| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_database.h" | 5 #include "net/base/cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 59 PK11_FreeSlot(slot); | 59 PK11_FreeSlot(slot); |
| 60 | 60 |
| 61 return OK; | 61 return OK; |
| 62 } | 62 } |
| 63 | 63 |
| 64 int CertDatabase::AddUserCert(X509Certificate* cert_obj) { | 64 int CertDatabase::AddUserCert(X509Certificate* cert_obj) { |
| 65 CERTCertificate* cert = cert_obj->os_cert_handle(); | 65 CERTCertificate* cert = cert_obj->os_cert_handle(); |
| 66 PK11SlotInfo* slot = NULL; | 66 PK11SlotInfo* slot = NULL; |
| 67 std::string nickname; | 67 std::string nickname; |
| 68 | 68 |
| 69 // Create a nickname for this certificate. | |
| 70 // We use the scheme used by Firefox: | |
| 71 // --> <subject's common name>'s <issuer's common name> ID. | |
| 72 | |
| 73 std::string username, ca_name; | |
| 74 char* temp_username = CERT_GetCommonName(&cert->subject); | |
| 75 char* temp_ca_name = CERT_GetCommonName(&cert->issuer); | |
| 76 if (temp_username) { | |
| 77 username = temp_username; | |
| 78 PORT_Free(temp_username); | |
| 79 } | |
| 80 if (temp_ca_name) { | |
| 81 ca_name = temp_ca_name; | |
| 82 PORT_Free(temp_ca_name); | |
| 83 } | |
| 84 nickname = username + "'s " + ca_name + " ID"; | |
| 85 | |
| 86 { | 69 { |
| 87 crypto::AutoNSSWriteLock lock; | 70 crypto::AutoNSSWriteLock lock; |
| 88 slot = PK11_ImportCertForKey(cert, | 71 slot = PK11_ImportCertForKey(cert, |
| 89 const_cast<char*>(nickname.c_str()), | 72 cert_obj->GetLabel().c_str(), |
| 90 NULL); | 73 NULL); |
| 91 } | 74 } |
| 92 | 75 |
| 93 if (!slot) { | 76 if (!slot) { |
| 94 LOG(ERROR) << "Couldn't import user certificate."; | 77 LOG(ERROR) << "Couldn't import user certificate."; |
| 95 return ERR_ADD_USER_CERT_FAILED; | 78 return ERR_ADD_USER_CERT_FAILED; |
| 96 } | 79 } |
| 97 PK11_FreeSlot(slot); | 80 PK11_FreeSlot(slot); |
| 98 CertDatabase::NotifyObserversOfUserCertAdded(cert_obj); | 81 CertDatabase::NotifyObserversOfUserCertAdded(cert_obj); |
| 99 return OK; | 82 return OK; |
| 100 } | 83 } |
| 101 | 84 |
| 102 void CertDatabase::ListCerts(CertificateList* certs) { | 85 void CertDatabase::ListCerts(CertificateList* certs) { |
| 103 certs->clear(); | 86 certs->clear(); |
| 104 | 87 |
| 105 CERTCertList* cert_list = PK11_ListCerts(PK11CertListUnique, NULL); | 88 CERTCertList* cert_list = PK11_ListCerts(PK11CertListUnique, NULL); |
| 106 CERTCertListNode* node; | 89 CERTCertListNode* node; |
| 107 for (node = CERT_LIST_HEAD(cert_list); | 90 for (node = CERT_LIST_HEAD(cert_list); |
| 108 !CERT_LIST_END(node, cert_list); | 91 !CERT_LIST_END(node, cert_list); |
| 109 node = CERT_LIST_NEXT(node)) { | 92 node = CERT_LIST_NEXT(node)) { |
| 110 certs->push_back(X509Certificate::CreateFromHandle( | 93 certs->push_back(X509Certificate::CreateFromHandle( |
| 111 node->cert, X509Certificate::OSCertHandles())); | 94 node->cert, X509Certificate::OSCertHandles())); |
| 112 } | 95 } |
| 113 CERT_DestroyCertList(cert_list); | 96 CERT_DestroyCertList(cert_list); |
| 114 } | 97 } |
| 115 | 98 |
| 99 void CertDatabase::ListCertsWithLabel(const std::string& label, |
| 100 CertificateList* certs) { |
| 101 ListCerts(certs); |
| 102 CertificateList new_list; |
