Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1342)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/nss_cert_database.cc

Issue 111273002: NSSCertDatabaseChromeOS (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: review changes Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/nss_cert_database.h ('k') | net/cert/nss_cert_database_chromeos.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/nss_cert_database.h" 5 #include "net/cert/nss_cert_database.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <certdb.h> 8 #include <certdb.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <pk11pub.h> 10 #include <pk11pub.h>
11 #include <secmod.h> 11 #include <secmod.h>
12 12
13 #include "base/lazy_instance.h"
13 #include "base/logging.h" 14 #include "base/logging.h"
14 #include "base/memory/scoped_ptr.h" 15 #include "base/memory/scoped_ptr.h"
15 #include "base/memory/singleton.h"
16 #include "base/observer_list_threadsafe.h" 16 #include "base/observer_list_threadsafe.h"
17 #include "crypto/nss_util.h" 17 #include "crypto/nss_util.h"
18 #include "crypto/nss_util_internal.h" 18 #include "crypto/nss_util_internal.h"
19 #include "crypto/scoped_nss_types.h" 19 #include "crypto/scoped_nss_types.h"
20 #include "net/base/crypto_module.h" 20 #include "net/base/crypto_module.h"
21 #include "net/base/net_errors.h" 21 #include "net/base/net_errors.h"
22 #include "net/cert/cert_database.h" 22 #include "net/cert/cert_database.h"
23 #include "net/cert/x509_certificate.h" 23 #include "net/cert/x509_certificate.h"
24 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" 24 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
25 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" 25 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h"
26 26
27 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use 27 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use
28 // the new name of the macro. 28 // the new name of the macro.
29 #if !defined(CERTDB_TERMINAL_RECORD) 29 #if !defined(CERTDB_TERMINAL_RECORD)
30 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER 30 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER
31 #endif 31 #endif
32 32
33 // PSM = Mozilla's Personal Security Manager. 33 // PSM = Mozilla's Personal Security Manager.
34 namespace psm = mozilla_security_manager; 34 namespace psm = mozilla_security_manager;
35 35
36 namespace net { 36 namespace net {
37 37
38 namespace {
39
40 base::LazyInstance<NSSCertDatabase>::Leaky
41 g_nss_cert_database = LAZY_INSTANCE_INITIALIZER;
42
43 } // namespace
44
45
38 NSSCertDatabase::ImportCertFailure::ImportCertFailure( 46 NSSCertDatabase::ImportCertFailure::ImportCertFailure(
39 const scoped_refptr<X509Certificate>& cert, 47 const scoped_refptr<X509Certificate>& cert,
40 int err) 48 int err)
41 : certificate(cert), net_error(err) {} 49 : certificate(cert), net_error(err) {}
42 50
43 NSSCertDatabase::ImportCertFailure::~ImportCertFailure() {} 51 NSSCertDatabase::ImportCertFailure::~ImportCertFailure() {}
44 52
45 // static 53 // static
46 NSSCertDatabase* NSSCertDatabase::GetInstance() { 54 NSSCertDatabase* NSSCertDatabase::GetInstance() {
47 return Singleton<NSSCertDatabase, 55 // TODO(mattm): Remove this ifdef guard once the linux impl of
48 LeakySingletonTraits<NSSCertDatabase> >::get(); 56 // GetNSSCertDatabaseForResourceContext does not call GetInstance.
57 #if defined(OS_CHROMEOS)
58 LOG(ERROR) << "NSSCertDatabase::GetInstance() is deprecated."
59 << "See http://crbug.com/329735.";
60 #endif
61 return &g_nss_cert_database.Get();
49 } 62 }
50 63
51 NSSCertDatabase::NSSCertDatabase() 64 NSSCertDatabase::NSSCertDatabase()
52 : observer_list_(new ObserverListThreadSafe<Observer>) { 65 : observer_list_(new ObserverListThreadSafe<Observer>) {
53 crypto::EnsureNSSInit(); 66 // This also makes sure that NSS has been initialized.
