Chromium Code Reviews Chromium Code Reviews
Issue 6580058:
NSS: Unlock crypto devices when populating cert manager. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_database.h" | 5 #include "net/base/cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 111 CryptoModule* CertDatabase::GetDefaultModule() const { | 111 CryptoModule* CertDatabase::GetDefaultModule() const { |
| 112 CryptoModule* module = | 112 CryptoModule* module = |
| 113 CryptoModule::CreateFromHandle(base::GetDefaultNSSKeySlot()); | 113 CryptoModule::CreateFromHandle(base::GetDefaultNSSKeySlot()); |
| 114 // The module is already referenced when returned from GetDefaultNSSKeymodule, | 114 // The module is already referenced when returned from GetDefaultNSSKeymodule, |
| 115 // so we need to deref it once. | 115 // so we need to deref it once. |
| 116 PK11_FreeSlot(module->os_module_handle()); | 116 PK11_FreeSlot(module->os_module_handle()); |
| 117 | 117 |
| 118 return module; | 118 return module; |
| 119 } | 119 } |
| 120 | 120 |
| 121 void CertDatabase::ListModules(CryptoModuleList* modules, bool need_rw) const { | |
| 122 modules->clear(); | |
| 123 | |
| 124 PK11SlotList* slot_list = NULL; | |
| 125 slot_list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, | |
| 126 need_rw ? PR_TRUE : PR_FALSE, // needRW | |
| 127 PR_TRUE, // loadCerts (unused) | |
| 128 NULL); // wincx | |
|
wtc
2011/03/02 03:33:28
Please make sure it's OK to pass NULL as the wincx
mattm
2011/03/05 02:16:32
Just double-checked. It's only used if PK11_SetIs
| |
| 129 if (!slot_list) { | |
| 130 LOG(ERROR) << "PK11_GetAllTokens failed: " << PORT_GetError(); | |
| 131 return; | |
| 132 } | |
| 133 | |
| 134 PK11SlotListElement* slot_element = PK11_GetFirstSafe(slot_list); | |
| 135 while (slot_element) { | |
| 136 modules->push_back(CryptoModule::CreateFromHandle(slot_element->slot)); | |
| 137 slot_element = PK11_GetNextSafe(slot_list, slot_element, | |
| 138 PR_FALSE); // restart | |
| 139 } | |
| 140 | |
| 141 PK11_FreeSlotList(slot_list); | |
| 142 } | |
| 143 | |
| 121 int CertDatabase::ImportFromPKCS12( | 144 int CertDatabase::ImportFromPKCS12( |
| 122 net::CryptoModule* module, | 145 net::CryptoModule* module, |
| 123 const std::string& data, | 146 const std::string& data, |
| 124 const string16& password) { | 147 const string16& password) { |
| 125 return psm::nsPKCS12Blob_Import(module->os_module_handle(), | 148 return psm::nsPKCS12Blob_Import(module->os_module_handle(), |
| 126 data.data(), data.size(), | 149 data.data(), data.size(), |
| 127 password); | 150 password); |
| 128 } | 151 } |
| 129 | 152 |
| 130 int CertDatabase::ExportToPKCS12( | 153 int CertDatabase::ExportToPKCS12( |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 219 } | 242 } |
| 220 return true; | 243 return true; |
| 221 } | 244 } |
| 222 | 245 |
| 223 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { | 246 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { |
| 224 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 247 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 225 return slot && PK11_IsReadOnly(slot); | 248 return slot && PK11_IsReadOnly(slot); |
| 226 } | 249 } |
| 227 | 250 |
| 228 } // namespace net | 251 } // namespace net |
| OLD | NEW |
