Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(980)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc_chromeos.h

Issue 137553004: NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: expanded test, found one problem Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_chromeos.cc » ('j') | net/cert/cert_verify_proc_chromeos_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_chromeos.h
diff --git a/net/cert/cert_verify_proc_chromeos.h b/net/cert/cert_verify_proc_chromeos.h
new file mode 100644
index 0000000000000000000000000000000000000000..e7527fed522d2e3f7b897250e023c71ec89f6fa4
--- /dev/null
+++ b/net/cert/cert_verify_proc_chromeos.h
@@ -0,0 +1,53 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_CERT_VERIFY_PROC_CHROMEOS_H_
+#define NET_CERT_CERT_VERIFY_PROC_CHROMEOS_H_
+
+#include "crypto/scoped_nss_types.h"
+#include "net/base/net_export.h"
+#include "net/cert/cert_verify_proc_nss.h"
+#include "net/cert/nss_profile_filter_chromeos.h"
+
+namespace net {
+
+// Wrapper around CertVerifyProcNSS which allows filtering trust decisions on a
+// per-slot basis. Unlike the other CertVerifyProc implementations, this one is
+// publicly exported, so that the non-default constructor can be used to specify
+// the slots to use.
+//
+// Note that only the simple case is currently handled (if a slot contains a new
+// trust root, that root should not be trusted by CertVerifyProcChromeOS
+// instances using other slots). More complicated cases are not handled (like
+// two slots adding the same root cert but with different trust values).
+class NET_EXPORT CertVerifyProcChromeOS : public CertVerifyProcNSS {
+ public:
+ // Creates a CertVerifyProc that doesn't allow any user-provided trust roots.
+ CertVerifyProcChromeOS();
+
+ // Creates a CertVerifyProc that doesn't allow trust roots provided by
+ // users other than the specified slot.
+ CertVerifyProcChromeOS(crypto::ScopedPK11Slot public_slot,
+ crypto::ScopedPK11Slot private_slot);
Ryan Sleevi 2014/01/25 01:50:17 Why take a private slot? This doesn't make sense f
mattm 2014/01/28 04:36:44 Oops, yeah. Didn't finish an earlier change to onl
+
+ protected:
+ virtual ~CertVerifyProcChromeOS();
+
+ private:
+ CERTChainVerifyCallback* InitializeCERTChainVerifyCallback();
+
+ static SECStatus IsChainValidFunc(void* is_chain_valid_arg,
+ const CERTCertList* current_chain,
+ PRBool* chain_ok);
+
+ // A pointer to this object is passed to CertVerifyProcNSS.
+ CERTChainVerifyCallback chain_verify_callback_;
+
+ NSSProfileFilterChromeOS profile_filter_;
+};
+
+} // namespace net
+
+#endif // NET_CERT_CERT_VERIFY_PROC_CHROMEOS_H_
+
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_chromeos.cc » ('j') | net/cert/cert_verify_proc_chromeos_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698