net/cert/nss_profile_filter_chromeos.cc - Issue 112533002: Add ClientCertStoreChromeOS which only returns the certs for a given user.

Side by Side Diff: net/cert/nss_profile_filter_chromeos.cc

Issue 112533002: Add ClientCertStoreChromeOS which only returns the certs for a given user. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: . Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/cert/nss_profile_filter_chromeos.h"

	6

	7 #include "base/bind.h"

	8 #include "base/callback.h"

	9 #include "base/strings/string_number_conversions.h"

	10

	11 namespace net {

	12 namespace {
	Ryan Sleevi 2013/12/11 06:52:50 style nit: line break style nit: line break mattm 2013/12/12 00:45:22 Done. Show quoted text On 2013/12/11 06:52:50, Ryan Sleevi wrote: > style nit: line break Done.
	13

	14 std::string CertSlotsString(const scoped_refptr<X509Certificate>& cert) {

	15 std::string r;
	Ryan Sleevi 2013/12/11 06:52:50 naming nit: result naming nit: result mattm 2013/12/12 00:45:22 Done. Show quoted text On 2013/12/11 06:52:50, Ryan Sleevi wrote: > naming nit: result Done.
	16 crypto::ScopedPK11SlotList slots_for_cert(

	17 PK11_GetAllSlotsForCert(cert->os_cert_handle(), NULL));

	18 for (PK11SlotListElement* slot_element =

	19 PK11_GetFirstSafe(slots_for_cert.get());

	20 slot_element;

	21 slot_element =

	22 PK11_GetNextSafe(slots_for_cert.get(), slot_element, PR_FALSE)) {

	23 if (!r.empty())

	24 r += ',';

	25 r += base::IntToString(PK11_GetModuleID(slot_element->slot)) + ":" +

	26 base::IntToString(PK11_GetSlotID(slot_element->slot));
	Ryan Sleevi 2013/12/11 06:52:50 base::StringAppendF("%ul:%ul") ? In both cases, C base::StringAppendF("%ul:%ul") ? In both cases, CK_SLOT_ID / SECMODModuleID are unsigned long , not ints. mattm 2013/12/12 00:45:22 Done. Show quoted text On 2013/12/11 06:52:50, Ryan Sleevi wrote: > base::StringAppendF("%ul:%ul") ? > > In both cases, CK_SLOT_ID / SECMODModuleID are unsigned long , not ints. Done.
	27 }

	28 return r;

	29 }

	30

	31 } // namespace

	32

	33 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS() {}

	34

	35 NSSProfileFilterChromeOS::~NSSProfileFilterChromeOS() {}

	36

	37 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot,

	38 crypto::ScopedPK11Slot private_slot) {

	39 public_slot_ = public_slot.Pass();

	40 private_slot_ = private_slot.Pass();

	41 }

	42

	43 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const {

	44 // If this is one of the public/private slots for this profile, allow it.

	45 if (slot == public_slot_.get() \|\| slot == private_slot_.get())

	46 return true;

	47 // If it's from the read-only slot, allow it.

	48 if (slot == PK11_GetInternalKeySlot())

	49 return true;

	50 // If this is a completely different module, allow it.
	Ryan Sleevi 2013/12/11 06:52:50 Can you expand this comment? // If this is not th Can you expand this comment? // If this is not the internal (file-system) module, allow it. mattm 2013/12/12 00:45:22 Done. Show quoted text On 2013/12/11 06:52:50, Ryan Sleevi wrote: > Can you expand this comment? > > // If this is not the internal (file-system) module, allow it. Done.
	51 SECMODModule* module_for_slot = PK11_GetModule(slot);

	52 if (module_for_slot != PK11_GetModule(public_slot_.get()) &&

	53 module_for_slot != PK11_GetModule(private_slot_.get()))

	54 return true;

	55 return false;

	56 }

	57

	58 bool NSSProfileFilterChromeOS::IsCertAllowed(

	59 const scoped_refptr<X509Certificate>& cert) const {

	60 crypto::ScopedPK11SlotList slots_for_cert(

	61 PK11_GetAllSlotsForCert(cert->os_cert_handle(), NULL));

	62 if (!slots_for_cert) {

	63 DVLOG(2) << "cert no slots: " << cert->subject().GetDisplayName();

	64 return true;

	65 }

	66

	67 for (PK11SlotListElement* slot_element =

	68 PK11_GetFirstSafe(slots_for_cert.get());

	69 slot_element;

	70 slot_element =

	71 PK11_GetNextSafe(slots_for_cert.get(), slot_element, PR_FALSE)) {

	72 if (IsModuleAllowed(slot_element->slot)) {

	73 DVLOG(3) << "cert allowed:" << cert->subject().GetDisplayName()

	74 << " from:" << CertSlotsString(cert);

	75 return true;

	76 }

	77 }

	78 DVLOG(2) << "cert filtered:" << cert->subject().GetDisplayName()

	79 << " from:" << CertSlotsString(cert);
	Ryan Sleevi 2013/12/11 06:52:50 nit: Missing spaces after the ": ", and extra spac nit: Missing spaces after the ": ", and extra space before the from? Should it be a newline instead? mattm 2013/12/12 00:45:22 changed the format around, should be better now. Show quoted text On 2013/12/11 06:52:50, Ryan Sleevi wrote: > nit: Missing spaces after the ": ", and extra space before the from? Should it > be a newline instead? changed the format around, should be better now.
	80 return false;

	81 }

	82

	83 NSSProfileFilterChromeOS::Predicate::Predicate(

	84 const NSSProfileFilterChromeOS& filter)

	85 : filter_(filter) {}

	86

	87 bool NSSProfileFilterChromeOS::Predicate::operator()(

	88 const scoped_refptr<CryptoModule>& module) const {

	89 return !filter_.IsModuleAllowed(module->os_module_handle());

	90 }

	91

	92 bool NSSProfileFilterChromeOS::Predicate::operator()(

	93 const scoped_refptr<X509Certificate>& cert) const {

	94 return !filter_.IsCertAllowed(cert);

	95 }

	96

	97 } // namespace net

	98

OLD	NEW

« net/cert/nss_profile_filter_chromeos.h ('K') | « net/cert/nss_profile_filter_chromeos.h ('k') | net/net.gyp » ('j') | net/ssl/client_cert_store_chromeos.h » ('J')