Chromium Code Reviews Chromium Code Reviews
Issue 419013003:
Replace c/b/nss_context by a KeyedService. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <keyhi.h> | 8 #include <keyhi.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/bind.h" | 12 #include "base/bind.h" |
| 13 #include "base/bind_helpers.h" | 13 #include "base/bind_helpers.h" |
| 14 #include "base/callback.h" | 14 #include "base/callback.h" |
| 15 #include "base/location.h" | 15 #include "base/location.h" |
| 16 #include "base/logging.h" | 16 #include "base/logging.h" |
| 17 #include "base/sequenced_task_runner.h" | 17 #include "base/sequenced_task_runner.h" |
| 18 #include "base/single_thread_task_runner.h" | 18 #include "base/single_thread_task_runner.h" |
| 19 #include "base/thread_task_runner_handle.h" | 19 #include "base/thread_task_runner_handle.h" |
| 20 #include "base/values.h" | 20 #include "base/values.h" |
| 21 #include "chromeos/network/network_event_log.h" | 21 #include "chromeos/network/network_event_log.h" |
| 22 #include "chromeos/network/onc/onc_utils.h" | 22 #include "chromeos/network/onc/onc_utils.h" |
| 23 #include "components/cert_database/public/cert_database_service_io_part.h" | |
| 23 #include "components/onc/onc_constants.h" | 24 #include "components/onc/onc_constants.h" |
| 24 #include "crypto/scoped_nss_types.h" | 25 #include "crypto/scoped_nss_types.h" |
| 25 #include "net/base/crypto_module.h" | 26 #include "net/base/crypto_module.h" |
| 26 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
| 27 #include "net/cert/nss_cert_database.h" | 28 #include "net/cert/nss_cert_database.h" |
| 28 #include "net/cert/x509_certificate.h" | 29 #include "net/cert/x509_certificate.h" |
| 29 | 30 |
| 30 namespace chromeos { | 31 namespace chromeos { |
| 31 namespace onc { | 32 namespace onc { |
| 32 | 33 |
| 33 namespace { | 34 namespace { |
| 34 | 35 |
| 35 void CallBackOnOriginLoop( | 36 void CallBackOnOriginLoop( |
| 36 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, | 37 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, |
| 37 const CertificateImporter::DoneCallback& callback, | 38 const CertificateImporter::DoneCallback& callback, |
| 38 bool success, | 39 bool success, |
| 39 const net::CertificateList& onc_trusted_certificates) { | 40 const net::CertificateList& onc_trusted_certificates) { |
| 40 origin_loop->PostTask( | 41 origin_loop->PostTask( |
| 41 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); | 42 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); |
| 42 } | 43 } |
| 43 | 44 |
| 45 void GetNSSCertDatabase( | |
|
stevenjb
2014/10/29 18:43:51
This name is a bit confusing, maybe something like
pneubeck (no reviews)
2014/11/05 14:53:36
Added a comment to clarify. I think the naming sch
| |
| 46 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io, | |
| 47 const cert_database::CertDatabaseServiceIOPart::GetCertDBCallback& | |
| 48 callback) { | |
| 49 if (!cert_db_io) { | |
| 50 callback.Run(NULL /* no NSSCertDatabase */); | |
| 51 return; | |
| 52 } | |
| 53 net::NSSCertDatabase* nss_db = cert_db_io->GetNSSCertDatabase(callback); | |
| 54 if (nss_db) | |
| 55 callback.Run(nss_db); | |
| 56 } | |
| 57 | |
| 44 } // namespace | 58 } // namespace |
| 45 | 59 |
| 46 CertificateImporterImpl::CertificateImporterImpl( | 60 CertificateImporterImpl::CertificateImporterImpl( |
| 47 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, | 61 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, |
| 48 net::NSSCertDatabase* target_nssdb) | 62 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io) |
| 49 : io_task_runner_(io_task_runner), | 63 : io_task_runner_(io_task_runner), |
| 50 target_nssdb_(target_nssdb), | 64 cert_db_io_(cert_db_io), |
| 51 weak_factory_(this) { | 65 weak_factory_(this) { |
| 52 CHECK(target_nssdb); | |
| 53 } | 66 } |
| 54 | 67 |
| 55 CertificateImporterImpl::~CertificateImporterImpl() { | 68 CertificateImporterImpl::~CertificateImporterImpl() { |
| 56 } | 69 } |
| 57 | 70 |
| 58 void CertificateImporterImpl::ImportCertificates( | 71 void CertificateImporterImpl::ImportCertificates( |
| 59 const base::ListValue& certificates, | 72 const base::ListValue& certificates, |
| 60 ::onc::ONCSource source, | 73 ::onc::ONCSource source, |
| 61 const DoneCallback& done_callback) { | 74 const DoneCallback& done_callback) { |
| 62 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; | 75 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; |
