| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <keyhi.h> | 8 #include <keyhi.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/bind.h" | 12 #include "base/bind.h" |
| 13 #include "base/bind_helpers.h" | 13 #include "base/bind_helpers.h" |
| 14 #include "base/callback.h" | 14 #include "base/callback.h" |
| 15 #include "base/location.h" | 15 #include "base/location.h" |
| 16 #include "base/logging.h" | 16 #include "base/logging.h" |
| 17 #include "base/sequenced_task_runner.h" | 17 #include "base/sequenced_task_runner.h" |
| 18 #include "base/single_thread_task_runner.h" | 18 #include "base/single_thread_task_runner.h" |
| 19 #include "base/thread_task_runner_handle.h" | 19 #include "base/thread_task_runner_handle.h" |
| 20 #include "base/values.h" | 20 #include "base/values.h" |
| 21 #include "chromeos/network/network_event_log.h" | 21 #include "chromeos/network/network_event_log.h" |
| 22 #include "chromeos/network/onc/onc_utils.h" | 22 #include "chromeos/network/onc/onc_utils.h" |
| 23 #include "components/cert_database/cert_database_service_io_part.h" |
| 23 #include "components/onc/onc_constants.h" | 24 #include "components/onc/onc_constants.h" |
| 24 #include "crypto/scoped_nss_types.h" | 25 #include "crypto/scoped_nss_types.h" |
| 25 #include "net/base/crypto_module.h" | 26 #include "net/base/crypto_module.h" |
| 26 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
| 27 #include "net/cert/nss_cert_database.h" | 28 #include "net/cert/nss_cert_database.h" |
| 28 #include "net/cert/x509_certificate.h" | 29 #include "net/cert/x509_certificate.h" |
| 29 | 30 |
| 30 namespace chromeos { | 31 namespace chromeos { |
| 31 namespace onc { | 32 namespace onc { |
| 32 | 33 |
| 33 namespace { | 34 namespace { |
| 34 | 35 |
| 35 void CallBackOnOriginLoop( | 36 void CallBackOnOriginLoop( |
| 36 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, | 37 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, |
| 37 const CertificateImporter::DoneCallback& callback, | 38 const CertificateImporter::DoneCallback& callback, |
| 38 bool success, | 39 bool success, |
| 39 const net::CertificateList& onc_trusted_certificates) { | 40 const net::CertificateList& onc_trusted_certificates) { |
| 40 origin_loop->PostTask( | 41 origin_loop->PostTask( |
| 41 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); | 42 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); |
| 42 } | 43 } |
| 43 | 44 |
| 45 // Gets the NSSCertDatabase from |cert_db_io| and passes it to |callback|. |
| 46 void GetNSSCertDatabase( |
| 47 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io, |
| 48 const cert_database::CertDatabaseServiceIOPart::GetCertDBCallback& |
| 49 callback) { |
| 50 if (!cert_db_io) { |
| 51 callback.Run(NULL /* no NSSCertDatabase */); |
| 52 return; |
| 53 } |
| 54 net::NSSCertDatabase* nss_db = cert_db_io->GetNSSCertDatabase(callback); |
| 55 if (nss_db) |
| 56 callback.Run(nss_db); |
| 57 } |
| 58 |
| 44 } // namespace | 59 } // namespace |
| 45 | 60 |
| 46 CertificateImporterImpl::CertificateImporterImpl( | 61 CertificateImporterImpl::CertificateImporterImpl( |
| 47 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, | 62 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, |
| 48 net::NSSCertDatabase* target_nssdb) | 63 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io) |
| 49 : io_task_runner_(io_task_runner), | 64 : io_task_runner_(io_task_runner), |
| 50 target_nssdb_(target_nssdb), | 65 cert_db_io_(cert_db_io), |
| 51 weak_factory_(this) { | 66 weak_factory_(this) { |
| 52 CHECK(target_nssdb); | |
| 53 } | 67 } |
| 54 | 68 |
| 55 CertificateImporterImpl::~CertificateImporterImpl() { | 69 CertificateImporterImpl::~CertificateImporterImpl() { |
| 56 } | 70 } |
| 57 | 71 |
| 58 void CertificateImporterImpl::ImportCertificates( | 72 void CertificateImporterImpl::ImportCertificates( |
| 59 const base::ListValue& certificates, | 73 const base::ListValue& certificates, |
| 60 ::onc::ONCSource source, | 74 ::onc::ONCSource source, |
| 61 const DoneCallback& done_callback) { | 75 const DoneCallback& done_callback) { |
| 62 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; | 76 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; |
| 63 // |done_callback| must only be called as long as |this| still exists. | 77 // |done_callback| must only be called as long as |this| still exists. |
| 64 // Thereforce, call back to |this|. This check of |this| must happen last and | 78 // Thereforce, call back to |this|. This check of |this| must happen last and |
