diff options
33 files changed, 426 insertions, 311 deletions
diff --git a/chrome/browser/certificate_manager_model.cc b/chrome/browser/certificate_manager_model.cc index afdd026..826a29a 100644 --- a/chrome/browser/certificate_manager_model.cc +++ b/chrome/browser/certificate_manager_model.cc @@ -8,7 +8,7 @@ #include "base/i18n/time_formatting.h" #include "base/logging.h" #include "base/strings/utf_string_conversions.h" -#include "chrome/browser/ui/crypto_module_password_dialog.h" +#include "chrome/browser/ui/crypto_module_password_dialog_nss.h" #include "chrome/common/net/x509_certificate_model.h" #include "grit/generated_resources.h" #include "net/base/crypto_module.h" diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc index 0541518..d284c9c 100644 --- a/chrome/browser/chrome_content_browser_client.cc +++ b/chrome/browser/chrome_content_browser_client.cc @@ -189,10 +189,6 @@ #include "ui/gfx/android/device_display_info.h" #endif -#if defined(USE_NSS) -#include "chrome/browser/ui/crypto_module_password_dialog.h" -#endif - #if !defined(OS_CHROMEOS) #include "chrome/browser/signin/signin_manager.h" #include "chrome/browser/signin/signin_manager_factory.h" @@ -2612,15 +2608,6 @@ void ChromeContentBrowserClient::PreSpawnRenderer( } #endif -#if defined(USE_NSS) -crypto::CryptoModuleBlockingPasswordDelegate* - ChromeContentBrowserClient::GetCryptoPasswordDelegate( - const GURL& url) { - return chrome::NewCryptoModuleBlockingDialogDelegate( - chrome::kCryptoModulePasswordKeygen, url.host()); -} -#endif - bool ChromeContentBrowserClient::IsPluginAllowedToCallRequestOSFileHandle( content::BrowserContext* browser_context, const GURL& url) { diff --git a/chrome/browser/chrome_content_browser_client.h b/chrome/browser/chrome_content_browser_client.h index a265f76..e12eae1 100644 --- a/chrome/browser/chrome_content_browser_client.h +++ b/chrome/browser/chrome_content_browser_client.h @@ -262,11 +262,6 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient { virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy, bool* success) OVERRIDE; #endif -#if defined(USE_NSS) - virtual - crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate( - const GURL& url) OVERRIDE; -#endif virtual bool IsPluginAllowedToCallRequestOSFileHandle( content::BrowserContext* browser_context, diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc index 1c5c53b..a9f68c4 100644 --- a/chrome/browser/profiles/profile_io_data.cc +++ b/chrome/browser/profiles/profile_io_data.cc @@ -62,6 +62,7 @@ #include "content/public/browser/resource_context.h" #include "extensions/browser/info_map.h" #include "extensions/common/constants.h" +#include "net/base/keygen_handler.h" #include "net/cookies/canonical_cookie.h" #include "net/cookies/cookie_monster.h" #include "net/http/http_transaction_factory.h" @@ -110,7 +111,7 @@ #endif // defined(OS_CHROMEOS) #if defined(USE_NSS) -#include "chrome/browser/ui/crypto_module_password_dialog.h" +#include "chrome/browser/ui/crypto_module_delegate_nss.h" #include "net/ssl/client_cert_store_nss.h" #endif @@ -854,7 +855,7 @@ scoped_ptr<net::ClientCertStore> ProfileIOData::ResourceContext::CreateClientCertStore() { #if defined(USE_NSS) return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS( - base::Bind(&chrome::NewCryptoModuleBlockingDialogDelegate, + base::Bind(&CreateCryptoModuleBlockingPasswordDelegate, chrome::kCryptoModulePasswordClientAuth))); #elif defined(OS_WIN) return scoped_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); @@ -870,6 +871,37 @@ ProfileIOData::ResourceContext::CreateClientCertStore() { #endif } +void ProfileIOData::ResourceContext::CreateKeygenHandler( + uint32 key_size_in_bits, + const std::string& challenge_string, + const GURL& url, + const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback) { + DCHECK(!callback.is_null()); +#if defined(USE_NSS) + scoped_ptr<net::KeygenHandler> keygen_handler( + new net::KeygenHandler(key_size_in_bits, challenge_string, url)); + + scoped_ptr<ChromeNSSCryptoModuleDelegate> delegate( + new ChromeNSSCryptoModuleDelegate(chrome::kCryptoModulePasswordKeygen, + url.host())); + ChromeNSSCryptoModuleDelegate* delegate_ptr = delegate.get(); + keygen_handler->set_crypto_module_delegate( + delegate.PassAs<crypto::NSSCryptoModuleDelegate>()); + + base::Closure bound_callback = + base::Bind(callback, base::Passed(&keygen_handler)); + if (delegate_ptr->InitializeSlot(this, bound_callback)) { + // Initialization complete, run the callback synchronously. + bound_callback.Run(); + return; + } + // Otherwise, the InitializeSlot will run the callback asynchronously. +#else + callback.Run(make_scoped_ptr( + new net::KeygenHandler(key_size_in_bits, challenge_string, url))); +#endif +} + bool ProfileIOData::ResourceContext::AllowMicAccess(const GURL& origin) { return AllowContentAccess(origin, CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC); } diff --git a/chrome/browser/profiles/profile_io_data.h b/chrome/browser/profiles/profile_io_data.h index 007f7e5..5c98b26 100644 --- a/chrome/browser/profiles/profile_io_data.h +++ b/chrome/browser/profiles/profile_io_data.h @@ -375,6 +375,12 @@ class ProfileIOData { virtual net::HostResolver* GetHostResolver() OVERRIDE; virtual net::URLRequestContext* GetRequestContext() OVERRIDE; virtual scoped_ptr<net::ClientCertStore> CreateClientCertStore() OVERRIDE; + virtual void CreateKeygenHandler( + uint32 key_size_in_bits, + const std::string& challenge_string, + const GURL& url, + const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback) + OVERRIDE; virtual bool AllowMicAccess(const GURL& origin) OVERRIDE; virtual bool AllowCameraAccess(const GURL& origin) OVERRIDE; virtual