OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | |
6 | |
7 #include <cert.h> | 5 #include <cert.h> |
8 #include <cryptohi.h> | 6 #include <cryptohi.h> |
9 #include <keyhi.h> | 7 #include <keyhi.h> |
10 #include <secder.h> | 8 #include <secder.h> |
11 #include <stddef.h> | 9 #include <stddef.h> |
12 #include <stdint.h> | 10 #include <stdint.h> |
| 11 |
13 #include <utility> | 12 #include <utility> |
14 | 13 |
15 #include "base/bind.h" | 14 #include "base/bind.h" |
16 #include "base/bind_helpers.h" | 15 #include "base/bind_helpers.h" |
17 #include "base/callback.h" | 16 #include "base/callback.h" |
18 #include "base/compiler_specific.h" | 17 #include "base/compiler_specific.h" |
19 #include "base/location.h" | 18 #include "base/location.h" |
20 #include "base/logging.h" | 19 #include "base/logging.h" |
21 #include "base/macros.h" | 20 #include "base/macros.h" |
| 21 #include "base/memory/ptr_util.h" |
22 #include "base/single_thread_task_runner.h" | 22 #include "base/single_thread_task_runner.h" |
23 #include "base/thread_task_runner_handle.h" | 23 #include "base/thread_task_runner_handle.h" |
24 #include "base/threading/worker_pool.h" | 24 #include "base/threading/worker_pool.h" |
25 #include "chrome/browser/browser_process.h" | 25 #include "chrome/browser/browser_process.h" |
26 #include "chrome/browser/browser_process_platform_part_chromeos.h" | 26 #include "chrome/browser/browser_process_platform_part_chromeos.h" |
27 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | 27 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
28 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h" | 28 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h" |
29 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 29 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
| 30 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
30 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 31 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
31 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_plat
form_keys_api.h" | 32 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_plat
form_keys_api.h" |
32 #include "chrome/browser/net/nss_context.h" | 33 #include "chrome/browser/net/nss_context.h" |
33 #include "chrome/browser/profiles/profile.h" | 34 #include "chrome/browser/profiles/profile.h" |
34 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 35 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
35 #include "content/public/browser/browser_context.h" | 36 #include "content/public/browser/browser_context.h" |
36 #include "content/public/browser/browser_thread.h" | 37 #include "content/public/browser/browser_thread.h" |
37 #include "crypto/nss_key_util.h" | 38 #include "crypto/nss_key_util.h" |
38 #include "crypto/scoped_nss_types.h" | 39 #include "crypto/scoped_nss_types.h" |
39 #include "net/base/crypto_module.h" | 40 #include "net/base/crypto_module.h" |
(...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
220 public: | 221 public: |
221 explicit SelectCertificatesState( | 222 explicit SelectCertificatesState( |
222 const std::string& username_hash, | 223 const std::string& username_hash, |
223 const bool use_system_key_slot, | 224 const bool use_system_key_slot, |
224 const scoped_refptr<net::SSLCertRequestInfo>& request, | 225 const scoped_refptr<net::SSLCertRequestInfo>& request, |
225 const subtle::SelectCertificatesCallback& callback); | 226 const subtle::SelectCertificatesCallback& callback); |
226 ~SelectCertificatesState() override {} | 227 ~SelectCertificatesState() override {} |
227 | 228 |
228 void OnError(const tracked_objects::Location& from, | 229 void OnError(const tracked_objects::Location& from, |
229 const std::string& error_message) override { | 230 const std::string& error_message) override { |
230 CallBack(from, scoped_ptr<net::CertificateList>() /* no matches */, | 231 CallBack(from, std::unique_ptr<net::CertificateList>() /* no matches */, |
231 error_message); | 232 error_message); |
232 } | 233 } |
233 | 234 |
234 void CallBack(const tracked_objects::Location& from, | 235 void CallBack(const tracked_objects::Location& from, |
235 scoped_ptr<net::CertificateList> matches, | 236 std::unique_ptr<net::CertificateList> matches, |
236 const std::string& error_message) { | 237 const std::string& error_message) { |
237 origin_task_runner_->PostTask( | 238 origin_task_runner_->PostTask( |
238 from, base::Bind(callback_, base::Passed(&matches), error_message)); | 239 from, base::Bind(callback_, base::Passed(&matches), error_message)); |
239 } | 240 } |
240 | 241 |
241 const std::string username_hash_; | 242 const std::string username_hash_; |
242 const bool use_system_key_slot_; | 243 const bool use_system_key_slot_; |
243 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; | 244 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; |
244 scoped_ptr<net::ClientCertStore> cert_store_; | 245 std::unique_ptr<net::ClientCertStore> cert_store_; |
