OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <certdb.h> | 8 #include <certdb.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
46 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . | 46 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . |
47 // Helper that observes events from the NSSCertDatabase and forwards them to | 47 // Helper that observes events from the NSSCertDatabase and forwards them to |
48 // the given CertDatabase. | 48 // the given CertDatabase. |
49 class CertNotificationForwarder : public NSSCertDatabase::Observer { | 49 class CertNotificationForwarder : public NSSCertDatabase::Observer { |
50 public: | 50 public: |
51 explicit CertNotificationForwarder(CertDatabase* cert_db) | 51 explicit CertNotificationForwarder(CertDatabase* cert_db) |
52 : cert_db_(cert_db) {} | 52 : cert_db_(cert_db) {} |
53 | 53 |
54 ~CertNotificationForwarder() override {} | 54 ~CertNotificationForwarder() override {} |
55 | 55 |
56 // NSSCertDatabase::Observer implementation: | 56 void OnCertDBChanged(const X509Certificate* cert) override { |
57 void OnCertAdded(const X509Certificate* cert) override { | 57 cert_db_->NotifyObserversCertDBChanged(cert); |
58 cert_db_->NotifyObserversOfCertAdded(cert); | |
59 } | |
60 | |
61 void OnCertRemoved(const X509Certificate* cert) override { | |
62 cert_db_->NotifyObserversOfCertRemoved(cert); | |
63 } | |
64 | |
65 void OnCACertChanged(const X509Certificate* cert) override { | |
66 cert_db_->NotifyObserversOfCACertChanged(cert); | |
67 } | 58 } |
68 | 59 |
69 private: | 60 private: |
70 CertDatabase* cert_db_; | 61 CertDatabase* cert_db_; |
71 | 62 |
72 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); | 63 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); |
73 }; | 64 }; |
74 | 65 |
75 } // namespace | 66 } // namespace |
76 | 67 |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 CertificateList* imported_certs) { | 183 CertificateList* imported_certs) { |
193 DVLOG(1) << __func__ << " " | 184 DVLOG(1) << __func__ << " " |
194 << PK11_GetModuleID(module->os_module_handle()) << ":" | 185 << PK11_GetModuleID(module->os_module_handle()) << ":" |
195 << PK11_GetSlotID(module->os_module_handle()); | 186 << PK11_GetSlotID(module->os_module_handle()); |
196 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), | 187 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), |
197 data.data(), data.size(), | 188 data.data(), data.size(), |
198 password, | 189 password, |
199 is_extractable, | 190 is_extractable, |
200 imported_certs); | 191 imported_certs); |
201 if (result == OK) | 192 if (result == OK) |
202 NotifyObserversOfCertAdded(NULL); | 193 NotifyObserversCertDBChanged(NULL); |
203 | 194 |
204 return result; | 195 return result; |
205 } | 196 } |
206 | 197 |
207 int NSSCertDatabase::ExportToPKCS12( | 198 int NSSCertDatabase::ExportToPKCS12( |
208 const CertificateList& certs, | 199 const CertificateList& certs, |
209 const base::string16& password, | 200 const base::string16& password, |
210 std::string* output) const { | 201 std::string* output) const { |
211 return psm::nsPKCS12Blob_Export(output, certs, password); | 202 return psm::nsPKCS12Blob_Export(output, certs, password); |
212 } | 203 } |
(...skipping 21 matching lines...) Expand all Loading... |
234 return cert0; | 225 return cert0; |
235 } | 226 } |
236 | 227 |
237 int NSSCertDatabase::ImportUserCert(const std::string& data) { | 228 int NSSCertDatabase::ImportUserCert(const std::string& data) { |
238 CertificateList certificates = | 229 CertificateList certificates = |
239 X509Certificate::CreateCertificateListFromBytes( | 230 X509Certificate::CreateCertificateListFromBytes( |
240 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); | 231 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); |
241 int result = psm::ImportUserCert(certificates); | 232 int result = psm::ImportUserCert(certificates); |
242 | 233 |
243 if (result == OK) | 234 if (result == OK) |
244 NotifyObserversOfCertAdded(NULL); | 235 NotifyObserversCertDBChanged(NULL); |
245 | 236 |
246 return result; | 237 return result; |
247 } | 238 } |
248 | 239 |
249 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, | 240 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, |
250 TrustBits trust_bits, | 241 TrustBits trust_bits, |
251 ImportCertFailureList* not_imported) { | 242 ImportCertFailureList* not_imported) { |
252 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 243 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
253 X509Certificate* root = FindRootInList(certificates); | 244 X509Certificate* root = FindRootInList(certificates); |
254 bool success = psm::ImportCACerts( | 245 bool success = psm::ImportCACerts( |
255 slot.get(), certificates, root, trust_bits, not_imported); | 246 slot.get(), certificates, root, trust_bits, not_imported); |
256 if (success) | 247 if (success) |
257 NotifyObserversOfCACertChanged(NULL); | 248 NotifyObserversCertDBChanged(NULL); |
258 | 249 |
259 return success; | 250 return success; |
260 } | 251 } |
261 | 252 |
262 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, | 253 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, |
263 TrustBits trust_bits, | 254 TrustBits trust_bits, |
264 ImportCertFailureList* not_imported) { | 255 ImportCertFailureList* not_imported) { |
265 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 256 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