std::string GetMediaDeviceIDSalt() OVERRIDE; diff --git a/chrome/browser/ui/crypto_module_delegate_nss.cc b/chrome/browser/ui/crypto_module_delegate_nss.cc new file mode 100644 index 0000000..b52c6ca --- /dev/null +++ b/chrome/browser/ui/crypto_module_delegate_nss.cc @@ -0,0 +1,104 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/browser/ui/crypto_module_delegate_nss.h" + +#include "base/basictypes.h" +#include "base/bind.h" +#include "chrome/browser/net/nss_context.h" +#include "content/public/browser/browser_thread.h" + +using content::BrowserThread; + +ChromeNSSCryptoModuleDelegate::ChromeNSSCryptoModuleDelegate( + chrome::CryptoModulePasswordReason reason, + const std::string& server) + : reason_(reason), + server_(server), + event_(false, false), + cancelled_(false) {} + +ChromeNSSCryptoModuleDelegate::~ChromeNSSCryptoModuleDelegate() {} + +bool ChromeNSSCryptoModuleDelegate::InitializeSlot( + content::ResourceContext* context, + const base::Closure& initialization_complete_callback) { + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); + base::Callback<void(crypto::ScopedPK11Slot)> get_slot_callback; + if (!initialization_complete_callback.is_null()) + get_slot_callback = base::Bind(&ChromeNSSCryptoModuleDelegate::DidGetSlot, + // Caller is responsible for keeping |this| + // alive until the callback is run. + base::Unretained(this), + initialization_complete_callback); + + slot_ = GetPrivateNSSKeySlotForResourceContext(context, get_slot_callback); + return slot_.get() != NULL; +} + +// TODO(mattm): allow choosing which slot to generate and store the key. +crypto::ScopedPK11Slot ChromeNSSCryptoModuleDelegate::RequestSlot() { + return slot_.Pass(); +} + +std::string ChromeNSSCryptoModuleDelegate::RequestPassword( + const std::string& slot_name, + bool retry, + bool* cancelled) { + DCHECK(!event_.IsSignaled()); + event_.Reset(); + + if (BrowserThread::PostTask( + BrowserThread::UI, + FROM_HERE, + base::Bind(&ChromeNSSCryptoModuleDelegate::ShowDialog, + // This method blocks on |event_| until the task completes, + // so there's no need to ref-count. + base::Unretained(this), + slot_name, + retry))) { + event_.Wait(); + } + *cancelled = cancelled_; + return password_; +} + +void ChromeNSSCryptoModuleDelegate::ShowDialog(const std::string& slot_name, + bool retry) { + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); + ShowCryptoModulePasswordDialog( + slot_name, + retry, + reason_, + server_, + NULL, // TODO(mattm): Supply parent window. + base::Bind(&ChromeNSSCryptoModuleDelegate::GotPassword, + // RequestPassword is blocked on |event_| until GotPassword is + // called, so there's no need to ref-count. + base::Unretained(this))); +} + +void ChromeNSSCryptoModuleDelegate::GotPassword(const std::string& password) { + if (!password.empty()) + password_ = password; + else + cancelled_ = true; + event_.Signal(); +} + +void ChromeNSSCryptoModuleDelegate::DidGetSlot(const base::Closure& callback, + crypto::ScopedPK11Slot slot) { + slot_ = slot.Pass(); + callback.Run(); +} + +crypto::CryptoModuleBlockingPasswordDelegate* +CreateCryptoModuleBlockingPasswordDelegate( + chrome::CryptoModulePasswordReason reason, + const std::string& server) { + // Returns a ChromeNSSCryptoModuleDelegate without calling InitializeSlot. + // Since it is only being used as a CreateCryptoModuleBlockingDialogDelegate, + // initializing the slot handle is unnecessary. + return new ChromeNSSCryptoModuleDelegate(reason, server); +} diff --git a/chrome/browser/ui/crypto_module_delegate_nss.h b/chrome/browser/ui/crypto_module_delegate_nss.h new file mode 100644 index 0000000..c99af16 --- /dev/null +++ b/chrome/browser/ui/crypto_module_delegate_nss.h @@ -0,0 +1,80 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_BROWSER_UI_CRYPTO_MODULE_DELEGATE_NSS_H_ +#define CHROME_BROWSER_UI_CRYPTO_MODULE_DELEGATE_NSS_H_ + +#include <string> + +#include "base/compiler_specific.h" +#include "base/synchronization/waitable_event.h" +#include "chrome/browser/ui/crypto_module_password_dialog.h" +#include "crypto/nss_crypto_module_delegate.h" + +namespace content { +class ResourceContext; +} + +// Delegate to handle unlocking a slot or indicating which slot to store a key +// in. When passing to NSS functions which take a wincx argument, use the value +// returned from the wincx() method. +class ChromeNSSCryptoModuleDelegate + : public crypto::NSSCryptoModuleDelegate { + public: + // Create a ChromeNSSCryptoModuleDelegate. |reason| is used to select what + // string to show the user, |server| is displayed to indicate which connection + // is causing the dialog to appear. + ChromeNSSCryptoModuleDelegate(chrome::CryptoModulePasswordReason reason, + const std::string& server); + + virtual ~ChromeNSSCryptoModuleDelegate(); + + // Must be called on IO thread. Returns true if the delegate is ready for use. + // Otherwise, if |initialization_complete_callback| is non-null, the + // initialization will proceed asynchronously and the callback will be run + // once the delegate is ready to use. In that case, the caller must ensure the + // delegate remains alive until the callback is run. + bool InitializeSlot(content::ResourceContext* context, + const base::Closure& initialization_complete_callback) + WARN_UNUSED_RESULT; + + // crypto::NSSCryptoModuleDelegate implementation. + virtual crypto::ScopedPK11Slot RequestSlot() OVERRIDE; + + // crypto::CryptoModuleBlockingPasswordDelegate implementation. + virtual std::string RequestPassword(const std::string& slot_name, + bool retry, + bool* cancelled) OVERRIDE; + + private: + void ShowDialog(const std::string& slot_name, bool retry); + + void GotPassword(const std::string& password); + + void