chrome/browser/chromeos/platform_keys/platform_keys_nss.cc - Issue 2363653002: Cleanup unreachable cert adding code

Unified Diff: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

Issue 2363653002: Cleanup unreachable cert adding code (Closed)

Patch Set: Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

index 594f9d7293832cdb3463e48be56ffe77075c190d..bd923f1cf50380790da3ae68c96ceb675380c7b6 100644

--- a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

+++ b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

@@ -43,6 +43,7 @@

#include "net/cert/nss_cert_database.h"

#include "net/cert/x509_util_nss.h"

#include "net/ssl/ssl_cert_request_info.h"

+#include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"

using content::BrowserContext;

using content::BrowserThread;

@@ -619,32 +620,31 @@ void GetCertificatesWithDB(std::unique_ptr<GetCertificatesState> state,

void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state,

net::NSSCertDatabase* cert_db) {

DCHECK_CURRENTLY_ON(BrowserThread::IO);

- // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to

- // the correct token.

- // |cert_db| is not required, ignore it.

- net::CertDatabase* db = net::CertDatabase::GetInstance();

- const net::Error cert_status =

- static_cast<net::Error>(db->CheckUserCert(state->certificate_.get()));

- if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) {

- state->OnError(FROM_HERE, kErrorKeyNotFound);

+ if (!state->certificate_) {

+ state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_INVALID));

return;

- } else if (cert_status != net::OK) {

- state->OnError(FROM_HERE, net::ErrorToString(cert_status));

+ }

+ if (state->certificate_->HasExpired()) {

+ state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_DATE_INVALID));

return;

}

// Check that the private key is in the correct slot.

- PK11SlotInfo* slot =

Ryan Sleevi 2016/09/22 08:44:29 Lovely persistent memory leak :(

+ crypto::ScopedPK11Slot slot =

svaldez 2016/09/22 16:50:25 crypto::ScopedPK11Slot slot(...)?

PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL);

- if (slot != state->slot_.get()) {

+ if (slot.get() != state->slot_.get()) {

state->OnError(FROM_HERE, kErrorKeyNotFound);

return;

}

- const net::Error import_status =

- static_cast<net::Error>(db->AddUserCert(state->certificate_.get()));

- if (import_status != net::OK) {

+ net::CertificateList cert_list;

+ cert_list.push_back(state->certificate_);

+ const net::Error import_status = static_cast<net::Error>(

+ mozilla_security_manager::ImportUserCert(cert_list));

+ if (import_status == net::OK) {

+ net::CertDatabase::GetInstance()->NotifyObserversCertDBChanged(nullptr);

+ } else {

LOG(ERROR) << "Could not import certificate.";

state->OnError(FROM_HERE, net::ErrorToString(import_status));

return;

« no previous file with comments | « chrome/browser/chrome_content_browser_client.cc ('k') | chrome/browser/ssl/ssl_add_certificate.h » ('j') | net/cert/cert_database_mac.cc » ('J')