Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Side by Side Diff: chromeos/network/onc/onc_certificate_importer_impl.cc

Issue 419013003: Replace c/b/nss_context by a KeyedService. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Separated out ClientCertStoreChromeOS change. Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <keyhi.h> 8 #include <keyhi.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 10
11 #include "base/base64.h" 11 #include "base/base64.h"
12 #include "base/bind.h" 12 #include "base/bind.h"
13 #include "base/bind_helpers.h" 13 #include "base/bind_helpers.h"
14 #include "base/callback.h" 14 #include "base/callback.h"
15 #include "base/location.h" 15 #include "base/location.h"
16 #include "base/logging.h" 16 #include "base/logging.h"
17 #include "base/sequenced_task_runner.h" 17 #include "base/sequenced_task_runner.h"
18 #include "base/single_thread_task_runner.h" 18 #include "base/single_thread_task_runner.h"
19 #include "base/thread_task_runner_handle.h" 19 #include "base/thread_task_runner_handle.h"
20 #include "base/values.h" 20 #include "base/values.h"
21 #include "chromeos/network/network_event_log.h" 21 #include "chromeos/network/network_event_log.h"
22 #include "chromeos/network/onc/onc_utils.h" 22 #include "chromeos/network/onc/onc_utils.h"
23 #include "components/cert_database/public/cert_database_service_io_part.h"
23 #include "components/onc/onc_constants.h" 24 #include "components/onc/onc_constants.h"
24 #include "crypto/scoped_nss_types.h" 25 #include "crypto/scoped_nss_types.h"
25 #include "net/base/crypto_module.h" 26 #include "net/base/crypto_module.h"
26 #include "net/base/net_errors.h" 27 #include "net/base/net_errors.h"
27 #include "net/cert/nss_cert_database.h" 28 #include "net/cert/nss_cert_database.h"
28 #include "net/cert/x509_certificate.h" 29 #include "net/cert/x509_certificate.h"
29 30
30 namespace chromeos { 31 namespace chromeos {
31 namespace onc { 32 namespace onc {
32 33
33 namespace { 34 namespace {
34 35
35 void CallBackOnOriginLoop( 36 void CallBackOnOriginLoop(
36 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, 37 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop,
37 const CertificateImporter::DoneCallback& callback, 38 const CertificateImporter::DoneCallback& callback,
38 bool success, 39 bool success,
39 const net::CertificateList& onc_trusted_certificates) { 40 const net::CertificateList& onc_trusted_certificates) {
40 origin_loop->PostTask( 41 origin_loop->PostTask(
41 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); 42 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates));
42 } 43 }
43 44
45 void GetNSSCertDatabase(
stevenjb 2014/10/29 18:43:51 This name is a bit confusing, maybe something like
pneubeck (no reviews) 2014/11/05 14:53:36 Added a comment to clarify. I think the naming sch
46 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io,
47 const cert_database::CertDatabaseServiceIOPart::GetCertDBCallback&
48 callback) {
49 if (!cert_db_io) {
50 callback.Run(NULL /* no NSSCertDatabase */);
51 return;
52 }
53 net::NSSCertDatabase* nss_db = cert_db_io->GetNSSCertDatabase(callback);
54 if (nss_db)
55 callback.Run(nss_db);
56 }
57
44 } // namespace 58 } // namespace
45 59
46 CertificateImporterImpl::CertificateImporterImpl( 60 CertificateImporterImpl::CertificateImporterImpl(
47 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, 61 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner,
48 net::NSSCertDatabase* target_nssdb) 62 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io)
49 : io_task_runner_(io_task_runner), 63 : io_task_runner_(io_task_runner),
50 target_nssdb_(target_nssdb), 64 cert_db_io_(cert_db_io),
51 weak_factory_(this) { 65 weak_factory_(this) {
52 CHECK(target_nssdb);
53 } 66 }
54 67
55 CertificateImporterImpl::~CertificateImporterImpl() { 68 CertificateImporterImpl::~CertificateImporterImpl() {
56 } 69 }
57 70
58 void CertificateImporterImpl::ImportCertificates( 71 void CertificateImporterImpl::ImportCertificates(
59 const base::ListValue& certificates, 72 const base::ListValue& certificates,
60 ::onc::ONCSource source, 73 ::onc::ONCSource source,
61 const DoneCallback& done_callback) { 74 const DoneCallback& done_callback) {
62 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; 75 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates";
63 // |done_callback| must only be called as long as |this| still exists. 76 // |done_callback| must only be called as long as |this| still exists.
