Am Mittwoch, 11. Januar 2017 14:23:45 UTC+1 schrieb John Dennis:
> On 01/11/2017 03:21 AM, Opa114 wrote:
> > Am Mittwoch, 11. Januar 2017 00:45:45 UTC+1 schrieb Robert Relyea:
> >> On 01/10/2017 02:07 PM, Opa114 wrote:
> >>> Am Dienstag, 10. Januar 2017 22:24:10 UTC+1 schrieb Robert Relyea:
> >>>> On 01/10/2017 10:18 AM, Opa114 wrote:
> >>>>> thanks, but these facts i know.
> >>>>> I don't want top let multiple applications open one Database, i want to 
> >>>>> open multiple different Mozilla databases, in the old standard format, 
> >>>>> with one (my) application.
> >>>>>
> >>>>> I tried to use the NSS_Init functions. These works with openening one 
> >>>>> database, but when i open a second one the whole application crashes,so 
> >>>>> that's why i asked the question and may be get some working example c++ 
> >>>>> code?
> >>>> 1) Where are you crashing (it's not expected to work, but I don't expect
> >>>> a crash because you called NSS_Init again).
> >>>>
> >>>> 2) To open additional databases you want to use SECMOD_OpenUserDB:
> >>>>
> >>>> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Functions#SECMOD_OpenUserDB
> >>>>
> >>>> You can call that multiple times.
> >>>> Once the database is opened any of the NSS find functions will find all
> >>>> the certs in both databases. The slot returned from SECOMD_OpenUserDB
> >>>> can be used in functions that take a slot to narrow the operations just
> >>>> to that particular database.
> >>>>
> >>>> To NSS each database will look basically like a smart card.
> >>>>
> >>>> When you are through with that database you can use SECMOD_CloseUserDB()
> >>>>
> >>>> bob
> >>>
> >>> thanks for reply. Here are first some little code of which did not work, 
> >>> that means it crashes:
> >>>
> >>> functionLoadFirefox() {
> >>> SECStatus rv = NSS_InitReadWrite(PATH_TO_FF_DB);
> >>> ... if success load Certificates with PK11_ListCerts(PK11CertListAll, 
> >>> NULL);
> >>> NSS_Shutdown();
> >>> }
> >>>
> >>> functionLoadThunderbird() {
> >>> SECStatus rv = NSS_InitReadWrite(PATH_TO_TB_DB);
> >>> ... if success load Certificates with PK11_ListCerts(PK11CertListAll, 
> >>> NULL);
> >>> NSS_Shutdown();
> >>> }
> >>>
> >>> So these are my two functions in which i opened and clos the databases 
> >>> and retrieve the certificates.
> >> So the certs you got from the first call is likely preventing
> >> NSS_Shutdown from completing. The certs hold references to the
> >> respective slots. Those references prevent NSS_Shutdown from closing
> >> completely. The will prevent the second NSS_Init from succeeding, so you
> >> probably crash in your second shutdown. You can detect this happened by
> >> looking at the return value from NSS_Shutdown().
> >>>
> >>> --> 2) To open additional databases you want to use SECMOD_OpenUserDB
> >>> So this means. First i have to call NSS_Init with let's say firefox 
> >>> database ad the i have to call SECMOD_OpenUserDB with the 
> >>> thudnerbirddatabse, right? Or must i load both with the SECMOD_OpenUserDB?
> >> You can either use NSS_Init with no database and then call
> >> SECMOD_OpenUserDB() for both, or you can call NSS_Init with one database
> >> and then call SECMOD_OpenUserDB with the other.
> >>>
> >>> --> Once the database is opened any of the NSS find functions will find 
> >>> all the certs in both databases
> >>> But i have to know from which databse the certificates are coming from. 
> >>> So i need to know that let's say Certificate ABC ist stored inside 
> >>> Firefox Databse and Certificate 123 is stored in Thunerbird Database. How 
> >>> can i do that? or is this not possible?
> >> The slot the database can be found in the cert->slot entry, but this
> >> will only give you ONE of the slots the cert lives in. If a cert exists
> >> in both databases, it will have a single entry on the list and be
> >> "somewhat" random which slot is listed (If you open one database with
> >> NSS_Init and the second with SECMOD_OpenUserDB() then the one you opened
> >> with SECMOD_OpenUserDB() will be the slot that shows up.
> >>
> >> To fix this issue, there's a function called PK11_GetAllSlotsForCert()
> >> which returns a slotList and will return all the slots that hold this
> >> cert. The slots map one for one to the databases you opened (or any
> >> smart cards you have loaded). You can control the 'tokenName' of each
> >> slot with the string arguments you pass to SECMOD_OpenUserDB(), and you
> >> can get the token name with PK11_GetTokenName() on each slot on the list..
> >>
> >> You could also use PK11_ListCertsInSlot() which takes a slot
> >> (SECMOD_OpenUserDB() will return a slot for you) and lists only those
> >> certs in that slot.
> >>
> >> Be sure to free all these things once you are through with them, or your
> >> shutdown will fail at the end again.
> >>
> >>
> >> bob
> >
> > thanks again for the detailed explanation, that helps me a lot - many 
> > thanks!
> >
> > --> So the certs you got from the first call is likely preventing
> > NSS_Shutdown from completing.....
> > So when i free the used stuff i can close the database correctly, so that i 
> > can open the second one. If i can close the first one correctly and NSS 
> > shuts down i should be able to open the second one, too.
> > Can you give me some more details to my piece of code or in general how to 
> > free the things correctly?
> 
> Yes, you have to make sure NSS_Shutdown*() returns without an error, if 
> it doesn't the next NSS_init* won't work. You can test for whether NSS 
> is still in an initialized state with  NSS_IsInitialized(). If NSS does 
> not shutdown successfully it's because of dangling references, finding 
> out who is holding on to these is the tricky part. Calling 
> NSS_DumpCertificateCacheInfo() *may* give you enough addition 
> information to figure that out. In the past I've had to resort to 
> running the process under GDB and step through code and data structures 
> to figure it out. How hard this is is really a reflection of the 
> complexity of your application code. In our case it was pretty complex. 
> If your code is simple and clean it may be a total non-issue, YMMV.
> 
> >
> > So if it will be better to open the two or more databases but successively 
> > and not at the same time as i wanted to do it. Would this be the better 
> > working solution. The only thing is that i then must reopen and shutdown 
> > the databses multiple times if needed.
> 
> Yes, it's better for successive single databases than multiple 
> simultaneous IMHO.
> 
> > And did i understand it right, that i can use SECMOD_OpenUserDB() and 
> > SECMOD_CloseUserDB() to open and close the databases instead of using 
> > NSS_Init() and NSS_Shutdown()? The SECMOD-functions do call them internal 
> > or? Or does it not matter which of the functions i use?
> >
> > --> ... if you try to trust one CA in one DB/slot and not trust it in 
> > another DB/slot, you won't actually be able to do that
> > This is extremely bad, because i have to maybe change the Trust-Status of 
> > some Certificates.
> >
> > So in conclusion for my needs it would be the way to open each database 
> > separately and successively?
> >
> 
> 
> -- 
> John

thanks John for the explanation. I will try it this way when i have tim to test 
it again :/
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to