chrome/browser/ui/pk11_password_dialog_nss.cc - Issue 5686002: NSS: PKCS 11 password prompt.

Side by Side Diff: chrome/browser/ui/pk11_password_dialog_nss.cc

Issue 5686002: NSS: PKCS 11 password prompt. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 10 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/ui/pk11_password_dialog.h"

	6

	7 #include <pk11pub.h>

	8

	9 #include "base/logging.h"

	10 #include "chrome/browser/browser_thread.h"

	11 #include "net/base/pk11_slot.h"

	12 #include "net/base/x509_certificate.h"

	13

	14 namespace {

	15

	16 // Basically an asynchronous implementation of NSS's PK11_DoPassword.
	wtc 2010/12/15 20:54:36 Please note that we're missing a side effect of PK Please note that we're missing a side effect of PK11_DoPassword: the nssTrustDomain_UpdateCachedTokenCerts call for an "unfriendly" slot: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/pk11wrap... This may or may not matter. mattm 2011/01/12 01:22:07 Added a note. Show quoted text On 2010/12/15 20:54:36, wtc wrote: > Please note that we're missing a side effect of PK11_DoPassword: the > nssTrustDomain_UpdateCachedTokenCerts > call for an "unfriendly" slot: > http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/pk11wrap... > > This may or may not matter. Added a note.
	17 class SlotUnlocker {

	18 public:

	19 SlotUnlocker(net::PK11Slot* slot,

	20 browser::PK11PasswordReason reason,

	21 const std::string& host,

	22 Callback0::Type* callback);

	23

	24 void Start();

	25

	26 private:

	27 void GotPassword(const char* password);

	28 void Done();

	29

	30 scoped_refptr<net::PK11Slot> slot_;

	31 browser::PK11PasswordReason reason_;

	32 std::string host_;

	33 Callback0::Type* callback_;

	34 PRBool retry_;

	35 };

	36

	37 SlotUnlocker::SlotUnlocker(net::PK11Slot* slot,

	38 browser::PK11PasswordReason reason,

	39 const std::string& host,

	40 Callback0::Type* callback)

	41 : slot_(slot),

	42 reason_(reason),

	43 host_(host),

	44 callback_(callback),

	45 retry_(PR_FALSE) {

	46 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

	47 }

	48

	49 void SlotUnlocker::Start() {

	50 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

	51

	52 ShowPK11PasswordDialog(

	53 slot_->GetTokenName(),

	54 retry_,

	55 reason_,

	56 host_,

	57 NewCallback(this, &SlotUnlocker::GotPassword));

	58 }

	59

	60 void SlotUnlocker::GotPassword(const char* password) {

	61 // TODO(mattm): PK11_DoPassword has something about PK11_Global.verifyPass.

	62 // Do we need it?

	63 // http://mxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11auth.c# 577
	Evan Stade 2010/12/10 04:17:04 80 (i think people will still understand the url w 80 (i think people will still understand the url with a line break) mattm 2011/01/12 01:22:07 The style guide has an exception for long urls Show quoted text On 2010/12/10 04:17:04, Evan Stade wrote: > 80 (i think people will still understand the url with a line break) The style guide has an exception for long urls
	64

	65 if (!password) {

	66 // User cancelled entering password. Oh well.

	67 Done();

	68 return;

	69 }

	70

	71 // TODO(mattm): handle protectedAuthPath

	72 SECStatus rv = PK11_CheckUserPassword(slot_->os_slot_handle(),

	73 password);

	74 if (rv == SECWouldBlock) {

	75 // Incorrect password. Try again.

	76 retry_ = PR_TRUE;

	77 Start();

	78 return;

	79 }

	80

	81 // Correct password (SECSuccess) or too many attempts/other failure

	82 // (SECFailure). Either way we're done.

	83 Done();

	84 }

	85

	86 void SlotUnlocker::Done() {

	87 callback_->Run();

	88 delete this;

	89 }

	90

	91 } // namespace

	92

	93 namespace browser {

	94

	95 void UnlockSlotIfNecessary(net::PK11Slot* slot,

	96 browser::PK11PasswordReason reason,

	97 const std::string& host,

	98 Callback0::Type* callback) {

	99 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

	100 if (PK11_NeedLogin(slot->os_slot_handle()) &&

	101 !PK11_IsLoggedIn(slot->os_slot_handle(), NULL)) {
	wtc 2010/12/15 20:54:36 Please add a comment to note that we can pass NULL Please add a comment to note that we can pass NULL as the second (wincx) argument to PK11_IsLoggedIn because we don't call PK11_SetIsLoggedInFunc. That argument is only used by PK11_Global.isLoggedIn. mattm 2011/01/12 01:22:07 Done. Show quoted text On 2010/12/15 20:54:36, wtc wrote: > Please add a comment to note that we can pass NULL as the > second (wincx) argument to PK11_IsLoggedIn because we don't > call PK11_SetIsLoggedInFunc. That argument is only used > by PK11_Global.isLoggedIn. Done.
	102 (new SlotUnlocker(slot, reason, host, callback))->Start();

	103 } else {

	104 callback->Run();

	105 }

	106 }

	107

	108 void UnlockCertSlotIfNecessary(net::X509Certificate* cert,

	109 browser::PK11PasswordReason reason,

	110 const std::string& host,

	111 Callback0::Type* callback) {

	112 scoped_refptr<net::PK11Slot> slot(net::PK11Slot::CreateFromHandle(

	113 cert->os_cert_handle()->slot));

	114 UnlockSlotIfNecessary(slot.get(), reason, host, callback);

	115 }

	116

	117 } // namespace browser

OLD	NEW

« chrome/browser/ui/pk11_password_dialog.h ('K') | « chrome/browser/ui/pk11_password_dialog.h ('k') | chrome/chrome_browser.gypi » ('j') | net/base/cert_database.h » ('J')