The Tor Browser / annotate

security/manager/ssl/src/nsPKCS11Slot.cpp@141e0f1194b1 (annotated)

security/manager/ssl/src/nsPKCS11Slot.cpp

Wed, 31 Dec 2014 07:16:47 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 07:16:47 +0100
branch
TOR_BUG_9701
changeset 3
141e0f1194b1
permissions
-rw-r--r--

Revert simplistic fix pending revisit of Mozilla integration attempt.

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 #include "nsPKCS11Slot.h"
michael@0 6 #include "nsPK11TokenDB.h"
michael@0 7
michael@0 8 #include "nsCOMPtr.h"
michael@0 9 #include "nsISupportsArray.h"
michael@0 10 #include "nsString.h"
michael@0 11 #include "nsReadableUtils.h"
michael@0 12 #include "nsCRT.h"
michael@0 13
michael@0 14 #include "secmod.h"
michael@0 15
michael@0 16 #ifdef PR_LOGGING
michael@0 17 extern PRLogModuleInfo* gPIPNSSLog;
michael@0 18 #endif
michael@0 19
michael@0 20 NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)
michael@0 21
michael@0 22 nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo *slot)
michael@0 23 {
michael@0 24 nsNSSShutDownPreventionLock locker;
michael@0 25 if (isAlreadyShutDown())
michael@0 26 return;
michael@0 27
michael@0 28 PK11_ReferenceSlot(slot);
michael@0 29 mSlot = slot;
michael@0 30 mSeries = PK11_GetSlotSeries(slot);
michael@0 31 refreshSlotInfo();
michael@0 32 }
michael@0 33
michael@0 34 void
michael@0 35 nsPKCS11Slot::refreshSlotInfo()
michael@0 36 {
michael@0 37 CK_SLOT_INFO slot_info;
michael@0 38 if (PK11_GetSlotInfo(mSlot, &slot_info) == SECSuccess) {
michael@0 39 // Set the Description field
michael@0 40 const char *ccDesc = (const char*)slot_info.slotDescription;
michael@0 41 const nsACString &cDesc = Substring(
michael@0 42 ccDesc,
michael@0 43 ccDesc+PL_strnlen(ccDesc, sizeof(slot_info.slotDescription)));
michael@0 44 mSlotDesc = NS_ConvertUTF8toUTF16(cDesc);
michael@0 45 mSlotDesc.Trim(" ", false, true);
michael@0 46 // Set the Manufacturer field
michael@0 47 const char *ccManID = (const char*)slot_info.manufacturerID;
michael@0 48 const nsACString &cManID = Substring(
michael@0 49 ccManID,
michael@0 50 ccManID+PL_strnlen(ccManID, sizeof(slot_info.manufacturerID)));
michael@0 51 mSlotManID = NS_ConvertUTF8toUTF16(cManID);
michael@0 52 mSlotManID.Trim(" ", false, true);
michael@0 53 // Set the Hardware Version field
michael@0 54 mSlotHWVersion = EmptyString();
michael@0 55 mSlotHWVersion.AppendInt(slot_info.hardwareVersion.major);
michael@0 56 mSlotHWVersion.AppendLiteral(".");
michael@0 57 mSlotHWVersion.AppendInt(slot_info.hardwareVersion.minor);
michael@0 58 // Set the Firmware Version field
michael@0 59 mSlotFWVersion = EmptyString();
michael@0 60 mSlotFWVersion.AppendInt(slot_info.firmwareVersion.major);
michael@0 61 mSlotFWVersion.AppendLiteral(".");
michael@0 62 mSlotFWVersion.AppendInt(slot_info.firmwareVersion.minor);
michael@0 63 }
michael@0 64
michael@0 65 }
michael@0 66
michael@0 67 nsPKCS11Slot::~nsPKCS11Slot()
michael@0 68 {
michael@0 69 nsNSSShutDownPreventionLock locker;
michael@0 70 if (isAlreadyShutDown()) {
michael@0 71 return;
michael@0 72 }
michael@0 73 destructorSafeDestroyNSSReference();
michael@0 74 shutdown(calledFromObject);
michael@0 75 }
michael@0 76
michael@0 77 void nsPKCS11Slot::virtualDestroyNSSReference()
michael@0 78 {
michael@0 79 destructorSafeDestroyNSSReference();
michael@0 80 }
michael@0 81
michael@0 82 void nsPKCS11Slot::destructorSafeDestroyNSSReference()
michael@0 83 {
michael@0 84 if (mSlot) {
michael@0 85 PK11_FreeSlot(mSlot);
michael@0 86 mSlot = nullptr;
michael@0 87 }
michael@0 88 }
michael@0 89
michael@0 90 /* readonly attribute wstring name; */
michael@0 91 NS_IMETHODIMP
michael@0 92 nsPKCS11Slot::GetName(char16_t **aName)
michael@0 93 {
michael@0 94 nsNSSShutDownPreventionLock locker;
michael@0 95 if (isAlreadyShutDown())
michael@0 96 return NS_ERROR_NOT_AVAILABLE;
michael@0 97
michael@0 98 char *csn = PK11_GetSlotName(mSlot);
michael@0 99 if (*csn) {
michael@0 100 *aName = ToNewUnicode(NS_ConvertUTF8toUTF16(csn));
michael@0 101 } else if (PK11_HasRootCerts(mSlot)) {
michael@0 102 // This is a workaround to an Root Module bug - the root certs module has
michael@0 103 // no slot name. Not bothering to localize, because this is a workaround
michael@0 104 // and for now all the slot names returned by NSS are char * anyway.
