1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pki/trustdomain.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1254 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef DEV_H
1.9 +#include "dev.h"
1.10 +#endif /* DEV_H */
1.11 +
1.12 +#ifndef PKIM_H
1.13 +#include "pkim.h"
1.14 +#endif /* PKIM_H */
1.15 +
1.16 +#include "cert.h"
1.17 +#include "pki3hack.h"
1.18 +#include "pk11pub.h"
1.19 +#include "nssrwlk.h"
1.20 +
1.21 +#define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
1.22 +
1.23 +extern const NSSError NSS_ERROR_NOT_FOUND;
1.24 +
1.25 +typedef PRUint32 nssUpdateLevel;
1.26 +
1.27 +NSS_IMPLEMENT NSSTrustDomain *
1.28 +NSSTrustDomain_Create (
1.29 + NSSUTF8 *moduleOpt,
1.30 + NSSUTF8 *uriOpt,
1.31 + NSSUTF8 *opaqueOpt,
1.32 + void *reserved
1.33 +)
1.34 +{
1.35 + NSSArena *arena;
1.36 + NSSTrustDomain *rvTD;
1.37 + arena = NSSArena_Create();
1.38 + if(!arena) {
1.39 + return (NSSTrustDomain *)NULL;
1.40 + }
1.41 + rvTD = nss_ZNEW(arena, NSSTrustDomain);
1.42 + if (!rvTD) {
1.43 + goto loser;
1.44 + }
1.45 + /* protect the token list and the token iterator */
1.46 + rvTD->tokensLock = NSSRWLock_New(100, "tokens");
1.47 + if (!rvTD->tokensLock) {
1.48 + goto loser;
1.49 + }
1.50 + nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
1.51 + rvTD->arena = arena;
1.52 + rvTD->refCount = 1;
1.53 + rvTD->statusConfig = NULL;
1.54 + return rvTD;
1.55 +loser:
1.56 + if (rvTD && rvTD->tokensLock) {
1.57 + NSSRWLock_Destroy(rvTD->tokensLock);
1.58 + }
1.59 + nssArena_Destroy(arena);
1.60 + return (NSSTrustDomain *)NULL;
1.61 +}
1.62 +
1.63 +static void
1.64 +token_destructor(void *t)
1.65 +{
1.66 + NSSToken *tok = (NSSToken *)t;
1.67 + /* The token holds the first/last reference to the slot.
1.68 + * When the token is actually destroyed (ref count == 0),
1.69 + * the slot will also be destroyed.
1.70 + */
1.71 + nssToken_Destroy(tok);
1.72 +}
1.73 +
1.74 +NSS_IMPLEMENT PRStatus
1.75 +NSSTrustDomain_Destroy (
1.76 + NSSTrustDomain *td
1.77 +)
1.78 +{
1.79 + PRStatus status = PR_SUCCESS;
1.80 + if (--td->refCount == 0) {
1.81 + /* Destroy each token in the list of tokens */
1.82 + if (td->tokens) {
1.83 + nssListIterator_Destroy(td->tokens);
1.84 + td->tokens = NULL;
1.85 + }
1.86 + if (td->tokenList) {
1.87 + nssList_Clear(td->tokenList, token_destructor);
1.88 + nssList_Destroy(td->tokenList);
1.89 + td->tokenList = NULL;
1.90 + }
1.91 + NSSRWLock_Destroy(td->tokensLock);
1.92 + td->tokensLock = NULL;
1.93 + status = nssTrustDomain_DestroyCache(td);
1.94 + if (status == PR_FAILURE) {
1.95 + return status;
1.96 + }
1.97 + if (td->statusConfig) {
1.98 + td->statusConfig->statusDestroy(td->statusConfig);
1.99 + td->statusConfig = NULL;
1.100 + }
1.101 + /* Destroy the trust domain */
1.102 + nssArena_Destroy(td->arena);
1.103 + }
1.104 + return status;
1.105 +}
1.106 +
1.107 +/* XXX uses tokens until slot list is in place */
1.108 +static NSSSlot **
1.109 +nssTrustDomain_GetActiveSlots (
1.110 + NSSTrustDomain *td,
1.111 + nssUpdateLevel *updateLevel
1.112 +)
1.113 +{
1.114 + PRUint32 count;
1.115 + NSSSlot **slots = NULL;
1.116 + NSSToken **tp, **tokens;
1.117 + *updateLevel = 1;
1.118 + NSSRWLock_LockRead(td->tokensLock);
1.119 + count = nssList_Count(td->tokenList);
1.120 + tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
1.121 + if (!tokens) {
1.122 + NSSRWLock_UnlockRead(td->tokensLock);
1.123 + return NULL;
1.124 + }
1.125 + slots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
1.126 + if (!slots) {
1.127 + NSSRWLock_UnlockRead(td->tokensLock);
1.128 + nss_ZFreeIf(tokens);
1.129 + return NULL;
1.130 + }
1.131 + nssList_GetArray(td->tokenList, (void **)tokens, count);
1.132 + NSSRWLock_UnlockRead(td->tokensLock);
1.133 + count = 0;
1.134 + for (tp = tokens; *tp; tp++) {
1.135 + NSSSlot * slot = nssToken_GetSlot(*tp);
1.136 + if (!PK11_IsDisabled(slot->pk11slot)) {
1.137 + slots[count++] = slot;
1.138 + } else {
1.139 + nssSlot_Destroy(slot);
1.140 + }
1.141 + }
1.142 + nss_ZFreeIf(tokens);
1.143 + if (!count) {
1.144 + nss_ZFreeIf(slots);
1.145 + slots = NULL;
1.146 + }
1.147 + return slots;
1.148 +}
1.149 +
1.150 +/* XXX */
1.151 +static nssSession *
1.152 +nssTrustDomain_GetSessionForToken (
1.153 + NSSTrustDomain *td,
1.154 + NSSToken *token
1.155 +)
1.156 +{
1.157 + return nssToken_GetDefaultSession(token);
1.158 +}
1.159 +
1.160 +NSS_IMPLEMENT PRStatus
1.161 +NSSTrustDomain_SetDefaultCallback (
1.162 + NSSTrustDomain *td,
1.163 + NSSCallback *newCallback,
1.164 + NSSCallback **oldCallbackOpt