245 scoped_ptr<net::CertificateList> certs_; | 246 std::unique_ptr<net::CertificateList> certs_; |
246 | 247 |
247 private: | 248 private: |
248 // Must be called on origin thread, therefore use CallBack(). | 249 // Must be called on origin thread, therefore use CallBack(). |
249 subtle::SelectCertificatesCallback callback_; | 250 subtle::SelectCertificatesCallback callback_; |
250 }; | 251 }; |
251 | 252 |
252 class GetCertificatesState : public NSSOperationState { | 253 class GetCertificatesState : public NSSOperationState { |
253 public: | 254 public: |
254 explicit GetCertificatesState(const GetCertificatesCallback& callback); | 255 explicit GetCertificatesState(const GetCertificatesCallback& callback); |
255 ~GetCertificatesState() override {} | 256 ~GetCertificatesState() override {} |
256 | 257 |
257 void OnError(const tracked_objects::Location& from, | 258 void OnError(const tracked_objects::Location& from, |
258 const std::string& error_message) override { | 259 const std::string& error_message) override { |
259 CallBack(from, | 260 CallBack(from, |
260 scoped_ptr<net::CertificateList>() /* no certificates */, | 261 std::unique_ptr<net::CertificateList>() /* no certificates */, |
261 error_message); | 262 error_message); |
262 } | 263 } |
263 | 264 |
264 void CallBack(const tracked_objects::Location& from, | 265 void CallBack(const tracked_objects::Location& from, |
265 scoped_ptr<net::CertificateList> certs, | 266 std::unique_ptr<net::CertificateList> certs, |
266 const std::string& error_message) { | 267 const std::string& error_message) { |
267 origin_task_runner_->PostTask( | 268 origin_task_runner_->PostTask( |
268 from, base::Bind(callback_, base::Passed(&certs), error_message)); | 269 from, base::Bind(callback_, base::Passed(&certs), error_message)); |
269 } | 270 } |
270 | 271 |
271 scoped_ptr<net::CertificateList> certs_; | 272 std::unique_ptr<net::CertificateList> certs_; |
272 | 273 |
273 private: | 274 private: |
274 // Must be called on origin thread, therefore use CallBack(). | 275 // Must be called on origin thread, therefore use CallBack(). |
275 GetCertificatesCallback callback_; | 276 GetCertificatesCallback callback_; |
276 }; | 277 }; |
277 | 278 |
278 class ImportCertificateState : public NSSOperationState { | 279 class ImportCertificateState : public NSSOperationState { |
279 public: | 280 public: |
280 ImportCertificateState(const scoped_refptr<net::X509Certificate>& certificate, | 281 ImportCertificateState(const scoped_refptr<net::X509Certificate>& certificate, |
281 const ImportCertificateCallback& callback); | 282 const ImportCertificateCallback& callback); |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
322 }; | 323 }; |
323 | 324 |
324 class GetTokensState : public NSSOperationState { | 325 class GetTokensState : public NSSOperationState { |
325 public: | 326 public: |
326 explicit GetTokensState(const GetTokensCallback& callback); | 327 explicit GetTokensState(const GetTokensCallback& callback); |
327 ~GetTokensState() override {} | 328 ~GetTokensState() override {} |
328 | 329 |
329 void OnError(const tracked_objects::Location& from, | 330 void OnError(const tracked_objects::Location& from, |
330 const std::string& error_message) override { | 331 const std::string& error_message) override { |
331 CallBack(from, | 332 CallBack(from, |
332 scoped_ptr<std::vector<std::string> >() /* no token ids */, | 333 std::unique_ptr<std::vector<std::string>>() /* no token ids */, |
333 error_message); | 334 error_message); |
334 } | 335 } |
335 | 336 |
336 void CallBack(const tracked_objects::Location& from, | 337 void CallBack(const tracked_objects::Location& from, |
337 scoped_ptr<std::vector<std::string> > token_ids, | 338 std::unique_ptr<std::vector<std::string>> token_ids, |
338 const std::string& error_message) { | 339 const std::string& error_message) { |
339 origin_task_runner_->PostTask( | 340 origin_task_runner_->PostTask( |
340 from, base::Bind(callback_, base::Passed(&token_ids), error_message)); | 341 from, base::Bind(callback_, base::Passed(&token_ids), error_message)); |
341 } | 342 } |
342 | 343 |
343 private: | 344 private: |
344 // Must be called on origin thread, therefore use CallBack(). | 345 // Must be called on origin thread, therefore use CallBack(). |
345 GetTokensCallback callback_; | 346 GetTokensCallback callback_; |
346 }; | 347 }; |
347 | 348 |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
394 const RemoveCertificateCallback& callback) | 395 const RemoveCertificateCallback& callback) |
395 : certificate_(certificate), callback_(callback) { | 396 : certificate_(certificate), callback_(callback) { |
396 } | 397 } |
397 | 398 |
398 GetTokensState::GetTokensState(const GetTokensCallback& callback) | 399 GetTokensState::GetTokensState(const GetTokensCallback& callback) |
399 : callback_(callback) { | 400 : callback_(callback) { |
400 } | 401 } |
401 | 402 |
402 // Does the actual key generation on a worker thread. Used by | 403 // Does the actual key generation on a worker thread. Used by |
