Multiple initializations appear to work

Author: mletterle

src/libnss/ffi.rs

@@ -1,6 +1,6 @@
 use std::libc::{c_char, c_int, c_void, c_ulong, c_uint};
 
-#[link_args = "-lnss3"]
+#[link_args = "-lnss3 -lnspr4"]
 #[nolink]
 extern "C" { }
 
@@ -15,6 +15,11 @@ pub static SECWouldBlock: c_int = -2;
 pub static PRTrue: PRBool = 1;
 pub static PRFalse: PRBool = 0;
 
+pub static PR_AF_INET: c_int = 2;
+
+pub static NSS_INIT_READONLY: c_uint = 0x1;
+pub static NSS_INIT_PK11RELOAD: c_uint = 0x80;
+
 pub struct SECMODModule {    
     arena: *c_void, //TODO
     internal: PRBool,	/* true of internally linked modules, false for the loaded modules */
@@ -56,4 +61,8 @@ pub static TLS_RSA_WITH_AES_128_CBC_SHA: c_int = 0x002f;
 
 externfn!(fn NSS_Init(configdir: *c_char) -> SECStatus)
 externfn!(fn NSS_NoDB_Init(configdir: *c_char) -> SECStatus)
+externfn!(fn NSS_InitContext(configdir: *c_char, certPrefix: *c_char, keyPrefix: *c_char, secmodName: *c_char, initStrings: *c_void, flags: c_uint) -> *c_void)
+externfn!(fn NSS_ShutdownContext(ctx: *c_void))
+externfn!(fn SECMOD_DestroyModule(module: *SECMODModule))
 externfn!(fn SECMOD_LoadUserModule(moduleSpec: *c_char, parent: *SECMODModule, recurse: PRBool) -> *SECMODModule)
+externfn!(fn PR_OpenTCPSocket(af: c_int) -> *c_void)

src/libnss/lib.rs

@@ -1,26 +1,66 @@
+#[feature(struct_variant)];
 #[link(name = "nss", vers = "0.0")]
 
 use std::os;
 use std::ptr;
-use ffi::{NSS_Init, SECStatus, SECMOD_LoadUserModule, PRTrue, PRFalse, SECFailure, SECSuccess};
+use std::rt::io::net::ip::{SocketAddr};
+use ffi::{NSS_InitContext, SECStatus, SECMOD_LoadUserModule, PRTrue, PRFalse, 
+          SECFailure, SECSuccess, PR_OpenTCPSocket, PR_AF_INET, SECMOD_DestroyModule,
+          NSS_ShutdownContext, SECMODModule, NSS_INIT_READONLY, NSS_INIT_PK11RELOAD};
+use std::libc::{c_void};
+use std::default::Default;
 
 #[cfg(test)]
 mod tests;
 
 mod ffi;
 
-pub fn init() -> SECStatus {
+pub struct NSS { 
+
+    nss_ctx: Option<*c_void>,
+    nss_cert_mod: Option<SECMODModule>,
+
+}
+
+impl NSS {
+
+pub fn new() -> NSS {
+ NSS { nss_ctx: None, nss_cert_mod: None }
+}
+
+pub fn init(&mut self) -> SECStatus {
+  
+  info!("NSS Init - Context: {}", self.nss_ctx.is_none());
+  if(self.nss_ctx.is_none()) { return SECSuccess; }
   let dir = format!("sql:{}/.pki/nssdb", os::getenv("HOME").unwrap_or(~""));
-  dir.with_c_str(|nssdb| unsafe { NSS_Init(nssdb) });
-
-  unsafe { 
-      let module = *SECMOD_LoadUserModule("library=libnssckbi.so name=\"Root Certs\"".to_c_str().unwrap(),  ptr::null(), PRFalse);
-      if(module.loaded != PRTrue)
-      {
-        return SECFailure;
-      }
-      
-     SECSuccess
+  dir.with_c_str(|nssdb| self.nss_ctx = Some(unsafe { NSS_InitContext(nssdb, ptr::null(), ptr::null(), ptr::null(), ptr::null(), NSS_INIT_READONLY | NSS_INIT_PK11RELOAD) }));
+
+  self.nss_cert_mod = Some(unsafe { *SECMOD_LoadUserModule("library=libnssckbi.so name=\"Root Certs\"".to_c_str().unwrap(),  ptr::null(), PRFalse)});
+  if(self.nss_cert_mod.unwrap().loaded != PRTrue)
+  {
+     return SECFailure;
   }
+  
+  SECSuccess
+}
+
+pub fn uninit(&mut self) -> SECStatus {
+    if(self.nss_ctx.is_none()) { return SECSuccess; }
+    unsafe {
+    SECMOD_DestroyModule(&self.nss_cert_mod.unwrap());
+    NSS_ShutdownContext(self.nss_ctx.unwrap());
+    }
+    self.nss_ctx = None;
+    SECSuccess
+}
+
+}
+
+
+
+
+pub fn ssl_connect(addr: SocketAddr)
+{
+   let socket = unsafe { PR_OpenTCPSocket(PR_AF_INET) };
 }
 

src/libnss/tests.rs

@@ -1,7 +1,17 @@
 use ffi::SECSuccess;
-use super::init;
+use std::rt::io::net::ip::{SocketAddr, Ipv4Addr};
+use super::{ssl_connect, NSS};
 
 #[test]
 fn test_init() {
-   assert_eq!(init(), SECSuccess);
+   let mut nss = NSS::new();
+   assert_eq!(nss.init(), SECSuccess);
+   nss.uninit();
+}
+
+#[test]
+fn test_ssl_connect(){
+    let mut nss = NSS::new();
+    nss.init();
+//    ssl_connect(SocketAddr { ip: Ipv4Addr(127, 0, 0, 1), port: 443 });
 }