Ensure X509Certificate::OSCertHandles are safe to be used on both UI and IO threads on Win

net/base/x509_certificate_win.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/string_tokenizer.h"
 #include "base/string_util.h"
 #include "base/utf_string_conversions.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/scoped_capi_types.h"
 #include "net/base/asn1_util.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/ev_root_ca_metadata.h"
 #include "net/base/net_errors.h"
-#include "net/base/scoped_cert_chain_context.h"
 #include "net/base/test_root_certs.h"
 #include "net/base/x509_certificate_known_roots_win.h"
 
 #pragma comment(lib, "crypt32.lib")
 
 using base::Time;
 
 namespace net {
 
 namespace {
 
-typedef crypto::ScopedCAPIHandle<
-    HCERTSTORE,
-    crypto::CAPIDestroyerWithFlags<HCERTSTORE,
-                                   CertCloseStore, 0> > ScopedHCERTSTORE;
-
 struct FreeChainEngineFunctor {
   void operator()(HCERTCHAINENGINE engine) const {
     if (engine)
       CertFreeCertificateChainEngine(engine);
   }
 };
 
+struct FreeCertContextFunctor {
+  void operator()(PCCERT_CONTEXT context) const {
+    if (context)
+      CertFreeCertificateContext(context);
+  }
+};
+
+struct FreeCertChainContextFunctor {
+  void operator()(PCCERT_CHAIN_CONTEXT chain_context) const {
+    if (context)
+      CertFreeCertificateChain(context);
+  }
+};
+
+typedef crypto::ScopedCAPIHandle<
+    HCERTSTORE,
+    crypto::CAPIDestroyerWithFlags<HCERTSTORE,
+                                   CertCloseStore, 0> > ScopedHCERTSTORE;
+
 typedef crypto::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor>
     ScopedHCERTCHAINENGINE;
 
+typedef scoped_ptr_malloc<const CERT_CONTEXT,
+                          FreeCertContextFunctor> ScopedCertContext;
+
+typedef scoped_ptr_malloc<const CERT_CHAIN_CONTEXT,
+                          FreeCertChainContextFunctor> ScopedCertChainContext;
+

[wtc, 2011/10/04 18:00:52]

Nit: delete one blank line.

+
 //-----------------------------------------------------------------------------
 
 // TODO(wtc): This is a copy of the MapSecurityError function in
 // ssl_client_socket_win.cc.  Another function that maps Windows error codes
 // to our network error codes is WinInetUtil::OSErrorToNetError.  We should
 // eliminate the code duplication.
 int MapSecurityError(SECURITY_STATUS err) {
   // There are numerous security error codes, but these are the ones we thus
   // far find interesting.
   switch (err) {
@@ skipping 639 matching lines @@
 
 static base::LazyInstance<GlobalCertStore,
                           base::LeakyLazyInstanceTraits<GlobalCertStore> >
     g_cert_store(base::LINKER_INITIALIZED);
 
 // static
 HCERTSTORE X509Certificate::cert_store() {
   return g_cert_store.Get().cert_store();
 }
 
+X509Certificate::OSCertListHandle
+X509Certificate::CreateOSCertListHandle() const {
+  // Create an in-memory certificate store to hold |cert_handle_| and any
+  // associated intermediate certificates. The store will be referenced in the
+  // returned OSCertListHandle, and will not be freed until the
+  // OSCertListHandle is freed.
+  OSCertListHandle cert_list = NULL;
+  DWORD flags = CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG;
+  HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0,
+                                   NULL, flags, NULL);
+
+  if (store) {
+    // NOTE: This preserves all of the properties of |cert_handle_| except for
+    // CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_CONTEXT_PROP_ID - the two
+    // properties that hold access to already-opened private keys. If a handle
+    // has already been unlocked (eg: PIN prompt), then the first time that
+    // the identity is used for client auth, it may prompt the user again.
+    BOOL ok = CertAddCertificateContextToStore(store, cert_handle_,
+                                               CERT_STORE_ADD_ALWAYS,
+                                               &cert_list);
+    if (ok && cert_list) {
+      for (size_t i = 0; ok && i < intermediate_ca_certs_.size(); ++i) {
+        ok = CertAddCertificateContextToStore(store, intermediate_ca_certs_[i],
+                                              CERT_STORE_ADD_ALWAYS, NULL);
+      }
+    }
+
+    // If |cert_list| points to a valid certificate, this will not actually
+    // close and free |store| until |cert_list| is freed.
+    CertCloseStore(store, 0);
+
+    if (!ok) {
+      FreeOSCertListHandle(cert_list);
+      return NULL;
+    }
+  }
+
+  return cert_list;
+}
+
 int X509Certificate::VerifyInternal(const std::string& hostname,
                                     int flags,
                                     CertVerifyResult* verify_result) const {
   if (!cert_handle_)
     return ERR_UNEXPECTED;
 
