Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(34)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/nss_cert_database.cc

Issue 214863002: Extension API enterprise.platformKeys. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Allow import of non-extractable keys. Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/test/data/extensions/api_test/enterprise_certificates/import.js ('K') | « net/cert/nss_cert_database.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/nss_cert_database.h" 5 #include "net/cert/nss_cert_database.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <certdb.h> 8 #include <certdb.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <pk11pub.h> 10 #include <pk11pub.h>
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
125 } 125 }
126 126
127 PK11SlotListElement* slot_element = PK11_GetFirstSafe(slot_list.get()); 127 PK11SlotListElement* slot_element = PK11_GetFirstSafe(slot_list.get());
128 while (slot_element) { 128 while (slot_element) {
129 modules->push_back(CryptoModule::CreateFromHandle(slot_element->slot)); 129 modules->push_back(CryptoModule::CreateFromHandle(slot_element->slot));
130 slot_element = PK11_GetNextSafe(slot_list.get(), slot_element, 130 slot_element = PK11_GetNextSafe(slot_list.get(), slot_element,
131 PR_FALSE); // restart 131 PR_FALSE); // restart
132 } 132 }
133 } 133 }
134 134
135 bool NSSCertDatabase::ImportPKCS8KeyAndCertificate(
136 const std::string& pkcs8_data,
137 X509Certificate* cert,
138 CryptoModule* module) {
139 DVLOG(1) << __func__ << " " << PK11_GetModuleID(module->os_module_handle())
140 << ":" << PK11_GetSlotID(module->os_module_handle());
141
142 crypto::ScopedSECKEYPrivateKey private_key;
143 CertDatabase* db = CertDatabase::GetInstance();
144 int cert_status = db->CheckUserCert(cert);
145 if (cert_status == ERR_NO_PRIVATE_KEY_FOR_CERT) {
146 LOG(ERROR) << "Importing private key.";
147 SECItem pki_der = {
148 siBuffer,
149 // NSS requires non-const data even though it is just for input.
150 const_cast<unsigned char*>((const unsigned char*)pkcs8_data.data()),
151 pkcs8_data.size()};
152
153 SECKEYPrivateKey* seckey_private_key = NULL;
154 if (PK11_ImportDERPrivateKeyInfoAndReturnKey(module->os_module_handle(),
155 &pki_der,
156 NULL, // nickname
157 NULL, // publicValue
158 true, // isPerm
159 true, // isPrivate
160 KU_ALL, // usage
161 &seckey_private_key,
162 NULL) != SECSuccess) {
163 LOG(ERROR) << "Could not import private key " << PORT_GetError();
164 return false;
165 }
166 DCHECK(seckey_private_key);
167 private_key.reset(seckey_private_key);
168
169 cert_status = db->CheckUserCert(cert);
170 }
171 if (cert_status != net::OK) {
172 LOG(ERROR) << "Cert invalid, cannot import: " << cert_status;
173 return false;
174 }
175
176 if (db->AddUserCert(cert) != net::OK) {
177 // Delete the imported private key because the certificate didn't import.
178 if (private_key) {
179 // Always destroys the private key.
180 if (PK11_DeleteTokenPrivateKey(private_key.release(), PR_FALSE)) {
181 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError();
182 }
183 }
184 return false;
185 }
186 return true;
187 }
188
135 int NSSCertDatabase::ImportFromPKCS12( 189 int NSSCertDatabase::ImportFromPKCS12(
136 CryptoModule* module, 190 CryptoModule* module,
137 const std::string& data, 191 const std::string& data,
138 const base::string16& password, 192 const base::string16& password,
139 bool is_extractable, 193 bool is_extractable,
140 net::CertificateList* imported_certs) { 194 net::CertificateList* imported_certs) {
141 DVLOG(1) << __func__ << " " 195 DVLOG(1) << __func__ << " "
142 << PK11_GetModuleID(module->os_module_handle()) << ":" 196 << PK11_GetModuleID(module->os_module_handle()) << ":"
143 << PK11_GetSlotID(module->os_module_handle()); 197 << PK11_GetSlotID(module->os_module_handle());
144 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), 198 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(),
(...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after
391 observer_list_->Notify(&Observer::OnCertRemoved, make_scoped_refptr(cert)); 445 observer_list_->Notify(&Observer::OnCertRemoved, make_scoped_refptr(cert));
392 } 446 }
393 447
394 void NSSCertDatabase::NotifyObserversOfCACertChanged( 448 void NSSCertDatabase::NotifyObserversOfCACertChanged(
395 const X509Certificate* cert) { 449 const X509Certificate* cert) {
396 observer_list_->Notify( 450 observer_list_->Notify(
397 &Observer::OnCACertChanged, make_scoped_refptr(cert)); 451 &Observer::OnCACertChanged, make_scoped_refptr(cert));
398 } 452 }
399 453
400 } // namespace net 454 } // namespace net
OLDNEW
« chrome/test/data/extensions/api_test/enterprise_certificates/import.js ('K') | « net/cert/nss_cert_database.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698