| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/certificate_manager_model.h" | 5 #include "chrome/browser/certificate_manager_model.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/i18n/time_formatting.h" | 8 #include "base/i18n/time_formatting.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| 11 #include "chrome/browser/ui/crypto_module_password_dialog.h" | 11 #include "chrome/browser/ui/crypto_module_password_dialog.h" |
| 12 #include "chrome/common/net/x509_certificate_model.h" | 12 #include "chrome/common/net/x509_certificate_model.h" |
| 13 #include "content/public/browser/browser_context.h" |
| 14 #include "content/public/browser/browser_thread.h" |
| 15 #include "content/public/browser/nss_context.h" |
| 16 #include "content/public/browser/resource_context.h" |
| 13 #include "net/base/crypto_module.h" | 17 #include "net/base/crypto_module.h" |
| 14 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 15 #include "net/cert/x509_certificate.h" | 19 #include "net/cert/x509_certificate.h" |
| 16 | 20 |
| 17 #if defined(OS_CHROMEOS) | 21 #if defined(OS_CHROMEOS) |
| 18 #include <cert.h> | 22 #include <cert.h> |
| 19 | 23 |
| 20 #include "crypto/nss_util.h" | 24 #include "crypto/nss_util.h" |
| 21 #include "grit/generated_resources.h" | 25 #include "grit/generated_resources.h" |
| 22 #include "ui/base/l10n/l10n_util.h" | 26 #include "ui/base/l10n/l10n_util.h" |
| 23 #endif | 27 #endif |
| 24 | 28 |
| 25 CertificateManagerModel::CertificateManagerModel(Observer* observer) | 29 using content::BrowserThread; |
| 26 : cert_db_(net::NSSCertDatabase::GetInstance()), | 30 |
| 27 observer_(observer) { | 31 namespace { |
| 32 |
| 33 void GotCertDBOnIOThread( |
| 34 const base::Callback<void(net::NSSCertDatabase*)>& callback, |
| 35 net::NSSCertDatabase* cert_db) { |
| 36 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 37 |
| 38 BrowserThread::PostTask( |
| 39 BrowserThread::UI, FROM_HERE, base::Bind(callback, cert_db)); |
| 40 } |
| 41 |
| 42 } // namespace |
| 43 |
| 44 CertificateManagerModel::CertificateManagerModel( |
| 45 content::BrowserContext* browser_context, |
| 46 Observer* observer) |
| 47 : observer_(observer), |
| 48 weak_ptr_factory_(this) { |
| 49 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 50 VLOG(1) << "Getting cert_db for profile..."; |
| 51 BrowserThread::PostTask( |
| 52 BrowserThread::IO, |
| 53 FROM_HERE, |
| 54 base::Bind(&content::GetNSSCertDatabaseForResourceContext, |
| 55 browser_context->GetResourceContext(), |
| 56 base::Bind(GotCertDBOnIOThread, |
| 57 base::Bind(&CertificateManagerModel::GotCertDB, |
| 58 weak_ptr_factory_.GetWeakPtr())))); |
| 28 } | 59 } |
| 29 | 60 |
| 30 CertificateManagerModel::~CertificateManagerModel() { | 61 CertificateManagerModel::~CertificateManagerModel() { |
| 31 } | 62 } |
| 32 | 63 |
| 33 void CertificateManagerModel::Refresh() { | 64 void CertificateManagerModel::Refresh() { |
| 65 // XXX should the rest of the NSS stuff also be on IO thread? or a worker |
| 66 // thread? |
| 34 VLOG(1) << "refresh started"; | 67 VLOG(1) << "refresh started"; |
| 35 net::CryptoModuleList modules; | 68 net::CryptoModuleList modules; |
| 36 cert_db_->ListModules(&modules, false); | 69 cert_db_->ListModules(&modules, false); |
| 37 VLOG(1) << "refresh waiting for unlocking..."; | 70 VLOG(1) << "refresh waiting for unlocking..."; |
| 38 chrome::UnlockSlotsIfNecessary( | 71 chrome::UnlockSlotsIfNecessary( |
| 39 modules, | 72 modules, |
| 40 chrome::kCryptoModulePasswordListCerts, | 73 chrome::kCryptoModulePasswordListCerts, |
| 41 std::string(), // unused. | 74 std::string(), // unused. |
| 42 base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked, | 75 base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked, |
| 43 base::Unretained(this))); | 76 base::Unretained(this))); |
| 44 } | 77 } |
| 45 | 78 |
| 79 void CertificateManagerModel::GotCertDB(net::NSSCertDatabase* cert_db) { |
| 80 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 81 DCHECK(cert_db); |
| 82 VLOG(1) << "Got cert_db"; |
| 83 cert_db_ = cert_db; |
| 84 observer_->CertificateManagerModelReady(); |
| 85 } |
| 86 |
| 46 void CertificateManagerModel::RefreshSlotsUnlocked() { | 87 void CertificateManagerModel::RefreshSlotsUnlocked() { |
| 47 VLOG(1) << "refresh listing certs..."; | 88 VLOG(1) << "refresh listing certs..."; |
| 48 cert_db_->ListCerts(&cert_list_); | 89 cert_db_->ListCerts(&cert_list_); |
| 49 observer_->CertificatesRefreshed(); | 90 observer_->CertificatesRefreshed(); |
| 50 VLOG(1) << "refresh finished"; | 91 VLOG(1) << "refresh finished"; |
| 51 } | 92 } |
| 52 | 93 |
| 53 void CertificateManagerModel::FilterAndBuildOrgGroupingMap( | 94 void CertificateManagerModel::FilterAndBuildOrgGroupingMap( |
| 54 net::CertType filter_type, | 95 net::CertType filter_type, |
| 55 CertificateManagerModel::OrgGroupingMap* map) const { | 96 CertificateManagerModel::OrgGroupingMap* map) const { |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 bool CertificateManagerModel::Delete(net::X509Certificate* cert) { | 191 bool CertificateManagerModel::Delete(net::X509Certificate* cert) { |
| 151 bool result = cert_db_->DeleteCertAndKey(cert); | 192 bool result = cert_db_->DeleteCertAndKey(cert); |
| 152 if (result) | 193 if (result) |
| 153 Refresh(); | 194 Refresh(); |
| 154 return result; | 195 return result; |
| 155 } | 196 } |
| 156 | 197 |
| 157 bool CertificateManagerModel::IsHardwareBacked( | 198 bool CertificateManagerModel::IsHardwareBacked( |
| 158 const net::X509Certificate* cert) const { | 199 const net::X509Certificate* cert) const { |
| 159 #if defined(OS_CHROMEOS) | 200 #if defined(OS_CHROMEOS) |
| 160 return crypto::IsTPMTokenReady() && | 201 // XXX should we actually do the opposite check and make sure the cert doesn't |
| 161 cert->os_cert_handle()->slot == | 202 // exist in any non-tpm slots? |
| 162 cert_db_->GetPrivateModule()->os_module_handle(); | 203 return crypto::IsTPMTokenEnabledForNSS() && |
| 204 PK11_FindCertInSlot(cert_db_->GetPrivateModule()->os_module_handle(), |
| 205 cert->os_cert_handle(), |
| 206 NULL) != CK_INVALID_HANDLE; |
| 163 #else | 207 #else |
| 164 return false; | 208 return false; |
| 165 #endif | 209 #endif |
| 166 } | 210 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18121007:
*WIP* Store NSS slots per profile. Move keygen to chrome. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src