Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3494)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

Issue 2363653002: Cleanup unreachable cert adding code (Closed)
Patch Set: Rebased Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chrome_content_browser_client.cc ('k') | chrome/browser/ssl/ssl_add_certificate.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
index 594f9d7293832cdb3463e48be56ffe77075c190d..35366dc177c0b411e1dddb260d31acccd122b880 100644
--- a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
@@ -43,6 +43,7 @@
#include "net/cert/nss_cert_database.h"
#include "net/cert/x509_util_nss.h"
#include "net/ssl/ssl_cert_request_info.h"
+#include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
using content::BrowserContext;
using content::BrowserThread;
@@ -619,31 +620,26 @@ void GetCertificatesWithDB(std::unique_ptr<GetCertificatesState> state,
void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state,
net::NSSCertDatabase* cert_db) {
DCHECK_CURRENTLY_ON(BrowserThread::IO);
- // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to
- // the correct token.
- // |cert_db| is not required, ignore it.
- net::CertDatabase* db = net::CertDatabase::GetInstance();
-
- const net::Error cert_status =
- static_cast<net::Error>(db->CheckUserCert(state->certificate_.get()));
- if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) {
- state->OnError(FROM_HERE, kErrorKeyNotFound);
+
+ if (!state->certificate_) {
+ state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_INVALID));
return;
- } else if (cert_status != net::OK) {
- state->OnError(FROM_HERE, net::ErrorToString(cert_status));
+ }
+ if (state->certificate_->HasExpired()) {
+ state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_DATE_INVALID));
return;
}
// Check that the private key is in the correct slot.
- PK11SlotInfo* slot =
- PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL);
- if (slot != state->slot_.get()) {
+ crypto::ScopedPK11Slot slot(
+ PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL));
+ if (slot.get() != state->slot_.get()) {
state->OnError(FROM_HERE, kErrorKeyNotFound);
return;
}
- const net::Error import_status =
- static_cast<net::Error>(db->AddUserCert(state->certificate_.get()));
+ const net::Error import_status = static_cast<net::Error>(
+ cert_db->ImportUserCert(state->certificate_.get()));
if (import_status != net::OK) {
LOG(ERROR) << "Could not import certificate.";
state->OnError(FROM_HERE, net::ErrorToString(import_status));
« no previous file with comments | « chrome/browser/chrome_content_browser_client.cc ('k') | chrome/browser/ssl/ssl_add_certificate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698