Chromium Code Reviews Chromium Code Reviews
Issue 1274143002:
ClientCertStoreChromeOS: support additional non-platform certs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/bind_helpers.h" | 11 #include "base/bind_helpers.h" |
| 12 #include "base/callback.h" | 12 #include "base/callback.h" |
| 13 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | |
| 13 | 14 |
| 14 namespace chromeos { | 15 namespace chromeos { |
| 15 | 16 |
| 16 namespace { | 17 namespace { |
| 17 | 18 |
| 18 class CertNotAllowedPredicate { | 19 class CertNotAllowedPredicate { |
| 19 public: | 20 public: |
| 20 explicit CertNotAllowedPredicate( | 21 explicit CertNotAllowedPredicate( |
| 21 const ClientCertStoreChromeOS::CertFilter& filter) | 22 const ClientCertStoreChromeOS::CertFilter& filter) |
| 22 : filter_(filter) {} | 23 : filter_(filter) {} |
| 23 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const { | 24 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const { |
| 24 return !filter_.IsCertAllowed(cert); | 25 return !filter_.IsCertAllowed(cert); |
| 25 } | 26 } |
| 26 | 27 |
| 27 private: | 28 private: |
| 28 const ClientCertStoreChromeOS::CertFilter& filter_; | 29 const ClientCertStoreChromeOS::CertFilter& filter_; |
| 29 }; | 30 }; |
| 30 | 31 |
| 31 } // namespace | 32 } // namespace |
| 32 | 33 |
| 33 ClientCertStoreChromeOS::ClientCertStoreChromeOS( | 34 ClientCertStoreChromeOS::ClientCertStoreChromeOS( |
| 35 scoped_ptr<CertificateProvider> cert_provider, | |
| 34 scoped_ptr<CertFilter> cert_filter, | 36 scoped_ptr<CertFilter> cert_filter, |
| 35 const PasswordDelegateFactory& password_delegate_factory) | 37 const PasswordDelegateFactory& password_delegate_factory) |
| 36 : ClientCertStoreNSS(password_delegate_factory), | 38 : ClientCertStoreNSS(password_delegate_factory), |
| 39 cert_provider_(cert_provider.Pass()), | |
| 37 cert_filter_(cert_filter.Pass()) {} | 40 cert_filter_(cert_filter.Pass()) {} |
| 38 | 41 |
| 39 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} | 42 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} |
| 40 | 43 |
| 41 void ClientCertStoreChromeOS::GetClientCerts( | 44 void ClientCertStoreChromeOS::GetClientCerts( |
| 42 const net::SSLCertRequestInfo& cert_request_info, | 45 const net::SSLCertRequestInfo& cert_request_info, |
| 43 net::CertificateList* selected_certs, | 46 net::CertificateList* selected_certs, |
| 44 const base::Closure& callback) { | 47 const base::Closure& callback) { |
| 45 base::Closure bound_callback = base::Bind( | 48 // Caller is responsible for keeping the ClientCertStore alive until the |
| 46 &ClientCertStoreChromeOS::CertFilterInitialized, | 49 // callback is run. |
| 47 // Caller is responsible for keeping the ClientCertStore alive | 50 base::Closure get_certs_after_init = base::Bind( |
| 48 // until the callback is run. | 51 &ClientCertStoreChromeOS::GetClientCertsAfterInit, base::Unretained(this), |
| 49 base::Unretained(this), &cert_request_info, selected_certs, callback); | 52 &cert_request_info, selected_certs, callback); |
| 50 | 53 |
| 51 if (cert_filter_->Init(bound_callback)) | 54 base::Closure get_additional_certs_and_continue; |
| 52 bound_callback.Run(); | 55 if (cert_provider_) { |
| 56 get_additional_certs_and_continue = | |
| 57 base::Bind(&CertificateProvider::GetCertificates, | |
| 58 base::Unretained(cert_provider_.get()), | |
| 59 base::Bind(&ClientCertStoreChromeOS::SetAdditionalCerts, | |
