| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 46 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . | 46 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . |
| 47 // Helper that observes events from the NSSCertDatabase and forwards them to | 47 // Helper that observes events from the NSSCertDatabase and forwards them to |
| 48 // the given CertDatabase. | 48 // the given CertDatabase. |
| 49 class CertNotificationForwarder : public NSSCertDatabase::Observer { | 49 class CertNotificationForwarder : public NSSCertDatabase::Observer { |
| 50 public: | 50 public: |
| 51 explicit CertNotificationForwarder(CertDatabase* cert_db) | 51 explicit CertNotificationForwarder(CertDatabase* cert_db) |
| 52 : cert_db_(cert_db) {} | 52 : cert_db_(cert_db) {} |
| 53 | 53 |
| 54 ~CertNotificationForwarder() override {} | 54 ~CertNotificationForwarder() override {} |
| 55 | 55 |
| 56 // NSSCertDatabase::Observer implementation: | 56 void OnCertDBChanged(const X509Certificate* cert) override { |
| 57 void OnCertAdded(const X509Certificate* cert) override { | 57 cert_db_->NotifyObserversCertDBChanged(cert); |
| 58 cert_db_->NotifyObserversOfCertAdded(cert); | |
| 59 } | |
| 60 | |
| 61 void OnCertRemoved(const X509Certificate* cert) override { | |
| 62 cert_db_->NotifyObserversOfCertRemoved(cert); | |
| 63 } | |
| 64 | |
| 65 void OnCACertChanged(const X509Certificate* cert) override { | |
| 66 cert_db_->NotifyObserversOfCACertChanged(cert); | |
| 67 } | 58 } |
| 68 | 59 |
| 69 private: | 60 private: |
| 70 CertDatabase* cert_db_; | 61 CertDatabase* cert_db_; |
| 71 | 62 |
| 72 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); | 63 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); |
| 73 }; | 64 }; |
| 74 | 65 |
| 75 } // namespace | 66 } // namespace |
| 76 | 67 |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 192 CertificateList* imported_certs) { | 183 CertificateList* imported_certs) { |
| 193 DVLOG(1) << __func__ << " " | 184 DVLOG(1) << __func__ << " " |
| 194 << PK11_GetModuleID(module->os_module_handle()) << ":" | 185 << PK11_GetModuleID(module->os_module_handle()) << ":" |
| 195 << PK11_GetSlotID(module->os_module_handle()); | 186 << PK11_GetSlotID(module->os_module_handle()); |
| 196 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), | 187 int result = psm::nsPKCS12Blob_Import(module->os_module_handle(), |
| 197 data.data(), data.size(), | 188 data.data(), data.size(), |
| 198 password, | 189 password, |
| 199 is_extractable, | 190 is_extractable, |
| 200 imported_certs); | 191 imported_certs); |
| 201 if (result == OK) | 192 if (result == OK) |
| 202 NotifyObserversOfCertAdded(NULL); | 193 NotifyObserversCertDBChanged(NULL); |
| 203 | 194 |
| 204 return result; | 195 return result; |
| 205 } | 196 } |
| 206 | 197 |
| 207 int NSSCertDatabase::ExportToPKCS12( | 198 int NSSCertDatabase::ExportToPKCS12( |
| 208 const CertificateList& certs, | 199 const CertificateList& certs, |
| 209 const base::string16& password, | 200 const base::string16& password, |
| 210 std::string* output) const { | 201 std::string* output) const { |
| 211 return psm::nsPKCS12Blob_Export(output, certs, password); | 202 return psm::nsPKCS12Blob_Export(output, certs, password); |
| 212 } | 203 } |
| (...skipping 21 matching lines...) Expand all Loading... |
| 234 return cert0; | 225 return cert0; |
| 235 } | 226 } |
| 236 | 227 |
| 237 int NSSCertDatabase::ImportUserCert(const std::string& data) { | 228 int NSSCertDatabase::ImportUserCert(const std::string& data) { |
| 238 CertificateList certificates = | 229 CertificateList certificates = |
| 239 X509Certificate::CreateCertificateListFromBytes( | 230 X509Certificate::CreateCertificateListFromBytes( |
| 240 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); | 231 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); |