DidGetSlot(const base::Closure& callback, crypto::ScopedPK11Slot slot); + + // Parameters displayed in the dialog. + const chrome::CryptoModulePasswordReason reason_; + const std::string server_; + + // Event to block worker thread while waiting for dialog on UI thread. + base::WaitableEvent event_; + + // Stores the results from the dialog for access on worker thread. + std::string password_; + bool cancelled_; + + // The slot which will be returned by RequestSlot. + crypto::ScopedPK11Slot slot_; + + DISALLOW_COPY_AND_ASSIGN(ChromeNSSCryptoModuleDelegate); +}; + +// Create a delegate which only handles unlocking slots. +crypto::CryptoModuleBlockingPasswordDelegate* + CreateCryptoModuleBlockingPasswordDelegate( + chrome::CryptoModulePasswordReason reason, + const std::string& server); + +#endif // CHROME_BROWSER_UI_CRYPTO_MODULE_DELEGATE_NSS_H_ diff --git a/chrome/browser/ui/crypto_module_password_dialog.cc b/chrome/browser/ui/crypto_module_password_dialog.cc deleted file mode 100644 index c8b1d0d..0000000 --- a/chrome/browser/ui/crypto_module_password_dialog.cc +++ /dev/null @@ -1,102 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome/browser/ui/crypto_module_password_dialog.h" - -#include "base/basictypes.h" -#include "base/bind.h" -#include "base/strings/utf_string_conversions.h" -#include "base/synchronization/waitable_event.h" -#include "content/public/browser/browser_thread.h" -#include "crypto/crypto_module_blocking_password_delegate.h" -#include "grit/generated_resources.h" -#include "ui/base/l10n/l10n_util.h" -#include "url/gurl.h" - -using content::BrowserThread; - -namespace chrome { - -namespace { - -class CryptoModuleBlockingDialogDelegate - : public crypto::CryptoModuleBlockingPasswordDelegate { - public: - CryptoModuleBlockingDialogDelegate(CryptoModulePasswordReason reason, - const std::string& server) - : event_(false, false), - reason_(reason), - server_(server), - cancelled_(false) { - } - - virtual ~CryptoModuleBlockingDialogDelegate() { - // Make sure we clear the password in memory. - password_.replace(0, password_.size(), password_.size(), 0); - } - - // crypto::CryptoModuleBlockingDialogDelegate implementation. - virtual std::string RequestPassword(const std::string& slot_name, - bool retry, - bool* cancelled) OVERRIDE { - DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::UI)); - DCHECK(!event_.IsSignaled()); - event_.Reset(); - - if (BrowserThread::PostTask( - BrowserThread::UI, FROM_HERE, - base::Bind(&CryptoModuleBlockingDialogDelegate::ShowDialog, - // We block on event_ until the task completes, so - // there's no need to ref-count. - base::Unretained(this), - slot_name, - retry))) { - event_.Wait(); - } - *cancelled = cancelled_; - return password_; - } - - private: - void ShowDialog(const std::string& slot_name, - bool retry) { - DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); - ShowCryptoModulePasswordDialog( - slot_name, - retry, - reason_, - server_, - NULL, // TODO(mattm): Supply parent window. - base::Bind(&CryptoModuleBlockingDialogDelegate::GotPassword, - // We block on event_ until the task completes, so - // there's no need to ref-count. - base::Unretained(this))); - } - - void GotPassword(const char* password) { - if (password) - password_ = password; - else - cancelled_ = true; - event_.Signal(); - } - - base::WaitableEvent event_; - CryptoModulePasswordReason reason_; - std::string server_; - std::string password_; - bool cancelled_; - - DISALLOW_COPY_AND_ASSIGN(CryptoModuleBlockingDialogDelegate); -}; - -} // namespace - -crypto::CryptoModuleBlockingPasswordDelegate* - NewCryptoModuleBlockingDialogDelegate(CryptoModulePasswordReason reason, - const std::string& server) { - return new CryptoModuleBlockingDialogDelegate(reason, server); -} - -} // namespace chrome diff --git a/chrome/browser/ui/crypto_module_password_dialog.h b/chrome/browser/ui/crypto_module_password_dialog.h index 0f64caf..16a9691 100644 --- a/chrome/browser/ui/crypto_module_password_dialog.h +++ b/chrome/browser/ui/crypto_module_password_dialog.h @@ -6,22 +6,10 @@ #define CHROME_BROWSER_UI_CRYPTO_MODULE_PASSWORD_DIALOG_H_ #include <string> -#include <vector> #include "base/callback.h" -#include "base/memory/ref_counted.h" #include "ui/gfx/native_widget_types.h" -namespace crypto { -class CryptoModuleBlockingPasswordDelegate; -} - -namespace net { -class CryptoModule; -typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList; -class X509Certificate; -} - namespace chrome { // An enum to describe the reason for the password request. @@ -34,7 +22,7 @@ enum CryptoModulePasswordReason { kCryptoModulePasswordCertExport, }; -typedef base::Callback<void(const char*)> CryptoModulePasswordCallback; +typedef base::Callback<void(const std::string&)> CryptoModulePasswordCallback; // Display a dialog, prompting the user to authenticate to unlock // |module|. |reason| describes the purpose of the authentication and @@ -48,30 +36,6 @@ void ShowCryptoModulePasswordDialog( gfx::NativeWindow parent, const CryptoModulePasswordCallback& callback); -// Returns a CryptoModuleBlockingPasswordDelegate to open a dialog and block -// until returning. Should only be used on a worker thread. -crypto::CryptoModuleBlockingPasswordDelegate* - NewCryptoModuleBlockingDialogDelegate(CryptoModulePasswordReason reason, - const std::string& server); - -// Asynchronously unlock |modules|, if necessary. |callback| is called when -// done (regardless if any modules were successfully unlocked or not). Should -// only be called on UI thread. -void UnlockSlotsIfNecessary(const net::CryptoModuleList& modules, - CryptoModulePasswordReason reason, - const std::string& server, - gfx::NativeWindow parent, - const base::Closure& callback); - -// Asynchronously unlock the |cert|'s module, if necessary. |callback| is -// called when done (regardless if module was successfully unlocked or not). -// Should only be called on UI thread. -void UnlockCertSlotIfNecessary(net::X509Certificate* cert, - CryptoModulePasswordReason reason, - const std::string& server, - gfx::NativeWindow parent, - const base::Closure& callback); - } // namespace chrome #endif // CHROME_BROWSER_UI_CRYPTO_MODULE_PASSWORD_DIALOG_H_ diff --git a/chrome/browser/ui/crypto_module_password_dialog_nss.cc b/chrome/browser/ui/crypto_module_password_dialog_nss.cc index 4f83801..0f0587a 100644 --- a/chrome/browser/ui/crypto_module_password_dialog_nss.cc +++ b/chrome/browser/ui/crypto_module_password_dialog_nss.