| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_cert_database.h" | 5 #include "net/cert/nss_cert_database.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| 11 #include <secmod.h> | 11 #include <secmod.h> |
| 12 | 12 |
| 13 #include "base/bind.h" | 13 #include "base/bind.h" |
| 14 #include "base/callback.h" | 14 #include "base/callback.h" |
| 15 #include "base/lazy_instance.h" | |
| 16 #include "base/logging.h" | 15 #include "base/logging.h" |
| 17 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
| 18 #include "base/observer_list_threadsafe.h" | 17 #include "base/observer_list_threadsafe.h" |
| 19 #include "base/task_runner.h" | 18 #include "base/task_runner.h" |
| 20 #include "base/task_runner_util.h" | 19 #include "base/task_runner_util.h" |
| 21 #include "base/threading/worker_pool.h" | 20 #include "base/threading/worker_pool.h" |
| 22 #include "crypto/nss_util.h" | |
| 23 #include "crypto/nss_util_internal.h" | |
| 24 #include "crypto/scoped_nss_types.h" | 21 #include "crypto/scoped_nss_types.h" |
| 25 #include "net/base/crypto_module.h" | 22 #include "net/base/crypto_module.h" |
| 26 #include "net/base/net_errors.h" | 23 #include "net/base/net_errors.h" |
| 27 #include "net/cert/cert_database.h" | 24 #include "net/cert/cert_database.h" |
| 28 #include "net/cert/x509_certificate.h" | 25 #include "net/cert/x509_certificate.h" |
| 29 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 26 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
| 30 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" | 27 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" |
| 31 | 28 |
| 32 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use | 29 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use |
| 33 // the new name of the macro. | 30 // the new name of the macro. |
| 34 #if !defined(CERTDB_TERMINAL_RECORD) | 31 #if !defined(CERTDB_TERMINAL_RECORD) |
| 35 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER | 32 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER |
| 36 #endif | 33 #endif |
| 37 | 34 |
| 38 // PSM = Mozilla's Personal Security Manager. | 35 // PSM = Mozilla's Personal Security Manager. |
| 39 namespace psm = mozilla_security_manager; | 36 namespace psm = mozilla_security_manager; |
| 40 | 37 |
| 41 namespace net { | 38 namespace net { |
| 42 | 39 |
| 43 namespace { | 40 namespace { |
| 44 | 41 |
| 42 // TODO(pneubeck): Move this class out of NSSCertDatabase and to the caller of |
| 43 // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . |
| 45 // Helper that observes events from the NSSCertDatabase and forwards them to | 44 // Helper that observes events from the NSSCertDatabase and forwards them to |
| 46 // the given CertDatabase. | 45 // the given CertDatabase. |
| 47 class CertNotificationForwarder : public NSSCertDatabase::Observer { | 46 class CertNotificationForwarder : public NSSCertDatabase::Observer { |
| 48 public: | 47 public: |
| 49 explicit CertNotificationForwarder(CertDatabase* cert_db) | 48 explicit CertNotificationForwarder(CertDatabase* cert_db) |
| 50 : cert_db_(cert_db) {} | 49 : cert_db_(cert_db) {} |
| 51 | 50 |
| 52 virtual ~CertNotificationForwarder() {} | 51 virtual ~CertNotificationForwarder() {} |
| 53 | 52 |
| 54 // NSSCertDatabase::Observer implementation: | 53 // NSSCertDatabase::Observer implementation: |
| 55 virtual void OnCertAdded(const X509Certificate* cert) OVERRIDE { | 54 virtual void OnCertAdded(const X509Certificate* cert) OVERRIDE { |
| 56 cert_db_->NotifyObserversOfCertAdded(cert); | 55 cert_db_->NotifyObserversOfCertAdded(cert); |
| 57 } | 56 } |
| 58 | 57 |
| 59 virtual void OnCertRemoved(const X509Certificate* cert) OVERRIDE { | 58 virtual void OnCertRemoved(const X509Certificate* cert) OVERRIDE { |
| 60 cert_db_->NotifyObserversOfCertRemoved(cert); | 59 cert_db_->NotifyObserversOfCertRemoved(cert); |
| 61 } | 60 } |
| 62 | 61 |
| 63 virtual void OnCACertChanged(const X509Certificate* cert) OVERRIDE { | 62 virtual void OnCACertChanged(const X509Certificate* cert) OVERRIDE { |
| 64 cert_db_->NotifyObserversOfCACertChanged(cert); | 63 cert_db_->NotifyObserversOfCACertChanged(cert); |
| 65 } | 64 } |
| 66 | 65 |
| 67 private: | 66 private: |
| 68 CertDatabase* cert_db_; | 67 CertDatabase* cert_db_; |
| 69 | 68 |
| 70 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); | 69 DISALLOW_COPY_AND_ASSIGN(CertNotificationForwarder); |
| 71 }; | 70 }; |
| 72 | 71 |
| 73 base::LazyInstance<NSSCertDatabase>::Leaky | |
| 74 g_nss_cert_database = LAZY_INSTANCE_INITIALIZER; | |
| 75 | |
| 76 } // namespace | 72 } // namespace |
| 77 | 73 |
| 78 NSSCertDatabase::ImportCertFailure::ImportCertFailure( | 74 NSSCertDatabase::ImportCertFailure::ImportCertFailure( |
| 79 const scoped_refptr<X509Certificate>& cert, | 75 const scoped_refptr<X509Certificate>& cert, |
