| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 46 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . | 46 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . |
| 47 // Helper that observes events from the NSSCertDatabase and forwards them to | 47 // Helper that observes events from the NSSCertDatabase and forwards them to |
| 48 // the given CertDatabase. | 48 // the given CertDatabase. |
| 49 class CertNotificationForwarder : public NSSCertDatabase::Observer { | 49 class CertNotificationForwarder : public NSSCertDatabase::Observer { |
| 50 public: | 50 public: |
| 51 explicit CertNotificationForwarder(CertDatabase* cert_db) | 51 explicit CertNotificationForwarder(CertDatabase* cert_db) |
| 52 : cert_db_(cert_db) {} | 52 : cert_db_(cert_db) {} |
| 53 | 53 |
| 54 ~CertNotificationForwarder() override {} | 54 ~CertNotificationForwarder() override {} |
| 55 | 55 |
| 56 // NSSCertDatabase::Observer implementation: | 56 void OnCertDBChanged(const X509Certificate* cert) override { |
| 57 void OnCertAdded(const X509Certificate* cert) override { | 57 cert_db_->NotifyObserversCertDBChanged(cert); |
| 58 cert_db_->NotifyObserversOfCertAdded(cert); | |
| 59 } | |
| 60 | |
| 61 void OnCertRemoved(const X509Certificate* cert) override { | |
| 62 cert_db_->NotifyObserversOfCertRemoved(cert); | |
| 63 } | |
| 64 | |
| 65 void OnCACertChanged(const X509Certificate* cert) override { | |
| 66 cert_db_->NotifyObserversOfCACertChanged(cert); | |
| 67 } | 58 } |
| 68 | 59 |
| 69 private: | 60 private: |
| 70 CertDatabase* cert_db_; | 61 CertDatabase* cert_db_; |
| 71 | 62 |
| 72 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); | 63 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); |
| 73 }; | 64 }; |
| 74 | 65 |
| 75 } // namespace | 66 } // namespace |
| 76 | 67 |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 192 CertificateList* imported_certs) { | 183 CertificateList* imported_certs) { |
| 193 DVLOG(1) << __func__ << " " | 184 DVLOG(1) << __func__ << " " |
| 194 << PK11_GetModuleID(module->os_module_handle()) << ":" | 185 << PK11_GetModuleID(module->os_module_handle()) << ":" |
| 195 << PK11_GetSlotID(module->os_module_handle()); | 186 << PK11_GetSlotID(module->os_module_handle()); |
| 196 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), | 187 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), |
| 197 data.data(), data.size(), | 188 data.data(), data.size(), |
| 198 password, | 189 password, |
| 199 is_extractable, | 190 is_extractable, |
| 200 imported_certs); | 191 imported_certs); |
| 201 if (result == OK) | 192 if (result == OK) |
| 202 NotifyObserversOfCertAdded(NULL); | 193 NotifyObserversCertDBChanged(NULL); |
| 203 | 194 |
| 204 return result; | 195 return result; |
| 205 } | 196 } |
| 206 | 197 |
| 207 int NSSCertDatabase::ExportToPKCS12( | 198 int NSSCertDatabase::ExportToPKCS12( |
| 208 const CertificateList& certs, | 199 const CertificateList& certs, |
| 209 const base::string16& password, | 200 const base::string16& password, |
| 210 std::string* output) const { | 201 std::string* output) const { |
| 211 return psm::nsPKCS12Blob_Export(output, certs, password); | 202 return psm::nsPKCS12Blob_Export(output, certs, password); |
| 212 } | 203 } |
| (...skipping 21 matching lines...) Expand all Loading... |
| 234 return cert0; | 225 return cert0; |
| 235 } | 226 } |
| 236 | 227 |
| 237 int NSSCertDatabase::ImportUserCert(const std::string& data) { | 228 int NSSCertDatabase::ImportUserCert(const std::string& data) { |
| 238 CertificateList certificates = | 229 CertificateList certificates = |
| 239 X509Certificate::CreateCertificateListFromBytes( | 230 X509Certificate::CreateCertificateListFromBytes( |
| 240 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); | 231 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); |
| 241 int result = psm::ImportUserCert(certificates); | 232 int result = psm::ImportUserCert(certificates); |
| 242 | 233 |
| 243 if (result == OK) | 234 if (result == OK) |
| 244 NotifyObserversOfCertAdded(NULL); | 235 NotifyObserversCertDBChanged(NULL); |
| 245 | 236 |
| 246 return result; | 237 return result; |
| 247 } | 238 } |
| 248 | 239 |
| 249 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, | 240 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, |
| 250 TrustBits trust_bits, | 241 TrustBits trust_bits, |
| 251 ImportCertFailureList* not_imported) { | 242 ImportCertFailureList* not_imported) { |
| 252 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 243 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
| 253 X509Certificate* root = FindRootInList(certificates); | 244 X509Certificate* root = FindRootInList(certificates); |
| 254 bool success = psm::ImportCACerts( | 245 bool success = psm::ImportCACerts( |
| 255 slot.get(), certificates, root, trust_bits, not_imported); | 246 slot.get(), certificates, root, trust_bits, not_imported); |
| 256 if (success) | 247 if (success) |
| 257 NotifyObserversOfCACertChanged(NULL); | 248 NotifyObserversCertDBChanged(NULL); |
| 258 | 249 |
| 259 return success; | 250 return success; |
| 260 } | 251 } |
| 261 | 252 |
| 262 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, | 253 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, |
| 263 TrustBits trust_bits, | 254 TrustBits trust_bits, |
| 264 ImportCertFailureList* not_imported) { | 255 ImportCertFailureList* not_imported) { |
| 265 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 256 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
| 266 return psm::ImportServerCert( | 257 return psm::ImportServerCert( |
