mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
145 lines
4.4 KiB
C
145 lines
4.4 KiB
C
/* ***** BEGIN LICENSE BLOCK *****
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is the Netscape security libraries.
|
|
*
|
|
* The Initial Developer of the Original Code is
|
|
* Netscape Communications Corporation.
|
|
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
|
* the Initial Developer. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
|
|
*
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
* the provisions above, a recipient may use your version of this file under
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
*
|
|
* ***** END LICENSE BLOCK ***** */
|
|
/*
|
|
* Internal PKCS #11 functions. Should only be called by pkcs11.c
|
|
*/
|
|
#include "pkcs11.h"
|
|
#include "lgdb.h"
|
|
#include "pcert.h"
|
|
#include "lowkeyi.h"
|
|
|
|
/*
|
|
* remove an object.
|
|
*/
|
|
CK_RV
|
|
lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)
|
|
{
|
|
CK_RV crv = CKR_OK;
|
|
SECStatus rv;
|
|
NSSLOWCERTCertificate *cert;
|
|
NSSLOWCERTCertTrust tmptrust;
|
|
PRBool isKrl;
|
|
NSSLOWKEYDBHandle *keyHandle;
|
|
NSSLOWCERTCertDBHandle *certHandle;
|
|
const SECItem *dbKey;
|
|
|
|
object_id &= ~LG_TOKEN_MASK;
|
|
dbKey = lg_lookupTokenKeyByHandle(sdb,object_id);
|
|
if (dbKey == NULL) {
|
|
return CKR_OBJECT_HANDLE_INVALID;
|
|
}
|
|
|
|
/* remove the objects from the real data base */
|
|
switch (object_id & LG_TOKEN_TYPE_MASK) {
|
|
case LG_TOKEN_TYPE_PRIV:
|
|
case LG_TOKEN_TYPE_KEY:
|
|
/* KEYID is the public KEY for DSA and DH, and the MODULUS for
|
|
* RSA */
|
|
keyHandle = lg_getKeyDB(sdb);
|
|
if (!keyHandle) {
|
|
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
break;
|
|
}
|
|
rv = nsslowkey_DeleteKey(keyHandle, dbKey);
|
|
if (rv != SECSuccess) {
|
|
crv = CKR_DEVICE_ERROR;
|
|
}
|
|
break;
|
|
case LG_TOKEN_TYPE_PUB:
|
|
break; /* public keys only exist at the behest of the priv key */
|
|
case LG_TOKEN_TYPE_CERT:
|
|
certHandle = lg_getCertDB(sdb);
|
|
if (!certHandle) {
|
|
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
break;
|
|
}
|
|
cert = nsslowcert_FindCertByKey(certHandle,dbKey);
|
|
if (cert == NULL) {
|
|
crv = CKR_DEVICE_ERROR;
|
|
break;
|
|
}
|
|
rv = nsslowcert_DeletePermCertificate(cert);
|
|
if (rv != SECSuccess) {
|
|
crv = CKR_DEVICE_ERROR;
|
|
}
|
|
nsslowcert_DestroyCertificate(cert);
|
|
break;
|
|
case LG_TOKEN_TYPE_CRL:
|
|
certHandle = lg_getCertDB(sdb);
|
|
if (!certHandle) {
|
|
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
break;
|
|
}
|
|
isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE);
|
|
rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl);
|
|
if (rv == SECFailure) crv = CKR_DEVICE_ERROR;
|
|
break;
|
|
case LG_TOKEN_TYPE_TRUST:
|
|
certHandle = lg_getCertDB(sdb);
|
|
if (!certHandle) {
|
|
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
break;
|
|
}
|
|
cert = nsslowcert_FindCertByKey(certHandle, dbKey);
|
|
if (cert == NULL) {
|
|
crv = CKR_DEVICE_ERROR;
|
|
break;
|
|
}
|
|
tmptrust = *cert->trust;
|
|
tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust);
|
|
if (rv != SECSuccess) crv = CKR_DEVICE_ERROR;
|
|
nsslowcert_DestroyCertificate(cert);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
lg_DBLock(sdb);
|
|
lg_deleteTokenKeyByHandle(sdb,object_id);
|
|
lg_DBUnlock(sdb);
|
|
|
|
return crv;
|
|
}
|
|
|
|
|
|
|