| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| 11 #include <secmod.h> | 11 #include <secmod.h> |
| 12 | 12 |
| 13 #include <memory> | 13 #include <memory> |
| 14 #include <utility> | 14 #include <utility> |
| 15 | 15 |
| 16 #include "base/bind.h" | 16 #include "base/bind.h" |
| 17 #include "base/callback.h" | 17 #include "base/callback.h" |
| 18 #include "base/logging.h" | 18 #include "base/logging.h" |
| 19 #include "base/macros.h" | 19 #include "base/macros.h" |
| 20 #include "base/observer_list_threadsafe.h" | 20 #include "base/observer_list_threadsafe.h" |
| 21 #include "base/task_scheduler/post_task.h" | 21 #include "base/task_runner.h" |
| 22 #include "base/task_runner_util.h" |
| 23 #include "base/threading/worker_pool.h" |
| 22 #include "crypto/scoped_nss_types.h" | 24 #include "crypto/scoped_nss_types.h" |
| 23 #include "net/base/crypto_module.h" | 25 #include "net/base/crypto_module.h" |
| 24 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
| 25 #include "net/cert/cert_database.h" | 27 #include "net/cert/cert_database.h" |
| 26 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
| 27 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 29 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
| 28 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 30 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
| 29 | 31 |
| 30 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use | 32 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use |
| 31 // the new name of the macro. | 33 // the new name of the macro. |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 93 ListCertsImpl(crypto::ScopedPK11Slot(), certs); | 95 ListCertsImpl(crypto::ScopedPK11Slot(), certs); |
| 94 } | 96 } |
| 95 | 97 |
| 96 void NSSCertDatabase::ListCerts( | 98 void NSSCertDatabase::ListCerts( |
| 97 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& | 99 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& |
| 98 callback) { | 100 callback) { |
| 99 std::unique_ptr<CertificateList> certs(new CertificateList()); | 101 std::unique_ptr<CertificateList> certs(new CertificateList()); |
| 100 | 102 |
| 101 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 103 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
| 102 CertificateList* raw_certs = certs.get(); | 104 CertificateList* raw_certs = certs.get(); |
| 103 base::PostTaskWithTraitsAndReply( | 105 GetSlowTaskRunner()->PostTaskAndReply( |
| 104 FROM_HERE, base::TaskTraits() | 106 FROM_HERE, base::Bind(&NSSCertDatabase::ListCertsImpl, |
| 105 .WithShutdownBehavior( | 107 base::Passed(crypto::ScopedPK11Slot()), |
| 106 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | 108 base::Unretained(raw_certs)), |
| 107 .MayBlock(), | |
| 108 base::Bind(&NSSCertDatabase::ListCertsImpl, | |
| 109 base::Passed(crypto::ScopedPK11Slot()), | |
| 110 base::Unretained(raw_certs)), | |
| 111 base::Bind(callback, base::Passed(&certs))); | 109 base::Bind(callback, base::Passed(&certs))); |
| 112 } | 110 } |
| 113 | 111 |
| 114 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, | 112 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, |
| 115 PK11SlotInfo* slot) { | 113 PK11SlotInfo* slot) { |
| 116 DCHECK(slot); | 114 DCHECK(slot); |
| 117 std::unique_ptr<CertificateList> certs(new CertificateList()); | 115 std::unique_ptr<CertificateList> certs(new CertificateList()); |
| 118 | 116 |
| 119 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 117 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
| 120 CertificateList* raw_certs = certs.get(); | 118 CertificateList* raw_certs = certs.get(); |
| 121 base::PostTaskWithTraitsAndReply( | 119 GetSlowTaskRunner()->PostTaskAndReply( |
| 122 FROM_HERE, base::TaskTraits() | 120 FROM_HERE, |
| 123 .WithShutdownBehavior( | |
| 124 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | |
| 125 .MayBlock(), | |
| 126 base::Bind(&NSSCertDatabase::ListCertsImpl, | 121 base::Bind(&NSSCertDatabase::ListCertsImpl, |
| 127 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), | 122 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), |
| 128 base::Unretained(raw_certs)), | 123 base::Unretained(raw_certs)), |
| 129 base::Bind(callback, base::Passed(&certs))); | 124 base::Bind(callback, base::Passed(&certs))); |
| 130 } | 125 } |
| 131 | 126 |
| 132 #if defined(OS_CHROMEOS) | 127 #if defined(OS_CHROMEOS) |
| 133 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { | 128 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { |
| 134 return crypto::ScopedPK11Slot(); | 129 return crypto::ScopedPK11Slot(); |
| 135 } | 130 } |
| (...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 374 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 369 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
| 375 if (!DeleteCertAndKeyImpl(cert)) | 370 if (!DeleteCertAndKeyImpl(cert)) |
| 376 return false; | 371 return false; |
| 377 NotifyObserversCertDBChanged(); | 372 NotifyObserversCertDBChanged(); |
| 378 return true; | 373 return true; |
| 379 } | 374 } |
| 380 | 375 |
| 381 void NSSCertDatabase::DeleteCertAndKeyAsync( | 376 void NSSCertDatabase::DeleteCertAndKeyAsync( |