michael@0 105 *aName = ToNewUnicode(NS_LITERAL_STRING("Root Certificates"));
michael@0 106 } else {
michael@0 107 // same as above, this is a catch-all
michael@0 108 *aName = ToNewUnicode(NS_LITERAL_STRING("Unnamed Slot"));
michael@0 109 }
michael@0 110 if (!*aName) return NS_ERROR_OUT_OF_MEMORY;
michael@0 111 return NS_OK;
michael@0 112 }
michael@0 113
michael@0 114 /* readonly attribute wstring desc; */
michael@0 115 NS_IMETHODIMP
michael@0 116 nsPKCS11Slot::GetDesc(char16_t **aDesc)
michael@0 117 {
michael@0 118 nsNSSShutDownPreventionLock locker;
michael@0 119 if (isAlreadyShutDown())
michael@0 120 return NS_ERROR_NOT_AVAILABLE;
michael@0 121
michael@0 122 if (mSeries != PK11_GetSlotSeries(mSlot)) {
michael@0 123 refreshSlotInfo();
michael@0 124 }
michael@0 125
michael@0 126 *aDesc = ToNewUnicode(mSlotDesc);
michael@0 127 if (!*aDesc) return NS_ERROR_OUT_OF_MEMORY;
michael@0 128 return NS_OK;
michael@0 129 }
michael@0 130
michael@0 131 /* readonly attribute wstring manID; */
michael@0 132 NS_IMETHODIMP
michael@0 133 nsPKCS11Slot::GetManID(char16_t **aManID)
michael@0 134 {
michael@0 135 if (mSeries != PK11_GetSlotSeries(mSlot)) {
michael@0 136 refreshSlotInfo();
michael@0 137 }
michael@0 138 *aManID = ToNewUnicode(mSlotManID);
michael@0 139 if (!*aManID) return NS_ERROR_OUT_OF_MEMORY;
michael@0 140 return NS_OK;
michael@0 141 }
michael@0 142
michael@0 143 /* readonly attribute wstring HWVersion; */
michael@0 144 NS_IMETHODIMP
michael@0 145 nsPKCS11Slot::GetHWVersion(char16_t **aHWVersion)
michael@0 146 {
michael@0 147 if (mSeries != PK11_GetSlotSeries(mSlot)) {
michael@0 148 refreshSlotInfo();
michael@0 149 }
michael@0 150 *aHWVersion = ToNewUnicode(mSlotHWVersion);
michael@0 151 if (!*aHWVersion) return NS_ERROR_OUT_OF_MEMORY;
michael@0 152 return NS_OK;
michael@0 153 }
michael@0 154
michael@0 155 /* readonly attribute wstring FWVersion; */
michael@0 156 NS_IMETHODIMP
michael@0 157 nsPKCS11Slot::GetFWVersion(char16_t **aFWVersion)
michael@0 158 {
michael@0 159 if (mSeries != PK11_GetSlotSeries(mSlot)) {
michael@0 160 refreshSlotInfo();
michael@0 161 }
michael@0 162 *aFWVersion = ToNewUnicode(mSlotFWVersion);
michael@0 163 if (!*aFWVersion) return NS_ERROR_OUT_OF_MEMORY;
michael@0 164 return NS_OK;
michael@0 165 }
michael@0 166
michael@0 167 /* nsIPK11Token getToken (); */
michael@0 168 NS_IMETHODIMP
michael@0 169 nsPKCS11Slot::GetToken(nsIPK11Token **_retval)
michael@0 170 {
michael@0 171 nsNSSShutDownPreventionLock locker;
michael@0 172 if (isAlreadyShutDown())
michael@0 173 return NS_ERROR_NOT_AVAILABLE;
michael@0 174
michael@0 175 nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot);
michael@0 176 *_retval = token;
michael@0 177 NS_ADDREF(*_retval);
michael@0 178 return NS_OK;
michael@0 179 }
michael@0 180
michael@0 181 /* readonly attribute wstring tokenName; */
michael@0 182 NS_IMETHODIMP
michael@0 183 nsPKCS11Slot::GetTokenName(char16_t **aName)
michael@0 184 {
michael@0 185 nsNSSShutDownPreventionLock locker;
michael@0 186 if (isAlreadyShutDown())
michael@0 187 return NS_ERROR_NOT_AVAILABLE;
