OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <certdb.h> | 8 #include <certdb.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
46 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . | 46 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . |
47 // Helper that observes events from the NSSCertDatabase and forwards them to | 47 // Helper that observes events from the NSSCertDatabase and forwards them to |
48 // the given CertDatabase. | 48 // the given CertDatabase. |
49 class CertNotificationForwarder : public NSSCertDatabase::Observer { | 49 class CertNotificationForwarder : public NSSCertDatabase::Observer { |
50 public: | 50 public: |
51 explicit CertNotificationForwarder(CertDatabase* cert_db) | 51 explicit CertNotificationForwarder(CertDatabase* cert_db) |
52 : cert_db_(cert_db) {} | 52 : cert_db_(cert_db) {} |
53 | 53 |
54 ~CertNotificationForwarder() override {} | 54 ~CertNotificationForwarder() override {} |
55 | 55 |
56 // NSSCertDatabase::Observer implementation: | 56 void OnCertDBChanged(const X509Certificate* cert) override { |
57 void OnCertAdded(const X509Certificate* cert) override { | 57 cert_db_->NotifyObserversCertDBChanged(cert); |
58 cert_db_->NotifyObserversOfCertAdded(cert); | |
59 } | |
60 | |
61 void OnCertRemoved(const X509Certificate* cert) override { | |
62 cert_db_->NotifyObserversOfCertRemoved(cert); | |
63 } | |
64 | |
65 void OnCACertChanged(const X509Certificate* cert) override { | |
66 cert_db_->NotifyObserversOfCACertChanged(cert); | |
67 } | 58 } |
68 | 59 |
69 private: | 60 private: |
70 CertDatabase* cert_db_; | 61 CertDatabase* cert_db_; |
71 | 62 |
72 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); | 63 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); |
73 }; | 64 }; |
74 | 65 |
75 } // namespace | 66 } // namespace |
76 | 67 |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 CertificateList* imported_certs) { | 183 CertificateList* imported_certs) { |
193 DVLOG(1) << __func__ << " " | 184 DVLOG(1) << __func__ << " " |
194 << PK11_GetModuleID(module->os_module_handle()) << ":" | 185 << PK11_GetModuleID(module->os_module_handle()) << ":" |
195 << PK11_GetSlotID(module->os_module_handle()); | 186 << PK11_GetSlotID(module->os_module_handle()); |
196 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), | 187 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), |
197 data.data(), data.size(), | 188 data.data(), data.size(), |
198 password, | 189 password, |
199 is_extractable, | 190 is_extractable, |
200 imported_certs); | 191 imported_certs); |
201 if (result == OK) | 192 if (result == OK) |
202 NotifyObserversOfCertAdded(NULL); | 193 NotifyObserversCertDBChanged(NULL); |
203 | 194 |
204 return result; | 195 return result; |
205 } | 196 } |
206 | 197 |
207 int NSSCertDatabase::ExportToPKCS12( | 198 int NSSCertDatabase::ExportToPKCS12( |
208 const CertificateList& certs, | 199 const CertificateList& certs, |
209 const base::string16& password, | 200 const base::string16& password, |
210 std::string* output) const { | 201 std::string* output) const { |
211 return psm::nsPKCS12Blob_Export(output, certs, password); | 202 return psm::nsPKCS12Blob_Export(output, certs, password); |
212 } | 203 } |
(...skipping 21 matching lines...) Expand all Loading... |
234 return cert0; | 225 return cert0; |
235 } | 226 } |
236 | 227 |
237 int NSSCertDatabase::ImportUserCert(const std::string& data) { | 228 int NSSCertDatabase::ImportUserCert(const std::string& data) { |
238 CertificateList certificates = | 229 CertificateList certificates = |
239 X509Certificate::CreateCertificateListFromBytes( | 230 X509Certificate::CreateCertificateListFromBytes( |
240 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); | 231 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); |
241 int result = psm::ImportUserCert(certificates); | 232 int result = psm::ImportUserCert(certificates); |
242 | 233 |
243 if (result == OK) | 234 if (result == OK) |
244 NotifyObserversOfCertAdded(NULL); | 235 NotifyObserversCertDBChanged(NULL); |
245 | 236 |
246 return result; | 237 return result; |
247 } | 238 } |
| 239 |
| 240 int NSSCertDatabase::ImportUserCert(X509Certificate* certificate) { |
| 241 CertificateList certificates; |
| 242 certificates.emplace_back(certificate); |
| 243 int result = psm::ImportUserCert(certificates); |
| 244 |
| 245 if (result == OK) |
| 246 NotifyObserversCertDBChanged(NULL); |
| 247 |
| 248 return result; |
| 249 } |
248 | 250 |
249 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, | 251 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, |
250 TrustBits trust_bits, | 252 TrustBits trust_bits, |
251 ImportCertFailureList* not_imported) { | 253 ImportCertFailureList* not_imported) { |
252 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 254 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
253 X509Certificate* root = FindRootInList(certificates); | 255 X509Certificate* root = FindRootInList(certificates); |
254 bool success = psm::ImportCACerts( | 256 bool success = psm::ImportCACerts( |
255 slot.get(), certificates, root, trust_bits, not_imported); | 257 slot.get(), certificates, root, trust_bits, not_imported); |
256 if (success) | 258 if (success) |
257 NotifyObserversOfCACertChanged(NULL); | 259 NotifyObserversCertDBChanged(NULL); |
258 | 260 |
259 return success; | 261 return success; |
260 } | 262 } |
261 | 263 |
262 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, | 264 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, |
263 TrustBits trust_bits, | 265 TrustBits trust_bits, |
