Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(193)

Unified Diff: net/ssl/client_cert_store_nss.cc

Issue 112533002: Add ClientCertStoreChromeOS which only returns the certs for a given user. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: . Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/ssl/client_cert_store_chromeos.cc ('K') | « net/ssl/client_cert_store_nss.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/client_cert_store_nss.cc
diff --git a/net/ssl/client_cert_store_nss.cc b/net/ssl/client_cert_store_nss.cc
index c9e7dbd057dd823b425293c546d50ce2196c3900..f69f895754f9d49a5a35a640c7e82bc347bbcb54 100644
--- a/net/ssl/client_cert_store_nss.cc
+++ b/net/ssl/client_cert_store_nss.cc
@@ -17,17 +17,38 @@
namespace net {
-namespace {
-
-// Examines the certificates in |cert_list| to find all certificates that match
-// the client certificate request in |request|, storing the matching
-// certificates in |selected_certs|.
-// If |query_nssdb| is true, NSS will be queried to construct full certificate
-// chains. If it is false, only the certificate will be considered.
-void GetClientCertsImpl(CERTCertList* cert_list,
- const SSLCertRequestInfo& request,
- bool query_nssdb,
- CertificateList* selected_certs) {
+ClientCertStoreNSS::ClientCertStoreNSS(
+ const PasswordDelegateFactory& password_delegate_factory)
+ : password_delegate_factory_(password_delegate_factory) {}
+
+ClientCertStoreNSS::~ClientCertStoreNSS() {}
+
+void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request,
+ CertificateList* selected_certs,
+ const base::Closure& callback) {
+ scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate;
+ if (!password_delegate_factory_.is_null()) {
+ password_delegate.reset(
+ password_delegate_factory_.Run(request.host_and_port));
+ }
+ if (!base::WorkerPool::PostTaskAndReply(
+ FROM_HERE,
+ base::Bind(&ClientCertStoreNSS::GetClientCertsOnWorkerThread,
+ base::Unretained(this),
Ryan Sleevi 2013/12/11 06:52:50 Why is this Unretained safe?
mattm 2013/12/12 00:45:22 added comment.
+ base::Passed(&password_delegate),
+ &request,
+ selected_certs),
+ callback,
+ true)) {
+ selected_certs->clear();
+ callback.Run();
Ryan Sleevi 2013/12/11 06:52:50 Let's write this differently, so that we don't run
mattm 2013/12/12 00:45:22 Done.
+ }
+}
+
+void ClientCertStoreNSS::GetClientCertsImpl(CERTCertList* cert_list,
+ const SSLCertRequestInfo& request,
+ bool query_nssdb,
+ CertificateList* selected_certs) {
DCHECK(cert_list);
DCHECK(selected_certs);
@@ -53,12 +74,16 @@ void GetClientCertsImpl(CERTCertList* cert_list,
if (!ca_names_items.empty())
ca_names.names = &ca_names_items[0];
+ size_t num_raw = 0;
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
!CERT_LIST_END(node, cert_list);
node = CERT_LIST_NEXT(node)) {
+ ++num_raw;
// Only offer unexpired certificates.
if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) !=
secCertTimeValid) {
+ DVLOG(2) << "skipped expired cert: "
+ << (node->cert->nickname ? node->cert->nickname : "");
Ryan Sleevi 2013/12/11 06:52:50 rewrite these all as base::StringPiece(node->cert-
mattm 2013/12/12 00:45:22 Done.
continue;
}
@@ -71,15 +96,22 @@ void GetClientCertsImpl(CERTCertList* cert_list,
cert->IsIssuedByEncoded(request.cert_authorities)) ||
(query_nssdb &&
NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) {
+ DVLOG(2) << "matched cert: "
+ << (node->cert->nickname ? node->cert->nickname : "");
selected_certs->push_back(cert);
}
+ else
+ DVLOG(2) << "skipped non-matching cert: "
+ << (node->cert->nickname ? node->cert->nickname : "");
}
+ DVLOG(2) << "num_raw:" << num_raw
+ << " num_selected:" << selected_certs->size();
std::sort(selected_certs->begin(), selected_certs->end(),
x509_util::ClientCertSorter());
}
-void GetClientCertsOnWorkerThread(
+void ClientCertStoreNSS::GetClientCertsOnWorkerThread(
scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate,
const SSLCertRequestInfo* request,
CertificateList* selected_certs) {
@@ -91,6 +123,7 @@ void GetClientCertsOnWorkerThread(
password_delegate.get());
// It is ok for a user not to have any client certs.
if (!client_certs) {
+ DVLOG(2) << "No client certs found.";
selected_certs->clear();
return;
}
@@ -99,35 +132,6 @@ void GetClientCertsOnWorkerThread(
CERT_DestroyCertList(client_certs);
}
-} // namespace
-
-ClientCertStoreNSS::ClientCertStoreNSS(
- const PasswordDelegateFactory& password_delegate_factory)
- : password_delegate_factory_(password_delegate_factory) {}
-
-ClientCertStoreNSS::~ClientCertStoreNSS() {}
-
-void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request,
- CertificateList* selected_certs,
- const base::Closure& callback) {
- scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate;
- if (!password_delegate_factory_.is_null()) {
- password_delegate.reset(
- password_delegate_factory_.Run(request.host_and_port));
- }
- if (!base::WorkerPool::PostTaskAndReply(
- FROM_HERE,
- base::Bind(&GetClientCertsOnWorkerThread,
- base::Passed(&password_delegate),
- &request,
- selected_certs),
- callback,
- true)) {
- selected_certs->clear();
- callback.Run();
- }
-}
-
bool ClientCertStoreNSS::SelectClientCertsForTesting(
const CertificateList& input_certs,
const SSLCertRequestInfo& request,
« net/ssl/client_cert_store_chromeos.cc ('K') | « net/ssl/client_cert_store_nss.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698