michael@0 188
michael@0 189 if (!PK11_IsPresent(mSlot)) {
michael@0 190 *aName = nullptr;
michael@0 191 return NS_OK;
michael@0 192 }
michael@0 193
michael@0 194 if (mSeries != PK11_GetSlotSeries(mSlot)) {
michael@0 195 refreshSlotInfo();
michael@0 196 }
michael@0 197
michael@0 198
michael@0 199 *aName = ToNewUnicode(NS_ConvertUTF8toUTF16(PK11_GetTokenName(mSlot)));
michael@0 200 if (!*aName) return NS_ERROR_OUT_OF_MEMORY;
michael@0 201 return NS_OK;
michael@0 202 }
michael@0 203
michael@0 204 NS_IMETHODIMP
michael@0 205 nsPKCS11Slot::GetStatus(uint32_t *_retval)
michael@0 206 {
michael@0 207 nsNSSShutDownPreventionLock locker;
michael@0 208 if (isAlreadyShutDown())
michael@0 209 return NS_ERROR_NOT_AVAILABLE;
michael@0 210
michael@0 211 if (PK11_IsDisabled(mSlot))
michael@0 212 *_retval = SLOT_DISABLED;
michael@0 213 else if (!PK11_IsPresent(mSlot))
michael@0 214 *_retval = SLOT_NOT_PRESENT;
michael@0 215 else if (PK11_NeedLogin(mSlot) && PK11_NeedUserInit(mSlot))
michael@0 216 *_retval = SLOT_UNINITIALIZED;
michael@0 217 else if (PK11_NeedLogin(mSlot) && !PK11_IsLoggedIn(mSlot, nullptr))
michael@0 218 *_retval = SLOT_NOT_LOGGED_IN;
michael@0 219 else if (PK11_NeedLogin(mSlot))
michael@0 220 *_retval = SLOT_LOGGED_IN;
michael@0 221 else
michael@0 222 *_retval = SLOT_READY;
michael@0 223 return NS_OK;
michael@0 224 }
michael@0 225
michael@0 226 NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module)
michael@0 227
michael@0 228 nsPKCS11Module::nsPKCS11Module(SECMODModule *module)
michael@0 229 {
michael@0 230 nsNSSShutDownPreventionLock locker;
michael@0 231 if (isAlreadyShutDown())
michael@0 232 return;
michael@0 233
michael@0 234 SECMOD_ReferenceModule(module);
michael@0 235 mModule = module;
michael@0 236 }
michael@0 237
michael@0 238 nsPKCS11Module::~nsPKCS11Module()
michael@0 239 {
michael@0 240 nsNSSShutDownPreventionLock locker;
michael@0 241 if (isAlreadyShutDown()) {
michael@0 242 return;
michael@0 243 }
michael@0 244 destructorSafeDestroyNSSReference();
michael@0 245 shutdown(calledFromObject);
michael@0 246 }
michael@0 247
michael@0 248 void nsPKCS11Module::virtualDestroyNSSReference()
michael@0 249 {
michael@0 250 destructorSafeDestroyNSSReference();
michael@0 251 }
michael@0 252
michael@0 253 void nsPKCS11Module::destructorSafeDestroyNSSReference()
michael@0 254 {
michael@0 255 if (mModule) {
michael@0 256 SECMOD_DestroyModule(mModule);
michael@0 257 mModule = nullptr;
michael@0 258 }
michael@0 259 }
michael@0 260
michael@0 261 /* readonly attribute wstring name; */
michael@0 262 NS_IMETHODIMP
michael@0 263 nsPKCS11Module::GetName(char16_t **aName)
michael@0 264 {
michael@0 265 nsNSSShutDownPreventionLock locker;
michael@0 266 if (isAlreadyShutDown())
michael@0 267 return NS_ERROR_NOT_AVAILABLE;
michael@0 268
michael@0 269 *aName = ToNewUnicode(NS_ConvertUTF8toUTF16(mModule->commonName));
michael@0 270 return NS_OK;
michael@0 271 }
michael@0 272
michael@0 273 /* readonly attribute wstring libName; */
michael@0 274 NS_IMETHODIMP
michael@0 275 nsPKCS11Module::GetLibName(char16_t **aName)
