OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <certdb.h> | 8 #include <certdb.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
11 #include <secmod.h> | 11 #include <secmod.h> |
12 | 12 |
13 #include <memory> | 13 #include <memory> |
14 #include <utility> | 14 #include <utility> |
15 | 15 |
16 #include "base/bind.h" | 16 #include "base/bind.h" |
17 #include "base/callback.h" | 17 #include "base/callback.h" |
18 #include "base/logging.h" | 18 #include "base/logging.h" |
19 #include "base/macros.h" | 19 #include "base/macros.h" |
20 #include "base/observer_list_threadsafe.h" | 20 #include "base/observer_list_threadsafe.h" |
21 #include "base/task_runner.h" | 21 #include "base/task_scheduler/post_task.h" |
22 #include "base/task_runner_util.h" | |
23 #include "base/threading/worker_pool.h" | |
24 #include "crypto/scoped_nss_types.h" | 22 #include "crypto/scoped_nss_types.h" |
25 #include "net/base/crypto_module.h" | 23 #include "net/base/crypto_module.h" |
26 #include "net/base/net_errors.h" | 24 #include "net/base/net_errors.h" |
27 #include "net/cert/cert_database.h" | 25 #include "net/cert/cert_database.h" |
28 #include "net/cert/x509_certificate.h" | 26 #include "net/cert/x509_certificate.h" |
29 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 27 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
30 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 28 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
31 | 29 |
32 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use | 30 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use |
33 // the new name of the macro. | 31 // the new name of the macro. |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
97 ListCertsImpl(crypto::ScopedPK11Slot(), certs); | 95 ListCertsImpl(crypto::ScopedPK11Slot(), certs); |
98 } | 96 } |
99 | 97 |
100 void NSSCertDatabase::ListCerts( | 98 void NSSCertDatabase::ListCerts( |
101 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& | 99 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& |
102 callback) { | 100 callback) { |
103 std::unique_ptr<CertificateList> certs(new CertificateList()); | 101 std::unique_ptr<CertificateList> certs(new CertificateList()); |
104 | 102 |
105 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 103 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
106 CertificateList* raw_certs = certs.get(); | 104 CertificateList* raw_certs = certs.get(); |
107 GetSlowTaskRunner()->PostTaskAndReply( | 105 base::PostTaskWithTraitsAndReply( |
108 FROM_HERE, | 106 FROM_HERE, base::TaskTraits() |
| 107 .WithShutdownBehavior( |
| 108 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 109 .MayBlock(), |
109 base::Bind(&NSSCertDatabase::ListCertsImpl, | 110 base::Bind(&NSSCertDatabase::ListCertsImpl, |
110 base::Passed(crypto::ScopedPK11Slot()), | 111 base::Passed(crypto::ScopedPK11Slot()), |
111 base::Unretained(raw_certs)), | 112 base::Unretained(raw_certs)), |
112 base::Bind(callback, base::Passed(&certs))); | 113 base::Bind(callback, base::Passed(&certs))); |
113 } | 114 } |
114 | 115 |
115 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, | 116 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, |
116 PK11SlotInfo* slot) { | 117 PK11SlotInfo* slot) { |
117 DCHECK(slot); | 118 DCHECK(slot); |
118 std::unique_ptr<CertificateList> certs(new CertificateList()); | 119 std::unique_ptr<CertificateList> certs(new CertificateList()); |
119 | 120 |
120 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 121 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
121 CertificateList* raw_certs = certs.get(); | 122 CertificateList* raw_certs = certs.get(); |
122 GetSlowTaskRunner()->PostTaskAndReply( | 123 base::PostTaskWithTraitsAndReply( |
123 FROM_HERE, | 124 FROM_HERE, base::TaskTraits() |
| 125 .WithShutdownBehavior( |
| 126 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 127 .MayBlock(), |
124 base::Bind(&NSSCertDatabase::ListCertsImpl, | 128 base::Bind(&NSSCertDatabase::ListCertsImpl, |
125 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), | 129 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), |
126 base::Unretained(raw_certs)), | 130 base::Unretained(raw_certs)), |
127 base::Bind(callback, base::Passed(&certs))); | 131 base::Bind(callback, base::Passed(&certs))); |
128 } | 132 } |
129 | 133 |
130 #if defined(OS_CHROMEOS) | 134 #if defined(OS_CHROMEOS) |
131 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { | 135 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { |
132 return crypto::ScopedPK11Slot(); | 136 return crypto::ScopedPK11Slot(); |
133 } | 137 } |
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
372 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 376 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
373 if (!DeleteCertAndKeyImpl(cert)) | 377 if (!DeleteCertAndKeyImpl(cert)) |
374 return false; | 378 return false; |
375 NotifyObserversCertDBChanged(cert); | 379 NotifyObserversCertDBChanged(cert); |
376 return true; | 380 return true; |
377 } | 381 } |