| 267 slot.get(), certificates, trust_bits, not_imported); | 258 slot.get(), certificates, trust_bits, not_imported); |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 365 } | 356 } |
| 366 | 357 |
| 367 return false; | 358 return false; |
| 368 } | 359 } |
| 369 | 360 |
| 370 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, | 361 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, |
| 371 CertType type, | 362 CertType type, |
| 372 TrustBits trust_bits) { | 363 TrustBits trust_bits) { |
| 373 bool success = psm::SetCertTrust(cert, type, trust_bits); | 364 bool success = psm::SetCertTrust(cert, type, trust_bits); |
| 374 if (success) | 365 if (success) |
| 375 NotifyObserversOfCACertChanged(cert); | 366 NotifyObserversCertDBChanged(cert); |
| 376 | 367 |
| 377 return success; | 368 return success; |
| 378 } | 369 } |
| 379 | 370 |
| 380 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 371 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
| 381 if (!DeleteCertAndKeyImpl(cert)) | 372 if (!DeleteCertAndKeyImpl(cert)) |
| 382 return false; | 373 return false; |
| 383 NotifyObserversOfCertRemoved(cert); | 374 NotifyObserversCertDBChanged(cert); |
| 384 return true; | 375 return true; |
| 385 } | 376 } |
| 386 | 377 |
| 387 void NSSCertDatabase::DeleteCertAndKeyAsync( | 378 void NSSCertDatabase::DeleteCertAndKeyAsync( |
| 388 const scoped_refptr<X509Certificate>& cert, | 379 const scoped_refptr<X509Certificate>& cert, |
| 389 const DeleteCertCallback& callback) { | 380 const DeleteCertCallback& callback) { |
| 390 base::PostTaskAndReplyWithResult( | 381 base::PostTaskAndReplyWithResult( |
| 391 GetSlowTaskRunner().get(), | 382 GetSlowTaskRunner().get(), |
| 392 FROM_HERE, | 383 FROM_HERE, |
| 393 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 384 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 444 if (slow_task_runner_for_test_.get()) | 435 if (slow_task_runner_for_test_.get()) |
| 445 return slow_task_runner_for_test_; | 436 return slow_task_runner_for_test_; |
| 446 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); | 437 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); |
| 447 } | 438 } |
| 448 | 439 |
| 449 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 440 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
| 450 scoped_refptr<X509Certificate> cert, | 441 scoped_refptr<X509Certificate> cert, |
| 451 const DeleteCertCallback& callback, | 442 const DeleteCertCallback& callback, |
| 452 bool success) { | 443 bool success) { |
| 453 if (success) | 444 if (success) |
| 454 NotifyObserversOfCertRemoved(cert.get()); | 445 NotifyObserversCertDBChanged(cert.get()); |
| 455 callback.Run(success); | 446 callback.Run(success); |
| 456 } | 447 } |
| 457 | 448 |
| 458 void NSSCertDatabase::NotifyObserversOfCertAdded(const X509Certificate* cert) { | 449 void NSSCertDatabase::NotifyObserversCertDBChanged( |
| 459 observer_list_->Notify(FROM_HERE, &Observer::OnCertAdded, | 450 const X509Certificate* cert) { |
| 451 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged, |
| 460 base::RetainedRef(cert)); | 452 base::RetainedRef(cert)); |
| 461 } | 453 } |
| 462 | 454 |
| 463 void NSSCertDatabase::NotifyObserversOfCertRemoved( | |
| 464 const X509Certificate* cert) { | |
| 465 observer_list_->Notify(FROM_HERE, &Observer::OnCertRemoved, | |
| 466 base::RetainedRef(cert)); | |
| 467 } | |
| 468 | |
| 469 void NSSCertDatabase::NotifyObserversOfCACertChanged( | |
| 470 const X509Certificate* cert) { | |
| 471 observer_list_->Notify(FROM_HERE, &Observer::OnCACertChanged, | |
| 472 base::RetainedRef(cert)); | |
| 473 } | |
| 474 | |
| 475 // static | 455 // static |
| 476 bool NSSCertDatabase::DeleteCertAndKeyImpl( | 456 bool NSSCertDatabase::DeleteCertAndKeyImpl( |
| 477 scoped_refptr<X509Certificate> cert) { | 457 scoped_refptr<X509Certificate> cert) { |
| 478 // For some reason, PK11_DeleteTokenCertAndKey only calls | 458 // For some reason, PK11_DeleteTokenCertAndKey only calls |
| 479 // SEC_DeletePermCertificate if the private key is found. So, we check | 459 // SEC_DeletePermCertificate if the private key is found. So, we check |
| 480 // whether a private key exists before deciding which function to call to | 460 // whether a private key exists before deciding which function to call to |
| 481 // delete the cert. | 461 // delete the cert. |
| 482 SECKEYPrivateKey* privKey = | 462 SECKEYPrivateKey* privKey = |
| 483 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); | 463 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); |
| 484 if (privKey) { | 464 if (privKey) { |
| 485 SECKEY_DestroyPrivateKey(privKey); | 465 SECKEY_DestroyPrivateKey(privKey); |
| 486 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { | 466 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { |
| 487 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); | 467 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); |
| 488 return false; | 468 return false; |
| 489 } | 469 } |
| 490 } else { | 470 } else { |
| 491 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 471 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
| 492 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 472 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
| 493 return false; | 473 return false; |
| 494 } | 474 } |
| 495 } | 475 } |
| 496 return true; | 476 return true; |
| 497 } | 477 } |
| 498 | 478 |
| 499 } // namespace net | 479 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2363653002:
Cleanup unreachable cert adding code (Closed)
