summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-09-20 18:44:54 +0000
committerpkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-09-20 18:44:54 +0000
commitc79b784d1fe54002f3ed259c9ffcaa2a71c9cf45 (patch)
tree3c634bd1944153837a88d4b209a7eb985c4c0add
parentd5a0913eae47ba1dbf0c50429b02f65963dde5fd (diff)
downloadchromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.zip
chromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.tar.gz
chromium_src-c79b784d1fe54002f3ed259c9ffcaa2a71c9cf45.tar.bz2
Introduce a typedef for users of the SSL cert trust bits. This allows lots of callers wishing to refer to "a bitfield composed of these values" to use an explicit type instead of "int". I find the resulting code to be noticeably clearer, and a similar change for another type exposed a bug where not having an explicit type allowed a function argument ordering bug to creep in, so I claim this is safer too.
The constants are still defined using an enum, because due to how macros like EXPECT_EQ are implemented, converting to use the typedef requires either separating the constant declarations and definitions (reducing readability) or converting EXPECT_EQ(b, a) -> EXPECT_TRUE (a == b) in various places. BUG=92247 TEST=Compiles Review URL: http://codereview.chromium.org/7823006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@101989 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--chrome/browser/certificate_manager_model.cc9
-rw-r--r--chrome/browser/certificate_manager_model.h4
-rw-r--r--chrome/browser/ui/webui/options/certificate_manager_handler.cc15
-rw-r--r--net/base/cert_database.h9
-rw-r--r--net/base/cert_database_nss.cc10
-rw-r--r--net/base/cert_database_openssl.cc6
-rw-r--r--net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp12
-rw-r--r--net/third_party/mozilla_security_manager/nsNSSCertificateDB.h4
8 files changed, 37 insertions, 32 deletions
diff --git a/chrome/browser/certificate_manager_model.cc b/chrome/browser/certificate_manager_model.cc
index 63f89a4..1dbd985 100644
--- a/chrome/browser/certificate_manager_model.cc
+++ b/chrome/browser/certificate_manager_model.cc
@@ -123,7 +123,7 @@ int CertificateManagerModel::ImportFromPKCS12(net::CryptoModule* module,
bool CertificateManagerModel::ImportCACerts(
const net::CertificateList& certificates,
- unsigned int trust_bits,
+ net::CertDatabase::TrustBits trust_bits,
net::CertDatabase::ImportCertFailureList* not_imported) {
bool result = cert_db_.ImportCACerts(certificates, trust_bits, not_imported);
if (result && not_imported->size() != certificates.size())
@@ -140,9 +140,10 @@ bool CertificateManagerModel::ImportServerCert(
return result;
}
-bool CertificateManagerModel::SetCertTrust(const net::X509Certificate* cert,
- net::CertType type,
- unsigned int trust_bits) {
+bool CertificateManagerModel::SetCertTrust(
+ const net::X509Certificate* cert,
+ net::CertType type,
+ net::CertDatabase::TrustBits trust_bits) {
return cert_db_.SetCertTrust(cert, type, trust_bits);
}
diff --git a/chrome/browser/certificate_manager_model.h b/chrome/browser/certificate_manager_model.h
index 0852290..a824094 100644
--- a/chrome/browser/certificate_manager_model.h
+++ b/chrome/browser/certificate_manager_model.h
@@ -73,7 +73,7 @@ class CertificateManagerModel {
// |not_imported| should be checked for any certificates that were not
// imported.
bool ImportCACerts(const net::CertificateList& certificates,
- unsigned int trust_bits,
+ net::CertDatabase::TrustBits trust_bits,
net::CertDatabase::ImportCertFailureList* not_imported);
// Import server certificate. The first cert should be the server cert. Any
@@ -94,7 +94,7 @@ class CertificateManagerModel {
// Returns true on success or false on failure.
bool SetCertTrust(const net::X509Certificate* cert,
net::CertType type,
- unsigned int trust_bits);
+ net::CertDatabase::TrustBits trust_bits);
// Delete the cert. Returns true on success. |cert| is still valid when this
// function returns.