michael@0 276 {
michael@0 277 nsNSSShutDownPreventionLock locker;
michael@0 278 if (isAlreadyShutDown())
michael@0 279 return NS_ERROR_NOT_AVAILABLE;
michael@0 280
michael@0 281 if ( mModule->dllName ) {
michael@0 282 *aName = ToNewUnicode(NS_ConvertUTF8toUTF16(mModule->dllName));
michael@0 283 } else {
michael@0 284 *aName = nullptr;
michael@0 285 }
michael@0 286 return NS_OK;
michael@0 287 }
michael@0 288
michael@0 289 /* nsIPKCS11Slot findSlotByName(in wstring name); */
michael@0 290 NS_IMETHODIMP
michael@0 291 nsPKCS11Module::FindSlotByName(const char16_t *aName,
michael@0 292 nsIPKCS11Slot **_retval)
michael@0 293 {
michael@0 294 nsNSSShutDownPreventionLock locker;
michael@0 295 if (isAlreadyShutDown())
michael@0 296 return NS_ERROR_NOT_AVAILABLE;
michael@0 297
michael@0 298 char *asciiname = ToNewUTF8String(nsDependentString(aName));
michael@0 299 PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
michael@0 300 PK11SlotInfo *slotinfo = nullptr;
michael@0 301 PK11SlotList *slotList = PK11_FindSlotsByNames(mModule->dllName,
michael@0 302 asciiname /* slotName */, nullptr /* token Name */, false);
michael@0 303 if (!slotList) {
michael@0 304 /* name must be the token name */
michael@0 305 slotList = PK11_FindSlotsByNames(mModule->dllName,
michael@0 306 nullptr /*slot Name */, asciiname /* token Name */, false);
michael@0 307 }
michael@0 308 if (slotList) {
michael@0 309 /* should only be one */
michael@0 310 if (slotList->head && slotList->head->slot) {
michael@0 311 slotinfo = PK11_ReferenceSlot(slotList->head->slot);
michael@0 312 }
michael@0 313 PK11_FreeSlotList(slotList);
michael@0 314 }
michael@0 315 if (!slotinfo) {
michael@0 316 // workaround - the builtin module has no name
michael@0 317 if (!asciiname) {
michael@0 318 return NS_ERROR_FAILURE;
michael@0 319 } else if (nsCRT::strcmp(asciiname, "Root Certificates") == 0) {
michael@0 320 slotinfo = PK11_ReferenceSlot(mModule->slots[0]);
michael@0 321 } else {
michael@0 322 // give up
michael@0 323 nsMemory::Free(asciiname);
michael@0 324 return NS_ERROR_FAILURE;
michael@0 325 }
michael@0 326 }
michael@0 327 nsMemory::Free(asciiname);
michael@0 328 nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotinfo);
michael@0 329 PK11_FreeSlot(slotinfo);
michael@0 330 *_retval = slot;
michael@0 331 NS_ADDREF(*_retval);
michael@0 332 return NS_OK;
michael@0 333 }
michael@0 334
michael@0 335 /* nsIEnumerator listSlots (); */
michael@0 336 NS_IMETHODIMP
michael@0 337 nsPKCS11Module::ListSlots(nsIEnumerator **_retval)
michael@0 338 {
michael@0 339 nsNSSShutDownPreventionLock locker;
michael@0 340 if (isAlreadyShutDown())
michael@0 341 return NS_ERROR_NOT_AVAILABLE;
michael@0 342
michael@0 343 nsresult rv = NS_OK;
michael@0 344 int i;
michael@0 345 /* get isupports array */
michael@0 346 nsCOMPtr<nsISupportsArray> array;
michael@0 347 rv = NS_NewISupportsArray(getter_AddRefs(array));
michael@0 348 if (NS_FAILED(rv)) return rv;
michael@0 349 /* applications which allow new slot creation (which Firefox now does
