diff options
author | Lorry <lorry@roadtrain.codethink.co.uk> | 2012-07-18 20:31:20 +0100 |
---|---|---|
committer | Lorry <lorry@roadtrain.codethink.co.uk> | 2012-07-18 20:31:20 +0100 |
commit | e43ad1f4ce7f1504e6f01fc8a90d5c0398013383 (patch) | |
tree | 03504d9d81336081b899c9f34cc0f66801caf67c /mozilla/security/nss/lib/softoken/legacydb/lgdestroy.c | |
download | nss-e43ad1f4ce7f1504e6f01fc8a90d5c0398013383.tar.gz |
Tarball conversion
Diffstat (limited to 'mozilla/security/nss/lib/softoken/legacydb/lgdestroy.c')
-rw-r--r-- | mozilla/security/nss/lib/softoken/legacydb/lgdestroy.c | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/mozilla/security/nss/lib/softoken/legacydb/lgdestroy.c b/mozilla/security/nss/lib/softoken/legacydb/lgdestroy.c new file mode 100644 index 0000000..37db2e5 --- /dev/null +++ b/mozilla/security/nss/lib/softoken/legacydb/lgdestroy.c @@ -0,0 +1,144 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * Internal PKCS #11 functions. Should only be called by pkcs11.c + */ +#include "pkcs11.h" +#include "lgdb.h" +#include "pcert.h" +#include "lowkeyi.h" + +/* + * remove an object. + */ +CK_RV +lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id) +{ + CK_RV crv = CKR_OK; + SECStatus rv; + NSSLOWCERTCertificate *cert; + NSSLOWCERTCertTrust tmptrust; + PRBool isKrl; + NSSLOWKEYDBHandle *keyHandle; + NSSLOWCERTCertDBHandle *certHandle; + const SECItem *dbKey; + + object_id &= ~LG_TOKEN_MASK; + dbKey = lg_lookupTokenKeyByHandle(sdb,object_id); + if (dbKey == NULL) { + return CKR_OBJECT_HANDLE_INVALID; + } + + /* remove the objects from the real data base */ + switch (object_id & LG_TOKEN_TYPE_MASK) { + case LG_TOKEN_TYPE_PRIV: + case LG_TOKEN_TYPE_KEY: + /* KEYID is the public KEY for DSA and DH, and the MODULUS for + * RSA */ + keyHandle = lg_getKeyDB(sdb); + if (!keyHandle) { + crv = CKR_TOKEN_WRITE_PROTECTED; + break; + } + rv = nsslowkey_DeleteKey(keyHandle, dbKey); + if (rv != SECSuccess) { + crv = CKR_DEVICE_ERROR; + } + break; + case LG_TOKEN_TYPE_PUB: + break; /* public keys only exist at the behest of the priv key */ + case LG_TOKEN_TYPE_CERT: + certHandle = lg_getCertDB(sdb); + if (!certHandle) { + crv = CKR_TOKEN_WRITE_PROTECTED; + break; + } + cert = nsslowcert_FindCertByKey(certHandle,dbKey); + if (cert == NULL) { + crv = CKR_DEVICE_ERROR; + break; + } + rv = nsslowcert_DeletePermCertificate(cert); + if (rv != SECSuccess) { + crv = CKR_DEVICE_ERROR; + } + nsslowcert_DestroyCertificate(cert); + break; + case LG_TOKEN_TYPE_CRL: + certHandle = lg_getCertDB(sdb); + if (!certHandle) { + crv = CKR_TOKEN_WRITE_PROTECTED; + break; + } + isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE); + rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl); + if (rv == SECFailure) crv = CKR_DEVICE_ERROR; + break; + case LG_TOKEN_TYPE_TRUST: + certHandle = lg_getCertDB(sdb); + if (!certHandle) { + crv = CKR_TOKEN_WRITE_PROTECTED; + break; + } + cert = nsslowcert_FindCertByKey(certHandle, dbKey); + if (cert == NULL) { + crv = CKR_DEVICE_ERROR; + break; + } + tmptrust = *cert->trust; + tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS; + tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS; + tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS; + tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN; + tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN; + tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN; + rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust); + if (rv != SECSuccess) crv = CKR_DEVICE_ERROR; + nsslowcert_DestroyCertificate(cert); + break; + default: + break; + } + lg_DBLock(sdb); + lg_deleteTokenKeyByHandle(sdb,object_id); + lg_DBUnlock(sdb); + + return crv; +} + + + |