Index: net/base/x509_util_win.cc |
diff --git a/net/base/x509_util_win.cc b/net/base/x509_util_win.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..90b9f084895850da55151ad0c7bc50a1f9a813e8 |
--- /dev/null |
+++ b/net/base/x509_util_win.cc |
@@ -0,0 +1,62 @@ |
+// Copyright (c) 2011 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "net/base/x509_util_win.h" |
+ |
+#include "base/memory/scoped_ptr.h" |
+#include "crypto/scoped_capi_types.h" |
+#include "net/base/x509_certificate.h" |
+ |
+namespace net { |
+ |
+namespace x509_util { |
+ |
+namespace { |
+ |
+typedef crypto::ScopedCAPIHandle< |
+ HCERTSTORE, |
+ crypto::CAPIDestroyerWithFlags<HCERTSTORE, |
+ CertCloseStore, 0> > ScopedHCERTSTORE; |
+ |
+} // namespace |
+ |
+PCCERT_CONTEXT CreateOSCertChainForCert(const X509Certificate* cert) { |
+ // Create an in-memory certificate store to hold |cert| and any |
+ // associated intermediate certificates. The store will be referenced in the |
+ // returned OSCertListHandle, and will not be freed until the |
+ // OSCertListHandle is freed. |
wtc
2011/10/16 14:55:49
Change the two occurrences of OSCertListHandle to
|
+ ScopedHCERTSTORE store(CertOpenStore( |
+ CERT_STORE_PROV_MEMORY, 0, NULL, |
+ CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL)); |
+ if (!store.get()) |
+ return NULL; |
+ |
+ // NOTE: This preserves all of the properties of |cert->os_cert_handle()| |
+ // except for CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_CONTEXT_PROP_ID - |
+ // the two properties that hold access to already-opened private keys. If a |
+ // handle has already been unlocked (eg: PIN prompt), then the first time |
+ // that the identity is used for client auth, it may prompt the user again. |
wtc
2011/10/16 14:55:49
Nit: the identity => the returned PCCERT_CONTEXT
|
+ PCCERT_CONTEXT primary_cert; |
+ BOOL ok = CertAddCertificateContextToStore( |
+ store.get(), cert->os_cert_handle(), CERT_STORE_ADD_ALWAYS, |
+ &primary_cert); |
+ if (!ok || !primary_cert) |
+ return NULL; |
+ |
+ const X509Certificate::OSCertHandles& intermediates = |
+ cert->GetIntermediateCertificates(); |
+ for (size_t i = 0; i < intermediates.size(); ++i) { |
+ CertAddCertificateContextToStore(store.get(), intermediates[i], |
+ CERT_STORE_ADD_ALWAYS, NULL); |
+ } |
+ |
+ // Note: |store| is explicitly not released, as the call to CertCloseStore() |
+ // when |store| goes out of scope will not actually free the store. Instead, |
+ // the store will be freed when |scoped_cert| is freed. |
wtc
2011/10/16 14:55:49
|scoped_cert| => |primary_cert|
|
+ return primary_cert; |
+} |
+ |
+} // namespace x509_util |
+ |
+} // namespace net |