diff options
| author | spang@chromium.org <spang@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-10-31 01:38:33 +0000 |
|---|---|---|
| committer | spang@chromium.org <spang@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-10-31 01:38:33 +0000 |
| commit | c157b2e2dbb6d56e5ccf0a1eec2009e30a50e1e0 (patch) | |
| tree | 5cff017593d5e2fc242c1731fa0748c95d9973d8 | |
| parent | 6e86bffc996a9b8a4d3d05c0ad589fe7a7821184 (diff) | |
| download | chromium_src-c157b2e2dbb6d56e5ccf0a1eec2009e30a50e1e0.zip chromium_src-c157b2e2dbb6d56e5ccf0a1eec2009e30a50e1e0.tar.gz chromium_src-c157b2e2dbb6d56e5ccf0a1eec2009e30a50e1e0.tar.bz2 | |
chromeos: Reload certificates when CA certificate is added
This fixes a longstanding bug where new CA certificates are not available
on the network settings page until chrome is restarted.
BUG=126051
TEST=Add CA cert from chrome://settings/certificates, verify usable for
new OpenVPN connection at chrome://settings.
Review URL: https://codereview.chromium.org/49883004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@231976 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chromeos/cert_loader.cc | 6 | ||||
| -rw-r--r-- | chromeos/cert_loader.h | 2 | ||||
| -rw-r--r-- | net/cert/cert_database.cc | 4 | ||||
| -rw-r--r-- | net/cert/cert_database.h | 7 | ||||
| -rw-r--r-- | net/cert/cert_database_android.cc | 2 | ||||
| -rw-r--r-- | net/cert/cert_database_mac.cc | 2 | ||||
| -rw-r--r-- | net/cert/cert_database_nss.cc | 4 | ||||
| -rw-r--r-- | net/cert/multi_threaded_cert_verifier.cc | 2 | ||||
| -rw-r--r-- | net/cert/multi_threaded_cert_verifier.h | 2 | ||||
| -rw-r--r-- | net/cert/nss_cert_database.cc | 8 | ||||
| -rw-r--r-- | net/cert/nss_cert_database.h | 6 | ||||
| -rw-r--r-- | net/socket/client_socket_factory.cc | 6 | ||||
| -rw-r--r-- | net/socket/client_socket_pool_manager_impl.cc | 6 | ||||
| -rw-r--r-- | net/socket/client_socket_pool_manager_impl.h | 2 | ||||
| -rw-r--r-- | net/spdy/spdy_session_pool.cc | 6 | ||||
| -rw-r--r-- | net/spdy/spdy_session_pool.h | 2 |
16 files changed, 36 insertions, 31 deletions
diff --git a/chromeos/cert_loader.cc b/chromeos/cert_loader.cc index ea8895f..5752ada 100644 --- a/chromeos/cert_loader.cc +++ b/chromeos/cert_loader.cc @@ -379,10 +379,14 @@ void CertLoader::NotifyCertificatesLoaded(bool initial_load) { OnCertificatesLoaded(cert_list_, initial_load)); } -void CertLoader::OnCertTrustChanged(const net::X509Certificate* cert) { +void CertLoader::OnCACertChanged(const net::X509Certificate* cert) { + // This is triggered when a CA certificate is modified. + VLOG(1) << "OnCACertChanged"; + LoadCertificates(); } void CertLoader::OnCertAdded(const net::X509Certificate* cert) { + // This is triggered when a client certificate is added. VLOG(1) << "OnCertAdded"; LoadCertificates(); } diff --git a/chromeos/cert_loader.h b/chromeos/cert_loader.h index 226bf30..e8534be 100644 --- a/chromeos/cert_loader.h +++ b/chromeos/cert_loader.h @@ -143,7 +143,7 @@ class CHROMEOS_EXPORT CertLoader : public net::CertDatabase::Observer, void NotifyCertificatesLoaded(bool initial_load); // net::CertDatabase::Observer - virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE; + virtual void OnCACertChanged(const net::X509Certificate* cert) OVERRIDE; virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE; virtual void OnCertRemoved(const net::X509Certificate* cert) OVERRIDE; diff --git a/net/cert/cert_database.cc b/net/cert/cert_database.cc index