| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| 11 #include <secmod.h> | 11 #include <secmod.h> |
| 12 | 12 |
| 13 #include <memory> | 13 #include <memory> |
| 14 #include <utility> | 14 #include <utility> |
| 15 | 15 |
| 16 #include "base/bind.h" | 16 #include "base/bind.h" |
| 17 #include "base/callback.h" | 17 #include "base/callback.h" |
| 18 #include "base/logging.h" | 18 #include "base/logging.h" |
| 19 #include "base/macros.h" | 19 #include "base/macros.h" |
| 20 #include "base/observer_list_threadsafe.h" | 20 #include "base/observer_list_threadsafe.h" |
| 21 #include "base/task_runner.h" | 21 #include "base/task_scheduler/post_task.h" |
| 22 #include "base/task_runner_util.h" | |
| 23 #include "base/threading/worker_pool.h" | |
| 24 #include "crypto/scoped_nss_types.h" | 22 #include "crypto/scoped_nss_types.h" |
| 25 #include "net/base/crypto_module.h" | 23 #include "net/base/crypto_module.h" |
| 26 #include "net/base/net_errors.h" | 24 #include "net/base/net_errors.h" |
| 27 #include "net/cert/cert_database.h" | 25 #include "net/cert/cert_database.h" |
| 28 #include "net/cert/x509_certificate.h" | 26 #include "net/cert/x509_certificate.h" |
| 29 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 27 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
| 30 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 28 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
| 31 | 29 |
| 32 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use | 30 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use |
| 33 // the new name of the macro. | 31 // the new name of the macro. |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 97 ListCertsImpl(crypto::ScopedPK11Slot(), certs); | 95 ListCertsImpl(crypto::ScopedPK11Slot(), certs); |
| 98 } | 96 } |
| 99 | 97 |
| 100 void NSSCertDatabase::ListCerts( | 98 void NSSCertDatabase::ListCerts( |
| 101 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& | 99 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& |
| 102 callback) { | 100 callback) { |
| 103 std::unique_ptr<CertificateList> certs(new CertificateList()); | 101 std::unique_ptr<CertificateList> certs(new CertificateList()); |
| 104 | 102 |
| 105 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 103 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
| 106 CertificateList* raw_certs = certs.get(); | 104 CertificateList* raw_certs = certs.get(); |
| 107 GetSlowTaskRunner()->PostTaskAndReply( | 105 base::PostTaskWithTraitsAndReply( |
| 108 FROM_HERE, | 106 FROM_HERE, base::TaskTraits() |
| 107 .WithShutdownBehavior( |
| 108 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 109 .MayBlock(), |
| 109 base::Bind(&NSSCertDatabase::ListCertsImpl, | 110 base::Bind(&NSSCertDatabase::ListCertsImpl, |
| 110 base::Passed(crypto::ScopedPK11Slot()), | 111 base::Passed(crypto::ScopedPK11Slot()), |
| 111 base::Unretained(raw_certs)), | 112 base::Unretained(raw_certs)), |
| 112 base::Bind(callback, base::Passed(&certs))); | 113 base::Bind(callback, base::Passed(&certs))); |
| 113 } | 114 } |
| 114 | 115 |
| 115 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, | 116 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, |
| 116 PK11SlotInfo* slot) { | 117 PK11SlotInfo* slot) { |
| 117 DCHECK(slot); | 118 DCHECK(slot); |
| 118 std::unique_ptr<CertificateList> certs(new CertificateList()); | 119 std::unique_ptr<CertificateList> certs(new CertificateList()); |
| 119 | 120 |
| 120 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 121 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
| 121 CertificateList* raw_certs = certs.get(); | 122 CertificateList* raw_certs = certs.get(); |
| 122 GetSlowTaskRunner()->PostTaskAndReply( | 123 base::PostTaskWithTraitsAndReply( |
| 123 FROM_HERE, | 124 FROM_HERE, base::TaskTraits() |
| 125 .WithShutdownBehavior( |
| 126 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 127 .MayBlock(), |
| 124 base::Bind(&NSSCertDatabase::ListCertsImpl, | 128 base::Bind(&NSSCertDatabase::ListCertsImpl, |
| 125 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), | 129 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), |
| 126 base::Unretained(raw_certs)), | 130 base::Unretained(raw_certs)), |
| 127 base::Bind(callback, base::Passed(&certs))); | 131 base::Bind(callback, base::Passed(&certs))); |
| 128 } | 132 } |
| 129 | 133 |
| 130 #if defined(OS_CHROMEOS) | 134 #if defined(OS_CHROMEOS) |
| 131 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { | 135 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { |
| 132 return crypto::ScopedPK11Slot(); | 136 return crypto::ScopedPK11Slot(); |
| 133 } | 137 } |
| (...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 372 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 376 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
| 373 if (!DeleteCertAndKeyImpl(cert)) | 377 if (!DeleteCertAndKeyImpl(cert)) |
| 374 return false; | 378 return false; |
| 375 NotifyObserversCertDBChanged(cert); | 379 NotifyObserversCertDBChanged(cert); |
| 376 return true; | 380 return true; |
| 377 } | 381 } |
| 378 | 382 |
| 379 void NSSCertDatabase::DeleteCertAndKeyAsync( | 383 void NSSCertDatabase::DeleteCertAndKeyAsync( |
