chromium/src
0
Fork 0
Code Activity

scoped_nss_types.h: Add ScopedCERTCertList type, and use it.

Browse Source 
Change-Id: I750ea0dfca55eb146042576cdf2cf18bd3509db8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4285677
Commit-Queue: Toni Barzic <tbarzic@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Toni Barzic <tbarzic@chromium.org>
Auto-Submit: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1108757}
This commit is contained in:
Matt Mueller
2023-02-23 03:16:09 +00:00
committed by Chromium LUCI CQ
parent 9d923a9864
commit f7f65275e0
9 changed files with 21 additions and 22 deletions

4
chromeos/ash/components/network/onc/onc_certificate_importer_impl_unittest.cc

@ -19,6 +19,7 @@
#include "chromeos/components/onc/onc_parsed_certificates.h"
#include "chromeos/components/onc/onc_test_utils.h"
#include "components/onc/onc_constants.h"
#include "crypto/scoped_nss_types.h"
#include "crypto/scoped_test_nss_db.h"
#include "net/base/hash_value.h"
#include "net/cert/cert_type.h"
@ -164,7 +165,7 @@ class ONCCertificateImporterImplTest : public testing::Test {
net::ScopedCERTCertificateList ListCertsInSlot(PK11SlotInfo* slot) {
net::ScopedCERTCertificateList result;
CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
crypto::ScopedCERTCertList cert_list(PK11_ListCertsInSlot(slot));
if (!cert_list)
return result;
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
@ -172,7 +173,6 @@ class ONCCertificateImporterImplTest : public testing::Test {
node = CERT_LIST_NEXT(node)) {
result.push_back(net::x509_util::DupCERTCertificate(node->cert));
}
CERT_DestroyCertList(cert_list);
std::sort(result.begin(), result.end(),
[](const net::ScopedCERTCertificate& lhs,

4
crypto/scoped_nss_types.h

@ -5,6 +5,7 @@
#ifndef CRYPTO_SCOPED_NSS_TYPES_H_
#define CRYPTO_SCOPED_NSS_TYPES_H_
#include <cert.h>
#include <certt.h>
#include <keyhi.h>
#include <nss.h>
@ -62,6 +63,9 @@ typedef std::unique_ptr<
CERTSubjectPublicKeyInfo,
NSSDestroyer<CERTSubjectPublicKeyInfo, SECKEY_DestroySubjectPublicKeyInfo>>
ScopedCERTSubjectPublicKeyInfo;
typedef std::unique_ptr<CERTCertList,
NSSDestroyer<CERTCertList, CERT_DestroyCertList>>
ScopedCERTCertList;
} // namespace crypto

3
crypto/scoped_test_nss_db.cc

@ -51,7 +51,7 @@ void ScopedTestNSSDB::RemoveTrustFromAllCerts() {
if (!slot_)
return;
CERTCertList* cert_list = PK11_ListCertsInSlot(slot_.get());
ScopedCERTCertList cert_list(PK11_ListCertsInSlot(slot_.get()));
if (!cert_list)
return;
@ -63,7 +63,6 @@ void ScopedTestNSSDB::RemoveTrustFromAllCerts() {
LOG(ERROR) << "CERT_ChangeCertTrust failed: " << PORT_GetError();
}
}
CERT_DestroyCertList(cert_list);
}
} // namespace crypto

5
net/cert/internal/trust_store_nss.cc

@ -43,9 +43,9 @@ void TrustStoreNSS::SyncGetIssuersOf(const ParsedCertificate* cert,
// |validOnly| in CERT_CreateSubjectCertList controls whether to return only
// certs that are valid at |sorttime|. Expiration isn't meaningful for trust
// anchors, so request all the matches.
CERTCertList* found_certs = CERT_CreateSubjectCertList(
crypto::ScopedCERTCertList found_certs(CERT_CreateSubjectCertList(
nullptr /* certList */, CERT_GetDefaultCertDB(), &name,
PR_Now() /* sorttime */, PR_FALSE /* validOnly */);
PR_Now() /* sorttime */, PR_FALSE /* validOnly */));
if (!found_certs)
return;
@ -67,7 +67,6 @@ void TrustStoreNSS::SyncGetIssuersOf(const ParsedCertificate* cert,
issuers->push_back(std::move(cur_cert));
}
CERT_DestroyCertList(found_certs);
}
CertificateTrust TrustStoreNSS::GetTrust(const ParsedCertificate* cert,

