228881 - Stan's trust domain cert cache does not properly handle tokens that may be logged in automatically.

Status: RESOLVED INACTIVE

(NSS :: Libraries, defect, P5)

Description

[Wan-Teh Chang]

I recently used an HSM that contains two real tokens
and one virtual token.  The virtual token is concentually
the union of the two real tokens and an application
only talks to the virtual token.  In other words, an
application only knows about the virtual token.  However,
NSS still knows about the two real tokens because the
PKCS #11 module returns all three slots, and the
administrative interface of the application may still
need to operate on the real tokens.

When an application logs into the virtual token, the
two real tokens are also logged in automatically.  This
confuses NSS because NSS doesn't know that a token can
be logged in "out of band".  So, the things that NSS
does when it logs into a token will not be done for
these real tokens.  Specifically, PK11_Authenticate on
either of the real token won't call the
PK11_DoPassword:nssTrustDomain_UpdateCachedTokenCerts
sequence.  The result is that the certs in the cache
won't have the instances that live on the real tokens.

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

Isn't the purpose of the virtual token to obviate the physical tokens?  
Isn't the idea that the application deals with the virtual token, and 
ignores the physical tokens, and the virtual token directs activity to 
the virtual tokens as needed?  
If that is so, then why does the application need to concern itself with 
the physical tokens?

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

The bug assignee didn't login in Bugzilla in the last 7 months, so the assignee is being reset.