| Index: net/base/nss_cert_database.cc
|
| diff --git a/net/base/cert_database_nss.cc b/net/base/nss_cert_database.cc
|
| similarity index 74%
|
| rename from net/base/cert_database_nss.cc
|
| rename to net/base/nss_cert_database.cc
|
| index be7ea740268acd17a72c20369c98436e8767675b..b3ee1a7fc18b50dcbe5711a1da3e8a404a7e7afc 100644
|
| --- a/net/base/cert_database_nss.cc
|
| +++ b/net/base/nss_cert_database.cc
|
| @@ -2,7 +2,7 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "net/base/cert_database.h"
|
| +#include "net/base/nss_cert_database.h"
|
|
|
| #include <cert.h>
|
| #include <certdb.h>
|
| @@ -12,8 +12,11 @@
|
|
|
| #include "base/logging.h"
|
| #include "base/memory/scoped_ptr.h"
|
| +#include "base/memory/singleton.h"
|
| +#include "base/observer_list_threadsafe.h"
|
| #include "crypto/nss_util.h"
|
| #include "crypto/nss_util_internal.h"
|
| +#include "net/base/cert_database.h"
|
| #include "net/base/crypto_module.h"
|
| #include "net/base/net_errors.h"
|
| #include "net/base/x509_certificate.h"
|
| @@ -31,10 +34,30 @@ namespace psm = mozilla_security_manager;
|
|
|
| namespace net {
|
|
|
| -CertDatabase::CertDatabase() {
|
| - crypto::EnsureNSSInit();
|
| - psm::EnsurePKCS12Init();
|
| -}
|
| +namespace {
|
| +
|
| +// Notifies registered observers when new user certificates are added to the
|
| +// database.
|
| +class NSSCertDatabaseNotifier {
|
| + public:
|
| + NSSCertDatabaseNotifier()
|
| + : observer_list_(new ObserverListThreadSafe<NSSCertDatabase::Observer>) {}
|
| +
|
| + static NSSCertDatabaseNotifier* GetInstance() {
|
| + return Singleton<NSSCertDatabaseNotifier>::get();
|
| + }
|
| +
|
| + private:
|
| + friend struct DefaultSingletonTraits<NSSCertDatabaseNotifier>;
|
| + friend class net::NSSCertDatabase;
|
| +
|
| + const scoped_refptr<ObserverListThreadSafe<NSSCertDatabase::Observer> >
|
| + observer_list_;
|
| +};
|
| +
|
| +} // namespace
|
| +
|
| +// CertDatabase ----------------------------------------------------------------
|
|
|
| int CertDatabase::CheckUserCert(X509Certificate* cert_obj) {
|
| if (!cert_obj)
|
| @@ -76,11 +99,32 @@ int CertDatabase::AddUserCert(X509Certificate* cert_obj) {
|
| return ERR_ADD_USER_CERT_FAILED;
|
| }
|
| PK11_FreeSlot(slot);
|
| - CertDatabase::NotifyObserversOfUserCertAdded(cert_obj);
|
| + NotifyObserversOfCertAdded(cert_obj);
|
| return OK;
|
| }
|
|
|
| -void CertDatabase::ListCerts(CertificateList* certs) {
|
| +// NSSCertDatabase::ImportCertFailure ------------------------------------------
|
| +
|
| +NSSCertDatabase::ImportCertFailure::ImportCertFailure(
|
| + X509Certificate* cert, int err)
|
| + : certificate(cert),
|
| + net_error(err) {}
|
| +
|
| +NSSCertDatabase::ImportCertFailure::~ImportCertFailure() {}
|
| +
|
| +// NSSCertDatabase -------------------------------------------------------------
|
| +
|
| +NSSCertDatabase::NSSCertDatabase() {
|
| + EnsureInit();
|
| +}
|
| +
|
| +// static
|
| +void NSSCertDatabase::EnsureInit() {
|
| + crypto::EnsureNSSInit();
|
| + psm::EnsurePKCS12Init();
|
| +}
|
| +
|
| +void NSSCertDatabase::ListCerts(CertificateList* certs) {
|
| certs->clear();
|
|
|
| CERTCertList* cert_list = PK11_ListCerts(PK11CertListUnique, NULL);
|
