Chromium Code Reviews Chromium Code Reviews
Issue 7324039:
Ensure X509Certificate::OSCertHandles are safe to be used on both UI and IO threads on Win (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ | 5 #ifndef NET_BASE_X509_CERTIFICATE_H_ |
| 6 #define NET_BASE_X509_CERTIFICATE_H_ | 6 #define NET_BASE_X509_CERTIFICATE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string.h> | 9 #include <string.h> |
| 10 | 10 |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 21 #if defined(OS_WIN) | 21 #if defined(OS_WIN) |
| 22 #include <windows.h> | 22 #include <windows.h> |
| 23 #include <wincrypt.h> | 23 #include <wincrypt.h> |
| 24 #elif defined(OS_MACOSX) | 24 #elif defined(OS_MACOSX) |
| 25 #include <CoreFoundation/CFArray.h> | 25 #include <CoreFoundation/CFArray.h> |
| 26 #include <Security/SecBase.h> | 26 #include <Security/SecBase.h> |
| 27 | 27 |
| 28 #include "base/synchronization/lock.h" | 28 #include "base/synchronization/lock.h" |
| 29 #elif defined(USE_OPENSSL) | 29 #elif defined(USE_OPENSSL) |
| 30 // Forward declaration; real one in <x509.h> | 30 // Forward declaration; real one in <x509.h> |
| 31 struct x509_st; | 31 typedef struct x509_st X509; |
| 32 typedef struct x509_store_st X509_STORE; | |
| 33 #elif defined(USE_NSS) | 32 #elif defined(USE_NSS) |
| 34 // Forward declaration; real one in <cert.h> | 33 // Forward declaration; real one in <cert.h> |
| 35 struct CERTCertificateStr; | 34 struct CERTCertificateStr; |
| 36 #endif | 35 #endif |
| 37 | 36 |
| 38 class Pickle; | 37 class Pickle; |
| 39 | 38 |
| 40 namespace crypto { | 39 namespace crypto { |
| 41 class StringPiece; | 40 class StringPiece; |
| 42 class RSAPrivateKey; | 41 class RSAPrivateKey; |
| 43 } // namespace crypto | 42 } // namespace crypto |
| 44 | 43 |
| 45 namespace net { | 44 namespace net { |
| 46 | 45 |
| 47 class CertVerifyResult; | 46 class CertVerifyResult; |
| 48 | 47 |
| 49 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; | 48 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; |
| 50 | 49 |
| 51 // X509Certificate represents a X.509 certificate, which is comprised a | 50 // X509Certificate represents a X.509 certificate, which is comprised a |
| 52 // particular identity or end-entity certificate, such as an SSL server | 51 // particular identity or end-entity certificate, such as an SSL server |
| 53 // identity or an SSL client certificate, and zero or more intermediate | 52 // identity or an SSL client certificate, and zero or more intermediate |
| 54 // certificates that may be used to build a path to a root certificate. | 53 // certificates that may be used to build a path to a root certificate. |
| 55 class NET_EXPORT X509Certificate | 54 class NET_EXPORT X509Certificate |
| 56 : public base::RefCountedThreadSafe<X509Certificate> { | 55 : public base::RefCountedThreadSafe<X509Certificate> { |
| 57 public: | 56 public: |
| 58 // A handle to the certificate object in the underlying crypto library. | 57 // An OSCertHandle is a handle to a single certificate object in the |
|
wtc
2011/10/16 14:55:49
Nit: remove "single". Now that OSCertListHandle i
| |
| 59 // We assume that OSCertHandle is a pointer type on all platforms and | 58 // underlying crypto library. We assume that OSCertHandle is a pointer type |
| 60 // NULL is an invalid OSCertHandle. | 59 // on all platforms and that NULL represents an invalid OSCertHandle. |
| 61 #if defined(OS_WIN) | 60 #if defined(OS_WIN) |
| 62 typedef PCCERT_CONTEXT OSCertHandle; | 61 typedef PCCERT_CONTEXT OSCertHandle; |
| 63 #elif defined(OS_MACOSX) | 62 #elif defined(OS_MACOSX) |
| 64 typedef SecCertificateRef OSCertHandle; | 63 typedef SecCertificateRef OSCertHandle; |
