OLD | NEW |
---|---|
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
199 } | 199 } |
200 | 200 |
201 SetCertTrust(certificates[0].get(), net::SERVER_CERT, trustBits); | 201 SetCertTrust(certificates[0].get(), net::SERVER_CERT, trustBits); |
202 // TODO(mattm): Report SetCertTrust result? Putting in not_imported | 202 // TODO(mattm): Report SetCertTrust result? Putting in not_imported |
203 // wouldn't quite match up since it was imported... | 203 // wouldn't quite match up since it was imported... |
204 | 204 |
205 // Any errors importing individual certs will be in listed in |not_imported|. | 205 // Any errors importing individual certs will be in listed in |not_imported|. |
206 return true; | 206 return true; |
207 } | 207 } |
208 | 208 |
209 // Based on nsNSSCertificateDB::ImportUserCertificate. | |
210 int ImportUserCert(const net::CertificateList& certificates) { | |
mattm
2015/11/06 23:13:00
Change the NSS version of CertDatabase::AddUserCer
svaldez
2015/11/10 15:07:50
Done.
| |
211 if (certificates.empty()) | |
212 return net::ERR_CERT_INVALID; | |
213 | |
214 const scoped_refptr<net::X509Certificate>& cert = certificates[0]; | |
mattm
2015/11/06 23:13:00
If this only uses the first cert, just pass that i
svaldez
2015/11/10 15:07:50
We may want to eventually verify the user cert cer
| |
215 CK_OBJECT_HANDLE key; | |
216 PK11SlotInfo* slot = | |
mattm
2015/11/06 23:13:00
crypto::ScopedPK11Slot
svaldez
2015/11/10 15:07:50
Done.
| |
217 PK11_KeyForCertExists(cert->os_cert_handle(), &key, NULL); | |
218 | |
219 if (!slot) | |
220 return net::ERR_NO_PRIVATE_KEY_FOR_CERT; | |
221 | |
222 // Mozilla uses CERT_ImportCerts, which doesn't take a slot arg. We use | |
223 // PK11_ImportCert instead. | |
224 SECStatus srv = | |
225 PK11_ImportCert(slot, cert->os_cert_handle(), key, | |
226 net::x509_util::GetUniqueNicknameForSlot( | |
227 cert->GetDefaultNickname(net::SERVER_CERT), | |
mattm
2015/11/06 23:13:00
USER_CERT?
svaldez
2015/11/10 15:07:50
Done.
| |
228 &cert->os_cert_handle()->derSubject, slot) | |
229 .c_str(), | |
230 PR_FALSE /* includeTrust (unused) */); | |
231 | |
232 if (srv != SECSuccess) { | |
233 LOG(ERROR) << "PK11_ImportCert failed with error " << PORT_GetError(); | |
234 return net::ERR_ADD_USER_CERT_FAILED; | |
235 } | |
236 | |
237 return net::OK; | |
238 } | |
239 | |
209 // Based on nsNSSCertificateDB::SetCertTrust. | 240 // Based on nsNSSCertificateDB::SetCertTrust. |
210 bool | 241 bool |
211 SetCertTrust(const net::X509Certificate* cert, | 242 SetCertTrust(const net::X509Certificate* cert, |
212 net::CertType type, | 243 net::CertType type, |
213 net::NSSCertDatabase::TrustBits trustBits) | 244 net::NSSCertDatabase::TrustBits trustBits) |
214 { | 245 { |
215 const unsigned kSSLTrustBits = net::NSSCertDatabase::TRUSTED_SSL | | 246 const unsigned kSSLTrustBits = net::NSSCertDatabase::TRUSTED_SSL | |
216 net::NSSCertDatabase::DISTRUSTED_SSL; | 247 net::NSSCertDatabase::DISTRUSTED_SSL; |
217 const unsigned kEmailTrustBits = net::NSSCertDatabase::TRUSTED_EMAIL | | 248 const unsigned kEmailTrustBits = net::NSSCertDatabase::TRUSTED_EMAIL | |
218 net::NSSCertDatabase::DISTRUSTED_EMAIL; | 249 net::NSSCertDatabase::DISTRUSTED_EMAIL; |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
266 } else { | 297 } else { |
267 // ignore user and email/unknown certs | 298 // ignore user and email/unknown certs |
268 return true; | 299 return true; |
269 } | 300 } |
270 if (srv != SECSuccess) | 301 if (srv != SECSuccess) |
271 LOG(ERROR) << "SetCertTrust failed with error " << PORT_GetError(); | 302 LOG(ERROR) << "SetCertTrust failed with error " << PORT_GetError(); |
272 return srv == SECSuccess; | 303 return srv == SECSuccess; |
273 } | 304 } |
274 | 305 |
275 } // namespace mozilla_security_manager | 306 } // namespace mozilla_security_manager |
OLD | NEW |