403 // GenerateRSAKeyWithDB(). | 404 // GenerateRSAKeyWithDB(). |
404 void GenerateRSAKeyOnWorkerThread(scoped_ptr<GenerateRSAKeyState> state) { | 405 void GenerateRSAKeyOnWorkerThread(std::unique_ptr<GenerateRSAKeyState> state) { |
405 if (!state->slot_) { | 406 if (!state->slot_) { |
406 LOG(ERROR) << "No slot."; | 407 LOG(ERROR) << "No slot."; |
407 state->OnError(FROM_HERE, kErrorInternal); | 408 state->OnError(FROM_HERE, kErrorInternal); |
408 return; | 409 return; |
409 } | 410 } |
410 | 411 |
411 crypto::ScopedSECKEYPublicKey public_key; | 412 crypto::ScopedSECKEYPublicKey public_key; |
412 crypto::ScopedSECKEYPrivateKey private_key; | 413 crypto::ScopedSECKEYPrivateKey private_key; |
413 if (!crypto::GenerateRSAKeyPairNSS( | 414 if (!crypto::GenerateRSAKeyPairNSS( |
414 state->slot_.get(), state->modulus_length_bits_, true /* permanent */, | 415 state->slot_.get(), state->modulus_length_bits_, true /* permanent */, |
(...skipping 13 matching lines...) Expand all Loading... |
428 } | 429 } |
429 state->CallBack( | 430 state->CallBack( |
430 FROM_HERE, | 431 FROM_HERE, |
431 std::string(reinterpret_cast<const char*>(public_key_der->data), | 432 std::string(reinterpret_cast<const char*>(public_key_der->data), |
432 public_key_der->len), | 433 public_key_der->len), |
433 std::string() /* no error */); | 434 std::string() /* no error */); |
434 } | 435 } |
435 | 436 |
436 // Continues generating a RSA key with the obtained NSSCertDatabase. Used by | 437 // Continues generating a RSA key with the obtained NSSCertDatabase. Used by |
437 // GenerateRSAKey(). | 438 // GenerateRSAKey(). |
438 void GenerateRSAKeyWithDB(scoped_ptr<GenerateRSAKeyState> state, | 439 void GenerateRSAKeyWithDB(std::unique_ptr<GenerateRSAKeyState> state, |
439 net::NSSCertDatabase* cert_db) { | 440 net::NSSCertDatabase* cert_db) { |
440 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 441 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
441 // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|. | 442 // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|. |
442 base::WorkerPool::PostTask( | 443 base::WorkerPool::PostTask( |
443 FROM_HERE, | 444 FROM_HERE, |
444 base::Bind(&GenerateRSAKeyOnWorkerThread, base::Passed(&state)), | 445 base::Bind(&GenerateRSAKeyOnWorkerThread, base::Passed(&state)), |
445 true /*task is slow*/); | 446 true /*task is slow*/); |
446 } | 447 } |
447 | 448 |
448 // Does the actual signing on a worker thread. Used by SignRSAWithDB(). | 449 // Does the actual signing on a worker thread. Used by SignRSAWithDB(). |
449 void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) { | 450 void SignRSAOnWorkerThread(std::unique_ptr<SignRSAState> state) { |
450 const uint8_t* public_key_uint8 = | 451 const uint8_t* public_key_uint8 = |
451 reinterpret_cast<const uint8_t*>(state->public_key_.data()); | 452 reinterpret_cast<const uint8_t*>(state->public_key_.data()); |
452 std::vector<uint8_t> public_key_vector( | 453 std::vector<uint8_t> public_key_vector( |
453 public_key_uint8, public_key_uint8 + state->public_key_.size()); | 454 public_key_uint8, public_key_uint8 + state->public_key_.size()); |
454 | 455 |
455 crypto::ScopedSECKEYPrivateKey rsa_key; | 456 crypto::ScopedSECKEYPrivateKey rsa_key; |
456 if (state->slot_) { | 457 if (state->slot_) { |
457 rsa_key = crypto::FindNSSKeyFromPublicKeyInfoInSlot(public_key_vector, | 458 rsa_key = crypto::FindNSSKeyFromPublicKeyInfoInSlot(public_key_vector, |
458 state->slot_.get()); | 459 state->slot_.get()); |
459 } else { | 460 } else { |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
520 if (signature_str.empty()) { | 521 if (signature_str.empty()) { |
521 LOG(ERROR) << "Couldn't sign."; | 522 LOG(ERROR) << "Couldn't sign."; |
522 state->OnError(FROM_HERE, kErrorInternal); | 523 state->OnError(FROM_HERE, kErrorInternal); |
523 return; | 524 return; |
524 } | 525 } |
525 | 526 |
526 state->CallBack(FROM_HERE, signature_str, std::string() /* no error */); | 527 state->CallBack(FROM_HERE, signature_str, std::string() /* no error */); |
527 } | 528 } |
528 | 529 |
529 // Continues signing with the obtained NSSCertDatabase. Used by Sign(). | 530 // Continues signing with the obtained NSSCertDatabase. Used by Sign(). |
530 void SignRSAWithDB(scoped_ptr<SignRSAState> state, | 531 void SignRSAWithDB(std::unique_ptr<SignRSAState> state, |
531 net::NSSCertDatabase* cert_db) { | 532 net::NSSCertDatabase* cert_db) { |
532 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 533 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
533 // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|. | 534 // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|. |
534 base::WorkerPool::PostTask( | 535 base::WorkerPool::PostTask( |
535 FROM_HERE, base::Bind(&SignRSAOnWorkerThread, base::Passed(&state)), | 536 FROM_HERE, base::Bind(&SignRSAOnWorkerThread, base::Passed(&state)), |
536 true /*task is slow*/); | 537 true /*task is slow*/); |
537 } | 538 } |
538 | 539 |