| 65 // on the origin thread. | 79 // on the origin thread. |
| 66 DoneCallback callback_to_this = | 80 DoneCallback callback_to_this = |
| 67 base::Bind(&CertificateImporterImpl::RunDoneCallback, | 81 base::Bind(&CertificateImporterImpl::RunDoneCallback, |
| 68 weak_factory_.GetWeakPtr(), | 82 weak_factory_.GetWeakPtr(), |
| 69 done_callback); | 83 done_callback); |
| 70 | 84 |
| 71 // |done_callback| must be called on the origin thread. | 85 // |done_callback| must be called on the origin thread. |
| 72 DoneCallback callback_on_origin_loop = | 86 DoneCallback callback_on_origin_loop = |
| 73 base::Bind(&CallBackOnOriginLoop, | 87 base::Bind(&CallBackOnOriginLoop, |
| 74 base::ThreadTaskRunnerHandle::Get(), | 88 base::ThreadTaskRunnerHandle::Get(), |
| 75 callback_to_this); | 89 callback_to_this); |
| 76 | 90 |
| 77 // This is the actual function that imports the certificates. | 91 // This is the actual function that imports the certificates. This must be |
| 78 base::Closure import_certs_callback = | 92 // executed when the NSSCertDatabase is available. |
| 79 base::Bind(&ParseAndStoreCertificates, | 93 cert_database::CertDatabaseServiceIOPart::GetCertDBCallback |
| 80 source, | 94 import_certs_callback = base::Bind(&ParseAndStoreCertificates, |
| 81 callback_on_origin_loop, | 95 source, |
| 82 base::Owned(certificates.DeepCopy()), | 96 callback_on_origin_loop, |
| 83 target_nssdb_); | 97 base::Owned(certificates.DeepCopy())); |
| 84 | 98 |
| 85 // The NSSCertDatabase must be accessed on |io_task_runner_| | 99 // The NSSCertDatabase is obtained from |cert_db_io_|, which must be accessed |
| 86 io_task_runner_->PostTask(FROM_HERE, import_certs_callback); | 100 // on |io_task_runner_| |
| 101 io_task_runner_->PostTask( |
| 102 FROM_HERE, |
| 103 base::Bind(&GetNSSCertDatabase, cert_db_io_, import_certs_callback)); |
| 87 } | 104 } |
| 88 | 105 |
| 89 // static | 106 // static |
| 90 void CertificateImporterImpl::ParseAndStoreCertificates( | 107 void CertificateImporterImpl::ParseAndStoreCertificates( |
| 91 ::onc::ONCSource source, | 108 ::onc::ONCSource source, |
| 92 const DoneCallback& done_callback, | 109 const DoneCallback& done_callback, |
| 93 base::ListValue* certificates, | 110 base::ListValue* certificates, |
| 94 net::NSSCertDatabase* nssdb) { | 111 net::NSSCertDatabase* nssdb) { |
| 112 net::CertificateList onc_trusted_certificates; |
| 113 if (!nssdb) { |
| 114 done_callback.Run(false, onc_trusted_certificates); |
| 115 return; |
| 116 } |
| 95 // Web trust is only granted to certificates imported by the user. | 117 // Web trust is only granted to certificates imported by the user. |
| 96 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; | 118 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; |
| 97 net::CertificateList onc_trusted_certificates; | |
| 98 bool success = true; | 119 bool success = true; |
| 99 for (size_t i = 0; i < certificates->GetSize(); ++i) { | 120 for (size_t i = 0; i < certificates->GetSize(); ++i) { |
| 100 const base::DictionaryValue* certificate = NULL; | 121 const base::DictionaryValue* certificate = NULL; |
| 101 certificates->GetDictionary(i, &certificate); | 122 certificates->GetDictionary(i, &certificate); |
| 102 DCHECK(certificate != NULL); | 123 DCHECK(certificate != NULL); |
| 103 | 124 |
| 104 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; | 125 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; |
| 105 | 126 |
| 106 if (!ParseAndStoreCertificate(allow_trust_imports, | 127 if (!ParseAndStoreCertificate(allow_trust_imports, |
| 107 *certificate, | 128 *certificate, |
| (...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 397 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); | 418 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
| 398 SECKEY_DestroyPrivateKey(private_key); | 419 SECKEY_DestroyPrivateKey(private_key); |
| 399 } else { | 420 } else { |
| 400 LOG(WARNING) << "Unable to find private key for certificate."; | 421 LOG(WARNING) << "Unable to find private key for certificate."; |
| 401 } | 422 } |
| 402 return true; | 423 return true; |
| 403 } | 424 } |
| 404 | 425 |
| 405 } // namespace onc | 426 } // namespace onc |
| 406 } // namespace chromeos | 427 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 419013003:
Replace c/b/nss_context by a KeyedService. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src