OLD | NEW |
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
409 ecx = SEC_PKCS12CreateExportContext(NULL, NULL, NULL /*slot*/, NULL); | 409 ecx = SEC_PKCS12CreateExportContext(NULL, NULL, NULL /*slot*/, NULL); |
410 if (!ecx) { | 410 if (!ecx) { |
411 srv = SECFailure; | 411 srv = SECFailure; |
412 goto finish; | 412 goto finish; |
413 } | 413 } |
414 // add password integrity | 414 // add password integrity |
415 srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1); | 415 srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1); |
416 if (srv) goto finish; | 416 if (srv) goto finish; |
417 | 417 |
418 for (size_t i=0; i<certs.size(); i++) { | 418 for (size_t i=0; i<certs.size(); i++) { |
419 DCHECK(certs[i]); | 419 DCHECK(certs[i].get()); |
420 CERTCertificate* nssCert = certs[i]->os_cert_handle(); | 420 CERTCertificate* nssCert = certs[i]->os_cert_handle(); |
421 DCHECK(nssCert); | 421 DCHECK(nssCert); |
422 | 422 |
423 // We only allow certificate and private key extraction if the corresponding | 423 // We only allow certificate and private key extraction if the corresponding |
424 // CKA_EXTRACTABLE private key attribute is set to CK_TRUE. Most hardware | 424 // CKA_EXTRACTABLE private key attribute is set to CK_TRUE. Most hardware |
425 // tokens including smartcards enforce this behavior. An internal (soft) | 425 // tokens including smartcards enforce this behavior. An internal (soft) |
426 // token may ignore this attribute (and hence still be able to export) but | 426 // token may ignore this attribute (and hence still be able to export) but |
427 // we still refuse to attempt an export. | 427 // we still refuse to attempt an export. |
428 // In addition, some tokens may not support this attribute, in which case | 428 // In addition, some tokens may not support this attribute, in which case |
429 // we still attempt the export and let the token implementation dictate | 429 // we still attempt the export and let the token implementation dictate |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
477 finish: | 477 finish: |
478 if (srv) | 478 if (srv) |
479 LOG(ERROR) << "PKCS#12 export failed with error " << PORT_GetError(); | 479 LOG(ERROR) << "PKCS#12 export failed with error " << PORT_GetError(); |
480 if (ecx) | 480 if (ecx) |
481 SEC_PKCS12DestroyExportContext(ecx); | 481 SEC_PKCS12DestroyExportContext(ecx); |
482 SECITEM_ZfreeItem(&unicodePw, PR_FALSE); | 482 SECITEM_ZfreeItem(&unicodePw, PR_FALSE); |
483 return return_count; | 483 return return_count; |
484 } | 484 } |
485 | 485 |
486 } // namespace mozilla_security_manager | 486 } // namespace mozilla_security_manager |
OLD | NEW |