539 // Called when ClientCertStoreChromeOS::GetClientCerts is done. Builds the list | 540 // Called when ClientCertStoreChromeOS::GetClientCerts is done. Builds the list |
540 // of net::CertificateList and calls back. Used by | 541 // of net::CertificateList and calls back. Used by |
541 // SelectCertificatesOnIOThread(). | 542 // SelectCertificatesOnIOThread(). |
542 void DidSelectCertificatesOnIOThread( | 543 void DidSelectCertificatesOnIOThread( |
543 scoped_ptr<SelectCertificatesState> state) { | 544 std::unique_ptr<SelectCertificatesState> state) { |
544 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 545 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
545 state->CallBack(FROM_HERE, std::move(state->certs_), | 546 state->CallBack(FROM_HERE, std::move(state->certs_), |
546 std::string() /* no error */); | 547 std::string() /* no error */); |
547 } | 548 } |
548 | 549 |
549 // Continues selecting certificates on the IO thread. Used by | 550 // Continues selecting certificates on the IO thread. Used by |
550 // SelectClientCertificates(). | 551 // SelectClientCertificates(). |
551 void SelectCertificatesOnIOThread(scoped_ptr<SelectCertificatesState> state) { | 552 void SelectCertificatesOnIOThread( |
| 553 std::unique_ptr<SelectCertificatesState> state) { |
552 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 554 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
553 state->cert_store_.reset(new ClientCertStoreChromeOS( | 555 state->cert_store_.reset(new ClientCertStoreChromeOS( |
554 nullptr, // no additional provider | 556 nullptr, // no additional provider |
555 make_scoped_ptr(new ClientCertFilterChromeOS(state->use_system_key_slot_, | 557 base::WrapUnique(new ClientCertFilterChromeOS(state->use_system_key_slot_, |
556 state->username_hash_)), | 558 state->username_hash_)), |
557 ClientCertStoreChromeOS::PasswordDelegateFactory())); | 559 ClientCertStoreChromeOS::PasswordDelegateFactory())); |
558 | 560 |
559 state->certs_.reset(new net::CertificateList); | 561 state->certs_.reset(new net::CertificateList); |
560 | 562 |
561 SelectCertificatesState* state_ptr = state.get(); | 563 SelectCertificatesState* state_ptr = state.get(); |
562 state_ptr->cert_store_->GetClientCerts( | 564 state_ptr->cert_store_->GetClientCerts( |
563 *state_ptr->cert_request_info_, state_ptr->certs_.get(), | 565 *state_ptr->cert_request_info_, state_ptr->certs_.get(), |
564 base::Bind(&DidSelectCertificatesOnIOThread, base::Passed(&state))); | 566 base::Bind(&DidSelectCertificatesOnIOThread, base::Passed(&state))); |
565 } | 567 } |
566 | 568 |
567 // Filters the obtained certificates on a worker thread. Used by | 569 // Filters the obtained certificates on a worker thread. Used by |
568 // DidGetCertificates(). | 570 // DidGetCertificates(). |
569 void FilterCertificatesOnWorkerThread(scoped_ptr<GetCertificatesState> state) { | 571 void FilterCertificatesOnWorkerThread( |
570 scoped_ptr<net::CertificateList> client_certs(new net::CertificateList); | 572 std::unique_ptr<GetCertificatesState> state) { |
| 573 std::unique_ptr<net::CertificateList> client_certs(new net::CertificateList); |
571 for (net::CertificateList::const_iterator it = state->certs_->begin(); | 574 for (net::CertificateList::const_iterator it = state->certs_->begin(); |
572 it != state->certs_->end(); | 575 it != state->certs_->end(); |
573 ++it) { | 576 ++it) { |
574 net::X509Certificate::OSCertHandle cert_handle = (*it)->os_cert_handle(); | 577 net::X509Certificate::OSCertHandle cert_handle = (*it)->os_cert_handle(); |
575 crypto::ScopedPK11Slot cert_slot(PK11_KeyForCertExists(cert_handle, | 578 crypto::ScopedPK11Slot cert_slot(PK11_KeyForCertExists(cert_handle, |
576 NULL, // keyPtr | 579 NULL, // keyPtr |
577 NULL)); // wincx | 580 NULL)); // wincx |
578 | 581 |
579 // Keep only user certificates, i.e. certs for which the private key is | 582 // Keep only user certificates, i.e. certs for which the private key is |
580 // present and stored in the queried slot. | 583 // present and stored in the queried slot. |
581 if (cert_slot != state->slot_) | 584 if (cert_slot != state->slot_) |
582 continue; | 585 continue; |
583 | 586 |
584 client_certs->push_back(*it); | 587 client_certs->push_back(*it); |
585 } | 588 } |
586 | 589 |
587 state->CallBack(FROM_HERE, std::move(client_certs), | 590 state->CallBack(FROM_HERE, std::move(client_certs), |
588 std::string() /* no error */); | 591 std::string() /* no error */); |
589 } | 592 } |
590 | 593 |
591 // Passes the obtained certificates to the worker thread for filtering. Used by | 594 // Passes the obtained certificates to the worker thread for filtering. Used by |
592 // GetCertificatesWithDB(). | 595 // GetCertificatesWithDB(). |
593 void DidGetCertificates(scoped_ptr<GetCertificatesState> state, | 596 void DidGetCertificates(std::unique_ptr<GetCertificatesState> state, |
594 scoped_ptr<net::CertificateList> all_certs) { | 597 std::unique_ptr<net::CertificateList> all_certs) { |
