pk11util.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 585 行 · 第 1/2 页

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */
/*
 * Initialize the PCKS 11 subsystem
 */
#include "seccomon.h"
#include "secmod.h"
#include "prlock.h"
#include "secmodi.h"
#include "pk11func.h"

/* these are for displaying error messages */

static  SECMODModuleList *modules = NULL;
static  SECMODModule *internalModule = NULL;
static SECMODListLock *moduleLock = NULL;

extern SECStatus
PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
                        PRBool add);
                        

extern int XP_SEC_MODULE_NO_LIB;

extern PK11DefaultArrayEntry PK11_DefaultArray[];
extern int num_pk11_default_mechanisms;

static PRBool secmod_ModuleHasRoots(SECMODModule *module)
{
    int i;

    for (i=0; i < module->slotInfoCount; i++) {
	if (module->slotInfo[i].hasRootCerts) {
	    return PR_TRUE;
	}
    }
    return PR_FALSE;
}


/*
 * The following code is an attempt to automagically find the external root
 * module. NOTE: This code should be checked out on the MAC! There must be
 * some cross platform support out there to help out with this?
 */

static char *dllnames[]= {
	"roots.dll", "libroots.so","libroots.sl","Root Certs",
	"roots.dll", "libroots.so","libroots.sl","Root Certs",
	"nssckbi.dll","libnssckbi.so","libnssckbi.sl","NSS Builtin Root Certs",
	"mozckbi.dll","libmozckbi.so","libmozckbi.sl","Mozilla Builtin Root Certs",
	"netckbi.dll","libnetckbi.so","libnetckbi.sl","Netscape Builtin Root Certs",
	0 };

#define MAXDLLNAME 40

/* Should we have platform ifdefs here??? */
#define FILE_SEP '/'

static void
secmod_FindExternalRoot(char *dbname)
{
	char *path, *cp, **cur_name;
	int len = PORT_Strlen(dbname);
	int path_len;

	
	path = PORT_Alloc(len+MAXDLLNAME);
	if (path == NULL) return;

	/* back up to the top of the directory */
	for (cp = &dbname[len]; cp != dbname && (*cp != FILE_SEP); cp--) ;
	path_len = cp-dbname;
	PORT_Memcpy(path,dbname,path_len);
	path[path_len++] = FILE_SEP;

	/* now walk our tree of dll names looking for the file of interest. */
	for (cur_name= dllnames; *cur_name != 0; cur_name++) {
	    PORT_Memcpy(&path[path_len],*cur_name,PORT_Strlen(*cur_name)+1);
	    if (SECMOD_AddNewModule("Root Certs",path, 0, 0) == SECSuccess) {
		break;
	    }
	}
	PORT_Free(path);
	return;
}

void SECMOD_init(char *dbname) {
    SECMODModuleList *thisModule;
    int found=0;
    int rootFound=0;
    SECStatus rv = SECFailure;


    /* don't initialize twice */
    if (modules) return;

    PK11_InitSlotLists();

    SECMOD_InitDB(dbname);

    /*
     * read in the current modules from the database
     */
    modules = SECMOD_ReadPermDB();

    /* make sure that the internal module is loaded */
    for (thisModule = modules; thisModule ; thisModule = thisModule->next) {
	if (thisModule->module->internal) {
	    found++;
	    internalModule = SECMOD_ReferenceModule(thisModule->module);
	}
	if (secmod_ModuleHasRoots(thisModule->module)) {
	    rootFound++;
	}
    }

    if (!found) {
	thisModule = modules;
	modules = SECMOD_NewModuleListElement();
	modules->module = SECMOD_NewInternal();
	PORT_Assert(modules->module != NULL);
	modules->next = thisModule;
	SECMOD_AddPermDB(modules->module);
	internalModule = SECMOD_ReferenceModule(modules->module);
    }

    /* load it first... we need it to verify the external modules
     * which we are loading.... */
    rv = SECMOD_LoadModule(internalModule);
    if( rv != SECSuccess )
        internalModule = NULL;

    if (! rootFound ) {
	secmod_FindExternalRoot(dbname);
    }
    /* Load each new module */
    for (thisModule = modules; thisModule ; thisModule = thisModule->next) {
        if( !( thisModule->module->internal ) )
	    SECMOD_LoadModule(thisModule->module);
    }

    moduleLock = SECMOD_NewListLock();
}

/*
 * retrieve the internal module
 */
SECMODModule *
SECMOD_GetInternalModule(void) {
   return internalModule;
}

/* called from  security/cmd/swfort/instinit, which doesn't need a full 
 * security LIBRARY (it used the swfortezza code, but it does have to verify
 * cert chains against it's own list of certs. We need to initialize the 
 * security code without any database.
 */
void
SECMOD_SetInternalModule( SECMODModule *mod) {
   internalModule = SECMOD_ReferenceModule(mod);
}

/*
 * get the list of PKCS11 modules that are available.
 */
SECMODModuleList *SECMOD_GetDefaultModuleList() { return modules; }
SECMODListLock *SECMOD_GetDefaultModuleListLock() { return moduleLock; }



/*
 * find a module by name, and add a reference to it.
 * return that module.
 */
SECMODModule *SECMOD_FindModule(char *name) {
    SECMODModuleList *mlp;
    SECMODModule *module = NULL;

    SECMOD_GetReadLock(moduleLock);
    for(mlp = modules; mlp != NULL; mlp = mlp->next) {
	if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
	    module = mlp->module;
	    SECMOD_ReferenceModule(module);
	    break;
	}
    }
    SECMOD_ReleaseReadLock(moduleLock);

    return module;
}

/*
 * find a module by ID, and add a reference to it.
 * return that module.
 */
SECMODModule *SECMOD_FindModuleByID(SECMODModuleID id) {
    SECMODModuleList *mlp;
    SECMODModule *module = NULL;

    SECMOD_GetReadLock(moduleLock);
    for(mlp = modules; mlp != NULL; mlp = mlp->next) {
	if (id == mlp->module->moduleID) {
	    module = mlp->module;
	    SECMOD_ReferenceModule(module);
	    break;
	}
    }
    SECMOD_ReleaseReadLock(moduleLock);

    return module;
}

/*
 * lookup the Slot module based on it's module ID and slot ID.
 */
PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID moduleID,CK_SLOT_ID slotID) {
    int i;
    SECMODModule *module;

    module = SECMOD_FindModuleByID(moduleID);
    if (module == NULL) return NULL;

    for (i=0; i < module->slotCount; i++) {
	PK11SlotInfo *slot = module->slots[i];

	if (slot->slotID == slotID) {
	    SECMOD_DestroyModule(module);
	    return PK11_ReferenceSlot(slot);
	}
    }
    SECMOD_DestroyModule(module);
    return NULL;
}


/*
 * find a module by name and delete it of the module list
 */
SECStatus
SECMOD_DeleteModule(char *name, int *type) {
    SECMODModuleList *mlp;
    SECMODModuleList **mlpp;
    SECStatus rv = SECFailure;


    *type = SECMOD_EXTERNAL;

    SECMOD_GetWriteLock(moduleLock);
    for(mlpp = &modules,mlp = modules; 
				mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
	if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
	    /* don't delete the internal module */
	    if (!mlp->module->internal) {
		SECMOD_RemoveList(mlpp,mlp);
		/* delete it after we release the lock */
		rv = SECSuccess;
	    } else if (mlp->module->isFIPS) {
		*type = SECMOD_FIPS;
	    } else {
		*type = SECMOD_INTERNAL;
	    }
	    break;