1.165 +)
1.166 +{
1.167 + if (oldCallbackOpt) {
1.168 + *oldCallbackOpt = td->defaultCallback;
1.169 + }
1.170 + td->defaultCallback = newCallback;
1.171 + return PR_SUCCESS;
1.172 +}
1.173 +
1.174 +NSS_IMPLEMENT NSSCallback *
1.175 +nssTrustDomain_GetDefaultCallback (
1.176 + NSSTrustDomain *td,
1.177 + PRStatus *statusOpt
1.178 +)
1.179 +{
1.180 + if (statusOpt) {
1.181 + *statusOpt = PR_SUCCESS;
1.182 + }
1.183 + return td->defaultCallback;
1.184 +}
1.185 +
1.186 +NSS_IMPLEMENT NSSCallback *
1.187 +NSSTrustDomain_GetDefaultCallback (
1.188 + NSSTrustDomain *td,
1.189 + PRStatus *statusOpt
1.190 +)
1.191 +{
1.192 + return nssTrustDomain_GetDefaultCallback(td, statusOpt);
1.193 +}
1.194 +
1.195 +NSS_IMPLEMENT PRStatus
1.196 +NSSTrustDomain_LoadModule (
1.197 + NSSTrustDomain *td,
1.198 + NSSUTF8 *moduleOpt,
1.199 + NSSUTF8 *uriOpt,
1.200 + NSSUTF8 *opaqueOpt,
1.201 + void *reserved
1.202 +)
1.203 +{
1.204 + return PR_FAILURE;
1.205 +}
1.206 +
1.207 +NSS_IMPLEMENT PRStatus
1.208 +NSSTrustDomain_DisableToken (
1.209 + NSSTrustDomain *td,
1.210 + NSSToken *token,
1.211 + NSSError why
1.212 +)
1.213 +{
1.214 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.215 + return PR_FAILURE;
1.216 +}
1.217 +
1.218 +NSS_IMPLEMENT PRStatus
1.219 +NSSTrustDomain_EnableToken (
1.220 + NSSTrustDomain *td,
1.221 + NSSToken *token
1.222 +)
1.223 +{
1.224 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.225 + return PR_FAILURE;
1.226 +}
1.227 +
1.228 +NSS_IMPLEMENT PRStatus
1.229 +NSSTrustDomain_IsTokenEnabled (
1.230 + NSSTrustDomain *td,
1.231 + NSSToken *token,
1.232 + NSSError *whyOpt
1.233 +)
1.234 +{
1.235 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.236 + return PR_FAILURE;
1.237 +}
1.238 +
1.239 +NSS_IMPLEMENT NSSSlot *
1.240 +NSSTrustDomain_FindSlotByName (
1.241 + NSSTrustDomain *td,
1.242 + NSSUTF8 *slotName
1.243 +)
1.244 +{
1.245 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.246 + return NULL;
1.247 +}
1.248 +
1.249 +NSS_IMPLEMENT NSSToken *
1.250 +NSSTrustDomain_FindTokenByName (
1.251 + NSSTrustDomain *td,
1.252 + NSSUTF8 *tokenName
1.253 +)
1.254 +{
1.255 + PRStatus nssrv;
1.256 + NSSUTF8 *myName;
1.257 + NSSToken *tok = NULL;
1.258 + NSSRWLock_LockRead(td->tokensLock);
1.259 + for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
1.260 + tok != (NSSToken *)NULL;
1.261 + tok = (NSSToken *)nssListIterator_Next(td->tokens))
1.262 + {
1.263 + if (nssToken_IsPresent(tok)) {
1.264 + myName = nssToken_GetName(tok);
1.265 + if (nssUTF8_Equal(tokenName, myName, &nssrv)) break;
1.266 + }
1.267 + }
1.268 + nssListIterator_Finish(td->tokens);
1.269 + NSSRWLock_UnlockRead(td->tokensLock);
1.270 + return tok;
1.271 +}
1.272 +
1.273 +NSS_IMPLEMENT NSSToken *
1.274 +NSSTrustDomain_FindTokenBySlotName (
1.275 + NSSTrustDomain *td,
1.276 + NSSUTF8 *slotName
1.277 +)
1.278 +{
1.279 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.280 + return NULL;
1.281 +}
1.282 +
1.283 +NSS_IMPLEMENT NSSToken *
1.284 +NSSTrustDomain_FindTokenForAlgorithm (
1.285 + NSSTrustDomain *td,
1.286 + NSSOID *algorithm
1.287 +)
1.288 +{
1.289 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.290 + return NULL;
1.291 +}
1.292 +
1.293 +NSS_IMPLEMENT NSSToken *
1.294 +NSSTrustDomain_FindBestTokenForAlgorithms (
1.295 + NSSTrustDomain *td,
1.296 + NSSOID *algorithms[], /* may be null-terminated */
1.297 + PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
1.298 +)
1.299 +{
1.300 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.301 + return NULL;
1.302 +}
1.303 +
1.304 +NSS_IMPLEMENT PRStatus
1.305 +NSSTrustDomain_Login (
1.306 + NSSTrustDomain *td,
1.307 + NSSCallback *uhhOpt
1.308 +)
1.309 +{
1.310 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.311 + return PR_FAILURE;
1.312 +}
1.313 +
1.314 +NSS_IMPLEMENT PRStatus
1.315 +NSSTrustDomain_Logout (
1.316 + NSSTrustDomain *td
1.317 +)
1.318 +{
1.319 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.320 + return PR_FAILURE;
1.321 +}
1.322 +
1.323 +NSS_IMPLEMENT NSSCertificate *
1.324 +NSSTrustDomain_ImportCertificate (
1.325 + NSSTrustDomain *td,
1.326 + NSSCertificate *c
1.327 +)
1.328 +{
1.329 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.330 + return NULL;
1.331 +}
1.332 +
1.333 +NSS_IMPLEMENT NSSCertificate *
1.334 +NSSTrustDomain_ImportPKIXCertificate (
1.335 + NSSTrustDomain *td,
1.336 + /* declared as a struct until these "data types" are defined */
1.337 + struct NSSPKIXCertificateStr *pc
1.338 +)
1.339 +{
1.340 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.341 + return NULL;