595 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 598 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
596 state->certs_ = std::move(all_certs); | 599 state->certs_ = std::move(all_certs); |
597 base::WorkerPool::PostTask( | 600 base::WorkerPool::PostTask( |
598 FROM_HERE, | 601 FROM_HERE, |
599 base::Bind(&FilterCertificatesOnWorkerThread, base::Passed(&state)), | 602 base::Bind(&FilterCertificatesOnWorkerThread, base::Passed(&state)), |
600 true /*task is slow*/); | 603 true /*task is slow*/); |
601 } | 604 } |
602 | 605 |
603 // Continues getting certificates with the obtained NSSCertDatabase. Used by | 606 // Continues getting certificates with the obtained NSSCertDatabase. Used by |
604 // GetCertificates(). | 607 // GetCertificates(). |
605 void GetCertificatesWithDB(scoped_ptr<GetCertificatesState> state, | 608 void GetCertificatesWithDB(std::unique_ptr<GetCertificatesState> state, |
606 net::NSSCertDatabase* cert_db) { | 609 net::NSSCertDatabase* cert_db) { |
607 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 610 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
608 // Get the pointer to slot before base::Passed releases |state|. | 611 // Get the pointer to slot before base::Passed releases |state|. |
609 PK11SlotInfo* slot = state->slot_.get(); | 612 PK11SlotInfo* slot = state->slot_.get(); |
610 cert_db->ListCertsInSlot( | 613 cert_db->ListCertsInSlot( |
611 base::Bind(&DidGetCertificates, base::Passed(&state)), slot); | 614 base::Bind(&DidGetCertificates, base::Passed(&state)), slot); |
612 } | 615 } |
613 | 616 |
614 // Does the actual certificate importing on the IO thread. Used by | 617 // Does the actual certificate importing on the IO thread. Used by |
615 // ImportCertificate(). | 618 // ImportCertificate(). |
616 void ImportCertificateWithDB(scoped_ptr<ImportCertificateState> state, | 619 void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state, |
617 net::NSSCertDatabase* cert_db) { | 620 net::NSSCertDatabase* cert_db) { |
618 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 621 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
619 // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to | 622 // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to |
620 // the correct token. | 623 // the correct token. |
621 // |cert_db| is not required, ignore it. | 624 // |cert_db| is not required, ignore it. |
622 net::CertDatabase* db = net::CertDatabase::GetInstance(); | 625 net::CertDatabase* db = net::CertDatabase::GetInstance(); |
623 | 626 |
624 const net::Error cert_status = | 627 const net::Error cert_status = |
625 static_cast<net::Error>(db->CheckUserCert(state->certificate_.get())); | 628 static_cast<net::Error>(db->CheckUserCert(state->certificate_.get())); |
626 if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) { | 629 if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) { |
(...skipping 17 matching lines...) Expand all Loading... |
644 if (import_status != net::OK) { | 647 if (import_status != net::OK) { |
645 LOG(ERROR) << "Could not import certificate."; | 648 LOG(ERROR) << "Could not import certificate."; |
646 state->OnError(FROM_HERE, net::ErrorToString(import_status)); | 649 state->OnError(FROM_HERE, net::ErrorToString(import_status)); |
647 return; | 650 return; |
648 } | 651 } |
649 | 652 |
650 state->CallBack(FROM_HERE, std::string() /* no error */); | 653 state->CallBack(FROM_HERE, std::string() /* no error */); |
651 } | 654 } |
652 | 655 |
653 // Called on IO thread after the certificate removal is finished. | 656 // Called on IO thread after the certificate removal is finished. |
654 void DidRemoveCertificate(scoped_ptr<RemoveCertificateState> state, | 657 void DidRemoveCertificate(std::unique_ptr<RemoveCertificateState> state, |
655 bool certificate_found, | 658 bool certificate_found, |
656 bool success) { | 659 bool success) { |
657 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 660 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
658 // CertificateNotFound error has precedence over an internal error. | 661 // CertificateNotFound error has precedence over an internal error. |
659 if (!certificate_found) { | 662 if (!certificate_found) { |
660 state->OnError(FROM_HERE, kErrorCertificateNotFound); | 663 state->OnError(FROM_HERE, kErrorCertificateNotFound); |
661 return; | 664 return; |
662 } | 665 } |
663 if (!success) { | 666 if (!success) { |
664 state->OnError(FROM_HERE, kErrorInternal); | 667 state->OnError(FROM_HERE, kErrorInternal); |
665 return; | 668 return; |
666 } | 669 } |
667 | 670 |
668 state->CallBack(FROM_HERE, std::string() /* no error */); | 671 state->CallBack(FROM_HERE, std::string() /* no error */); |
669 } | 672 } |
670 | 673 |
671 // Does the actual certificate removal on the IO thread. Used by | 674 // Does the actual certificate removal on the IO thread. Used by |
672 // RemoveCertificate(). | 675 // RemoveCertificate(). |
673 void RemoveCertificateWithDB(scoped_ptr<RemoveCertificateState> state, | 676 void RemoveCertificateWithDB(std::unique_ptr<RemoveCertificateState> state, |
