OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_profile_filter_chromeos.h" | 5 #include "net/cert/nss_profile_filter_chromeos.h" |
6 | 6 |
7 #include "base/strings/string_piece.h" | 7 #include "base/strings/string_piece.h" |
8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
9 #include "net/cert/x509_certificate.h" | 9 #include "net/cert/x509_certificate.h" |
10 | 10 |
(...skipping 25 matching lines...) Expand all Loading... | |
36 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS() {} | 36 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS() {} |
37 | 37 |
38 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS( | 38 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS( |
39 const NSSProfileFilterChromeOS& other) { | 39 const NSSProfileFilterChromeOS& other) { |
40 public_slot_.reset(other.public_slot_ ? | 40 public_slot_.reset(other.public_slot_ ? |
41 PK11_ReferenceSlot(other.public_slot_.get()) : | 41 PK11_ReferenceSlot(other.public_slot_.get()) : |
42 NULL); | 42 NULL); |
43 private_slot_.reset(other.private_slot_ ? | 43 private_slot_.reset(other.private_slot_ ? |
44 PK11_ReferenceSlot(other.private_slot_.get()) : | 44 PK11_ReferenceSlot(other.private_slot_.get()) : |
45 NULL); | 45 NULL); |
46 system_slot_.reset(other.system_slot_ ? | |
47 PK11_ReferenceSlot(other.system_slot_.get()) : | |
pneubeck (no reviews)
2014/06/13 12:40:42
btw. I think this is one of the best examples, why
mattm
2014/06/24 03:16:45
yep. I guess just no one has felt like writing a g
| |
48 NULL); | |
46 } | 49 } |
47 | 50 |
48 NSSProfileFilterChromeOS::~NSSProfileFilterChromeOS() {} | 51 NSSProfileFilterChromeOS::~NSSProfileFilterChromeOS() {} |
49 | 52 |
50 NSSProfileFilterChromeOS& NSSProfileFilterChromeOS::operator=( | 53 NSSProfileFilterChromeOS& NSSProfileFilterChromeOS::operator=( |
51 const NSSProfileFilterChromeOS& other) { | 54 const NSSProfileFilterChromeOS& other) { |
52 public_slot_.reset(other.public_slot_ ? | 55 public_slot_.reset(other.public_slot_ ? |
53 PK11_ReferenceSlot(other.public_slot_.get()) : | 56 PK11_ReferenceSlot(other.public_slot_.get()) : |
54 NULL); | 57 NULL); |
55 private_slot_.reset(other.private_slot_ ? | 58 private_slot_.reset(other.private_slot_ ? |
56 PK11_ReferenceSlot(other.private_slot_.get()) : | 59 PK11_ReferenceSlot(other.private_slot_.get()) : |
57 NULL); | 60 NULL); |
61 system_slot_.reset(other.system_slot_ ? | |
62 PK11_ReferenceSlot(other.system_slot_.get()) : | |
63 NULL); | |
58 return *this; | 64 return *this; |
59 } | 65 } |
60 | 66 |
61 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, | 67 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, |
62 crypto::ScopedPK11Slot private_slot) { | 68 crypto::ScopedPK11Slot private_slot, |
69 crypto::ScopedPK11Slot system_slot) { | |
63 // crypto::ScopedPK11Slot actually holds a reference counted object. | 70 // crypto::ScopedPK11Slot actually holds a reference counted object. |
64 // Because scoped_ptr<T> assignment is a no-op if it already points to | 71 // Because scoped_ptr<T> assignment is a no-op if it already points to |
65 // the same pointer, a reference would be leaked because .Pass() does | 72 // the same pointer, a reference would be leaked because .Pass() does |
66 // not release its reference, and the receiving object won't free | 73 // not release its reference, and the receiving object won't free |
67 // its copy. | 74 // its copy. |
68 if (public_slot_.get() != public_slot.get()) | 75 if (public_slot_.get() != public_slot.get()) |
69 public_slot_ = public_slot.Pass(); | 76 public_slot_ = public_slot.Pass(); |
70 if (private_slot_.get() != private_slot.get()) | 77 if (private_slot_.get() != private_slot.get()) |
71 private_slot_ = private_slot.Pass(); | 78 private_slot_ = private_slot.Pass(); |
79 if (system_slot_.get() != system_slot.get()) | |
80 system_slot_ = system_slot.Pass(); | |
72 } | 81 } |
73 | 82 |
74 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { | 83 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { |
75 // If this is one of the public/private slots for this profile, allow it. | 84 // If this is one of the public/private slots for this profile or the system |
76 if (slot == public_slot_.get() || slot == private_slot_.get()) | 85 // slot, allow it. |
86 if (slot == public_slot_.get() || slot == private_slot_.get() || | |
87 slot == system_slot_.get()) | |
pneubeck (no reviews)
2014/06/13 12:40:42
nit: missing {}
mattm
2014/06/24 03:16:45
Done.
