Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(153)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/client_cert_store_impl_nss.cc

Issue 12680003: net: split net/ssl out of net/base (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/client_cert_store_impl_mac.cc ('k') | net/base/client_cert_store_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/client_cert_store_impl.h"
6
7 #include <nss.h>
8 #include <ssl.h>
9
10 #include "base/logging.h"
11 #include "net/base/x509_util.h"
12
13 namespace net {
14
15 namespace {
16
17 bool GetClientCertsImpl(CERTCertList* cert_list,
18 const SSLCertRequestInfo& request,
19 CertificateList* selected_certs) {
20 DCHECK(cert_list);
21 DCHECK(selected_certs);
22
23 selected_certs->clear();
24 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
25 !CERT_LIST_END(node, cert_list);
26 node = CERT_LIST_NEXT(node)) {
27 // Only offer unexpired certificates.
28 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) !=
29 secCertTimeValid) {
30 continue;
31 }
32
33 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
34 node->cert, X509Certificate::OSCertHandles());
35
36 // Check if the certificate issuer is allowed by the server.
37 if (!request.cert_authorities.empty() &&
38 !cert->IsIssuedByEncoded(request.cert_authorities)) {
39 continue;
40 }
41 selected_certs->push_back(cert);
42 }
43
44 std::sort(selected_certs->begin(), selected_certs->end(),
45 x509_util::ClientCertSorter());
46 return true;
47 }
48
49 } // namespace
50
51 bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
52 CertificateList* selected_certs) {
53 CERTCertList* client_certs = CERT_FindUserCertsByUsage(
54 CERT_GetDefaultCertDB(), certUsageSSLClient,
55 PR_FALSE, PR_FALSE, NULL);
56 // It is ok for a user not to have any client certs.
57 if (!client_certs)
58 return true;
59
60 bool rv = GetClientCertsImpl(client_certs, request, selected_certs);
61 CERT_DestroyCertList(client_certs);
62 return rv;
63 }
64
65 bool ClientCertStoreImpl::SelectClientCerts(const CertificateList& input_certs,
66 const SSLCertRequestInfo& request,
67 CertificateList* selected_certs) {
68 CERTCertList* cert_list = CERT_NewCertList();
69 if (!cert_list)
70 return false;
71 for (size_t i = 0; i < input_certs.size(); ++i) {
72 CERT_AddCertToListTail(
73 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle()));
74 }
75
76 bool rv = GetClientCertsImpl(cert_list, request, selected_certs);
77 CERT_DestroyCertList(cert_list);
78 return rv;
79 }
80
81 } // namespace net
OLDNEW
« no previous file with comments | « net/base/client_cert_store_impl_mac.cc ('k') | net/base/client_cert_store_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698