| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 44 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . | 44 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . |
| 45 // Helper that observes events from the NSSCertDatabase and forwards them to | 45 // Helper that observes events from the NSSCertDatabase and forwards them to |
| 46 // the given CertDatabase. | 46 // the given CertDatabase. |
| 47 class CertNotificationForwarder : public NSSCertDatabase::Observer { | 47 class CertNotificationForwarder : public NSSCertDatabase::Observer { |
| 48 public: | 48 public: |
| 49 explicit CertNotificationForwarder(CertDatabase* cert_db) | 49 explicit CertNotificationForwarder(CertDatabase* cert_db) |
| 50 : cert_db_(cert_db) {} | 50 : cert_db_(cert_db) {} |
| 51 | 51 |
| 52 ~CertNotificationForwarder() override {} | 52 ~CertNotificationForwarder() override {} |
| 53 | 53 |
| 54 void OnCertDBChanged(const X509Certificate* cert) override { | 54 void OnCertDBChanged() override { cert_db_->NotifyObserversCertDBChanged(); } |
| 55 cert_db_->NotifyObserversCertDBChanged(cert); | |
| 56 } | |
| 57 | 55 |
| 58 private: | 56 private: |
| 59 CertDatabase* cert_db_; | 57 CertDatabase* cert_db_; |
| 60 | 58 |
| 61 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); | 59 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); |
| 62 }; | 60 }; |
| 63 | 61 |
| 64 } // namespace | 62 } // namespace |
| 65 | 63 |
| 66 NSSCertDatabase::ImportCertFailure::ImportCertFailure( | 64 NSSCertDatabase::ImportCertFailure::ImportCertFailure( |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 177 CertificateList* imported_certs) { | 175 CertificateList* imported_certs) { |
| 178 DVLOG(1) << __func__ << " " | 176 DVLOG(1) << __func__ << " " |
| 179 << PK11_GetModuleID(slot_info) << ":" | 177 << PK11_GetModuleID(slot_info) << ":" |
| 180 << PK11_GetSlotID(slot_info); | 178 << PK11_GetSlotID(slot_info); |
| 181 int result = psm::nsPKCS12Blob_Import(slot_info, | 179 int result = psm::nsPKCS12Blob_Import(slot_info, |
| 182 data.data(), data.size(), | 180 data.data(), data.size(), |
| 183 password, | 181 password, |
| 184 is_extractable, | 182 is_extractable, |
| 185 imported_certs); | 183 imported_certs); |
| 186 if (result == OK) | 184 if (result == OK) |
| 187 NotifyObserversCertDBChanged(NULL); | 185 NotifyObserversCertDBChanged(); |
| 188 | 186 |
| 189 return result; | 187 return result; |
| 190 } | 188 } |
| 191 | 189 |
| 192 int NSSCertDatabase::ExportToPKCS12( | 190 int NSSCertDatabase::ExportToPKCS12( |
| 193 const CertificateList& certs, | 191 const CertificateList& certs, |
| 194 const base::string16& password, | 192 const base::string16& password, |
| 195 std::string* output) const { | 193 std::string* output) const { |
| 196 return psm::nsPKCS12Blob_Export(output, certs, password); | 194 return psm::nsPKCS12Blob_Export(output, certs, password); |
| 197 } | 195 } |
| (...skipping 21 matching lines...) Expand all Loading... |
| 219 return cert0; | 217 return cert0; |
| 220 } | 218 } |
| 221 | 219 |
| 222 int NSSCertDatabase::ImportUserCert(const std::string& data) { | 220 int NSSCertDatabase::ImportUserCert(const std::string& data) { |
| 223 CertificateList certificates = | 221 CertificateList certificates = |
| 224 X509Certificate::CreateCertificateListFromBytes( | 222 X509Certificate::CreateCertificateListFromBytes( |
| 225 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); | 223 data.c_str(), data.size(), net::X509Certificate::FORMAT_AUTO); |
| 226 int result = psm::ImportUserCert(certificates); | 224 int result = psm::ImportUserCert(certificates); |
| 227 | 225 |
| 228 if (result == OK) | 226 if (result == OK) |
| 229 NotifyObserversCertDBChanged(NULL); | 227 NotifyObserversCertDBChanged(); |
| 230 | 228 |
| 231 return result; | 229 return result; |
| 232 } | 230 } |
| 233 | 231 |
| 234 int NSSCertDatabase::ImportUserCert(X509Certificate* certificate) { | 232 int NSSCertDatabase::ImportUserCert(X509Certificate* certificate) { |
| 235 CertificateList certificates; | 233 CertificateList certificates; |
| 236 certificates.emplace_back(certificate); | 234 certificates.emplace_back(certificate); |
