Skip to content

Commit

Permalink
Move the NSS functions out of CertDatabase into a new NSSCertDatabase…
Browse files Browse the repository at this point in the history 
… class.

BUG=chromium-os:33872


Review URL: https://chromiumcodereview.appspot.com/10916094

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@155720 0039d316-1c4b-4281-b951-d872f2087c98
  • Loading branch information
joaodasilva@chromium.org committed Sep 10, 2012
1 parent 92c20da commit 7fda9a4
Show file tree
Hide file tree
Showing 37 changed files with 961 additions and 807 deletions.
33 changes: 17 additions & 16 deletions chrome/browser/certificate_manager_model.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@
#endif

CertificateManagerModel::CertificateManagerModel(Observer* observer)
: observer_(observer) {
: cert_db_(net::NSSCertDatabase::GetInstance()),
observer_(observer) {
}

CertificateManagerModel::~CertificateManagerModel() {
Expand All @@ -32,7 +33,7 @@ CertificateManagerModel::~CertificateManagerModel() {
void CertificateManagerModel::Refresh() {
VLOG(1) << "refresh started";
net::CryptoModuleList modules;
cert_db_.ListModules(&modules, false);
cert_db_->ListModules(&modules, false);
VLOG(1) << "refresh waiting for unlocking...";
browser::UnlockSlotsIfNecessary(
modules,
Expand All @@ -44,7 +45,7 @@ void CertificateManagerModel::Refresh() {

void CertificateManagerModel::RefreshSlotsUnlocked() {
VLOG(1) << "refresh listing certs...";
cert_db_.ListCerts(&cert_list_);
cert_db_->ListCerts(&cert_list_);
observer_->CertificatesRefreshed();
VLOG(1) << "refresh finished";
}
Expand Down Expand Up @@ -112,29 +113,29 @@ int CertificateManagerModel::ImportFromPKCS12(net::CryptoModule* module,
const std::string& data,
const string16& password,
bool is_extractable) {
int result = cert_db_.ImportFromPKCS12(module, data, password,
is_extractable, NULL);
int result = cert_db_->ImportFromPKCS12(module, data, password,
is_extractable, NULL);
if (result == net::OK)
Refresh();
return result;
}

bool CertificateManagerModel::ImportCACerts(
const net::CertificateList& certificates,
net::CertDatabase::TrustBits trust_bits,
net::CertDatabase::ImportCertFailureList* not_imported) {
bool result = cert_db_.ImportCACerts(certificates, trust_bits, not_imported);
net::NSSCertDatabase::TrustBits trust_bits,
net::NSSCertDatabase::ImportCertFailureList* not_imported) {
bool result = cert_db_->ImportCACerts(certificates, trust_bits, not_imported);
if (result && not_imported->size() != certificates.size())
Refresh();
return result;
}

bool CertificateManagerModel::ImportServerCert(
const net::CertificateList& certificates,
net::CertDatabase::TrustBits trust_bits,
net::CertDatabase::ImportCertFailureList* not_imported) {
bool result = cert_db_.ImportServerCert(certificates, trust_bits,
not_imported);
net::NSSCertDatabase::TrustBits trust_bits,
net::NSSCertDatabase::ImportCertFailureList* not_imported) {
bool result = cert_db_->ImportServerCert(certificates, trust_bits,
not_imported);
if (result && not_imported->size() != certificates.size())
Refresh();
return result;
Expand All @@ -143,12 +144,12 @@ bool CertificateManagerModel::ImportServerCert(
bool CertificateManagerModel::SetCertTrust(
const net::X509Certificate* cert,
net::CertType type,
net::CertDatabase::TrustBits trust_bits) {
return cert_db_.SetCertTrust(cert, type, trust_bits);
net::NSSCertDatabase::TrustBits trust_bits) {
return cert_db_->SetCertTrust(cert, type, trust_bits);
}

bool CertificateManagerModel::Delete(net::X509Certificate* cert) {
bool result = cert_db_.DeleteCertAndKey(cert);
bool result = cert_db_->DeleteCertAndKey(cert);
if (result)
Refresh();
return result;
Expand All @@ -159,7 +160,7 @@ bool CertificateManagerModel::IsHardwareBacked(
#if defined(OS_CHROMEOS)
return crypto::IsTPMTokenReady() &&
cert->os_cert_handle()->slot ==
cert_db().GetPrivateModule()->os_module_handle();
cert_db_->GetPrivateModule()->os_module_handle();
#else
return false;
#endif
Expand Down
22 changes: 11 additions & 11 deletions chrome/browser/certificate_manager_model.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

#include "base/memory/ref_counted.h"
#include "base/string16.h"
#include "net/base/cert_database.h"
#include "net/base/nss_cert_database.h"