1.342 +}
1.343 +
1.344 +NSS_IMPLEMENT NSSCertificate *
1.345 +NSSTrustDomain_ImportEncodedCertificate (
1.346 + NSSTrustDomain *td,
1.347 + NSSBER *ber
1.348 +)
1.349 +{
1.350 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.351 + return NULL;
1.352 +}
1.353 +
1.354 +NSS_IMPLEMENT NSSCertificate **
1.355 +NSSTrustDomain_ImportEncodedCertificateChain (
1.356 + NSSTrustDomain *td,
1.357 + NSSBER *ber,
1.358 + NSSCertificate *rvOpt[],
1.359 + PRUint32 maximumOpt, /* 0 for no max */
1.360 + NSSArena *arenaOpt
1.361 +)
1.362 +{
1.363 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.364 + return NULL;
1.365 +}
1.366 +
1.367 +NSS_IMPLEMENT NSSPrivateKey *
1.368 +NSSTrustDomain_ImportEncodedPrivateKey (
1.369 + NSSTrustDomain *td,
1.370 + NSSBER *ber,
1.371 + NSSItem *passwordOpt, /* NULL will cause a callback */
1.372 + NSSCallback *uhhOpt,
1.373 + NSSToken *destination
1.374 +)
1.375 +{
1.376 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.377 + return NULL;
1.378 +}
1.379 +
1.380 +NSS_IMPLEMENT NSSPublicKey *
1.381 +NSSTrustDomain_ImportEncodedPublicKey (
1.382 + NSSTrustDomain *td,
1.383 + NSSBER *ber
1.384 +)
1.385 +{
1.386 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.387 + return NULL;
1.388 +}
1.389 +
1.390 +static NSSCertificate **
1.391 +get_certs_from_list(nssList *list)
1.392 +{
1.393 + PRUint32 count = nssList_Count(list);
1.394 + NSSCertificate **certs = NULL;
1.395 + if (count > 0) {
1.396 + certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
1.397 + if (certs) {
1.398 + nssList_GetArray(list, (void **)certs, count);
1.399 + }
1.400 + }
1.401 + return certs;
1.402 +}
1.403 +
1.404 +NSS_IMPLEMENT NSSCertificate **
1.405 +nssTrustDomain_FindCertificatesByNickname (
1.406 + NSSTrustDomain *td,
1.407 + const NSSUTF8 *name,
1.408 + NSSCertificate *rvOpt[],
1.409 + PRUint32 maximumOpt, /* 0 for no max */
1.410 + NSSArena *arenaOpt
1.411 +)
1.412 +{
1.413 + NSSToken *token = NULL;
1.414 + NSSSlot **slots = NULL;
1.415 + NSSSlot **slotp;
1.416 + NSSCertificate **rvCerts = NULL;
1.417 + nssPKIObjectCollection *collection = NULL;
1.418 + nssUpdateLevel updateLevel;
1.419 + nssList *nameList;
1.420 + PRUint32 numRemaining = maximumOpt;
1.421 + PRUint32 collectionCount = 0;
1.422 + PRUint32 errors = 0;
1.423 +
1.424 + /* First, grab from the cache */
1.425 + nameList = nssList_Create(NULL, PR_FALSE);
1.426 + if (!nameList) {
1.427 + return NULL;
1.428 + }
1.429 + (void)nssTrustDomain_GetCertsForNicknameFromCache(td, name, nameList);
1.430 + rvCerts = get_certs_from_list(nameList);
1.431 + /* initialize the collection of token certificates with the set of
1.432 + * cached certs (if any).
1.433 + */
1.434 + collection = nssCertificateCollection_Create(td, rvCerts);
1.435 + nssCertificateArray_Destroy(rvCerts);
1.436 + nssList_Destroy(nameList);
1.437 + if (!collection) {
1.438 + return (NSSCertificate **)NULL;
1.439 + }
1.440 + /* obtain the current set of active slots in the trust domain */
1.441 + slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1.442 + if (!slots) {
1.443 + goto loser;
1.444 + }
1.445 + /* iterate over the slots */
1.446 + for (slotp = slots; *slotp; slotp++) {
1.447 + token = nssSlot_GetToken(*slotp);
1.448 + if (token) {
1.449 + nssSession *session;
1.450 + nssCryptokiObject **instances = NULL;
1.451 + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1.452 + PRStatus status = PR_FAILURE;
1.453 +
1.454 + session = nssTrustDomain_GetSessionForToken(td, token);
1.455 + if (session) {
1.456 + instances = nssToken_FindCertificatesByNickname(token,
1.457 + session,
1.458 + name,
1.459 + tokenOnly,
1.460 + numRemaining,
1.461 + &status);
1.462 + }
1.463 + nssToken_Destroy(token);
1.464 + if (status != PR_SUCCESS) {
1.465 + errors++;
1.466 + continue;
1.467 + }
1.468 + if (instances) {
1.469 + status = nssPKIObjectCollection_AddInstances(collection,
1.470 + instances, 0);
1.471 + nss_ZFreeIf(instances);
1.472 + if (status != PR_SUCCESS) {
1.473 + errors++;
1.474 + continue;
1.475 + }
1.476 + collectionCount = nssPKIObjectCollection_Count(collection);
1.477 + if (maximumOpt > 0) {
1.478 + if (collectionCount >= maximumOpt)
1.479 + break;
1.480 + numRemaining = maximumOpt - collectionCount;
1.481 + }
1.482 + }
1.483 + }
1.484 + }
1.485 + if (!collectionCount && errors)
1.486 + goto loser;
1.487 + /* Grab the certs collected in the search. */
1.488 + rvCerts = nssPKIObjectCollection_GetCertificates(collection,
1.489 + rvOpt, maximumOpt,