db54172..f36562a 100644 --- a/net/cert/cert_database.cc +++ b/net/cert/cert_database.cc @@ -30,10 +30,10 @@ void CertDatabase::NotifyObserversOfCertRemoved(const X509Certificate* cert) { observer_list_->Notify(&Observer::OnCertRemoved, make_scoped_refptr(cert)); } -void CertDatabase::NotifyObserversOfCertTrustChanged( +void CertDatabase::NotifyObserversOfCACertChanged( const X509Certificate* cert) { observer_list_->Notify( - &Observer::OnCertTrustChanged, make_scoped_refptr(cert)); + &Observer::OnCACertChanged, make_scoped_refptr(cert)); } } // namespace net diff --git a/net/cert/cert_database.h b/net/cert/cert_database.h index 7f62964..feadf4c 100644 --- a/net/cert/cert_database.h +++ b/net/cert/cert_database.h @@ -40,8 +40,9 @@ class NET_EXPORT CertDatabase { // Will be called when a certificate is removed. virtual void OnCertRemoved(const X509Certificate* cert) {} - // Will be called when a certificate's trust is changed. - virtual void OnCertTrustChanged(const X509Certificate* cert) {} + // Will be called when a CA certificate was added, removed, or its trust + // changed. This can also mean that a client certificate's trust changed. + virtual void OnCACertChanged(const X509Certificate* cert) {} protected: Observer() {} @@ -93,7 +94,7 @@ class NET_EXPORT CertDatabase { // Broadcasts notifications to all registered observers. void NotifyObserversOfCertAdded(const X509Certificate* cert); void NotifyObserversOfCertRemoved(const X509Certificate* cert); - void NotifyObserversOfCertTrustChanged(const X509Certificate* cert); + void NotifyObserversOfCACertChanged(const X509Certificate* cert); const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_; diff --git a/net/cert/cert_database_android.cc b/net/cert/cert_database_android.cc index 3c6bc67..350028fc 100644 --- a/net/cert/cert_database_android.cc +++ b/net/cert/cert_database_android.cc @@ -37,7 +37,7 @@ int CertDatabase::AddUserCert(X509Certificate* cert) { } void CertDatabase::OnAndroidKeyChainChanged() { - observer_list_->Notify(&Observer::OnCertTrustChanged, + observer_list_->Notify(&Observer::OnCACertChanged, scoped_refptr<X509Certificate>()); } diff --git a/net/cert/cert_database_mac.cc b/net/cert/cert_database_mac.cc index 7670196..9427be3 100644 --- a/net/cert/cert_database_mac.cc +++ b/net/cert/cert_database_mac.cc @@ -103,7 +103,7 @@ OSStatus CertDatabase::Notifier::KeychainCallback( switch (keychain_event) { case kSecKeychainListChangedEvent: case kSecTrustSettingsChangedEvent: - that->cert_db_->NotifyObserversOfCertTrustChanged(NULL); + that->cert_db_->NotifyObserversOfCACertChanged(NULL); break; } diff --git a/net/cert/cert_database_nss.cc b/net/cert/cert_database_nss.cc index 5fa2721..a1677fe 100644 --- a/net/cert/cert_database_nss.cc +++ b/net/cert/cert_database_nss.cc @@ -40,8 +40,8 @@ class CertDatabase::Notifier : public NSSCertDatabase::Observer { cert_db_->NotifyObserversOfCertRemoved(cert); } - virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE { - cert_db_->NotifyObserversOfCertTrustChanged(cert); + virtual void OnCACertChanged(const X509Certificate* cert) OVERRIDE { + cert_db_->NotifyObserversOfCACertChanged(cert); } private: diff --git a/net/cert/multi_threaded_cert_verifier.cc b/net/cert/multi_threaded_cert_verifier.cc index 821cec1..4b2f37f 100644 --- a/net/cert/multi_threaded_cert_verifier.cc +++ b/net/cert/multi_threaded_cert_verifier.cc @@ -556,7 +556,7 @@ void MultiThreadedCertVerifier::HandleResult( delete job; } -void