Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(660)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/mozilla_security_manager/nsKeygenHandler.cpp

Issue 2838010: Add a unit test to check KeygenHandler's thread-safety (Closed)
Patch Set: Another revision Created 10 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« base/nss_util.cc ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * 2 *
3 * ***** BEGIN LICENSE BLOCK ***** 3 * ***** BEGIN LICENSE BLOCK *****
4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 * 5 *
6 * The contents of this file are subject to the Mozilla Public License Version 6 * The contents of this file are subject to the Mozilla Public License Version
7 * 1.1 (the "License"); you may not use this file except in compliance with 7 * 1.1 (the "License"); you may not use this file except in compliance with
8 * the License. You may obtain a copy of the License at 8 * the License. You may obtain a copy of the License at
9 * http://www.mozilla.org/MPL/ 9 * http://www.mozilla.org/MPL/
10 * 10 *
(...skipping 23 matching lines...) Expand all
34 * decision by deleting the provisions above and replace them with the notice 34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete 35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under 36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL. 37 * the terms of any one of the MPL, the GPL or the LGPL.
38 * 38 *
39 * ***** END LICENSE BLOCK ***** */ 39 * ***** END LICENSE BLOCK ***** */
40 40
41 #include "net/third_party/mozilla_security_manager/nsKeygenHandler.h" 41 #include "net/third_party/mozilla_security_manager/nsKeygenHandler.h"
42 42
43 #include <pk11pub.h> 43 #include <pk11pub.h>
44 #include <prerror.h> // PR_GetError()
44 #include <secmod.h> 45 #include <secmod.h>
45 #include <secder.h> // DER_Encode() 46 #include <secder.h> // DER_Encode()
46 #include <cryptohi.h> // SEC_DerSignData() 47 #include <cryptohi.h> // SEC_DerSignData()
47 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() 48 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo()
48 49
49 #include "base/base64.h" 50 #include "base/base64.h"
50 #include "base/nss_util_internal.h" 51 #include "base/nss_util_internal.h"
51 #include "base/nss_util.h" 52 #include "base/nss_util.h"
52 #include "base/logging.h" 53 #include "base/logging.h"
53 #include "net/base/keygen_handler.h" 54 #include "net/base/keygen_handler.h"
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
157 // Need to make sure that the token was initialized. 158 // Need to make sure that the token was initialized.
158 // Assume a null password. 159 // Assume a null password.
159 sec_rv = PK11_Authenticate(slot, PR_TRUE, NULL); 160 sec_rv = PK11_Authenticate(slot, PR_TRUE, NULL);
160 if (SECSuccess != sec_rv) { 161 if (SECSuccess != sec_rv) {
161 LOG(ERROR) << "Couldn't initialze PK11 token!"; 162 LOG(ERROR) << "Couldn't initialze PK11 token!";
162 isSuccess = false; 163 isSuccess = false;
163 goto failure; 164 goto failure;
164 } 165 }
165 166
166 LOG(INFO) << "Creating key pair..."; 167 LOG(INFO) << "Creating key pair...";
167 privateKey = PK11_GenerateKeyPair(slot, 168 {
168 keyGenMechanism, 169 base::AutoNSSWriteLock lock;
169 keyGenParams, 170 privateKey = PK11_GenerateKeyPair(slot,
170 &publicKey, 171 keyGenMechanism,
171 PR_TRUE, // isPermanent? 172 keyGenParams,
172 PR_TRUE, // isSensitive? 173 &publicKey,
173 NULL); 174 PR_TRUE, // isPermanent?
175 PR_TRUE, // isSensitive?
176 NULL);
177 }
174 LOG(INFO) << "done."; 178 LOG(INFO) << "done.";
175 179
176 if (!privateKey) { 180 if (!privateKey) {
177 LOG(INFO) << "Generation of Keypair failed!"; 181 LOG(INFO) << "Generation of Keypair failed!";
178 isSuccess = false; 182 isSuccess = false;
179 goto failure; 183 goto failure;
180 } 184 }
181 185
182 // The CA expects the signed public key in a specific format 186 // The CA expects the signed public key in a specific format
183 // Let's create that now. 187 // Let's create that now.
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
238 &result_blob)) { 242 &result_blob)) {
239 LOG(ERROR) << "Couldn't convert signed public key into base64"; 243 LOG(ERROR) << "Couldn't convert signed public key into base64";
240 isSuccess = false; 244 isSuccess = false;
241 goto failure; 245 goto failure;
242 } 246 }
243 247
244 StoreKeyLocationInCache(spkiItem, slot); 248 StoreKeyLocationInCache(spkiItem, slot);
245 249
246 failure: 250 failure:
247 if (!isSuccess) { 251 if (!isSuccess) {
248 LOG(ERROR) << "SSL Keygen failed!"; 252 LOG(ERROR) << "SSL Keygen failed! (NSS error code " << PR_GetError() << ")";
249 } else { 253 } else {
250 LOG(INFO) << "SSL Keygen succeeded!"; 254 LOG(INFO) << "SSL Keygen succeeded!";
251 } 255 }
252 256
253 // Do cleanups 257 // Do cleanups
254 if (privateKey) { 258 if (privateKey) {
255 // On successful keygen we need to keep the private key, of course, 259 // On successful keygen we need to keep the private key, of course,
256 // or we won't be able to use the client certificate. 260 // or we won't be able to use the client certificate.
257 if (!isSuccess || !stores_key) { 261 if (!isSuccess || !stores_key) {
262 base::AutoNSSWriteLock lock;
258 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID); 263 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID);
259 } 264 }
260 SECKEY_DestroyPrivateKey(privateKey); 265 SECKEY_DestroyPrivateKey(privateKey);
261 } 266 }
262 267
263 if (publicKey) { 268 if (publicKey) {
264 if (!isSuccess || !stores_key) { 269 if (!isSuccess || !stores_key) {
270 base::AutoNSSWriteLock lock;
265 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); 271 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID);
266 } 272 }
267 SECKEY_DestroyPublicKey(publicKey); 273 SECKEY_DestroyPublicKey(publicKey);
268 } 274 }
269 if (spkInfo) { 275 if (spkInfo) {
270 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); 276 SECKEY_DestroySubjectPublicKeyInfo(spkInfo);
271 } 277 }
272 if (arena) { 278 if (arena) {
273 PORT_FreeArena(arena, PR_TRUE); 279 PORT_FreeArena(arena, PR_TRUE);
274 } 280 }
275 if (slot != NULL) { 281 if (slot != NULL) {
276 PK11_FreeSlot(slot); 282 PK11_FreeSlot(slot);
277 } 283 }
278 if (pkac.challenge.data) { 284 if (pkac.challenge.data) {
279 free(pkac.challenge.data); 285 free(pkac.challenge.data);
280 } 286 }
281 287
282 return (isSuccess ? result_blob : std::string()); 288 return (isSuccess ? result_blob : std::string());
283 } 289 }
284 290
285 } // namespace mozilla_security_manager 291 } // namespace mozilla_security_manager
OLDNEW
« base/nss_util.cc ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698