266 return psm::ImportServerCert( | 257 return psm::ImportServerCert( |
267 slot.get(), certificates, trust_bits, not_imported); | 258 slot.get(), certificates, trust_bits, not_imported); |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
365 } | 356 } |
366 | 357 |
367 return false; | 358 return false; |
368 } | 359 } |
369 | 360 |
370 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, | 361 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, |
371 CertType type, | 362 CertType type, |
372 TrustBits trust_bits) { | 363 TrustBits trust_bits) { |
373 bool success = psm::SetCertTrust(cert, type, trust_bits); | 364 bool success = psm::SetCertTrust(cert, type, trust_bits); |
374 if (success) | 365 if (success) |
375 NotifyObserversOfCACertChanged(cert); | 366 NotifyObserversCertDBChanged(cert); |
376 | 367 |
377 return success; | 368 return success; |
378 } | 369 } |
379 | 370 |
380 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 371 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
381 if (!DeleteCertAndKeyImpl(cert)) | 372 if (!DeleteCertAndKeyImpl(cert)) |
382 return false; | 373 return false; |
383 NotifyObserversOfCertRemoved(cert); | 374 NotifyObserversCertDBChanged(cert); |
384 return true; | 375 return true; |
385 } | 376 } |
386 | 377 |
387 void NSSCertDatabase::DeleteCertAndKeyAsync( | 378 void NSSCertDatabase::DeleteCertAndKeyAsync( |
388 const scoped_refptr<X509Certificate>& cert, | 379 const scoped_refptr<X509Certificate>& cert, |
389 const DeleteCertCallback& callback) { | 380 const DeleteCertCallback& callback) { |
390 base::PostTaskAndReplyWithResult( | 381 base::PostTaskAndReplyWithResult( |
391 GetSlowTaskRunner().get(), | 382 GetSlowTaskRunner().get(), |
392 FROM_HERE, | 383 FROM_HERE, |
393 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 384 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
444 if (slow_task_runner_for_test_.get()) | 435 if (slow_task_runner_for_test_.get()) |
445 return slow_task_runner_for_test_; | 436 return slow_task_runner_for_test_; |
446 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); | 437 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); |
447 } | 438 } |
448 | 439 |
449 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 440 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
450 scoped_refptr<X509Certificate> cert, | 441 scoped_refptr<X509Certificate> cert, |
451 const DeleteCertCallback& callback, | 442 const DeleteCertCallback& callback, |
452 bool success) { | 443 bool success) { |
453 if (success) | 444 if (success) |
454 NotifyObserversOfCertRemoved(cert.get()); | 445 NotifyObserversCertDBChanged(cert.get()); |
455 callback.Run(success); | 446 callback.Run(success); |
456 } | 447 } |
457 | 448 |
458 void NSSCertDatabase::NotifyObserversOfCertAdded(const X509Certificate* cert) { | 449 void NSSCertDatabase::NotifyObserversCertDBChanged( |
459 observer_list_->Notify(FROM_HERE, &Observer::OnCertAdded, | 450 const X509Certificate* cert) { |
| 451 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged, |
460 base::RetainedRef(cert)); | 452 base::RetainedRef(cert)); |
461 } | 453 } |
462 | 454 |
463 void NSSCertDatabase::NotifyObserversOfCertRemoved( | |
464 const X509Certificate* cert) { | |
465 observer_list_->Notify(FROM_HERE, &Observer::OnCertRemoved, | |
466 base::RetainedRef(cert)); | |
467 } | |
468 | |
469 void NSSCertDatabase::NotifyObserversOfCACertChanged( | |
470 const X509Certificate* cert) { | |
471 observer_list_->Notify(FROM_HERE, &Observer::OnCACertChanged, | |
472 base::RetainedRef(cert)); | |
473 } | |
474 | |
475 // static | 455 // static |
476 bool NSSCertDatabase::DeleteCertAndKeyImpl( | 456 bool NSSCertDatabase::DeleteCertAndKeyImpl( |
477 scoped_refptr<X509Certificate> cert) { | 457 scoped_refptr<X509Certificate> cert) { |
478 // For some reason, PK11_DeleteTokenCertAndKey only calls | 458 // For some reason, PK11_DeleteTokenCertAndKey only calls |
479 // SEC_DeletePermCertificate if the private key is found. So, we check | 459 // SEC_DeletePermCertificate if the private key is found. So, we check |
480 // whether a private key exists before deciding which function to call to | 460 // whether a private key exists before deciding which function to call to |
481 // delete the cert. | 461 // delete the cert. |
482 SECKEYPrivateKey* privKey = | 462 SECKEYPrivateKey* privKey = |
483 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); | 463 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); |
484 if (privKey) { | 464 if (privKey) { |
485 SECKEY_DestroyPrivateKey(privKey); | 465 SECKEY_DestroyPrivateKey(privKey); |
486 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { | 466 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { |
487 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); | 467 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); |
488 return false; | 468 return false; |
489 } | 469 } |
490 } else { | 470 } else { |
491 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 471 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
492 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 472 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
493 return false; | 473 return false; |
494 } | 474 } |
495 } | 475 } |
496 return true; | 476 return true; |
497 } | 477 } |
498 | 478 |
499 } // namespace net | 479 } // namespace net |
OLD | NEW |