| 237 int result = psm::ImportUserCert(certificates); | 235 int result = psm::ImportUserCert(certificates); |
| 238 | 236 |
| 239 if (result == OK) | 237 if (result == OK) |
| 240 NotifyObserversCertDBChanged(NULL); | 238 NotifyObserversCertDBChanged(); |
| 241 | 239 |
| 242 return result; | 240 return result; |
| 243 } | 241 } |
| 244 | 242 |
| 245 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, | 243 bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, |
| 246 TrustBits trust_bits, | 244 TrustBits trust_bits, |
| 247 ImportCertFailureList* not_imported) { | 245 ImportCertFailureList* not_imported) { |
| 248 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 246 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
| 249 X509Certificate* root = FindRootInList(certificates); | 247 X509Certificate* root = FindRootInList(certificates); |
| 250 bool success = psm::ImportCACerts( | 248 bool success = psm::ImportCACerts( |
| 251 slot.get(), certificates, root, trust_bits, not_imported); | 249 slot.get(), certificates, root, trust_bits, not_imported); |
| 252 if (success) | 250 if (success) |
| 253 NotifyObserversCertDBChanged(NULL); | 251 NotifyObserversCertDBChanged(); |
| 254 | 252 |
| 255 return success; | 253 return success; |
| 256 } | 254 } |
| 257 | 255 |
| 258 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, | 256 bool NSSCertDatabase::ImportServerCert(const CertificateList& certificates, |
| 259 TrustBits trust_bits, | 257 TrustBits trust_bits, |
| 260 ImportCertFailureList* not_imported) { | 258 ImportCertFailureList* not_imported) { |
| 261 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 259 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
| 262 return psm::ImportServerCert( | 260 return psm::ImportServerCert( |
| 263 slot.get(), certificates, trust_bits, not_imported); | 261 slot.get(), certificates, trust_bits, not_imported); |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 361 } | 359 } |
| 362 | 360 |
| 363 return false; | 361 return false; |
| 364 } | 362 } |
| 365 | 363 |
| 366 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, | 364 bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, |
| 367 CertType type, | 365 CertType type, |
| 368 TrustBits trust_bits) { | 366 TrustBits trust_bits) { |
| 369 bool success = psm::SetCertTrust(cert, type, trust_bits); | 367 bool success = psm::SetCertTrust(cert, type, trust_bits); |
| 370 if (success) | 368 if (success) |
| 371 NotifyObserversCertDBChanged(cert); | 369 NotifyObserversCertDBChanged(); |
| 372 | 370 |
| 373 return success; | 371 return success; |
| 374 } | 372 } |
| 375 | 373 |
| 376 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 374 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
| 377 if (!DeleteCertAndKeyImpl(cert)) | 375 if (!DeleteCertAndKeyImpl(cert)) |
| 378 return false; | 376 return false; |
| 379 NotifyObserversCertDBChanged(cert); | 377 NotifyObserversCertDBChanged(); |
| 380 return true; | 378 return true; |
| 381 } | 379 } |
| 382 | 380 |
| 383 void NSSCertDatabase::DeleteCertAndKeyAsync( | 381 void NSSCertDatabase::DeleteCertAndKeyAsync( |
| 384 const scoped_refptr<X509Certificate>& cert, | 382 const scoped_refptr<X509Certificate>& cert, |
| 385 const DeleteCertCallback& callback) { | 383 const DeleteCertCallback& callback) { |
| 386 base::PostTaskWithTraitsAndReplyWithResult( | 384 base::PostTaskWithTraitsAndReplyWithResult( |
| 387 FROM_HERE, base::TaskTraits() | 385 FROM_HERE, base::TaskTraits() |
| 388 .WithShutdownBehavior( | 386 .WithShutdownBehavior( |
| 389 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | 387 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 390 .MayBlock(), | 388 .MayBlock(), |
| 391 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 389 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
| 392 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, | 390 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, |
| 393 weak_factory_.GetWeakPtr(), cert, callback)); | 391 weak_factory_.GetWeakPtr(), callback)); |
| 394 } | 392 } |
| 395 | 393 |