674 net::NSSCertDatabase* cert_db) { | 677 net::NSSCertDatabase* cert_db) { |
675 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 678 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
676 // Get the pointer before base::Passed clears |state|. | 679 // Get the pointer before base::Passed clears |state|. |
677 scoped_refptr<net::X509Certificate> certificate = state->certificate_; | 680 scoped_refptr<net::X509Certificate> certificate = state->certificate_; |
678 bool certificate_found = certificate->os_cert_handle()->isperm; | 681 bool certificate_found = certificate->os_cert_handle()->isperm; |
679 cert_db->DeleteCertAndKeyAsync( | 682 cert_db->DeleteCertAndKeyAsync( |
680 certificate, | 683 certificate, |
681 base::Bind( | 684 base::Bind( |
682 &DidRemoveCertificate, base::Passed(&state), certificate_found)); | 685 &DidRemoveCertificate, base::Passed(&state), certificate_found)); |
683 } | 686 } |
684 | 687 |
685 // Does the actual work to determine which tokens are available. | 688 // Does the actual work to determine which tokens are available. |
686 void GetTokensWithDB(scoped_ptr<GetTokensState> state, | 689 void GetTokensWithDB(std::unique_ptr<GetTokensState> state, |
687 net::NSSCertDatabase* cert_db) { | 690 net::NSSCertDatabase* cert_db) { |
688 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 691 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
689 scoped_ptr<std::vector<std::string> > token_ids(new std::vector<std::string>); | 692 std::unique_ptr<std::vector<std::string>> token_ids( |
| 693 new std::vector<std::string>); |
690 | 694 |
691 // The user's token is always available. | 695 // The user's token is always available. |
692 token_ids->push_back(kTokenIdUser); | 696 token_ids->push_back(kTokenIdUser); |
693 if (cert_db->GetSystemSlot()) | 697 if (cert_db->GetSystemSlot()) |
694 token_ids->push_back(kTokenIdSystem); | 698 token_ids->push_back(kTokenIdSystem); |
695 | 699 |
696 state->CallBack(FROM_HERE, std::move(token_ids), | 700 state->CallBack(FROM_HERE, std::move(token_ids), |
697 std::string() /* no error */); | 701 std::string() /* no error */); |
698 } | 702 } |
699 | 703 |
700 } // namespace | 704 } // namespace |
701 | 705 |
702 namespace subtle { | 706 namespace subtle { |
703 | 707 |
704 void GenerateRSAKey(const std::string& token_id, | 708 void GenerateRSAKey(const std::string& token_id, |
705 unsigned int modulus_length_bits, | 709 unsigned int modulus_length_bits, |
706 const GenerateKeyCallback& callback, | 710 const GenerateKeyCallback& callback, |
707 BrowserContext* browser_context) { | 711 BrowserContext* browser_context) { |
708 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 712 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
709 scoped_ptr<GenerateRSAKeyState> state( | 713 std::unique_ptr<GenerateRSAKeyState> state( |
710 new GenerateRSAKeyState(modulus_length_bits, callback)); | 714 new GenerateRSAKeyState(modulus_length_bits, callback)); |
711 | 715 |
712 if (modulus_length_bits > kMaxRSAModulusLengthBits) { | 716 if (modulus_length_bits > kMaxRSAModulusLengthBits) { |
713 state->OnError(FROM_HERE, kErrorAlgorithmNotSupported); | 717 state->OnError(FROM_HERE, kErrorAlgorithmNotSupported); |
714 return; | 718 return; |
715 } | 719 } |
716 | 720 |
717 // Get the pointer to |state| before base::Passed releases |state|. | 721 // Get the pointer to |state| before base::Passed releases |state|. |
718 NSSOperationState* state_ptr = state.get(); | 722 NSSOperationState* state_ptr = state.get(); |
719 GetCertDatabase(token_id, | 723 GetCertDatabase(token_id, |
720 base::Bind(&GenerateRSAKeyWithDB, base::Passed(&state)), | 724 base::Bind(&GenerateRSAKeyWithDB, base::Passed(&state)), |
721 browser_context, | 725 browser_context, |
722 state_ptr); | 726 state_ptr); |
723 } | 727 } |
724 | 728 |
725 void SignRSAPKCS1Digest(const std::string& token_id, | 729 void SignRSAPKCS1Digest(const std::string& token_id, |
726 const std::string& data, | 730 const std::string& data, |
727 const std::string& public_key, | 731 const std::string& public_key, |
728 HashAlgorithm hash_algorithm, | 732 HashAlgorithm hash_algorithm, |
729 const SignCallback& callback, | 733 const SignCallback& callback, |
730 content::BrowserContext* browser_context) { | 734 content::BrowserContext* browser_context) { |
731 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 735 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
732 scoped_ptr<SignRSAState> state( | 736 std::unique_ptr<SignRSAState> state( |
733 new SignRSAState(data, public_key, false /* digest before signing */, | 737 new SignRSAState(data, public_key, false /* digest before signing */, |
734 hash_algorithm, callback)); | 738 hash_algorithm, callback)); |
735 // Get the pointer to |state| before base::Passed releases |state|. | 739 // Get the pointer to |state| before base::Passed releases |state|. |
736 NSSOperationState* state_ptr = state.get(); | 740 NSSOperationState* state_ptr = state.get(); |