| 382 const scoped_refptr<X509Certificate>& cert, | 377 const scoped_refptr<X509Certificate>& cert, |
| 383 const DeleteCertCallback& callback) { | 378 const DeleteCertCallback& callback) { |
| 384 base::PostTaskWithTraitsAndReplyWithResult( | 379 base::PostTaskAndReplyWithResult( |
| 385 FROM_HERE, base::TaskTraits() | 380 GetSlowTaskRunner().get(), FROM_HERE, |
| 386 .WithShutdownBehavior( | |
| 387 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | |
| 388 .MayBlock(), | |
| 389 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 381 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
| 390 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, | 382 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, |
| 391 weak_factory_.GetWeakPtr(), callback)); | 383 weak_factory_.GetWeakPtr(), callback)); |
| 392 } | 384 } |
| 393 | 385 |
| 394 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { | 386 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { |
| 395 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 387 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 396 return slot && PK11_IsReadOnly(slot); | 388 return slot && PK11_IsReadOnly(slot); |
| 397 } | 389 } |
| 398 | 390 |
| 399 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { | 391 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { |
| 400 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 392 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
| 401 return slot && PK11_IsHW(slot); | 393 return slot && PK11_IsHW(slot); |
| 402 } | 394 } |
| 403 | 395 |
| 404 void NSSCertDatabase::AddObserver(Observer* observer) { | 396 void NSSCertDatabase::AddObserver(Observer* observer) { |
| 405 observer_list_->AddObserver(observer); | 397 observer_list_->AddObserver(observer); |
| 406 } | 398 } |
| 407 | 399 |
| 408 void NSSCertDatabase::RemoveObserver(Observer* observer) { | 400 void NSSCertDatabase::RemoveObserver(Observer* observer) { |
| 409 observer_list_->RemoveObserver(observer); | 401 observer_list_->RemoveObserver(observer); |
| 410 } | 402 } |
| 411 | 403 |
| 404 void NSSCertDatabase::SetSlowTaskRunnerForTest( |
| 405 const scoped_refptr<base::TaskRunner>& task_runner) { |
| 406 slow_task_runner_for_test_ = task_runner; |
| 407 } |
| 408 |
| 412 // static | 409 // static |
| 413 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, | 410 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, |
| 414 CertificateList* certs) { | 411 CertificateList* certs) { |
| 415 certs->clear(); | 412 certs->clear(); |
| 416 | 413 |
| 417 CERTCertList* cert_list = NULL; | 414 CERTCertList* cert_list = NULL; |
| 418 if (slot) | 415 if (slot) |
| 419 cert_list = PK11_ListCertsInSlot(slot.get()); | 416 cert_list = PK11_ListCertsInSlot(slot.get()); |
| 420 else | 417 else |
| 421 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); | 418 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); |
| 422 | 419 |
| 423 CERTCertListNode* node; | 420 CERTCertListNode* node; |
| 424 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); | 421 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); |
| 425 node = CERT_LIST_NEXT(node)) { | 422 node = CERT_LIST_NEXT(node)) { |
| 426 certs->push_back(X509Certificate::CreateFromHandle( | 423 certs->push_back(X509Certificate::CreateFromHandle( |
| 427 node->cert, X509Certificate::OSCertHandles())); | 424 node->cert, X509Certificate::OSCertHandles())); |
| 428 } | 425 } |
| 429 CERT_DestroyCertList(cert_list); | 426 CERT_DestroyCertList(cert_list); |
| 430 } | 427 } |
| 431 | 428 |
| 429 scoped_refptr<base::TaskRunner> NSSCertDatabase::GetSlowTaskRunner() const { |
| 430 if (slow_task_runner_for_test_.get()) |
| 431 return slow_task_runner_for_test_; |
| 432 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); |
| 433 } |
| 434 |
| 432 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 435 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
| 433 const DeleteCertCallback& callback, | 436 const DeleteCertCallback& callback, |
| 434 bool success) { | 437 bool success) { |
| 435 if (success) | 438 if (success) |
| 436 NotifyObserversCertDBChanged(); | 439 NotifyObserversCertDBChanged(); |
| 437 callback.Run(success); | 440 callback.Run(success); |
| 438 } | 441 } |
| 439 | 442 |
| 440 void NSSCertDatabase::NotifyObserversCertDBChanged() { | 443 void NSSCertDatabase::NotifyObserversCertDBChanged() { |
| 441 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged); | 444 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 459 } else { | 462 } else { |
| 460 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 463 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
| 461 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 464 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
| 462 return false; | 465 return false; |
| 463 } | 466 } |
| 464 } | 467 } |
| 465 return true; | 468 return true; |
| 466 } | 469 } |
| 467 | 470 |
| 468 } // namespace net | 471 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2722733002:
Revert of Use TaskScheduler instead of WorkerPool in nss_cert_database.cc. (Closed)