| 241 int result = psm::ImportUserCert(certificates); | 232 int result = psm::ImportUserCert(certificates); |
| 242 | 233 |
| 243 if (result == OK) | 234 if (result == OK) |
| 244 NotifyObserversOfCertAdded(NULL); | 235 NotifyObserversCertDBChanged(NULL); |
| 245 | 236 |
| 246 return result; | 237 return result; |
| 247 } | 238 } |
| 239 |
| 240 int NSSCertDatabase::ImportUserCert(X509Certificate* certificate) { |
| 241 CertificateList certificates; |
| 242 certificates.emplace_back(certificate); |
| 243 int result = psm::ImportUserCert(certificates); |
| 244 |
| 245 if (result == OK) |
| 246 NotifyObserversCertDBChanged(NULL); |
| 247 |
| 248 return result; |
| 249 } |
| 248 | 250 |
| 249 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, | 251 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, |
| 250 TrustBits trust_bits, | 252 TrustBits trust_bits, |
| 251 ImportCertFailureList* not_imported) { | 253 ImportCertFailureList* not_imported) { |
| 252 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 254 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
| 253 X509Certificate* root = FindRootInList(certificates); | 255 X509Certificate* root = FindRootInList(certificates); |
| 254 bool success = psm::ImportCACerts( | 256 bool success = psm::ImportCACerts( |
| 255 slot.get(), certificates, root, trust_bits, not_imported); | 257 slot.get(), certificates, root, trust_bits, not_imported); |
| 256 if (success) | 258 if (success) |
| 257 NotifyObserversOfCACertChanged(NULL); | 259 NotifyObserversCertDBChanged(NULL); |
| 258 | 260 |
| 259 return success; | 261 return success; |
| 260 } | 262 } |
| 261 | 263 |
| 262 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, | 264 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, |
| 263 TrustBits trust_bits, | 265 TrustBits trust_bits, |
| 264 ImportCertFailureList* not_imported) { | 266 ImportCertFailureList* not_imported) { |
| 265 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 267 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
| 266 return psm::ImportServerCert( | 268 return psm::ImportServerCert( |
| 267 slot.get(), certificates, trust_bits, not_imported); | 269 slot.get(), certificates, trust_bits, not_imported); |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 365 } | 367 } |
| 366 | 368 |
| 367 return false; | 369 return false; |
| 368 } | 370 } |
| 369 | 371 |
| 370 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, | 372 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, |
| 371 CertType type, | 373 CertType type, |
| 372 TrustBits trust_bits) { | 374 TrustBits trust_bits) { |
| 373 bool success = psm::SetCertTrust(cert, type, trust_bits); | 375 bool success = psm::SetCertTrust(cert, type, trust_bits); |
| 374 if (success) | 376 if (success) |
| 375 NotifyObserversOfCACertChanged(cert); | 377 NotifyObserversCertDBChanged(cert); |
| 376 | 378 |
| 377 return success; | 379 return success; |
| 378 } | 380 } |
| 379 | 381 |
| 380 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 382 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
| 381 if (!DeleteCertAndKeyImpl(cert)) | 383 if (!DeleteCertAndKeyImpl(cert)) |
| 382 return false; | 384 return false; |
| 383 NotifyObserversOfCertRemoved(cert); | 385 NotifyObserversCertDBChanged(cert); |
| 384 return true; | 386 return true; |
| 385 } | 387 } |
| 386 | 388 |
| 387 void NSSCertDatabase::DeleteCertAndKeyAsync( | 389 void NSSCertDatabase::DeleteCertAndKeyAsync( |
| 388 const scoped_refptr<X509Certificate>& cert, | 390 const scoped_refptr<X509Certificate>& cert, |
| 389 const DeleteCertCallback& callback) { | 391 const DeleteCertCallback& callback) { |
| 390 base::PostTaskAndReplyWithResult( | 392 base::PostTaskAndReplyWithResult( |
| 391 GetSlowTaskRunner().get(), | 393 GetSlowTaskRunner().get(), |
| 392 FROM_HERE, | 394 FROM_HERE, |