| 396 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { | 394 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { |
| 397 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 395 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 398 return slot && PK11_IsReadOnly(slot); | 396 return slot && PK11_IsReadOnly(slot); |
| 399 } | 397 } |
| 400 | 398 |
| 401 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { | 399 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { |
| 402 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 400 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 403 return slot && PK11_IsHW(slot); | 401 return slot && PK11_IsHW(slot); |
| (...skipping 21 matching lines...) Expand all Loading... |
| 425 CERTCertListNode* node; | 423 CERTCertListNode* node; |
| 426 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); | 424 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); |
| 427 node = CERT_LIST_NEXT(node)) { | 425 node = CERT_LIST_NEXT(node)) { |
| 428 certs->push_back(X509Certificate::CreateFromHandle( | 426 certs->push_back(X509Certificate::CreateFromHandle( |
| 429 node->cert, X509Certificate::OSCertHandles())); | 427 node->cert, X509Certificate::OSCertHandles())); |
| 430 } | 428 } |
| 431 CERT_DestroyCertList(cert_list); | 429 CERT_DestroyCertList(cert_list); |
| 432 } | 430 } |
| 433 | 431 |
| 434 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 432 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
| 435 scoped_refptr<X509Certificate> cert, | |
| 436 const DeleteCertCallback& callback, | 433 const DeleteCertCallback& callback, |
| 437 bool success) { | 434 bool success) { |
| 438 if (success) | 435 if (success) |
| 439 NotifyObserversCertDBChanged(cert.get()); | 436 NotifyObserversCertDBChanged(); |
| 440 callback.Run(success); | 437 callback.Run(success); |
| 441 } | 438 } |
| 442 | 439 |
| 443 void NSSCertDatabase::NotifyObserversCertDBChanged( | 440 void NSSCertDatabase::NotifyObserversCertDBChanged() { |
| 444 const X509Certificate* cert) { | 441 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged); |
| 445 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged, | |
| 446 base::RetainedRef(cert)); | |
| 447 } | 442 } |
| 448 | 443 |
| 449 // static | 444 // static |
| 450 bool NSSCertDatabase::DeleteCertAndKeyImpl( | 445 bool NSSCertDatabase::DeleteCertAndKeyImpl( |
| 451 scoped_refptr<X509Certificate> cert) { | 446 scoped_refptr<X509Certificate> cert) { |
| 452 // For some reason, PK11_DeleteTokenCertAndKey only calls | 447 // For some reason, PK11_DeleteTokenCertAndKey only calls |
| 453 // SEC_DeletePermCertificate if the private key is found. So, we check | 448 // SEC_DeletePermCertificate if the private key is found. So, we check |
| 454 // whether a private key exists before deciding which function to call to | 449 // whether a private key exists before deciding which function to call to |
| 455 // delete the cert. | 450 // delete the cert. |
| 456 SECKEYPrivateKey* privKey = | 451 SECKEYPrivateKey* privKey = |
| 457 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); | 452 PK11_FindKeyByAnyCert(cert->os_cert_handle(), NULL); |
| 458 if (privKey) { | 453 if (privKey) { |
| 459 SECKEY_DestroyPrivateKey(privKey); | 454 SECKEY_DestroyPrivateKey(privKey); |
| 460 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { | 455 if (PK11_DeleteTokenCertAndKey(cert->os_cert_handle(), NULL)) { |
| 461 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); | 456 LOG(ERROR) << "PK11_DeleteTokenCertAndKey failed: " << PORT_GetError(); |
| 462 return false; | 457 return false; |
| 463 } | 458 } |
| 464 } else { | 459 } else { |
| 465 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 460 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
| 466 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 461 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
| 467 return false; | 462 return false; |
| 468 } | 463 } |
| 469 } | 464 } |
| 470 return true; | 465 return true; |
| 471 } | 466 } |
| 472 | 467 |
| 473 } // namespace net | 468 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2691683003:
Remove OnCertDBChanged |cert| parameter. (Closed)
