OLD | NEW |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- | 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- |
2 * | 2 * |
3 * ***** BEGIN LICENSE BLOCK ***** | 3 * ***** BEGIN LICENSE BLOCK ***** |
4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
5 * | 5 * |
6 * The contents of this file are subject to the Mozilla Public License Version | 6 * The contents of this file are subject to the Mozilla Public License Version |
7 * 1.1 (the "License"); you may not use this file except in compliance with | 7 * 1.1 (the "License"); you may not use this file except in compliance with |
8 * the License. You may obtain a copy of the License at | 8 * the License. You may obtain a copy of the License at |
9 * http://www.mozilla.org/MPL/ | 9 * http://www.mozilla.org/MPL/ |
10 * | 10 * |
(...skipping 23 matching lines...) Expand all Loading... |
34 * decision by deleting the provisions above and replace them with the notice | 34 * decision by deleting the provisions above and replace them with the notice |
35 * and other provisions required by the GPL or the LGPL. If you do not delete | 35 * and other provisions required by the GPL or the LGPL. If you do not delete |
36 * the provisions above, a recipient may use your version of this file under | 36 * the provisions above, a recipient may use your version of this file under |
37 * the terms of any one of the MPL, the GPL or the LGPL. | 37 * the terms of any one of the MPL, the GPL or the LGPL. |
38 * | 38 * |
39 * ***** END LICENSE BLOCK ***** */ | 39 * ***** END LICENSE BLOCK ***** */ |
40 | 40 |
41 #include "net/third_party/mozilla_security_manager/nsKeygenHandler.h" | 41 #include "net/third_party/mozilla_security_manager/nsKeygenHandler.h" |
42 | 42 |
43 #include <pk11pub.h> | 43 #include <pk11pub.h> |
| 44 #include <prerror.h> // PR_GetError() |
44 #include <secmod.h> | 45 #include <secmod.h> |
45 #include <secder.h> // DER_Encode() | 46 #include <secder.h> // DER_Encode() |
46 #include <cryptohi.h> // SEC_DerSignData() | 47 #include <cryptohi.h> // SEC_DerSignData() |
47 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() | 48 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() |
48 | 49 |
49 #include "base/base64.h" | 50 #include "base/base64.h" |
50 #include "base/nss_util_internal.h" | 51 #include "base/nss_util_internal.h" |
51 #include "base/nss_util.h" | 52 #include "base/nss_util.h" |
52 #include "base/logging.h" | 53 #include "base/logging.h" |
53 #include "net/base/keygen_handler.h" | 54 #include "net/base/keygen_handler.h" |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
157 // Need to make sure that the token was initialized. | 158 // Need to make sure that the token was initialized. |
158 // Assume a null password. | 159 // Assume a null password. |
159 sec_rv = PK11_Authenticate(slot, PR_TRUE, NULL); | 160 sec_rv = PK11_Authenticate(slot, PR_TRUE, NULL); |
160 if (SECSuccess != sec_rv) { | 161 if (SECSuccess != sec_rv) { |
161 LOG(ERROR) << "Couldn't initialze PK11 token!"; | 162 LOG(ERROR) << "Couldn't initialze PK11 token!"; |
162 isSuccess = false; | 163 isSuccess = false; |
163 goto failure; | 164 goto failure; |
164 } | 165 } |
165 | 166 |
166 LOG(INFO) << "Creating key pair..."; | 167 LOG(INFO) << "Creating key pair..."; |
167 privateKey = PK11_GenerateKeyPair(slot, | 168 { |
168 keyGenMechanism, | 169 base::AutoNSSWriteLock lock; |
169 keyGenParams, | 170 privateKey = PK11_GenerateKeyPair(slot, |
170 &publicKey, | 171 keyGenMechanism, |