67 CertDatabase::GetInstance()->ObserveNSSCertDatabase(this);
68
54 psm::EnsurePKCS12Init(); 69 psm::EnsurePKCS12Init();
55 } 70 }
56 71
57 NSSCertDatabase::~NSSCertDatabase() {} 72 NSSCertDatabase::~NSSCertDatabase() {}
58 73
59 void NSSCertDatabase::ListCerts(CertificateList* certs) { 74 void NSSCertDatabase::ListCerts(CertificateList* certs) {
60 certs->clear(); 75 certs->clear();
61 76
62 CERTCertList* cert_list = PK11_ListCerts(PK11CertListUnique, NULL); 77 CERTCertList* cert_list = PK11_ListCerts(PK11CertListUnique, NULL);
63 CERTCertListNode* node; 78 CERTCertListNode* node;
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
110 PR_FALSE); // restart 125 PR_FALSE); // restart
111 } 126 }
112 } 127 }
113 128
114 int NSSCertDatabase::ImportFromPKCS12( 129 int NSSCertDatabase::ImportFromPKCS12(
115 CryptoModule* module, 130 CryptoModule* module,
116 const std::string& data, 131 const std::string& data,
117 const base::string16& password, 132 const base::string16& password,
118 bool is_extractable, 133 bool is_extractable,
119 net::CertificateList* imported_certs) { 134 net::CertificateList* imported_certs) {
135 DVLOG(1) << __func__ << " "
136 << PK11_GetModuleID(module->os_module_handle()) << ":"
137 << PK11_GetSlotID(module->os_module_handle());
120 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), 138 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(),
121 data.data(), data.size(), 139 data.data(), data.size(),
122 password, 140 password,
123 is_extractable, 141 is_extractable,
124 imported_certs); 142 imported_certs);
125 if (result == net::OK) 143 if (result == net::OK)
126 NotifyObserversOfCertAdded(NULL); 144 NotifyObserversOfCertAdded(NULL);
127 145
128 return result; 146 return result;
129 } 147 }
(...skipping 17 matching lines...) Expand all
147 X509Certificate* certn_2 = certificates[certificates.size() - 2].get(); 165 X509Certificate* certn_2 = certificates[certificates.size() - 2].get();
148 X509Certificate* certn_1 = certificates[certificates.size() - 1].get(); 166 X509Certificate* certn_1 = certificates[certificates.size() - 1].get();
149 167
150 if (CERT_CompareName(&cert1->os_cert_handle()->issuer, 168 if (CERT_CompareName(&cert1->os_cert_handle()->issuer,
151 &cert0->os_cert_handle()->subject) == SECEqual) 169 &cert0->os_cert_handle()->subject) == SECEqual)
152 return cert0; 170 return cert0;
153 if (CERT_CompareName(&certn_2->os_cert_handle()->issuer, 171 if (CERT_CompareName(&certn_2->os_cert_handle()->issuer,
154 &certn_1->os_cert_handle()->subject) == SECEqual) 172 &certn_1->os_cert_handle()->subject) == SECEqual)
155 return certn_1; 173 return certn_1;
156 174
157 VLOG(1) << "certificate list is not a hierarchy"; 175 LOG(WARNING) << "certificate list is not a hierarchy";
158 return cert0; 176 return cert0;
159 } 177 }
160 178
161 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, 179 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates,
162 TrustBits trust_bits, 180 TrustBits trust_bits,
163 ImportCertFailureList* not_imported) { 181 ImportCertFailureList* not_imported) {
164 crypto::ScopedPK11Slot slot(GetPublicSlot()); 182 crypto::ScopedPK11Slot slot(GetPublicSlot());
165 X509Certificate* root = FindRootInList(certificates); 183 X509Certificate* root = FindRootInList(certificates);
166 bool success = psm::ImportCACerts( 184 bool success = psm::ImportCACerts(
167 slot.get(), certificates, root, trust_bits, not_imported); 185 slot.get(), certificates, root, trust_bits, not_imported);
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after
341 observer_list_->Notify(&Observer::OnCertRemoved, make_scoped_refptr(cert)); 359 observer_list_->Notify(&Observer::OnCertRemoved, make_scoped_refptr(cert));
342 } 360 }
343 361
344 void NSSCertDatabase::NotifyObserversOfCACertChanged( 362 void NSSCertDatabase::NotifyObserversOfCACertChanged(
345 const X509Certificate* cert) { 363 const X509Certificate* cert) {
346 observer_list_->Notify( 364 observer_list_->Notify(
347 &Observer::OnCACertChanged, make_scoped_refptr(cert)); 365 &Observer::OnCACertChanged, make_scoped_refptr(cert));
348 } 366 }
349 367
350 } // namespace net 368 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/nss_cert_database.h ('k') | net/cert/nss_cert_database_chromeos.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698