net/cert/cert_database_nss.cc - Issue 15315003: Generate unique certificate nicknames on Linux/CrOS.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/cert_database_nss.cc

Issue 15315003: Generate unique certificate nicknames on Linux/CrOS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Update README Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/cert_database_nss.cc

diff --git a/net/cert/cert_database_nss.cc b/net/cert/cert_database_nss.cc

index 3ac14073f40410a1357caee5341f006a86f599f2..5fa272134a257ac5134e80be5376efee03c2bee1 100644

--- a/net/cert/cert_database_nss.cc

+++ b/net/cert/cert_database_nss.cc

@@ -11,9 +11,11 @@

#include "base/logging.h"

#include "base/observer_list_threadsafe.h"

#include "crypto/nss_util.h"

+#include "crypto/scoped_nss_types.h"

#include "net/base/net_errors.h"

#include "net/cert/nss_cert_database.h"

#include "net/cert/x509_certificate.h"

+#include "net/cert/x509_util_nss.h"

namespace net {

@@ -82,21 +84,27 @@ int CertDatabase::CheckUserCert(X509Certificate* cert_obj) {

int CertDatabase::AddUserCert(X509Certificate* cert_obj) {

CERTCertificate* cert = cert_obj->os_cert_handle();

- PK11SlotInfo* slot = NULL;

+ CK_OBJECT_HANDLE key;

+ crypto::ScopedPK11Slot slot(PK11_KeyForCertExists(cert, &key, NULL));

+ if (!slot.get())

+ return ERR_NO_PRIVATE_KEY_FOR_CERT;

+ std::string nickname = x509_util::GetUniqueNicknameForSlot(

+ cert_obj->GetDefaultNickname(USER_CERT),

+ &cert->derSubject,

+ slot.get());

+ SECStatus rv;

{

crypto::AutoNSSWriteLock lock;

- slot = PK11_ImportCertForKey(

- cert,

- cert_obj->GetDefaultNickname(net::USER_CERT).c_str(),

- NULL);

+ rv = PK11_ImportCert(slot.get(), cert, key, nickname.c_str(), PR_FALSE);

}

- if (!slot) {

- LOG(ERROR) << "Couldn't import user certificate.";

+ if (rv != SECSuccess) {

+ LOG(ERROR) << "Couldn't import user certificate. " << PORT_GetError();

wtc 2013/05/22 20:58:45 Should we also log an error message on line 90?

Ryan Sleevi 2013/05/22 23:20:19 I'm actually not a big fan of the current error me

return ERR_ADD_USER_CERT_FAILED;

}

- PK11_FreeSlot(slot);

NotifyObserversOfCertAdded(cert_obj);

return OK;

}

« no previous file with comments | « no previous file | net/cert/nss_cert_database_unittest.cc » ('j') | net/cert/nss_cert_database_unittest.cc » ('J')