| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_profile_filter_chromeos.h" | 5 #include "net/cert/nss_profile_filter_chromeos.h" |
| 6 | 6 |
| 7 #include "base/strings/string_piece.h" | 7 #include "base/strings/string_piece.h" |
| 8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
| 9 #include "net/cert/x509_certificate.h" | 9 #include "net/cert/x509_certificate.h" |
| 10 | 10 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS() {} | 36 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS() {} |
| 37 | 37 |
| 38 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS( | 38 NSSProfileFilterChromeOS::NSSProfileFilterChromeOS( |
| 39 const NSSProfileFilterChromeOS& other) { | 39 const NSSProfileFilterChromeOS& other) { |
| 40 public_slot_.reset(other.public_slot_ ? | 40 public_slot_.reset(other.public_slot_ ? |
| 41 PK11_ReferenceSlot(other.public_slot_.get()) : | 41 PK11_ReferenceSlot(other.public_slot_.get()) : |
| 42 NULL); | 42 NULL); |
| 43 private_slot_.reset(other.private_slot_ ? | 43 private_slot_.reset(other.private_slot_ ? |
| 44 PK11_ReferenceSlot(other.private_slot_.get()) : | 44 PK11_ReferenceSlot(other.private_slot_.get()) : |
| 45 NULL); | 45 NULL); |
| 46 system_slot_.reset( |
| 47 other.system_slot_ ? PK11_ReferenceSlot(other.system_slot_.get()) : NULL); |
| 46 } | 48 } |
| 47 | 49 |
| 48 NSSProfileFilterChromeOS::~NSSProfileFilterChromeOS() {} | 50 NSSProfileFilterChromeOS::~NSSProfileFilterChromeOS() {} |
| 49 | 51 |
| 50 NSSProfileFilterChromeOS& NSSProfileFilterChromeOS::operator=( | 52 NSSProfileFilterChromeOS& NSSProfileFilterChromeOS::operator=( |
| 51 const NSSProfileFilterChromeOS& other) { | 53 const NSSProfileFilterChromeOS& other) { |
| 52 public_slot_.reset(other.public_slot_ ? | 54 public_slot_.reset(other.public_slot_ ? |
| 53 PK11_ReferenceSlot(other.public_slot_.get()) : | 55 PK11_ReferenceSlot(other.public_slot_.get()) : |
| 54 NULL); | 56 NULL); |
| 55 private_slot_.reset(other.private_slot_ ? | 57 private_slot_.reset(other.private_slot_ ? |
| 56 PK11_ReferenceSlot(other.private_slot_.get()) : | 58 PK11_ReferenceSlot(other.private_slot_.get()) : |
| 57 NULL); | 59 NULL); |
| 60 system_slot_.reset( |
| 61 other.system_slot_ ? PK11_ReferenceSlot(other.system_slot_.get()) : NULL); |
| 58 return *this; | 62 return *this; |
| 59 } | 63 } |
| 60 | 64 |
| 61 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, | 65 void NSSProfileFilterChromeOS::Init(crypto::ScopedPK11Slot public_slot, |
| 62 crypto::ScopedPK11Slot private_slot) { | 66 crypto::ScopedPK11Slot private_slot, |
| 67 crypto::ScopedPK11Slot system_slot) { |
| 63 // crypto::ScopedPK11Slot actually holds a reference counted object. | 68 // crypto::ScopedPK11Slot actually holds a reference counted object. |
| 64 // Because scoped_ptr<T> assignment is a no-op if it already points to | 69 // Because scoped_ptr<T> assignment is a no-op if it already points to |
| 65 // the same pointer, a reference would be leaked because .Pass() does | 70 // the same pointer, a reference would be leaked because .Pass() does |
| 66 // not release its reference, and the receiving object won't free | 71 // not release its reference, and the receiving object won't free |
| 67 // its copy. | 72 // its copy. |
| 68 if (public_slot_.get() != public_slot.get()) | 73 if (public_slot_.get() != public_slot.get()) |
| 69 public_slot_ = public_slot.Pass(); | 74 public_slot_ = public_slot.Pass(); |
| 70 if (private_slot_.get() != private_slot.get()) | 75 if (private_slot_.get() != private_slot.get()) |
| 71 private_slot_ = private_slot.Pass(); | 76 private_slot_ = private_slot.Pass(); |
| 77 if (system_slot_.get() != system_slot.get()) |
| 78 system_slot_ = system_slot.Pass(); |
| 72 } | 79 } |
| 73 | 80 |
| 74 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { | 81 bool NSSProfileFilterChromeOS::IsModuleAllowed(PK11SlotInfo* slot) const { |
