OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/cert/nss_profile_filter_chromeos.h" | |
6 | |
7 #include "base/bind.h" | |
8 #include "base/callback.h" | |
9 #include "base/strings/string_number_conversions.h" | |
10 | |
11 namespace net { | |
12 namespace { | |
Ryan Sleevi
2013/12/11 06:52:50
style nit: line break
mattm
2013/12/12 00:45:22
Done.
| |
13 | |
14 std::string CertSlotsString(const scoped_refptr<X509Certificate>& cert) { | |
15 std::string r; | |
Ryan Sleevi
2013/12/11 06:52:50
naming nit: result
mattm
2013/12/12 00:45:22
Done.
| |
16 crypto::ScopedPK11SlotList slots_for_cert( | |
17 PK11_GetAllSlotsForCert(cert->os_cert_handle(), NULL)); | |
18 for (PK11SlotListElement* slot_element = | |
19 PK11_GetFirstSafe(slots_for_cert.get()); | |
20 slot_element; | |
21 slot_element = | |
22 PK11_GetNextSafe(slots_for_cert.get(), slot_element, PR_FALSE)) { | |
23 if (!r.empty()) | |
24 r += ','; | |
25 r += base::IntToString(PK11_GetModuleID(slot_element->slot)) + ":" + | |
26 base::IntToString(PK11_GetSlotID(slot_element->slot)); | |
Ryan Sleevi
2013/12/11 06:52:50
base::StringAppendF("%ul:%ul") ?
In both cases, C
mattm
2013/12/12 00:45:22
Done.
| |
27 } | |
28 return r; | |
29 } | |
30 | |
31 } // namespace | |
32 | |
33 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS() {} | |
34 | |
35 NSSProfileFilterChromeOS::~NSSProfileFilterChromeOS() {} | |
36 | |
37 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, | |
38 crypto::ScopedPK11Slot private_slot) { | |
39 public_slot_ = public_slot.Pass(); | |
40 private_slot_ = private_slot.Pass(); | |
41 } | |
42 | |
43 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { | |
44 // If this is one of the public/private slots for this profile, allow it. | |
45 if (slot == public_slot_.get() || slot == private_slot_.get()) | |
46 return true; | |
47 // If it's from the read-only slot, allow it. | |
48 if (slot == PK11_GetInternalKeySlot()) | |
49 return true; | |
50 // If this is a completely different module, allow it. | |
Ryan Sleevi
2013/12/11 06:52:50
Can you expand this comment?
// If this is not th
mattm
2013/12/12 00:45:22
Done.
| |
51 SECMODModule* module_for_slot = PK11_GetModule(slot); | |
52 if (module_for_slot != PK11_GetModule(public_slot_.get()) && | |
53 module_for_slot != PK11_GetModule(private_slot_.get())) | |
54 return true; | |
55 return false; | |
56 } | |
57 | |
58 bool NSSProfileFilterChromeOS::IsCertAllowed( | |
59 const scoped_refptr<X509Certificate>& cert) const { | |
60 crypto::ScopedPK11SlotList slots_for_cert( | |
61 PK11_GetAllSlotsForCert(cert->os_cert_handle(), NULL)); | |
62 if (!slots_for_cert) { | |
63 DVLOG(2) << "cert no slots: " << cert->subject().GetDisplayName(); | |
64 return true; | |
65 } | |
66 | |
67 for (PK11SlotListElement* slot_element = | |
68 PK11_GetFirstSafe(slots_for_cert.get()); | |
69 slot_element; | |
70 slot_element = | |
71 PK11_GetNextSafe(slots_for_cert.get(), slot_element, PR_FALSE)) { | |
72 if (IsModuleAllowed(slot_element->slot)) { | |
73 DVLOG(3) << "cert allowed:" << cert->subject().GetDisplayName() | |
74 << " from:" << CertSlotsString(cert); | |
75 return true; | |
76 } | |
77 } | |
78 DVLOG(2) << "cert filtered:" << cert->subject().GetDisplayName() | |
79 << " from:" << CertSlotsString(cert); | |
Ryan Sleevi
2013/12/11 06:52:50
nit: Missing spaces after the ": ", and extra spac
mattm
2013/12/12 00:45:22
changed the format around, should be better now.
| |
80 return false; | |
81 } | |
82 | |
83 NSSProfileFilterChromeOS::Predicate::Predicate( | |
84 const NSSProfileFilterChromeOS& filter) | |
85 : filter_(filter) {} | |
86 | |
87 bool NSSProfileFilterChromeOS::Predicate::operator()( | |
88 const scoped_refptr<CryptoModule>& module) const { | |
89 return !filter_.IsModuleAllowed(module->os_module_handle()); | |
90 } | |
91 | |
92 bool NSSProfileFilterChromeOS::Predicate::operator()( | |
93 const scoped_refptr<X509Certificate>& cert) const { | |
94 return !filter_.IsCertAllowed(cert); | |
95 } | |
96 | |
97 } // namespace net | |
98 | |
OLD | NEW |