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/ui/crypto_module_password_dialog.h" +#include "chrome/browser/ui/crypto_module_password_dialog_nss.h" #include <pk11pub.h> @@ -36,7 +36,7 @@ class SlotUnlocker { void Start(); private: - void GotPassword(const char* password); + void GotPassword(const std::string& password); void Done(); size_t current_; @@ -81,12 +81,12 @@ void SlotUnlocker::Start() { Done(); } -void SlotUnlocker::GotPassword(const char* password) { +void SlotUnlocker::GotPassword(const std::string& password) { // TODO(mattm): PK11_DoPassword has something about PK11_Global.verifyPass. // Do we need it? // http://mxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11auth.c#577 - if (!password) { + if (password.empty()) { // User cancelled entering password. Oh well. ++current_; Start(); @@ -95,7 +95,7 @@ void SlotUnlocker::GotPassword(const char* password) { // TODO(mattm): handle protectedAuthPath SECStatus rv = PK11_CheckUserPassword(modules_[current_]->os_module_handle(), - password); + password.c_str()); if (rv == SECWouldBlock) { // Incorrect password. Try again. retry_ = PR_TRUE; diff --git a/chrome/browser/ui/crypto_module_password_dialog_nss.h b/chrome/browser/ui/crypto_module_password_dialog_nss.h new file mode 100644 index 0000000..2d1980b --- /dev/null +++ b/chrome/browser/ui/crypto_module_password_dialog_nss.h @@ -0,0 +1,44 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_BROWSER_UI_CRYPTO_MODULE_PASSWORD_DIALOG_NSS_H_ +#define CHROME_BROWSER_UI_CRYPTO_MODULE_PASSWORD_DIALOG_NSS_H_ + +#include <string> +#include <vector> + +#include "base/callback_forward.h" +#include "base/memory/ref_counted.h" +#include "chrome/browser/ui/crypto_module_password_dialog.h" +#include "ui/gfx/native_widget_types.h" + +namespace net { +class CryptoModule; +typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList; +class X509Certificate; +} + +namespace chrome { + +// Asynchronously unlock |modules|, if necessary. |callback| is called when +// done (regardless if any modules were successfully unlocked or not). Should +// only be called on UI thread. +void UnlockSlotsIfNecessary(const net::CryptoModuleList& modules, + CryptoModulePasswordReason reason, + const std::string& server, + gfx::NativeWindow parent, + const base::Closure& callback); + +// Asynchronously unlock the |cert|'s module, if necessary. |callback| is +// called when done (regardless if module was successfully unlocked or not). +// Should only be called on UI thread. +void UnlockCertSlotIfNecessary(net::X509Certificate* cert, + CryptoModulePasswordReason reason, + const std::string& server, + gfx::NativeWindow parent, + const base::Closure& callback); + +} // namespace chrome + +#endif // CHROME_BROWSER_UI_CRYPTO_MODULE_PASSWORD_DIALOG_NSS_H_ diff --git a/chrome/browser/ui/crypto_module_password_dialog_openssl.cc b/chrome/browser/ui/crypto_module_password_dialog_openssl.cc deleted file mode 100644 index 3d0e34c..0000000 --- a/chrome/browser/ui/crypto_module_password_dialog_openssl.cc +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome/browser/ui/crypto_module_password_dialog.h" - -#include "base/logging.h" - -namespace chrome { - -void UnlockSlotsIfNecessary(const net::CryptoModuleList& modules, - CryptoModulePasswordReason reason, - const std::string& host, - gfx::NativeWindow parent, - const base::Closure& callback) { - // TODO(bulach): implement me. - NOTREACHED(); -} - -void UnlockCertSlotIfNecessary(net::X509Certificate* cert, - CryptoModulePasswordReason reason, - const std::string& host, - gfx::NativeWindow parent, - const base::Closure& callback) { - // TODO(bulach): implement me. - NOTREACHED(); -} - -} // namespace chrome diff --git a/chrome/browser/ui/gtk/crypto_module_password_dialog_gtk.cc b/chrome/browser/ui/gtk/crypto_module_password_dialog_gtk.cc index e6b26ae..e28516b 100644 --- a/chrome/browser/ui/gtk/crypto_module_password_dialog_gtk.cc +++ b/chrome/browser/ui/gtk/crypto_module_password_dialog_gtk.cc @@ -9,7 +9,6 @@ #include "base/basictypes.h" #include "base/strings/utf_string_conversions.h" #include "chrome/browser/ui/gtk/gtk_util.h" -#include "crypto/crypto_module_blocking_password_delegate.h" #include "grit/generated_resources.h" #include "ui/base/gtk/gtk_hig_constants.h" #include "ui/base/gtk/gtk_signal.h" @@ -137,7 +136,7 @@ void CryptoModulePasswordDialog::OnResponse(GtkWidget* dialog, if (response_id == GTK_RESPONSE_ACCEPT) callback_.Run(gtk_entry_get_text(GTK_ENTRY(password_entry_))); else - callback_.Run(static_cast<const char*>(NULL)); + callback_.Run(std::string()); // This will cause gtk to zero out the buffer. (see // gtk_entry_buffer_normal_delete_text: diff --git a/chrome/browser/ui/gtk/ssl_client_certificate_selector.cc b/chrome/browser/ui/gtk/ssl_client_certificate_selector.cc index faced7b..99cfba7 100644 --- a/chrome/browser/ui/gtk/ssl_client_certificate_selector.cc +++ b/chrome/browser/ui/gtk/ssl_client_certificate_selector.cc @@ -15,7 +15,7 @@ #include "base/strings/utf_string_conversions.h" #include "chrome/browser/certificate_viewer.h" #include "chrome/browser/ssl/ssl_client_auth_observer.h" -#include "chrome/browser/ui/crypto_module_password_dialog.h" +#include "chrome/browser/ui/crypto_module_password_dialog_nss.h" #include "chrome/browser/ui/gtk/constrained_window_gtk.h" #include "chrome/browser/ui/gtk/gtk_util.h" #include "chrome/common/net/x509_certificate_model.h" @@ -350,14 +350,15 @@ void SSLClientCertificateSelector::OnCancelClicked(GtkWidget* button) { } void SSLClientCertificateSelector::OnOkClicked(GtkWidget* button) { - net::X509Certificate* cert = GetSelectedCert(); - // Remove the observer before we try unlocking, otherwise we might act on a // notification while waiting for the unlock dialog, causing us to delete // ourself before the Unlocked callback gets called. StopObserving(); +#if defined(USE_NSS) GtkWidget* toplevel = gtk_widget_get_toplevel(root_widget_.get()); + net::X509Certificate* cert = GetSelectedCert(); + chrome::UnlockCertSlotIfNecessary( cert, chrome::kCryptoModulePasswordClientAuth, @@ -365,6 +366,9 @@ void SSLClientCertificateSelector::OnOkClicked(GtkWidget* button) { GTK_WINDOW(toplevel), base::Bind(&SSLClientCertificateSelector::Unlocked, base::Unretained(this))); +#else + Unlocked(); +#endif } void SSLClientCertificateSelector::OnPromptShown(GtkWidget* widget, diff --git a/chrome/browser/ui/views/crypto_module_password_dialog_view.cc b/chrome/browser/ui/views/crypto_module_password_dialog_view.cc index eb4a1aa..041fad7 100644 --- a/chrome/browser/ui/views/crypto_module_password_dialog_view.cc +++ b/chrome/browser/ui/views/crypto_module_password_dialog_view.cc @@ -54,14 +54,14 @@ base::string16 CryptoModulePasswordDialogView::GetDialogButtonLabel( } bool CryptoModulePasswordDialogView::Cancel() { - callback_.Run(static_cast<const char*>(NULL)); + callback_.Run(std::string()); const base::string16 empty; password_entry_->SetText(empty); return true; } bool CryptoModulePasswordDialogView::Accept() { - callback_.Run(UTF16ToUTF8(password_entry_->text()).c_str()); + callback_.Run(UTF16ToUTF8(password_entry_->text())); const base::string16 empty; password_entry_->SetText(empty); return true; diff --git a/chrome/browser/ui/views/crypto_module_password_dialog_view_unittest.cc b/chrome/browser/ui/views/crypto_module_password_dialog_view_unittest.cc index 8fade12..886b1c0 100644 --- a/chrome/browser/ui/views/crypto_module_password_dialog_view_unittest.cc +++ b/chrome/browser/ui/views/crypto_module_password_dialog_view_unittest.cc @@ -19,7 +19,7 @@ class CryptoModulePasswordDialogViewTest : public testing::Test { CryptoModulePasswordDialogViewTest() {} virtual ~CryptoModulePasswordDialogViewTest() {} - void Capture(const char* text) { + void Capture(const std::string& text) { text_ = text; } diff --git a/chrome/browser/ui/views/ssl_client_certificate_selector.cc b/chrome/browser/ui/views/ssl_client_certificate_selector.cc index f94d891..3e8b2f9 100644 --- a/chrome/browser/ui/views/ssl_client_certificate_selector.cc +++ b/chrome/browser/ui/views/ssl_client_certificate_selector.cc @@ -9,7 +9,6 @@ #include "base/logging.h" #include "base/strings/utf_string_conversions.h" #include "chrome/browser/certificate_viewer.h" -#include "chrome/browser/ui/crypto_module_password_dialog.h" #include "chrome/browser/ui/views/constrained_window_views.h" #include "components/web_modal/web_contents_modal_dialog_host.h" #include "components/web_modal/web_contents_modal_dialog_manager.h" @@ -32,6 +31,10 @@ #include "ui/views/widget/widget.h" #include "ui/views/window/dialog_client_view.h" +#if defined(USE_NSS) +#include "chrome/browser/ui/crypto_module_password_dialog_nss.h" +#endif + using content::BrowserThread; using content::WebContents; using web_modal::WebContentsModalDialogManager; diff --git a/chrome/browser/ui/webui/options/certificate_manager_handler.cc b/chrome/browser/ui/webui/options/certificate_manager_handler.cc index ce94778..691c354e 100644 --- a/chrome/browser/ui/webui/options/certificate_manager_handler.cc +++ b/chrome/browser/ui/webui/options/certificate_manager_handler.cc @@ -22,7 +22,7 @@ #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ui/certificate_dialogs.h" #include "chrome/browser/ui/chrome_select_file_policy.h" -#include "chrome/browser/ui/crypto_module_password_dialog.h" +#include "chrome/browser/ui/crypto_module_password_dialog_nss.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/web_contents.h" #include "content/public/browser/web_contents_view.h" diff --git a/chrome/chrome_browser_ui.gypi b/chrome/chrome_browser_ui.gypi index cf64d29..d37f8e0 100644 --- a/chrome/chrome_browser_ui.gypi +++ b/chrome/chrome_browser_ui.gypi @@ -1086,10 +1086,11 @@ 'browser/ui/content_settings/content_setting_media_menu_model.h', 'browser/ui/content_settings/media_setting_changed_infobar_delegate.cc', 'browser/ui/content_settings/media_setting_changed_infobar_delegate.h', - 'browser/ui/crypto_module_password_dialog.cc', + 'browser/ui/crypto_module_delegate_nss.cc', + 'browser/ui/crypto_module_delegate_nss.h', 'browser/ui/crypto_module_password_dialog.h', 'browser/ui/crypto_module_password_dialog_nss.cc', - 'browser/ui/crypto_module_password_dialog_openssl.cc', + 'browser/ui/crypto_module_password_dialog_nss.h', 'browser/ui/extensions/application_launch.cc', 'browser/ui/extensions/application_launch.h', 'browser/ui/extensions/extension_installed_bubble.cc', @@ -2958,6 +2959,10 @@ 'sources!': [ 'browser/ui/webui/options/certificate_manager_handler.cc', 'browser/ui/webui/options/certificate_manager_handler.h', + 