| Index: net/cert/nss_cert_database.cc
|
| diff --git a/net/cert/nss_cert_database.cc b/net/cert/nss_cert_database.cc
|
| index 8e9ef4e6f0159078fc8462002d53f5e0f4b3a592..126016b4057545ace624476d44b40ebace671b9e 100644
|
| --- a/net/cert/nss_cert_database.cc
|
| +++ b/net/cert/nss_cert_database.cc
|
| @@ -13,9 +13,10 @@
|
| #include "base/logging.h"
|
| #include "base/memory/scoped_ptr.h"
|
| #include "base/memory/singleton.h"
|
| -#include "base/observer_list_threadsafe.h"
|
| #include "crypto/nss_util.h"
|
| #include "crypto/nss_util_internal.h"
|
| +#include "crypto/scoped_nss_types.h"
|
| +#include "net/cert/cert_database.h"
|
| #include "net/base/crypto_module.h"
|
| #include "net/base/net_errors.h"
|
| #include "net/cert/cert_database.h"
|
| @@ -47,8 +48,7 @@ NSSCertDatabase* NSSCertDatabase::GetInstance() {
|
| LeakySingletonTraits<NSSCertDatabase> >::get();
|
| }
|
|
|
| -NSSCertDatabase::NSSCertDatabase()
|
| - : observer_list_(new ObserverListThreadSafe<Observer>) {
|
| +NSSCertDatabase::NSSCertDatabase() {
|
| crypto::EnsureNSSInit();
|
| psm::EnsurePKCS12Init();
|
| }
|
| @@ -70,21 +70,15 @@ void NSSCertDatabase::ListCerts(CertificateList* certs) {
|
| }
|
|
|
| CryptoModule* NSSCertDatabase::GetPublicModule() const {
|
| - CryptoModule* module =
|
| - CryptoModule::CreateFromHandle(crypto::GetPublicNSSKeySlot());
|
| - // The module is already referenced when returned from
|
| - // GetPublicNSSKeySlot, so we need to deref it once.
|
| - PK11_FreeSlot(module->os_module_handle());
|
| + crypto::ScopedPK11Slot slot(GetPublicSlot());
|
| + CryptoModule* module = CryptoModule::CreateFromHandle(slot.get());
|
|
|
| return module;
|
| }
|
|
|
| CryptoModule* NSSCertDatabase::GetPrivateModule() const {
|
| - CryptoModule* module =
|
| - CryptoModule::CreateFromHandle(crypto::GetPrivateNSSKeySlot());
|
| - // The module is already referenced when returned from
|
| - // GetPrivateNSSKeySlot, so we need to deref it once.
|
| - PK11_FreeSlot(module->os_module_handle());
|
| + crypto::ScopedPK11Slot slot(GetPrivateSlot());
|
| + CryptoModule* module = CryptoModule::CreateFromHandle(slot.get());
|
|
|
| return module;
|
| }
|
| @@ -93,25 +87,23 @@ void NSSCertDatabase::ListModules(CryptoModuleList* modules,
|
| bool need_rw) const {
|
| modules->clear();
|
|
|
| - PK11SlotList* slot_list = NULL;
|
| // The wincx arg is unused since we don't call PK11_SetIsLoggedInFunc.