7
net/cert/internal/trust_store_nss_unittest.cc

@ -36,7 +36,7 @@ namespace {
bool IsBuiltInRootSlot(PK11SlotInfo* slot) {
if (!PK11_IsPresent(slot) || !PK11_HasRootCerts(slot))
return false;
CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
crypto::ScopedCERTCertList cert_list(PK11_ListCertsInSlot(slot));
if (!cert_list)
return false;
bool built_in_cert_found = false;
@ -47,7 +47,6 @@ bool IsBuiltInRootSlot(PK11SlotInfo* slot) {
break;
}
}
CERT_DestroyCertList(cert_list);
return built_in_cert_found;
}
@ -76,7 +75,8 @@ std::shared_ptr<const ParsedCertificate> GetASSLTrustedBuiltinRoot() {
scoped_refptr<X509Certificate> ssl_trusted_root;
CERTCertList* cert_list = PK11_ListCertsInSlot(root_certs_slot.get());
crypto::ScopedCERTCertList cert_list(
PK11_ListCertsInSlot(root_certs_slot.get()));
if (!cert_list)
return nullptr;
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
@ -91,7 +91,6 @@ std::shared_ptr<const ParsedCertificate> GetASSLTrustedBuiltinRoot() {
break;
}
}
CERT_DestroyCertList(cert_list);
if (!ssl_trusted_root)
return nullptr;

7
net/cert/nss_cert_database.cc

@ -503,11 +503,11 @@ NSSCertDatabase::CertInfoList NSSCertDatabase::ListCertsInfoImpl(
base::BlockingType::MAY_BLOCK);
CertInfoList certs_info;
CERTCertList* cert_list = nullptr;
crypto::ScopedCERTCertList cert_list = nullptr;
if (slot)
cert_list = PK11_ListCertsInSlot(slot.get());
cert_list.reset(PK11_ListCertsInSlot(slot.get()));
else
cert_list = PK11_ListCerts(PK11CertListUnique, nullptr);
cert_list.reset(PK11_ListCerts(PK11CertListUnique, nullptr));
// PK11_ListCerts[InSlot] can return nullptr, e.g. because the PKCS#11 token
// that was backing the specified slot is not available anymore.
// Treat it as no certificates being present on the slot.
@ -532,7 +532,6 @@ NSSCertDatabase::CertInfoList NSSCertDatabase::ListCertsInfoImpl(
certs_info.push_back(std::move(cert_info));
}
CERT_DestroyCertList(cert_list);
return certs_info;
}

4
net/cert/nss_cert_database_unittest.cc

@ -116,7 +116,8 @@ class CertDatabaseNSSTest : public TestWithTaskEnvironment {
ScopedCERTCertificateList ListCerts() {
ScopedCERTCertificateList result;
CERTCertList* cert_list = PK11_ListCertsInSlot(test_nssdb_.slot());
crypto::ScopedCERTCertList cert_list(
PK11_ListCertsInSlot(test_nssdb_.slot()));
if (!cert_list)
return result;
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
@ -124,7 +125,6 @@ class CertDatabaseNSSTest : public TestWithTaskEnvironment {
node = CERT_LIST_NEXT(node)) {
result.push_back(x509_util::DupCERTCertificate(node->cert));
}
CERT_DestroyCertList(cert_list);
// Sort the result so that test comparisons can be deterministic.
std::sort(

3
net/cert/nss_profile_filter_chromeos_unittest.cc

@ -43,7 +43,7 @@ crypto::ScopedPK11Slot GetRootCertsSlot() {
ScopedCERTCertificateList ListCertsInSlot(PK11SlotInfo* slot) {
ScopedCERTCertificateList result;
CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
crypto::ScopedCERTCertList cert_list(PK11_ListCertsInSlot(slot));
if (!cert_list)
return result;
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
@ -51,7 +51,6 @@ ScopedCERTCertificateList ListCertsInSlot(PK11SlotInfo* slot) {
node = CERT_LIST_NEXT(node)) {
result.push_back(x509_util::DupCERTCertificate(node->cert));
}
CERT_DestroyCertList(cert_list);
// Sort the result so that test comparisons can be deterministic.
std::sort(

6
net/ssl/client_cert_store_nss.cc

@ -21,6 +21,7 @@
#include "base/threading/scoped_blocking_call.h"
#include "crypto/nss_crypto_module_delegate.h"
#include "crypto/nss_util.h"
#include "crypto/scoped_nss_types.h"
#include "net/cert/scoped_nss_types.h"
#include "net/cert/x509_util_nss.h"
#include "net/ssl/ssl_cert_request_info.h"
@ -168,9 +169,9 @@ void ClientCertStoreNSS::GetPlatformCertsOnWorkerThread(
ClientCertIdentityList* identities) {
crypto::EnsureNSSInit();
CERTCertList* found_certs = CERT_FindUserCertsByUsage(
crypto::ScopedCERTCertList found_certs(CERT_FindUserCertsByUsage(
CERT_GetDefaultCertDB(), certUsageSSLClient, PR_FALSE, PR_FALSE,
password_delegate ? password_delegate->wincx() : nullptr);
password_delegate ? password_delegate->wincx() : nullptr));
if (!found_certs) {
DVLOG(2) << "No client certs found.";
return;
@ -193,7 +194,6 @@ void ClientCertStoreNSS::GetPlatformCertsOnWorkerThread(
identities->push_back(std::make_unique<ClientCertIdentityNSS>(
cert, x509_util::DupCERTCertificate(node->cert), password_delegate));
}
CERT_DestroyCertList(found_certs);
}
} // namespace net