diff --git a/chrome/browser/ui/webui/options/certificate_manager_handler.cc b/chrome/browser/ui/webui/options/certificate_manager_handler.cc
index fe507b51..94af879 100644
--- a/chrome/browser/ui/webui/options/certificate_manager_handler.cc
+++ b/chrome/browser/ui/webui/options/certificate_manager_handler.cc
@@ -464,13 +464,14 @@ void CertificateManagerHandler::GetCATrust(const ListValue* args) {
return;
}
- int trust = certificate_manager_model_->cert_db().GetCertTrust(
- cert, net::CA_CERT);
- using base::FundamentalValue;
- FundamentalValue ssl_value(bool(trust & net::CertDatabase::TRUSTED_SSL));
- FundamentalValue email_value(bool(trust & net::CertDatabase::TRUSTED_EMAIL));
- FundamentalValue obj_sign_value(
- bool(trust & net::CertDatabase::TRUSTED_OBJ_SIGN));
+ net::CertDatabase::TrustBits trust_bits =
+ certificate_manager_model_->cert_db().GetCertTrust(cert, net::CA_CERT);
+ base::FundamentalValue ssl_value(
+ static_cast<bool>(trust_bits & net::CertDatabase::TRUSTED_SSL));
+ base::FundamentalValue email_value(
+ static_cast<bool>(trust_bits & net::CertDatabase::TRUSTED_EMAIL));
+ base::FundamentalValue obj_sign_value(
+ static_cast<bool>(trust_bits & net::CertDatabase::TRUSTED_OBJ_SIGN));
web_ui_->CallJavascriptFunction(
"CertificateEditCaTrustOverlay.populateTrust",
ssl_value, email_value, obj_sign_value);
diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index 0c94c93..7f8c31c 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -77,6 +77,9 @@ class NET_EXPORT CertDatabase {
// trusted as a server.
// For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
// trusted for email.
+ // NOTE: The actual constants are defined using an enum instead of static
+ // consts due to compilation/linkage constraints with template functions.
+ typedef uint32 TrustBits;
enum {
UNTRUSTED = 0,
TRUSTED_SSL = 1 << 0,
@@ -142,7 +145,7 @@ class NET_EXPORT CertDatabase {
// |not_imported| should be checked for any certificates that were not
// imported.
bool ImportCACerts(const CertificateList& certificates,
- unsigned int trust_bits,
+ TrustBits trust_bits,
ImportCertFailureList* not_imported);
// Import server certificate. The first cert should be the server cert. Any
@@ -157,13 +160,13 @@ class NET_EXPORT CertDatabase {
ImportCertFailureList* not_imported);
// Get trust bits for certificate.
- unsigned int GetCertTrust(const X509Certificate* cert, CertType type) const;
+ TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const;
// Set trust values for certificate.
// Returns true on success or false on failure.
bool SetCertTrust(const X509Certificate* cert,
CertType type,
- unsigned int trust_bits);
+ TrustBits trust_bits);
// Delete certificate and associated private key (if one exists).
// Returns true on success or false on failure.
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index 8fb51e0..e198e35 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -197,7 +197,7 @@ X509Certificate* CertDatabase::FindRootInList(
}
bool CertDatabase::ImportCACerts(const CertificateList& certificates,
- unsigned int trust_bits,
+ TrustBits trust_bits,
ImportCertFailureList* not_imported) {
X509Certificate* root = FindRootInList(certificates);
bool success = psm::ImportCACerts(certificates, root, trust_bits,
@@ -213,8 +213,8 @@ bool CertDatabase::ImportServerCert(const CertificateList& certificates,
return psm::ImportServerCert(certificates, not_imported);
}
-unsigned int CertDatabase::GetCertTrust(
- const X509Certificate* cert, CertType type) const {
+CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
+ CertType type) const {
CERTCertTrust nsstrust;
SECStatus srv = CERT_GetCertTrust(cert->os_cert_handle(), &nsstrust);
if (srv != SECSuccess) {
@@ -238,8 +238,8 @@ unsigned int CertDatabase::GetCertTrust(
bool CertDatabase::SetCertTrust(const X509Certificate* cert,
CertType type,
- unsigned int trusted) {
- bool success = psm::SetCertTrust(cert, type, trusted);
+ TrustBits trust_bits) {
+ bool success = psm::SetCertTrust(cert, type, trust_bits);
if (success)
CertDatabase::NotifyObserversOfCertTrustChanged(cert);
diff --git a/net/base/cert_database_openssl.cc b/net/base/cert_database_openssl.cc
index 333d04c..ca429c08 100644
--- a/net/base/cert_database_openssl.cc
+++ b/net/base/cert_database_openssl.cc
@@ -82,8 +82,8 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
return false;
}
-unsigned int CertDatabase::GetCertTrust(const X509Certificate* cert,
- CertType type) const {
+CertDatabase::TrustBits CertDatabase::GetCertTrust(const X509Certificate* cert,
+ CertType type) const {
// TODO(bulach): implement me.