| 65 #elif defined(USE_OPENSSL) | 64 #elif defined(USE_OPENSSL) |
| 66 typedef struct x509_st* OSCertHandle; | 65 typedef X509* OSCertHandle; |
| 67 #elif defined(USE_NSS) | 66 #elif defined(USE_NSS) |
| 68 typedef struct CERTCertificateStr* OSCertHandle; | 67 typedef struct CERTCertificateStr* OSCertHandle; |
| 69 #else | 68 #else |
| 70 // TODO(ericroman): not implemented | 69 // TODO(ericroman): not implemented |
| 71 typedef void* OSCertHandle; | 70 typedef void* OSCertHandle; |
| 72 #endif | 71 #endif |
| 73 | 72 |
| 74 typedef std::vector<OSCertHandle> OSCertHandles; | 73 typedef std::vector<OSCertHandle> OSCertHandles; |
| 75 | 74 |
| 76 // Predicate functor used in maps when X509Certificate is used as the key. | 75 // Predicate functor used in maps when X509Certificate is used as the key. |
| (...skipping 263 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 340 // Does not verify that the certificate is valid, only that the certificate | 339 // Does not verify that the certificate is valid, only that the certificate |
| 341 // matches this host. | 340 // matches this host. |
| 342 // Returns true if it matches. | 341 // Returns true if it matches. |
| 343 bool VerifyNameMatch(const std::string& hostname) const; | 342 bool VerifyNameMatch(const std::string& hostname) const; |
| 344 | 343 |
| 345 // This method returns the DER encoded certificate. | 344 // This method returns the DER encoded certificate. |
| 346 // If the return value is true then the DER encoded certificate is available. | 345 // If the return value is true then the DER encoded certificate is available. |
| 347 // The content of the DER encoded certificate is written to |encoded|. | 346 // The content of the DER encoded certificate is written to |encoded|. |
| 348 bool GetDEREncoded(std::string* encoded); | 347 bool GetDEREncoded(std::string* encoded); |
| 349 | 348 |
| 349 // Returns the current OSCertHandle. | |
|
wtc
2011/10/16 14:55:49
Nit: "the current OSCertHandle" is not clear. How
| |
| 350 // Note: On Windows, CryptoAPI may return unexpected results if this handle | |
| 351 // is used on multiple threads. See x509_util::CreateOSCertChainForCert() in | |
| 352 // net/base/x509_util_win.h for more details. | |
| 350 OSCertHandle os_cert_handle() const { return cert_handle_; } | 353 OSCertHandle os_cert_handle() const { return cert_handle_; } |
| 351 | 354 |
| 352 // Returns true if two OSCertHandles refer to identical certificates. | 355 // Returns true if two OSCertHandles refer to identical certificates. |
| 353 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); | 356 static bool IsSameOSCert(OSCertHandle a, OSCertHandle b); |
| 354 | 357 |
| 355 // Creates an OS certificate handle from the BER-encoded representation. | 358 // Creates an OS certificate handle from the BER-encoded representation. |
| 356 // Returns NULL on failure. | 359 // Returns NULL on failure. |
| 357 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, | 360 static OSCertHandle CreateOSCertHandleFromBytes(const char* data, |
| 358 int length); | 361 int length); |
| 359 | 362 |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 493 // (Marked mutable because it's used in a const method.) | 496 // (Marked mutable because it's used in a const method.) |
| 494 mutable base::Lock verification_lock_; | 497 mutable base::Lock verification_lock_; |
| 495 #endif | 498 #endif |
| 496 | 499 |
| 497 DISALLOW_COPY_AND_ASSIGN(X509Certificate); | 500 DISALLOW_COPY_AND_ASSIGN(X509Certificate); |
| 498 }; | 501 }; |
| 499 | 502 |
| 500 } // namespace net | 503 } // namespace net |
| 501 | 504 |
| 502 #endif // NET_BASE_X509_CERTIFICATE_H_ | 505 #endif // NET_BASE_X509_CERTIFICATE_H_ |
| OLD | NEW |