| 60 base::Unretained(this), get_certs_after_init)); | |
| 61 } else { | |
| 62 get_additional_certs_and_continue = get_certs_after_init; | |
| 63 } | |
| 64 | |
| 65 if (cert_filter_->Init(get_additional_certs_and_continue)) | |
| 66 get_additional_certs_and_continue.Run(); | |
| 53 } | 67 } |
| 54 | 68 |
| 55 void ClientCertStoreChromeOS::GetClientCertsImpl( | 69 void ClientCertStoreChromeOS::GetClientCertsImpl( |
| 56 CERTCertList* cert_list, | 70 CERTCertList* cert_list, |
| 57 const net::SSLCertRequestInfo& request, | 71 const net::SSLCertRequestInfo& request, |
| 58 bool query_nssdb, | 72 bool query_nssdb, |
| 59 net::CertificateList* selected_certs) { | 73 net::CertificateList* selected_certs) { |
| 60 net::ClientCertStoreNSS::GetClientCertsImpl(cert_list, request, query_nssdb, | 74 net::ClientCertStoreNSS::GetClientCertsImpl(cert_list, request, query_nssdb, |
| 61 selected_certs); | 75 selected_certs); |
| 62 | 76 |
| 63 size_t pre_size = selected_certs->size(); | 77 size_t pre_size = selected_certs->size(); |
| 64 selected_certs->erase( | 78 selected_certs->erase( |
| 65 std::remove_if(selected_certs->begin(), selected_certs->end(), | 79 std::remove_if(selected_certs->begin(), selected_certs->end(), |
| 66 CertNotAllowedPredicate(*cert_filter_)), | 80 CertNotAllowedPredicate(*cert_filter_)), |
| 67 selected_certs->end()); | 81 selected_certs->end()); |
| 68 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of " | 82 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of " |
| 69 << pre_size << " certs"; | 83 << pre_size << " certs"; |
| 84 | |
| 85 // Additionally to the matching certs from the platform's store, allow | |
| 86 // matching certificates from |additional_certs_|. | |
| 87 CERTCertList* additional_cert_list = CERT_NewCertList(); | |
| 88 for (const auto& cert : additional_certs_) { | |
| 89 CERT_AddCertToListTail(additional_cert_list, | |
| 90 CERT_DupCertificate(cert->os_cert_handle())); | |
| 91 } | |
| 92 net::CertificateList filtered_additional_certs; | |
| 93 net::ClientCertStoreNSS::GetClientCertsImpl( | |
| 94 additional_cert_list, request, query_nssdb, &filtered_additional_certs); | |
| 95 | |
| 96 selected_certs->insert(selected_certs->end(), | |
| 97 filtered_additional_certs.begin(), | |
| 98 filtered_additional_certs.end()); | |
| 70 } | 99 } |
| 71 | 100 |
| 72 void ClientCertStoreChromeOS::CertFilterInitialized( | 101 void ClientCertStoreChromeOS::SetAdditionalCerts( |
| 102 const base::Closure& callback, | |
| 103 const net::CertificateList& certs) { | |
| 104 additional_certs_ = certs; | |
|
davidben
2015/08/14 21:49:16
Hrm. Although we never actually call GetClientCert
pneubeck (no reviews)
2015/08/17 12:01:32
Not as easy because a lot of the NSS stuff was exe
| |
| 105 callback.Run(); | |
| 106 } | |
| 107 | |
| 108 void ClientCertStoreChromeOS::GetClientCertsAfterInit( | |
| 73 const net::SSLCertRequestInfo* request, | 109 const net::SSLCertRequestInfo* request, |
| 74 net::CertificateList* selected_certs, | 110 net::CertificateList* selected_certs, |
| 75 const base::Closure& callback) { | 111 const base::Closure& callback) { |
| 76 net::ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback); | 112 net::ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback); |
| 77 } | 113 } |
| 78 | 114 |
| 79 } // namespace chromeos | 115 } // namespace chromeos |
| OLD | NEW |