michael@0 350 * since it uses the WaitForSlotEvent call) need to hold the
michael@0 351 * ModuleList Read lock to prevent the slot array from changing out
michael@0 352 * from under it. */
michael@0 353 SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
michael@0 354 SECMOD_GetReadLock(lock);
michael@0 355 for (i=0; i<mModule->slotCount; i++) {
michael@0 356 if (mModule->slots[i]) {
michael@0 357 nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(mModule->slots[i]);
michael@0 358 array->AppendElement(slot);
michael@0 359 }
michael@0 360 }
michael@0 361 SECMOD_ReleaseReadLock(lock);
michael@0 362 rv = array->Enumerate(_retval);
michael@0 363 return rv;
michael@0 364 }
michael@0 365
michael@0 366 NS_IMPL_ISUPPORTS(nsPKCS11ModuleDB, nsIPKCS11ModuleDB, nsICryptoFIPSInfo)
michael@0 367
michael@0 368 nsPKCS11ModuleDB::nsPKCS11ModuleDB()
michael@0 369 {
michael@0 370 }
michael@0 371
michael@0 372 nsPKCS11ModuleDB::~nsPKCS11ModuleDB()
michael@0 373 {
michael@0 374 }
michael@0 375
michael@0 376 /* nsIPKCS11Module getInternal (); */
michael@0 377 NS_IMETHODIMP
michael@0 378 nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval)
michael@0 379 {
michael@0 380 nsNSSShutDownPreventionLock locker;
michael@0 381 SECMODModule *nssMod =
michael@0 382 SECMOD_CreateModule(nullptr, SECMOD_INT_NAME, nullptr, SECMOD_INT_FLAGS);
michael@0 383 nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod);
michael@0 384 SECMOD_DestroyModule(nssMod);
michael@0 385 *_retval = module;
michael@0 386 NS_ADDREF(*_retval);
michael@0 387 return NS_OK;
michael@0 388 }
michael@0 389
michael@0 390 /* nsIPKCS11Module getInternalFIPS (); */
michael@0 391 NS_IMETHODIMP
michael@0 392 nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval)
michael@0 393 {
michael@0 394 nsNSSShutDownPreventionLock locker;
michael@0 395 SECMODModule *nssMod =
michael@0 396 SECMOD_CreateModule(nullptr, SECMOD_FIPS_NAME, nullptr, SECMOD_FIPS_FLAGS);
michael@0 397 nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod);
michael@0 398 SECMOD_DestroyModule(nssMod);
michael@0 399 *_retval = module;
michael@0 400 NS_ADDREF(*_retval);
michael@0 401 return NS_OK;
michael@0 402 }
michael@0 403
michael@0 404 /* nsIPKCS11Module findModuleByName(in wstring name); */
michael@0 405 NS_IMETHODIMP
michael@0 406 nsPKCS11ModuleDB::FindModuleByName(const char16_t *aName,
michael@0 407 nsIPKCS11Module **_retval)
michael@0 408 {
michael@0 409 nsNSSShutDownPreventionLock locker;
michael@0 410 NS_ConvertUTF16toUTF8 aUtf8Name(aName);
michael@0 411 SECMODModule *mod =
michael@0 412 SECMOD_FindModule(const_cast<char *>(aUtf8Name.get()));
michael@0 413 if (!mod)
michael@0 414 return NS_ERROR_FAILURE;
michael@0 415 nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(mod);
michael@0 416 SECMOD_DestroyModule(mod);
michael@0 417 *_retval = module;
michael@0 418 NS_ADDREF(*_retval);
michael@0 419 return NS_OK;
michael@0 420 }
michael@0 421
michael@0 422 /* This is essentially the same as nsIPK11Token::findTokenByName, except
michael@0 423 * that it returns an nsIPKCS11Slot, which may be desired.