// CertificateManagerModel provides the data to be displayed in the certificate
// manager dialog, and processes changes from the view.
Expand Down Expand Up @@ -40,8 +40,8 @@ class CertificateManagerModel {
explicit CertificateManagerModel(Observer* observer);
~CertificateManagerModel();

// Accessor for read-only access to the underlying CertDatabase.
const net::CertDatabase& cert_db() const { return cert_db_; }
// Accessor for read-only access to the underlying NSSCertDatabase.
const net::NSSCertDatabase* cert_db() const { return cert_db_; }

// Trigger a refresh of the list of certs, unlock any slots if necessary.
// Following this call, the observer CertificatesRefreshed method will be
Expand All @@ -67,13 +67,13 @@ class CertificateManagerModel {
// Tries to import all the certificates given. The root will be trusted
// according to |trust_bits|. Any certificates that could not be imported
// will be listed in |not_imported|.
// |trust_bits| should be a bit field of TRUST* values from CertDatabase.
// |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase.
// Returns false if there is an internal error, otherwise true is returned and
// |not_imported| should be checked for any certificates that were not
// imported.
bool ImportCACerts(const net::CertificateList& certificates,
net::CertDatabase::TrustBits trust_bits,
net::CertDatabase::ImportCertFailureList* not_imported);
net::NSSCertDatabase::TrustBits trust_bits,
net::NSSCertDatabase::ImportCertFailureList* not_imported);

// Import server certificate. The first cert should be the server cert. Any
// additional certs should be intermediate/CA certs and will be imported but
Expand All @@ -87,15 +87,15 @@ class CertificateManagerModel {
// imported.
bool ImportServerCert(
const net::CertificateList& certificates,
net::CertDatabase::TrustBits trust_bits,
net::CertDatabase::ImportCertFailureList* not_imported);
net::NSSCertDatabase::TrustBits trust_bits,
net::NSSCertDatabase::ImportCertFailureList* not_imported);

// Set trust values for certificate.
// |trust_bits| should be a bit field of TRUST* values from CertDatabase.
// |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase.
// Returns true on success or false on failure.
bool SetCertTrust(const net::X509Certificate* cert,
net::CertType type,
net::CertDatabase::TrustBits trust_bits);
net::NSSCertDatabase::TrustBits trust_bits);

// Delete the cert. Returns true on success. |cert| is still valid when this
// function returns.
Expand All @@ -111,7 +111,7 @@ class CertificateManagerModel {
// This method does the actual refreshing.
void RefreshSlotsUnlocked();

net::CertDatabase cert_db_;
net::NSSCertDatabase* cert_db_;
net::CertificateList cert_list_;

// The observer to notify when certificate list is refreshed.
Expand Down
12 changes: 6 additions & 6 deletions chrome/browser/chromeos/cros/cert_library.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
#include "crypto/symmetric_key.h"
#include "grit/generated_resources.h"
#include "net/base/cert_database.h"
#include "net/base/nss_cert_database.h"
#include "ui/base/l10n/l10n_util.h"
#include "ui/base/l10n/l10n_util_collator.h"
#include "unicode/coll.h" // icu::Collator
Expand Down Expand Up @@ -128,12 +129,12 @@ class CertLibraryImpl
ALLOW_THIS_IN_INITIALIZER_LIST(server_ca_certs_(this)),
ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)) {
CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
net::CertDatabase::AddObserver(this);
net::CertDatabase::GetInstance()->AddObserver(this);
}

~CertLibraryImpl() {
DCHECK(request_task_.is_null());
net::CertDatabase::RemoveObserver(this);
net::CertDatabase::GetInstance()->RemoveObserver(this);
}

// CertLibrary implementation.
Expand Down Expand Up @@ -242,7 +243,7 @@ class CertLibraryImpl
CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
}

virtual void OnUserCertAdded(const net::X509Certificate* cert) OVERRIDE {
virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE {
CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
// Only load certificates if we have completed an initial request.
if (certificates_loaded_) {
Expand All @@ -253,7 +254,7 @@ class CertLibraryImpl
}
}

virtual void OnUserCertRemoved(const net::X509Certificate* cert) OVERRIDE {
virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE {
CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
// Only load certificates if we have completed an initial request.
if (certificates_loaded_) {
Expand All @@ -273,9 +274,8 @@ class CertLibraryImpl
VLOG(1) << " Loading Certificates.";
// Certificate fetch occurs on the DB thread.
CHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
net::CertDatabase cert_db;
net::CertificateList* cert_list = new net::CertificateList();
cert_db.ListCerts(cert_list);
net::NSSCertDatabase::GetInstance()->ListCerts(cert_list);
// Pass the list to the UI thread to safely update the local lists.
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
Expand Down
1 change: 0 additions & 1 deletion chrome/browser/chromeos/cros/cert_library.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
#include <string>

#include "base/string16.h"
#include "net/base/cert_database.h"
#include "net/base/x509_certificate.h"

namespace crypto {
Expand Down
8 changes: 4 additions & 4 deletions chrome/browser/chromeos/cros/certificate_pattern.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
#include "base/values.h"
#include "net/base/cert_database.h"
#include "net/base/net_errors.h"
#include "net/base/nss_cert_database.h"
#include "net/base/x509_cert_types.h"
#include "net/base/x509_certificate.h"

Expand Down Expand Up @@ -110,7 +111,7 @@ class IssuerCaRefFilter {
bool operator()(const scoped_refptr<net::X509Certificate>& cert) const {
// Find the certificate issuer for each certificate.
// TODO(gspencer): this functionality should be available from
// X509Certificate or CertDatabase.
// X509Certificate or NSSCertDatabase.
CERTCertificate* issuer_cert = CERT_FindCertIssuer(
cert.get()->os_cert_handle(), PR_Now(), certUsageAnyCA);

Expand Down Expand Up @@ -244,8 +245,7 @@ scoped_refptr<net::X509Certificate> CertificatePattern::GetMatch() const {
// Start with all the certs, and narrow it down from there.
net::CertificateList all_certs;
CertificateStlList matching_certs;
net::CertDatabase cert_db;
cert_db.ListCerts(&all_certs);
net::NSSCertDatabase::GetInstance()->ListCerts(&all_certs);

if (all_certs.empty())
return NULL;
Expand Down Expand Up @@ -278,7 +278,7 @@ scoped_refptr<net::X509Certificate> CertificatePattern::GetMatch() const {
// them. The CheckUserCert call in the filter is a little slow (because of
// underlying PKCS11 calls), so we do this last to reduce the number of times
// we have to call it.
PrivateKeyFilter private_filter(&cert_db);
PrivateKeyFilter private_filter(net::CertDatabase::GetInstance());
matching_certs.remove_if(private_filter);

if (matching_certs.empty())
Expand Down
7 changes: 3 additions & 4 deletions chrome/browser/chromeos/cros/network_library_unittest.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@
#include "chrome/browser/chromeos/cros/onc_network_parser.h"
#include "chrome/common/chrome_paths.h"
#include "crypto/nss_util.h"
#include "net/base/cert_database.h"
#include "net/base/crypto_module.h"
#include "net/base/nss_cert_database.h"
#include "net/base/x509_certificate.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
Expand Down Expand Up @@ -152,7 +152,7 @@ class NetworkLibraryStubTest : public testing::Test {

protected:
virtual void SetUp() {
slot_ = cert_db_.GetPublicModule();
slot_ = net::NSSCertDatabase::GetInstance()->GetPublicModule();
cros_ = CrosLibrary::Get()->GetNetworkLibrary();
ASSERT_TRUE(cros_) << "GetNetworkLibrary() Failed!";

Expand Down Expand Up @@ -200,13 +200,12 @@ class NetworkLibraryStubTest : public testing::Test {
bool ok = true;
net::CertificateList certs = ListCertsInSlot(slot);
for (size_t i = 0; i < certs.size(); ++i) {
if (!cert_db_.DeleteCertAndKey(certs[i]))
if (!net::NSSCertDatabase::GetInstance()->DeleteCertAndKey(certs[i]))
ok = false;
}
return ok;
}

net::CertDatabase cert_db_;
scoped_refptr<net::CryptoModule> slot_;
};

Expand Down
31 changes: 14 additions & 17 deletions chrome/browser/chromeos/cros/onc_network_parser.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@
#include "crypto/scoped_nss_types.h"
#include "crypto/symmetric_key.h"
#include "grit/generated_resources.h"
#include "net/base/cert_database.h"
#include "net/base/crypto_module.h"
#include "net/base/net_errors.h"
#include "net/base/nss_cert_database.h"
#include "net/base/pem_tokenizer.h"
#include "net/base/x509_certificate.h"
#include "net/proxy/proxy_bypass_rules.h"
Expand Down Expand Up @@ -526,7 +526,6 @@ scoped_refptr<net::X509Certificate> OncNetworkParser::ParseCertificate(
if (!certificate->GetBoolean("Remove", &remove))
remove = false;

