Chromium Code Reviews Chromium Code Reviews
Issue 7324039:
Ensure X509Certificate::OSCertHandles are safe to be used on both UI and IO threads on Win (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/base/x509_util_win.h" | |
| 6 | |
| 7 #include "base/memory/scoped_ptr.h" | |
| 8 #include "crypto/scoped_capi_types.h" | |
| 9 #include "net/base/x509_certificate.h" | |
| 10 | |
| 11 namespace net { | |
| 12 | |
| 13 namespace x509_util { | |
| 14 | |
| 15 namespace { | |
| 16 | |
| 17 typedef crypto::ScopedCAPIHandle< | |
| 18 HCERTSTORE, | |
| 19 crypto::CAPIDestroyerWithFlags<HCERTSTORE, | |
| 20 CertCloseStore, 0> > ScopedHCERTSTORE; | |
| 21 | |
| 22 } // namespace | |
| 23 | |
| 24 PCCERT_CONTEXT CreateOSCertChainForCert(const X509Certificate* cert) { | |
| 25 // Create an in-memory certificate store to hold |cert| and any | |
| 26 // associated intermediate certificates. The store will be referenced in the | |
| 27 // returned OSCertListHandle, and will not be freed until the | |
| 28 // OSCertListHandle is freed. | |
|
wtc
2011/10/16 14:55:49
Change the two occurrences of OSCertListHandle to
| |
| 29 ScopedHCERTSTORE store(CertOpenStore( | |
| 30 CERT_STORE_PROV_MEMORY, 0, NULL, | |
| 31 CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL)); | |
| 32 if (!store.get()) | |
| 33 return NULL; | |
| 34 | |
| 35 // NOTE: This preserves all of the properties of |cert->os_cert_handle()| | |
| 36 // except for CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_CONTEXT_PROP_ID - | |
| 37 // the two properties that hold access to already-opened private keys. If a | |
| 38 // handle has already been unlocked (eg: PIN prompt), then the first time | |
| 39 // that the identity is used for client auth, it may prompt the user again. | |
|
wtc
2011/10/16 14:55:49
Nit: the identity => the returned PCCERT_CONTEXT
| |
| 40 PCCERT_CONTEXT primary_cert; | |
| 41 BOOL ok = CertAddCertificateContextToStore( | |
| 42 store.get(), cert->os_cert_handle(), CERT_STORE_ADD_ALWAYS, | |
| 43 &primary_cert); | |
| 44 if (!ok || !primary_cert) | |
| 45 return NULL; | |
| 46 | |
| 47 const X509Certificate::OSCertHandles& intermediates = | |
| 48 cert->GetIntermediateCertificates(); | |
| 49 for (size_t i = 0; i < intermediates.size(); ++i) { | |
| 50 CertAddCertificateContextToStore(store.get(), intermediates[i], | |
| 51 CERT_STORE_ADD_ALWAYS, NULL); | |
| 52 } | |
| 53 | |
| 54 // Note: |store| is explicitly not released, as the call to CertCloseStore() | |
| 55 // when |store| goes out of scope will not actually free the store. Instead, | |
| 56 // the store will be freed when |scoped_cert| is freed. | |
|
wtc
2011/10/16 14:55:49
|scoped_cert| => |primary_cert|
| |
| 57 return primary_cert; | |
| 58 } | |
| 59 | |
| 60 } // namespace x509_util | |
| 61 | |
| 62 } // namespace net | |
| OLD | NEW |
