Chromium Code Reviews Chromium Code Reviews
Issue 112533002:
Add ClientCertStoreChromeOS which only returns the certs for a given user. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/ssl/client_cert_store_nss.cc |
| diff --git a/net/ssl/client_cert_store_nss.cc b/net/ssl/client_cert_store_nss.cc |
| index c9e7dbd057dd823b425293c546d50ce2196c3900..f69f895754f9d49a5a35a640c7e82bc347bbcb54 100644 |
| --- a/net/ssl/client_cert_store_nss.cc |
| +++ b/net/ssl/client_cert_store_nss.cc |
| @@ -17,17 +17,38 @@ |
| namespace net { |
| -namespace { |
| - |
| -// Examines the certificates in |cert_list| to find all certificates that match |
| -// the client certificate request in |request|, storing the matching |
| -// certificates in |selected_certs|. |
| -// If |query_nssdb| is true, NSS will be queried to construct full certificate |
| -// chains. If it is false, only the certificate will be considered. |
| -void GetClientCertsImpl(CERTCertList* cert_list, |
| - const SSLCertRequestInfo& request, |
| - bool query_nssdb, |
| - CertificateList* selected_certs) { |
| +ClientCertStoreNSS::ClientCertStoreNSS( |
| + const PasswordDelegateFactory& password_delegate_factory) |
| + : password_delegate_factory_(password_delegate_factory) {} |
| + |
| +ClientCertStoreNSS::~ClientCertStoreNSS() {} |
| + |
| +void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request, |
| + CertificateList* selected_certs, |
| + const base::Closure& callback) { |
| + scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
| + if (!password_delegate_factory_.is_null()) { |
| + password_delegate.reset( |
| + password_delegate_factory_.Run(request.host_and_port)); |
| + } |
| + if (!base::WorkerPool::PostTaskAndReply( |
| + FROM_HERE, |
| + base::Bind(&ClientCertStoreNSS::GetClientCertsOnWorkerThread, |
| + base::Unretained(this), |
|
Ryan Sleevi
2013/12/11 06:52:50
Why is this Unretained safe?
mattm
2013/12/12 00:45:22
added comment.
|
| + base::Passed(&password_delegate), |
| + &request, |
| + selected_certs), |
| + callback, |
| + true)) { |
| + selected_certs->clear(); |
| + callback.Run(); |
|
Ryan Sleevi
2013/12/11 06:52:50
Let's write this differently, so that we don't run
mattm
2013/12/12 00:45:22
Done.
|
| + } |
| +} |
| + |
| +void ClientCertStoreNSS::GetClientCertsImpl(CERTCertList* cert_list, |
| + const SSLCertRequestInfo& request, |
| + bool query_nssdb, |
| + CertificateList* selected_certs) { |
| DCHECK(cert_list); |
| DCHECK(selected_certs); |
| @@ -53,12 +74,16 @@ void GetClientCertsImpl(CERTCertList* cert_list, |
| if (!ca_names_items.empty()) |
| ca_names.names = &ca_names_items[0]; |
| + size_t num_raw = 0; |
| for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
| !CERT_LIST_END(node, cert_list); |
| node = CERT_LIST_NEXT(node)) { |
| + ++num_raw; |
| // Only offer unexpired certificates. |
| if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != |
| secCertTimeValid) { |
| + DVLOG(2) << "skipped expired cert: " |
| + << (node->cert->nickname ? node->cert->nickname : ""); |
|
Ryan Sleevi
2013/12/11 06:52:50
rewrite these all as base::StringPiece(node->cert-
mattm
2013/12/12 00:45:22
Done.
|
| continue; |
| } |
| @@ -71,15 +96,22 @@ void GetClientCertsImpl(CERTCertList* cert_list, |
| cert->IsIssuedByEncoded(request.cert_authorities)) || |
| (query_nssdb && |
| NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { |
| + DVLOG(2) << "matched cert: " |
| + << (node->cert->nickname ? node->cert->nickname : ""); |
| selected_certs->push_back(cert); |
| } |
| + else |
| + DVLOG(2) << "skipped non-matching cert: " |
| + << (node->cert->nickname ? node->cert->nickname : ""); |
| } |
| + DVLOG(2) << "num_raw:" << num_raw |
| + << " num_selected:" << selected_certs->size(); |
| std::sort(selected_certs->begin(), selected_certs->end(), |
| x509_util::ClientCertSorter()); |
| } |
| -void GetClientCertsOnWorkerThread( |
| +void ClientCertStoreNSS::GetClientCertsOnWorkerThread( |
| scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, |
| const SSLCertRequestInfo* request, |
| CertificateList* selected_certs) { |
| @@ -91,6 +123,7 @@ void GetClientCertsOnWorkerThread( |
| password_delegate.get()); |
| // It is ok for a user not to have any client certs. |
| if (!client_certs) { |
| + DVLOG(2) << "No client certs found."; |
| selected_certs->clear(); |
| return; |
| } |
| @@ -99,35 +132,6 @@ void GetClientCertsOnWorkerThread( |
| CERT_DestroyCertList(client_certs); |
| } |
| -} // namespace |
| - |
| -ClientCertStoreNSS::ClientCertStoreNSS( |
| - const PasswordDelegateFactory& password_delegate_factory) |
| - : password_delegate_factory_(password_delegate_factory) {} |
| - |
| -ClientCertStoreNSS::~ClientCertStoreNSS() {} |
| - |
| -void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request, |
| - CertificateList* selected_certs, |
| - const base::Closure& callback) { |
| - scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
| - if (!password_delegate_factory_.is_null()) { |
| - password_delegate.reset( |
| - password_delegate_factory_.Run(request.host_and_port)); |
| - } |
| - if (!base::WorkerPool::PostTaskAndReply( |
| - FROM_HERE, |
| - base::Bind(&GetClientCertsOnWorkerThread, |
| - base::Passed(&password_delegate), |
| - &request, |
| - selected_certs), |
| - callback, |
| - true)) { |
| - selected_certs->clear(); |
| - callback.Run(); |
| - } |
| -} |
| - |
| bool ClientCertStoreNSS::SelectClientCertsForTesting( |
| const CertificateList& input_certs, |
| const SSLCertRequestInfo& request, |