   // Build and validate certificate chain.
   CERT_CHAIN_PARA chain_para;
   memset(&chain_para, 0, sizeof(chain_para));
   chain_para.cbSize = sizeof(chain_para);
@@ skipping 46 matching lines @@
   // corresponds to HCCE_CURRENT_USER and is is initialized as needed by
   // crypt32. However, when testing, it is necessary to create a new
   // HCERTCHAINENGINE and use that instead. This is because each
   // HCERTCHAINENGINE maintains a cache of information about certificates
   // encountered, and each test run may modify the trust status of a
   // certificate.
   ScopedHCERTCHAINENGINE chain_engine(NULL);
   if (TestRootCerts::HasInstance())
     chain_engine.reset(TestRootCerts::GetInstance()->GetChainEngine());
 
+  ScopedPCCERT_CONTEXT cert_list(CreateOSCertListHandle());

[wtc, 2011/10/04 18:00:52]

I don't see where the ScopedPCCERT_CONTEXT type is defined.
Is this a typo of ScopedCertContext?

   PCCERT_CHAIN_CONTEXT chain_context;
   // IE passes a non-NULL pTime argument that specifies the current system
   // time.  IE passes CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT as the
   // chain_flags argument.
   if (!CertGetCertificateChain(
            chain_engine,
-           cert_handle_,
+           cert_list,
            NULL,  // current system time
-           cert_handle_->hCertStore,
+           cert_list->hCertStore,
            &chain_para,
            chain_flags,
            NULL,  // reserved
            &chain_context)) {
     return MapSecurityError(GetLastError());
   }
+
   if (chain_context->TrustStatus.dwErrorStatus &
       CERT_TRUST_IS_NOT_VALID_FOR_USAGE) {
     ev_policy_oid = NULL;
     chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 0;
     chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = NULL;
     CertFreeCertificateChain(chain_context);
     if (!CertGetCertificateChain(
              chain_engine,
-             cert_handle_,
+             cert_list,
              NULL,  // current system time
-             cert_handle_->hCertStore,
+             cert_list->hCertStore,
              &chain_para,
              chain_flags,
              NULL,  // reserved
              &chain_context)) {
       return MapSecurityError(GetLastError());
     }
   }
+
   ScopedCertChainContext scoped_chain_context(chain_context);
 
   GetCertChainInfo(chain_context, verify_result);
   verify_result->cert_status |= MapCertChainErrorStatusToCertStatus(
       chain_context->TrustStatus.dwErrorStatus);
 
   // Treat certificates signed using broken signature algorithms as invalid.
   if (verify_result->has_md4)
     verify_result->cert_status |= CERT_STATUS_INVALID;
 
@@ skipping 188 matching lines @@
     OSCertHandle cert_handle) {
   return CertDuplicateCertificateContext(cert_handle);
 }
 
 // static
 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
   CertFreeCertificateContext(cert_handle);
 }
 
 // static
+void X509Certificate::FreeOSCertListHandle(OSCertListHandle cert_list) {
+  CertFreeCertificateContext(cert_list);
+}
+
+// static
 SHA1Fingerprint X509Certificate::CalculateFingerprint(
     OSCertHandle cert) {
   DCHECK(NULL != cert->pbCertEncoded);
   DCHECK_NE(static_cast<DWORD>(0), cert->cbCertEncoded);
 
   BOOL rv;
   SHA1Fingerprint sha1;
   DWORD sha1_size = sizeof(sha1.data);
   rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded,
                             cert->cbCertEncoded, sha1.data, &sha1_size);
@@ skipping 37 matching lines @@
   if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],
                                             &length)) {
     return false;
   }
 
   return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),
                            length);
 }
 
 }  // namespace net