OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_cert_database_chromeos.h" | 5 #include "net/cert/nss_cert_database_chromeos.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
11 | 11 |
12 #include "base/bind.h" | 12 #include "base/bind.h" |
13 #include "base/callback.h" | 13 #include "base/callback.h" |
14 #include "base/location.h" | 14 #include "base/location.h" |
15 #include "base/task_runner.h" | 15 #include "base/task_runner.h" |
16 #include "net/base/crypto_module.h" | 16 #include "net/base/crypto_module.h" |
17 #include "net/cert/x509_certificate.h" | 17 #include "net/cert/x509_certificate.h" |
18 | 18 |
19 namespace net { | 19 namespace net { |
20 | 20 |
21 NSSCertDatabaseChromeOS::NSSCertDatabaseChromeOS( | 21 NSSCertDatabaseChromeOS::NSSCertDatabaseChromeOS( |
22 crypto::ScopedPK11Slot public_slot, | 22 crypto::ScopedPK11Slot public_slot, |
23 crypto::ScopedPK11Slot private_slot) | 23 crypto::ScopedPK11Slot private_slot) |
24 : NSSCertDatabase(public_slot.Pass(), private_slot.Pass()) { | 24 : NSSCertDatabase(public_slot.Pass(), private_slot.Pass()) { |
25 profile_filter_.Init(GetPublicSlot(), GetPrivateSlot()); | 25 // By default, don't use a system slot. Only if explicitly set by |
| 26 // SetSystemSlot, the system slot will be used. |
| 27 profile_filter_.Init(GetPublicSlot(), |
| 28 GetPrivateSlot(), |
| 29 crypto::ScopedPK11Slot() /* no system slot */); |
26 } | 30 } |
27 | 31 |
28 NSSCertDatabaseChromeOS::~NSSCertDatabaseChromeOS() {} | 32 NSSCertDatabaseChromeOS::~NSSCertDatabaseChromeOS() {} |
29 | 33 |
| 34 void NSSCertDatabaseChromeOS::SetSystemSlot( |
| 35 crypto::ScopedPK11Slot system_slot) { |
| 36 system_slot_ = system_slot.Pass(); |
| 37 profile_filter_.Init(GetPublicSlot(), GetPrivateSlot(), GetSystemSlot()); |
| 38 } |
| 39 |
30 void NSSCertDatabaseChromeOS::ListCertsSync(CertificateList* certs) { | 40 void NSSCertDatabaseChromeOS::ListCertsSync(CertificateList* certs) { |
31 ListCertsImpl(profile_filter_, certs); | 41 ListCertsImpl(profile_filter_, certs); |
32 } | 42 } |
33 | 43 |
34 void NSSCertDatabaseChromeOS::ListCerts( | 44 void NSSCertDatabaseChromeOS::ListCerts( |
35 const base::Callback<void(scoped_ptr<CertificateList> certs)>& callback) { | 45 const base::Callback<void(scoped_ptr<CertificateList> certs)>& callback) { |
36 scoped_ptr<CertificateList> certs(new CertificateList()); | 46 scoped_ptr<CertificateList> certs(new CertificateList()); |
37 | 47 |
38 // base::Pased will NULL out |certs|, so cache the underlying pointer here. | 48 // base::Pased will NULL out |certs|, so cache the underlying pointer here. |
39 CertificateList* raw_certs = certs.get(); | 49 CertificateList* raw_certs = certs.get(); |
40 GetSlowTaskRunner()->PostTaskAndReply( | 50 GetSlowTaskRunner()->PostTaskAndReply( |
41 FROM_HERE, | 51 FROM_HERE, |
42 base::Bind(&NSSCertDatabaseChromeOS::ListCertsImpl, | 52 base::Bind(&NSSCertDatabaseChromeOS::ListCertsImpl, |
43 profile_filter_, | 53 profile_filter_, |
44 base::Unretained(raw_certs)), | 54 base::Unretained(raw_certs)), |
45 base::Bind(callback, base::Passed(&certs))); | 55 base::Bind(callback, base::Passed(&certs))); |
46 } | 56 } |
47 | 57 |
| 58 crypto::ScopedPK11Slot NSSCertDatabaseChromeOS::GetSystemSlot() const { |
| 59 if (system_slot_) |
| 60 return crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_slot_.get())); |
| 61 return crypto::ScopedPK11Slot(); |
| 62 } |
| 63 |
48 void NSSCertDatabaseChromeOS::ListModules(CryptoModuleList* modules, | 64 void NSSCertDatabaseChromeOS::ListModules(CryptoModuleList* modules, |
49 bool need_rw) const { | 65 bool need_rw) const { |
50 NSSCertDatabase::ListModules(modules, need_rw); | 66 NSSCertDatabase::ListModules(modules, need_rw); |
51 | 67 |
52 size_t pre_size = modules->size(); | 68 size_t pre_size = modules->size(); |
53 modules->erase( | 69 modules->erase( |
54 std::remove_if( | 70 std::remove_if( |
55 modules->begin(), | 71 modules->begin(), |
56 modules->end(), | 72 modules->end(), |
57 NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate( | 73 NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate( |
(...skipping 13 matching lines...) Expand all Loading... |
71 certs->begin(), | 87 certs->begin(), |
72 certs->end(), | 88 certs->end(), |
73 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate( | 89 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate( |
74 profile_filter)), | 90 profile_filter)), |
75 certs->end()); | 91 certs->end()); |
76 DVLOG(1) << "filtered " << pre_size - certs->size() << " of " << pre_size | 92 DVLOG(1) << "filtered " << pre_size - certs->size() << " of " << pre_size |
77 << " certs"; | 93 << " certs"; |
78 } | 94 } |
79 | 95 |
80 } // namespace net | 96 } // namespace net |
OLD | NEW |