// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/cert/nss_cert_database.h" #include <cert.h> #include <certdb.h> #include <certt.h> #include <dlfcn.h> #include <keyhi.h> #include <pk11pub.h> #include <secmod.h> #include <memory> #include <utility> #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/logging.h" #include "base/memory/raw_ptr.h" #include "base/observer_list_threadsafe.h" #include "base/task/thread_pool.h" #include "base/threading/scoped_blocking_call.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "crypto/nss_util_internal.h" #include "crypto/scoped_nss_types.h" #include "net/base/net_errors.h" #include "net/cert/cert_database.h" #include "net/cert/internal/trust_store_nss.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util_nss.h" #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h" #if BUILDFLAG(IS_CHROMEOS_ASH) || BUILDFLAG(IS_CHROMEOS_LACROS) #include "crypto/chaps_support.h" #endif // PSM = Mozilla's Personal Security Manager. psm; namespace net { namespace { PK11HasAttributeSetFunction; // TODO(pneubeck): Move this class out of NSSCertDatabase and to the caller of // the c'tor of NSSCertDatabase, see https://crbug.com/395983 . // Helper that observes events from the NSSCertDatabase and forwards them to // the given CertDatabase. class CertNotificationForwarder : public NSSCertDatabase::Observer { … }; // TODO(crbug.com/40890963): once the other IsUntrusted impl is deleted, // rename this. bool IsUntrustedUsingTrustStore(const CERTCertificate* cert, bssl::CertificateTrust trust) { … } } // namespace NSSCertDatabase::CertInfo::CertInfo() = default; NSSCertDatabase::CertInfo::CertInfo(CertInfo&& other) = default; NSSCertDatabase::CertInfo::~CertInfo() = default; NSSCertDatabase::CertInfo& NSSCertDatabase::CertInfo::operator=( NSSCertDatabase::CertInfo&& other) = default; NSSCertDatabase::ImportCertFailure::ImportCertFailure( ScopedCERTCertificate cert, int err) : … { … } NSSCertDatabase::ImportCertFailure::ImportCertFailure( ImportCertFailure&& other) = default; NSSCertDatabase::ImportCertFailure::~ImportCertFailure() = default; NSSCertDatabase::NSSCertDatabase(crypto::ScopedPK11Slot public_slot, crypto::ScopedPK11Slot private_slot) : … { … } NSSCertDatabase::~NSSCertDatabase() = default; void NSSCertDatabase::ListCerts(ListCertsCallback callback) { … } void NSSCertDatabase::ListCertsInSlot(ListCertsCallback callback, PK11SlotInfo* slot) { … } void NSSCertDatabase::ListCertsInfo(ListCertsInfoCallback callback, NSSRootsHandling nss_roots_handling) { … } #if BUILDFLAG(IS_CHROMEOS) crypto::ScopedPK11Slot NSSCertDatabase::GetSystemSlot() const { return crypto::ScopedPK11Slot(); } // static bool NSSCertDatabase::IsCertificateOnSlot(CERTCertificate* cert, PK11SlotInfo* slot) { if (!slot) return false; return PK11_FindCertInSlot(slot, cert, nullptr) != CK_INVALID_HANDLE; } #endif // BUILDFLAG(IS_CHROMEOS) crypto::ScopedPK11Slot NSSCertDatabase::GetPublicSlot() const { … } crypto::ScopedPK11Slot NSSCertDatabase::GetPrivateSlot() const { … } void NSSCertDatabase::ListModules(std::vector<crypto::ScopedPK11Slot>* modules, bool need_rw) const { … } bool NSSCertDatabase::SetCertTrust(CERTCertificate* cert, CertType type, TrustBits trust_bits) { … } int NSSCertDatabase::ImportFromPKCS12( PK11SlotInfo* slot_info, const std::string& data, const std::u16string& password, bool is_extractable, ScopedCERTCertificateList* imported_certs) { … } // static int NSSCertDatabase::ExportToPKCS12(const ScopedCERTCertificateList& certs, const std::u16string& password, std::string* output) { … } CERTCertificate* NSSCertDatabase::FindRootInList( const ScopedCERTCertificateList& certificates) const { … } int NSSCertDatabase::ImportUserCert(const std::string& data) { … } int NSSCertDatabase::ImportUserCert(CERTCertificate* cert) { … } bool NSSCertDatabase::ImportCACerts( const ScopedCERTCertificateList& certificates, TrustBits trust_bits, ImportCertFailureList* not_imported) { … } bool NSSCertDatabase::ImportServerCert( const ScopedCERTCertificateList& certificates, TrustBits trust_bits, ImportCertFailureList* not_imported) { … } NSSCertDatabase::TrustBits NSSCertDatabase::GetCertTrust( const CERTCertificate* cert, CertType type) const { … } bool NSSCertDatabase::DeleteCertAndKey(CERTCertificate* cert) { … } void NSSCertDatabase::DeleteCertAndKeyAsync(ScopedCERTCertificate cert, DeleteCertCallback callback) { … } // static bool NSSCertDatabase::IsUntrusted(const CERTCertificate* cert) { … } // static bool NSSCertDatabase::IsWebTrustAnchor(const CERTCertificate* cert) { … } // static bool NSSCertDatabase::IsReadOnly(const CERTCertificate* cert) { … } // static bool NSSCertDatabase::IsHardwareBacked(const CERTCertificate* cert) { … } void NSSCertDatabase::AddObserver(Observer* observer) { … } void NSSCertDatabase::RemoveObserver(Observer* observer) { … } // static ScopedCERTCertificateList NSSCertDatabase::ExtractCertificates( CertInfoList certs_info) { … } // static ScopedCERTCertificateList NSSCertDatabase::ListCertsImpl( crypto::ScopedPK11Slot slot) { … } // static NSSCertDatabase::CertInfoList NSSCertDatabase::ListCertsInfoImpl( crypto::ScopedPK11Slot slot, bool add_certs_info, NSSRootsHandling nss_roots_handling) { … } void NSSCertDatabase::NotifyCertRemovalAndCallBack( DeleteCertCallback callback, DeleteCertAndKeyResult result) { … } void NSSCertDatabase::NotifyObserversTrustStoreChanged() { … } void NSSCertDatabase::NotifyObserversClientCertStoreChanged() { … } // static NSSCertDatabase::DeleteCertAndKeyResult NSSCertDatabase::DeleteCertAndKeyImpl( CERTCertificate* cert) { … } // static NSSCertDatabase::DeleteCertAndKeyResult NSSCertDatabase::DeleteCertAndKeyImplScoped(ScopedCERTCertificate cert) { … } } // namespace net
Codebase Browser
chromium