Chromium Code Reviews Chromium Code Reviews
Issue 1274143002:
ClientCertStoreChromeOS: support additional non-platform certs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/bind_helpers.h" | 11 #include "base/bind_helpers.h" |
| 12 #include "base/callback.h" | 12 #include "base/callback.h" |
| 13 #include "base/location.h" | |
| 14 #include "base/threading/worker_pool.h" | |
| 15 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | |
| 16 #include "crypto/nss_crypto_module_delegate.h" | |
| 17 #include "net/ssl/ssl_cert_request_info.h" | |
| 13 | 18 |
| 14 namespace chromeos { | 19 namespace chromeos { |
| 15 | 20 |
| 16 namespace { | 21 namespace { |
| 17 | 22 |
| 18 class CertNotAllowedPredicate { | 23 class CertNotAllowedPredicate { |
| 19 public: | 24 public: |
| 20 explicit CertNotAllowedPredicate( | 25 explicit CertNotAllowedPredicate( |
| 21 const ClientCertStoreChromeOS::CertFilter& filter) | 26 const ClientCertStoreChromeOS::CertFilter* filter) |
| 22 : filter_(filter) {} | 27 : filter_(filter) {} |
| 23 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const { | 28 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const { |
| 24 return !filter_.IsCertAllowed(cert); | 29 return !filter_->IsCertAllowed(cert); |
| 25 } | 30 } |
| 26 | 31 |
| 27 private: | 32 private: |
| 28 const ClientCertStoreChromeOS::CertFilter& filter_; | 33 const ClientCertStoreChromeOS::CertFilter* const filter_; |
| 29 }; | 34 }; |
| 30 | 35 |
| 31 } // namespace | 36 } // namespace |
| 32 | 37 |
| 33 ClientCertStoreChromeOS::ClientCertStoreChromeOS( | 38 ClientCertStoreChromeOS::ClientCertStoreChromeOS( |
| 39 scoped_ptr<CertificateProvider> cert_provider, | |
| 34 scoped_ptr<CertFilter> cert_filter, | 40 scoped_ptr<CertFilter> cert_filter, |
| 35 const PasswordDelegateFactory& password_delegate_factory) | 41 const PasswordDelegateFactory& password_delegate_factory) |
| 36 : ClientCertStoreNSS(password_delegate_factory), | 42 : cert_provider_(cert_provider.Pass()), cert_filter_(cert_filter.Pass()) {} |
| 37 cert_filter_(cert_filter.Pass()) {} | |
| 38 | 43 |
| 39 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} | 44 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} |
| 40 | 45 |
| 41 void ClientCertStoreChromeOS::GetClientCerts( | 46 void ClientCertStoreChromeOS::GetClientCerts( |
| 42 const net::SSLCertRequestInfo& cert_request_info, | 47 const net::SSLCertRequestInfo& cert_request_info, |
| 43 net::CertificateList* selected_certs, | 48 net::CertificateList* selected_certs, |
| 44 const base::Closure& callback) { | 49 const base::Closure& callback) { |
| 45 base::Closure bound_callback = base::Bind( | 50 // Caller is responsible for keeping the ClientCertStore alive until the |
| 46 &ClientCertStoreChromeOS::CertFilterInitialized, | 51 // callback is run. |
| 47 // Caller is responsible for keeping the ClientCertStore alive | 52 base::Callback<void(const net::CertificateList&)> |
| 48 // until the callback is run. | 53 get_platform_certs_and_filter = base::Bind( |
| 49 base::Unretained(this), &cert_request_info, selected_certs, callback); | 54 &ClientCertStoreChromeOS::GotAdditionalCerts, base::Unretained(this), |
| 55 &cert_request_info, selected_certs, callback); | |
| 50 | 56 |
| 51 if (cert_filter_->Init(bound_callback)) | 57 base::Closure get_additional_certs_and_continue; |
| 52 bound_callback.Run(); | 58 if (cert_provider_) { |
| 59 get_additional_certs_and_continue = base::Bind( | |
| 60 &CertificateProvider::GetCertificates, | |
| 61 base::Unretained(cert_provider_.get()), get_platform_certs_and_filter); | |
| 62 } else { | |
| 63 get_additional_certs_and_continue = | |
| 64 base::Bind(get_platform_certs_and_filter, net::CertificateList()); | |
| 65 } | |
| 66 | |
| 67 if (cert_filter_->Init(get_additional_certs_and_continue)) | |
| 68 get_additional_certs_and_continue.Run(); | |
| 53 } | 69 } |
| 54 | 70 |
| 55 void ClientCertStoreChromeOS::GetClientCertsImpl( | 71 void ClientCertStoreChromeOS::GotAdditionalCerts( |
| 56 CERTCertList* cert_list, | 72 const net::SSLCertRequestInfo* request, |
| 57 const net::SSLCertRequestInfo& request, | 73 net::CertificateList* selected_certs, |
| 58 bool query_nssdb, | 74 const base::Closure& callback, |
| 59 net::CertificateList* selected_certs) { | 75 const net::CertificateList& additional_certs) { |
| 60 net::ClientCertStoreNSS::GetClientCertsImpl(cert_list, request, query_nssdb, | 76 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
| 61 selected_certs); | 77 if (!password_delegate_factory_.is_null()) { |
| 62 | 78 password_delegate.reset( |
| 63 size_t pre_size = selected_certs->size(); | 79 password_delegate_factory_.Run(request->host_and_port)); |
| 64 selected_certs->erase( | 80 } |
| 65 std::remove_if(selected_certs->begin(), selected_certs->end(), | 81 if (!base::WorkerPool::PostTaskAndReply( |
| 66 CertNotAllowedPredicate(*cert_filter_)), | 82 FROM_HERE, |
| 67 selected_certs->end()); | 83 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, |
| 68 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of " | 84 base::Unretained(this), base::Passed(&password_delegate), |
| 69 << pre_size << " certs"; | 85 request, additional_certs, selected_certs), |
| 86 callback, true)) { | |
|
stevenjb
2015/08/24 21:09:38
nit: I think this would be a little more clear if
| |
| 87 selected_certs->clear(); | |
| 88 callback.Run(); | |
| 89 } | |
| 70 } | 90 } |
| 71 | 91 |
| 72 void ClientCertStoreChromeOS::CertFilterInitialized( | 92 void ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( |
| 93 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, | |
| 73 const net::SSLCertRequestInfo* request, | 94 const net::SSLCertRequestInfo* request, |
| 74 net::CertificateList* selected_certs, | 95 const net::CertificateList& additional_certs, |
| 75 const base::Closure& callback) { | 96 net::CertificateList* selected_certs) { |
| 76 net::ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback); | 97 net::CertificateList unfiltered_certs; |
| 98 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( | |
| 99 password_delegate.Pass(), &unfiltered_certs); | |
| 100 | |
| 101 unfiltered_certs.erase( | |
| 102 std::remove_if(unfiltered_certs.begin(), unfiltered_certs.end(), | |
| 103 CertNotAllowedPredicate(cert_filter_.get())), | |
| 104 unfiltered_certs.end()); | |
| 105 | |
| 106 unfiltered_certs.insert(unfiltered_certs.end(), additional_certs.begin(), | |
| 107 additional_certs.end()); | |
| 108 | |
| 109 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(unfiltered_certs, *request, | |
| 110 true, selected_certs); | |
| 77 } | 111 } |
| 78 | 112 |
| 79 } // namespace chromeos | 113 } // namespace chromeos |
| OLD | NEW |