|
| - slot_list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
|
| - need_rw ? PR_TRUE : PR_FALSE, // needRW
|
| - PR_TRUE, // loadCerts (unused)
|
| - NULL); // wincx
|
| + crypto::ScopedPK11SlotList slot_list(
|
| + PK11_GetAllTokens(CKM_INVALID_MECHANISM,
|
| + need_rw ? PR_TRUE : PR_FALSE, // needRW
|
| + PR_TRUE, // loadCerts (unused)
|
| + NULL)); // wincx
|
| if (!slot_list) {
|
| LOG(ERROR) << "PK11_GetAllTokens failed: " << PORT_GetError();
|
| return;
|
| }
|
|
|
| - PK11SlotListElement* slot_element = PK11_GetFirstSafe(slot_list);
|
| + PK11SlotListElement* slot_element = PK11_GetFirstSafe(slot_list.get());
|
| while (slot_element) {
|
| modules->push_back(CryptoModule::CreateFromHandle(slot_element->slot));
|
| - slot_element = PK11_GetNextSafe(slot_list, slot_element,
|
| + slot_element = PK11_GetNextSafe(slot_list.get(), slot_element,
|
| PR_FALSE); // restart
|
| }
|
| -
|
| - PK11_FreeSlotList(slot_list);
|
| }
|
|
|
| int NSSCertDatabase::ImportFromPKCS12(
|
| @@ -120,6 +112,9 @@ int NSSCertDatabase::ImportFromPKCS12(
|
| const base::string16& password,
|
| bool is_extractable,
|
| net::CertificateList* imported_certs) {
|
| + VLOG(1) << __func__ << " "
|
| + << PK11_GetModuleID(module->os_module_handle()) << ":"
|
| + << PK11_GetSlotID(module->os_module_handle());
|
| int result = psm::nsPKCS12Blob_Import(module->os_module_handle(),
|
| data.data(), data.size(),
|
| password,
|
| @@ -165,8 +160,12 @@ bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates,
|
| TrustBits trust_bits,
|
| ImportCertFailureList* not_imported) {
|
| X509Certificate* root = FindRootInList(certificates);
|
| - bool success = psm::ImportCACerts(certificates, root, trust_bits,
|
| - not_imported);
|
| + bool success = psm::ImportCACerts(
|
| + GetPublicSlot(),
|
| + certificates,
|
| + root,
|
| + trust_bits,
|
| + not_imported);
|
| if (success)
|
| NotifyObserversOfCertTrustChanged(NULL);
|
|
|
| @@ -176,7 +175,11 @@ bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates,
|
| bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates,
|
| TrustBits trust_bits,
|
| ImportCertFailureList* not_imported) {
|
| - return psm::ImportServerCert(certificates, trust_bits, not_imported);
|
| + return psm::ImportServerCert(
|
| + GetPublicSlot(),
|
| + certificates,
|
| + trust_bits,
|
| + not_imported);
|
| }
|
|
|
| NSSCertDatabase::TrustBits NSSCertDatabase::GetCertTrust(
|
| @@ -319,27 +322,26 @@ bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const {
|
| return slot && PK11_IsReadOnly(slot);
|
| }
|
|
|
| -void NSSCertDatabase::AddObserver(Observer* observer) {
|
| - observer_list_->AddObserver(observer);
|
| +crypto::ScopedPK11Slot NSSCertDatabase::GetPublicSlot() const {
|
| + return crypto::ScopedPK11Slot(crypto::GetPublicNSSKeySlot());
|
| }
|
|
|
| -void NSSCertDatabase::RemoveObserver(Observer* observer) {
|
| - observer_list_->RemoveObserver(observer);
|
| +crypto::ScopedPK11Slot NSSCertDatabase::GetPrivateSlot() const {
|
| + return crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot());
|
| }
|
|
|
| void NSSCertDatabase::NotifyObserversOfCertAdded(const X509Certificate* cert) {
|
| - observer_list_->Notify(&Observer::OnCertAdded, make_scoped_refptr(cert));
|
| + CertDatabase::GetInstance()->NotifyObserversOfCertAdded(cert);
|
| }
|
|
|
| void NSSCertDatabase::NotifyObserversOfCertRemoved(
|
| const X509Certificate* cert) {
|
| - observer_list_->Notify(&Observer::OnCertRemoved, make_scoped_refptr(cert));
|
| + CertDatabase::GetInstance()->NotifyObserversOfCertRemoved(cert);
|
| }
|
|
|
| void NSSCertDatabase::NotifyObserversOfCertTrustChanged(
|
| const X509Certificate* cert) {
|
| - observer_list_->Notify(
|
| - &Observer::OnCertTrustChanged, make_scoped_refptr(cert));
|
| + CertDatabase::GetInstance()->NotifyObserversOfCertTrustChanged(cert);
|
| }
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 18121007:
*WIP* Store NSS slots per profile. Move keygen to chrome. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src