171 PR_TRUE, // isPermanent? | 172 keyGenParams, |
172 PR_TRUE, // isSensitive? | 173 &publicKey, |
173 NULL); | 174 PR_TRUE, // isPermanent? |
| 175 PR_TRUE, // isSensitive? |
| 176 NULL); |
| 177 } |
174 LOG(INFO) << "done."; | 178 LOG(INFO) << "done."; |
175 | 179 |
176 if (!privateKey) { | 180 if (!privateKey) { |
177 LOG(INFO) << "Generation of Keypair failed!"; | 181 LOG(INFO) << "Generation of Keypair failed!"; |
178 isSuccess = false; | 182 isSuccess = false; |
179 goto failure; | 183 goto failure; |
180 } | 184 } |
181 | 185 |
182 // The CA expects the signed public key in a specific format | 186 // The CA expects the signed public key in a specific format |
183 // Let's create that now. | 187 // Let's create that now. |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
238 &result_blob)) { | 242 &result_blob)) { |
239 LOG(ERROR) << "Couldn't convert signed public key into base64"; | 243 LOG(ERROR) << "Couldn't convert signed public key into base64"; |
240 isSuccess = false; | 244 isSuccess = false; |
241 goto failure; | 245 goto failure; |
242 } | 246 } |
243 | 247 |
244 StoreKeyLocationInCache(spkiItem, slot); | 248 StoreKeyLocationInCache(spkiItem, slot); |
245 | 249 |
246 failure: | 250 failure: |
247 if (!isSuccess) { | 251 if (!isSuccess) { |
248 LOG(ERROR) << "SSL Keygen failed!"; | 252 LOG(ERROR) << "SSL Keygen failed! (NSS error code " << PR_GetError() << ")"; |
249 } else { | 253 } else { |
250 LOG(INFO) << "SSL Keygen succeeded!"; | 254 LOG(INFO) << "SSL Keygen succeeded!"; |
251 } | 255 } |
252 | 256 |
253 // Do cleanups | 257 // Do cleanups |
254 if (privateKey) { | 258 if (privateKey) { |
255 // On successful keygen we need to keep the private key, of course, | 259 // On successful keygen we need to keep the private key, of course, |
256 // or we won't be able to use the client certificate. | 260 // or we won't be able to use the client certificate. |
257 if (!isSuccess || !stores_key) { | 261 if (!isSuccess || !stores_key) { |
| 262 base::AutoNSSWriteLock lock; |
258 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID); | 263 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID); |
259 } | 264 } |
260 SECKEY_DestroyPrivateKey(privateKey); | 265 SECKEY_DestroyPrivateKey(privateKey); |
261 } | 266 } |
262 | 267 |
263 if (publicKey) { | 268 if (publicKey) { |
264 if (!isSuccess || !stores_key) { | 269 if (!isSuccess || !stores_key) { |
| 270 base::AutoNSSWriteLock lock; |
265 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); | 271 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); |
266 } | 272 } |
267 SECKEY_DestroyPublicKey(publicKey); | 273 SECKEY_DestroyPublicKey(publicKey); |
268 } | 274 } |
269 if (spkInfo) { | 275 if (spkInfo) { |
270 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); | 276 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); |
271 } | 277 } |
272 if (arena) { | 278 if (arena) { |
273 PORT_FreeArena(arena, PR_TRUE); | 279 PORT_FreeArena(arena, PR_TRUE); |
274 } | 280 } |
275 if (slot != NULL) { | 281 if (slot != NULL) { |
276 PK11_FreeSlot(slot); | 282 PK11_FreeSlot(slot); |
277 } | 283 } |
278 if (pkac.challenge.data) { | 284 if (pkac.challenge.data) { |
279 free(pkac.challenge.data); | 285 free(pkac.challenge.data); |
280 } | 286 } |
281 | 287 |
282 return (isSuccess ? result_blob : std::string()); | 288 return (isSuccess ? result_blob : std::string()); |
283 } | 289 } |
284 | 290 |
285 } // namespace mozilla_security_manager | 291 } // namespace mozilla_security_manager |
OLD | NEW |