chrome/browser/chromeos/net/client_cert_store_chromeos.cc - Issue 1274143002: ClientCertStoreChromeOS: support additional non-platform certs.

Side by Side Diff: chrome/browser/chromeos/net/client_cert_store_chromeos.cc

Issue 1274143002: ClientCertStoreChromeOS: support additional non-platform certs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Refactored ClientCertStoreNSS. Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/chromeos/net/client_cert_store_chromeos.h ('K') | « chrome/browser/chromeos/net/client_cert_store_chromeos.h ('k') | chrome/browser/chromeos/net/client_cert_store_chromeos_unittest.cc » ('j') | net/ssl/client_cert_store_nss.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"	5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8 #include <algorithm>	8 #include <algorithm>

9	9

10 #include "base/bind.h"	10 #include "base/bind.h"

11 #include "base/bind_helpers.h"	11 #include "base/bind_helpers.h"

12 #include "base/callback.h"	12 #include "base/callback.h"

	13 #include "base/location.h"

	14 #include "base/threading/worker_pool.h"

	15 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h"

	16 #include "crypto/nss_crypto_module_delegate.h"

	17 #include "net/cert/x509_certificate.h"

	18 #include "net/ssl/ssl_cert_request_info.h"

13	19

14 namespace chromeos {	20 namespace chromeos {

15	21

16 namespace {	22 namespace {

17	23

18 class CertNotAllowedPredicate {	24 class CertNotAllowedPredicate {

19 public:	25 public:

20 explicit CertNotAllowedPredicate(	26 explicit CertNotAllowedPredicate(

21 const ClientCertStoreChromeOS::CertFilter& filter)	27 const ClientCertStoreChromeOS::CertFilter& filter)

22 : filter_(filter) {}	28 : filter_(filter) {}

23 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const {	29 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const {

24 return !filter_.IsCertAllowed(cert);	30 return !filter_.IsCertAllowed(cert);

25 }	31 }

26	32

27 private:	33 private:

28 const ClientCertStoreChromeOS::CertFilter& filter_;	34 const ClientCertStoreChromeOS::CertFilter& filter_;
	davidben 2015/08/20 00:40:34 Nit: I'd probably have made this a pointer I think Nit: I'd probably have made this a pointer I think? I don't know if we save const references into structures much. pneubeck (no reviews) 2015/08/20 07:18:23 Done. Show quoted text On 2015/08/20 00:40:34, David Benjamin (slow) wrote: > Nit: I'd probably have made this a pointer I think? I don't know if we save > const references into structures much. Done.
29 };	35 };

30	36

31 } // namespace	37 } // namespace

32	38

33 ClientCertStoreChromeOS::ClientCertStoreChromeOS(	39 ClientCertStoreChromeOS::ClientCertStoreChromeOS(

	40 scoped_ptr<CertificateProvider> cert_provider,

34 scoped_ptr<CertFilter> cert_filter,	41 scoped_ptr<CertFilter> cert_filter,

35 const PasswordDelegateFactory& password_delegate_factory)	42 const net::ClientCertStoreNSS::PasswordDelegateFactory&

36 : ClientCertStoreNSS(password_delegate_factory),	43 password_delegate_factory)

37 cert_filter_(cert_filter.Pass()) {}	44 : cert_provider_(cert_provider.Pass()), cert_filter_(cert_filter.Pass()) {}

38	45

39 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}	46 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}

40	47

41 void ClientCertStoreChromeOS::GetClientCerts(	48 void ClientCertStoreChromeOS::GetClientCerts(

42 const net::SSLCertRequestInfo& cert_request_info,	49 const net::SSLCertRequestInfo& cert_request_info,

43 net::CertificateList* selected_certs,	50 net::CertificateList* selected_certs,

44 const base::Closure& callback) {	51 const base::Closure& callback) {

45 base::Closure bound_callback = base::Bind(	52 // Caller is responsible for keeping the ClientCertStore alive until the

46 &ClientCertStoreChromeOS::CertFilterInitialized,	53 // callback is run.

