Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(291)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_database_nss.cc

Issue 8566056: This applies GUIDs to certificate and key nicknames when (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Final review changes Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_database.h ('k') | net/base/cert_database_nss_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_database.h" 5 #include "net/base/cert_database.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <certdb.h> 8 #include <certdb.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <pk11pub.h> 10 #include <pk11pub.h>
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 PK11_FreeSlot(slot); 59 PK11_FreeSlot(slot);
60 60
61 return OK; 61 return OK;
62 } 62 }
63 63
64 int CertDatabase::AddUserCert(X509Certificate* cert_obj) { 64 int CertDatabase::AddUserCert(X509Certificate* cert_obj) {
65 CERTCertificate* cert = cert_obj->os_cert_handle(); 65 CERTCertificate* cert = cert_obj->os_cert_handle();
66 PK11SlotInfo* slot = NULL; 66 PK11SlotInfo* slot = NULL;
67 std::string nickname; 67 std::string nickname;
68 68
69 // Create a nickname for this certificate.
70 // We use the scheme used by Firefox:
71 // --> <subject's common name>'s <issuer's common name> ID.
72
73 std::string username, ca_name;
74 char* temp_username = CERT_GetCommonName(&cert->subject);
75 char* temp_ca_name = CERT_GetCommonName(&cert->issuer);
76 if (temp_username) {
77 username = temp_username;
78 PORT_Free(temp_username);
79 }
80 if (temp_ca_name) {
81 ca_name = temp_ca_name;
82 PORT_Free(temp_ca_name);
83 }
84 nickname = username + "'s " + ca_name + " ID";
85
86 { 69 {
87 crypto::AutoNSSWriteLock lock; 70 crypto::AutoNSSWriteLock lock;
88 slot = PK11_ImportCertForKey(cert, 71 slot = PK11_ImportCertForKey(
89 const_cast<char*>(nickname.c_str()), 72 cert,
90 NULL); 73 cert_obj->GetDefaultNickname(net::USER_CERT).c_str(),
74 NULL);
91 } 75 }
92 76
93 if (!slot) { 77 if (!slot) {
94 LOG(ERROR) << "Couldn't import user certificate."; 78 LOG(ERROR) << "Couldn't import user certificate.";
95 return ERR_ADD_USER_CERT_FAILED; 79 return ERR_ADD_USER_CERT_FAILED;
96 } 80 }
97 PK11_FreeSlot(slot); 81 PK11_FreeSlot(slot);
98 CertDatabase::NotifyObserversOfUserCertAdded(cert_obj); 82 CertDatabase::NotifyObserversOfUserCertAdded(cert_obj);
99 return OK; 83 return OK;
100 } 84 }
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
154 PR_FALSE); // restart 138 PR_FALSE); // restart
155 } 139 }
156 140
157 PK11_FreeSlotList(slot_list); 141 PK11_FreeSlotList(slot_list);
158 } 142 }
159 143
160 int CertDatabase::ImportFromPKCS12( 144 int CertDatabase::ImportFromPKCS12(
161 CryptoModule* module, 145 CryptoModule* module,
162 const std::string& data, 146 const std::string& data,
163 const string16& password, 147 const string16& password,
164 bool is_extractable) { 148 bool is_extractable,
149 net::CertificateList* imported_certs) {
165 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), 150 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(),
166 data.data(), data.size(), 151 data.data(), data.size(),
167 password, 152 password,
168 is_extractable); 153 is_extractable,
154 imported_certs);
169 if (result == net::OK) 155 if (result == net::OK)
170 CertDatabase::NotifyObserversOfUserCertAdded(NULL); 156 CertDatabase::NotifyObserversOfUserCertAdded(NULL);
171 157
172 return result; 158 return result;
173 } 159 }
174 160
175 int CertDatabase::ExportToPKCS12( 161 int CertDatabase::ExportToPKCS12(
176 const CertificateList& certs, 162 const CertificateList& certs,
177 const string16& password, 163 const string16& password,
178 std::string* output) const { 164 std::string* output) const {
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
321 } 307 }
322 } else { 308 } else {
323 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { 309 if (SEC_DeletePermCertificate(cert->os_cert_handle())) {
324 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); 310 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError();
325 return false; 311 return false;
326 } 312 }
327 } 313 }
328 return true; 314 return true;
329 } 315 }
330 316
331 bool CertDatabase::DeleteCertAndKeyByLabel(const std::string& label) {
332 // TODO(gspencer):Find the certificate with the given CKA_LABEL
333 // (nickname), and delete it.
334 NOTIMPLEMENTED();
335 return false;
336 }
337
338 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { 317 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const {
339 PK11SlotInfo* slot = cert->os_cert_handle()->slot; 318 PK11SlotInfo* slot = cert->os_cert_handle()->slot;
340 return slot && PK11_IsReadOnly(slot); 319 return slot && PK11_IsReadOnly(slot);
341 } 320 }
342 321
343 } // namespace net 322 } // namespace net
OLDNEW
« no previous file with comments | « net/base/cert_database.h ('k') | net/base/cert_database_nss_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698