MultiThreadedCertVerifier::OnCertTrustChanged( +void MultiThreadedCertVerifier::OnCACertChanged( const X509Certificate* cert) { DCHECK(CalledOnValidThread()); diff --git a/net/cert/multi_threaded_cert_verifier.h b/net/cert/multi_threaded_cert_verifier.h index bc9cd4f..f4e2787 100644 --- a/net/cert/multi_threaded_cert_verifier.h +++ b/net/cert/multi_threaded_cert_verifier.h @@ -137,7 +137,7 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier const CertVerifyResult& verify_result); // CertDatabase::Observer methods: - virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; + virtual void OnCACertChanged(const X509Certificate* cert) OVERRIDE; // For unit testing. void ClearCache() { cache_.Clear(); } diff --git a/net/cert/nss_cert_database.cc b/net/cert/nss_cert_database.cc index f1262dc..0ba139b 100644 --- a/net/cert/nss_cert_database.cc +++ b/net/cert/nss_cert_database.cc @@ -167,7 +167,7 @@ bool NSSCertDatabase::ImportCACerts(const CertificateList& certificates, bool success = psm::ImportCACerts(certificates, root, trust_bits, not_imported); if (success) - NotifyObserversOfCertTrustChanged(NULL); + NotifyObserversOfCACertChanged(NULL); return success; } @@ -283,7 +283,7 @@ bool NSSCertDatabase::SetCertTrust(const X509Certificate* cert, TrustBits trust_bits) { bool success = psm::SetCertTrust(cert, type, trust_bits); if (success) - NotifyObserversOfCertTrustChanged(cert); + NotifyObserversOfCACertChanged(cert); return success; } @@ -335,10 +335,10 @@ void NSSCertDatabase::NotifyObserversOfCertRemoved( observer_list_->Notify(&Observer::OnCertRemoved, make_scoped_refptr(cert)); } -void NSSCertDatabase::NotifyObserversOfCertTrustChanged( +void NSSCertDatabase::NotifyObserversOfCACertChanged( const X509Certificate* cert) { observer_list_->Notify( - &Observer::OnCertTrustChanged, make_scoped_refptr(cert)); + &Observer::OnCACertChanged, make_scoped_refptr(cert)); } } // namespace net diff --git a/net/cert/nss_cert_database.h b/net/cert/nss_cert_database.h index 9db1b75..a5d7eb8 100644 --- a/net/cert/nss_cert_database.h +++ b/net/cert/nss_cert_database.h @@ -39,10 +39,10 @@ class NET_EXPORT NSSCertDatabase { // Will be called when a certificate is removed. virtual void OnCertRemoved(const X509Certificate* cert) {} - // Will be called when a certificate's trust is changed. + // Will be called when a CA certificate is changed. // Called with |cert| == NULL after importing a list of certificates // in ImportCACerts(). - virtual void OnCertTrustChanged(const X509Certificate* cert) {} + virtual void OnCACertChanged(const X509Certificate* cert) {} protected: Observer() {} @@ -196,7 +196,7 @@ class NET_EXPORT NSSCertDatabase { // Broadcasts notifications to all registered observers. void NotifyObserversOfCertAdded(const X509Certificate* cert); void NotifyObserversOfCertRemoved(const X509Certificate* cert); - void NotifyObserversOfCertTrustChanged(const X509Certificate* cert); + void NotifyObserversOfCACertChanged(const X509Certificate* cert); const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_; diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc index a86688e..9539145 100644 --- a/net/socket/client_socket_factory.cc +++ b/net/socket/client_socket_factory.cc @@ -60,10 +60,10 @@ class DefaultClientSocketFactory : public ClientSocketFactory, ClearSSLSessionCache(); } - virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE { + virtual void OnCACertChanged(const X509Certificate* cert) OVERRIDE { // Per wtc, we actually only need to flush when trust is reduced. - // Always flush now because OnCertTrustChanged does not tell us this. - // See comments in ClientSocketPoolManager::OnCertTrustChanged. + // Always flush now because OnCACertChanged does not tell us this. + // See comments in ClientSocketPoolManager::OnCACertChanged. ClearSSLSessionCache(); } diff --git a/net/socket/client_socket_pool_manager_impl.cc b/net/socket/client_socket_pool_manager_impl.cc index b557874..35e7564 100644 --- a/net/socket/client_socket_pool_manager_impl.cc +++ b/net/socket/client_socket_pool_manager_impl.cc @@ -374,7 +374,7 @@ void ClientSocketPoolManagerImpl::OnCertAdded(const X509Certificate* cert) { FlushSocketPoolsWithError(ERR_NETWORK_CHANGED); } -void ClientSocketPoolManagerImpl::OnCertTrustChanged( +void ClientSocketPoolManagerImpl::OnCACertChanged( const X509Certificate* cert) { // We should flush the socket pools if we removed trust from a // cert, because a previously trusted server may have become @@ -383,8 +383,8 @@ void ClientSocketPoolManagerImpl::OnCertTrustChanged( // We should not flush the socket pools if we added trust to a // cert. // - // Since the OnCertTrustChanged method doesn't tell us what - // kind of trust change it is, we have to flush the socket + // Since the OnCACertChanged method doesn't tell us what + // kind of change it is, we have to flush the socket // pools to be safe. FlushSocketPoolsWithError(ERR_NETWORK_CHANGED); } diff --git a/net/socket/client_socket_pool_manager_impl.h b/net/socket/client_socket_pool_manager_impl.h index 8f6e618..7f92cb5 100644 --- a/net/socket/client_socket_pool_manager_impl.h +++ b/net/socket/client_socket_pool_manager_impl.h @@ -90,7 +90,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe, // CertDatabase::Observer methods: virtual void OnCertAdded(const X509Certificate* cert) OVERRIDE; - virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; + virtual void OnCACertChanged(const X509Certificate* cert) OVERRIDE; private: typedef internal::OwnedPoolMap<HostPortPair, TransportClientSocketPool*> diff --git a/net/spdy/spdy_session_pool.cc b/net/spdy/spdy_session_pool.cc index 9cfd9c0..831e09d 100644 --- a/net/spdy/spdy_session_pool.cc +++ b/net/spdy/spdy_session_pool.cc @@ -290,11 +290,11 @@ void SpdySessionPool::OnCertAdded(const X509Certificate* cert) { CloseCurrentSessions(ERR_NETWORK_CHANGED); } -void SpdySessionPool::OnCertTrustChanged(const X509Certificate* cert) { +void SpdySessionPool::OnCACertChanged(const X509Certificate* cert) { // Per wtc, we actually only need to CloseCurrentSessions when trust is - // reduced. CloseCurrentSessions now because OnCertTrustChanged does not + // reduced. CloseCurrentSessions now because OnCACertChanged does not // tell us this. - // See comments in ClientSocketPoolManager::OnCertTrustChanged. + // See comments in ClientSocketPoolManager::OnCACertChanged. CloseCurrentSessions(ERR_NETWORK_CHANGED); } diff --git a/net/spdy/spdy_session_pool.h b/net/spdy/spdy_session_pool.h index 79900af..91e27e6 100644 --- a/net/spdy/spdy_session_pool.h +++ b/net/spdy/spdy_session_pool.h @@ -142,7 +142,7 @@ class NET_EXPORT SpdySessionPool // CertDatabase::Observer methods: virtual void OnCertAdded(const X509Certificate* cert) OVERRIDE; - virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; + virtual void OnCACertChanged(const X509Certificate* cert) OVERRIDE; private: friend class SpdySessionPoolPeer; // For testing. |