| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| 11 #include <secmod.h> | 11 #include <secmod.h> |
| 12 | 12 |
| 13 #include <memory> | 13 #include <memory> |
| 14 #include <utility> | 14 #include <utility> |
| 15 | 15 |
| 16 #include "base/bind.h" | 16 #include "base/bind.h" |
| 17 #include "base/callback.h" | 17 #include "base/callback.h" |
| 18 #include "base/logging.h" | 18 #include "base/logging.h" |
| 19 #include "base/macros.h" | 19 #include "base/macros.h" |
| 20 #include "base/observer_list_threadsafe.h" | 20 #include "base/observer_list_threadsafe.h" |
| 21 #include "base/task_runner.h" | 21 #include "base/task_scheduler/post_task.h" |
| 22 #include "base/task_runner_util.h" | |
| 23 #include "base/threading/worker_pool.h" | |
| 24 #include "crypto/scoped_nss_types.h" | 22 #include "crypto/scoped_nss_types.h" |
| 25 #include "net/base/crypto_module.h" | 23 #include "net/base/crypto_module.h" |
| 26 #include "net/base/net_errors.h" | 24 #include "net/base/net_errors.h" |
| 27 #include "net/cert/cert_database.h" | 25 #include "net/cert/cert_database.h" |
| 28 #include "net/cert/x509_certificate.h" | 26 #include "net/cert/x509_certificate.h" |
| 29 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 27 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
| 30 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 28 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
| 31 | 29 |
| 32 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use | 30 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use |
| 33 // the new name of the macro. | 31 // the new name of the macro. |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 97 ListCertsImpl(crypto::ScopedPK11Slot(), certs); | 95 ListCertsImpl(crypto::ScopedPK11Slot(), certs); |
| 98 } | 96 } |
| 99 | 97 |
| 100 void NSSCertDatabase::ListCerts( | 98 void NSSCertDatabase::ListCerts( |
| 101 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& | 99 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& |
| 102 callback) { | 100 callback) { |
| 103 std::unique_ptr<CertificateList> certs(new CertificateList()); | 101 std::unique_ptr<CertificateList> certs(new CertificateList()); |
| 104 | 102 |
| 105 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 103 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
| 106 CertificateList* raw_certs = certs.get(); | 104 CertificateList* raw_certs = certs.get(); |
| 107 GetSlowTaskRunner()->PostTaskAndReply( | 105 base::PostTaskWithTraitsAndReply( |
| 108 FROM_HERE, | 106 FROM_HERE, base::TaskTraits() |
| 107 .WithShutdownBehavior( |
| 108 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 109 .MayBlock(), |
| 109 base::Bind(&NSSCertDatabase::ListCertsImpl, | 110 base::Bind(&NSSCertDatabase::ListCertsImpl, |
| 110 base::Passed(crypto::ScopedPK11Slot()), | 111 base::Passed(crypto::ScopedPK11Slot()), |
| 111 base::Unretained(raw_certs)), | 112 base::Unretained(raw_certs)), |
| 112 base::Bind(callback, base::Passed(&certs))); | 113 base::Bind(callback, base::Passed(&certs))); |
| 113 } | 114 } |
| 114 | 115 |
| 115 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, | 116 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, |
| 116 PK11SlotInfo* slot) { | 117 PK11SlotInfo* slot) { |
| 117 DCHECK(slot); | 118 DCHECK(slot); |
| 118 std::unique_ptr<CertificateList> certs(new CertificateList()); | 119 std::unique_ptr<CertificateList> certs(new CertificateList()); |
| 119 | 120 |
| 120 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 121 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
| 121 CertificateList* raw_certs = certs.get(); | 122 CertificateList* raw_certs = certs.get(); |
| 122 GetSlowTaskRunner()->PostTaskAndReply( | 123 base::PostTaskWithTraitsAndReply( |
| 123 FROM_HERE, | 124 FROM_HERE, base::TaskTraits() |
| 125 .WithShutdownBehavior( |
| 126 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 127 .MayBlock(), |
| 124 base::Bind(&NSSCertDatabase::ListCertsImpl, | 128 base::Bind(&NSSCertDatabase::ListCertsImpl, |
| 125 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), | 129 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), |
| 126 base::Unretained(raw_certs)), | 130 base::Unretained(raw_certs)), |
| 127 base::Bind(callback, base::Passed(&certs))); | 131 base::Bind(callback, base::Passed(&certs))); |
| 128 } | 132 } |
| 129 | 133 |
| 130 #if defined(OS_CHROMEOS) | 134 #if defined(OS_CHROMEOS) |
| 131 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { | 135 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { |
| 132 return crypto::ScopedPK11Slot(); | 136 return crypto::ScopedPK11Slot(); |
| 133 } | 137 } |
| (...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 382 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 386 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
| 383 if (!DeleteCertAndKeyImpl(cert)) | 387 if (!DeleteCertAndKeyImpl(cert)) |
| 384 return false; | 388 return false; |
| 385 NotifyObserversCertDBChanged(cert); | 389 NotifyObserversCertDBChanged(cert); |
| 386 return true; | 390 return true; |
| 387 } | 391 } |
| 388 | 392 |
| 389 void NSSCertDatabase::DeleteCertAndKeyAsync( | 393 void NSSCertDatabase::DeleteCertAndKeyAsync( |
| 390 const scoped_refptr<X509Certificate>& cert, | 394 const scoped_refptr<X509Certificate>& cert, |
| 391 const DeleteCertCallback& callback) { | 395 const DeleteCertCallback& callback) { |
| 392 base::PostTaskAndReplyWithResult( | 396 base::PostTaskWithTraitsAndReplyWithResult( |
| 393 GetSlowTaskRunner().get(), | 397 FROM_HERE, base::TaskTraits() |
| 394 FROM_HERE, | 398 .WithShutdownBehavior( |
| 399 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 400 .MayBlock(), |
| 395 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 401 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
| 396 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, | 402 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, |
| 397 weak_factory_.GetWeakPtr(), | 403 weak_factory_.GetWeakPtr(), cert, callback)); |
| 398 cert, | |
| 399 callback)); | |
| 400 } | 404 } |
| 401 | 405 |
| 402 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { | 406 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { |
| 403 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 407 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 404 return slot && PK11_IsReadOnly(slot); | 408 return slot && PK11_IsReadOnly(slot); |
| 405 } | 409 } |
| 406 | 410 |
| 407 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { | 411 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { |
| 408 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 412 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 409 return slot && PK11_IsHW(slot); | 413 return slot && PK11_IsHW(slot); |
| 410 } | 414 } |
| 411 | 415 |
| 412 void NSSCertDatabase::AddObserver(Observer* observer) { | 416 void NSSCertDatabase::AddObserver(Observer* observer) { |
| 413 observer_list_->AddObserver(observer); | 417 observer_list_->AddObserver(observer); |
| 414 } | 418 } |
| 415 | 419 |
| 416 void NSSCertDatabase::RemoveObserver(Observer* observer) { | 420 void NSSCertDatabase::RemoveObserver(Observer* observer) { |
| 417 observer_list_->RemoveObserver(observer); | 421 observer_list_->RemoveObserver(observer); |
| 418 } | 422 } |
| 419 | 423 |
| 420 void NSSCertDatabase::SetSlowTaskRunnerForTest( | |
| 421 const scoped_refptr<base::TaskRunner>& task_runner) { | |
| 422 slow_task_runner_for_test_ = task_runner; | |
| 423 } | |
| 424 | |
| 425 // static | 424 // static |
| 426 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, | 425 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, |
| 427 CertificateList* certs) { | 426 CertificateList* certs) { |
| 428 certs->clear(); | 427 certs->clear(); |
| 429 | 428 |
| 430 CERTCertList* cert_list = NULL; | 429 CERTCertList* cert_list = NULL; |
| 431 if (slot) | 430 if (slot) |
| 432 cert_list = PK11_ListCertsInSlot(slot.get()); | 431 cert_list = PK11_ListCertsInSlot(slot.get()); |
| 433 else | 432 else |
| 434 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); | 433 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); |
| 435 | 434 |
| 436 CERTCertListNode* node; | 435 CERTCertListNode* node; |
| 437 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); | 436 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); |
| 438 node = CERT_LIST_NEXT(node)) { | 437 node = CERT_LIST_NEXT(node)) { |
| 439 certs->push_back(X509Certificate::CreateFromHandle( | 438 certs->push_back(X509Certificate::CreateFromHandle( |
| 440 node->cert, X509Certificate::OSCertHandles())); | 439 node->cert, X509Certificate::OSCertHandles())); |
| 441 } | 440 } |
| 442 CERT_DestroyCertList(cert_list); | 441 CERT_DestroyCertList(cert_list); |
| 443 } | 442 } |
| 444 | 443 |
| 445 scoped_refptr<base::TaskRunner> NSSCertDatabase::GetSlowTaskRunner() const { | |
| 446 if (slow_task_runner_for_test_.get()) | |
| 447 return slow_task_runner_for_test_; | |
| 448 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); | |
| 449 } | |
| 450 | |
| 451 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 444 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
| 452 scoped_refptr<X509Certificate> cert, | 445 scoped_refptr<X509Certificate> cert, |
| 453 const DeleteCertCallback& callback, | 446 const DeleteCertCallback& callback, |
| 454 bool success) { | 447 bool success) { |
| 455 if (success) | 448 if (success) |
| 456 NotifyObserversCertDBChanged(cert.get()); | 449 NotifyObserversCertDBChanged(cert.get()); |
| 457 callback.Run(success); | 450 callback.Run(success); |
| 458 } | 451 } |
| 459 | 452 |
| 460 void NSSCertDatabase::NotifyObserversCertDBChanged( | 453 void NSSCertDatabase::NotifyObserversCertDBChanged( |
| (...skipping 20 matching lines...) Expand all Loading... |
| 481 } else { | 474 } else { |
| 482 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 475 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
| 483 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 476 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
| 484 return false; | 477 return false; |
| 485 } | 478 } |
| 486 } | 479 } |
| 487 return true; | 480 return true; |
| 488 } | 481 } |
| 489 | 482 |
| 490 } // namespace net | 483 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2603173002:
Use TaskScheduler instead of WorkerPool in nss_cert_database.cc. (Closed)
