net: change ImportFromPKCS12() to take a PK11SlotInfo*

This is the first step to get rid of deprecated CryptoModule methods in
NSSCertDatabase class and then later get rid of CryptoModule
abstraction.

BUG=None
TEST=net_unittests
R=mattm@chromium.org,jochen@chromium.org,armansito@chromium.org
TBR=dbeam@chromium.org

Review-Url: https://codereview.chromium.org/2600053002
Cr-Commit-Position: refs/heads/master@{#443533}

chrome/browser/certificate_manager_model.cc

@@ -212,12 +212,12 @@ base::string16 CertificateManagerModel::GetColumnText(
   return rv;
 }
 
-int CertificateManagerModel::ImportFromPKCS12(net::CryptoModule* module,
+int CertificateManagerModel::ImportFromPKCS12(PK11SlotInfo* slot_info,
                                               const std::string& data,
                                               const base::string16& password,
                                               bool is_extractable) {
-  int result = cert_db_->ImportFromPKCS12(module, data, password,
-                                          is_extractable, NULL);
+  int result = cert_db_->ImportFromPKCS12(slot_info, data,
+                                          password, is_extractable, NULL);
   if (result == net::OK)
     Refresh();
   return result;

chrome/browser/certificate_manager_model.h

@@ -83,9 +83,9 @@ class CertificateManagerModel {
 
   // Import private keys and certificates from PKCS #12 encoded
   // |data|, using the given |password|. If |is_extractable| is false,
-  // mark the private key as unextractable from the module.
+  // mark the private key as unextractable from the slot.
   // Returns a net error code on failure.
-  int ImportFromPKCS12(net::CryptoModule* module, const std::string& data,
+  int ImportFromPKCS12(PK11SlotInfo* slot_info, const std::string& data,
                        const base::string16& password, bool is_extractable);
 
   // Import user certificate from DER encoded |data|.

chrome/browser/ssl/ssl_browser_tests.cc

@@ -1307,14 +1307,13 @@ class SSLUITestWithClientCert : public SSLUITest {
 // cert will be selected automatically, then a test which uses WebSocket runs.
 IN_PROC_BROWSER_TEST_F(SSLUITestWithClientCert, TestWSSClientCert) {
   // Import a client cert for test.
-  scoped_refptr<net::CryptoModule> crypt_module = cert_db_->GetPublicModule();
+  crypto::ScopedPK11Slot public_slot = cert_db_->GetPublicSlot();
   std::string pkcs12_data;
   base::FilePath cert_path = net::GetTestCertsDirectory().Append(
       FILE_PATH_LITERAL("websocket_client_cert.p12"));
   EXPECT_TRUE(base::ReadFileToString(cert_path, &pkcs12_data));
-  EXPECT_EQ(net::OK,
-            cert_db_->ImportFromPKCS12(
-                crypt_module.get(), pkcs12_data, base::string16(), true, NULL));
+  EXPECT_EQ(net::OK, cert_db_->ImportFromPKCS12(public_slot.get(), pkcs12_data,
+                                                base::string16(), true, NULL));
 
   // Start WebSocket test server with TLS and client cert authentication.
   net::SpawnedTestServer::SSLOptions options(

chrome/browser/ui/webui/options/certificate_manager_handler.cc

@@ -857,7 +857,7 @@ void CertificateManagerHandler::ImportPersonalSlotUnlocked() {
   // for Chrome OS when the "Import and Bind" option is chosen.
   bool is_extractable = !use_hardware_backed_;
   int result = certificate_manager_model_->ImportFromPKCS12(
-      module_.get(), file_data_, password_, is_extractable);
+      module_->os_module_handle(), file_data_, password_, is_extractable);
   ImportExportCleanup();
   web_ui()->CallJavascriptFunctionUnsafe("CertificateRestoreOverlay.dismiss");
   int string_id;