michael@0 424 */
michael@0 425 /* nsIPKCS11Module findSlotByName(in wstring name); */
michael@0 426 NS_IMETHODIMP
michael@0 427 nsPKCS11ModuleDB::FindSlotByName(const char16_t *aName,
michael@0 428 nsIPKCS11Slot **_retval)
michael@0 429 {
michael@0 430 nsNSSShutDownPreventionLock locker;
michael@0 431 NS_ConvertUTF16toUTF8 aUtf8Name(aName);
michael@0 432 PK11SlotInfo *slotinfo =
michael@0 433 PK11_FindSlotByName(const_cast<char*>(aUtf8Name.get()));
michael@0 434 if (!slotinfo)
michael@0 435 return NS_ERROR_FAILURE;
michael@0 436 nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotinfo);
michael@0 437 PK11_FreeSlot(slotinfo);
michael@0 438 *_retval = slot;
michael@0 439 NS_ADDREF(*_retval);
michael@0 440 return NS_OK;
michael@0 441 }
michael@0 442
michael@0 443 /* nsIEnumerator listModules (); */
michael@0 444 NS_IMETHODIMP
michael@0 445 nsPKCS11ModuleDB::ListModules(nsIEnumerator **_retval)
michael@0 446 {
michael@0 447 nsNSSShutDownPreventionLock locker;
michael@0 448 nsresult rv = NS_OK;
michael@0 449 /* get isupports array */
michael@0 450 nsCOMPtr<nsISupportsArray> array;
michael@0 451 rv = NS_NewISupportsArray(getter_AddRefs(array));
michael@0 452 if (NS_FAILED(rv)) return rv;
michael@0 453 /* get the default list of modules */
michael@0 454 SECMODModuleList *list = SECMOD_GetDefaultModuleList();
michael@0 455 /* lock down the list for reading */
michael@0 456 SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
michael@0 457 SECMOD_GetReadLock(lock);
michael@0 458 while (list) {
michael@0 459 nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
michael@0 460 array->AppendElement(module);
michael@0 461 list = list->next;
michael@0 462 }
michael@0 463 /* Get the modules in the database that didn't load */
michael@0 464 list = SECMOD_GetDeadModuleList();
michael@0 465 while (list) {
michael@0 466 nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
michael@0 467 array->AppendElement(module);
michael@0 468 list = list->next;
michael@0 469 }
michael@0 470 SECMOD_ReleaseReadLock(lock);
michael@0 471 rv = array->Enumerate(_retval);
michael@0 472 return rv;
michael@0 473 }
michael@0 474
michael@0 475 NS_IMETHODIMP nsPKCS11ModuleDB::GetCanToggleFIPS(bool *aCanToggleFIPS)
michael@0 476 {
michael@0 477 nsNSSShutDownPreventionLock locker;
michael@0 478 *aCanToggleFIPS = SECMOD_CanDeleteInternalModule();
michael@0 479 return NS_OK;
michael@0 480 }
michael@0 481
michael@0 482
michael@0 483 /* void toggleFIPSMode (); */
michael@0 484 NS_IMETHODIMP nsPKCS11ModuleDB::ToggleFIPSMode()
michael@0 485 {
michael@0 486 nsNSSShutDownPreventionLock locker;
michael@0 487 // The way to toggle FIPS mode in NSS is extremely obscure.
michael@0 488 // Basically, we delete the internal module, and voila it
michael@0 489 // gets replaced with the opposite module, ie if it was
michael@0 490 // FIPS before, then it becomes non-FIPS next.
michael@0 491 SECMODModule *internal;
michael@0 492
michael@0 493 // This function returns us a pointer to a local copy of
michael@0 494 // the internal module stashed in NSS. We don't want to
michael@0 495 // delete it since it will cause much pain in NSS.
michael@0 496 internal = SECMOD_GetInternalModule();
michael@0 497 if (!internal)
michael@0 498 return NS_ERROR_FAILURE;
michael@0 499
michael@0 500 SECStatus srv = SECMOD_DeleteInternalModule(internal->commonName);
michael@0 501 if (srv != SECSuccess)
michael@0 502 return NS_ERROR_FAILURE;
michael@0 503
michael@0 504 return NS_OK;
michael@0 505 }
michael@0 506
michael@0 507 /* readonly attribute boolean isFIPSEnabled; */
michael@0 508 NS_IMETHODIMP nsPKCS11ModuleDB::GetIsFIPSEnabled(bool *aIsFIPSEnabled)
michael@0 509 {
michael@0 510 nsNSSShutDownPreventionLock locker;
michael@0 511 *aIsFIPSEnabled = PK11_IsFIPS();
michael@0 512 return NS_OK;
michael@0 513 }
michael@0 514
michael@0 515 NS_IMETHODIMP nsPKCS11ModuleDB::GetIsFIPSModeActive(bool *aIsFIPSModeActive)
michael@0 516 {
michael@0 517 return GetIsFIPSEnabled(aIsFIPSModeActive);
michael@0 518 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial