OLD | NEW |
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 24 matching lines...) Expand all Loading... |
35 * the terms of any one of the MPL, the GPL or the LGPL. | 35 * the terms of any one of the MPL, the GPL or the LGPL. |
36 * | 36 * |
37 * ***** END LICENSE BLOCK ***** */ | 37 * ***** END LICENSE BLOCK ***** */ |
38 | 38 |
39 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 39 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
40 | 40 |
41 #include <cert.h> | 41 #include <cert.h> |
42 #include <pk11pub.h> | 42 #include <pk11pub.h> |
43 #include <secerr.h> | 43 #include <secerr.h> |
44 | 44 |
45 #include "base/crypto/scoped_nss_types.h" | |
46 #include "base/logging.h" | 45 #include "base/logging.h" |
47 #include "base/nss_util_internal.h" | 46 #include "crypto/nss_util_internal.h" |
| 47 #include "crypto/scoped_nss_types.h" |
48 #include "net/base/net_errors.h" | 48 #include "net/base/net_errors.h" |
49 #include "net/base/x509_certificate.h" | 49 #include "net/base/x509_certificate.h" |
50 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" | 50 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" |
51 | 51 |
52 namespace mozilla_security_manager { | 52 namespace mozilla_security_manager { |
53 | 53 |
54 // Based on nsNSSCertificateDB::handleCACertDownload, minus the UI bits. | 54 // Based on nsNSSCertificateDB::handleCACertDownload, minus the UI bits. |
55 bool ImportCACerts(const net::CertificateList& certificates, | 55 bool ImportCACerts(const net::CertificateList& certificates, |
56 net::X509Certificate* root, | 56 net::X509Certificate* root, |
57 unsigned int trustBits, | 57 unsigned int trustBits, |
58 net::CertDatabase::ImportCertFailureList* not_imported) { | 58 net::CertDatabase::ImportCertFailureList* not_imported) { |
59 base::ScopedPK11Slot slot(base::GetPublicNSSKeySlot()); | 59 crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot()); |
60 if (!slot.get()) { | 60 if (!slot.get()) { |
61 LOG(ERROR) << "Couldn't get internal key slot!"; | 61 LOG(ERROR) << "Couldn't get internal key slot!"; |
62 return false; | 62 return false; |
63 } | 63 } |
64 | 64 |
65 // Mozilla had some code here to check if a perm version of the cert exists | 65 // Mozilla had some code here to check if a perm version of the cert exists |
66 // already and use that, but CERT_NewTempCertificate actually does that | 66 // already and use that, but CERT_NewTempCertificate actually does that |
67 // itself, so we skip it here. | 67 // itself, so we skip it here. |
68 | 68 |
69 if (!CERT_IsCACert(root->os_cert_handle(), NULL)) { | 69 if (!CERT_IsCACert(root->os_cert_handle(), NULL)) { |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
156 } | 156 } |
157 } | 157 } |
158 | 158 |
159 // Any errors importing individual certs will be in listed in |not_imported|. | 159 // Any errors importing individual certs will be in listed in |not_imported|. |
160 return true; | 160 return true; |
161 } | 161 } |
162 | 162 |
163 // Based on nsNSSCertificateDB::ImportServerCertificate. | 163 // Based on nsNSSCertificateDB::ImportServerCertificate. |
164 bool ImportServerCert(const net::CertificateList& certificates, | 164 bool ImportServerCert(const net::CertificateList& certificates, |
165 net::CertDatabase::ImportCertFailureList* not_imported) { | 165 net::CertDatabase::ImportCertFailureList* not_imported) { |
166 base::ScopedPK11Slot slot(base::GetPublicNSSKeySlot()); | 166 crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot()); |
167 if (!slot.get()) { | 167 if (!slot.get()) { |
168 LOG(ERROR) << "Couldn't get internal key slot!"; | 168 LOG(ERROR) << "Couldn't get internal key slot!"; |
169 return false; | 169 return false; |
170 } | 170 } |
171 | 171 |
172 for (size_t i = 0; i < certificates.size(); ++i) { | 172 for (size_t i = 0; i < certificates.size(); ++i) { |
173 const scoped_refptr<net::X509Certificate>& cert = certificates[i]; | 173 const scoped_refptr<net::X509Certificate>& cert = certificates[i]; |
174 | 174 |
175 // Mozilla uses CERT_ImportCerts, which doesn't take a slot arg. We use | 175 // Mozilla uses CERT_ImportCerts, which doesn't take a slot arg. We use |
176 // PK11_ImportCert instead. | 176 // PK11_ImportCert instead. |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
224 } else { | 224 } else { |
225 // ignore user and email/unknown certs | 225 // ignore user and email/unknown certs |
226 return true; | 226 return true; |
227 } | 227 } |
228 if (srv != SECSuccess) | 228 if (srv != SECSuccess) |
229 LOG(ERROR) << "SetCertTrust failed with error " << PORT_GetError(); | 229 LOG(ERROR) << "SetCertTrust failed with error " << PORT_GetError(); |
230 return srv == SECSuccess; | 230 return srv == SECSuccess; |
231 } | 231 } |
232 | 232 |
233 } // namespace mozilla_security_manager | 233 } // namespace mozilla_security_manager |
OLD | NEW |