net/cert/nss_profile_filter_chromeos.cc - Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles.

Unified Diff: net/cert/nss_profile_filter_chromeos.cc

Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: ios TestRootCerts fix Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc ('K') | « net/cert/nss_profile_filter_chromeos.h ('k') | net/cert/nss_profile_filter_chromeos_unittest.cc » ('j') | net/cert/test_root_certs.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/cert/nss_profile_filter_chromeos.cc

diff --git a/net/cert/nss_profile_filter_chromeos.cc b/net/cert/nss_profile_filter_chromeos.cc

index 906780fbfa178ed482188e2f8bca52cb12097758..56784265b4d5eb99501c268527ce309124b0cc16 100644

--- a/net/cert/nss_profile_filter_chromeos.cc

+++ b/net/cert/nss_profile_filter_chromeos.cc

@@ -4,6 +4,7 @@

#include "net/cert/nss_profile_filter_chromeos.h"

+#include "base/strings/string_piece.h"

#include "base/strings/stringprintf.h"

#include "net/cert/x509_certificate.h"

@@ -11,10 +12,10 @@ namespace net {

namespace {

-std::string CertSlotsString(const scoped_refptr<X509Certificate>& cert) {

+std::string CertSlotsString(CERTCertificate* cert) {

std::string result;

crypto::ScopedPK11SlotList slots_for_cert(

- PK11_GetAllSlotsForCert(cert->os_cert_handle(), NULL));

+ PK11_GetAllSlotsForCert(cert, NULL));

for (PK11SlotListElement* slot_element =

PK11_GetFirstSafe(slots_for_cert.get());

slot_element;

@@ -86,13 +87,12 @@ bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const {

return false;

}

-bool NSSProfileFilterChromeOS::IsCertAllowed(

- const scoped_refptr<X509Certificate>& cert) const {

+bool NSSProfileFilterChromeOS::IsCertAllowed(CERTCertificate* cert) const {

crypto::ScopedPK11SlotList slots_for_cert(

- PK11_GetAllSlotsForCert(cert->os_cert_handle(), NULL));

+ PK11_GetAllSlotsForCert(cert, NULL));

if (!slots_for_cert) {

- DVLOG(2) << "cert no slots: " << cert->subject().GetDisplayName();

- return true;

+ DVLOG(2) << "cert no slots: " << base::StringPiece(cert->nickname);

+ return false;

}

for (PK11SlotListElement* slot_element =

@@ -102,13 +102,13 @@ bool NSSProfileFilterChromeOS::IsCertAllowed(

PK11_GetNextSafe(slots_for_cert.get(), slot_element, PR_FALSE)) {

if (IsModuleAllowed(slot_element->slot)) {

DVLOG(3) << "cert from " << CertSlotsString(cert)

- << " allowed: " << cert->subject().GetDisplayName();

+ << " allowed: " << base::StringPiece(cert->nickname);

PK11_FreeSlotListElement(slots_for_cert.get(), slot_element);

return true;

}

DVLOG(2) << "cert from " << CertSlotsString(cert)

- << " filtered: " << cert->subject().GetDisplayName();

+ << " filtered: " << base::StringPiece(cert->nickname);

return false;

}

@@ -118,7 +118,7 @@ NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate::

bool NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate::operator()(

const scoped_refptr<X509Certificate>& cert) const {

- return !filter_.IsCertAllowed(cert);

+ return !filter_.IsCertAllowed(cert->os_cert_handle());

}

NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::