'browser/ui/crypto_module_delegate_nss.cc', + 'browser/ui/crypto_module_delegate_nss.h', + 'browser/ui/crypto_module_password_dialog_nss.cc', + 'browser/ui/crypto_module_password_dialog_nss.h', ], }], ['use_nss==0 and use_openssl==0', { @@ -3161,8 +3166,6 @@ 'sources!': [ 'browser/ui/certificate_dialogs.cc', 'browser/ui/certificate_dialogs.h', - 'browser/ui/crypto_module_password_dialog.cc', - 'browser/ui/crypto_module_password_dialog_nss.cc', 'browser/ui/screen_capture_notification_ui_stub.cc', 'browser/ui/tabs/dock_info.cc', 'browser/ui/tabs/tab_resources.cc', @@ -3239,8 +3242,6 @@ 'sources!': [ 'browser/ui/certificate_dialogs.cc', 'browser/ui/certificate_dialogs.h', - 'browser/ui/crypto_module_password_dialog.cc', - 'browser/ui/crypto_module_password_dialog_nss.cc', 'browser/ui/screen_capture_notification_ui_stub.cc', 'browser/ui/startup/autolaunch_prompt.cc', 'browser/ui/views/frame/taskbar_decorator.cc', @@ -3305,14 +3306,6 @@ }], ], }], - [ 'use_openssl==1', { - 'sources!': [ - 'browser/ui/crypto_module_password_dialog_nss.cc', - ]}, { - 'sources!': [ - 'browser/ui/crypto_module_password_dialog_openssl.cc', - ]}, - ], # File manager extension replaces the native OS file open/save dialog. ['file_manager_extension==1', { 'sources/': [ diff --git a/content/browser/renderer_host/render_message_filter.cc b/content/browser/renderer_host/render_message_filter.cc index 224b17c..fc084e1 100644 --- a/content/browser/renderer_host/render_message_filter.cc +++ b/content/browser/renderer_host/render_message_filter.cc @@ -989,40 +989,41 @@ void RenderMessageFilter::OnKeygen(uint32 key_size_index, return; } + resource_context_->CreateKeygenHandler( + key_size_in_bits, + challenge_string, + url, + base::Bind( + &RenderMessageFilter::PostKeygenToWorkerThread, this, reply_msg)); +} + +void RenderMessageFilter::PostKeygenToWorkerThread( + IPC::Message* reply_msg, + scoped_ptr<net::KeygenHandler> keygen_handler) { VLOG(1) << "Dispatching keygen task to worker pool."; // Dispatch to worker pool, so we do not block the IO thread. if (!base::WorkerPool::PostTask( FROM_HERE, - base::Bind( - &RenderMessageFilter::OnKeygenOnWorkerThread, this, - key_size_in_bits, challenge_string, url, reply_msg), + base::Bind(&RenderMessageFilter::OnKeygenOnWorkerThread, + this, + base::Passed(&keygen_handler), + reply_msg), true)) { NOTREACHED() << "Failed to dispatch keygen task to worker pool"; ViewHostMsg_Keygen::WriteReplyParams(reply_msg, std::string()); Send(reply_msg); - return; } } void RenderMessageFilter::OnKeygenOnWorkerThread( - int key_size_in_bits, - const std::string& challenge_string, - const GURL& url, + scoped_ptr<net::KeygenHandler> keygen_handler, IPC::Message* reply_msg) { DCHECK(reply_msg); // Generate a signed public key and challenge, then send it back. - net::KeygenHandler keygen_handler(key_size_in_bits, challenge_string, url); - -#if defined(USE_NSS) - // Attach a password delegate so we can authenticate. - keygen_handler.set_crypto_module_password_delegate( - GetContentClient()->browser()->GetCryptoPasswordDelegate(url)); -#endif // defined(USE_NSS) - ViewHostMsg_Keygen::WriteReplyParams( reply_msg, - keygen_handler.GenKeyAndSignChallenge()); + keygen_handler->GenKeyAndSignChallenge()); Send(reply_msg); } diff --git a/content/browser/renderer_host/render_message_filter.h b/content/browser/renderer_host/render_message_filter.h index b7ea390..ed879dc 100644 --- a/content/browser/renderer_host/render_message_filter.h +++ b/content/browser/renderer_host/render_message_filter.h @@ -62,6 +62,7 @@ struct MediaLogEvent; } namespace net { +class KeygenHandler; class URLRequestContext; class URLRequestContextGetter; } @@ -222,11 +223,10 @@ class RenderMessageFilter : public BrowserMessageFilter { const std::vector<char>& data); void OnKeygen(uint32 key_size_index, const std::string& challenge_string, const GURL& url, IPC::Message* reply_msg); - void OnKeygenOnWorkerThread( - int key_size_in_bits, - const std::string& challenge_string, - const GURL& url, - IPC::Message* reply_msg); + void PostKeygenToWorkerThread(IPC::Message* reply_msg, + scoped_ptr<net::KeygenHandler> keygen_handler); + void OnKeygenOnWorkerThread(scoped_ptr<net::KeygenHandler> keygen_handler, + IPC::Message* reply_msg); void OnMediaLogEvents(const std::vector<media::MediaLogEvent>&); // Check the policy for getting cookies. Gets the cookies if allowed. diff --git a/content/browser/resource_context_impl.cc b/content/browser/resource_context_impl.cc index c2f2207..9561c8d 100644 --- a/content/browser/resource_context_impl.cc +++ b/content/browser/resource_context_impl.cc @@ -13,6 +13,7 @@ #include "content/browser/webui/url_data_manager_backend.h" #include "content/public/browser/browser_context.h" #include "content/public/browser/browser_thread.h" +#include "net/base/keygen_handler.h" #include "net/ssl/client_cert_store.h" using base::UserDataAdapter; @@ -63,6 +64,15 @@ scoped_ptr<net::ClientCertStore> ResourceContext::CreateClientCertStore() { return scoped_ptr<net::ClientCertStore>(); } +void ResourceContext::CreateKeygenHandler( + uint32 key_size_in_bits, + const std::string& challenge_string, + const GURL& url, + const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback) { + callback.Run(make_scoped_ptr( + new net::KeygenHandler(key_size_in_bits, challenge_string, url))); +} + ChromeBlobStorageContext* GetChromeBlobStorageContextForResourceContext( ResourceContext* resource_context) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc index f17b431..acb9fe8 100644 --- a/content/public/browser/content_browser_client.cc +++ b/content/public/browser/content_browser_client.cc @@ -298,13 +298,6 @@ const