michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* michael@0: * Internal PKCS #11 functions. Should only be called by pkcs11.c michael@0: */ michael@0: #include "pkcs11.h" michael@0: #include "lgdb.h" michael@0: #include "pcert.h" michael@0: #include "lowkeyi.h" michael@0: michael@0: /* michael@0: * remove an object. michael@0: */ michael@0: CK_RV michael@0: lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id) michael@0: { michael@0: CK_RV crv = CKR_OK; michael@0: SECStatus rv; michael@0: NSSLOWCERTCertificate *cert; michael@0: NSSLOWCERTCertTrust tmptrust; michael@0: PRBool isKrl; michael@0: NSSLOWKEYDBHandle *keyHandle; michael@0: NSSLOWCERTCertDBHandle *certHandle; michael@0: const SECItem *dbKey; michael@0: michael@0: object_id &= ~LG_TOKEN_MASK; michael@0: dbKey = lg_lookupTokenKeyByHandle(sdb,object_id); michael@0: if (dbKey == NULL) { michael@0: return CKR_OBJECT_HANDLE_INVALID; michael@0: } michael@0: michael@0: /* remove the objects from the real data base */ michael@0: switch (object_id & LG_TOKEN_TYPE_MASK) { michael@0: case LG_TOKEN_TYPE_PRIV: michael@0: case LG_TOKEN_TYPE_KEY: michael@0: /* KEYID is the public KEY for DSA and DH, and the MODULUS for michael@0: * RSA */ michael@0: keyHandle = lg_getKeyDB(sdb); michael@0: if (!keyHandle) { michael@0: crv = CKR_TOKEN_WRITE_PROTECTED; michael@0: break; michael@0: } michael@0: rv = nsslowkey_DeleteKey(keyHandle, dbKey); michael@0: if (rv != SECSuccess) { michael@0: crv = CKR_DEVICE_ERROR; michael@0: } michael@0: break; michael@0: case LG_TOKEN_TYPE_PUB: michael@0: break; /* public keys only exist at the behest of the priv key */ michael@0: case LG_TOKEN_TYPE_CERT: michael@0: certHandle = lg_getCertDB(sdb); michael@0: if (!certHandle) { michael@0: crv = CKR_TOKEN_WRITE_PROTECTED; michael@0: break; michael@0: } michael@0: cert = nsslowcert_FindCertByKey(certHandle,dbKey); michael@0: if (cert == NULL) { michael@0: crv = CKR_DEVICE_ERROR; michael@0: break; michael@0: } michael@0: rv = nsslowcert_DeletePermCertificate(cert); michael@0: if (rv != SECSuccess) { michael@0: crv = CKR_DEVICE_ERROR; michael@0: } michael@0: nsslowcert_DestroyCertificate(cert); michael@0: break; michael@0: case LG_TOKEN_TYPE_CRL: michael@0: certHandle = lg_getCertDB(sdb); michael@0: if (!certHandle) { michael@0: crv = CKR_TOKEN_WRITE_PROTECTED; michael@0: break; michael@0: } michael@0: isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE); michael@0: rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl); michael@0: if (rv == SECFailure) crv = CKR_DEVICE_ERROR; michael@0: break; michael@0: case LG_TOKEN_TYPE_TRUST: michael@0: certHandle = lg_getCertDB(sdb); michael@0: if (!certHandle) { michael@0: crv = CKR_TOKEN_WRITE_PROTECTED; michael@0: break; michael@0: } michael@0: cert = nsslowcert_FindCertByKey(certHandle, dbKey); michael@0: if (cert == NULL) { michael@0: crv = CKR_DEVICE_ERROR; michael@0: break; michael@0: } michael@0: tmptrust = *cert->trust; michael@0: tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS; michael@0: tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS; michael@0: tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS; michael@0: tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN; michael@0: tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN; michael@0: tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN; michael@0: rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust); michael@0: if (rv != SECSuccess) crv = CKR_DEVICE_ERROR; michael@0: nsslowcert_DestroyCertificate(cert); michael@0: break; michael@0: default: michael@0: break; michael@0: } michael@0: lg_DBLock(sdb); michael@0: lg_deleteTokenKeyByHandle(sdb,object_id); michael@0: lg_DBUnlock(sdb); michael@0: michael@0: return crv; michael@0: } michael@0: michael@0: michael@0: