Home | History | Annotate | Download | only in cert 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/cert/nss_cert_database_chromeos.h"
      6 
      7 #include <cert.h>
      8 #include <pk11pub.h>
      9 
     10 #include <algorithm>
     11 
     12 #include "base/bind.h"
     13 #include "base/callback.h"
     14 #include "base/location.h"
     15 #include "base/task_runner.h"
     16 #include "net/base/crypto_module.h"
     17 #include "net/cert/x509_certificate.h"
     18 
     19 namespace net {
     20 
     21 NSSCertDatabaseChromeOS::NSSCertDatabaseChromeOS(
     22     crypto::ScopedPK11Slot public_slot,
     23     crypto::ScopedPK11Slot private_slot)
     24     : NSSCertDatabase(public_slot.Pass(), private_slot.Pass()) {
     25   // By default, don't use a system slot. Only if explicitly set by
     26   // SetSystemSlot, the system slot will be used.
     27   profile_filter_.Init(GetPublicSlot(),
     28                        GetPrivateSlot(),
     29                        crypto::ScopedPK11Slot() /* no system slot */);
     30 }
     31 
     32 NSSCertDatabaseChromeOS::~NSSCertDatabaseChromeOS() {}
     33 
     34 void NSSCertDatabaseChromeOS::SetSystemSlot(
     35     crypto::ScopedPK11Slot system_slot) {
     36   system_slot_ = system_slot.Pass();
     37   profile_filter_.Init(GetPublicSlot(), GetPrivateSlot(), GetSystemSlot());
     38 }
     39 
     40 void NSSCertDatabaseChromeOS::ListCertsSync(CertificateList* certs) {
     41   ListCertsImpl(profile_filter_, certs);
     42 }
     43 
     44 void NSSCertDatabaseChromeOS::ListCerts(
     45     const base::Callback<void(scoped_ptr<CertificateList> certs)>& callback) {
     46   scoped_ptr<CertificateList> certs(new CertificateList());
     47 
     48   // base::Pased will NULL out |certs|, so cache the underlying pointer here.
     49   CertificateList* raw_certs = certs.get();
     50   GetSlowTaskRunner()->PostTaskAndReply(
     51       FROM_HERE,
     52       base::Bind(&NSSCertDatabaseChromeOS::ListCertsImpl,
     53                  profile_filter_,
     54                  base::Unretained(raw_certs)),
     55       base::Bind(callback, base::Passed(&certs)));
     56 }
     57 
     58 crypto::ScopedPK11Slot NSSCertDatabaseChromeOS::GetSystemSlot() const {
     59   if (system_slot_)
     60     return crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_slot_.get()));
     61   return crypto::ScopedPK11Slot();
     62 }
     63 
     64 void NSSCertDatabaseChromeOS::ListModules(CryptoModuleList* modules,
     65                                           bool need_rw) const {
     66   NSSCertDatabase::ListModules(modules, need_rw);
     67 
     68   size_t pre_size = modules->size();
     69   modules->erase(
     70       std::remove_if(
     71           modules->begin(),
     72           modules->end(),
     73           NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate(
     74               profile_filter_)),
     75       modules->end());
     76   DVLOG(1) << "filtered " << pre_size - modules->size() << " of " << pre_size
     77            << " modules";
     78 }
     79 
     80 void NSSCertDatabaseChromeOS::ListCertsImpl(
     81     const NSSProfileFilterChromeOS& profile_filter,
     82     CertificateList* certs) {
     83   NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot(), certs);
     84 
     85   size_t pre_size = certs->size();
     86   certs->erase(std::remove_if(
     87                    certs->begin(),
     88                    certs->end(),
     89                    NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate(
     90                        profile_filter)),
     91                certs->end());
     92   DVLOG(1) << "filtered " << pre_size - certs->size() << " of " << pre_size
     93            << " certs";
     94 }
     95 
     96 }  // namespace net
     97