1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/softoken/legacydb/lgdestroy.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,111 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * Internal PKCS #11 functions. Should only be called by pkcs11.c
1.9 + */
1.10 +#include "pkcs11.h"
1.11 +#include "lgdb.h"
1.12 +#include "pcert.h"
1.13 +#include "lowkeyi.h"
1.14 +
1.15 +/*
1.16 + * remove an object.
1.17 + */
1.18 +CK_RV
1.19 +lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)
1.20 +{
1.21 + CK_RV crv = CKR_OK;
1.22 + SECStatus rv;
1.23 + NSSLOWCERTCertificate *cert;
1.24 + NSSLOWCERTCertTrust tmptrust;
1.25 + PRBool isKrl;
1.26 + NSSLOWKEYDBHandle *keyHandle;
1.27 + NSSLOWCERTCertDBHandle *certHandle;
1.28 + const SECItem *dbKey;
1.29 +
1.30 + object_id &= ~LG_TOKEN_MASK;
1.31 + dbKey = lg_lookupTokenKeyByHandle(sdb,object_id);
1.32 + if (dbKey == NULL) {
1.33 + return CKR_OBJECT_HANDLE_INVALID;
1.34 + }
1.35 +
1.36 + /* remove the objects from the real data base */
1.37 + switch (object_id & LG_TOKEN_TYPE_MASK) {
1.38 + case LG_TOKEN_TYPE_PRIV:
1.39 + case LG_TOKEN_TYPE_KEY:
1.40 + /* KEYID is the public KEY for DSA and DH, and the MODULUS for
1.41 + * RSA */
1.42 + keyHandle = lg_getKeyDB(sdb);
1.43 + if (!keyHandle) {
1.44 + crv = CKR_TOKEN_WRITE_PROTECTED;
1.45 + break;
1.46 + }
1.47 + rv = nsslowkey_DeleteKey(keyHandle, dbKey);
1.48 + if (rv != SECSuccess) {
1.49 + crv = CKR_DEVICE_ERROR;
1.50 + }
1.51 + break;
1.52 + case LG_TOKEN_TYPE_PUB:
1.53 + break; /* public keys only exist at the behest of the priv key */
1.54 + case LG_TOKEN_TYPE_CERT:
1.55 + certHandle = lg_getCertDB(sdb);
1.56 + if (!certHandle) {
1.57 + crv = CKR_TOKEN_WRITE_PROTECTED;
1.58 + break;
1.59 + }
1.60 + cert = nsslowcert_FindCertByKey(certHandle,dbKey);
1.61 + if (cert == NULL) {
1.62 + crv = CKR_DEVICE_ERROR;
1.63 + break;
1.64 + }
1.65 + rv = nsslowcert_DeletePermCertificate(cert);
1.66 + if (rv != SECSuccess) {
1.67 + crv = CKR_DEVICE_ERROR;
1.68 + }
1.69 + nsslowcert_DestroyCertificate(cert);
1.70 + break;
1.71 + case LG_TOKEN_TYPE_CRL:
1.72 + certHandle = lg_getCertDB(sdb);
1.73 + if (!certHandle) {
1.74 + crv = CKR_TOKEN_WRITE_PROTECTED;
1.75 + break;
1.76 + }
1.77 + isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE);
1.78 + rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl);
1.79 + if (rv == SECFailure) crv = CKR_DEVICE_ERROR;
1.80 + break;
1.81 + case LG_TOKEN_TYPE_TRUST:
1.82 + certHandle = lg_getCertDB(sdb);
1.83 + if (!certHandle) {
1.84 + crv = CKR_TOKEN_WRITE_PROTECTED;
1.85 + break;
1.86 + }
1.87 + cert = nsslowcert_FindCertByKey(certHandle, dbKey);
1.88 + if (cert == NULL) {
1.89 + crv = CKR_DEVICE_ERROR;
1.90 + break;
1.91 + }
1.92 + tmptrust = *cert->trust;
1.93 + tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS;
1.94 + tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS;
1.95 + tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS;
1.96 + tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN;
1.97 + tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN;
1.98 + tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN;
1.99 + rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust);
1.100 + if (rv != SECSuccess) crv = CKR_DEVICE_ERROR;
1.101 + nsslowcert_DestroyCertificate(cert);
1.102 + break;
1.103 + default:
1.104 + break;
1.105 + }
1.106 + lg_DBLock(sdb);
1.107 + lg_deleteTokenKeyByHandle(sdb,object_id);
1.108 + lg_DBUnlock(sdb);
1.109 +
1.110 + return crv;
1.111 +}
1.112 +
1.113 +
1.114 +