| |
77 return true; | 88 return true; |
78 // Allow the root certs module. | 89 // Allow the root certs module. |
79 if (PK11_HasRootCerts(slot)) | 90 if (PK11_HasRootCerts(slot)) |
80 return true; | 91 return true; |
81 // If it's from the read-only slots, allow it. | 92 // If it's from the read-only slots, allow it. |
82 if (PK11_IsInternal(slot) && !PK11_IsRemovable(slot)) | 93 if (PK11_IsInternal(slot) && !PK11_IsRemovable(slot)) |
83 return true; | 94 return true; |
84 // If |public_slot_| or |private_slot_| is null, there isn't a way to get the | 95 // If |public_slot_| or |private_slot_| is null, there isn't a way to get the |
85 // modules to use in the final test. | 96 // modules to use in the final test. |
86 if (!public_slot_.get() || !private_slot_.get()) | 97 if (!public_slot_.get() || !private_slot_.get()) |
87 return false; | 98 return false; |
88 // If this is not the internal (file-system) module or the TPM module, allow | 99 // If this is not the internal (file-system) module or the TPM module, allow |
89 // it. | 100 // it. (This assumes that private_slot_ and system_slot_ are on the same |
pneubeck (no reviews)
2014/06/13 12:40:42
could you ensure this with a DCHECK?
mattm
2014/06/24 03:16:46
Done.
| |
101 // module.) | |
90 SECMODModule* module_for_slot = PK11_GetModule(slot); | 102 SECMODModule* module_for_slot = PK11_GetModule(slot); |
91 if (module_for_slot != PK11_GetModule(public_slot_.get()) && | 103 if (module_for_slot != PK11_GetModule(public_slot_.get()) && |
92 module_for_slot != PK11_GetModule(private_slot_.get())) | 104 module_for_slot != PK11_GetModule(private_slot_.get())) |
pneubeck (no reviews)
2014/06/13 12:40:42
nit: missing {}
mattm
2014/06/24 03:16:46
Done.
| |
93 return true; | 105 return true; |
pneubeck (no reviews)
2014/06/13 12:40:42
Although you didn't modify it, could you still add
mattm
2014/06/24 03:16:45
This allows for some hypothetical future where we
| |
94 return false; | 106 return false; |
95 } | 107 } |
96 | 108 |
97 bool NSSProfileFilterChromeOS::IsCertAllowed(CERTCertificate* cert) const { | 109 bool NSSProfileFilterChromeOS::IsCertAllowed(CERTCertificate* cert) const { |
98 crypto::ScopedPK11SlotList slots_for_cert( | 110 crypto::ScopedPK11SlotList slots_for_cert( |
99 PK11_GetAllSlotsForCert(cert, NULL)); | 111 PK11_GetAllSlotsForCert(cert, NULL)); |
100 if (!slots_for_cert) { | 112 if (!slots_for_cert) { |
101 DVLOG(2) << "cert no slots: " << base::StringPiece(cert->nickname); | 113 DVLOG(2) << "cert no slots: " << base::StringPiece(cert->nickname); |
102 return false; | 114 return false; |
103 } | 115 } |
(...skipping 28 matching lines...) Expand all Loading... | |
132 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) | 144 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) |
133 : filter_(filter) {} | 145 : filter_(filter) {} |
134 | 146 |
135 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( | 147 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( |
136 const scoped_refptr<CryptoModule>& module) const { | 148 const scoped_refptr<CryptoModule>& module) const { |
137 return !filter_.IsModuleAllowed(module->os_module_handle()); | 149 return !filter_.IsModuleAllowed(module->os_module_handle()); |
138 } | 150 } |
139 | 151 |
140 } // namespace net | 152 } // namespace net |
141 | 153 |
OLD | NEW |