OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <cert.h> | 5 #include <cert.h> |
6 #include <cryptohi.h> | 6 #include <cryptohi.h> |
7 #include <keyhi.h> | 7 #include <keyhi.h> |
8 #include <secder.h> | 8 #include <secder.h> |
9 #include <stddef.h> | 9 #include <stddef.h> |
10 #include <stdint.h> | 10 #include <stdint.h> |
(...skipping 25 matching lines...) Expand all Loading... | |
36 #include "content/public/browser/browser_context.h" | 36 #include "content/public/browser/browser_context.h" |
37 #include "content/public/browser/browser_thread.h" | 37 #include "content/public/browser/browser_thread.h" |
38 #include "crypto/nss_key_util.h" | 38 #include "crypto/nss_key_util.h" |
39 #include "crypto/scoped_nss_types.h" | 39 #include "crypto/scoped_nss_types.h" |
40 #include "net/base/crypto_module.h" | 40 #include "net/base/crypto_module.h" |
41 #include "net/base/net_errors.h" | 41 #include "net/base/net_errors.h" |
42 #include "net/cert/cert_database.h" | 42 #include "net/cert/cert_database.h" |
43 #include "net/cert/nss_cert_database.h" | 43 #include "net/cert/nss_cert_database.h" |
44 #include "net/cert/x509_util_nss.h" | 44 #include "net/cert/x509_util_nss.h" |
45 #include "net/ssl/ssl_cert_request_info.h" | 45 #include "net/ssl/ssl_cert_request_info.h" |
46 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | |
46 | 47 |
47 using content::BrowserContext; | 48 using content::BrowserContext; |
48 using content::BrowserThread; | 49 using content::BrowserThread; |
49 | 50 |
50 namespace { | 51 namespace { |
51 const char kErrorInternal[] = "Internal Error."; | 52 const char kErrorInternal[] = "Internal Error."; |
52 const char kErrorKeyNotFound[] = "Key not found."; | 53 const char kErrorKeyNotFound[] = "Key not found."; |
53 const char kErrorCertificateNotFound[] = "Certificate could not be found."; | 54 const char kErrorCertificateNotFound[] = "Certificate could not be found."; |
54 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; | 55 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; |
55 | 56 |
(...skipping 556 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
612 PK11SlotInfo* slot = state->slot_.get(); | 613 PK11SlotInfo* slot = state->slot_.get(); |
613 cert_db->ListCertsInSlot( | 614 cert_db->ListCertsInSlot( |
614 base::Bind(&DidGetCertificates, base::Passed(&state)), slot); | 615 base::Bind(&DidGetCertificates, base::Passed(&state)), slot); |
615 } | 616 } |
616 | 617 |
617 // Does the actual certificate importing on the IO thread. Used by | 618 // Does the actual certificate importing on the IO thread. Used by |
618 // ImportCertificate(). | 619 // ImportCertificate(). |
619 void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state, | 620 void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state, |
620 net::NSSCertDatabase* cert_db) { | 621 net::NSSCertDatabase* cert_db) { |
621 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 622 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
622 // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to | |
623 // the correct token. | |
624 // |cert_db| is not required, ignore it. | |
625 net::CertDatabase* db = net::CertDatabase::GetInstance(); | |
626 | 623 |
627 const net::Error cert_status = | 624 if (!state->certificate_) { |
628 static_cast<net::Error>(db->CheckUserCert(state->certificate_.get())); | 625 state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_INVALID)); |
629 if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) { | |
630 state->OnError(FROM_HERE, kErrorKeyNotFound); | |
631 return; | 626 return; |
632 } else if (cert_status != net::OK) { | 627 } |
633 state->OnError(FROM_HERE, net::ErrorToString(cert_status)); | 628 if (state->certificate_->HasExpired()) { |
629 state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_DATE_INVALID)); | |
634 return; | 630 return; |
635 } | 631 } |
636 | 632 |
637 // Check that the private key is in the correct slot. | 633 // Check that the private key is in the correct slot. |
638 PK11SlotInfo* slot = | 634 crypto::ScopedPK11Slot slot = |
Ryan Sleevi
2016/09/22 08:44:29
Lovely persistent memory leak :(
|
svaldez
2016/09/22 16:50:25
crypto::ScopedPK11Slot slot(...)?
|
639 PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL); | 635 PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL); |
640 if (slot != state->slot_.get()) { | 636 if (slot.get() != state->slot_.get()) { |
641 state->OnError(FROM_HERE, kErrorKeyNotFound); | 637 state->OnError(FROM_HERE, kErrorKeyNotFound); |
642 return; | 638 return; |
643 } | 639 } |
644 | 640 |
645 const net::Error import_status = | 641 net::CertificateList cert_list; |
646 static_cast<net::Error>(db->AddUserCert(state->certificate_.get())); | 642 cert_list.push_back(state->certificate_); |
647 if (import_status != net::OK) { | 643 const net::Error import_status = static_cast<net::Error>( |
644 mozilla_security_manager::ImportUserCert(cert_list)); | |
645 if (import_status == net::OK) { | |
646 net::CertDatabase::GetInstance()->NotifyObserversCertDBChanged(nullptr); | |
647 } else { | |
648 LOG(ERROR) << "Could not import certificate."; | 648 LOG(ERROR) << "Could not import certificate."; |
649 state->OnError(FROM_HERE, net::ErrorToString(import_status)); | 649 state->OnError(FROM_HERE, net::ErrorToString(import_status)); |
650 return; | 650 return; |
651 } | 651 } |
652 | 652 |
653 state->CallBack(FROM_HERE, std::string() /* no error */); | 653 state->CallBack(FROM_HERE, std::string() /* no error */); |
654 } | 654 } |
655 | 655 |
656 // Called on IO thread after the certificate removal is finished. | 656 // Called on IO thread after the certificate removal is finished. |
657 void DidRemoveCertificate(std::unique_ptr<RemoveCertificateState> state, | 657 void DidRemoveCertificate(std::unique_ptr<RemoveCertificateState> state, |
(...skipping 240 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
898 NSSOperationState* state_ptr = state.get(); | 898 NSSOperationState* state_ptr = state.get(); |
899 GetCertDatabase(std::string() /* don't get any specific slot */, | 899 GetCertDatabase(std::string() /* don't get any specific slot */, |
900 base::Bind(&GetTokensWithDB, base::Passed(&state)), | 900 base::Bind(&GetTokensWithDB, base::Passed(&state)), |
901 browser_context, | 901 browser_context, |
902 state_ptr); | 902 state_ptr); |
903 } | 903 } |
904 | 904 |
905 } // namespace platform_keys | 905 } // namespace platform_keys |
906 | 906 |
907 } // namespace chromeos | 907 } // namespace chromeos |
OLD | NEW |