OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <keyhi.h> | 8 #include <keyhi.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 | 10 |
11 #include "base/base64.h" | 11 #include "base/base64.h" |
12 #include "base/bind.h" | 12 #include "base/bind.h" |
13 #include "base/bind_helpers.h" | 13 #include "base/bind_helpers.h" |
14 #include "base/callback.h" | 14 #include "base/callback.h" |
15 #include "base/location.h" | 15 #include "base/location.h" |
16 #include "base/logging.h" | 16 #include "base/logging.h" |
17 #include "base/sequenced_task_runner.h" | 17 #include "base/sequenced_task_runner.h" |
18 #include "base/single_thread_task_runner.h" | 18 #include "base/single_thread_task_runner.h" |
19 #include "base/thread_task_runner_handle.h" | 19 #include "base/thread_task_runner_handle.h" |
20 #include "base/values.h" | 20 #include "base/values.h" |
21 #include "chromeos/network/network_event_log.h" | 21 #include "chromeos/network/network_event_log.h" |
22 #include "chromeos/network/onc/onc_utils.h" | 22 #include "chromeos/network/onc/onc_utils.h" |
| 23 #include "components/cert_database/public/cert_database_service_io_part.h" |
23 #include "components/onc/onc_constants.h" | 24 #include "components/onc/onc_constants.h" |
24 #include "crypto/scoped_nss_types.h" | 25 #include "crypto/scoped_nss_types.h" |
25 #include "net/base/crypto_module.h" | 26 #include "net/base/crypto_module.h" |
26 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
27 #include "net/cert/nss_cert_database.h" | 28 #include "net/cert/nss_cert_database.h" |
28 #include "net/cert/x509_certificate.h" | 29 #include "net/cert/x509_certificate.h" |
29 | 30 |
30 namespace chromeos { | 31 namespace chromeos { |
31 namespace onc { | 32 namespace onc { |
32 | 33 |
33 namespace { | 34 namespace { |
34 | 35 |
35 void CallBackOnOriginLoop( | 36 void CallBackOnOriginLoop( |
36 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, | 37 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, |
37 const CertificateImporter::DoneCallback& callback, | 38 const CertificateImporter::DoneCallback& callback, |
38 bool success, | 39 bool success, |
39 const net::CertificateList& onc_trusted_certificates) { | 40 const net::CertificateList& onc_trusted_certificates) { |
40 origin_loop->PostTask( | 41 origin_loop->PostTask( |
41 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); | 42 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); |
42 } | 43 } |
43 | 44 |
| 45 void GetNSSCertDatabase( |
| 46 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io, |
| 47 const cert_database::CertDatabaseServiceIOPart::GetCertDBCallback& |
| 48 callback) { |
| 49 if (!cert_db_io) { |
| 50 callback.Run(NULL /* no NSSCertDatabase */); |
| 51 return; |
| 52 } |
| 53 net::NSSCertDatabase* nss_db = cert_db_io->GetNSSCertDatabase(callback); |
| 54 if (nss_db) |
| 55 callback.Run(nss_db); |
| 56 } |
| 57 |
44 } // namespace | 58 } // namespace |
45 | 59 |
46 CertificateImporterImpl::CertificateImporterImpl( | 60 CertificateImporterImpl::CertificateImporterImpl( |
47 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, | 61 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, |
48 net::NSSCertDatabase* target_nssdb) | 62 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io) |
49 : io_task_runner_(io_task_runner), | 63 : io_task_runner_(io_task_runner), |
50 target_nssdb_(target_nssdb), | 64 cert_db_io_(cert_db_io), |
51 weak_factory_(this) { | 65 weak_factory_(this) { |
52 CHECK(target_nssdb); | |
53 } | 66 } |
54 | 67 |
55 CertificateImporterImpl::~CertificateImporterImpl() { | 68 CertificateImporterImpl::~CertificateImporterImpl() { |
56 } | 69 } |
57 | 70 |
58 void CertificateImporterImpl::ImportCertificates( | 71 void CertificateImporterImpl::ImportCertificates( |
59 const base::ListValue& certificates, | 72 const base::ListValue& certificates, |
60 ::onc::ONCSource source, | 73 ::onc::ONCSource source, |
61 const DoneCallback& done_callback) { | 74 const DoneCallback& done_callback) { |
62 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; | 75 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; |
63 // |done_callback| must only be called as long as |this| still exists. | 76 // |done_callback| must only be called as long as |this| still exists. |
