OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <keyhi.h> | 8 #include <keyhi.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 | 10 |
11 #include "base/base64.h" | 11 #include "base/base64.h" |
12 #include "base/bind.h" | 12 #include "base/bind.h" |
13 #include "base/bind_helpers.h" | 13 #include "base/bind_helpers.h" |
14 #include "base/callback.h" | 14 #include "base/callback.h" |
15 #include "base/location.h" | 15 #include "base/location.h" |
16 #include "base/logging.h" | 16 #include "base/logging.h" |
17 #include "base/sequenced_task_runner.h" | 17 #include "base/sequenced_task_runner.h" |
18 #include "base/single_thread_task_runner.h" | 18 #include "base/single_thread_task_runner.h" |
19 #include "base/thread_task_runner_handle.h" | 19 #include "base/thread_task_runner_handle.h" |
20 #include "base/values.h" | 20 #include "base/values.h" |
21 #include "chromeos/network/network_event_log.h" | 21 #include "chromeos/network/network_event_log.h" |
22 #include "chromeos/network/onc/onc_utils.h" | 22 #include "chromeos/network/onc/onc_utils.h" |
| 23 #include "components/cert_database/cert_database_service_io_part.h" |
23 #include "components/onc/onc_constants.h" | 24 #include "components/onc/onc_constants.h" |
24 #include "crypto/scoped_nss_types.h" | 25 #include "crypto/scoped_nss_types.h" |
25 #include "net/base/crypto_module.h" | 26 #include "net/base/crypto_module.h" |
26 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
27 #include "net/cert/nss_cert_database.h" | 28 #include "net/cert/nss_cert_database.h" |
28 #include "net/cert/x509_certificate.h" | 29 #include "net/cert/x509_certificate.h" |
29 | 30 |
30 namespace chromeos { | 31 namespace chromeos { |
31 namespace onc { | 32 namespace onc { |
32 | 33 |
33 namespace { | 34 namespace { |
34 | 35 |
35 void CallBackOnOriginLoop( | 36 void CallBackOnOriginLoop( |
36 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, | 37 const scoped_refptr<base::SingleThreadTaskRunner>& origin_loop, |
37 const CertificateImporter::DoneCallback& callback, | 38 const CertificateImporter::DoneCallback& callback, |
38 bool success, | 39 bool success, |
39 const net::CertificateList& onc_trusted_certificates) { | 40 const net::CertificateList& onc_trusted_certificates) { |
40 origin_loop->PostTask( | 41 origin_loop->PostTask( |
41 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); | 42 FROM_HERE, base::Bind(callback, success, onc_trusted_certificates)); |
42 } | 43 } |
43 | 44 |
| 45 // Gets the NSSCertDatabase from |cert_db_io| and passes it to |callback|. |
| 46 void GetNSSCertDatabase( |
| 47 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io, |
| 48 const cert_database::CertDatabaseServiceIOPart::GetCertDBCallback& |
| 49 callback) { |
| 50 if (!cert_db_io) { |
| 51 callback.Run(NULL /* no NSSCertDatabase */); |
| 52 return; |
| 53 } |
| 54 net::NSSCertDatabase* nss_db = cert_db_io->GetNSSCertDatabase(callback); |
| 55 if (nss_db) |
| 56 callback.Run(nss_db); |
| 57 } |
| 58 |
44 } // namespace | 59 } // namespace |
45 | 60 |
46 CertificateImporterImpl::CertificateImporterImpl( | 61 CertificateImporterImpl::CertificateImporterImpl( |
47 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, | 62 const scoped_refptr<base::SequencedTaskRunner>& io_task_runner, |
48 net::NSSCertDatabase* target_nssdb) | 63 const base::WeakPtr<cert_database::CertDatabaseServiceIOPart>& cert_db_io) |
49 : io_task_runner_(io_task_runner), | 64 : io_task_runner_(io_task_runner), |
50 target_nssdb_(target_nssdb), | 65 cert_db_io_(cert_db_io), |
51 weak_factory_(this) { | 66 weak_factory_(this) { |
52 CHECK(target_nssdb); | |
53 } | 67 } |
54 | 68 |
55 CertificateImporterImpl::~CertificateImporterImpl() { | 69 CertificateImporterImpl::~CertificateImporterImpl() { |
56 } | 70 } |
57 | 71 |
58 void CertificateImporterImpl::ImportCertificates( | 72 void CertificateImporterImpl::ImportCertificates( |
59 const base::ListValue& certificates, | 73 const base::ListValue& certificates, |
60 ::onc::ONCSource source, | 74 ::onc::ONCSource source, |
61 const DoneCallback& done_callback) { | 75 const DoneCallback& done_callback) { |
62 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; | 76 VLOG(2) << "ONC file has " << certificates.GetSize() << " certificates"; |
63 // |done_callback| must only be called as long as |this| still exists. | 77 // |done_callback| must only be called as long as |this| still exists. |
