Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(636)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp

Issue 6667020: This change loads opencryptoki and uses the TPM for keygen tags. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: cleaning up Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/cert_database.h ('K') | « net/socket/ssl_server_socket_nss.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* ***** BEGIN LICENSE BLOCK ***** 1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 * 3 *
4 * The contents of this file are subject to the Mozilla Public License Version 4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with 5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at 6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/ 7 * http://www.mozilla.org/MPL/
8 * 8 *
9 * Software distributed under the License is distributed on an "AS IS" basis, 9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
49 #include "net/base/x509_certificate.h" 49 #include "net/base/x509_certificate.h"
50 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" 50 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"
51 51
52 namespace mozilla_security_manager { 52 namespace mozilla_security_manager {
53 53
54 // Based on nsNSSCertificateDB::handleCACertDownload, minus the UI bits. 54 // Based on nsNSSCertificateDB::handleCACertDownload, minus the UI bits.
55 bool ImportCACerts(const net::CertificateList& certificates, 55 bool ImportCACerts(const net::CertificateList& certificates,
56 net::X509Certificate* root, 56 net::X509Certificate* root,
57 unsigned int trustBits, 57 unsigned int trustBits,
58 net::CertDatabase::ImportCertFailureList* not_imported) { 58 net::CertDatabase::ImportCertFailureList* not_imported) {
59 base::ScopedPK11Slot slot(base::GetDefaultNSSKeySlot()); 59 base::ScopedPK11Slot slot(base::GetPublicNSSKeySlot());
60 if (!slot.get()) { 60 if (!slot.get()) {
61 LOG(ERROR) << "Couldn't get internal key slot!"; 61 LOG(ERROR) << "Couldn't get internal key slot!";
62 return false; 62 return false;
63 } 63 }
64 64
65 // Mozilla had some code here to check if a perm version of the cert exists 65 // Mozilla had some code here to check if a perm version of the cert exists
66 // already and use that, but CERT_NewTempCertificate actually does that 66 // already and use that, but CERT_NewTempCertificate actually does that
67 // itself, so we skip it here. 67 // itself, so we skip it here.
68 68
69 if (!CERT_IsCACert(root->os_cert_handle(), NULL)) { 69 if (!CERT_IsCACert(root->os_cert_handle(), NULL)) {
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
156 } 156 }
157 } 157 }
158 158
159 // Any errors importing individual certs will be in listed in |not_imported|. 159 // Any errors importing individual certs will be in listed in |not_imported|.
160 return true; 160 return true;
161 } 161 }
162 162
163 // Based on nsNSSCertificateDB::ImportServerCertificate. 163 // Based on nsNSSCertificateDB::ImportServerCertificate.
164 bool ImportServerCert(const net::CertificateList& certificates, 164 bool ImportServerCert(const net::CertificateList& certificates,
165 net::CertDatabase::ImportCertFailureList* not_imported) { 165 net::CertDatabase::ImportCertFailureList* not_imported) {
166 base::ScopedPK11Slot slot(base::GetDefaultNSSKeySlot()); 166 base::ScopedPK11Slot slot(base::GetPublicNSSKeySlot());
167 if (!slot.get()) { 167 if (!slot.get()) {
168 LOG(ERROR) << "Couldn't get internal key slot!"; 168 LOG(ERROR) << "Couldn't get internal key slot!";
169 return false; 169 return false;
170 } 170 }
171 171
172 for (size_t i = 0; i < certificates.size(); ++i) { 172 for (size_t i = 0; i < certificates.size(); ++i) {
173 const scoped_refptr<net::X509Certificate>& cert = certificates[i]; 173 const scoped_refptr<net::X509Certificate>& cert = certificates[i];
174 174
175 // Mozilla uses CERT_ImportCerts, which doesn't take a slot arg. We use 175 // Mozilla uses CERT_ImportCerts, which doesn't take a slot arg. We use
176 // PK11_ImportCert instead. 176 // PK11_ImportCert instead.
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
224 } else { 224 } else {
225 // ignore user and email/unknown certs 225 // ignore user and email/unknown certs
226 return true; 226 return true;
227 } 227 }
228 if (srv != SECSuccess) 228 if (srv != SECSuccess)
229 LOG(ERROR) << "SetCertTrust failed with error " << PORT_GetError(); 229 LOG(ERROR) << "SetCertTrust failed with error " << PORT_GetError();
230 return srv == SECSuccess; 230 return srv == SECSuccess;
231 } 231 }
232 232
233 } // namespace mozilla_security_manager 233 } // namespace mozilla_security_manager
OLDNEW
« net/base/cert_database.h ('K') | « net/socket/ssl_server_socket_nss.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698