Chromium Code Reviews Chromium Code Reviews
Issue 8566056:
This applies GUIDs to certificate and key nicknames when (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_database.h" | 5 #include "net/base/cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| 11 #include <secmod.h> | 11 #include <secmod.h> |
| 12 | 12 |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "crypto/nss_util.h" | 15 #include "crypto/nss_util.h" |
| 16 #include "crypto/nss_util_internal.h" | 16 #include "crypto/nss_util_internal.h" |
| 17 #include "net/base/crypto_module.h" | 17 #include "net/base/crypto_module.h" |
| 18 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 19 #include "net/base/x509_certificate.h" | 19 #include "net/base/x509_certificate.h" |
| 20 #include "net/base/x509_util_nss.h" | |
| 20 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 21 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
| 21 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" | 22 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" |
| 22 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 23 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
| 23 | 24 |
| 24 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use | 25 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use |
| 25 // the new name of the macro. | 26 // the new name of the macro. |
| 26 #if !defined(CERTDB_TERMINAL_RECORD) | 27 #if !defined(CERTDB_TERMINAL_RECORD) |
| 27 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER | 28 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER |
| 28 #endif | 29 #endif |
| 29 | 30 |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 59 PK11_FreeSlot(slot); | 60 PK11_FreeSlot(slot); |
| 60 | 61 |
| 61 return OK; | 62 return OK; |
| 62 } | 63 } |
| 63 | 64 |
| 64 int CertDatabase::AddUserCert(X509Certificate* cert_obj) { | 65 int CertDatabase::AddUserCert(X509Certificate* cert_obj) { |
| 65 CERTCertificate* cert = cert_obj->os_cert_handle(); | 66 CERTCertificate* cert = cert_obj->os_cert_handle(); |
| 66 PK11SlotInfo* slot = NULL; | 67 PK11SlotInfo* slot = NULL; |
| 67 std::string nickname; | 68 std::string nickname; |
| 68 | 69 |
| 69 // Create a nickname for this certificate. | |
| 70 // We use the scheme used by Firefox: | |
| 71 // --> <subject's common name>'s <issuer's common name> ID. | |
| 72 | |
| 73 std::string username, ca_name; | |
| 74 char* temp_username = CERT_GetCommonName(&cert->subject); | |
| 75 char* temp_ca_name = CERT_GetCommonName(&cert->issuer); | |
| 76 if (temp_username) { | |
| 77 username = temp_username; | |
| 78 PORT_Free(temp_username); | |
| 79 } | |
| 80 if (temp_ca_name) { | |
| 81 ca_name = temp_ca_name; | |
| 82 PORT_Free(temp_ca_name); | |
| 83 } | |
| 84 nickname = username + "'s " + ca_name + " ID"; | |
| 85 | |
| 86 { | 70 { |
| 87 crypto::AutoNSSWriteLock lock; | 71 crypto::AutoNSSWriteLock lock; |
| 88 slot = PK11_ImportCertForKey(cert, | 72 slot = PK11_ImportCertForKey( |
|
wtc
2011/12/08 00:07:43
Please add a CHECK (non-debug assertion) here to a
Greg Spencer (Chromium)
2011/12/09 18:51:38
Now that we are supplying the cert type to GetDefa
| |
| 89 const_cast<char*>(nickname.c_str()), | 73 cert, |
| 90 NULL); | 74 x509_util::GetDefaultCertificateLabel(cert_obj).c_str(), |
| 75 NULL); | |
| 91 } | 76 } |
| 92 | 77 |
| 93 if (!slot) { | 78 if (!slot) { |
| 94 LOG(ERROR) << "Couldn't import user certificate."; | 79 LOG(ERROR) << "Couldn't import user certificate."; |
| 95 return ERR_ADD_USER_CERT_FAILED; | 80 return ERR_ADD_USER_CERT_FAILED; |
| 96 } | 81 } |
| 97 PK11_FreeSlot(slot); | 82 PK11_FreeSlot(slot); |
| 98 CertDatabase::NotifyObserversOfUserCertAdded(cert_obj); | 83 CertDatabase::NotifyObserversOfUserCertAdded(cert_obj); |
| 99 return OK; | 84 return OK; |
| 100 } | 85 } |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 154 PR_FALSE); // restart | 139 PR_FALSE); // restart |
| 155 } | 140 } |
| 156 | 141 |
| 157 PK11_FreeSlotList(slot_list); | 142 PK11_FreeSlotList(slot_list); |
| 158 } | 143 } |
| 159 | 144 |
| 160 int CertDatabase::ImportFromPKCS12( | 145 int CertDatabase::ImportFromPKCS12( |
| 161 CryptoModule* module, | 146 CryptoModule* module, |
| 162 const std::string& data, | 147 const std::string& data, |
| 163 const string16& password, | 148 const string16& password, |
| 164 bool is_extractable) { | 149 bool is_extractable, |
| 150 net::CertificateList* imported_certs) { | |
| 165 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), | 151 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), |
| 166 data.data(), data.size(), | 152 data.data(), data.size(), |
| 167 password, | 153 password, |
| 168 is_extractable); | 154 is_extractable, |
| 155 imported_certs); | |
| 169 if (result == net::OK) | 156 if (result == net::OK) |
| 170 CertDatabase::NotifyObserversOfUserCertAdded(NULL); | 157 CertDatabase::NotifyObserversOfUserCertAdded(NULL); |
| 171 | 158 |
| 172 return result; | 159 return result; |
| 173 } | 160 } |
| 174 | 161 |
| 175 int CertDatabase::ExportToPKCS12( | 162 int CertDatabase::ExportToPKCS12( |
| 176 const CertificateList& certs, | 163 const CertificateList& certs, |
| 177 const string16& password, | 164 const string16& password, |
| 178 std::string* output) const { | 165 std::string* output) const { |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 321 } | 308 } |
| 322 } else { | 309 } else { |
| 323 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 310 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
| 324 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 311 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
| 325 return false; | 312 return false; |
| 326 } | 313 } |
| 327 } | 314 } |
| 328 return true; | 315 return true; |
| 329 } | 316 } |
| 330 | 317 |
| 331 bool CertDatabase::DeleteCertAndKeyByLabel(const std::string& label) { | |
| 332 // TODO(gspencer):Find the certificate with the given CKA_LABEL | |
| 333 // (nickname), and delete it. | |
| 334 NOTIMPLEMENTED(); | |
| 335 return false; | |
| 336 } | |
| 337 | |
| 338 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { | 318 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { |
| 339 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 319 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 340 return slot && PK11_IsReadOnly(slot); | 320 return slot && PK11_IsReadOnly(slot); |
| 341 } | 321 } |
| 342 | 322 |
| 343 } // namespace net | 323 } // namespace net |
| OLD | NEW |