net::CertDatabase cert_database;
if (remove) {
if (!DeleteCertAndKeyByNickname(guid)) {
parse_error_ = l10n_util::GetStringUTF8(
Expand Down Expand Up @@ -930,9 +929,9 @@ OncNetworkParser::ParseServerOrCaCertificate(
// TODO(mnissler, gspencer): We should probably switch to a mode where we
// keep our own database for mapping GUIDs to certs in order to enable several
// GUIDs to map to the same cert. See http://crosbug.com/26073.
net::CertDatabase cert_database;
net::NSSCertDatabase* cert_database = net::NSSCertDatabase::GetInstance();
if (x509_cert->os_cert_handle()->isperm) {
if (!cert_database.DeleteCertAndKey(x509_cert.get())) {
if (!cert_database->DeleteCertAndKey(x509_cert.get())) {
parse_error_ = l10n_util::GetStringUTF8(
IDS_NETWORK_CONFIG_ERROR_CERT_DELETE);
return NULL;
Expand Down Expand Up @@ -967,15 +966,15 @@ OncNetworkParser::ParseServerOrCaCertificate(

net::CertificateList cert_list;
cert_list.push_back(x509_cert);
net::CertDatabase::ImportCertFailureList failures;
net::NSSCertDatabase::ImportCertFailureList failures;
bool success = false;
net::CertDatabase::TrustBits trust = web_trust ?
net::CertDatabase::TRUSTED_SSL :
net::CertDatabase::TRUST_DEFAULT;
net::NSSCertDatabase::TrustBits trust = web_trust ?
net::NSSCertDatabase::TRUSTED_SSL :
net::NSSCertDatabase::TRUST_DEFAULT;
if (cert_type == "Server") {
success = cert_database.ImportServerCert(cert_list, trust, &failures);
success = cert_database->ImportServerCert(cert_list, trust, &failures);
} else { // Authority cert
success = cert_database.ImportCACerts(cert_list, trust, &failures);
success = cert_database->ImportCACerts(cert_list, trust, &failures);
}
if (!failures.empty()) {
LOG(WARNING) << "ONC File: Error ("
Expand Down Expand Up @@ -1003,7 +1002,6 @@ scoped_refptr<net::X509Certificate> OncNetworkParser::ParseClientCertificate(
int cert_index,
const std::string& guid,
base::DictionaryValue* certificate) {
net::CertDatabase cert_database;
std::string pkcs12_data;
if (!certificate->GetString("PKCS12", &pkcs12_data) ||
pkcs12_data.empty()) {
Expand All @@ -1024,10 +1022,11 @@ scoped_refptr<net::X509Certificate> OncNetworkParser::ParseClientCertificate(
}

// Since this has a private key, always use the private module.
scoped_refptr<net::CryptoModule> module(cert_database.GetPrivateModule());
net::NSSCertDatabase* cert_database = net::NSSCertDatabase::GetInstance();
scoped_refptr<net::CryptoModule> module(cert_database->GetPrivateModule());
net::CertificateList imported_certs;

int result = cert_database.ImportFromPKCS12(
int result = cert_database->ImportFromPKCS12(
module.get(), decoded_pkcs12, string16(), false, &imported_certs);
if (result != net::OK) {
LOG(WARNING) << "ONC File: Unable to import Client certificate at index "
Expand Down Expand Up @@ -1088,8 +1087,7 @@ ClientCertType OncNetworkParser::ParseClientCertType(
void OncNetworkParser::ListCertsWithNickname(const std::string& label,
net::CertificateList* result) {
net::CertificateList all_certs;
net::CertDatabase cert_db;
cert_db.ListCerts(&all_certs);
net::NSSCertDatabase::GetInstance()->ListCerts(&all_certs);
result->clear();
for (net::CertificateList::iterator iter = all_certs.begin();
iter != all_certs.end(); ++iter) {
Expand Down Expand Up @@ -1127,7 +1125,6 @@ void OncNetworkParser::ListCertsWithNickname(const std::string& label,
bool OncNetworkParser::DeleteCertAndKeyByNickname(const std::string& label) {
net::CertificateList cert_list;
ListCertsWithNickname(label, &cert_list);
net::CertDatabase cert_db;
bool result = true;
for (net::CertificateList::iterator iter = cert_list.begin();
iter != cert_list.end(); ++iter) {
Expand All @@ -1138,7 +1135,7 @@ bool OncNetworkParser::DeleteCertAndKeyByNickname(const std::string& label) {
// label, and the cert not being found is one of the few reasons the
// delete could fail, but still... The other choice is to return
// failure immediately, but that doesn't seem to do what is intended.
if (!cert_db.DeleteCertAndKey(iter->get()))
if (!net::NSSCertDatabase::GetInstance()->DeleteCertAndKey(iter->get()))
result = false;
}
return result;
Expand Down
1 change: 1 addition & 0 deletions chrome/browser/chromeos/cros/onc_network_parser.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
#define CHROME_BROWSER_CHROMEOS_CROS_ONC_NETWORK_PARSER_H_

#include <string>
#include <vector>

#include "base/compiler_specific.h" // for OVERRIDE
#include "base/gtest_prod_util.h"
Expand Down
Loading

0 comments on commit 7fda9a4

Please sign in to comment.