OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_profile_filter_chromeos.h" | 5 #include "net/cert/nss_profile_filter_chromeos.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
10 | 10 |
(...skipping 29 matching lines...) Expand all Loading... | |
40 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, | 40 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, |
41 crypto::ScopedPK11Slot private_slot) { | 41 crypto::ScopedPK11Slot private_slot) { |
42 public_slot_ = public_slot.Pass(); | 42 public_slot_ = public_slot.Pass(); |
43 private_slot_ = private_slot.Pass(); | 43 private_slot_ = private_slot.Pass(); |
44 } | 44 } |
45 | 45 |
46 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { | 46 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { |
47 // If this is one of the public/private slots for this profile, allow it. | 47 // If this is one of the public/private slots for this profile, allow it. |
48 if (slot == public_slot_.get() || slot == private_slot_.get()) | 48 if (slot == public_slot_.get() || slot == private_slot_.get()) |
49 return true; | 49 return true; |
50 // If it's from the read-only slot, allow it. | 50 // If it's from the read-only slots, allow it. |
51 if (PK11_IsInternalKeySlot(slot)) | 51 if (PK11_IsInternalKeySlot(slot) || |
52 slot == crypto::ScopedPK11Slot(PK11_GetInternalSlot())) | |
Ryan Sleevi
2014/01/11 02:56:13
Why not PK11_IsInternal?
mattm
2014/01/11 03:23:23
PK11_IsInternal matches any of the nss software sl
Ryan Sleevi
2014/01/11 03:36:14
Yeah, but I thought they showed up as removable sl
mattm
2014/01/14 02:29:06
Ok, changed to use PK11_IsInternal && !PK11_IsRemo
| |
52 return true; | 53 return true; |
54 // If |public_slot_| or |private_slot_| is null, there isn't a way to get the | |
55 // modules to use in the final test. | |
56 if (!public_slot_.get() || !private_slot_.get()) { | |
57 // Allow the root certs module which would normally be allowed by the final | |
58 // test. | |
59 if (PK11_HasRootCerts(slot)) | |
60 return true; | |
Ryan Sleevi
2014/01/11 02:56:13
This is so that roots display in the UI, right?
W
mattm
2014/01/11 03:23:23
Yeah.
Ryan Sleevi
2014/01/11 03:36:14
I was going to suggest moving it before / outside
mattm
2014/01/14 02:29:06
Done.
| |
61 return false; | |
62 } | |
53 // If this is not the internal (file-system) module or the TPM module, allow | 63 // If this is not the internal (file-system) module or the TPM module, allow |
54 // it. | 64 // it. |
55 SECMODModule* module_for_slot = PK11_GetModule(slot); | 65 SECMODModule* module_for_slot = PK11_GetModule(slot); |
56 if (module_for_slot != PK11_GetModule(public_slot_.get()) && | 66 if (module_for_slot != PK11_GetModule(public_slot_.get()) && |
57 module_for_slot != PK11_GetModule(private_slot_.get())) | 67 module_for_slot != PK11_GetModule(private_slot_.get())) |
58 return true; | 68 return true; |
59 return false; | 69 return false; |
60 } | 70 } |
61 | 71 |
62 bool NSSProfileFilterChromeOS::IsCertAllowed( | 72 bool NSSProfileFilterChromeOS::IsCertAllowed( |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
98 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) | 108 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) |
99 : filter_(filter) {} | 109 : filter_(filter) {} |
100 | 110 |
101 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( | 111 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( |
102 const scoped_refptr<CryptoModule>& module) const { | 112 const scoped_refptr<CryptoModule>& module) const { |
103 return !filter_.IsModuleAllowed(module->os_module_handle()); | 113 return !filter_.IsModuleAllowed(module->os_module_handle()); |
104 } | 114 } |
105 | 115 |
106 } // namespace net | 116 } // namespace net |
107 | 117 |
OLD | NEW |