439
edits
Changes
→Mode 3
Mode 3 Applications are the most complicated. NSS provides some services to help applications get through and update and merge with the least interaction with the user of the application.
Step 0: Preparation: collect the directory and prefix names of both thesource and target DBs. Prepare two strings for the operation: a) # <nowiki>A string to uniquely identify the source DB, for the purpose of
avoiding a repeat of this merge (making the merge idempotent). This
string could be derived from the name of the application that used the
source DB, from any application "instance" names (such as profile
names), from the absolute path name of the source DB directory and the
DB prefixes, and from the last modification time of the source DBs.<br><br>
The algorithm for deriving this string should always produce the same
result for the same set of source files, so that the code can detect a
second or subsequent attempt to merge the same source file into the
destination file. </nowiki><br><br><nowiki>Note: The purpose of this string is to prevent multiple updates from the same old Database. This merge sequence is meant to be light enough weight that applications can safely call it each time they initialize.</nowiki> b) # <nowiki>A string that will be the name of the removable PKCS#11 token that
will represent the source DB. This string must follow the rules for a
valid token name and must not contain any colon (:) characters.</nowiki>
Step 1: Call NSS_InitWithMerge, passing as arguments the destination
test for this.
*If the DB slot token is removable, then an update/merge is necessary. *However,if there is no database password on either the source or the target database,then NSS has already completed the merge. You can test for this withPK11_NeedLogin(). If PK11_NeedLogin() is true then it is necessary to authenticate to the source token, at step 3 below.*If the token is not removable, then no merge is necessary and you can skipto step 87.
Step 3. Authenticate to the source token. The substeps are:
step is likely to call the application-supplied PKCS11 password callback
function to retrieve the password.</nowiki> #*If this step fails: stop. A Failure at this point is described below as "Exception A".#*Otherwise, continue with step 4.
Step 4. Determine if it is necessary to authenticate to the target DB.
This is done by calling PK11_IsLoggedIn for the DB slot.
*If the function indicates that the DB token is NOT logged in, then it isnecessary to authenticate to the target DB, with the next step below.*If the function indicates that the token is logged in, skip down to step 87.
Step 5. Call PK11_IsPresent(). You may think of this step as telling
things happen. After this call succeeds the token name should be that
of the target token (see next step).
*If this fails, stop.
*If this call indicates that the token is NOT present, something fundamentally wrong in the NSS softoken engine. Applications should treat this the same as an NSS initialization failure.
*If this call indicates that the token name in the DB slot is now the target token name, continue to step 6.
This step is likely to call the application-supplied PKCS11 password
callback function to retrieve the password.
* If this step fails: stop. A Failure at this point is described below as "Exception B".* Otherwise, continue with step 87. Step 7. SUCCESS! You have successfully performed the merge. Future calls using the same unique identifier will single that the merge is not necessary, skipping to here from step 2 above. At this point NSS is fully enabled and the application can start making NSS calls as normal.
is not supplied. Application can choose to:
# continue to use the legacy DB and try to update later. (Probably a future restart of the application).# force NSS to mark legacy DB to be updated without actually updating reset the legacy DB (database, throwing away everything any private or secret keys in the legacy DB)old database.# force shutdown NSS and initialize it only with the new shared database.: The exact strategy for recovering is application dependent and depends on factors like:# the sensitivity of the application to update those objects it can loosing key data.:# possible input from the legacy DB, throwinguser.away private keys and saved passwords:# the likelihood that the password will every be recovered.
password is not supplied. Application can choose to:
# continue to use the legacy DB and try to update later.
# force NSS to update those objects it can from the legacy DB,throwing away private keys and saved passwords, and trust information from the legacy DB.
# force NSS to reset the shared database password, throwing away private keys and saved passwords, and trust information rom from the shared DB.
step 7; that is, during the call to NSS_InitWithMerge or during either
of the calls to PK11_Authenticate. This will depend on the ability of
on the DBs, and if both have passwords, it will depend on whether they
have the same password or different passwords, and when the
authentication attempts, if any, succeed. This The system tries to complete themerge as soon as it is able, to increase reliability of the merge update actually completing. Therefore API does not make it
possible to predict, accurately, which step will actually perform the
merge. The code must try it and see. However, Since multiple calls to PK11_Authenticate() do not hurt (PK11_Authenticate will automatically return without prompting, so applications that just need to update (without necessarily caring which step the update completes) can simply follow the steps and know the update is done by step 87.
source DB fails for any reason, the operation will behave as if the
source DB was empty. It will record the unique source DB identifier
string in the target DB and act as if the merger is complete. This is similiar to what happens in all previous versions of NSS during database update. See "Database Merge" below for how to recover from this.
<pre>
/* STEP 1: Signal that update/merge may be needed */
rv = NSS_InitWithMerge(SECU_ConfigDirectory(NULL),
/*
* Step 3: Authenticate to the token
rv = PK11_Authenticate(slot, PR_FALSE, pwArg);
if (rv != SECSuccess) {
if (PORT_Strcmp(PK11_GetTokenName(slot), updateTokenName) == 0)) {
/* handle exception A */
handle_failure_to_get_old_DB_Password();
} else {
/* handle exception B */
handle_failure_to_get_new_DB_Password();
}
rv = PK11_Authenticate(slot, PR_FALSE, pwArg);
if (rv != SECSuccess) {
/* handle exception B */
handle_failure_to_get_new_DB_Password();
/* NSS is initialized and merged, start using it */
</pre>
====== Database Upgrade Underlying Implementation ======
