net/cert/nss_cert_database_chromeos.h - Issue 424523002: Enable system NSS key slot.

Side by Side Diff: net/cert/nss_cert_database_chromeos.h

Issue 424523002: Enable system NSS key slot. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Move nss_cert_database_chromeos_unittest.cc changes to another CL. Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_	5 #ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_

6 #define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_	6 #define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_

7	7

8 #include "base/callback.h"	8 #include "base/callback.h"

9 #include "base/memory/weak_ptr.h"	9 #include "base/memory/weak_ptr.h"

10 #include "crypto/scoped_nss_types.h"	10 #include "crypto/scoped_nss_types.h"

11 #include "net/base/net_export.h"	11 #include "net/base/net_export.h"

12 #include "net/cert/nss_cert_database.h"	12 #include "net/cert/nss_cert_database.h"

13 #include "net/cert/nss_profile_filter_chromeos.h"	13 #include "net/cert/nss_profile_filter_chromeos.h"

14	14

15 namespace net {	15 namespace net {

16	16

17 class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {	17 class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {

18 public:	18 public:

	19 // \|public_slot\| is the NSS software slot for the user.
	Ryan Sleevi 2014/07/29 23:53:15 Comment wise, I think the older bits were more cor Comment wise, I think the older bits were more correct. In particular, there should be no assumption that \|public_slot\| is a software slot. In the future, it will be a Chaps slot just the same. It's just the place to store the public details. pneubeck (no reviews) 2014/07/30 06:27:39 Actually, this comment should be unnecessary as th Show quoted text On 2014/07/29 23:53:15, Ryan Sleevi wrote: > Comment wise, I think the older bits were more correct. > > In particular, there should be no assumption that \|public_slot\| is a software > slot. In the future, it will be a Chaps slot just the same. > > It's just the place to store the public details. Actually, this comment should be unnecessary as the arguments are forwarded to NSSCertDatabase? With 'older bits' you probably mean the c'tor comment on NSSCertDatabase. Ryan Sleevi 2014/07/30 06:45:30 Yeah. Either way, the comment is wrong as is. We Show quoted text On 2014/07/30 06:27:39, pneubeck wrote: > On 2014/07/29 23:53:15, Ryan Sleevi wrote: > > Comment wise, I think the older bits were more correct. > > > > In particular, there should be no assumption that \|public_slot\| is a software > > slot. In the future, it will be a Chaps slot just the same. > > > > It's just the place to store the public details. > > Actually, this comment should be unnecessary as the arguments are forwarded to > NSSCertDatabase? > With 'older bits' you probably mean the c'tor comment on NSSCertDatabase. Yeah. Either way, the comment is wrong as is. We shouldn't assume software. pneubeck (no reviews) 2014/07/30 13:54:10 Removed. Show quoted text On 2014/07/30 06:45:30, Ryan Sleevi wrote: > On 2014/07/30 06:27:39, pneubeck wrote: > > On 2014/07/29 23:53:15, Ryan Sleevi wrote: > > > Comment wise, I think the older bits were more correct. > > > > > > In particular, there should be no assumption that \|public_slot\| is a > software > > > slot. In the future, it will be a Chaps slot just the same. > > > > > > It's just the place to store the public details. > > > > Actually, this comment should be unnecessary as the arguments are forwarded to > > NSSCertDatabase? > > With 'older bits' you probably mean the c'tor comment on NSSCertDatabase. > > Yeah. > > Either way, the comment is wrong as is. We shouldn't assume software. Removed.
	20 // \|private_slot\| is the TPM slot for the user (if a TPM is present).

19 NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,	21 NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,

20 crypto::ScopedPK11Slot private_slot);	22 crypto::ScopedPK11Slot private_slot);

21 virtual ~NSSCertDatabaseChromeOS();	23 virtual ~NSSCertDatabaseChromeOS();

22	24

	25 // \|system_slot\| is the system TPM slot, which is only enabled for certain

	26 // users.

	27 void SetSystemSlot(crypto::ScopedPK11Slot system_slot);

	28

23 // NSSCertDatabase implementation.	29 // NSSCertDatabase implementation.

24 virtual void ListCertsSync(CertificateList* certs) OVERRIDE;	30 virtual void ListCertsSync(CertificateList* certs) OVERRIDE;

25 virtual void ListCerts(const NSSCertDatabase::ListCertsCallback& callback)	31 virtual void ListCerts(const NSSCertDatabase::ListCertsCallback& callback)

26 OVERRIDE;	32 OVERRIDE;

27 virtual void ListModules(CryptoModuleList* modules, bool need_rw) const	33 virtual void ListModules(CryptoModuleList* modules, bool need_rw) const

28 OVERRIDE;	34 OVERRIDE;

	35 virtual crypto::ScopedPK11Slot GetSystemSlot() const OVERRIDE;

29	36

30 // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist	37 // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist

31 // in multiple slots.	38 // in multiple slots.

32 // TODO(mattm): handle trust setting correctly for certs in read-only slots.	39 // TODO(mattm): handle trust setting correctly for certs in read-only slots.

33	40

34 private:	41 private:

35 // Certificate listing implementation used by \|ListCerts\| and \|ListCertsSync\|.	42 // Certificate listing implementation used by \|ListCerts\| and \|ListCertsSync\|.

36 // The certificate list normally returned by NSSCertDatabase::ListCertsImpl	43 // The certificate list normally returned by NSSCertDatabase::ListCertsImpl

37 // is additionally filtered by \|profile_filter\|.	44 // is additionally filtered by \|profile_filter\|.

38 // Static so it may safely be used on the worker thread.	45 // Static so it may safely be used on the worker thread.

39 static void ListCertsImpl(const NSSProfileFilterChromeOS& profile_filter,	46 static void ListCertsImpl(const NSSProfileFilterChromeOS& profile_filter,

40 CertificateList* certs);	47 CertificateList* certs);

41	48

42 NSSProfileFilterChromeOS profile_filter_;	49 NSSProfileFilterChromeOS profile_filter_;

	50 crypto::ScopedPK11Slot system_slot_;

43	51

44 DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOS);	52 DISALLOW_COPY_AND_ASSIGN(NSSCertDatabaseChromeOS);

45 };	53 };

46	54

47 } // namespace net	55 } // namespace net

48	56

49 #endif // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_	57 #endif // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_

OLD	NEW

« net/cert/nss_cert_database.h ('K') | « net/cert/nss_cert_database.cc ('k') | net/cert/nss_cert_database_chromeos.cc » ('j') | net/ssl/client_cert_store_chromeos.cc » ('J')