| 63 // |done_callback| must only be called as long as |this| still exists. | 76 // |done_callback| must only be called as long as |this| still exists. |
| 64 // Thereforce, call back to |this|. This check of |this| must happen last and | 77 // Thereforce, call back to |this|. This check of |this| must happen last and |
| 65 // on the origin thread. | 78 // on the origin thread. |
| 66 DoneCallback callback_to_this = | 79 DoneCallback callback_to_this = |
| 67 base::Bind(&CertificateImporterImpl::RunDoneCallback, | 80 base::Bind(&CertificateImporterImpl::RunDoneCallback, |
| 68 weak_factory_.GetWeakPtr(), | 81 weak_factory_.GetWeakPtr(), |
| 69 done_callback); | 82 done_callback); |
| 70 | 83 |
| 71 // |done_callback| must be called on the origin thread. | 84 // |done_callback| must be called on the origin thread. |
| 72 DoneCallback callback_on_origin_loop = | 85 DoneCallback callback_on_origin_loop = |
| 73 base::Bind(&CallBackOnOriginLoop, | 86 base::Bind(&CallBackOnOriginLoop, |
| 74 base::ThreadTaskRunnerHandle::Get(), | 87 base::ThreadTaskRunnerHandle::Get(), |
| 75 callback_to_this); | 88 callback_to_this); |
| 76 | 89 |
| 77 // This is the actual function that imports the certificates. | 90 // This is the actual function that imports the certificates. This must be |
| 78 base::Closure import_certs_callback = | 91 // executed when the NSSCertDatabase is available. |
| 79 base::Bind(&ParseAndStoreCertificates, | 92 cert_database::CertDatabaseServiceIOPart::GetCertDBCallback |
| 80 source, | 93 import_certs_callback = base::Bind(&ParseAndStoreCertificates, |
| 81 callback_on_origin_loop, | 94 source, |
| 82 base::Owned(certificates.DeepCopy()), | 95 callback_on_origin_loop, |
| 83 target_nssdb_); | 96 base::Owned(certificates.DeepCopy())); |
| 84 | 97 |
| 85 // The NSSCertDatabase must be accessed on |io_task_runner_| | 98 // The NSSCertDatabase is obtained from |cert_db_io_|, which must be accessed |
| 86 io_task_runner_->PostTask(FROM_HERE, import_certs_callback); | 99 // on |io_task_runner_| |
| 100 io_task_runner_->PostTask( | |
| 101 FROM_HERE, | |
| 102 base::Bind(&GetNSSCertDatabase, cert_db_io_, import_certs_callback)); | |
| 87 } | 103 } |
| 88 | 104 |
| 89 // static | 105 // static |
| 90 void CertificateImporterImpl::ParseAndStoreCertificates( | 106 void CertificateImporterImpl::ParseAndStoreCertificates( |
| 91 ::onc::ONCSource source, | 107 ::onc::ONCSource source, |
| 92 const DoneCallback& done_callback, | 108 const DoneCallback& done_callback, |
| 93 base::ListValue* certificates, | 109 base::ListValue* certificates, |
| 94 net::NSSCertDatabase* nssdb) { | 110 net::NSSCertDatabase* nssdb) { |
| 111 net::CertificateList onc_trusted_certificates; | |
| 112 if (!nssdb) { | |
| 113 done_callback.Run(false, onc_trusted_certificates); | |
| 114 return; | |
| 115 } | |
| 95 // Web trust is only granted to certificates imported by the user. | 116 // Web trust is only granted to certificates imported by the user. |
| 96 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; | 117 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; |
| 97 net::CertificateList onc_trusted_certificates; | |
| 98 bool success = true; | 118 bool success = true; |
| 99 for (size_t i = 0; i < certificates->GetSize(); ++i) { | 119 for (size_t i = 0; i < certificates->GetSize(); ++i) { |
| 100 const base::DictionaryValue* certificate = NULL; | 120 const base::DictionaryValue* certificate = NULL; |
| 101 certificates->GetDictionary(i, &certificate); | 121 certificates->GetDictionary(i, &certificate); |
| 102 DCHECK(certificate != NULL); | 122 DCHECK(certificate != NULL); |
| 103 | 123 |
| 104 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; | 124 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; |
| 105 | 125 |
| 106 if (!ParseAndStoreCertificate(allow_trust_imports, | 126 if (!ParseAndStoreCertificate(allow_trust_imports, |
| 107 *certificate, | 127 *certificate, |
| (...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 397 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); | 417 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
| 398 SECKEY_DestroyPrivateKey(private_key); | 418 SECKEY_DestroyPrivateKey(private_key); |
| 399 } else { | 419 } else { |
| 400 LOG(WARNING) << "Unable to find private key for certificate."; | 420 LOG(WARNING) << "Unable to find private key for certificate."; |
| 401 } | 421 } |
| 402 return true; | 422 return true; |
| 403 } | 423 } |
| 404 | 424 |
| 405 } // namespace onc | 425 } // namespace onc |
| 406 } // namespace chromeos | 426 } // namespace chromeos |
| OLD | NEW |