64 // Thereforce, call back to |this|. This check of |this| must happen last and | 78 // Thereforce, call back to |this|. This check of |this| must happen last and |
65 // on the origin thread. | 79 // on the origin thread. |
66 DoneCallback callback_to_this = | 80 DoneCallback callback_to_this = |
67 base::Bind(&CertificateImporterImpl::RunDoneCallback, | 81 base::Bind(&CertificateImporterImpl::RunDoneCallback, |
68 weak_factory_.GetWeakPtr(), | 82 weak_factory_.GetWeakPtr(), |
69 done_callback); | 83 done_callback); |
70 | 84 |
71 // |done_callback| must be called on the origin thread. | 85 // |done_callback| must be called on the origin thread. |
72 DoneCallback callback_on_origin_loop = | 86 DoneCallback callback_on_origin_loop = |
73 base::Bind(&CallBackOnOriginLoop, | 87 base::Bind(&CallBackOnOriginLoop, |
74 base::ThreadTaskRunnerHandle::Get(), | 88 base::ThreadTaskRunnerHandle::Get(), |
75 callback_to_this); | 89 callback_to_this); |
76 | 90 |
77 // This is the actual function that imports the certificates. | 91 // This is the actual function that imports the certificates. This must be |
78 base::Closure import_certs_callback = | 92 // executed when the NSSCertDatabase is available. |
79 base::Bind(&ParseAndStoreCertificates, | 93 cert_database::CertDatabaseServiceIOPart::GetCertDBCallback |
80 source, | 94 import_certs_callback = base::Bind(&ParseAndStoreCertificates, |
81 callback_on_origin_loop, | 95 source, |
82 base::Owned(certificates.DeepCopy()), | 96 callback_on_origin_loop, |
83 target_nssdb_); | 97 base::Owned(certificates.DeepCopy())); |
84 | 98 |
85 // The NSSCertDatabase must be accessed on |io_task_runner_| | 99 // The NSSCertDatabase is obtained from |cert_db_io_|, which must be accessed |
86 io_task_runner_->PostTask(FROM_HERE, import_certs_callback); | 100 // on |io_task_runner_| |
| 101 io_task_runner_->PostTask( |
| 102 FROM_HERE, |
| 103 base::Bind(&GetNSSCertDatabase, cert_db_io_, import_certs_callback)); |
87 } | 104 } |
88 | 105 |
89 // static | 106 // static |
90 void CertificateImporterImpl::ParseAndStoreCertificates( | 107 void CertificateImporterImpl::ParseAndStoreCertificates( |
91 ::onc::ONCSource source, | 108 ::onc::ONCSource source, |
92 const DoneCallback& done_callback, | 109 const DoneCallback& done_callback, |
93 base::ListValue* certificates, | 110 base::ListValue* certificates, |
94 net::NSSCertDatabase* nssdb) { | 111 net::NSSCertDatabase* nssdb) { |
| 112 net::CertificateList onc_trusted_certificates; |
| 113 if (!nssdb) { |
| 114 done_callback.Run(false, onc_trusted_certificates); |
| 115 return; |
| 116 } |
95 // Web trust is only granted to certificates imported by the user. | 117 // Web trust is only granted to certificates imported by the user. |
96 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; | 118 bool allow_trust_imports = source == ::onc::ONC_SOURCE_USER_IMPORT; |
97 net::CertificateList onc_trusted_certificates; | |
98 bool success = true; | 119 bool success = true; |
99 for (size_t i = 0; i < certificates->GetSize(); ++i) { | 120 for (size_t i = 0; i < certificates->GetSize(); ++i) { |
100 const base::DictionaryValue* certificate = NULL; | 121 const base::DictionaryValue* certificate = NULL; |
101 certificates->GetDictionary(i, &certificate); | 122 certificates->GetDictionary(i, &certificate); |
102 DCHECK(certificate != NULL); | 123 DCHECK(certificate != NULL); |
103 | 124 |
104 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; | 125 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; |
105 | 126 |
106 if (!ParseAndStoreCertificate(allow_trust_imports, | 127 if (!ParseAndStoreCertificate(allow_trust_imports, |
107 *certificate, | 128 *certificate, |
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
397 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); | 418 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
398 SECKEY_DestroyPrivateKey(private_key); | 419 SECKEY_DestroyPrivateKey(private_key); |
399 } else { | 420 } else { |
400 LOG(WARNING) << "Unable to find private key for certificate."; | 421 LOG(WARNING) << "Unable to find private key for certificate."; |
401 } | 422 } |
402 return true; | 423 return true; |
403 } | 424 } |
404 | 425 |
405 } // namespace onc | 426 } // namespace onc |
406 } // namespace chromeos | 427 } // namespace chromeos |
OLD | NEW |