| @@ -94,7 +138,7 @@ void CertDatabase::ListCerts(CertificateList* certs) {
|
| CERT_DestroyCertList(cert_list);
|
| }
|
|
|
| -CryptoModule* CertDatabase::GetPublicModule() const {
|
| +CryptoModule* NSSCertDatabase::GetPublicModule() const {
|
| CryptoModule* module =
|
| CryptoModule::CreateFromHandle(crypto::GetPublicNSSKeySlot());
|
| // The module is already referenced when returned from
|
| @@ -104,7 +148,7 @@ CryptoModule* CertDatabase::GetPublicModule() const {
|
| return module;
|
| }
|
|
|
| -CryptoModule* CertDatabase::GetPrivateModule() const {
|
| +CryptoModule* NSSCertDatabase::GetPrivateModule() const {
|
| CryptoModule* module =
|
| CryptoModule::CreateFromHandle(crypto::GetPrivateNSSKeySlot());
|
| // The module is already referenced when returned from
|
| @@ -114,7 +158,8 @@ CryptoModule* CertDatabase::GetPrivateModule() const {
|
| return module;
|
| }
|
|
|
| -void CertDatabase::ListModules(CryptoModuleList* modules, bool need_rw) const {
|
| +void NSSCertDatabase::ListModules(CryptoModuleList* modules,
|
| + bool need_rw) const {
|
| modules->clear();
|
|
|
| PK11SlotList* slot_list = NULL;
|
| @@ -138,7 +183,7 @@ void CertDatabase::ListModules(CryptoModuleList* modules, bool need_rw) const {
|
| PK11_FreeSlotList(slot_list);
|
| }
|
|
|
| -int CertDatabase::ImportFromPKCS12(
|
| +int NSSCertDatabase::ImportFromPKCS12(
|
| CryptoModule* module,
|
| const std::string& data,
|
| const string16& password,
|
| @@ -150,19 +195,19 @@ int CertDatabase::ImportFromPKCS12(
|
| is_extractable,
|
| imported_certs);
|
| if (result == net::OK)
|
| - CertDatabase::NotifyObserversOfUserCertAdded(NULL);
|
| + NotifyObserversOfCertAdded(NULL);
|
|
|
| return result;
|
| }
|
|
|
| -int CertDatabase::ExportToPKCS12(
|
| +int NSSCertDatabase::ExportToPKCS12(
|
| const CertificateList& certs,
|
| const string16& password,
|
| std::string* output) const {
|
| return psm::nsPKCS12Blob_Export(output, certs, password);
|
| }
|
|
|
| -X509Certificate* CertDatabase::FindRootInList(
|
| +X509Certificate* NSSCertDatabase::FindRootInList(
|
| const CertificateList& certificates) const {
|
| DCHECK_GT(certificates.size(), 0U);
|
|
|
| @@ -185,26 +230,27 @@ X509Certificate* CertDatabase::FindRootInList(
|
| return cert0;
|
| }
|
|
|
| -bool CertDatabase::ImportCACerts(const CertificateList& certificates,
|
| - TrustBits trust_bits,
|
| - ImportCertFailureList* not_imported) {
|
| +bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates,
|
| + TrustBits trust_bits,
|
| + ImportCertFailureList* not_imported) {
|
| X509Certificate* root = FindRootInList(certificates);
|
| bool success = psm::ImportCACerts(certificates, root, trust_bits,
|
| not_imported);
|
| if (success)
|
| - CertDatabase::NotifyObserversOfCertTrustChanged(NULL);
|
| + NotifyObserversOfCertTrustChanged(NULL);
|
|
|
| return success;
|
| }
|
|
|
| -bool CertDatabase::ImportServerCert(const CertificateList& certificates,
|
| - TrustBits trust_bits,
|
| - ImportCertFailureList* not_imported) {
|
| +bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates,
|
| + TrustBits trust_bits,
|
| + ImportCertFailureList* not_imported) {
|
| return psm::ImportServerCert(certificates, trust_bits, not_imported);
|
| }
|
|
|
| -CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
