Index: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc |
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc |
index 594f9d7293832cdb3463e48be56ffe77075c190d..bd923f1cf50380790da3ae68c96ceb675380c7b6 100644 |
--- a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc |
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc |
@@ -43,6 +43,7 @@ |
#include "net/cert/nss_cert_database.h" |
#include "net/cert/x509_util_nss.h" |
#include "net/ssl/ssl_cert_request_info.h" |
+#include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
using content::BrowserContext; |
using content::BrowserThread; |
@@ -619,32 +620,31 @@ void GetCertificatesWithDB(std::unique_ptr<GetCertificatesState> state, |
void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state, |
net::NSSCertDatabase* cert_db) { |
DCHECK_CURRENTLY_ON(BrowserThread::IO); |
- // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to |
- // the correct token. |
- // |cert_db| is not required, ignore it. |
- net::CertDatabase* db = net::CertDatabase::GetInstance(); |
- |
- const net::Error cert_status = |
- static_cast<net::Error>(db->CheckUserCert(state->certificate_.get())); |
- if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) { |
- state->OnError(FROM_HERE, kErrorKeyNotFound); |
+ |
+ if (!state->certificate_) { |
+ state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_INVALID)); |
return; |
- } else if (cert_status != net::OK) { |
- state->OnError(FROM_HERE, net::ErrorToString(cert_status)); |
+ } |
+ if (state->certificate_->HasExpired()) { |
+ state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_DATE_INVALID)); |
return; |
} |
// Check that the private key is in the correct slot. |
- PK11SlotInfo* slot = |
Ryan Sleevi
2016/09/22 08:44:29
Lovely persistent memory leak :(
|
+ crypto::ScopedPK11Slot slot = |
svaldez
2016/09/22 16:50:25
crypto::ScopedPK11Slot slot(...)?
|
PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL); |
- if (slot != state->slot_.get()) { |
+ if (slot.get() != state->slot_.get()) { |
state->OnError(FROM_HERE, kErrorKeyNotFound); |
return; |
} |
- const net::Error import_status = |
- static_cast<net::Error>(db->AddUserCert(state->certificate_.get())); |
- if (import_status != net::OK) { |
+ net::CertificateList cert_list; |
+ cert_list.push_back(state->certificate_); |
+ const net::Error import_status = static_cast<net::Error>( |
+ mozilla_security_manager::ImportUserCert(cert_list)); |
+ if (import_status == net::OK) { |
+ net::CertDatabase::GetInstance()->NotifyObserversCertDBChanged(nullptr); |
+ } else { |
LOG(ERROR) << "Could not import certificate."; |
state->OnError(FROM_HERE, net::ErrorToString(import_status)); |
return; |