| Index: chrome/browser/certificate_manager_model.cc
|
| diff --git a/chrome/browser/certificate_manager_model.cc b/chrome/browser/certificate_manager_model.cc
|
| index b4a670125a205f14b480fc6662bc3341a08a0d7e..da460702a03f80eb005d2a9b6d6ece285684adc7 100644
|
| --- a/chrome/browser/certificate_manager_model.cc
|
| +++ b/chrome/browser/certificate_manager_model.cc
|
| @@ -10,6 +10,10 @@
|
| #include "base/strings/utf_string_conversions.h"
|
| #include "chrome/browser/ui/crypto_module_password_dialog.h"
|
| #include "chrome/common/net/x509_certificate_model.h"
|
| +#include "content/public/browser/browser_context.h"
|
| +#include "content/public/browser/browser_thread.h"
|
| +#include "content/public/browser/nss_context.h"
|
| +#include "content/public/browser/resource_context.h"
|
| #include "net/base/crypto_module.h"
|
| #include "net/base/net_errors.h"
|
| #include "net/cert/x509_certificate.h"
|
| @@ -22,15 +26,44 @@
|
| #include "ui/base/l10n/l10n_util.h"
|
| #endif
|
|
|
| -CertificateManagerModel::CertificateManagerModel(Observer* observer)
|
| - : cert_db_(net::NSSCertDatabase::GetInstance()),
|
| - observer_(observer) {
|
| +using content::BrowserThread;
|
| +
|
| +namespace {
|
| +
|
| +void GotCertDBOnIOThread(
|
| + const base::Callback<void(net::NSSCertDatabase*)>& callback,
|
| + net::NSSCertDatabase* cert_db) {
|
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
|
| +
|
| + BrowserThread::PostTask(
|
| + BrowserThread::UI, FROM_HERE, base::Bind(callback, cert_db));
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +CertificateManagerModel::CertificateManagerModel(
|
| + content::BrowserContext* browser_context,
|
| + Observer* observer)
|
| + : observer_(observer),
|
| + weak_ptr_factory_(this) {
|
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| + VLOG(1) << "Getting cert_db for profile...";
|
| + BrowserThread::PostTask(
|
| + BrowserThread::IO,
|
| + FROM_HERE,
|
| + base::Bind(&content::GetNSSCertDatabaseForResourceContext,
|
| + browser_context->GetResourceContext(),
|
| + base::Bind(GotCertDBOnIOThread,
|
| + base::Bind(&CertificateManagerModel::GotCertDB,
|
| + weak_ptr_factory_.GetWeakPtr()))));
|
| }
|
|
|
| CertificateManagerModel::~CertificateManagerModel() {
|
| }
|
|
|
| void CertificateManagerModel::Refresh() {
|
| + // XXX should the rest of the NSS stuff also be on IO thread? or a worker
|
| + // thread?
|
| VLOG(1) << "refresh started";
|
| net::CryptoModuleList modules;
|
| cert_db_->ListModules(&modules, false);
|
| @@ -43,6 +76,14 @@ void CertificateManagerModel::Refresh() {
|
| base::Unretained(this)));
|
| }
|
|
|
| +void CertificateManagerModel::GotCertDB(net::NSSCertDatabase* cert_db) {
|
| + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| + DCHECK(cert_db);
|
| + VLOG(1) << "Got cert_db";
|
| + cert_db_ = cert_db;
|
| + observer_->CertificateManagerModelReady();
|
| +}
|
| +
|
| void CertificateManagerModel::RefreshSlotsUnlocked() {
|
| VLOG(1) << "refresh listing certs...";
|
| cert_db_->ListCerts(&cert_list_);
|
| @@ -157,9 +198,12 @@ bool CertificateManagerModel::Delete(net::X509Certificate* cert) {
|
| bool CertificateManagerModel::IsHardwareBacked(
|
| const net::X509Certificate* cert) const {
|
| #if defined(OS_CHROMEOS)
|
| - return crypto::IsTPMTokenReady() &&
|
| - cert->os_cert_handle()->slot ==
|
| - cert_db_->GetPrivateModule()->os_module_handle();
|
| + // XXX should we actually do the opposite check and make sure the cert doesn't
|
| + // exist in any non-tpm slots?
|
| + return crypto::IsTPMTokenEnabledForNSS() &&
|
| + PK11_FindCertInSlot(cert_db_->GetPrivateModule()->os_module_handle(),
|
| + cert->os_cert_handle(),
|
| + NULL) != CK_INVALID_HANDLE;
|
| #else
|
| return false;
|
| #endif
|
|
|
Chromium Code Reviews
Issue 18121007:
*WIP* Store NSS slots per profile. Move keygen to chrome. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src