|
Packit |
40b132 |
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
40b132 |
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
40b132 |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
Packit |
40b132 |
/*
|
|
Packit |
40b132 |
* Internal PKCS #11 functions. Should only be called by pkcs11.c
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
#include "pkcs11.h"
|
|
Packit |
40b132 |
#include "lgdb.h"
|
|
Packit |
40b132 |
#include "pcert.h"
|
|
Packit |
40b132 |
#include "lowkeyi.h"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/*
|
|
Packit |
40b132 |
* remove an object.
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
CK_RV
|
|
Packit |
40b132 |
lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
CK_RV crv = CKR_OK;
|
|
Packit |
40b132 |
SECStatus rv;
|
|
Packit |
40b132 |
NSSLOWCERTCertificate *cert;
|
|
Packit |
40b132 |
NSSLOWCERTCertTrust tmptrust;
|
|
Packit |
40b132 |
PRBool isKrl;
|
|
Packit |
40b132 |
NSSLOWKEYDBHandle *keyHandle;
|
|
Packit |
40b132 |
NSSLOWCERTCertDBHandle *certHandle;
|
|
Packit |
40b132 |
const SECItem *dbKey;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
object_id &= ~LG_TOKEN_MASK;
|
|
Packit |
40b132 |
dbKey = lg_lookupTokenKeyByHandle(sdb,object_id);
|
|
Packit |
40b132 |
if (dbKey == NULL) {
|
|
Packit |
40b132 |
return CKR_OBJECT_HANDLE_INVALID;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* remove the objects from the real data base */
|
|
Packit |
40b132 |
switch (object_id & LG_TOKEN_TYPE_MASK) {
|
|
Packit |
40b132 |
case LG_TOKEN_TYPE_PRIV:
|
|
Packit |
40b132 |
case LG_TOKEN_TYPE_KEY:
|
|
Packit |
40b132 |
/* KEYID is the public KEY for DSA and DH, and the MODULUS for
|
|
Packit |
40b132 |
* RSA */
|
|
Packit |
40b132 |
keyHandle = lg_getKeyDB(sdb);
|
|
Packit |
40b132 |
if (!keyHandle) {
|
|
Packit |
40b132 |
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
rv = nsslowkey_DeleteKey(keyHandle, dbKey);
|
|
Packit |
40b132 |
if (rv != SECSuccess) {
|
|
Packit |
40b132 |
crv = CKR_DEVICE_ERROR;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
case LG_TOKEN_TYPE_PUB:
|
|
Packit |
40b132 |
break; /* public keys only exist at the behest of the priv key */
|
|
Packit |
40b132 |
case LG_TOKEN_TYPE_CERT:
|
|
Packit |
40b132 |
certHandle = lg_getCertDB(sdb);
|
|
Packit |
40b132 |
if (!certHandle) {
|
|
Packit |
40b132 |
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
cert = nsslowcert_FindCertByKey(certHandle,dbKey);
|
|
Packit |
40b132 |
if (cert == NULL) {
|
|
Packit |
40b132 |
crv = CKR_DEVICE_ERROR;
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
rv = nsslowcert_DeletePermCertificate(cert);
|
|
Packit |
40b132 |
if (rv != SECSuccess) {
|
|
Packit |
40b132 |
crv = CKR_DEVICE_ERROR;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
nsslowcert_DestroyCertificate(cert);
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
case LG_TOKEN_TYPE_CRL:
|
|
Packit |
40b132 |
certHandle = lg_getCertDB(sdb);
|
|
Packit |
40b132 |
if (!certHandle) {
|
|
Packit |
40b132 |
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE);
|
|
Packit |
40b132 |
rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl);
|
|
Packit |
40b132 |
if (rv == SECFailure) crv = CKR_DEVICE_ERROR;
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
case LG_TOKEN_TYPE_TRUST:
|
|
Packit |
40b132 |
certHandle = lg_getCertDB(sdb);
|
|
Packit |
40b132 |
if (!certHandle) {
|
|
Packit |
40b132 |
crv = CKR_TOKEN_WRITE_PROTECTED;
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
cert = nsslowcert_FindCertByKey(certHandle, dbKey);
|
|
Packit |
40b132 |
if (cert == NULL) {
|
|
Packit |
40b132 |
crv = CKR_DEVICE_ERROR;
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
tmptrust = *cert->trust;
|
|
Packit |
40b132 |
tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
Packit |
40b132 |
tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
Packit |
40b132 |
tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS;
|
|
Packit |
40b132 |
tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
Packit |
40b132 |
tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
Packit |
40b132 |
tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN;
|
|
Packit |
40b132 |
rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust);
|
|
Packit |
40b132 |
if (rv != SECSuccess) crv = CKR_DEVICE_ERROR;
|
|
Packit |
40b132 |
nsslowcert_DestroyCertificate(cert);
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
default:
|
|
Packit |
40b132 |
break;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
lg_DBLock(sdb);
|
|
Packit |
40b132 |
lg_deleteTokenKeyByHandle(sdb,object_id);
|
|
Packit |
40b132 |
lg_DBUnlock(sdb);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
return crv;
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|