| 75 // If this is one of the public/private slots for this profile, allow it. | 82 // If this is one of the public/private slots for this profile or the system |
| 76 if (slot == public_slot_.get() || slot == private_slot_.get()) | 83 // slot, allow it. |
| 84 if (slot == public_slot_.get() || slot == private_slot_.get() || |
| 85 slot == system_slot_.get()) { |
| 77 return true; | 86 return true; |
| 87 } |
| 78 // Allow the root certs module. | 88 // Allow the root certs module. |
| 79 if (PK11_HasRootCerts(slot)) | 89 if (PK11_HasRootCerts(slot)) |
| 80 return true; | 90 return true; |
| 81 // If it's from the read-only slots, allow it. | 91 // If it's from the read-only slots, allow it. |
| 82 if (PK11_IsInternal(slot) && !PK11_IsRemovable(slot)) | 92 if (PK11_IsInternal(slot) && !PK11_IsRemovable(slot)) |
| 83 return true; | 93 return true; |
| 84 // If |public_slot_| or |private_slot_| is null, there isn't a way to get the | 94 // If |public_slot_| or |private_slot_| is null, there isn't a way to get the |
| 85 // modules to use in the final test. | 95 // modules to use in the final test. |
| 86 if (!public_slot_.get() || !private_slot_.get()) | 96 if (!public_slot_.get() || !private_slot_.get()) |
| 87 return false; | 97 return false; |
| 88 // If this is not the internal (file-system) module or the TPM module, allow | 98 // If this is not the internal (file-system) module or the TPM module, allow |
| 89 // it. | 99 // it. This would allow smartcards/etc, although ChromeOS doesn't currently |
| 100 // support that. (This assumes that private_slot_ and system_slot_ are on the |
| 101 // same module.) |
| 102 DCHECK(!system_slot_.get() || |
| 103 PK11_GetModule(private_slot_.get()) == |
| 104 PK11_GetModule(system_slot_.get())); |
| 90 SECMODModule* module_for_slot = PK11_GetModule(slot); | 105 SECMODModule* module_for_slot = PK11_GetModule(slot); |
| 91 if (module_for_slot != PK11_GetModule(public_slot_.get()) && | 106 if (module_for_slot != PK11_GetModule(public_slot_.get()) && |
| 92 module_for_slot != PK11_GetModule(private_slot_.get())) | 107 module_for_slot != PK11_GetModule(private_slot_.get())) { |
| 93 return true; | 108 return true; |
| 109 } |
| 94 return false; | 110 return false; |
| 95 } | 111 } |
| 96 | 112 |
| 97 bool NSSProfileFilterChromeOS::IsCertAllowed(CERTCertificate* cert) const { | 113 bool NSSProfileFilterChromeOS::IsCertAllowed(CERTCertificate* cert) const { |
| 98 crypto::ScopedPK11SlotList slots_for_cert( | 114 crypto::ScopedPK11SlotList slots_for_cert( |
| 99 PK11_GetAllSlotsForCert(cert, NULL)); | 115 PK11_GetAllSlotsForCert(cert, NULL)); |
| 100 if (!slots_for_cert) { | 116 if (!slots_for_cert) { |
| 101 DVLOG(2) << "cert no slots: " << base::StringPiece(cert->nickname); | 117 DVLOG(2) << "cert no slots: " << base::StringPiece(cert->nickname); |
| 102 return false; | 118 return false; |
| 103 } | 119 } |
| (...skipping 28 matching lines...) Expand all Loading... |
| 132 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) | 148 ModuleNotAllowedForProfilePredicate(const NSSProfileFilterChromeOS& filter) |
| 133 : filter_(filter) {} | 149 : filter_(filter) {} |
| 134 | 150 |
| 135 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( | 151 bool NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate::operator()( |
| 136 const scoped_refptr<CryptoModule>& module) const { | 152 const scoped_refptr<CryptoModule>& module) const { |
| 137 return !filter_.IsModuleAllowed(module->os_module_handle()); | 153 return !filter_.IsModuleAllowed(module->os_module_handle()); |
| 138 } | 154 } |
| 139 | 155 |
| 140 } // namespace net | 156 } // namespace net |
| 141 | 157 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 424523002:
Enable system NSS key slot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src