMENT PRStatus
nssCryptokiPrivateKey_SetCertificate
(
nssCryptokiObject *keyObject,
nssSession *sessionOpt,
NSSUTF8 *nickname,
NSSItem *id,
NSSDER *subject
)
{
CK_RV ckrv;
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE key_template[3];
CK_ULONG key_size;
void *epv = nssToken_GetCryptokiEPV(keyObject->token);
nssSession *session;
NSSToken *token = keyObject->token;
nssSession *defaultSession = nssToken_GetDefaultSession(token);
PRBool createdSession = PR_FALSE;

NSS_CK_TEMPLATE_START(key_template, attr, key_size);
NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
NSS_CK_TEMPLATE_FINISH(key_template, attr, key_size);

if (sessionOpt) {
if (!nssSession_IsReadWrite(sessionOpt)) {
return PR_FAILURE;
} else {
session = sessionOpt;
}
} else if (nssSession_IsReadWrite(defaultSession)) {
session = defaultSession;
} else {
NSSSlot *slot = nssToken_GetSlot(token);
session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
createdSession = PR_TRUE;
nssSlot_Destroy(slot);
}

ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle,
keyObject->handle,
key_template,
key_size);

if (createdSession) {
nssSession_Destroy(session);
}

return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}

9 changes: 9 additions & 0 deletions security/nss/lib/dev/ckhelper.h
Expand Up @@ -109,6 +109,15 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
(item)->size = 0; \
}

#define NSS_CK_ATTRIBUTE_TO_BOOL(attrib, boolvar) \
if ((attrib)->ulValueLen > 0) { \
if (*((CK_BBOOL*)(attrib)->pValue) == CK_TRUE) { \
boolvar = PR_TRUE; \
} else { \
boolvar = PR_FALSE; \
} \
}

/* NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str)
*
* Convert a CK_ATTRIBUTE to a string.
Expand Down
56 changes: 29 additions & 27 deletions security/nss/lib/dev/dev.h
Expand Up @@ -377,6 +377,7 @@ nssSlot_CreateSession
* nssToken_FindTrustObjects
* nssToken_FindTrustForCertificate
* nssToken_FindCRLs
* nssToken_FindCRLsBySubject
* nssToken_FindPrivateKeys
* nssToken_FindPrivateKeyByID
* nssToken_Digest
Expand Down Expand Up @@ -576,6 +577,17 @@ nssToken_FindCRLs
PRStatus *statusOpt
);

NSS_EXTERN nssCryptokiObject **
nssToken_FindCRLsBySubject
(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *subject,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt
);

NSS_EXTERN nssCryptokiObject **
nssToken_FindPrivateKeys
(
Expand Down Expand Up @@ -740,9 +752,23 @@ nssCryptokiCRL_GetAttributes
nssCryptokiObject *crlObject,
nssSession *sessionOpt,
NSSArena *arenaOpt,
NSSItem *crl,
NSSItem *krl,
NSSItem *url
NSSItem *encodingOpt,
NSSUTF8 **urlOpt,
PRBool *isKRLOpt
);

/* I'm including this to handle import of certificates in NSS 3.5. This
* function will set the cert-related attributes of a key, in order to
* associate it with a cert. Does it stay like this for 4.0?
*/
NSS_EXTERN PRStatus
nssCryptokiPrivateKey_SetCertificate
(
nssCryptokiObject *keyObject,
nssSession *sessionOpt,
NSSUTF8 *nickname,
NSSItem *id,
NSSDER *subject
);

NSS_EXTERN void
Expand Down Expand Up @@ -914,30 +940,6 @@ nssToken_GetDefaultSession
NSSToken *token
);

NSS_EXTERN PRStatus
nssToken_SetTrustCache
(
NSSToken *tok
);

NSS_EXTERN PRStatus
nssToken_SetCrlCache
(
NSSToken *tok
);

NSS_EXTERN PRBool
nssToken_HasCrls
(
NSSToken *tok
);

NSS_EXTERN PRStatus
nssToken_SetHasCrls
(
NSSToken *tok
);

NSS_EXTERN PRStatus
nssToken_GetTrustOrder
(
Expand Down
72 changes: 72 additions & 0 deletions security/nss/lib/dev/devm.h
Expand Up @@ -142,6 +142,78 @@ nssCryptokiObject_Create
CK_OBJECT_HANDLE h
);

