OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_profile_filter_chromeos.h" | 5 #include "net/cert/nss_profile_filter_chromeos.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
10 | 10 |
(...skipping 29 matching lines...) Expand all Loading... |
40 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, | 40 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, |
41 crypto::ScopedPK11Slot private_slot) { | 41 crypto::ScopedPK11Slot private_slot) { |
42 public_slot_ = public_slot.Pass(); | 42 public_slot_ = public_slot.Pass(); |
43 private_slot_ = private_slot.Pass(); | 43 private_slot_ = private_slot.Pass(); |
44 } | 44 } |
45 | 45 |
46 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { | 46 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { |
47 // If this is one of the public/private slots for this profile, allow it. | 47 // If this is one of the public/private slots for this profile, allow it. |
48 if (slot == public_slot_.get() || slot == private_slot_.get()) | 48 if (slot == public_slot_.get() || slot == private_slot_.get()) |
49 return true; | 49 return true; |
50 // If it's from the read-only slot, allow it. | 50 // Allow the root certs module. |
51 if (PK11_IsInternalKeySlot(slot)) | 51 if (PK11_HasRootCerts(slot)) |
52 return true; | 52 return true; |
| 53 // If it's from the read-only slots, allow it. |
| 54 if (PK11_IsInternal(slot) && !PK11_IsRemovable(slot)) |
| 55 return true; |
| 56 // If |public_slot_| or |private_slot_| is null, there isn't a way to get the |
| 57 // modules to use in the final test. |
| 58 if (!public_slot_.get() || !private_slot_.get()) |
| 59 return false; |
53 // If this is not the internal (file-system) module or the TPM module, allow | 60 // If this is not the internal (file-system) module or the TPM module, allow |
54 // it. | 61 // it. |
55 SECMODModule* module_for_slot = PK11_GetModule(slot); | 62 SECMODModule* module_for_slot = PK11_GetModule(slot); |
56 if (module_for_slot != PK11_GetModule(public_slot_.get()) && | 63 if (module_for_slot != PK11_GetModule(public_slot_.get()) && |
57 module_for_slot != PK11_GetModule(private_slot_.get())) | 64 module_for_slot != PK11_GetModule(private_slot_.get())) |
58 return true; | 65 return true; |
59 return false; | 66 return false; |
60 } | 67 } |
61 | 68 |
62 bool NSSProfileFilterChromeOS::IsCertAllowed( | 69 bool NSSProfileFilterChromeOS::IsCertAllowed( |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
98 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) | 105 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) |
99 : filter_(filter) {} | 106 : filter_(filter) {} |
100 | 107 |
101 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( | 108 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( |
102 const scoped_refptr<CryptoModule>& module) const { | 109 const scoped_refptr<CryptoModule>& module) const { |
103 return !filter_.IsModuleAllowed(module->os_module_handle()); | 110 return !filter_.IsModuleAllowed(module->os_module_handle()); |
104 } | 111 } |
105 | 112 |
106 } // namespace net | 113 } // namespace net |
107 | 114 |
OLD | NEW |