737 | 741 |
738 // The NSSCertDatabase object is not required. But in case it's not available | 742 // The NSSCertDatabase object is not required. But in case it's not available |
739 // we would get more informative error messages and we can double check that | 743 // we would get more informative error messages and we can double check that |
740 // we use a key of the correct token. | 744 // we use a key of the correct token. |
741 GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)), | 745 GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)), |
742 browser_context, state_ptr); | 746 browser_context, state_ptr); |
743 } | 747 } |
744 | 748 |
745 void SignRSAPKCS1Raw(const std::string& token_id, | 749 void SignRSAPKCS1Raw(const std::string& token_id, |
746 const std::string& data, | 750 const std::string& data, |
747 const std::string& public_key, | 751 const std::string& public_key, |
748 const SignCallback& callback, | 752 const SignCallback& callback, |
749 content::BrowserContext* browser_context) { | 753 content::BrowserContext* browser_context) { |
750 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 754 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
751 scoped_ptr<SignRSAState> state(new SignRSAState( | 755 std::unique_ptr<SignRSAState> state(new SignRSAState( |
752 data, public_key, true /* sign directly without hashing */, | 756 data, public_key, true /* sign directly without hashing */, |
753 HASH_ALGORITHM_NONE, callback)); | 757 HASH_ALGORITHM_NONE, callback)); |
754 // Get the pointer to |state| before base::Passed releases |state|. | 758 // Get the pointer to |state| before base::Passed releases |state|. |
755 NSSOperationState* state_ptr = state.get(); | 759 NSSOperationState* state_ptr = state.get(); |
756 | 760 |
757 // The NSSCertDatabase object is not required. But in case it's not available | 761 // The NSSCertDatabase object is not required. But in case it's not available |
758 // we would get more informative error messages and we can double check that | 762 // we would get more informative error messages and we can double check that |
759 // we use a key of the correct token. | 763 // we use a key of the correct token. |
760 GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)), | 764 GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)), |
761 browser_context, state_ptr); | 765 browser_context, state_ptr); |
(...skipping 15 matching lines...) Expand all Loading... |
777 cert_request_info->cert_authorities = certificate_authorities; | 781 cert_request_info->cert_authorities = certificate_authorities; |
778 | 782 |
779 const user_manager::User* user = | 783 const user_manager::User* user = |
780 chromeos::ProfileHelper::Get()->GetUserByProfile( | 784 chromeos::ProfileHelper::Get()->GetUserByProfile( |
781 Profile::FromBrowserContext(browser_context)); | 785 Profile::FromBrowserContext(browser_context)); |
782 | 786 |
783 // Use the device-wide system key slot only if the user is affiliated on the | 787 // Use the device-wide system key slot only if the user is affiliated on the |
784 // device. | 788 // device. |
785 const bool use_system_key_slot = user->IsAffiliated(); | 789 const bool use_system_key_slot = user->IsAffiliated(); |
786 | 790 |
787 scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState( | 791 std::unique_ptr<SelectCertificatesState> state(new SelectCertificatesState( |
788 user->username_hash(), use_system_key_slot, cert_request_info, callback)); | 792 user->username_hash(), use_system_key_slot, cert_request_info, callback)); |
789 | 793 |
790 BrowserThread::PostTask( | 794 BrowserThread::PostTask( |
791 BrowserThread::IO, FROM_HERE, | 795 BrowserThread::IO, FROM_HERE, |
792 base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state))); | 796 base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state))); |
793 } | 797 } |
794 | 798 |
795 } // namespace subtle | 799 } // namespace subtle |
796 | 800 |
797 std::string GetSubjectPublicKeyInfo( | 801 std::string GetSubjectPublicKeyInfo( |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
832 | 836 |
833 *key_type = key_type_tmp; | 837 *key_type = key_type_tmp; |
834 *key_size_bits = key_size_bits_tmp; | 838 *key_size_bits = key_size_bits_tmp; |
835 return true; | 839 return true; |
836 } | 840 } |
837 | 841 |
838 void GetCertificates(const std::string& token_id, | 842 void GetCertificates(const std::string& token_id, |
839 const GetCertificatesCallback& callback, | 843 const GetCertificatesCallback& callback, |
840 BrowserContext* browser_context) { | 844 BrowserContext* browser_context) { |
841 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 845 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
842 scoped_ptr<GetCertificatesState> state(new GetCertificatesState(callback)); | 846 std::unique_ptr<GetCertificatesState> state( |
| 847 new GetCertificatesState(callback)); |
843 // Get the pointer to |state| before base::Passed releases |state|. | 848 // Get the pointer to |state| before base::Passed releases |state|. |
