OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <certdb.h> | 8 #include <certdb.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
11 #include <secmod.h> | 11 #include <secmod.h> |
12 | 12 |
13 #include <memory> | 13 #include <memory> |
14 #include <utility> | 14 #include <utility> |
15 | 15 |
16 #include "base/bind.h" | 16 #include "base/bind.h" |
17 #include "base/callback.h" | 17 #include "base/callback.h" |
18 #include "base/logging.h" | 18 #include "base/logging.h" |
19 #include "base/macros.h" | 19 #include "base/macros.h" |
20 #include "base/observer_list_threadsafe.h" | 20 #include "base/observer_list_threadsafe.h" |
21 #include "base/task_scheduler/post_task.h" | 21 #include "base/task_runner.h" |
| 22 #include "base/task_runner_util.h" |
| 23 #include "base/threading/worker_pool.h" |
22 #include "crypto/scoped_nss_types.h" | 24 #include "crypto/scoped_nss_types.h" |
23 #include "net/base/crypto_module.h" | 25 #include "net/base/crypto_module.h" |
24 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
25 #include "net/cert/cert_database.h" | 27 #include "net/cert/cert_database.h" |
26 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
27 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 29 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
28 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 30 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
29 | 31 |
30 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use | 32 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use |
31 // the new name of the macro. | 33 // the new name of the macro. |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
93 ListCertsImpl(crypto::ScopedPK11Slot(), certs); | 95 ListCertsImpl(crypto::ScopedPK11Slot(), certs); |
94 } | 96 } |
95 | 97 |
96 void NSSCertDatabase::ListCerts( | 98 void NSSCertDatabase::ListCerts( |
97 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& | 99 const base::Callback<void(std::unique_ptr<CertificateList> certs)>& |
98 callback) { | 100 callback) { |
99 std::unique_ptr<CertificateList> certs(new CertificateList()); | 101 std::unique_ptr<CertificateList> certs(new CertificateList()); |
100 | 102 |
101 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 103 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
102 CertificateList* raw_certs = certs.get(); | 104 CertificateList* raw_certs = certs.get(); |
103 base::PostTaskWithTraitsAndReply( | 105 GetSlowTaskRunner()->PostTaskAndReply( |
104 FROM_HERE, base::TaskTraits() | 106 FROM_HERE, base::Bind(&NSSCertDatabase::ListCertsImpl, |
105 .WithShutdownBehavior( | 107 base::Passed(crypto::ScopedPK11Slot()), |
106 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | 108 base::Unretained(raw_certs)), |
107 .MayBlock(), | |
108 base::Bind(&NSSCertDatabase::ListCertsImpl, | |
109 base::Passed(crypto::ScopedPK11Slot()), | |
110 base::Unretained(raw_certs)), | |
111 base::Bind(callback, base::Passed(&certs))); | 109 base::Bind(callback, base::Passed(&certs))); |
112 } | 110 } |
113 | 111 |
114 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, | 112 void NSSCertDatabase::ListCertsInSlot(const ListCertsCallback& callback, |
115 PK11SlotInfo* slot) { | 113 PK11SlotInfo* slot) { |
116 DCHECK(slot); | 114 DCHECK(slot); |
117 std::unique_ptr<CertificateList> certs(new CertificateList()); | 115 std::unique_ptr<CertificateList> certs(new CertificateList()); |
118 | 116 |
119 // base::Passed will NULL out |certs|, so cache the underlying pointer here. | 117 // base::Passed will NULL out |certs|, so cache the underlying pointer here. |
120 CertificateList* raw_certs = certs.get(); | 118 CertificateList* raw_certs = certs.get(); |
121 base::PostTaskWithTraitsAndReply( | 119 GetSlowTaskRunner()->PostTaskAndReply( |
122 FROM_HERE, base::TaskTraits() | 120 FROM_HERE, |
123 .WithShutdownBehavior( | |
124 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | |
125 .MayBlock(), | |
126 base::Bind(&NSSCertDatabase::ListCertsImpl, | 121 base::Bind(&NSSCertDatabase::ListCertsImpl, |
127 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), | 122 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), |
128 base::Unretained(raw_certs)), | 123 base::Unretained(raw_certs)), |
129 base::Bind(callback, base::Passed(&certs))); | 124 base::Bind(callback, base::Passed(&certs))); |
130 } | 125 } |
131 | 126 |
132 #if defined(OS_CHROMEOS) | 127 #if defined(OS_CHROMEOS) |
133 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { | 128 crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { |
134 return crypto::ScopedPK11Slot(); | 129 return crypto::ScopedPK11Slot(); |
135 } | 130 } |
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
374 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { | 369 bool NSSCertDatabase::DeleteCertAndKey(X509Certificate* cert) { |
375 if (!DeleteCertAndKeyImpl(cert)) | 370 if (!DeleteCertAndKeyImpl(cert)) |
376 return false; | 371 return false; |
377 NotifyObserversCertDBChanged(); | 372 NotifyObserversCertDBChanged(); |
378 return true; | 373 return true; |
379 } | 374 } |
380 | 375 |