| 393 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 395 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 444 if (slow_task_runner_for_test_.get()) | 446 if (slow_task_runner_for_test_.get()) |
| 445 return slow_task_runner_for_test_; | 447 return slow_task_runner_for_test_; |
| 446 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); | 448 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); |
| 447 } | 449 } |
| 448 | 450 |
| 449 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 451 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
| 450 scoped_refptr<X509Certificate> cert, | 452 scoped_refptr<X509Certificate> cert, |
| 451 const DeleteCertCallback& callback, | 453 const DeleteCertCallback& callback, |
| 452 bool success) { | 454 bool success) { |
| 453 if (success) | 455 if (success) |
| 454 NotifyObserversOfCertRemoved(cert.get()); | 456 NotifyObserversCertDBChanged(cert.get()); |
| 455 callback.Run(success); | 457 callback.Run(success); |
| 456 } | 458 } |
| 457 | 459 |
| 458 void NSSCertDatabase::NotifyObserversOfCertAdded(const X509Certificate* cert) { | 460 void NSSCertDatabase::NotifyObserversCertDBChanged( |
| 459 observer_list_->Notify(FROM_HERE, &Observer::OnCertAdded, | 461 const X509Certificate* cert) { |
| 462 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged, |
| 460 base::RetainedRef(cert)); | 463 base::RetainedRef(cert)); |
| 461 } | 464 } |
| 462 | 465 |
| 463 void NSSCertDatabase::NotifyObserversOfCertRemoved( | |
| 464 const X509Certificate* cert) { | |
| 465 observer_list_->Notify(FROM_HERE, &Observer::OnCertRemoved, | |
| 466 base::RetainedRef(cert)); | |
| 467 } | |
| 468 | |
| 469 void NSSCertDatabase::NotifyObserversOfCACertChanged( | |
| 470 const X509Certificate* cert) { | |
| 471 observer_list_->Notify(FROM_HERE, &Observer::OnCACertChanged, | |
| 472 base::RetainedRef(cert)); | |
| 473 } | |
| 474 | |
| 475 // static | 466 // static |
| 476 bool NSSCertDatabase::DeleteCertAndKeyImpl( | 467 bool NSSCertDatabase::DeleteCertAndKeyImpl( |
| 477 scoped_refptr<X509Certificate> cert) { | 468 scoped_refptr<X509Certificate> cert) { |
| 478 // For some reason, PK11_DeleteTokenCertAndKey only calls | 469 // For some reason, PK11_DeleteTokenCertAndKey only calls |
| 479 // SEC_DeletePermCertificate if the private key is found. So, we check | 470 // SEC_DeletePermCertificate if the private key is found. So, we check |
| 480 // whether a private key exists before deciding which function to call to | 471 // whether a private key exists before deciding which function to call to |
| 481 // delete the cert. | 472 // delete the cert. |
| 482 SECKEYPrivateKey* privKey = | 473 SECKEYPrivateKey* privKey = |
| 483 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); | 474 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); |
| 484 if (privKey) { | 475 if (privKey) { |
| 485 SECKEY_DestroyPrivateKey(privKey); | 476 SECKEY_DestroyPrivateKey(privKey); |
| 486 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { | 477 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { |
| 487 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); | 478 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); |
| 488 return false; | 479 return false; |
| 489 } | 480 } |
| 490 } else { | 481 } else { |
| 491 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 482 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
| 492 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 483 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
| 493 return false; | 484 return false; |
| 494 } | 485 } |
| 495 } | 486 } |
| 496 return true; | 487 return true; |
| 497 } | 488 } |
| 498 | 489 |
| 499 } // namespace net | 490 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2363653002:
Cleanup unreachable cert adding code (Closed)
