OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/cert_database.h" | 5 #include "net/base/cert_database.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <certdb.h> | 8 #include <certdb.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
11 #include <secmod.h> | 11 #include <secmod.h> |
12 | 12 |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
15 #include "base/nss_util.h" | 15 #include "crypto/nss_util.h" |
16 #include "base/nss_util_internal.h" | 16 #include "crypto/nss_util_internal.h" |
17 #include "net/base/crypto_module.h" | 17 #include "net/base/crypto_module.h" |
18 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
19 #include "net/base/x509_certificate.h" | 19 #include "net/base/x509_certificate.h" |
20 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 20 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
21 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" | 21 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" |
22 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 22 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
23 | 23 |
24 // PSM = Mozilla's Personal Security Manager. | 24 // PSM = Mozilla's Personal Security Manager. |
25 namespace psm = mozilla_security_manager; | 25 namespace psm = mozilla_security_manager; |
26 | 26 |
27 namespace net { | 27 namespace net { |
28 | 28 |
29 CertDatabase::CertDatabase() { | 29 CertDatabase::CertDatabase() { |
30 base::EnsureNSSInit(); | 30 crypto::EnsureNSSInit(); |
31 psm::EnsurePKCS12Init(); | 31 psm::EnsurePKCS12Init(); |
32 } | 32 } |
33 | 33 |
34 int CertDatabase::CheckUserCert(X509Certificate* cert_obj) { | 34 int CertDatabase::CheckUserCert(X509Certificate* cert_obj) { |
35 if (!cert_obj) | 35 if (!cert_obj) |
36 return ERR_CERT_INVALID; | 36 return ERR_CERT_INVALID; |
37 if (cert_obj->HasExpired()) | 37 if (cert_obj->HasExpired()) |
38 return ERR_CERT_DATE_INVALID; | 38 return ERR_CERT_DATE_INVALID; |
39 | 39 |
40 // Check if the private key corresponding to the certificate exist | 40 // Check if the private key corresponding to the certificate exist |
(...skipping 30 matching lines...) Expand all Loading... |
71 username = temp_username; | 71 username = temp_username; |
72 PORT_Free(temp_username); | 72 PORT_Free(temp_username); |
73 } | 73 } |
74 if (temp_ca_name) { | 74 if (temp_ca_name) { |
75 ca_name = temp_ca_name; | 75 ca_name = temp_ca_name; |
76 PORT_Free(temp_ca_name); | 76 PORT_Free(temp_ca_name); |
77 } | 77 } |
78 nickname = username + "'s " + ca_name + " ID"; | 78 nickname = username + "'s " + ca_name + " ID"; |
79 | 79 |
80 { | 80 { |
81 base::AutoNSSWriteLock lock; | 81 crypto::AutoNSSWriteLock lock; |
82 slot = PK11_ImportCertForKey(cert, | 82 slot = PK11_ImportCertForKey(cert, |
83 const_cast<char*>(nickname.c_str()), | 83 const_cast<char*>(nickname.c_str()), |
84 NULL); | 84 NULL); |
85 } | 85 } |
86 | 86 |
87 if (!slot) { | 87 if (!slot) { |
88 LOG(ERROR) << "Couldn't import user certificate."; | 88 LOG(ERROR) << "Couldn't import user certificate."; |
89 return ERR_ADD_USER_CERT_FAILED; | 89 return ERR_ADD_USER_CERT_FAILED; |
90 } | 90 } |
91 PK11_FreeSlot(slot); | 91 PK11_FreeSlot(slot); |
(...skipping 12 matching lines...) Expand all Loading... |
104 certs->push_back(X509Certificate::CreateFromHandle( | 104 certs->push_back(X509Certificate::CreateFromHandle( |
105 node->cert, | 105 node->cert, |
106 X509Certificate::SOURCE_LONE_CERT_IMPORT, | 106 X509Certificate::SOURCE_LONE_CERT_IMPORT, |
107 X509Certificate::OSCertHandles())); | 107 X509Certificate::OSCertHandles())); |
108 } | 108 } |
109 CERT_DestroyCertList(cert_list); | 109 CERT_DestroyCertList(cert_list); |
110 } | 110 } |
111 | 111 |
112 CryptoModule* CertDatabase::GetDefaultModule() const { | 112 CryptoModule* CertDatabase::GetDefaultModule() const { |
113 CryptoModule* module = | 113 CryptoModule* module = |
114 CryptoModule::CreateFromHandle(base::GetDefaultNSSKeySlot()); | 114 CryptoModule::CreateFromHandle(crypto::GetDefaultNSSKeySlot()); |
115 // The module is already referenced when returned from GetDefaultNSSKeymodule, | 115 // The module is already referenced when returned from GetDefaultNSSKeymodule, |
116 // so we need to deref it once. | 116 // so we need to deref it once. |
117 PK11_FreeSlot(module->os_module_handle()); | 117 PK11_FreeSlot(module->os_module_handle()); |
118 | 118 |
119 return module; | 119 return module; |
120 } | 120 } |
121 | 121 |
122 void CertDatabase::ListModules(CryptoModuleList* modules, bool need_rw) const { | 122 void CertDatabase::ListModules(CryptoModuleList* modules, bool need_rw) const { |
123 modules->clear(); | 123 modules->clear(); |
124 | 124 |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
244 } | 244 } |
245 return true; | 245 return true; |
246 } | 246 } |
247 | 247 |
248 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { | 248 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { |
249 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 249 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
250 return slot && PK11_IsReadOnly(slot); | 250 return slot && PK11_IsReadOnly(slot); |
251 } | 251 } |
252 | 252 |
253 } // namespace net | 253 } // namespace net |
OLD | NEW |