| 80 int err) | 76 int err) |
| 81 : certificate(cert), net_error(err) {} | 77 : certificate(cert), net_error(err) {} |
| 82 | 78 |
| 83 NSSCertDatabase::ImportCertFailure::~ImportCertFailure() {} | 79 NSSCertDatabase::ImportCertFailure::~ImportCertFailure() {} |
| 84 | 80 |
| 85 // static | 81 NSSCertDatabase::NSSCertDatabase(crypto::ScopedPK11Slot public_slot, |
| 86 NSSCertDatabase* NSSCertDatabase::GetInstance() { | 82 crypto::ScopedPK11Slot private_slot) |
| 87 // TODO(mattm): Remove this ifdef guard once the linux impl of | 83 : public_slot_(public_slot.Pass()), |
| 88 // GetNSSCertDatabaseForResourceContext does not call GetInstance. | 84 private_slot_(private_slot.Pass()), |
| 89 #if defined(OS_CHROMEOS) | 85 observer_list_(new ObserverListThreadSafe<Observer>), |
| 90 LOG(ERROR) << "NSSCertDatabase::GetInstance() is deprecated." | 86 weak_factory_(this) { |
| 91 << "See http://crbug.com/329735."; | 87 DCHECK(public_slot_); |
| 92 #endif | 88 DCHECK(private_slot_); |
| 93 return &g_nss_cert_database.Get(); | |
| 94 } | |
| 95 | 89 |
| 96 NSSCertDatabase::NSSCertDatabase() | |
| 97 : observer_list_(new ObserverListThreadSafe<Observer>), | |
| 98 weak_factory_(this) { | |
| 99 // This also makes sure that NSS has been initialized. | 90 // This also makes sure that NSS has been initialized. |
| 100 CertDatabase* cert_db = CertDatabase::GetInstance(); | 91 CertDatabase* cert_db = CertDatabase::GetInstance(); |
| 101 cert_notification_forwarder_.reset(new CertNotificationForwarder(cert_db)); | 92 cert_notification_forwarder_.reset(new CertNotificationForwarder(cert_db)); |
| 102 AddObserver(cert_notification_forwarder_.get()); | 93 AddObserver(cert_notification_forwarder_.get()); |
| 103 | 94 |
| 104 psm::EnsurePKCS12Init(); | 95 psm::EnsurePKCS12Init(); |
| 105 } | 96 } |
| 106 | 97 |
| 107 NSSCertDatabase::~NSSCertDatabase() {} | 98 NSSCertDatabase::~NSSCertDatabase() {} |
| 108 | 99 |
| (...skipping 24 matching lines...) Expand all Loading... |
| 133 CertificateList* raw_certs = certs.get(); | 124 CertificateList* raw_certs = certs.get(); |
| 134 GetSlowTaskRunner()->PostTaskAndReply( | 125 GetSlowTaskRunner()->PostTaskAndReply( |
| 135 FROM_HERE, | 126 FROM_HERE, |
| 136 base::Bind(&NSSCertDatabase::ListCertsImpl, | 127 base::Bind(&NSSCertDatabase::ListCertsImpl, |
| 137 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), | 128 base::Passed(crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot))), |
| 138 base::Unretained(raw_certs)), | 129 base::Unretained(raw_certs)), |
| 139 base::Bind(callback, base::Passed(&certs))); | 130 base::Bind(callback, base::Passed(&certs))); |
| 140 } | 131 } |
| 141 | 132 |
| 142 crypto::ScopedPK11Slot NSSCertDatabase::GetPublicSlot() const { | 133 crypto::ScopedPK11Slot NSSCertDatabase::GetPublicSlot() const { |
| 143 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()); | 134 return crypto::ScopedPK11Slot(PK11_ReferenceSlot(public_slot_.get())); |
| 144 } | 135 } |
| 145 | 136 |
| 146 crypto::ScopedPK11Slot NSSCertDatabase::GetPrivateSlot() const { | 137 crypto::ScopedPK11Slot NSSCertDatabase::GetPrivateSlot() const { |
| 147 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()); | 138 return crypto::ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get())); |
| 148 } | 139 } |
| 149 | 140 |
| 150 CryptoModule* NSSCertDatabase::GetPublicModule() const { | 141 CryptoModule* NSSCertDatabase::GetPublicModule() const { |
| 151 crypto::ScopedPK11Slot slot(GetPublicSlot()); | 142 crypto::ScopedPK11Slot slot(GetPublicSlot()); |
| 152 return CryptoModule::CreateFromHandle(slot.get()); | 143 return CryptoModule::CreateFromHandle(slot.get()); |
| 153 } | 144 } |
| 154 | 145 |
| 155 CryptoModule* NSSCertDatabase::GetPrivateModule() const { | 146 CryptoModule* NSSCertDatabase::GetPrivateModule() const { |
| 156 crypto::ScopedPK11Slot slot(GetPrivateSlot()); | 147 crypto::ScopedPK11Slot slot(GetPrivateSlot()); |
| 157 return CryptoModule::CreateFromHandle(slot.get()); | 148 return CryptoModule::CreateFromHandle(slot.get()); |
| (...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 472 } else { | 463 } else { |
| 473 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { | 464 if (SEC_DeletePermCertificate(cert->os_cert_handle())) { |
| 474 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); | 465 LOG(ERROR) << "SEC_DeletePermCertificate failed: " << PORT_GetError(); |
| 475 return false; | 466 return false; |
| 476 } | 467 } |
| 477 } | 468 } |
| 478 return true; | 469 return true; |
| 479 } | 470 } |
| 480 | 471 |
| 481 } // namespace net | 472 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 405973003:
Remove the deprecated NSSCertDatabase::GetInstance() . (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src