378 | 382 |
379 void NSSCertDatabase::DeleteCertAndKeyAsync( | 383 void NSSCertDatabase::DeleteCertAndKeyAsync( |
380 const scoped_refptr<X509Certificate>& cert, | 384 const scoped_refptr<X509Certificate>& cert, |
381 const DeleteCertCallback& callback) { | 385 const DeleteCertCallback& callback) { |
382 base::PostTaskAndReplyWithResult( | 386 base::PostTaskWithTraitsAndReplyWithResult( |
383 GetSlowTaskRunner().get(), | 387 FROM_HERE, base::TaskTraits() |
384 FROM_HERE, | 388 .WithShutdownBehavior( |
| 389 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 390 .MayBlock(), |
385 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 391 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
386 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, | 392 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, |
387 weak_factory_.GetWeakPtr(), | 393 weak_factory_.GetWeakPtr(), cert, callback)); |
388 cert, | |
389 callback)); | |
390 } | 394 } |
391 | 395 |
392 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { | 396 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { |
393 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 397 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
394 return slot && PK11_IsReadOnly(slot); | 398 return slot && PK11_IsReadOnly(slot); |
395 } | 399 } |
396 | 400 |
397 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { | 401 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { |
398 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 402 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
399 return slot && PK11_IsHW(slot); | 403 return slot && PK11_IsHW(slot); |
400 } | 404 } |
401 | 405 |
402 void NSSCertDatabase::AddObserver(Observer* observer) { | 406 void NSSCertDatabase::AddObserver(Observer* observer) { |
403 observer_list_->AddObserver(observer); | 407 observer_list_->AddObserver(observer); |
404 } | 408 } |
405 | 409 |
406 void NSSCertDatabase::RemoveObserver(Observer* observer) { | 410 void NSSCertDatabase::RemoveObserver(Observer* observer) { |
407 observer_list_->RemoveObserver(observer); | 411 observer_list_->RemoveObserver(observer); |
408 } | 412 } |
409 | 413 |
410 void NSSCertDatabase::SetSlowTaskRunnerForTest( | |
411 const scoped_refptr<base::TaskRunner>& task_runner) { | |
412 slow_task_runner_for_test_ = task_runner; | |
413 } | |
414 | |
415 // static | 414 // static |
416 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, | 415 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, |
417 CertificateList* certs) { | 416 CertificateList* certs) { |
418 certs->clear(); | 417 certs->clear(); |
419 | 418 |
420 CERTCertList* cert_list = NULL; | 419 CERTCertList* cert_list = NULL; |
421 if (slot) | 420 if (slot) |
422 cert_list = PK11_ListCertsInSlot(slot.get()); | 421 cert_list = PK11_ListCertsInSlot(slot.get()); |
423 else | 422 else |
424 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); | 423 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); |
425 | 424 |
426 CERTCertListNode* node; | 425 CERTCertListNode* node; |
427 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); | 426 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); |
428 node = CERT_LIST_NEXT(node)) { | 427 node = CERT_LIST_NEXT(node)) { |
429 certs->push_back(X509Certificate::CreateFromHandle( | 428 certs->push_back(X509Certificate::CreateFromHandle( |
430 node->cert, X509Certificate::OSCertHandles())); | 429 node->cert, X509Certificate::OSCertHandles())); |
431 } | 430 } |
432 CERT_DestroyCertList(cert_list); | 431 CERT_DestroyCertList(cert_list); |
433 } | 432 } |
434 | 433 |
435 scoped_refptr<base::TaskRunner> NSSCertDatabase::GetSlowTaskRunner() const { | |
436 if (slow_task_runner_for_test_.get()) | |
437 return slow_task_runner_for_test_; | |
438 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); | |
439 } | |
440 | |
441 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 434 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
442 scoped_refptr<X509Certificate> cert, | 435 scoped_refptr<X509Certificate> cert, |
443 const DeleteCertCallback& callback, | 436 const DeleteCertCallback& callback, |
444 bool success) { | 437 bool success) { |
445 if (success) | 438 if (success) |
446 NotifyObserversCertDBChanged(cert.get()); | 439 NotifyObserversCertDBChanged(cert.get()); |
447 callback.Run(success); | 440 callback.Run(success); |
448 } | 441 } |
449 | 442 |
450 void NSSCertDatabase::NotifyObserversCertDBChanged( | 443 void NSSCertDatabase::NotifyObserversCertDBChanged( |
(...skipping 20 matching lines...) Expand all Loading... |
471 } else { | 464 } else { |
472 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 465 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
473 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 466 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
474 return false; | 467 return false; |
475 } | 468 } |
476 } | 469 } |
477 return true; | 470 return true; |
478 } | 471 } |
479 | 472 |
480 } // namespace net | 473 } // namespace net |
OLD | NEW |