net/ssl/client_cert_store_chromeos.cc - Issue 424523002: Enable system NSS key slot.

Side by Side Diff: net/ssl/client_cert_store_chromeos.cc

Issue 424523002: Enable system NSS key slot. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« net/ssl/client_cert_store_chromeos.h ('K') | « net/ssl/client_cert_store_chromeos.h ('k') | net/ssl/client_cert_store_chromeos_unittest.cc » ('j') | net/ssl/client_cert_store_chromeos_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/client_cert_store_chromeos.h"	5 #include "net/ssl/client_cert_store_chromeos.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8	8

9 #include "base/bind.h"	9 #include "base/bind.h"

10 #include "crypto/nss_crypto_module_delegate.h"	10 #include "crypto/nss_crypto_module_delegate.h"

11 #include "crypto/nss_util_internal.h"	11 #include "crypto/nss_util_internal.h"

12	12

13 namespace net {	13 namespace net {

14	14

	15 namespace {

	16

	17 void GotSystemSlotGetPrivateSlot(
	Ryan Sleevi 2014/07/29 00:23:16 This is really poorly named. I don't even know wha This is really poorly named. I don't even know what to suggest as an alternative. pneubeck (no reviews) 2014/07/29 16:00:15 Added a comment and hopefully improved the naming. Show quoted text On 2014/07/29 00:23:16, Ryan Sleevi wrote: > This is really poorly named. I don't even know what to suggest as an > alternative. Added a comment and hopefully improved the naming. I should consider for the future CertDatabase design, to provide a nice way to retrieve multiple slots asynchronously with a single call. These callback sequences are... ^^
	18 const std::string& username_hash,

	19 const base::Callback<void(crypto::ScopedPK11Slot, crypto::ScopedPK11Slot)>&

	20 callback,

	21 crypto::ScopedPK11Slot system_slot) {

	22 base::Callback<void(crypto::ScopedPK11Slot)> wrapped_callback =

	23 base::Bind(callback, base::Passed(&system_slot));

	24

	25 crypto::ScopedPK11Slot slot(

	26 crypto::GetPrivateSlotForChromeOSUser(username_hash, wrapped_callback));

	27 if (slot)

	28 wrapped_callback.Run(slot.Pass());

	29 }

	30

	31 void GetSystemAndPrivateSlot(

	32 const std::string& username_hash,

	33 const base::Callback<void(crypto::ScopedPK11Slot, crypto::ScopedPK11Slot)>&

	34 callback) {

	35 crypto::ScopedPK11Slot system_slot(crypto::GetSystemNSSKeySlot(

	36 base::Bind(&GotSystemSlotGetPrivateSlot, username_hash, callback)));

	37 if (system_slot)

	38 GotSystemSlotGetPrivateSlot(username_hash, callback, system_slot.Pass());

	39 }

	40

	41 } // namespace

	42

15 ClientCertStoreChromeOS::ClientCertStoreChromeOS(	43 ClientCertStoreChromeOS::ClientCertStoreChromeOS(

	44 bool use_system_slot,

16 const std::string& username_hash,	45 const std::string& username_hash,

17 const PasswordDelegateFactory& password_delegate_factory)	46 const PasswordDelegateFactory& password_delegate_factory)

18 : ClientCertStoreNSS(password_delegate_factory),	47 : ClientCertStoreNSS(password_delegate_factory),

19 username_hash_(username_hash) {}	48 use_system_slot_(use_system_slot),

	49 username_hash_(username_hash) {

	50 }

20	51

21 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}	52 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}

22	53

23 void ClientCertStoreChromeOS::GetClientCerts(	54 void ClientCertStoreChromeOS::GetClientCerts(

24 const SSLCertRequestInfo& cert_request_info,	55 const SSLCertRequestInfo& cert_request_info,

25 CertificateList* selected_certs,	56 CertificateList* selected_certs,

26 const base::Closure& callback) {	57 const base::Closure& callback) {

27 crypto::ScopedPK11Slot private_slot(crypto::GetPrivateSlotForChromeOSUser(	58 base::Callback<void(crypto::ScopedPK11Slot, crypto::ScopedPK11Slot)>

28 username_hash_,	59 bound_callback = base::Bind(

29 base::Bind(&ClientCertStoreChromeOS::DidGetPrivateSlot,	60 &ClientCertStoreChromeOS::DidGetPrivateAndSystemSlot,

30 // Caller is responsible for keeping the ClientCertStore alive	61 // Caller is responsible for keeping the ClientCertStore alive

31 // until the callback is run.	62 // until the callback is run.

32 base::Unretained(this),	63 base::Unretained(this),

33 &cert_request_info,	64 &cert_request_info,

34 selected_certs,	65 selected_certs,

35 callback)));	66 callback);

36 if (private_slot)	67

37 DidGetPrivateSlot(	68 if (use_system_slot_) {

38 &cert_request_info, selected_certs, callback, private_slot.Pass());	69 GetSystemAndPrivateSlot(username_hash_, bound_callback);

	70 } else {

	71 // Skip getting the system slot.

	72 GotSystemSlotGetPrivateSlot(

	73 username_hash_, bound_callback, crypto::ScopedPK11Slot());

	74 }

39 }	75 }

40	76

41 void ClientCertStoreChromeOS::GetClientCertsImpl(CERTCertList* cert_list,	77 void ClientCertStoreChromeOS::GetClientCertsImpl(

42 const SSLCertRequestInfo& request,	78 CERTCertList* cert_list,

43 bool query_nssdb,	79 const SSLCertRequestInfo& request,

44 CertificateList* selected_certs) {	80 bool query_nssdb,

	81 CertificateList* selected_certs) {

45 ClientCertStoreNSS::GetClientCertsImpl(	82 ClientCertStoreNSS::GetClientCertsImpl(

46 cert_list, request, query_nssdb, selected_certs);	83 cert_list, request, query_nssdb, selected_certs);

47	84

48 size_t pre_size = selected_certs->size();	85 size_t pre_size = selected_certs->size();

49 selected_certs->erase(	86 selected_certs->erase(

50 std::remove_if(	87 std::remove_if(

51 selected_certs->begin(),	88 selected_certs->begin(),

52 selected_certs->end(),	89 selected_certs->end(),

53 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate(	90 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate(

54 profile_filter_)),	91 profile_filter_)),

55 selected_certs->end());	92 selected_certs->end());

56 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of "	93 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of "

57 << pre_size << " certs";	94 << pre_size << " certs";

58 }	95 }

59	96

60 void ClientCertStoreChromeOS::DidGetPrivateSlot(	97 void ClientCertStoreChromeOS::DidGetPrivateAndSystemSlot(

61 const SSLCertRequestInfo* request,	98 const SSLCertRequestInfo* request,

62 CertificateList* selected_certs,	99 CertificateList* selected_certs,

63 const base::Closure& callback,	100 const base::Closure& callback,

	101 crypto::ScopedPK11Slot system_slot,

64 crypto::ScopedPK11Slot private_slot) {	102 crypto::ScopedPK11Slot private_slot) {

65 profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),	103 profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),

66 private_slot.Pass());	104 private_slot.Pass(),

	105 system_slot.Pass());

67 ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback);	106 ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback);

68 }	107 }

69	108

70 } // namespace net	109 } // namespace net

OLD	NEW