381 void NSSCertDatabase::DeleteCertAndKeyAsync( | 376 void NSSCertDatabase::DeleteCertAndKeyAsync( |
382 const scoped_refptr<X509Certificate>& cert, | 377 const scoped_refptr<X509Certificate>& cert, |
383 const DeleteCertCallback& callback) { | 378 const DeleteCertCallback& callback) { |
384 base::PostTaskWithTraitsAndReplyWithResult( | 379 base::PostTaskAndReplyWithResult( |
385 FROM_HERE, base::TaskTraits() | 380 GetSlowTaskRunner().get(), FROM_HERE, |
386 .WithShutdownBehavior( | |
387 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | |
388 .MayBlock(), | |
389 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), | 381 base::Bind(&NSSCertDatabase::DeleteCertAndKeyImpl, cert), |
390 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, | 382 base::Bind(&NSSCertDatabase::NotifyCertRemovalAndCallBack, |
391 weak_factory_.GetWeakPtr(), callback)); | 383 weak_factory_.GetWeakPtr(), callback)); |
392 } | 384 } |
393 | 385 |
394 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { | 386 bool NSSCertDatabase::IsReadOnly(const X509Certificate* cert) const { |
395 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 387 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
396 return slot && PK11_IsReadOnly(slot); | 388 return slot && PK11_IsReadOnly(slot); |
397 } | 389 } |
398 | 390 |
399 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { | 391 bool NSSCertDatabase::IsHardwareBacked(const X509Certificate* cert) const { |
400 PK11SlotInfo* slot = cert->os_cert_handle()->slot; | 392 PK11SlotInfo* slot = cert->os_cert_handle()->slot; |
401 return slot && PK11_IsHW(slot); | 393 return slot && PK11_IsHW(slot); |
402 } | 394 } |
403 | 395 |
404 void NSSCertDatabase::AddObserver(Observer* observer) { | 396 void NSSCertDatabase::AddObserver(Observer* observer) { |
405 observer_list_->AddObserver(observer); | 397 observer_list_->AddObserver(observer); |
406 } | 398 } |
407 | 399 |
408 void NSSCertDatabase::RemoveObserver(Observer* observer) { | 400 void NSSCertDatabase::RemoveObserver(Observer* observer) { |
409 observer_list_->RemoveObserver(observer); | 401 observer_list_->RemoveObserver(observer); |
410 } | 402 } |
411 | 403 |
| 404 void NSSCertDatabase::SetSlowTaskRunnerForTest( |
| 405 const scoped_refptr<base::TaskRunner>& task_runner) { |
| 406 slow_task_runner_for_test_ = task_runner; |
| 407 } |
| 408 |
412 // static | 409 // static |
413 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, | 410 void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, |
414 CertificateList* certs) { | 411 CertificateList* certs) { |
415 certs->clear(); | 412 certs->clear(); |
416 | 413 |
417 CERTCertList* cert_list = NULL; | 414 CERTCertList* cert_list = NULL; |
418 if (slot) | 415 if (slot) |
419 cert_list = PK11_ListCertsInSlot(slot.get()); | 416 cert_list = PK11_ListCertsInSlot(slot.get()); |
420 else | 417 else |
421 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); | 418 cert_list = PK11_ListCerts(PK11CertListUnique, NULL); |
422 | 419 |
423 CERTCertListNode* node; | 420 CERTCertListNode* node; |
424 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); | 421 for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); |
425 node = CERT_LIST_NEXT(node)) { | 422 node = CERT_LIST_NEXT(node)) { |
426 certs->push_back(X509Certificate::CreateFromHandle( | 423 certs->push_back(X509Certificate::CreateFromHandle( |
427 node->cert, X509Certificate::OSCertHandles())); | 424 node->cert, X509Certificate::OSCertHandles())); |
428 } | 425 } |
429 CERT_DestroyCertList(cert_list); | 426 CERT_DestroyCertList(cert_list); |
430 } | 427 } |
431 | 428 |
| 429 scoped_refptr<base::TaskRunner> NSSCertDatabase::GetSlowTaskRunner() const { |
| 430 if (slow_task_runner_for_test_.get()) |
| 431 return slow_task_runner_for_test_; |
| 432 return base::WorkerPool::GetTaskRunner(true /*task is slow*/); |
| 433 } |
| 434 |
432 void NSSCertDatabase::NotifyCertRemovalAndCallBack( | 435 void NSSCertDatabase::NotifyCertRemovalAndCallBack( |
433 const DeleteCertCallback& callback, | 436 const DeleteCertCallback& callback, |
434 bool success) { | 437 bool success) { |
435 if (success) | 438 if (success) |
436 NotifyObserversCertDBChanged(); | 439 NotifyObserversCertDBChanged(); |
437 callback.Run(success); | 440 callback.Run(success); |
438 } | 441 } |
439 | 442 |
440 void NSSCertDatabase::NotifyObserversCertDBChanged() { | 443 void NSSCertDatabase::NotifyObserversCertDBChanged() { |
441 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged); | 444 observer_list_->Notify(FROM_HERE, &Observer::OnCertDBChanged); |
(...skipping 17 matching lines...) Expand all Loading... |
459 } else { | 462 } else { |
460 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 463 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
461 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 464 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
462 return false; | 465 return false; |
463 } | 466 } |
464 } | 467 } |
465 return true; | 468 return true; |
466 } | 469 } |
467 | 470 |
468 } // namespace net | 471 } // namespace net |
OLD | NEW |