The Tor Browser: security/nss/lib/softoken/legacydb/lgdestroy.c@7e26c7da4463

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     4 /*

     5  * Internal PKCS #11 functions. Should only be called by pkcs11.c

     6  */

     7 #include "pkcs11.h"

     8 #include "lgdb.h"

     9 #include "pcert.h"

    10 #include "lowkeyi.h"

    12 /*

    13  * remove an object.

    14  */

    15 CK_RV

    16 lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)

    17 {

    18     CK_RV crv = CKR_OK;

    19     SECStatus rv;

    20     NSSLOWCERTCertificate *cert;

    21     NSSLOWCERTCertTrust tmptrust;

    22     PRBool isKrl;

    23     NSSLOWKEYDBHandle *keyHandle;

    24     NSSLOWCERTCertDBHandle *certHandle;

    25     const SECItem *dbKey;

    27     object_id &= ~LG_TOKEN_MASK;

    28     dbKey = lg_lookupTokenKeyByHandle(sdb,object_id);

    29     if (dbKey == NULL) {

    30 	return CKR_OBJECT_HANDLE_INVALID;

    31     }

    33     /* remove the objects from the real data base */

    34     switch (object_id & LG_TOKEN_TYPE_MASK) {

    35     case LG_TOKEN_TYPE_PRIV:

    36     case LG_TOKEN_TYPE_KEY:

    37 	/* KEYID is the public KEY for DSA and DH, and the MODULUS for

    38 	 *  RSA */

    39 	keyHandle = lg_getKeyDB(sdb);

    40 	if (!keyHandle) {

    41 	    crv = CKR_TOKEN_WRITE_PROTECTED;

    42 	    break;

    43 	}

    44 	rv = nsslowkey_DeleteKey(keyHandle, dbKey);

    45 	if (rv != SECSuccess) {

    46 	    crv = CKR_DEVICE_ERROR;

    47 	}

    48 	break;

    49     case LG_TOKEN_TYPE_PUB:

    50 	break; /* public keys only exist at the behest of the priv key */

    51     case LG_TOKEN_TYPE_CERT:

    52 	certHandle = lg_getCertDB(sdb);

    53 	if (!certHandle) {

    54 	    crv = CKR_TOKEN_WRITE_PROTECTED;

    55 	    break;

    56 	}

    57 	cert = nsslowcert_FindCertByKey(certHandle,dbKey);

    58 	if (cert == NULL) {

    59 	    crv = CKR_DEVICE_ERROR;

    60 	    break;

    61 	}

    62 	rv = nsslowcert_DeletePermCertificate(cert);

    63 	if (rv != SECSuccess) {

    64 	    crv = CKR_DEVICE_ERROR;

    65 	}

    66 	nsslowcert_DestroyCertificate(cert);

    67 	break;

    68     case LG_TOKEN_TYPE_CRL:

    69 	certHandle = lg_getCertDB(sdb);

    70 	if (!certHandle) {

    71 	    crv = CKR_TOKEN_WRITE_PROTECTED;

    72 	    break;

    73 	}

    74 	isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE);

    75 	rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl);

    76 	if (rv == SECFailure) crv = CKR_DEVICE_ERROR;

    77 	break;

    78     case LG_TOKEN_TYPE_TRUST:

    79 	certHandle = lg_getCertDB(sdb);

    80 	if (!certHandle) {

    81 	    crv = CKR_TOKEN_WRITE_PROTECTED;

    82 	    break;

    83 	}

    84 	cert = nsslowcert_FindCertByKey(certHandle, dbKey);

    85 	if (cert == NULL) {

    86 	    crv = CKR_DEVICE_ERROR;

    87 	    break;

    88 	}

    89 	tmptrust = *cert->trust;

    90 	tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS;

    91 	tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS;

    92 	tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS;

    93 	tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN;

    94 	tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN;

    95 	tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN;

    96 	rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust);

    97 	if (rv != SECSuccess) crv = CKR_DEVICE_ERROR;

    98 	nsslowcert_DestroyCertificate(cert);

    99 	break;

   100     default:

   101 	break;

   102     }

   103     lg_DBLock(sdb);

   104     lg_deleteTokenKeyByHandle(sdb,object_id);

   105     lg_DBUnlock(sdb);

   107     return crv;

   108 }

The Tor Browser / file revision