Index: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc |
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc |
index 594f9d7293832cdb3463e48be56ffe77075c190d..35366dc177c0b411e1dddb260d31acccd122b880 100644 |
--- a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc |
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc |
@@ -43,6 +43,7 @@ |
#include "net/cert/nss_cert_database.h" |
#include "net/cert/x509_util_nss.h" |
#include "net/ssl/ssl_cert_request_info.h" |
+#include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
using content::BrowserContext; |
using content::BrowserThread; |
@@ -619,31 +620,26 @@ void GetCertificatesWithDB(std::unique_ptr<GetCertificatesState> state, |
void ImportCertificateWithDB(std::unique_ptr<ImportCertificateState> state, |
net::NSSCertDatabase* cert_db) { |
DCHECK_CURRENTLY_ON(BrowserThread::IO); |
- // TODO(pneubeck): Use |state->slot_| to verify that we're really importing to |
- // the correct token. |
- // |cert_db| is not required, ignore it. |
- net::CertDatabase* db = net::CertDatabase::GetInstance(); |
- |
- const net::Error cert_status = |
- static_cast<net::Error>(db->CheckUserCert(state->certificate_.get())); |
- if (cert_status == net::ERR_NO_PRIVATE_KEY_FOR_CERT) { |
- state->OnError(FROM_HERE, kErrorKeyNotFound); |
+ |
+ if (!state->certificate_) { |
+ state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_INVALID)); |
return; |
- } else if (cert_status != net::OK) { |
- state->OnError(FROM_HERE, net::ErrorToString(cert_status)); |
+ } |
+ if (state->certificate_->HasExpired()) { |
+ state->OnError(FROM_HERE, net::ErrorToString(net::ERR_CERT_DATE_INVALID)); |
return; |
} |
// Check that the private key is in the correct slot. |
- PK11SlotInfo* slot = |
- PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL); |
- if (slot != state->slot_.get()) { |
+ crypto::ScopedPK11Slot slot( |
+ PK11_KeyForCertExists(state->certificate_->os_cert_handle(), NULL, NULL)); |
+ if (slot.get() != state->slot_.get()) { |
state->OnError(FROM_HERE, kErrorKeyNotFound); |
return; |
} |
- const net::Error import_status = |
- static_cast<net::Error>(db->AddUserCert(state->certificate_.get())); |
+ const net::Error import_status = static_cast<net::Error>( |
+ cert_db->ImportUserCert(state->certificate_.get())); |
if (import_status != net::OK) { |
LOG(ERROR) << "Could not import certificate."; |
state->OnError(FROM_HERE, net::ErrorToString(import_status)); |