Cache whether there are no CRL's and Trust objects on removable HW tokens
git-svn-id: svn://10.0.0.236/trunk@116101 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
relyea%netscape.com
parent
8f075ae6a7
commit
156fb9e6dc
@ -35,7 +35,7 @@
|
||||
#define DEV_H
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.20 $ $Date: 2002-03-07 22:07:48 $ $Name: not supported by cvs2svn $";
|
||||
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.21 $ $Date: 2002-03-07 23:21:32 $ $Name: not supported by cvs2svn $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef DEVT_H
|
||||
@ -281,6 +281,30 @@ nssToken_ImportTrust
|
||||
PRBool asTokenObject
|
||||
);
|
||||
|
||||
NSS_EXTERN PRStatus
|
||||
nssToken_SetTrustCache
|
||||
(
|
||||
NSSToken *tok
|
||||
);
|
||||
|
||||
NSS_EXTERN PRStatus
|
||||
nssToken_SetCrlCache
|
||||
(
|
||||
NSSToken *tok
|
||||
);
|
||||
|
||||
NSS_EXTERN PRBool
|
||||
nssToken_HasCrls
|
||||
(
|
||||
NSSToken *tok
|
||||
);
|
||||
|
||||
NSS_EXTERN PRStatus
|
||||
nssToken_SetHasCrls
|
||||
(
|
||||
NSSToken *tok
|
||||
);
|
||||
|
||||
NSS_EXTERN NSSPublicKey *
|
||||
nssToken_GenerateKeyPair
|
||||
(
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devobject.c,v $ $Revision: 1.20 $ $Date: 2002-03-07 22:07:49 $ $Name: not supported by cvs2svn $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devobject.c,v $ $Revision: 1.21 $ $Date: 2002-03-07 23:21:32 $ $Name: not supported by cvs2svn $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef DEV_H
|
||||
@ -916,11 +916,66 @@ nssToken_ImportTrust
|
||||
/* XXX Fix this! */
|
||||
nssListIterator_Destroy(trust->object.instances);
|
||||
trust->object.instances = nssList_CreateIterator(trust->object.instanceList);
|
||||
tok->hasNoTrust = PR_FALSE;
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT PRStatus
|
||||
nssToken_SetTrustCache
|
||||
(
|
||||
NSSToken *token
|
||||
)
|
||||
{
|
||||
CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST;
|
||||
CK_ATTRIBUTE_PTR attr;
|
||||
CK_ATTRIBUTE tobj_template[2];
|
||||
CK_ULONG tobj_size;
|
||||
CK_OBJECT_HANDLE obj;
|
||||
nssSession *session = token->defaultSession;
|
||||
|
||||
NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
|
||||
NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc);
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
|
||||
|
||||
obj = find_object_by_template(token, session,
|
||||
tobj_template, tobj_size);
|
||||
token->hasNoTrust = PR_FALSE;
|
||||
if (obj == CK_INVALID_HANDLE) {
|
||||
token->hasNoTrust = PR_TRUE;
|
||||
}
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT PRStatus
|
||||
nssToken_SetCrlCache
|
||||
(
|
||||
NSSToken *token
|
||||
)
|
||||
{
|
||||
CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_CRL;
|
||||
CK_ATTRIBUTE_PTR attr;
|
||||
CK_ATTRIBUTE tobj_template[2];
|
||||
CK_ULONG tobj_size;
|
||||
CK_OBJECT_HANDLE obj;
|
||||
nssSession *session = token->defaultSession;
|
||||
|
||||
NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
|
||||
NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc);
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
|
||||
|
||||
obj = find_object_by_template(token, session,
|
||||
tobj_template, tobj_size);
|
||||
token->hasNoCrls = PR_TRUE;
|
||||
if (obj == CK_INVALID_HANDLE) {
|
||||
token->hasNoCrls = PR_TRUE;
|
||||
}
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
static CK_OBJECT_HANDLE
|
||||
get_cert_trust_handle
|
||||
(
|
||||
@ -936,6 +991,10 @@ get_cert_trust_handle
|
||||
CK_ULONG tobj_size;
|
||||
PRUint8 sha1[20]; /* this is cheating... */
|
||||