wchar_t* ContentBrowserClient::GetResourceDllName() { } #endif -#if defined(USE_NSS) -crypto::CryptoModuleBlockingPasswordDelegate* - ContentBrowserClient::GetCryptoPasswordDelegate(const GURL& url) { - return NULL; -} -#endif - bool ContentBrowserClient::IsPluginAllowedToCallRequestOSFileHandle( content::BrowserContext* browser_context, const GURL& url) { diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h index 29e7ef5..8633105 100644 --- a/content/public/browser/content_browser_client.h +++ b/content/public/browser/content_browser_client.h @@ -43,9 +43,6 @@ namespace base { class DictionaryValue; class FilePath; } -namespace crypto { -class CryptoModuleBlockingPasswordDelegate; -} namespace gfx { class ImageSkia; @@ -605,14 +602,6 @@ class CONTENT_EXPORT ContentBrowserClient { bool* success) {} #endif -#if defined(USE_NSS) - // Return a delegate to authenticate and unlock |module|. - // This is called on a worker thread. - virtual - crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate( - const GURL& url); -#endif - // Returns true if plugin referred to by the url can use // pp::FileIO::RequestOSFileHandle. virtual bool IsPluginAllowedToCallRequestOSFileHandle( diff --git a/content/public/browser/resource_context.h b/content/public/browser/resource_context.h index ba713f6..1308d76 100644 --- a/content/public/browser/resource_context.h +++ b/content/public/browser/resource_context.h @@ -5,7 +5,10 @@ #ifndef CONTENT_PUBLIC_BROWSER_RESOURCE_CONTEXT_H_ #define CONTENT_PUBLIC_BROWSER_RESOURCE_CONTEXT_H_ +#include <string> + #include "base/basictypes.h" +#include "base/callback.h" #include "base/memory/scoped_ptr.h" #include "base/supports_user_data.h" #include "build/build_config.h" @@ -20,6 +23,7 @@ class AppCacheService; namespace net { class ClientCertStore; class HostResolver; +class KeygenHandler; class URLRequestContext; } @@ -46,6 +50,14 @@ class CONTENT_EXPORT ResourceContext : public base::SupportsUserData { // Get platform ClientCertStore. May return NULL. virtual scoped_ptr<net::ClientCertStore> CreateClientCertStore(); + // Create a platform KeygenHandler and pass it to |callback|. The |callback| + // may be run synchronously. + virtual void CreateKeygenHandler( + uint32 key_size_in_bits, + const std::string& challenge_string, + const GURL& url, + const base::Callback<void(scoped_ptr<net::KeygenHandler>)>& callback); + // Returns true if microphone access is allowed for |origin|. Used to // determine what level of authorization is given to |origin| to access // resource metadata. diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp index fd80fa5..c932946 100644 --- a/crypto/crypto.gyp +++ b/crypto/crypto.gyp @@ -172,7 +172,6 @@ 'capi_util.cc', 'capi_util.h', 'crypto_export.h', - 'crypto_module_blocking_password_delegate.h', 'cssm_init.cc', 'cssm_init.h', 'curve25519.cc', @@ -204,6 +203,7 @@ 'mock_apple_keychain_mac.cc', 'p224_spake.cc', 'p224_spake.h', + 'nss_crypto_module_delegate.h', 'nss_util.cc', 'nss_util.h', 'nss_util_internal.h', diff --git a/crypto/crypto_module_blocking_password_delegate.h b/crypto/crypto_module_blocking_password_delegate.h deleted file mode 100644 index c4acf1a..0000000 --- a/crypto/crypto_module_blocking_password_delegate.h +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_ -#define CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_ - -#include <string> - -namespace crypto { - -// PK11_SetPasswordFunc is a global setting. An implementation of -// CryptoModuleBlockingPasswordDelegate should be passed as the user data -// argument (|wincx|) to relevant NSS functions, which the global password -// handler will call to do the actual work. -class CryptoModuleBlockingPasswordDelegate { - public: - virtual ~CryptoModuleBlockingPasswordDelegate() {} - - // Requests a password to unlock |slot_name|. The interface is - // synchronous because NSS cannot issue an asynchronous - // request. |retry| is true if this is a request for the retry - // and we previously returned the wrong password. - // The implementation should set |*cancelled| to true if the user cancelled - // instead of entering a password, otherwise it should return the password the - // user entered. - virtual std::string RequestPassword(const std::string& slot_name, bool retry, - bool* cancelled) = 0; -}; - -} // namespace crypto - -#endif // CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_ diff --git a/crypto/nss_crypto_module_delegate.h b/crypto/nss_crypto_module_delegate.h new file mode 100644 index 0000000..00b2b75 --- /dev/null +++ b/crypto/nss_crypto_module_delegate.h @@ -0,0 +1,53 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ +#define CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ + +#include <string> + +#include "base/callback_forward.h" +#include "crypto/scoped_nss_types.h" + +namespace crypto { + +// PK11_SetPasswordFunc is a global setting. An implementation of +// CryptoModuleBlockingPasswordDelegate should be passed using wincx() as the +// user data argument (|wincx|) to relevant NSS functions, which the global +// password handler will call to do the actual work. This delegate should only +// be used in NSS calls on worker threads due to the blocking nature. +class CryptoModuleBlockingPasswordDelegate { + public: + virtual ~CryptoModuleBlockingPasswordDelegate() {} + + // Return a value suitable for passing to the |wincx| argument of relevant NSS + // functions. This should be used instead of passing the object pointer + // directly to avoid accidentally casting a pointer to a subclass to void* and + // then casting back to a pointer of the base class + void* wincx() { return this; } + + // Requests a password to unlock |slot_name|. The interface