1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/nss_cert_database_chromeos.h"
6
7 #include <cert.h>
8 #include <pk11pub.h>
9
10 #include <algorithm>
11
12 #include "base/bind.h"
13 #include "base/callback.h"
14 #include "base/location.h"
15 #include "base/task_runner.h"
16 #include "net/base/crypto_module.h"
17 #include "net/cert/x509_certificate.h"
18
19 namespace net {
20
NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,crypto::ScopedPK11Slot private_slot)21 NSSCertDatabaseChromeOS::NSSCertDatabaseChromeOS(
22 crypto::ScopedPK11Slot public_slot,
23 crypto::ScopedPK11Slot private_slot)
24 : public_slot_(public_slot.Pass()),
25 private_slot_(private_slot.Pass()) {
26 profile_filter_.Init(GetPublicSlot(), GetPrivateSlot());
27 }
28
~NSSCertDatabaseChromeOS()29 NSSCertDatabaseChromeOS::~NSSCertDatabaseChromeOS() {}
30
ListCertsSync(CertificateList * certs)31 void NSSCertDatabaseChromeOS::ListCertsSync(CertificateList* certs) {
32 ListCertsImpl(profile_filter_, certs);
33 }
34
ListCerts(const base::Callback<void (scoped_ptr<CertificateList> certs)> & callback)35 void NSSCertDatabaseChromeOS::ListCerts(
36 const base::Callback<void(scoped_ptr<CertificateList> certs)>& callback) {
37 scoped_ptr<CertificateList> certs(new CertificateList());
38
39 // base::Pased will NULL out |certs|, so cache the underlying pointer here.
40 CertificateList* raw_certs = certs.get();
41 GetSlowTaskRunner()->PostTaskAndReply(
42 FROM_HERE,
43 base::Bind(&NSSCertDatabaseChromeOS::ListCertsImpl,
44 profile_filter_,
45 base::Unretained(raw_certs)),
46 base::Bind(callback, base::Passed(&certs)));
47 }
48
GetPublicSlot() const49 crypto::ScopedPK11Slot NSSCertDatabaseChromeOS::GetPublicSlot() const {
50 return crypto::ScopedPK11Slot(
51 public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL);
52 }
53
GetPrivateSlot() const54 crypto::ScopedPK11Slot NSSCertDatabaseChromeOS::GetPrivateSlot() const {
55 return crypto::ScopedPK11Slot(
56 private_slot_ ? PK11_ReferenceSlot(private_slot_.get()) : NULL);
57 }
58
ListModules(CryptoModuleList * modules,bool need_rw) const59 void NSSCertDatabaseChromeOS::ListModules(CryptoModuleList* modules,
60 bool need_rw) const {
61 NSSCertDatabase::ListModules(modules, need_rw);
62
63 size_t pre_size = modules->size();
64 modules->erase(
65 std::remove_if(
66 modules->begin(),
67 modules->end(),
68 NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate(
69 profile_filter_)),
70 modules->end());
71 DVLOG(1) << "filtered " << pre_size - modules->size() << " of " << pre_size
72 << " modules";
73 }
74
ListCertsImpl(const NSSProfileFilterChromeOS & profile_filter,CertificateList * certs)75 void NSSCertDatabaseChromeOS::ListCertsImpl(
76 const NSSProfileFilterChromeOS& profile_filter,
77 CertificateList* certs) {
78 NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot(), certs);
79
80 size_t pre_size = certs->size();
81 certs->erase(std::remove_if(
82 certs->begin(),
83 certs->end(),
84 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate(
85 profile_filter)),
86 certs->end());
87 DVLOG(1) << "filtered " << pre_size - certs->size() << " of " << pre_size
88 << " certs";
89 }
90
91 } // namespace net
92