1.490 + arenaOpt);
1.491 + /* clean up */
1.492 + nssPKIObjectCollection_Destroy(collection);
1.493 + nssSlotArray_Destroy(slots);
1.494 + return rvCerts;
1.495 +loser:
1.496 + if (slots) {
1.497 + nssSlotArray_Destroy(slots);
1.498 + }
1.499 + if (collection) {
1.500 + nssPKIObjectCollection_Destroy(collection);
1.501 + }
1.502 + return (NSSCertificate **)NULL;
1.503 +}
1.504 +
1.505 +NSS_IMPLEMENT NSSCertificate **
1.506 +NSSTrustDomain_FindCertificatesByNickname (
1.507 + NSSTrustDomain *td,
1.508 + NSSUTF8 *name,
1.509 + NSSCertificate *rvOpt[],
1.510 + PRUint32 maximumOpt, /* 0 for no max */
1.511 + NSSArena *arenaOpt
1.512 +)
1.513 +{
1.514 + return nssTrustDomain_FindCertificatesByNickname(td,
1.515 + name,
1.516 + rvOpt,
1.517 + maximumOpt,
1.518 + arenaOpt);
1.519 +}
1.520 +
1.521 +NSS_IMPLEMENT NSSCertificate *
1.522 +nssTrustDomain_FindBestCertificateByNickname (
1.523 + NSSTrustDomain *td,
1.524 + const NSSUTF8 *name,
1.525 + NSSTime *timeOpt,
1.526 + NSSUsage *usage,
1.527 + NSSPolicies *policiesOpt
1.528 +)
1.529 +{
1.530 + NSSCertificate **nicknameCerts;
1.531 + NSSCertificate *rvCert = NULL;
1.532 + nicknameCerts = nssTrustDomain_FindCertificatesByNickname(td, name,
1.533 + NULL,
1.534 + 0,
1.535 + NULL);
1.536 + if (nicknameCerts) {
1.537 + rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts,
1.538 + timeOpt,
1.539 + usage,
1.540 + policiesOpt);
1.541 + nssCertificateArray_Destroy(nicknameCerts);
1.542 + }
1.543 + return rvCert;
1.544 +}
1.545 +
1.546 +NSS_IMPLEMENT NSSCertificate *
1.547 +NSSTrustDomain_FindBestCertificateByNickname (
1.548 + NSSTrustDomain *td,
1.549 + const NSSUTF8 *name,
1.550 + NSSTime *timeOpt,
1.551 + NSSUsage *usage,
1.552 + NSSPolicies *policiesOpt
1.553 +)
1.554 +{
1.555 + return nssTrustDomain_FindBestCertificateByNickname(td,
1.556 + name,
1.557 + timeOpt,
1.558 + usage,
1.559 + policiesOpt);
1.560 +}
1.561 +
1.562 +NSS_IMPLEMENT NSSCertificate **
1.563 +nssTrustDomain_FindCertificatesBySubject (
1.564 + NSSTrustDomain *td,
1.565 + NSSDER *subject,
1.566 + NSSCertificate *rvOpt[],
1.567 + PRUint32 maximumOpt, /* 0 for no max */
1.568 + NSSArena *arenaOpt
1.569 +)
1.570 +{
1.571 + NSSToken *token = NULL;
1.572 + NSSSlot **slots = NULL;
1.573 + NSSSlot **slotp;
1.574 + NSSCertificate **rvCerts = NULL;
1.575 + nssPKIObjectCollection *collection = NULL;
1.576 + nssUpdateLevel updateLevel;
1.577 + nssList *subjectList;
1.578 + PRUint32 numRemaining = maximumOpt;
1.579 + PRUint32 collectionCount = 0;
1.580 + PRUint32 errors = 0;
1.581 +
1.582 + /* look in cache */
1.583 + subjectList = nssList_Create(NULL, PR_FALSE);
1.584 + if (!subjectList) {
1.585 + return NULL;
1.586 + }
1.587 + (void)nssTrustDomain_GetCertsForSubjectFromCache(td, subject, subjectList);
1.588 + rvCerts = get_certs_from_list(subjectList);
1.589 + collection = nssCertificateCollection_Create(td, rvCerts);
1.590 + nssCertificateArray_Destroy(rvCerts);
1.591 + nssList_Destroy(subjectList);
1.592 + if (!collection) {
1.593 + return (NSSCertificate **)NULL;
1.594 + }
1.595 + slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1.596 + if (!slots) {
1.597 + goto loser;
1.598 + }
1.599 + for (slotp = slots; *slotp; slotp++) {
1.600 + token = nssSlot_GetToken(*slotp);
1.601 + if (token) {
1.602 + nssSession *session;
1.603 + nssCryptokiObject **instances = NULL;
1.604 + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1.605 + PRStatus status = PR_FAILURE;
1.606 +
1.607 + session = nssTrustDomain_GetSessionForToken(td, token);
1.608 + if (session) {
1.609 + instances = nssToken_FindCertificatesBySubject(token,
1.610 + session,
1.611 + subject,
1.612 + tokenOnly,
1.613 + numRemaining,
1.614 + &status);
1.615 + }
1.616 + nssToken_Destroy(token);
1.617 + if (status != PR_SUCCESS) {
1.618 + errors++;
1.619 + continue;
1.620 + }
1.621 + if (instances) {
1.622 + status = nssPKIObjectCollection_AddInstances(collection,
1.623 + instances, 0);
1.624 + nss_ZFreeIf(instances);
1.625 + if (status != PR_SUCCESS) {
1.626 + errors++;
1.627 + continue;
1.628 + }
1.629 + collectionCount = nssPKIObjectCollection_Count(collection);
1.630 + if (maximumOpt > 0) {
1.631 + if (collectionCount >= maximumOpt)
1.632 + break;
1.633 + numRemaining = maximumOpt - collectionCount;
1.634 + }
1.635 + }
1.636 + }
1.637 + }
1.638 + if (!collectionCount && errors)
1.639 + goto loser;
1.640 + rvCerts = nssPKIObjectCollection_GetCertificates(collection,
1.641 + rvOpt, maximumOpt,
1.642 + arenaOpt);
1.643 + nssPKIObjectCollection_Destroy(collection);