47 // Caller is responsible for keeping the ClientCertStore alive	54 base::Callback<void(const net::CertificateList&)>

48 // until the callback is run.	55 get_platform_certs_and_filter = base::Bind(

49 base::Unretained(this), &cert_request_info, selected_certs, callback);	56 &ClientCertStoreChromeOS::GotAdditionalCerts, base::Unretained(this),

	57 &cert_request_info, selected_certs, callback);

50	58

51 if (cert_filter_->Init(bound_callback))	59 base::Closure get_additional_certs_and_continue;

52 bound_callback.Run();	60 if (cert_provider_) {

	61 get_additional_certs_and_continue = base::Bind(

	62 &CertificateProvider::GetCertificates,

	63 base::Unretained(cert_provider_.get()), get_platform_certs_and_filter);

	64 } else {

	65 get_additional_certs_and_continue =

	66 base::Bind(get_platform_certs_and_filter, net::CertificateList());

	67 }

	68

	69 if (cert_filter_->Init(get_additional_certs_and_continue))

	70 get_additional_certs_and_continue.Run();

53 }	71 }

54	72

55 void ClientCertStoreChromeOS::GetClientCertsImpl(	73 void ClientCertStoreChromeOS::GotAdditionalCerts(

56 CERTCertList* cert_list,	74 const net::SSLCertRequestInfo* request,

57 const net::SSLCertRequestInfo& request,	75 net::CertificateList* selected_certs,

58 bool query_nssdb,	76 const base::Closure& callback,

59 net::CertificateList* selected_certs) {	77 const net::CertificateList& additional_certs) {

60 net::ClientCertStoreNSS::GetClientCertsImpl(cert_list, request, query_nssdb,	78 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate;

61 selected_certs);	79 if (!password_delegate_factory_.is_null()) {

62	80 password_delegate.reset(

63 size_t pre_size = selected_certs->size();	81 password_delegate_factory_.Run(request->host_and_port));

64 selected_certs->erase(	82 }

65 std::remove_if(selected_certs->begin(), selected_certs->end(),	83 if (!base::WorkerPool::PostTaskAndReply(

66 CertNotAllowedPredicate(*cert_filter_)),	84 FROM_HERE,

67 selected_certs->end());	85 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread,

68 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of "	86 base::Unretained(this), base::Passed(&password_delegate),

69 << pre_size << " certs";	87 request, additional_certs, selected_certs),

	88 callback, true)) {

	89 selected_certs->clear();

	90 callback.Run();

	91 }

70 }	92 }

71	93

72 void ClientCertStoreChromeOS::CertFilterInitialized(	94 void ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread(

	95 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate,

73 const net::SSLCertRequestInfo* request,	96 const net::SSLCertRequestInfo* request,

74 net::CertificateList* selected_certs,	97 const net::CertificateList& additional_certs,

75 const base::Closure& callback) {	98 net::CertificateList* selected_certs) {

76 net::ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback);	99 net::CertificateList unfiltered_certs;

	100 net::ClientCertStoreNSS::GetPlatformCerts(password_delegate.Pass(),

	101 &unfiltered_certs);

	102

	103 size_t pre_size = unfiltered_certs.size();

	104 unfiltered_certs.erase(

	105 std::remove_if(unfiltered_certs.begin(), unfiltered_certs.end(),

	106 CertNotAllowedPredicate(*cert_filter_)),

	107 unfiltered_certs.end());

	108 DVLOG(1) << "skipped " << pre_size - unfiltered_certs.size() << " of "

	109 << pre_size << " platform certs";
	davidben 2015/08/20 00:40:34 Optional: Has this and the corresponding NSS DVLOG Optional: Has this and the corresponding NSS DVLOG ever been useful? Seems we may as well not bother with either I think. I dunno, the only time I've ever debugged an issue with existing logging is when we don't preserve all details of some error (notably Windows error codes when some CNG or CAPI operation fails). pneubeck (no reviews) 2015/08/20 07:18:23 Removed. Show quoted text On 2015/08/20 00:40:34, David Benjamin (slow) wrote: > Optional: Has this and the corresponding NSS DVLOG ever been useful? Seems we > may as well not bother with either I think. I dunno, the only time I've ever > debugged an issue with existing logging is when we don't preserve all details of > some error (notably Windows error codes when some CNG or CAPI operation fails). Removed.
	110

	111 unfiltered_certs.insert(unfiltered_certs.end(), additional_certs.begin(),

	112 additional_certs.end());

	113

	114 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(unfiltered_certs, *request,

	115 true, selected_certs);

77 }	116 }

78	117

79 } // namespace chromeos	118 } // namespace chromeos

OLD	NEW