| 380 const scoped_refptr<X509Certificate>& cert, | 384 const scoped_refptr<X509Certificate>& cert, |
| 381 const DeleteCertCallback& callback) { | 385 const DeleteCertCallback& callback) { |
| 382 base::PostTaskAndReplyWithResult( | 386 base::PostTaskWithTraitsAndReplyWithResult( |
| 383 GetSlowTaskRunner().get(), | 387 FROM_HERE, base::TaskTraits() |
| 384 FROM_HERE, | 388 .WithShutdownBehavior( |
| 389 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 390 .MayBlock(), |
| 385 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 391 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
| 386 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, | 392 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, |
| 387 weak_factory_.GetWeakPtr(), | 393 weak_factory_.GetWeakPtr(), cert, callback)); |
| 388 cert, | |
| 389 callback)); | |
| 390 } | 394 } |
| 391 | 395 |
| 392 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { | 396 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { |
| 393 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 397 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 394 return slot && PK11_IsReadOnly(slot); | 398 return slot && PK11_IsReadOnly(slot); |
| 395 } | 399 } |
| 396 | 400 |
| 397 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { | 401 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { |
| 398 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 402 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 399 return slot && PK11_IsHW(slot); | 403 return slot && PK11_IsHW(slot); |
| 400 } | 404 } |
| 401 | 405 |
| 402 void NSSCertDatabase::AddObserver(Observer* observer) { | 406 void NSSCertDatabase::AddObserver(Observer* observer) { |
| 403 observer_list_->AddObserver(observer); | 407 observer_list_->AddObserver(observer); |
| 404 } | 408 } |
| 405 | 409 |
| 406 void NSSCertDatabase::RemoveObserver(Observer* observer) { | 410 void NSSCertDatabase::RemoveObserver(Observer* observer) { |
| 407 observer_list_->RemoveObserver(observer); | 411 observer_list_->RemoveObserver(observer); |
| 408 } | 412 } |
| 409 | 413 |
| 410 void NSSCertDatabase::SetSlowTaskRunnerForTest( | |
| 411 const scoped_refptr<base::TaskRunner>& task_runner) { | |
| 412 slow_task_runner_for_test_ = task_runner; | |
| 413 } | |
| 414 | |
| 415 // static | 414 // static |
| 416 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, | 415 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, |
| 417 CertificateList* certs) { | 416 CertificateList* certs) { |
| 418 certs->clear(); | 417 certs->clear(); |
| 419 | 418 |
| 420 CERTCertList* cert_list = NULL; | 419 CERTCertList* cert_list = NULL; |
| 421 if (slot) | 420 if (slot) |
| 422 cert_list = PK11_ListCertsInSlot(slot.get()); | 421 cert_list = PK11_ListCertsInSlot(slot.get()); |
| 423 else | 422 else |
| 424 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); | 423 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); |
| 425 | 424 |
| 426 CERTCertListNode* node; | 425 CERTCertListNode* node; |
| 427 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); | 426 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); |
| 428 node = CERT_LIST_NEXT(node)) { | 427 node = CERT_LIST_NEXT(node)) { |
| 429 certs->push_back(X509Certificate::CreateFromHandle( | 428 certs->push_back(X509Certificate::CreateFromHandle( |
| 430 node->cert, X509Certificate::OSCertHandles())); | 429 node->cert, X509Certificate::OSCertHandles())); |
| 431 } | 430 } |
| 432 CERT_DestroyCertList(cert_list); | 431 CERT_DestroyCertList(cert_list); |
| 433 } | 432 } |
| 434 | 433 |
| 435 scoped_refptr<base::TaskRunner> NSSCertDatabase::GetSlowTaskRunner() const { | |
| 436 if (slow_task_runner_for_test_.get()) | |
| 437 return slow_task_runner_for_test_; | |
| 438 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); | |
| 439 } | |
| 440 | |
| 441 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 434 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
| 442 scoped_refptr<X509Certificate> cert, | 435 scoped_refptr<X509Certificate> cert, |
| 443 const DeleteCertCallback& callback, | 436 const DeleteCertCallback& callback, |
| 444 bool success) { | 437 bool success) { |
| 445 if (success) | 438 if (success) |
| 446 NotifyObserversCertDBChanged(cert.get()); | 439 NotifyObserversCertDBChanged(cert.get()); |
| 447 callback.Run(success); | 440 callback.Run(success); |
| 448 } | 441 } |
| 449 | 442 |
| 450 void NSSCertDatabase::NotifyObserversCertDBChanged( | 443 void NSSCertDatabase::NotifyObserversCertDBChanged( |
| (...skipping 20 matching lines...) Expand all Loading... |
| 471 } else { | 464 } else { |
| 472 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 465 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
| 473 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 466 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
| 474 return false; | 467 return false; |
| 475 } | 468 } |
| 476 } | 469 } |
| 477 return true; | 470 return true; |
| 478 } | 471 } |
| 479 | 472 |
| 480 } // namespace net | 473 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2603173002:
Use TaskScheduler instead of WorkerPool in nss_cert_database.cc. (Closed)