chrome/browser/ui/webui/settings/certificates_handler.cc

@@ -740,7 +740,7 @@ void CertificatesHandler::ImportPersonalSlotUnlocked() {
   // for Chrome OS when the "Import and Bind" option is chosen.
   bool is_extractable = !use_hardware_backed_;
   int result = certificate_manager_model_->ImportFromPKCS12(
-      module_.get(), file_data_, password_, is_extractable);
+      module_->os_module_handle(), file_data_, password_, is_extractable);
   ImportExportCleanup();
   int string_id;
   switch (result) {

chromeos/network/onc/onc_certificate_importer_impl.cc

@@ -286,12 +286,12 @@ bool CertificateImporterImpl::ParseClientCertificate(
   crypto::ScopedPK11Slot private_slot(nssdb->GetPrivateSlot());
   if (!private_slot)
     return false;
-  scoped_refptr<net::CryptoModule> module(
-      net::CryptoModule::CreateFromHandle(private_slot.get()));
+
   net::CertificateList imported_certs;
 
-  int import_result = nssdb->ImportFromPKCS12(
-      module.get(), decoded_pkcs12, base::string16(), false, &imported_certs);
+  int import_result =
+      nssdb->ImportFromPKCS12(private_slot.get(), decoded_pkcs12,
+                              base::string16(), false, &imported_certs);
   if (import_result != net::OK) {
     std::string error_string = net::ErrorToString(import_result);
     LOG(ERROR) << "Unable to import client certificate, error: "

net/cert/nss_cert_database.cc

@@ -176,15 +176,15 @@ void NSSCertDatabase::ListModules(CryptoModuleList* modules,
   }
 }
 
-int NSSCertDatabase::ImportFromPKCS12(CryptoModule* module,
+int NSSCertDatabase::ImportFromPKCS12(PK11SlotInfo* slot_info,
                                       const std::string& data,
                                       const base::string16& password,
                                       bool is_extractable,
                                       CertificateList* imported_certs) {
   DVLOG(1) << __func__ << " "
-           << PK11_GetModuleID(module->os_module_handle()) << ":"
-           << PK11_GetSlotID(module->os_module_handle());
-  int result = psm::nsPKCS12Blob_Import(module->os_module_handle(),
+           << PK11_GetModuleID(slot_info) << ":"
+           << PK11_GetSlotID(slot_info);
+  int result = psm::nsPKCS12Blob_Import(slot_info,
                                         data.data(), data.size(),
                                         password,
                                         is_extractable,

net/cert/nss_cert_database.h

@@ -168,7 +168,7 @@ class NET_EXPORT NSSCertDatabase {
   // Returns OK or a network error code such as ERR_PKCS12_IMPORT_BAD_PASSWORD
   // or ERR_PKCS12_IMPORT_ERROR. |imported_certs|, if non-NULL, returns a list
   // of certs that were imported.
-  int ImportFromPKCS12(CryptoModule* module,
+  int ImportFromPKCS12(PK11SlotInfo* slot_info,
                        const std::string& data,
                        const base::string16& password,
                        bool is_extractable,

net/cert/nss_cert_database_unittest.cc

@@ -68,7 +68,7 @@ class CertDatabaseNSSTest : public testing::Test {
             PK11_ReferenceSlot(test_nssdb_.slot())) /* public slot */,
         crypto::ScopedPK11Slot(
             PK11_ReferenceSlot(test_nssdb_.slot())) /* private slot */));
-    public_module_ = cert_db_->GetPublicModule();
+    public_slot_ = cert_db_->GetPublicSlot();
 
     // Test db should be empty at start of test.
     EXPECT_EQ(0U, ListCerts().size());
@@ -82,7 +82,7 @@ class CertDatabaseNSSTest : public testing::Test {
   }
 
  protected:
-  CryptoModule* GetPublicModule() { return public_module_.get(); }
+  PK11SlotInfo* GetPublicSlot() { return public_slot_.get(); }
 
   static std::string ReadTestFile(const std::string& name) {
     std::string result;
@@ -128,7 +128,7 @@ class CertDatabaseNSSTest : public testing::Test {
   std::unique_ptr<NSSCertDatabase> cert_db_;
   const CertificateList empty_cert_list_;
   crypto::ScopedTestNSSDB test_nssdb_;
-  scoped_refptr<CryptoModule> public_module_;
+  crypto::ScopedPK11Slot public_slot_;
 };
 