1.644 + nssSlotArray_Destroy(slots);
1.645 + return rvCerts;
1.646 +loser:
1.647 + if (slots) {
1.648 + nssSlotArray_Destroy(slots);
1.649 + }
1.650 + if (collection) {
1.651 + nssPKIObjectCollection_Destroy(collection);
1.652 + }
1.653 + return (NSSCertificate **)NULL;
1.654 +}
1.655 +
1.656 +NSS_IMPLEMENT NSSCertificate **
1.657 +NSSTrustDomain_FindCertificatesBySubject (
1.658 + NSSTrustDomain *td,
1.659 + NSSDER *subject,
1.660 + NSSCertificate *rvOpt[],
1.661 + PRUint32 maximumOpt,
1.662 + NSSArena *arenaOpt
1.663 +)
1.664 +{
1.665 + return nssTrustDomain_FindCertificatesBySubject(td,
1.666 + subject,
1.667 + rvOpt,
1.668 + maximumOpt,
1.669 + arenaOpt);
1.670 +}
1.671 +
1.672 +NSS_IMPLEMENT NSSCertificate *
1.673 +nssTrustDomain_FindBestCertificateBySubject (
1.674 + NSSTrustDomain *td,
1.675 + NSSDER *subject,
1.676 + NSSTime *timeOpt,
1.677 + NSSUsage *usage,
1.678 + NSSPolicies *policiesOpt
1.679 +)
1.680 +{
1.681 + NSSCertificate **subjectCerts;
1.682 + NSSCertificate *rvCert = NULL;
1.683 + subjectCerts = nssTrustDomain_FindCertificatesBySubject(td, subject,
1.684 + NULL,
1.685 + 0,
1.686 + NULL);
1.687 + if (subjectCerts) {
1.688 + rvCert = nssCertificateArray_FindBestCertificate(subjectCerts,
1.689 + timeOpt,
1.690 + usage,
1.691 + policiesOpt);
1.692 + nssCertificateArray_Destroy(subjectCerts);
1.693 + }
1.694 + return rvCert;
1.695 +}
1.696 +
1.697 +NSS_IMPLEMENT NSSCertificate *
1.698 +NSSTrustDomain_FindBestCertificateBySubject (
1.699 + NSSTrustDomain *td,
1.700 + NSSDER *subject,
1.701 + NSSTime *timeOpt,
1.702 + NSSUsage *usage,
1.703 + NSSPolicies *policiesOpt
1.704 +)
1.705 +{
1.706 + return nssTrustDomain_FindBestCertificateBySubject(td,
1.707 + subject,
1.708 + timeOpt,
1.709 + usage,
1.710 + policiesOpt);
1.711 +}
1.712 +
1.713 +NSS_IMPLEMENT NSSCertificate *
1.714 +NSSTrustDomain_FindBestCertificateByNameComponents (
1.715 + NSSTrustDomain *td,
1.716 + NSSUTF8 *nameComponents,
1.717 + NSSTime *timeOpt,
1.718 + NSSUsage *usage,
1.719 + NSSPolicies *policiesOpt
1.720 +)
1.721 +{
1.722 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.723 + return NULL;
1.724 +}
1.725 +
1.726 +NSS_IMPLEMENT NSSCertificate **
1.727 +NSSTrustDomain_FindCertificatesByNameComponents (
1.728 + NSSTrustDomain *td,
1.729 + NSSUTF8 *nameComponents,
1.730 + NSSCertificate *rvOpt[],
1.731 + PRUint32 maximumOpt, /* 0 for no max */
1.732 + NSSArena *arenaOpt
1.733 +)
1.734 +{
1.735 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.736 + return NULL;
1.737 +}
1.738 +
1.739 +/* This returns at most a single certificate, so it can stop the loop
1.740 + * when one is found.
1.741 + */
1.742 +NSS_IMPLEMENT NSSCertificate *
1.743 +nssTrustDomain_FindCertificateByIssuerAndSerialNumber (
1.744 + NSSTrustDomain *td,
1.745 + NSSDER *issuer,
1.746 + NSSDER *serial
1.747 +)
1.748 +{
1.749 + NSSSlot **slots = NULL;
1.750 + NSSSlot **slotp;
1.751 + NSSCertificate *rvCert = NULL;
1.752 + nssPKIObjectCollection *collection = NULL;
1.753 + nssUpdateLevel updateLevel;
1.754 +
1.755 + /* see if this search is already cached */
1.756 + rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
1.757 + issuer,
1.758 + serial);
1.759 + if (rvCert) {
1.760 + return rvCert;
1.761 + }
1.762 + slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1.763 + if (slots) {
1.764 + for (slotp = slots; *slotp; slotp++) {
1.765 + NSSToken *token = nssSlot_GetToken(*slotp);
1.766 + nssSession *session;
1.767 + nssCryptokiObject *instance;
1.768 + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1.769 + PRStatus status = PR_FAILURE;
1.770 +
1.771 + if (!token)
1.772 + continue;
1.773 + session = nssTrustDomain_GetSessionForToken(td, token);
1.774 + if (session) {
1.775 + instance = nssToken_FindCertificateByIssuerAndSerialNumber(
1.776 + token,
1.777 + session,
1.778 + issuer,
1.779 + serial,
1.780 + tokenOnly,
1.781 + &status);
1.782 + }
1.783 + nssToken_Destroy(token);
1.784 + if (status != PR_SUCCESS) {
1.785 + continue;
1.786 + }
1.787 + if (instance) {
1.788 + if (!collection) {
1.789 + collection = nssCertificateCollection_Create(td, NULL);
1.790 + if (!collection) {
1.791 + break; /* don't keep looping if out if memory */
1.792 + }
1.793 + }
1.794 + status = nssPKIObjectCollection_AddInstances(collection,
1.795 + &instance, 1);
1.796 + if (status == PR_SUCCESS) {
1.797 + (void)nssPKIObjectCollection_GetCertificates(
1.798 + collection, &rvCert, 1, NULL);
1.799 + }
1.800 + if (rvCert) {
1.801 + break; /* found one cert, all done */
1.802 + }
1.803 + }
