Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/security/nss/lib/dev/devm.h
relyea%netscape.com 034136c5db Token and cert processing fixes: 
1) use NewTempCert rather than DERDecode cert in all import cert cases.
When DERDecode cert is used, we may wind up with a cert that gets cleared
when we try to import it because it already in the cache. NewTempCert will
return the version that is in the cache.
   2) If we are returning the CAList, only return certs that are CA's
(not usercerts).
   3) Authenticate to all the tokens if necessary before we try to list
certs. (Stan code should eventually get automatic authentication calls in
the code itself).
   4) When looking up user certs, don't return those certs with the same
subject, but do not have any key material associated with them (that is
don't crash if we have old certs in our database without nicknames, but
match user certs on our smart cards).
   5) Save the nickname associated with our subject list in the temp
cache so we can correctly remove the entry even if the cert's nickname
changes (because of smart card insertions and removals, or because of
creation and deletions of our user cert).


git-svn-id: svn://10.0.0.236/trunk@119557 18797224-902f-48f8-a5cc-f745e15eee43
2002-04-22 19:09:01 +00:00

243 lines
4.6 KiB
C
Raw Blame History

/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifndef DEVM_H
#define DEVM_H
#ifdef DEBUG
static const char DEVM_CVS_ID[] = "@(#) $RCSfile: devm.h,v $ $Revision: 1.8 $ $Date: 2002-04-22 19:08:54 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#ifndef DEV_H
#include "dev.h"
#endif /* DEV_H */
#ifndef DEVTM_H
#include "devtm.h"
#endif /* DEVTM_H */
PR_BEGIN_EXTERN_C
/* Shortcut to cryptoki API functions. */
#define CKAPI(epv) \
((CK_FUNCTION_LIST_PTR)(epv))
NSS_EXTERN void
nssDevice_AddRef
(
struct nssDeviceBaseStr *device
);
NSS_EXTERN PRBool
nssDevice_Destroy
(
struct nssDeviceBaseStr *device
);
NSS_EXTERN PRBool
nssModule_IsThreadSafe
(
NSSModule *module
);
NSS_EXTERN PRBool
nssModule_IsInternal
(
NSSModule *mod
);
NSS_EXTERN PRBool
nssModule_IsModuleDBOnly
(
NSSModule *mod
);
NSS_EXTERN void *
nssModule_GetCryptokiEPV
(
NSSModule *mod
);
NSS_EXTERN NSSSlot *
nssSlot_Create
(
CK_SLOT_ID slotId,
NSSModule *parent
);
NSS_EXTERN void *
nssSlot_GetCryptokiEPV
(
NSSSlot *slot
);
NSS_EXTERN NSSToken *
nssToken_Create
(
CK_SLOT_ID slotID,
NSSSlot *peer
);
NSS_EXTERN void *
nssToken_GetCryptokiEPV
(
NSSToken *token
);
NSS_EXTERN nssSession *
nssToken_GetDefaultSession
(
NSSToken *token
);
NSS_EXTERN PRBool
nssToken_IsLoginRequired
(
NSSToken *token
);
NSS_EXTERN void
nssToken_Remove
(
NSSToken *token
);
NSS_EXTERN nssCryptokiObject *
nssCryptokiObject_Create
(
NSSToken *t,
nssSession *session,
CK_OBJECT_HANDLE h
);
NSS_EXTERN nssTokenObjectCache *
nssTokenObjectCache_Create
(
NSSToken *token,
PRBool cacheCerts,
PRBool cacheTrust,
PRBool cacheCRLs
);
NSS_EXTERN void
nssTokenObjectCache_Destroy
(
nssTokenObjectCache *cache
);
NSS_EXTERN void
nssTokenObjectCache_Clear
(
nssTokenObjectCache *cache
);
NSS_EXTERN PRBool
nssTokenObjectCache_HaveObjectClass
(
nssTokenObjectCache *cache,
CK_OBJECT_CLASS objclass
);
NSS_EXTERN nssCryptokiObject **
nssTokenObjectCache_FindObjectsByTemplate
(
nssTokenObjectCache *cache,
CK_OBJECT_CLASS objclass,
CK_ATTRIBUTE_PTR otemplate,
CK_ULONG otlen,
PRUint32 maximumOpt,
PRStatus *statusOpt
);
NSS_EXTERN PRStatus
nssTokenObjectCache_GetObjectAttributes
(
nssTokenObjectCache *cache,
NSSArena *arenaOpt,
nssCryptokiObject *object,
CK_OBJECT_CLASS objclass,
CK_ATTRIBUTE_PTR atemplate,
CK_ULONG atlen
);
NSS_EXTERN PRStatus
nssTokenObjectCache_ImportObject
(
nssTokenObjectCache *cache,
nssCryptokiObject *object,
CK_OBJECT_CLASS objclass,
CK_ATTRIBUTE_PTR ot,
CK_ULONG otlen
);
NSS_EXTERN PRStatus
nssTokenObjectCache_RemoveObject
(
nssTokenObjectCache *cache,
nssCryptokiObject *object
);
/* XXX allows peek back into token */
NSS_EXTERN PRStatus
nssToken_GetCachedObjectAttributes
(
NSSToken *token,
NSSArena *arenaOpt,
nssCryptokiObject *object,
CK_OBJECT_CLASS objclass,
CK_ATTRIBUTE_PTR atemplate,
CK_ULONG atlen
);
/* PKCS#11 stores strings in a fixed-length buffer padded with spaces. This
* function gets the length of the actual string.
*/
NSS_EXTERN PRUint32
nssPKCS11String_Length
(
CK_CHAR *pkcs11str,
PRUint32 bufLen
);
PR_END_EXTERN_C
#endif /* DEV_H */
Reference in New Issue View Git Blame Copy Permalink