lgdestroy.c (3721B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * Internal PKCS #11 functions. Should only be called by pkcs11.c 6 */ 7 #include "pkcs11.h" 8 #include "lgdb.h" 9 #include "pcert.h" 10 #include "lowkeyi.h" 11 12 /* 13 * remove an object. 14 */ 15 CK_RV 16 lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id) 17 { 18 CK_RV crv = CKR_OK; 19 SECStatus rv; 20 NSSLOWCERTCertificate *cert; 21 NSSLOWCERTCertTrust tmptrust; 22 PRBool isKrl; 23 NSSLOWKEYDBHandle *keyHandle; 24 NSSLOWCERTCertDBHandle *certHandle; 25 const SECItem *dbKey; 26 27 object_id &= ~LG_TOKEN_MASK; 28 dbKey = lg_lookupTokenKeyByHandle(sdb, object_id); 29 if (dbKey == NULL) { 30 return CKR_OBJECT_HANDLE_INVALID; 31 } 32 33 /* remove the objects from the real data base */ 34 switch (object_id & LG_TOKEN_TYPE_MASK) { 35 case LG_TOKEN_TYPE_PRIV: 36 case LG_TOKEN_TYPE_KEY: 37 /* KEYID is the public KEY for DSA and DH, and the MODULUS for 38 * RSA */ 39 keyHandle = lg_getKeyDB(sdb); 40 if (!keyHandle) { 41 crv = CKR_TOKEN_WRITE_PROTECTED; 42 break; 43 } 44 rv = nsslowkey_DeleteKey(keyHandle, dbKey); 45 if (rv != SECSuccess) { 46 crv = CKR_DEVICE_ERROR; 47 } 48 break; 49 case LG_TOKEN_TYPE_PUB: 50 break; /* public keys only exist at the behest of the priv key */ 51 case LG_TOKEN_TYPE_CERT: 52 certHandle = lg_getCertDB(sdb); 53 if (!certHandle) { 54 crv = CKR_TOKEN_WRITE_PROTECTED; 55 break; 56 } 57 cert = nsslowcert_FindCertByKey(certHandle, dbKey); 58 if (cert == NULL) { 59 crv = CKR_DEVICE_ERROR; 60 break; 61 } 62 rv = nsslowcert_DeletePermCertificate(cert); 63 if (rv != SECSuccess) { 64 crv = CKR_DEVICE_ERROR; 65 } 66 nsslowcert_DestroyCertificate(cert); 67 break; 68 case LG_TOKEN_TYPE_CRL: 69 certHandle = lg_getCertDB(sdb); 70 if (!certHandle) { 71 crv = CKR_TOKEN_WRITE_PROTECTED; 72 break; 73 } 74 isKrl = (PRBool)(object_id == LG_TOKEN_KRL_HANDLE); 75 rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl); 76 if (rv == SECFailure) 77 crv = CKR_DEVICE_ERROR; 78 break; 79 case LG_TOKEN_TYPE_TRUST: 80 case LG_TOKEN_TYPE_NSS_TRUST: 81 certHandle = lg_getCertDB(sdb); 82 if (!certHandle) { 83 crv = CKR_TOKEN_WRITE_PROTECTED; 84 break; 85 } 86 cert = nsslowcert_FindCertByKey(certHandle, dbKey); 87 if (cert == NULL) { 88 crv = CKR_DEVICE_ERROR; 89 break; 90 } 91 tmptrust = *cert->trust; 92 tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS; 93 tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS; 94 tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS; 95 tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN; 96 tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN; 97 tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN; 98 rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust); 99 if (rv != SECSuccess) 100 crv = CKR_DEVICE_ERROR; 101 nsslowcert_DestroyCertificate(cert); 102 break; 103 default: 104 break; 105 } 106 lg_DBLock(sdb); 107 lg_deleteTokenKeyByHandle(sdb, object_id); 108 lg_DBUnlock(sdb); 109 110 return crv; 111 }