1.804 + }
1.805 + }
1.806 + if (collection) {
1.807 + nssPKIObjectCollection_Destroy(collection);
1.808 + }
1.809 + if (slots) {
1.810 + nssSlotArray_Destroy(slots);
1.811 + }
1.812 + return rvCert;
1.813 +}
1.814 +
1.815 +NSS_IMPLEMENT NSSCertificate *
1.816 +NSSTrustDomain_FindCertificateByIssuerAndSerialNumber (
1.817 + NSSTrustDomain *td,
1.818 + NSSDER *issuer,
1.819 + NSSDER *serial
1.820 +)
1.821 +{
1.822 + return nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
1.823 + issuer,
1.824 + serial);
1.825 +}
1.826 +
1.827 +NSS_IMPLEMENT NSSCertificate *
1.828 +nssTrustDomain_FindCertificateByEncodedCertificate (
1.829 + NSSTrustDomain *td,
1.830 + NSSBER *ber
1.831 +)
1.832 +{
1.833 + PRStatus status;
1.834 + NSSCertificate *rvCert = NULL;
1.835 + NSSDER issuer = { 0 };
1.836 + NSSDER serial = { 0 };
1.837 + NSSArena *arena = nssArena_Create();
1.838 + if (!arena) {
1.839 + return (NSSCertificate *)NULL;
1.840 + }
1.841 + /* XXX this is not generic... will any cert crack into issuer/serial? */
1.842 + status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial);
1.843 + if (status != PR_SUCCESS) {
1.844 + goto finish;
1.845 + }
1.846 + rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
1.847 + &issuer,
1.848 + &serial);
1.849 +finish:
1.850 + nssArena_Destroy(arena);
1.851 + return rvCert;
1.852 +}
1.853 +
1.854 +NSS_IMPLEMENT NSSCertificate *
1.855 +NSSTrustDomain_FindCertificateByEncodedCertificate (
1.856 + NSSTrustDomain *td,
1.857 + NSSBER *ber
1.858 +)
1.859 +{
1.860 + return nssTrustDomain_FindCertificateByEncodedCertificate(td, ber);
1.861 +}
1.862 +
1.863 +NSS_IMPLEMENT NSSCertificate *
1.864 +NSSTrustDomain_FindBestCertificateByEmail (
1.865 + NSSTrustDomain *td,
1.866 + NSSASCII7 *email,
1.867 + NSSTime *timeOpt,
1.868 + NSSUsage *usage,
1.869 + NSSPolicies *policiesOpt
1.870 +)
1.871 +{
1.872 + return 0;
1.873 +}
1.874 +
1.875 +NSS_IMPLEMENT NSSCertificate **
1.876 +NSSTrustDomain_FindCertificatesByEmail (
1.877 + NSSTrustDomain *td,
1.878 + NSSASCII7 *email,
1.879 + NSSCertificate *rvOpt[],
1.880 + PRUint32 maximumOpt, /* 0 for no max */
1.881 + NSSArena *arenaOpt
1.882 +)
1.883 +{
1.884 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.885 + return NULL;
1.886 +}
1.887 +
1.888 +NSS_IMPLEMENT NSSCertificate *
1.889 +NSSTrustDomain_FindCertificateByOCSPHash (
1.890 + NSSTrustDomain *td,
1.891 + NSSItem *hash
1.892 +)
1.893 +{
1.894 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.895 + return NULL;
1.896 +}
1.897 +
1.898 +NSS_IMPLEMENT NSSCertificate *
1.899 +NSSTrustDomain_FindBestUserCertificate (
1.900 + NSSTrustDomain *td,
1.901 + NSSTime *timeOpt,
1.902 + NSSUsage *usage,
1.903 + NSSPolicies *policiesOpt
1.904 +)
1.905 +{
1.906 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.907 + return NULL;
1.908 +}
1.909 +
1.910 +NSS_IMPLEMENT NSSCertificate **
1.911 +NSSTrustDomain_FindUserCertificates (
1.912 + NSSTrustDomain *td,
1.913 + NSSTime *timeOpt,
1.914 + NSSUsage *usageOpt,
1.915 + NSSPolicies *policiesOpt,
1.916 + NSSCertificate **rvOpt,
1.917 + PRUint32 rvLimit, /* zero for no limit */
1.918 + NSSArena *arenaOpt
1.919 +)
1.920 +{
1.921 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.922 + return NULL;
1.923 +}
1.924 +
1.925 +NSS_IMPLEMENT NSSCertificate *
1.926 +NSSTrustDomain_FindBestUserCertificateForSSLClientAuth (
1.927 + NSSTrustDomain *td,
1.928 + NSSUTF8 *sslHostOpt,
1.929 + NSSDER *rootCAsOpt[], /* null pointer for none */
1.930 + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
1.931 + NSSAlgorithmAndParameters *apOpt,
1.932 + NSSPolicies *policiesOpt
1.933 +)
1.934 +{
1.935 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.936 + return NULL;
1.937 +}
1.938 +
1.939 +NSS_IMPLEMENT NSSCertificate **
1.940 +NSSTrustDomain_FindUserCertificatesForSSLClientAuth (
1.941 + NSSTrustDomain *td,
1.942 + NSSUTF8 *sslHostOpt,
1.943 + NSSDER *rootCAsOpt[], /* null pointer for none */
1.944 + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
1.945 + NSSAlgorithmAndParameters *apOpt,
1.946 + NSSPolicies *policiesOpt,
1.947 + NSSCertificate **rvOpt,
1.948 + PRUint32 rvLimit, /* zero for no limit */
1.949 + NSSArena *arenaOpt
1.950 +)
1.951 +{
1.952 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.953 + return NULL;
1.954 +}
1.955 +
1.956 +NSS_IMPLEMENT NSSCertificate *
1.957 +NSSTrustDomain_FindBestUserCertificateForEmailSigning (
1.958 + NSSTrustDomain *td,
1.959 + NSSASCII7 *signerOpt,
1.960 + NSSASCII7 *recipientOpt,
1.961 + /* anything more here? */