64 // Thereforce, call back to |this|. This check of |this| must happen last and | 77 // Thereforce, call back to |this|. This check of |this| must happen last and |
65 // on the origin thread. | 78 // on the origin thread. |
66 DoneCallback callback_to_this = | 79 DoneCallback callback_to_this = |
67 base::Bind(&CertificateImporterImpl::RunDoneCallback, | 80 base::Bind(&CertificateImporterImpl::RunDoneCallback, |
68 weak_factory_.GetWeakPtr(), | 81 weak_factory_.GetWeakPtr(), |
69 done_callback); | 82 done_callback); |
70 | 83 |
71 // |done_callback| must be called on the origin thread. | 84 // |done_callback| must be called on the origin thread. |
72 DoneCallback callback_on_origin_loop = | 85 DoneCallback callback_on_origin_loop = |
73 base::Bind(&CallBackOnOriginLoop, | 86 base::Bind(&CallBackOnOriginLoop, |
74 base::ThreadTaskRunnerHandle::Get(), | 87 base::ThreadTaskRunnerHandle::Get(), |
75 callback_to_this); | 88 callback_to_this); |
76 | 89 |
77 // This is the actual function that imports the certificates. | 90 // This is the actual function that imports the certificates. This must be |
78 base::Closure import_certs_callback = | 91 // executed when the NSSCertDatabase is available. |
79 base::Bind(&ParseAndStoreCertificates, | 92 cert_database::CertDatabaseServiceIOPart::GetCertDBCallback |
80 source, | 93 import_certs_callback = base::Bind(&ParseAndStoreCertificates, |
81 callback_on_origin_loop, | 94 source, |
82 base::Owned(certificates.DeepCopy()), | 95 callback_on_origin_loop, |
83 target_nssdb_); | 96 base::Owned(certificates.DeepCopy())); |
84 | 97 |
85 // The NSSCertDatabase must be accessed on |io_task_runner_| | 98 // The NSSCertDatabase is obtained from |cert_db_io_|, which must be accessed |
86 io_task_runner_->PostTask(FROM_HERE, import_certs_callback); | 99 // on |io_task_runner_| |
| 100 io_task_runner_->PostTask( |
| 101 FROM_HERE, |
| 102 base::Bind(&GetNSSCertDatabase, cert_db_io_, import_certs_callback)); |
87 } | 103 } |
88 | 104 |
89 // static | 105 // static |
90 void CertificateImporterImpl::ParseAndStoreCertificates( | 106 void CertificateImporterImpl::ParseAndStoreCertificates( |
91 ::onc::ONCSource source, | 107 ::onc::ONCSource source, |
92 const DoneCallback& done_callback, | 108 const DoneCallback& done_callback, |
93 base::ListValue* certificates, | 109 base::ListValue* certificates, |
94 net::NSSCertDatabase* nssdb) { | 110 net::NSSCertDatabase* nssdb) { |
| 111 net::CertificateList onc_trusted_certificates; |
| 112 if (!nssdb) { |
| 113 done_callback.Run(false, onc_trusted_certificates); |
| 114 return; |
| 115 } |
95 // Web trust is only granted to certificates imported by the user. | 116 // Web trust is only granted to certificates imported by the user. |
96 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; | 117 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; |
97 net::CertificateList onc_trusted_certificates; | |
98 bool success = true; | 118 bool success = true; |
99 for (size_t i = 0; i < certificates->GetSize(); ++i) { | 119 for (size_t i = 0; i < certificates->GetSize(); ++i) { |
100 const base::DictionaryValue* certificate = NULL; | 120 const base::DictionaryValue* certificate = NULL; |
101 certificates->GetDictionary(i, &certificate); | 121 certificates->GetDictionary(i, &certificate); |
102 DCHECK(certificate != NULL); | 122 DCHECK(certificate != NULL); |
103 | 123 |
104 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; | 124 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; |
105 | 125 |
106 if (!ParseAndStoreCertificate(allow_trust_imports, | 126 if (!ParseAndStoreCertificate(allow_trust_imports, |
107 *certificate, | 127 *certificate, |
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
397 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); | 417 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
398 SECKEY_DestroyPrivateKey(private_key); | 418 SECKEY_DestroyPrivateKey(private_key); |
399 } else { | 419 } else { |
400 LOG(WARNING) << "Unable to find private key for certificate."; | 420 LOG(WARNING) << "Unable to find private key for certificate."; |
401 } | 421 } |
402 return true; | 422 return true; |
403 } | 423 } |
404 | 424 |
405 } // namespace onc | 425 } // namespace onc |
406 } // namespace chromeos | 426 } // namespace chromeos |
OLD | NEW |