|
| - CertType type) const {
|
| +NSSCertDatabase::TrustBits NSSCertDatabase::GetCertTrust(
|
| + const X509Certificate* cert,
|
| + CertType type) const {
|
| CERTCertTrust trust;
|
| SECStatus srv = CERT_GetCertTrust(cert->os_cert_handle(), &trust);
|
| if (srv != SECSuccess) {
|
| @@ -249,7 +295,7 @@ CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
|
| }
|
| }
|
|
|
| -bool CertDatabase::IsUntrusted(const X509Certificate* cert) const {
|
| +bool NSSCertDatabase::IsUntrusted(const X509Certificate* cert) const {
|
| CERTCertTrust nsstrust;
|
| SECStatus rv = CERT_GetCertTrust(cert->os_cert_handle(), &nsstrust);
|
| if (rv != SECSuccess) {
|
| @@ -302,17 +348,17 @@ bool CertDatabase::IsUntrusted(const X509Certificate* cert) const {
|
| return false;
|
| }
|
|
|
| -bool CertDatabase::SetCertTrust(const X509Certificate* cert,
|
| +bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert,
|
| CertType type,
|
| TrustBits trust_bits) {
|
| bool success = psm::SetCertTrust(cert, type, trust_bits);
|
| if (success)
|
| - CertDatabase::NotifyObserversOfCertTrustChanged(cert);
|
| + NotifyObserversOfCertTrustChanged(cert);
|
|
|
| return success;
|
| }
|
|
|
| -bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
|
| +bool NSSCertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
|
| // For some reason, PK11_DeleteTokenCertAndKey only calls
|
| // SEC_DeletePermCertificate if the private key is found. So, we check
|
| // whether a private key exists before deciding which function to call to
|
| @@ -332,14 +378,40 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
|
| }
|
| }
|
|
|
| - CertDatabase::NotifyObserversOfUserCertRemoved(cert);
|
| + NotifyObserversOfCertRemoved(cert);
|
|
|
| return true;
|
| }
|
|
|
| -bool CertDatabase::IsReadOnly(const X509Certificate* cert) const {
|
| +bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const {
|
| PK11SlotInfo* slot = cert->os_cert_handle()->slot;
|
| return slot && PK11_IsReadOnly(slot);
|
| }
|
|
|
| +void NSSCertDatabase::AddObserver(Observer* observer) {
|
| + NSSCertDatabaseNotifier::GetInstance()->observer_list_->AddObserver(observer);
|
| +}
|
| +
|
| +void NSSCertDatabase::RemoveObserver(Observer* observer) {
|
| + NSSCertDatabaseNotifier::GetInstance()->observer_list_->RemoveObserver(
|
| + observer);
|
| +}
|
| +
|
| +void NSSCertDatabase::NotifyObserversOfCertAdded(const X509Certificate* cert) {
|
| + NSSCertDatabaseNotifier::GetInstance()->observer_list_->Notify(
|
| + &Observer::OnCertAdded, make_scoped_refptr(cert));
|
| +}
|
| +
|
| +void NSSCertDatabase::NotifyObserversOfCertRemoved(
|
| + const X509Certificate* cert) {
|
| + NSSCertDatabaseNotifier::GetInstance()->observer_list_->Notify(
|
| + &Observer::OnCertRemoved, make_scoped_refptr(cert));
|
| +}
|
| +
|
| +void NSSCertDatabase::NotifyObserversOfCertTrustChanged(
|
| + const X509Certificate* cert) {
|
| + NSSCertDatabaseNotifier::GetInstance()->observer_list_->Notify(
|
| + &Observer::OnCertTrustChanged, make_scoped_refptr(cert));
|
| +}
|
| +
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 10916094:
Move the NSS functions out of CertDatabase into a new NSSCertDatabase class. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src