1.962 + NSSAlgorithmAndParameters *apOpt,
1.963 + NSSPolicies *policiesOpt
1.964 +)
1.965 +{
1.966 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.967 + return NULL;
1.968 +}
1.969 +
1.970 +NSS_IMPLEMENT NSSCertificate **
1.971 +NSSTrustDomain_FindUserCertificatesForEmailSigning (
1.972 + NSSTrustDomain *td,
1.973 + NSSASCII7 *signerOpt,
1.974 + NSSASCII7 *recipientOpt,
1.975 + /* anything more here? */
1.976 + NSSAlgorithmAndParameters *apOpt,
1.977 + NSSPolicies *policiesOpt,
1.978 + NSSCertificate **rvOpt,
1.979 + PRUint32 rvLimit, /* zero for no limit */
1.980 + NSSArena *arenaOpt
1.981 +)
1.982 +{
1.983 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.984 + return NULL;
1.985 +}
1.986 +
1.987 +static PRStatus
1.988 +collector(nssCryptokiObject *instance, void *arg)
1.989 +{
1.990 + nssPKIObjectCollection *collection = (nssPKIObjectCollection *)arg;
1.991 + return nssPKIObjectCollection_AddInstanceAsObject(collection, instance);
1.992 +}
1.993 +
1.994 +NSS_IMPLEMENT PRStatus *
1.995 +NSSTrustDomain_TraverseCertificates (
1.996 + NSSTrustDomain *td,
1.997 + PRStatus (*callback)(NSSCertificate *c, void *arg),
1.998 + void *arg
1.999 +)
1.1000 +{
1.1001 + PRStatus status = PR_FAILURE;
1.1002 + NSSToken *token = NULL;
1.1003 + NSSSlot **slots = NULL;
1.1004 + NSSSlot **slotp;
1.1005 + nssPKIObjectCollection *collection = NULL;
1.1006 + nssPKIObjectCallback pkiCallback;
1.1007 + nssUpdateLevel updateLevel;
1.1008 + NSSCertificate **cached = NULL;
1.1009 + nssList *certList;
1.1010 +
1.1011 + certList = nssList_Create(NULL, PR_FALSE);
1.1012 + if (!certList)
1.1013 + return NULL;
1.1014 + (void)nssTrustDomain_GetCertsFromCache(td, certList);
1.1015 + cached = get_certs_from_list(certList);
1.1016 + collection = nssCertificateCollection_Create(td, cached);
1.1017 + nssCertificateArray_Destroy(cached);
1.1018 + nssList_Destroy(certList);
1.1019 + if (!collection) {
1.1020 + return (PRStatus *)NULL;
1.1021 + }
1.1022 + /* obtain the current set of active slots in the trust domain */
1.1023 + slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1.1024 + if (!slots) {
1.1025 + goto loser;
1.1026 + }
1.1027 + /* iterate over the slots */
1.1028 + for (slotp = slots; *slotp; slotp++) {
1.1029 + /* get the token for the slot, if present */
1.1030 + token = nssSlot_GetToken(*slotp);
1.1031 + if (token) {
1.1032 + nssSession *session;
1.1033 + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1.1034 + /* get a session for the token */
1.1035 + session = nssTrustDomain_GetSessionForToken(td, token);
1.1036 + if (session) {
1.1037 + /* perform the traversal */
1.1038 + status = nssToken_TraverseCertificates(token,
1.1039 + session,
1.1040 + tokenOnly,
1.1041 + collector,
1.1042 + collection);
1.1043 + }
1.1044 + nssToken_Destroy(token);
1.1045 + }
1.1046 + }
1.1047 +
1.1048 + /* Traverse the collection */
1.1049 + pkiCallback.func.cert = callback;
1.1050 + pkiCallback.arg = arg;
1.1051 + status = nssPKIObjectCollection_Traverse(collection, &pkiCallback);
1.1052 +loser:
1.1053 + if (slots) {
1.1054 + nssSlotArray_Destroy(slots);
1.1055 + }
1.1056 + if (collection) {
1.1057 + nssPKIObjectCollection_Destroy(collection);
1.1058 + }
1.1059 + return NULL;
1.1060 +}
1.1061 +
1.1062 +
1.1063 +NSS_IMPLEMENT NSSTrust *
1.1064 +nssTrustDomain_FindTrustForCertificate (
1.1065 + NSSTrustDomain *td,
1.1066 + NSSCertificate *c
1.1067 +)
1.1068 +{
1.1069 + NSSSlot **slots;
1.1070 + NSSSlot **slotp;
1.1071 + nssCryptokiObject *to = NULL;
1.1072 + nssPKIObject *pkio = NULL;
1.1073 + NSSTrust *rvt = NULL;
1.1074 + nssUpdateLevel updateLevel;
1.1075 + slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1.1076 + if (!slots) {
1.1077 + return (NSSTrust *)NULL;
1.1078 + }
1.1079 + for (slotp = slots; *slotp; slotp++) {
1.1080 + NSSToken *token = nssSlot_GetToken(*slotp);
1.1081 +
1.1082 + if (token) {
1.1083 + to = nssToken_FindTrustForCertificate(token, NULL,
1.1084 + &c->encoding,
1.1085 + &c->issuer,
1.1086 + &c->serial,
1.1087 + nssTokenSearchType_TokenOnly);
1.1088 + if (to) {
1.1089 + PRStatus status;
1.1090 + if (!pkio) {
1.1091 + pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock);
1.1092 + status = pkio ? PR_SUCCESS : PR_FAILURE;
1.1093 + } else {
1.1094 + status = nssPKIObject_AddInstance(pkio, to);
1.1095 + }
1.1096 + if (status != PR_SUCCESS) {
1.1097 + nssCryptokiObject_Destroy(to);
1.1098 + }
1.1099 + }
1.1100 + nssToken_Destroy(token);
1.1101 + }
1.1102 + }
1.1103 + if (pkio) {
1.1104 + rvt = nssTrust_Create(pkio, &c->encoding);
