Chromium Code Reviews Chromium Code Reviews
Issue 5686002:
NSS: PKCS 11 password prompt. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_database.h" | 5 #include "net/base/cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| 11 #include <secmod.h> | 11 #include <secmod.h> |
| 12 | 12 |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/nss_util.h" | 14 #include "base/nss_util.h" |
| 15 #include "base/scoped_ptr.h" | 15 #include "base/scoped_ptr.h" |
| 16 #include "net/base/net_errors.h" | 16 #include "net/base/net_errors.h" |
| 17 #include "net/base/pk11_slot.h" | |
| 17 #include "net/base/x509_certificate.h" | 18 #include "net/base/x509_certificate.h" |
| 18 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 19 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
| 19 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" | 20 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" |
| 20 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 21 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
| 21 | 22 |
| 22 // PSM = Mozilla's Personal Security Manager. | 23 // PSM = Mozilla's Personal Security Manager. |
| 23 namespace psm = mozilla_security_manager; | 24 namespace psm = mozilla_security_manager; |
| 24 | 25 |
| 25 namespace net { | 26 namespace net { |
| 26 | 27 |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 99 !CERT_LIST_END(node, cert_list); | 100 !CERT_LIST_END(node, cert_list); |
| 100 node = CERT_LIST_NEXT(node)) { | 101 node = CERT_LIST_NEXT(node)) { |
| 101 certs->push_back(X509Certificate::CreateFromHandle( | 102 certs->push_back(X509Certificate::CreateFromHandle( |
| 102 node->cert, | 103 node->cert, |
| 103 X509Certificate::SOURCE_LONE_CERT_IMPORT, | 104 X509Certificate::SOURCE_LONE_CERT_IMPORT, |
| 104 X509Certificate::OSCertHandles())); | 105 X509Certificate::OSCertHandles())); |
| 105 } | 106 } |
| 106 CERT_DestroyCertList(cert_list); | 107 CERT_DestroyCertList(cert_list); |
| 107 } | 108 } |
| 108 | 109 |
| 110 void CertDatabase::ListTokensForPKCS12(PK11SlotList* slots) const { | |
| 111 slots->clear(); | |
| 112 | |
| 113 ::PK11SlotList* slot_list = NULL; | |
| 114 slot_list = PK11_GetAllTokens(CKM_RSA_PKCS, | |
|
wtc
2010/12/15 20:54:36
BUG: I think you should pass CKM_INVALID_MECHANISM
mattm
2011/01/12 01:22:07
Done.
| |
| 115 PR_TRUE, // needRW | |
| 116 PR_TRUE, // loadCerts (unused) | |
| 117 NULL); // wincx | |
| 118 | |
| 119 ::PK11SlotListElement* slot_element = PK11_GetFirstSafe(slot_list); | |
| 120 while (slot_element) { | |
| 121 slots->push_back(PK11Slot::CreateFromHandle(slot_element->slot)); | |
| 122 slot_element = PK11_GetNextSafe(slot_list, slot_element, | |
| 123 PR_FALSE); // restart | |
| 124 } | |
| 125 | |
| 126 PK11_FreeSlotList(slot_list); | |
| 127 } | |
| 128 | |
| 109 int CertDatabase::ImportFromPKCS12( | 129 int CertDatabase::ImportFromPKCS12( |
| 110 const std::string& data, const string16& password) { | 130 net::PK11Slot* slot, const std::string& data, const string16& password) { |
|
wtc
2010/12/15 20:54:36
Nit: in this form, we probably should list one par
mattm
2011/01/12 01:22:07
Done.
| |
| 111 return psm::nsPKCS12Blob_Import(data.data(), data.size(), password); | 131 return psm::nsPKCS12Blob_Import(slot->os_slot_handle(), |
| 132 data.data(), data.size(), | |
| 133 password); | |
| 112 } | 134 } |
| 113 | 135 |
| 114 int CertDatabase::ExportToPKCS12( | 136 int CertDatabase::ExportToPKCS12( |
| 115 const CertificateList& certs, | 137 const CertificateList& certs, |
| 116 const string16& password, | 138 const string16& password, |
| 117 std::string* output) const { | 139 std::string* output) const { |
| 118 return psm::nsPKCS12Blob_Export(output, certs, password); | 140 return psm::nsPKCS12Blob_Export(output, certs, password); |
| 119 } | 141 } |
| 120 | 142 |
| 121 X509Certificate* CertDatabase::FindRootInList( | 143 X509Certificate* CertDatabase::FindRootInList( |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 203 } | 225 } |
| 204 return true; | 226 return true; |
| 205 } | 227 } |
| 206 | 228 |
| 207 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { | 229 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { |
| 208 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 230 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 209 return slot && PK11_IsReadOnly(slot); | 231 return slot && PK11_IsReadOnly(slot); |
| 210 } | 232 } |
| 211 | 233 |
| 212 } // namespace net | 234 } // namespace net |
| OLD | NEW |