NSSItem sha1_result;
|
||||
|
||||
if (token->hasNoTrust) {
|
||||
return CK_INVALID_HANDLE;
|
||||
}
|
||||
sha1_result.data = sha1; sha1_result.size = sizeof sha1;
|
||||
sha1_hash(&c->encoding, &sha1_result);
|
||||
NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
#define DEVT_H
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.12 $ $Date: 2002-03-07 22:07:50 $ $Name: not supported by cvs2svn $";
|
||||
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.13 $ $Date: 2002-03-07 23:21:33 $ $Name: not supported by cvs2svn $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
@ -132,6 +132,8 @@ struct NSSTokenStr
|
||||
nssSession *defaultSession;
|
||||
NSSTrustDomain *trustDomain;
|
||||
PRIntervalTime lastTime;
|
||||
PRBool hasNoTrust;
|
||||
PRBool hasNoCrls;
|
||||
#ifdef NSS_3_4_CODE
|
||||
PK11SlotInfo *pk11slot;
|
||||
nssList *certList; /* local cache of certs for slow tokens */
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.9 $ $Date: 2002-03-06 01:44:47 $ $Name: not supported by cvs2svn $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.10 $ $Date: 2002-03-07 23:21:33 $ $Name: not supported by cvs2svn $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef DEV_H
|
||||
@ -134,6 +134,8 @@ nssToken_Create
|
||||
rvToken->name = tokenName;
|
||||
rvToken->ckFlags = tokenInfo.flags;
|
||||
rvToken->defaultSession = session;
|
||||
rvToken->hasNoTrust = PR_FALSE;
|
||||
rvToken->hasNoCrls = PR_FALSE;
|
||||
if (mark) {
|
||||
nssrv = nssArena_Unmark(arena, mark);
|
||||
if (nssrv != PR_SUCCESS) {
|
||||
@ -279,6 +281,25 @@ nssToken_IsPresent
|
||||
}
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT PRBool
|
||||
nssToken_HasCrls
|
||||
(
|
||||
NSSToken *tok
|
||||
)
|
||||
{
|
||||
return !tok->hasNoCrls;
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT PRStatus
|
||||
nssToken_SetHasCrls
|
||||
(
|
||||
NSSToken *tok
|
||||
)
|
||||
{
|
||||
tok->hasNoCrls = PR_FALSE;
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
NSS_IMPLEMENT NSSItem *
|
||||
nssToken_Digest
|
||||
(
|
||||
|
||||
@ -3710,6 +3710,9 @@ PK11_FindCrlByName(PK11SlotInfo **slot, CK_OBJECT_HANDLE *crlHandle,
|
||||
|
||||
/* loop through all the fortezza tokens */
|
||||
for (le = list->head; le; le = le->next) {
|
||||
if (le->slot->nssToken && !nssToken_HasCrls(le->slot->nssToken)) {
|
||||
continue;
|
||||
}
|
||||
crlh = pk11_FindObjectByTemplate(le->slot,theTemplate,tsize);
|
||||
if (crlh != CK_INVALID_HANDLE) {
|
||||
*slot = PK11_ReferenceSlot(le->slot);
|
||||
@ -3806,6 +3809,10 @@ PK11_PutCrl(PK11SlotInfo *slot, SECItem *crl, SECItem *name,
|
||||
}
|
||||
|
||||
PK11_RestoreROSession(slot,rwsession);
|
||||
|
||||
if (slot->nssToken) {
|
||||
nssToken_SetHasCrls(slot->nssToken);
|
||||
}
|
||||
return crlh;
|
||||
}
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.42 $ $Date: 2002-03-07 22:53:40 $ $Name: not supported by cvs2svn $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.43 $ $Date: 2002-03-07 23:21:39 $ $Name: not supported by cvs2svn $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
@ -264,6 +264,9 @@ nssToken_LoadCerts(NSSToken *token)
|
||||
}
|
||||
/* ignore the rv, just work without the list */
|
||||
(void)nssToken_TraverseCertificates(token, NULL, &search);
|
||||
(void)nssToken_SetTrustCache(token);
|
||||
(void)nssToken_SetCrlCache(token);
|
||||
|
||||
/* even if there are no certs, leave a valid list pointer should
|
||||
* any be imported. Having the pointer will also prevent searches,
|
||||
* see below.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user