264 ImportCertFailureList* not_imported) { | 266 ImportCertFailureList* not_imported) { |
265 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 267 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
266 return psm::ImportServerCert( | 268 return psm::ImportServerCert( |
267 slot.get(), certificates, trust_bits, not_imported); | 269 slot.get(), certificates, trust_bits, not_imported); |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
365 } | 367 } |
366 | 368 |
367 return false; | 369 return false; |
368 } | 370 } |
369 | 371 |
370 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, | 372 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, |
371 CertType type, | 373 CertType type, |
372 TrustBits trust_bits) { | 374 TrustBits trust_bits) { |
373 bool success = psm::SetCertTrust(cert, type, trust_bits); | 375 bool success = psm::SetCertTrust(cert, type, trust_bits); |
374 if (success) | 376 if (success) |
375 NotifyObserversOfCACertChanged(cert); | 377 NotifyObserversCertDBChanged(cert); |
376 | 378 |
377 return success; | 379 return success; |
378 } | 380 } |
379 | 381 |
380 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 382 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
381 if (!DeleteCertAndKeyImpl(cert)) | 383 if (!DeleteCertAndKeyImpl(cert)) |
382 return false; | 384 return false; |
383 NotifyObserversOfCertRemoved(cert); | 385 NotifyObserversCertDBChanged(cert); |
384 return true; | 386 return true; |
385 } | 387 } |
386 | 388 |
387 void NSSCertDatabase::DeleteCertAndKeyAsync( | 389 void NSSCertDatabase::DeleteCertAndKeyAsync( |
388 const scoped_refptr<X509Certificate>& cert, | 390 const scoped_refptr<X509Certificate>& cert, |
389 const DeleteCertCallback& callback) { | 391 const DeleteCertCallback& callback) { |
390 base::PostTaskAndReplyWithResult( | 392 base::PostTaskAndReplyWithResult( |
391 GetSlowTaskRunner().get(), | 393 GetSlowTaskRunner().get(), |
392 FROM_HERE, | 394 FROM_HERE, |
393 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 395 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
444 if (slow_task_runner_for_test_.get()) | 446 if (slow_task_runner_for_test_.get()) |
445 return slow_task_runner_for_test_; | 447 return slow_task_runner_for_test_; |
446 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); | 448 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); |
447 } | 449 } |
448 | 450 |
449 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 451 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
450 scoped_refptr<X509Certificate> cert, | 452 scoped_refptr<X509Certificate> cert, |
451 const DeleteCertCallback& callback, | 453 const DeleteCertCallback& callback, |
452 bool success) { | 454 bool success) { |
453 if (success) | 455 if (success) |
454 NotifyObserversOfCertRemoved(cert.get()); | 456 NotifyObserversCertDBChanged(cert.get()); |
455 callback.Run(success); | 457 callback.Run(success); |
456 } | 458 } |
457 | 459 |
458 void NSSCertDatabase::NotifyObserversOfCertAdded(const X509Certificate* cert) { | 460 void NSSCertDatabase::NotifyObserversCertDBChanged( |
459 observer_list_->Notify(FROM_HERE, &Observer::OnCertAdded, | 461 const X509Certificate* cert) { |
| 462 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged, |
460 base::RetainedRef(cert)); | 463 base::RetainedRef(cert)); |
461 } | 464 } |
462 | 465 |
463 void NSSCertDatabase::NotifyObserversOfCertRemoved( | |
464 const X509Certificate* cert) { | |
465 observer_list_->Notify(FROM_HERE, &Observer::OnCertRemoved, | |
466 base::RetainedRef(cert)); | |
467 } | |
468 | |
469 void NSSCertDatabase::NotifyObserversOfCACertChanged( | |
470 const X509Certificate* cert) { | |
471 observer_list_->Notify(FROM_HERE, &Observer::OnCACertChanged, | |
472 base::RetainedRef(cert)); | |
473 } | |
474 | |
475 // static | 466 // static |
476 bool NSSCertDatabase::DeleteCertAndKeyImpl( | 467 bool NSSCertDatabase::DeleteCertAndKeyImpl( |
477 scoped_refptr<X509Certificate> cert) { | 468 scoped_refptr<X509Certificate> cert) { |
478 // For some reason, PK11_DeleteTokenCertAndKey only calls | 469 // For some reason, PK11_DeleteTokenCertAndKey only calls |
479 // SEC_DeletePermCertificate if the private key is found. So, we check | 470 // SEC_DeletePermCertificate if the private key is found. So, we check |
480 // whether a private key exists before deciding which function to call to | 471 // whether a private key exists before deciding which function to call to |
481 // delete the cert. | 472 // delete the cert. |
482 SECKEYPrivateKey* privKey = | 473 SECKEYPrivateKey* privKey = |
483 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); | 474 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); |
484 if (privKey) { | 475 if (privKey) { |
485 SECKEY_DestroyPrivateKey(privKey); | 476 SECKEY_DestroyPrivateKey(privKey); |
486 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { | 477 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { |
487 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); | 478 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); |
488 return false; | 479 return false; |
489 } | 480 } |
490 } else { | 481 } else { |
491 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 482 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
492 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 483 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
493 return false; | 484 return false; |
494 } | 485 } |
495 } | 486 } |
496 return true; | 487 return true; |
497 } | 488 } |
498 | 489 |
499 } // namespace net | 490 } // namespace net |
OLD | NEW |