| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_profile_filter_chromeos.h" | 5 #include "net/cert/nss_profile_filter_chromeos.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 | 10 |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, | 40 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, |
| 41 crypto::ScopedPK11Slot private_slot) { | 41 crypto::ScopedPK11Slot private_slot) { |
| 42 public_slot_ = public_slot.Pass(); | 42 public_slot_ = public_slot.Pass(); |
| 43 private_slot_ = private_slot.Pass(); | 43 private_slot_ = private_slot.Pass(); |
| 44 } | 44 } |
| 45 | 45 |
| 46 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { | 46 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { |
| 47 // If this is one of the public/private slots for this profile, allow it. | 47 // If this is one of the public/private slots for this profile, allow it. |
| 48 if (slot == public_slot_.get() || slot == private_slot_.get()) | 48 if (slot == public_slot_.get() || slot == private_slot_.get()) |
| 49 return true; | 49 return true; |
| 50 // If it's from the read-only slot, allow it. | 50 // Allow the root certs module. |
| 51 if (PK11_IsInternalKeySlot(slot)) | 51 if (PK11_HasRootCerts(slot)) |
| 52 return true; | 52 return true; |
| 53 // If it's from the read-only slots, allow it. |
| 54 if (PK11_IsInternal(slot) && !PK11_IsRemovable(slot)) |
| 55 return true; |
| 56 // If |public_slot_| or |private_slot_| is null, there isn't a way to get the |
| 57 // modules to use in the final test. |
| 58 if (!public_slot_.get() || !private_slot_.get()) |
| 59 return false; |
| 53 // If this is not the internal (file-system) module or the TPM module, allow | 60 // If this is not the internal (file-system) module or the TPM module, allow |
| 54 // it. | 61 // it. |
| 55 SECMODModule* module_for_slot = PK11_GetModule(slot); | 62 SECMODModule* module_for_slot = PK11_GetModule(slot); |
| 56 if (module_for_slot != PK11_GetModule(public_slot_.get()) && | 63 if (module_for_slot != PK11_GetModule(public_slot_.get()) && |
| 57 module_for_slot != PK11_GetModule(private_slot_.get())) | 64 module_for_slot != PK11_GetModule(private_slot_.get())) |
| 58 return true; | 65 return true; |
| 59 return false; | 66 return false; |
| 60 } | 67 } |
| 61 | 68 |
| 62 bool NSSProfileFilterChromeOS::IsCertAllowed( | 69 bool NSSProfileFilterChromeOS::IsCertAllowed( |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 98 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) | 105 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) |
| 99 : filter_(filter) {} | 106 : filter_(filter) {} |
| 100 | 107 |
| 101 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( | 108 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( |
| 102 const scoped_refptr<CryptoModule>& module) const { | 109 const scoped_refptr<CryptoModule>& module) const { |
| 103 return !filter_.IsModuleAllowed(module->os_module_handle()); | 110 return !filter_.IsModuleAllowed(module->os_module_handle()); |
| 104 } | 111 } |
| 105 | 112 |
| 106 } // namespace net | 113 } // namespace net |
| 107 | 114 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 123633002:
ChromeOS: Fix crash if login profile triggers client auth. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src