NSS_EXTERN nssTokenObjectCache *
nssTokenObjectCache_Create
(
NSSToken *token,
PRBool cacheCerts,
PRBool cacheTrust,
PRBool cacheCRLs
);

NSS_EXTERN void
nssTokenObjectCache_Destroy
(
nssTokenObjectCache *cache
);

NSS_EXTERN PRBool
nssTokenObjectCache_HaveObjectClass
(
nssTokenObjectCache *cache,
CK_OBJECT_CLASS objclass
);

NSS_EXTERN nssCryptokiObject **
nssTokenObjectCache_FindObjectsByTemplate
(
nssTokenObjectCache *cache,
CK_OBJECT_CLASS objclass,
CK_ATTRIBUTE_PTR otemplate,
CK_ULONG otlen,
PRUint32 maximumOpt
);

NSS_EXTERN PRStatus
nssTokenObjectCache_GetObjectAttributes
(
nssTokenObjectCache *cache,
NSSArena *arenaOpt,
nssCryptokiObject *object,
CK_OBJECT_CLASS objclass,
CK_ATTRIBUTE_PTR atemplate,
CK_ULONG atlen
);

NSS_EXTERN PRStatus
nssTokenObjectCache_ImportObject
(
nssTokenObjectCache *cache,
nssCryptokiObject *object,
CK_OBJECT_CLASS objclass,
CK_ATTRIBUTE_PTR ot,
CK_ULONG otlen
);

NSS_EXTERN PRStatus
nssTokenObjectCache_RemoveObject
(
nssTokenObjectCache *cache,
nssCryptokiObject *object
);

/* XXX allows peek back into token */
NSS_EXTERN PRStatus
nssToken_GetCachedObjectAttributes
(
NSSToken *token,
NSSArena *arenaOpt,
nssCryptokiObject *object,
CK_OBJECT_CLASS objclass,
CK_ATTRIBUTE_PTR atemplate,
CK_ULONG atlen
);

/* PKCS#11 stores strings in a fixed-length buffer padded with spaces. This
* function gets the length of the actual string.
*/
Expand Down
12 changes: 7 additions & 5 deletions security/nss/lib/dev/devslot.c
Expand Up @@ -177,11 +177,13 @@ nssSlot_Destroy
)
{
#ifdef PURE_STAN_BUILD
PR_AtomicDecrement(&slot->base.refCount);
if (slot->base.refCount == 0) {
nssToken_Destroy(slot->token);
nssModule_DestroyFromSlot(slot->module, slot);
return nssArena_Destroy(slot->base.arena);
if (slot) {
PR_AtomicDecrement(&slot->base.refCount);
if (slot->base.refCount == 0) {
nssToken_Destroy(slot->token);
nssModule_DestroyFromSlot(slot->module, slot);
return nssArena_Destroy(slot->base.arena);
}
}
#endif
return PR_SUCCESS;
Expand Down
7 changes: 3 additions & 4 deletions security/nss/lib/dev/devt.h
Expand Up @@ -82,6 +82,8 @@ struct nssDeviceBaseStr
PRUint32 flags;
};

typedef struct nssTokenObjectCacheStr nssTokenObjectCache;

/* XXX until devobject.c goes away */
struct NSSTokenStr
{
Expand All @@ -93,12 +95,9 @@ struct NSSTokenStr
nssSession *defaultSession;
NSSTrustDomain *trustDomain;
PRIntervalTime lastTime;
PRBool hasNoTrust;
PRBool hasNoCrls;
nssTokenObjectCache *cache;
#ifdef NSS_3_4_CODE
PK11SlotInfo *pk11slot;
nssList *certList; /* local cache of certs for slow tokens */
PRBool loggedIn;
#endif
};

Expand Down
2 changes: 0 additions & 2 deletions security/nss/lib/dev/devtm.h
Expand Up @@ -53,8 +53,6 @@ PR_BEGIN_EXTERN_C

#define MAX_LOCAL_CACHE_OBJECTS 10

typedef struct nssTokenObjectCacheStr nssTokenObjectCache;

PR_END_EXTERN_C

#endif /* DEVTM_H */

0 comments on commit 417b04b

Please sign in to comment.