 TEST_F(CertDatabaseNSSTest, ListCertsSync) {
@@ -160,7 +160,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) {
   std::string pkcs12_data = ReadTestFile("client.p12");
 
   EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD,
-            cert_db_->ImportFromPKCS12(GetPublicModule(),
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
                                        pkcs12_data,
                                        base::string16(),
                                        true,  // is_extractable
@@ -174,7 +174,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) {
   std::string pkcs12_data = ReadTestFile("client.p12");
 
   EXPECT_EQ(OK,
-            cert_db_->ImportFromPKCS12(GetPublicModule(),
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
                                        pkcs12_data,
                                        ASCIIToUTF16("12345"),
                                        true,  // is_extractable
@@ -199,7 +199,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) {
   std::string pkcs12_data = ReadTestFile("client.p12");
 
   EXPECT_EQ(OK,
-            cert_db_->ImportFromPKCS12(GetPublicModule(),
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
                                        pkcs12_data,
                                        ASCIIToUTF16("12345"),
                                        true,  // is_extractable
@@ -209,7 +209,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) {
   // NSS has a SEC_ERROR_PKCS12_DUPLICATE_DATA error, but it doesn't look like
   // it's ever used.  This test verifies that.
   EXPECT_EQ(OK,
-            cert_db_->ImportFromPKCS12(GetPublicModule(),
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
                                        pkcs12_data,
                                        ASCIIToUTF16("12345"),
                                        true,  // is_extractable
@@ -221,7 +221,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) {
   std::string pkcs12_data = ReadTestFile("client.p12");
 
   EXPECT_EQ(OK,
-            cert_db_->ImportFromPKCS12(GetPublicModule(),
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
                                        pkcs12_data,
                                        ASCIIToUTF16("12345"),
                                        false,  // is_extractable
@@ -244,7 +244,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) {
 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) {
   std::string pkcs12_data = ReadTestFile("client.p12");
   EXPECT_EQ(OK,
-            cert_db_->ImportFromPKCS12(GetPublicModule(),
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
                                        pkcs12_data,
                                        ASCIIToUTF16("12345"),
                                        true,  // is_extractable
@@ -256,7 +256,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) {
   // Now import a PKCS#12 file with just a certificate but no private key.
   pkcs12_data = ReadTestFile("client-nokey.p12");
   EXPECT_EQ(OK,
-            cert_db_->ImportFromPKCS12(GetPublicModule(),
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
                                        pkcs12_data,
                                        ASCIIToUTF16("12345"),
                                        false,  // is_extractable
@@ -276,7 +276,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) {
   std::string pkcs12_data = "Foobarbaz";
 
   EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE,
-            cert_db_->ImportFromPKCS12(GetPublicModule(),
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
                                        pkcs12_data,
                                        base::string16(),
                                        true,  // is_extractable
@@ -289,20 +289,24 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) {
 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12EmptyPassword) {
   std::string pkcs12_data = ReadTestFile("client-empty-password.p12");
 
-  EXPECT_EQ(OK, cert_db_->ImportFromPKCS12(GetPublicModule(), pkcs12_data,
-                                           base::string16(),
-                                           true,  // is_extractable
-                                           NULL));
+  EXPECT_EQ(OK,
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
+                                       pkcs12_data,
+                                       base::string16(),
+                                       true,  // is_extractable
+                                       NULL));
   EXPECT_EQ(1U, ListCerts().size());
 }
 
 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12NullPassword) {
   std::string pkcs12_data = ReadTestFile("client-null-password.p12");
 
-  EXPECT_EQ(OK, cert_db_->ImportFromPKCS12(GetPublicModule(), pkcs12_data,
-                                           base::string16(),
-                                           true,  // is_extractable
-                                           NULL));
+  EXPECT_EQ(OK,
+            cert_db_->ImportFromPKCS12(GetPublicSlot(),
+                                       pkcs12_data,
+                                       base::string16(),
+                                       true,  // is_extractable
+                                       NULL));
   EXPECT_EQ(1U, ListCerts().size());
 }