net/cert/cert_database_nss.cc - Issue 2363653002: Cleanup unreachable cert adding code

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/cert/cert_database_nss.cc

Issue 2363653002: Cleanup unreachable cert adding code (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_database.h"	5 #include "net/cert/cert_database.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8 #include <pk11pub.h>	8 #include <pk11pub.h>

9 #include <secmod.h>	9 #include <secmod.h>

10	10

11 #include <vector>	11 #include <vector>

12	12

13 #include "base/logging.h"	13 #include "base/logging.h"

14 #include "base/observer_list_threadsafe.h"	14 #include "base/observer_list_threadsafe.h"

15 #include "crypto/nss_util.h"

16 #include "crypto/scoped_nss_types.h"

17 #include "net/base/net_errors.h"

18 #include "net/cert/x509_certificate.h"

19 #include "net/cert/x509_util_nss.h"

20 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"

21

22 // PSM = Mozilla's Personal Security Manager.

23 namespace psm = mozilla_security_manager;

24	15

25 namespace net {	16 namespace net {

26	17

27 CertDatabase::CertDatabase()	18 CertDatabase::CertDatabase()

28 : observer_list_(new base::ObserverListThreadSafe<Observer>) {	19 : observer_list_(new base::ObserverListThreadSafe<Observer>) {

29 crypto::EnsureNSSInit();

30 }	20 }

31	21

32 CertDatabase::~CertDatabase() {}	22 CertDatabase::~CertDatabase() {}

33	23

34 int CertDatabase::CheckUserCert(X509Certificate* cert_obj) {

35 if (!cert_obj)

36 return ERR_CERT_INVALID;

37 if (cert_obj->HasExpired())

38 return ERR_CERT_DATE_INVALID;

39

40 // Check if the private key corresponding to the certificate exist

41 // We shouldn't accept any random client certificate sent by a CA.

42

43 // Note: The NSS source documentation wrongly suggests that this

44 // also imports the certificate if the private key exists. This

45 // doesn't seem to be the case.

46

47 CERTCertificate* cert = cert_obj->os_cert_handle();

48 PK11SlotInfo* slot = PK11_KeyForCertExists(cert, NULL, NULL);

49 if (!slot)

50 return ERR_NO_PRIVATE_KEY_FOR_CERT;

51

52 PK11_FreeSlot(slot);

53

54 return OK;

55 }

56

57 int CertDatabase::AddUserCert(X509Certificate* cert_obj) {

58 CertificateList cert_list;

59 cert_list.push_back(cert_obj);

60 int result = psm::ImportUserCert(cert_list);

61

62 if (result == OK)

63 NotifyObserversOfCertAdded(NULL);

64

65 return result;

66 }

67

68 } // namespace net	24 } // namespace net

OLD	NEW

« net/cert/cert_database_mac.cc ('K') | « net/cert/cert_database_mac.cc ('k') | net/cert/cert_database_openssl.cc » ('j') | no next file with comments »