Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(185)

Unified Diff: net/cert/nss_profile_filter_chromeos.cc

Issue 330213002: *wip* NSS: handle chromeos system slot. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: child of https://codereview.chromium.org/383593002/ now Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/nss_profile_filter_chromeos.h ('k') | net/cert/nss_profile_filter_chromeos_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/nss_profile_filter_chromeos.cc
diff --git a/net/cert/nss_profile_filter_chromeos.cc b/net/cert/nss_profile_filter_chromeos.cc
index e555750b89c7bd62058dd008577f1bf9c6250655..12fc531cf3a638c221b7d32c32a6f1c7196dbd0c 100644
--- a/net/cert/nss_profile_filter_chromeos.cc
+++ b/net/cert/nss_profile_filter_chromeos.cc
@@ -43,6 +43,9 @@ NSSProfileFilterChromeOS::NSSProfileFilterChromeOS(
private_slot_.reset(other.private_slot_ ?
PK11_ReferenceSlot(other.private_slot_.get()) :
NULL);
+ system_slot_.reset(other.system_slot_ ?
+ PK11_ReferenceSlot(other.system_slot_.get()) :
+ NULL);
}
NSSProfileFilterChromeOS::~NSSProfileFilterChromeOS() {}
@@ -55,11 +58,15 @@ NSSProfileFilterChromeOS& NSSProfileFilterChromeOS::operator=(
private_slot_.reset(other.private_slot_ ?
PK11_ReferenceSlot(other.private_slot_.get()) :
NULL);
+ system_slot_.reset(other.system_slot_ ?
+ PK11_ReferenceSlot(other.system_slot_.get()) :
+ NULL);
return *this;
}
void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot,
- crypto::ScopedPK11Slot private_slot) {
+ crypto::ScopedPK11Slot private_slot,
+ crypto::ScopedPK11Slot system_slot) {
// crypto::ScopedPK11Slot actually holds a reference counted object.
// Because scoped_ptr<T> assignment is a no-op if it already points to
// the same pointer, a reference would be leaked because .Pass() does
@@ -69,12 +76,17 @@ void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot,
public_slot_ = public_slot.Pass();
if (private_slot_.get() != private_slot.get())
private_slot_ = private_slot.Pass();
+ if (system_slot_.get() != system_slot.get())
+ system_slot_ = system_slot.Pass();
}
bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const {
- // If this is one of the public/private slots for this profile, allow it.
- if (slot == public_slot_.get() || slot == private_slot_.get())
+ // If this is one of the public/private slots for this profile or the system
+ // slot, allow it.
+ if (slot == public_slot_.get() || slot == private_slot_.get() ||
+ slot == system_slot_.get()) {
return true;
+ }
// Allow the root certs module.
if (PK11_HasRootCerts(slot))
return true;
@@ -86,11 +98,17 @@ bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const {
if (!public_slot_.get() || !private_slot_.get())
return false;
// If this is not the internal (file-system) module or the TPM module, allow
- // it.
+ // it. This would allow smartcards/etc, although ChromeOS doesn't currently
+ // support that. (This assumes that private_slot_ and system_slot_ are on the
+ // same module.)
+ DCHECK(!system_slot_.get() ||
+ PK11_GetModule(private_slot_.get()) ==
+ PK11_GetModule(system_slot_.get()));
SECMODModule* module_for_slot = PK11_GetModule(slot);
if (module_for_slot != PK11_GetModule(public_slot_.get()) &&
- module_for_slot != PK11_GetModule(private_slot_.get()))
+ module_for_slot != PK11_GetModule(private_slot_.get())) {
return true;
+ }
return false;
}
« no previous file with comments | « net/cert/nss_profile_filter_chromeos.h ('k') | net/cert/nss_profile_filter_chromeos_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698