1.1105 + if (rvt) {
1.1106 + pkio = NULL; /* rvt object now owns the pkio reference */
1.1107 + }
1.1108 + }
1.1109 + nssSlotArray_Destroy(slots);
1.1110 + if (pkio) {
1.1111 + nssPKIObject_Destroy(pkio);
1.1112 + }
1.1113 + return rvt;
1.1114 +}
1.1115 +
1.1116 +NSS_IMPLEMENT NSSCRL **
1.1117 +nssTrustDomain_FindCRLsBySubject (
1.1118 + NSSTrustDomain *td,
1.1119 + NSSDER *subject
1.1120 +)
1.1121 +{
1.1122 + NSSSlot **slots;
1.1123 + NSSSlot **slotp;
1.1124 + NSSToken *token;
1.1125 + nssUpdateLevel updateLevel;
1.1126 + nssPKIObjectCollection *collection;
1.1127 + NSSCRL **rvCRLs = NULL;
1.1128 + collection = nssCRLCollection_Create(td, NULL);
1.1129 + if (!collection) {
1.1130 + return (NSSCRL **)NULL;
1.1131 + }
1.1132 + slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
1.1133 + if (!slots) {
1.1134 + goto loser;
1.1135 + }
1.1136 + for (slotp = slots; *slotp; slotp++) {
1.1137 + token = nssSlot_GetToken(*slotp);
1.1138 + if (token) {
1.1139 + PRStatus status = PR_FAILURE;
1.1140 + nssSession *session;
1.1141 + nssCryptokiObject **instances = NULL;
1.1142 + nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
1.1143 +
1.1144 + /* get a session for the token */
1.1145 + session = nssTrustDomain_GetSessionForToken(td, token);
1.1146 + if (session) {
1.1147 + /* perform the traversal */
1.1148 + instances = nssToken_FindCRLsBySubject(token, session, subject,
1.1149 + tokenOnly, 0, &status);
1.1150 + }
1.1151 + nssToken_Destroy(token);
1.1152 + if (status == PR_SUCCESS) {
1.1153 + /* add the found CRL's to the collection */
1.1154 + status = nssPKIObjectCollection_AddInstances(collection,
1.1155 + instances, 0);
1.1156 + }
1.1157 + nss_ZFreeIf(instances);
1.1158 + }
1.1159 + }
1.1160 + rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
1.1161 +loser:
1.1162 + nssPKIObjectCollection_Destroy(collection);
1.1163 + nssSlotArray_Destroy(slots);
1.1164 + return rvCRLs;
1.1165 +}
1.1166 +
1.1167 +NSS_IMPLEMENT PRStatus
1.1168 +NSSTrustDomain_GenerateKeyPair (
1.1169 + NSSTrustDomain *td,
1.1170 + NSSAlgorithmAndParameters *ap,
1.1171 + NSSPrivateKey **pvkOpt,
1.1172 + NSSPublicKey **pbkOpt,
1.1173 + PRBool privateKeyIsSensitive,
1.1174 + NSSToken *destination,
1.1175 + NSSCallback *uhhOpt
1.1176 +)
1.1177 +{
1.1178 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.1179 + return PR_FAILURE;
1.1180 +}
1.1181 +
1.1182 +NSS_IMPLEMENT NSSSymmetricKey *
1.1183 +NSSTrustDomain_GenerateSymmetricKey (
1.1184 + NSSTrustDomain *td,
1.1185 + NSSAlgorithmAndParameters *ap,
1.1186 + PRUint32 keysize,
1.1187 + NSSToken *destination,
1.1188 + NSSCallback *uhhOpt
1.1189 +)
1.1190 +{
1.1191 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.1192 + return NULL;
1.1193 +}
1.1194 +
1.1195 +NSS_IMPLEMENT NSSSymmetricKey *
1.1196 +NSSTrustDomain_GenerateSymmetricKeyFromPassword (
1.1197 + NSSTrustDomain *td,
1.1198 + NSSAlgorithmAndParameters *ap,
1.1199 + NSSUTF8 *passwordOpt, /* if null, prompt */
1.1200 + NSSToken *destinationOpt,
1.1201 + NSSCallback *uhhOpt
1.1202 +)
1.1203 +{
1.1204 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.1205 + return NULL;
1.1206 +}
1.1207 +
1.1208 +NSS_IMPLEMENT NSSSymmetricKey *
1.1209 +NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID (
1.1210 + NSSTrustDomain *td,
1.1211 + NSSOID *algorithm,
1.1212 + NSSItem *keyID,
1.1213 + NSSCallback *uhhOpt
1.1214 +)
1.1215 +{
1.1216 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.1217 + return NULL;
1.1218 +}
1.1219 +
1.1220 +NSS_IMPLEMENT NSSCryptoContext *
1.1221 +nssTrustDomain_CreateCryptoContext (
1.1222 + NSSTrustDomain *td,
1.1223 + NSSCallback *uhhOpt
1.1224 +)
1.1225 +{
1.1226 + return nssCryptoContext_Create(td, uhhOpt);
1.1227 +}
1.1228 +
1.1229 +NSS_IMPLEMENT NSSCryptoContext *
1.1230 +NSSTrustDomain_CreateCryptoContext (
1.1231 + NSSTrustDomain *td,
1.1232 + NSSCallback *uhhOpt
1.1233 +)
1.1234 +{
1.1235 + return nssTrustDomain_CreateCryptoContext(td, uhhOpt);
1.1236 +}
1.1237 +
1.1238 +NSS_IMPLEMENT NSSCryptoContext *
1.1239 +NSSTrustDomain_CreateCryptoContextForAlgorithm (
1.1240 + NSSTrustDomain *td,
1.1241 + NSSOID *algorithm
1.1242 +)
1.1243 +{
1.1244 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.1245 + return NULL;
1.1246 +}
1.1247 +
1.1248 +NSS_IMPLEMENT NSSCryptoContext *
1.1249 +NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters (
1.1250 + NSSTrustDomain *td,
1.1251 + NSSAlgorithmAndParameters *ap
1.1252 +)
1.1253 +{
1.1254 + nss_SetError(NSS_ERROR_NOT_FOUND);
1.1255 + return NULL;
1.1256 +}
1.1257 +