NOTIMPLEMENTED();
return 0;
@@ -91,7 +91,7 @@ unsigned int CertDatabase::GetCertTrust(const X509Certificate* cert,
bool CertDatabase::SetCertTrust(const X509Certificate* cert,
CertType type,
- unsigned int trust_bits) {
+ TrustBits trust_bits) {
// TODO(bulach): implement me.
NOTIMPLEMENTED();
return false;
diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
index a430889..3e50cd1 100644
--- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
+++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
@@ -54,7 +54,7 @@ namespace mozilla_security_manager {
// Based on nsNSSCertificateDB::handleCACertDownload, minus the UI bits.
bool ImportCACerts(const net::CertificateList& certificates,
net::X509Certificate* root,
- unsigned int trustBits,
+ net::CertDatabase::TrustBits trustBits,
net::CertDatabase::ImportCertFailureList* not_imported) {
crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot());
if (!slot.get()) {
@@ -200,7 +200,7 @@ bool ImportServerCert(const net::CertificateList& certificates,
bool
SetCertTrust(const net::X509Certificate* cert,
net::CertType type,
- unsigned int trusted)
+ net::CertDatabase::TrustBits trustBits)
{
SECStatus srv;
nsNSSCertTrust trust;
@@ -208,16 +208,16 @@ SetCertTrust(const net::X509Certificate* cert,
if (type == net::CA_CERT) {
// always start with untrusted and move up
trust.SetValidCA();
- trust.AddCATrust(trusted & net::CertDatabase::TRUSTED_SSL,
- trusted & net::CertDatabase::TRUSTED_EMAIL,
- trusted & net::CertDatabase::TRUSTED_OBJ_SIGN);
+ trust.AddCATrust(trustBits & net::CertDatabase::TRUSTED_SSL,
+ trustBits & net::CertDatabase::TRUSTED_EMAIL,
+ trustBits & net::CertDatabase::TRUSTED_OBJ_SIGN);
srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
nsscert,
trust.GetTrust());
} else if (type == net::SERVER_CERT) {
// always start with untrusted and move up
trust.SetValidPeer();
- trust.AddPeerTrust(trusted & net::CertDatabase::TRUSTED_SSL, 0, 0);
+ trust.AddPeerTrust(trustBits & net::CertDatabase::TRUSTED_SSL, 0, 0);
srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
nsscert,
trust.GetTrust());
diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
index f41c60e..29acaf9 100644
--- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
+++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
@@ -54,7 +54,7 @@ namespace mozilla_security_manager {
bool ImportCACerts(const net::CertificateList& certificates,
net::X509Certificate* root,
- unsigned int trustBits,
+ net::CertDatabase::TrustBits trustBits,
net::CertDatabase::ImportCertFailureList* not_imported);
bool ImportServerCert(const net::CertificateList& certificates,
@@ -62,7 +62,7 @@ bool ImportServerCert(const net::CertificateList& certificates,
bool SetCertTrust(const net::X509Certificate* cert,
net::CertType type,
- unsigned int trusted);
+ net::CertDatabase::TrustBits trustBits);
} // namespace mozilla_security_manager