1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * Internal PKCS #11 functions. Should only be called by pkcs11.c
6 */
7 #include "pkcs11.h"
8 #include "lgdb.h"
9 #include "pcert.h"
10 #include "lowkeyi.h"
11
12 /*
13 * remove an object.
14 */
15 CK_RV
lg_DestroyObject(SDB * sdb,CK_OBJECT_HANDLE object_id)16 lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)
17 {
18 CK_RV crv = CKR_OK;
19 SECStatus rv;
20 NSSLOWCERTCertificate *cert;
21 NSSLOWCERTCertTrust tmptrust;
22 PRBool isKrl;
23 NSSLOWKEYDBHandle *keyHandle;
24 NSSLOWCERTCertDBHandle *certHandle;
25 const SECItem *dbKey;
26
27 object_id &= ~LG_TOKEN_MASK;
28 dbKey = lg_lookupTokenKeyByHandle(sdb, object_id);
29 if (dbKey == NULL) {
30 return CKR_OBJECT_HANDLE_INVALID;
31 }
32
33 /* remove the objects from the real data base */
34 switch (object_id & LG_TOKEN_TYPE_MASK) {
35 case LG_TOKEN_TYPE_PRIV:
36 case LG_TOKEN_TYPE_KEY:
37 /* KEYID is the public KEY for DSA and DH, and the MODULUS for
38 * RSA */
39 keyHandle = lg_getKeyDB(sdb);
40 if (!keyHandle) {
41 crv = CKR_TOKEN_WRITE_PROTECTED;
42 break;
43 }
44 rv = nsslowkey_DeleteKey(keyHandle, dbKey);
45 if (rv != SECSuccess) {
46 crv = CKR_DEVICE_ERROR;
47 }
48 break;
49 case LG_TOKEN_TYPE_PUB:
50 break; /* public keys only exist at the behest of the priv key */
51 case LG_TOKEN_TYPE_CERT:
52 certHandle = lg_getCertDB(sdb);
53 if (!certHandle) {
54 crv = CKR_TOKEN_WRITE_PROTECTED;
55 break;
56 }
57 cert = nsslowcert_FindCertByKey(certHandle, dbKey);
58 if (cert == NULL) {
59 crv = CKR_DEVICE_ERROR;
60 break;
61 }
62 rv = nsslowcert_DeletePermCertificate(cert);
63 if (rv != SECSuccess) {
64 crv = CKR_DEVICE_ERROR;
65 }
66 nsslowcert_DestroyCertificate(cert);
67 break;
68 case LG_TOKEN_TYPE_CRL:
69 certHandle = lg_getCertDB(sdb);
70 if (!certHandle) {
71 crv = CKR_TOKEN_WRITE_PROTECTED;
72 break;
73 }
74 isKrl = (PRBool)(object_id == LG_TOKEN_KRL_HANDLE);
75 rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl);
76 if (rv == SECFailure)
77 crv = CKR_DEVICE_ERROR;
78 break;
79 case LG_TOKEN_TYPE_TRUST:
80 certHandle = lg_getCertDB(sdb);
81 if (!certHandle) {
82 crv = CKR_TOKEN_WRITE_PROTECTED;
83 break;
84 }
85 cert = nsslowcert_FindCertByKey(certHandle, dbKey);
86 if (cert == NULL) {
87 crv = CKR_DEVICE_ERROR;
88 break;
89 }
90 tmptrust = *cert->trust;
91 tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS;
92 tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS;
93 tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS;
94 tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN;
95 tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN;
96 tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN;
97 rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust);
98 if (rv != SECSuccess)
99 crv = CKR_DEVICE_ERROR;
100 nsslowcert_DestroyCertificate(cert);
101 break;
102 default:
103 break;
104 }
105 lg_DBLock(sdb);
106 lg_deleteTokenKeyByHandle(sdb, object_id);
107 lg_DBUnlock(sdb);
108
109 return crv;
110 }
111