Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(866)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp

Issue 1423333006: Adding User Certificate (.crt) Import to Certificate Manager (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/nss_cert_database.h ('K') | « net/third_party/mozilla_security_manager/nsNSSCertificateDB.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
index bfbeae6a2997c0cc1d098f2d5e9503d5cc11d40b..947fb53dcf3eddcd03ea3698b237b6303e02bcd1 100644
--- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
+++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
@@ -206,6 +206,37 @@ bool ImportServerCert(
return true;
}
+// Based on nsNSSCertificateDB::ImportUserCertificate.
+int ImportUserCert(const net::CertificateList& certificates) {
mattm 2015/11/06 23:13:00 Change the NSS version of CertDatabase::AddUserCer
svaldez 2015/11/10 15:07:50 Done.
+ if (certificates.empty())
+ return net::ERR_CERT_INVALID;
+
+ const scoped_refptr<net::X509Certificate>& cert = certificates[0];
mattm 2015/11/06 23:13:00 If this only uses the first cert, just pass that i
svaldez 2015/11/10 15:07:50 We may want to eventually verify the user cert cer
+ CK_OBJECT_HANDLE key;
+ PK11SlotInfo* slot =
mattm 2015/11/06 23:13:00 crypto::ScopedPK11Slot
svaldez 2015/11/10 15:07:50 Done.
+ PK11_KeyForCertExists(cert->os_cert_handle(), &key, NULL);
+
+ if (!slot)
+ return net::ERR_NO_PRIVATE_KEY_FOR_CERT;
+
+ // Mozilla uses CERT_ImportCerts, which doesn't take a slot arg. We use
+ // PK11_ImportCert instead.
+ SECStatus srv =
+ PK11_ImportCert(slot, cert->os_cert_handle(), key,
+ net::x509_util::GetUniqueNicknameForSlot(
+ cert->GetDefaultNickname(net::SERVER_CERT),
mattm 2015/11/06 23:13:00 USER_CERT?
svaldez 2015/11/10 15:07:50 Done.
+ &cert->os_cert_handle()->derSubject, slot)
+ .c_str(),
+ PR_FALSE /* includeTrust (unused) */);
+
+ if (srv != SECSuccess) {
+ LOG(ERROR) << "PK11_ImportCert failed with error " << PORT_GetError();
+ return net::ERR_ADD_USER_CERT_FAILED;
+ }
+
+ return net::OK;
+}
+
// Based on nsNSSCertificateDB::SetCertTrust.
bool
SetCertTrust(const net::X509Certificate* cert,
« net/cert/nss_cert_database.h ('K') | « net/third_party/mozilla_security_manager/nsNSSCertificateDB.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698