is synchronous + // because NSS cannot issue an asynchronous request. |retry| is true if this + // is a request for the retry and we previously returned the wrong password. + // The implementation should set |*cancelled| to true if the user cancelled + // instead of entering a password, otherwise it should return the password the + // user entered. + virtual std::string RequestPassword(const std::string& slot_name, bool retry, + bool* cancelled) = 0; + +}; + +// Extends CryptoModuleBlockingPasswordDelegate with the ability to return a +// slot in which to act. (Eg, which slot to store a generated key in.) +class NSSCryptoModuleDelegate : public CryptoModuleBlockingPasswordDelegate { + public: + virtual ~NSSCryptoModuleDelegate() {} + + // Get the slot to store the generated key. + virtual ScopedPK11Slot RequestSlot() = 0; +}; + +} // namespace crypto + +#endif // CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc index 7479585..5b8c6f5 100644 --- a/crypto/nss_util.cc +++ b/crypto/nss_util.cc @@ -49,7 +49,7 @@ // certificate and key databases. #if defined(USE_NSS) #include "base/synchronization/lock.h" -#include "crypto/crypto_module_blocking_password_delegate.h" +#include "crypto/nss_crypto_module_delegate.h" #endif // defined(USE_NSS) namespace crypto { diff --git a/net/base/keygen_handler.cc b/net/base/keygen_handler.cc index 7d63f4d..88013bc 100644 --- a/net/base/keygen_handler.cc +++ b/net/base/keygen_handler.cc @@ -4,6 +4,10 @@ #include "net/base/keygen_handler.h" +#if defined(USE_NSS) +#include "crypto/nss_crypto_module_delegate.h" +#endif // defined(USE_NSS) + namespace net { // The constructor and destructor must be defined in a .cc file so that diff --git a/net/base/keygen_handler.h b/net/base/keygen_handler.h index 4895dac..8262775 100644 --- a/net/base/keygen_handler.h +++ b/net/base/keygen_handler.h @@ -7,14 +7,15 @@ #include <string> +#include "base/callback_forward.h" #include "base/memory/scoped_ptr.h" #include "build/build_config.h" #include "net/base/net_export.h" #include "url/gurl.h" -#if defined(USE_NSS) -#include "crypto/crypto_module_blocking_password_delegate.h" -#endif // defined(USE_NSS) +namespace crypto { +class NSSCryptoModuleDelegate; +} namespace net { @@ -41,12 +42,12 @@ class NET_EXPORT KeygenHandler { void set_stores_key(bool store) { stores_key_ = store;} #if defined(USE_NSS) - // Register the password delegate to be used if the token is unauthenticated. - // GenKeyAndSignChallenge runs on a worker thread, so using the blocking + // Register the delegate to be used to get the token to store the key in, and + // to get the password if the token is unauthenticated. + // GenKeyAndSignChallenge runs on a worker thread, so using a blocking // password callback is okay here. - // Takes ownership of the delegate. - void set_crypto_module_password_delegate( - crypto::CryptoModuleBlockingPasswordDelegate* delegate); + void set_crypto_module_delegate( + scoped_ptr<crypto::NSSCryptoModuleDelegate> delegate); #endif // defined(USE_NSS) private: @@ -56,8 +57,7 @@ class NET_EXPORT KeygenHandler { bool stores_key_; // should the generated key-pair be stored persistently? #if defined(USE_NSS) // The callback for requesting a password to the PKCS#11 token. - scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> - crypto_module_password_delegate_; + scoped_ptr<crypto::NSSCryptoModuleDelegate> crypto_module_delegate_; #endif // defined(USE_NSS) }; diff --git a/net/base/keygen_handler_nss.cc b/net/base/keygen_handler_nss.cc index 5e97807..ad0f0ebe 100644 --- a/net/base/keygen_handler_nss.cc +++ b/net/base/keygen_handler_nss.cc @@ -5,7 +5,7 @@ #include "net/base/keygen_handler.h" #include "base/logging.h" -#include "crypto/crypto_module_blocking_password_delegate.h" +#include "crypto/nss_crypto_module_delegate.h" #include "crypto/nss_util.h" #include "crypto/nss_util_internal.h" #include "crypto/scoped_nss_types.h" @@ -20,16 +20,22 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { // Ensure NSS is initialized. crypto::EnsureNSSInit(); - // TODO(mattm): allow choosing which slot to generate and store the key. - crypto::ScopedPK11Slot slot(crypto::GetPrivateNSSKeySlot()); + crypto::ScopedPK11Slot slot; + if (crypto_module_delegate_) + slot = crypto_module_delegate_->RequestSlot().Pass(); + else + slot.reset(crypto::GetPrivateNSSKeySlot()); if (!slot.get()) { LOG(ERROR) << "Couldn't get private key slot from NSS!"; return std::string(); } // Authenticate to the token. - if (SECSuccess != PK11_Authenticate(slot.get(), PR_TRUE, - crypto_module_password_delegate_.get())) { + if (SECSuccess != + PK11_Authenticate( + slot.get(), + PR_TRUE, + crypto_module_delegate_ ? crypto_module_delegate_->wincx() : NULL)) { LOG(ERROR) << "Couldn't authenticate to private key slot!"; return std::string(); } @@ -38,9 +44,9 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { slot.get(), stores_key_); } -void KeygenHandler::set_crypto_module_password_delegate( - crypto::CryptoModuleBlockingPasswordDelegate* delegate) { - crypto_module_password_delegate_.reset(delegate); +void KeygenHandler::set_crypto_module_delegate( + scoped_ptr<crypto::NSSCryptoModuleDelegate> delegate) { + crypto_module_delegate_ = delegate.Pass(); } } // namespace net diff --git a/net/ssl/client_cert_store_nss.cc b/net/ssl/client_cert_store_nss.cc index 6e82723..9df5612 100644 --- a/net/ssl/client_cert_store_nss.cc +++ b/net/ssl/client_cert_store_nss.cc @@ -12,7 +12,7 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/threading/worker_pool.h" -#include "crypto/crypto_module_blocking_password_delegate.h" +#include "crypto/nss_crypto_module_delegate.h" #include "net/cert/x509_util.h" namespace net { |