| 103 for (CertificateList::iterator iter = certs->begin(); |
| 104 iter != certs->end(); ++iter) { |
| 105 if (iter->get()->GetLabel().find(label) != std::string::npos) |
| 106 new_list.push_back(*iter); |
| 107 } |
| 108 certs->swap(new_list); |
| 109 } |
| 110 |
| 116 CryptoModule* CertDatabase::GetPublicModule() const { | 111 CryptoModule* CertDatabase::GetPublicModule() const { |
| 117 CryptoModule* module = | 112 CryptoModule* module = |
| 118 CryptoModule::CreateFromHandle(crypto::GetPublicNSSKeySlot()); | 113 CryptoModule::CreateFromHandle(crypto::GetPublicNSSKeySlot()); |
| 119 // The module is already referenced when returned from | 114 // The module is already referenced when returned from |
| 120 // GetPublicNSSKeySlot, so we need to deref it once. | 115 // GetPublicNSSKeySlot, so we need to deref it once. |
| 121 PK11_FreeSlot(module->os_module_handle()); | 116 PK11_FreeSlot(module->os_module_handle()); |
| 122 | 117 |
| 123 return module; | 118 return module; |
| 124 } | 119 } |
| 125 | 120 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 154 PR_FALSE); // restart | 149 PR_FALSE); // restart |
| 155 } | 150 } |
| 156 | 151 |
| 157 PK11_FreeSlotList(slot_list); | 152 PK11_FreeSlotList(slot_list); |
| 158 } | 153 } |
| 159 | 154 |
| 160 int CertDatabase::ImportFromPKCS12( | 155 int CertDatabase::ImportFromPKCS12( |
| 161 CryptoModule* module, | 156 CryptoModule* module, |
| 162 const std::string& data, | 157 const std::string& data, |
| 163 const string16& password, | 158 const string16& password, |
| 164 bool is_extractable) { | 159 bool is_extractable, |
| 160 net::CertificateList* imported_certs) { |
| 165 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), | 161 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), |
| 166 data.data(), data.size(), | 162 data.data(), data.size(), |
| 167 password, | 163 password, |
| 168 is_extractable); | 164 is_extractable, |
| 165 imported_certs); |
| 169 if (result == net::OK) | 166 if (result == net::OK) |
| 170 CertDatabase::NotifyObserversOfUserCertAdded(NULL); | 167 CertDatabase::NotifyObserversOfUserCertAdded(NULL); |
| 171 | 168 |
| 172 return result; | 169 return result; |
| 173 } | 170 } |
| 174 | 171 |
| 175 int CertDatabase::ExportToPKCS12( | 172 int CertDatabase::ExportToPKCS12( |
| 176 const CertificateList& certs, | 173 const CertificateList& certs, |
| 177 const string16& password, | 174 const string16& password, |
| 178 std::string* output) const { | 175 std::string* output) const { |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 334 NOTIMPLEMENTED(); | 331 NOTIMPLEMENTED(); |
| 335 return false; | 332 return false; |
| 336 } | 333 } |
| 337 | 334 |
| 338 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { | 335 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { |
| 339 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 336 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 340 return slot && PK11_IsReadOnly(slot); | 337 return slot && PK11_IsReadOnly(slot); |
| 341 } | 338 } |
| 342 | 339 |
| 343 } // namespace net | 340 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8566056:
This applies GUIDs to certificate and key nicknames when (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src