844 NSSOperationState* state_ptr = state.get(); | 849 NSSOperationState* state_ptr = state.get(); |
845 GetCertDatabase(token_id, | 850 GetCertDatabase(token_id, |
846 base::Bind(&GetCertificatesWithDB, base::Passed(&state)), | 851 base::Bind(&GetCertificatesWithDB, base::Passed(&state)), |
847 browser_context, | 852 browser_context, |
848 state_ptr); | 853 state_ptr); |
849 } | 854 } |
850 | 855 |
851 void ImportCertificate(const std::string& token_id, | 856 void ImportCertificate(const std::string& token_id, |
852 const scoped_refptr<net::X509Certificate>& certificate, | 857 const scoped_refptr<net::X509Certificate>& certificate, |
853 const ImportCertificateCallback& callback, | 858 const ImportCertificateCallback& callback, |
854 BrowserContext* browser_context) { | 859 BrowserContext* browser_context) { |
855 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 860 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
856 scoped_ptr<ImportCertificateState> state( | 861 std::unique_ptr<ImportCertificateState> state( |
857 new ImportCertificateState(certificate, callback)); | 862 new ImportCertificateState(certificate, callback)); |
858 // Get the pointer to |state| before base::Passed releases |state|. | 863 // Get the pointer to |state| before base::Passed releases |state|. |
859 NSSOperationState* state_ptr = state.get(); | 864 NSSOperationState* state_ptr = state.get(); |
860 | 865 |
861 // The NSSCertDatabase object is not required. But in case it's not available | 866 // The NSSCertDatabase object is not required. But in case it's not available |
862 // we would get more informative error messages and we can double check that | 867 // we would get more informative error messages and we can double check that |
863 // we use a key of the correct token. | 868 // we use a key of the correct token. |
864 GetCertDatabase(token_id, | 869 GetCertDatabase(token_id, |
865 base::Bind(&ImportCertificateWithDB, base::Passed(&state)), | 870 base::Bind(&ImportCertificateWithDB, base::Passed(&state)), |
866 browser_context, | 871 browser_context, |
867 state_ptr); | 872 state_ptr); |
868 } | 873 } |
869 | 874 |
870 void RemoveCertificate(const std::string& token_id, | 875 void RemoveCertificate(const std::string& token_id, |
871 const scoped_refptr<net::X509Certificate>& certificate, | 876 const scoped_refptr<net::X509Certificate>& certificate, |
872 const RemoveCertificateCallback& callback, | 877 const RemoveCertificateCallback& callback, |
873 BrowserContext* browser_context) { | 878 BrowserContext* browser_context) { |
874 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 879 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
875 scoped_ptr<RemoveCertificateState> state( | 880 std::unique_ptr<RemoveCertificateState> state( |
876 new RemoveCertificateState(certificate, callback)); | 881 new RemoveCertificateState(certificate, callback)); |
877 // Get the pointer to |state| before base::Passed releases |state|. | 882 // Get the pointer to |state| before base::Passed releases |state|. |
878 NSSOperationState* state_ptr = state.get(); | 883 NSSOperationState* state_ptr = state.get(); |
879 | 884 |
880 // The NSSCertDatabase object is not required. But in case it's not available | 885 // The NSSCertDatabase object is not required. But in case it's not available |
881 // we would get more informative error messages. | 886 // we would get more informative error messages. |
882 GetCertDatabase(token_id, | 887 GetCertDatabase(token_id, |
883 base::Bind(&RemoveCertificateWithDB, base::Passed(&state)), | 888 base::Bind(&RemoveCertificateWithDB, base::Passed(&state)), |
884 browser_context, | 889 browser_context, |
885 state_ptr); | 890 state_ptr); |
886 } | 891 } |
887 | 892 |
888 void GetTokens(const GetTokensCallback& callback, | 893 void GetTokens(const GetTokensCallback& callback, |
889 content::BrowserContext* browser_context) { | 894 content::BrowserContext* browser_context) { |
890 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 895 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
891 scoped_ptr<GetTokensState> state(new GetTokensState(callback)); | 896 std::unique_ptr<GetTokensState> state(new GetTokensState(callback)); |
892 // Get the pointer to |state| before base::Passed releases |state|. | 897 // Get the pointer to |state| before base::Passed releases |state|. |
893 NSSOperationState* state_ptr = state.get(); | 898 NSSOperationState* state_ptr = state.get(); |
894 GetCertDatabase(std::string() /* don't get any specific slot */, | 899 GetCertDatabase(std::string() /* don't get any specific slot */, |
895 base::Bind(&GetTokensWithDB, base::Passed(&state)), | 900 base::Bind(&GetTokensWithDB, base::Passed(&state)), |
896 browser_context, | 901 browser_context, |
897 state_ptr); | 902 state_ptr); |
898 } | 903 } |
899 | 904 |
900 } // namespace platform_keys | 905 } // namespace platform_keys |
901 | 906 |
902 } // namespace chromeos | 907 } // namespace chromeos |
OLD | NEW |