Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(699)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/nss_cert_database.cc

Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: certdb: handle GetCertTrust and IsUntrusted, failed attempt to handle SetCertTrust Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/nss_cert_database.h ('k') | net/cert/nss_cert_database_chromeos.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/nss_cert_database.cc
diff --git a/net/cert/nss_cert_database.cc b/net/cert/nss_cert_database.cc
index f1262dc8d2db932014a61db4bbd9439465bb9ac2..3b558cbd211d8a2dcc767776e4c9c71a8dbba211 100644
--- a/net/cert/nss_cert_database.cc
+++ b/net/cert/nss_cert_database.cc
@@ -42,15 +42,21 @@ NSSCertDatabase::ImportCertFailure::ImportCertFailure(
NSSCertDatabase::ImportCertFailure::~ImportCertFailure() {}
+// On ChromeOS we want to return the default instance of
+// NSSCertDatabaseChromeOS, not NSSCertDatabase.
+#if !defined(OS_CHROMEOS)
// static
NSSCertDatabase* NSSCertDatabase::GetInstance() {
return Singleton<NSSCertDatabase,
LeakySingletonTraits<NSSCertDatabase> >::get();
}
+#endif
NSSCertDatabase::NSSCertDatabase()
: observer_list_(new ObserverListThreadSafe<Observer>) {
- crypto::EnsureNSSInit();
+ // This also makes sure that NSS has been initialized.
+ CertDatabase::GetInstance()->AddSource(this);
+
psm::EnsurePKCS12Init();
}
@@ -71,25 +77,27 @@ void NSSCertDatabase::ListCerts(CertificateList* certs) {
}
CryptoModule* NSSCertDatabase::GetPublicModule() const {
- CryptoModule* module =
- CryptoModule::CreateFromHandle(crypto::GetPublicNSSKeySlot());
- // The module is already referenced when returned from
- // GetPublicNSSKeySlot, so we need to deref it once.
- PK11_FreeSlot(module->os_module_handle());
+ crypto::ScopedPK11Slot slot(GetPublicSlot());
+ CryptoModule* module = CryptoModule::CreateFromHandle(slot.get());
return module;
}
CryptoModule* NSSCertDatabase::GetPrivateModule() const {
- CryptoModule* module =
- CryptoModule::CreateFromHandle(crypto::GetPrivateNSSKeySlot());
- // The module is already referenced when returned from
- // GetPrivateNSSKeySlot, so we need to deref it once.
- PK11_FreeSlot(module->os_module_handle());
+ crypto::ScopedPK11Slot slot(GetPrivateSlot());
+ CryptoModule* module = CryptoModule::CreateFromHandle(slot.get());
return module;
}
+crypto::ScopedPK11Slot NSSCertDatabase::GetPublicSlot() const {
+ return crypto::ScopedPK11Slot(crypto::GetPublicNSSKeySlot());
+}
+
+crypto::ScopedPK11Slot NSSCertDatabase::GetPrivateSlot() const {
+ return crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot());
+}
+
void NSSCertDatabase::ListModules(CryptoModuleList* modules,
bool need_rw) const {
modules->clear();
@@ -119,6 +127,9 @@ int NSSCertDatabase::ImportFromPKCS12(
const base::string16& password,
bool is_extractable,
net::CertificateList* imported_certs) {
+ VLOG(1) << __func__ << " "
+ << PK11_GetModuleID(module->os_module_handle()) << ":"
+ << PK11_GetSlotID(module->os_module_handle());
int result = psm::nsPKCS12Blob_Import(module->os_module_handle(),
data.data(), data.size(),
password,
@@ -164,8 +175,12 @@ bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates,
TrustBits trust_bits,
ImportCertFailureList* not_imported) {
X509Certificate* root = FindRootInList(certificates);
- bool success = psm::ImportCACerts(certificates, root, trust_bits,
- not_imported);
+ bool success = psm::ImportCACerts(
+ GetPublicSlot(),
+ certificates,
+ root,
+ trust_bits,
+ not_imported);
if (success)
NotifyObserversOfCertTrustChanged(NULL);
@@ -175,7 +190,11 @@ bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates,
bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates,
TrustBits trust_bits,
ImportCertFailureList* not_imported) {
- return psm::ImportServerCert(certificates, trust_bits, not_imported);
+ return psm::ImportServerCert(
+ GetPublicSlot(),
+ certificates,
+ trust_bits,
+ not_imported);
}
NSSCertDatabase::TrustBits NSSCertDatabase::GetCertTrust(
« no previous file with comments | « net/cert/nss_cert_database.h ('k') | net/cert/nss_cert_database_chromeos.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698