64 // Thereforce, call back to |this|. This check of |this| must happen last and 77 // Thereforce, call back to |this|. This check of |this| must happen last and
65 // on the origin thread. 78 // on the origin thread.
66 DoneCallback callback_to_this = 79 DoneCallback callback_to_this =
67 base::Bind(&CertificateImporterImpl::RunDoneCallback, 80 base::Bind(&CertificateImporterImpl::RunDoneCallback,
68 weak_factory_.GetWeakPtr(), 81 weak_factory_.GetWeakPtr(),
69 done_callback); 82 done_callback);
70 83
71 // |done_callback| must be called on the origin thread. 84 // |done_callback| must be called on the origin thread.
72 DoneCallback callback_on_origin_loop = 85 DoneCallback callback_on_origin_loop =
73 base::Bind(&CallBackOnOriginLoop, 86 base::Bind(&CallBackOnOriginLoop,
74 base::ThreadTaskRunnerHandle::Get(), 87 base::ThreadTaskRunnerHandle::Get(),
75 callback_to_this); 88 callback_to_this);
76 89
77 // This is the actual function that imports the certificates. 90 // This is the actual function that imports the certificates. This must be
78 base::Closure import_certs_callback = 91 // executed when the NSSCertDatabase is available.
79 base::Bind(&ParseAndStoreCertificates, 92 cert_database::CertDatabaseServiceIOPart::GetCertDBCallback
80 source, 93 import_certs_callback = base::Bind(&ParseAndStoreCertificates,
81 callback_on_origin_loop, 94 source,
82 base::Owned(certificates.DeepCopy()), 95 callback_on_origin_loop,
83 target_nssdb_); 96 base::Owned(certificates.DeepCopy()));
84 97
85 // The NSSCertDatabase must be accessed on |io_task_runner_| 98 // The NSSCertDatabase is obtained from |cert_db_io_|, which must be accessed
86 io_task_runner_->PostTask(FROM_HERE, import_certs_callback); 99 // on |io_task_runner_|
100 io_task_runner_->PostTask(
101 FROM_HERE,
102 base::Bind(&GetNSSCertDatabase, cert_db_io_, import_certs_callback));
87 } 103 }
88 104
89 // static 105 // static
90 void CertificateImporterImpl::ParseAndStoreCertificates( 106 void CertificateImporterImpl::ParseAndStoreCertificates(
91 ::onc::ONCSource source, 107 ::onc::ONCSource source,
92 const DoneCallback& done_callback, 108 const DoneCallback& done_callback,
93 base::ListValue* certificates, 109 base::ListValue* certificates,
94 net::NSSCertDatabase* nssdb) { 110 net::NSSCertDatabase* nssdb) {
111 net::CertificateList onc_trusted_certificates;
112 if (!nssdb) {
113 done_callback.Run(false, onc_trusted_certificates);
114 return;
115 }
95 // Web trust is only granted to certificates imported by the user. 116 // Web trust is only granted to certificates imported by the user.
96 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; 117 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT;
97 net::CertificateList onc_trusted_certificates;
98 bool success = true; 118 bool success = true;
99 for (size_t i = 0; i < certificates->GetSize(); ++i) { 119 for (size_t i = 0; i < certificates->GetSize(); ++i) {
100 const base::DictionaryValue* certificate = NULL; 120 const base::DictionaryValue* certificate = NULL;
101 certificates->GetDictionary(i, &certificate); 121 certificates->GetDictionary(i, &certificate);
102 DCHECK(certificate != NULL); 122 DCHECK(certificate != NULL);
103 123
104 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; 124 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate;
105 125
106 if (!ParseAndStoreCertificate(allow_trust_imports, 126 if (!ParseAndStoreCertificate(allow_trust_imports,
107 *certificate, 127 *certificate,
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after
397 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); 417 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str()));
398 SECKEY_DestroyPrivateKey(private_key); 418 SECKEY_DestroyPrivateKey(private_key);
399 } else { 419 } else {
400 LOG(WARNING) << "Unable to find private key for certificate."; 420 LOG(WARNING) << "Unable to find private key for certificate.";
401 } 421 }
402 return true; 422 return true;
403 } 423 }
404 424
405 } // namespace onc 425 } // namespace onc
406 } // namespace chromeos 426 } // namespace chromeos
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698