| Index: chrome/browser/chromeos/cros/onc_network_parser.cc
|
| diff --git a/chrome/browser/chromeos/cros/onc_network_parser.cc b/chrome/browser/chromeos/cros/onc_network_parser.cc
|
| index 25dea7f99940936ff2264bcc2ac4a5b0dd9733d2..86083ee84340bd60b8516ca03080346dc216b816 100644
|
| --- a/chrome/browser/chromeos/cros/onc_network_parser.cc
|
| +++ b/chrome/browser/chromeos/cros/onc_network_parser.cc
|
| @@ -28,9 +28,9 @@
|
| #include "crypto/scoped_nss_types.h"
|
| #include "crypto/symmetric_key.h"
|
| #include "grit/generated_resources.h"
|
| -#include "net/base/cert_database.h"
|
| #include "net/base/crypto_module.h"
|
| #include "net/base/net_errors.h"
|
| +#include "net/base/nss_cert_database.h"
|
| #include "net/base/pem_tokenizer.h"
|
| #include "net/base/x509_certificate.h"
|
| #include "net/proxy/proxy_bypass_rules.h"
|
| @@ -526,7 +526,6 @@ scoped_refptr<net::X509Certificate> OncNetworkParser::ParseCertificate(
|
| if (!certificate->GetBoolean("Remove", &remove))
|
| remove = false;
|
|
|
| - net::CertDatabase cert_database;
|
| if (remove) {
|
| if (!DeleteCertAndKeyByNickname(guid)) {
|
| parse_error_ = l10n_util::GetStringUTF8(
|
| @@ -930,9 +929,9 @@ OncNetworkParser::ParseServerOrCaCertificate(
|
| // TODO(mnissler, gspencer): We should probably switch to a mode where we
|
| // keep our own database for mapping GUIDs to certs in order to enable several
|
| // GUIDs to map to the same cert. See http://crosbug.com/26073.
|
| - net::CertDatabase cert_database;
|
| + net::NSSCertDatabase* cert_database = net::NSSCertDatabase::GetInstance();
|
| if (x509_cert->os_cert_handle()->isperm) {
|
| - if (!cert_database.DeleteCertAndKey(x509_cert.get())) {
|
| + if (!cert_database->DeleteCertAndKey(x509_cert.get())) {
|
| parse_error_ = l10n_util::GetStringUTF8(
|
| IDS_NETWORK_CONFIG_ERROR_CERT_DELETE);
|
| return NULL;
|
| @@ -967,15 +966,15 @@ OncNetworkParser::ParseServerOrCaCertificate(
|
|
|
| net::CertificateList cert_list;
|
| cert_list.push_back(x509_cert);
|
| - net::CertDatabase::ImportCertFailureList failures;
|
| + net::NSSCertDatabase::ImportCertFailureList failures;
|
| bool success = false;
|
| - net::CertDatabase::TrustBits trust = web_trust ?
|
| - net::CertDatabase::TRUSTED_SSL :
|
| - net::CertDatabase::TRUST_DEFAULT;
|
| + net::NSSCertDatabase::TrustBits trust = web_trust ?
|
| + net::NSSCertDatabase::TRUSTED_SSL :
|
| + net::NSSCertDatabase::TRUST_DEFAULT;
|
| if (cert_type == "Server") {
|
| - success = cert_database.ImportServerCert(cert_list, trust, &failures);
|
| + success = cert_database->ImportServerCert(cert_list, trust, &failures);
|
| } else { // Authority cert
|
| - success = cert_database.ImportCACerts(cert_list, trust, &failures);
|
| + success = cert_database->ImportCACerts(cert_list, trust, &failures);
|
| }
|
| if (!failures.empty()) {
|
| LOG(WARNING) << "ONC File: Error ("
|
| @@ -1003,7 +1002,6 @@ scoped_refptr<net::X509Certificate> OncNetworkParser::ParseClientCertificate(
|
| int cert_index,
|
| const std::string& guid,
|
| base::DictionaryValue* certificate) {
|
| - net::CertDatabase cert_database;
|
| std::string pkcs12_data;
|
| if (!certificate->GetString("PKCS12", &pkcs12_data) ||
|
| pkcs12_data.empty()) {
|
| @@ -1024,10 +1022,11 @@ scoped_refptr<net::X509Certificate> OncNetworkParser::ParseClientCertificate(
|
| }
|
|
|
| // Since this has a private key, always use the private module.
|
| - scoped_refptr<net::CryptoModule> module(cert_database.GetPrivateModule());
|
| + net::NSSCertDatabase* cert_database = net::NSSCertDatabase::GetInstance();
|
| + scoped_refptr<net::CryptoModule> module(cert_database->GetPrivateModule());
|
| net::CertificateList imported_certs;
|
|
|
| - int result = cert_database.ImportFromPKCS12(
|
| + int result = cert_database->ImportFromPKCS12(
|
| module.get(), decoded_pkcs12, string16(), false, &imported_certs);
|
| if (result != net::OK) {
|
| LOG(WARNING) << "ONC File: Unable to import Client certificate at index "
|
| @@ -1088,8 +1087,7 @@ ClientCertType OncNetworkParser::ParseClientCertType(
|
| void OncNetworkParser::ListCertsWithNickname(const std::string& label,
|
| net::CertificateList* result) {
|
| net::CertificateList all_certs;
|
| - net::CertDatabase cert_db;
|
| - cert_db.ListCerts(&all_certs);
|
| + net::NSSCertDatabase::GetInstance()->ListCerts(&all_certs);
|
| result->clear();
|
| for (net::CertificateList::iterator iter = all_certs.begin();
|
| iter != all_certs.end(); ++iter) {
|
| @@ -1127,7 +1125,6 @@ void OncNetworkParser::ListCertsWithNickname(const std::string& label,
|
| bool OncNetworkParser::DeleteCertAndKeyByNickname(const std::string& label) {
|
| net::CertificateList cert_list;
|
| ListCertsWithNickname(label, &cert_list);
|
| - net::CertDatabase cert_db;
|
| bool result = true;
|
| for (net::CertificateList::iterator iter = cert_list.begin();
|
| iter != cert_list.end(); ++iter) {
|
| @@ -1138,7 +1135,7 @@ bool OncNetworkParser::DeleteCertAndKeyByNickname(const std::string& label) {
|
| // label, and the cert not being found is one of the few reasons the
|
| // delete could fail, but still... The other choice is to return
|
| // failure immediately, but that doesn't seem to do what is intended.
|
| - if (!cert_db.DeleteCertAndKey(iter->get()))
|
| + if (!net::NSSCertDatabase::GetInstance()->DeleteCertAndKey(iter->get()))
|
| result = false;
|
| }
|
| return result;
|
|
|
Chromium Code Reviews
Issue 10916094:
Move the NSS functions out of CertDatabase into a new NSSCertDatabase class. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src