Chromium Code Reviews Chromium Code Reviews
Issue 1274143002:
ClientCertStoreChromeOS: support additional non-platform certs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/chromeos/net/client_cert_store_chromeos.cc |
| diff --git a/chrome/browser/chromeos/net/client_cert_store_chromeos.cc b/chrome/browser/chromeos/net/client_cert_store_chromeos.cc |
| index 79c7b80e3dbdbdd186ed62966e557745ac554f98..692d61966a5c48c409b3538045a6148993d9cb46 100644 |
| --- a/chrome/browser/chromeos/net/client_cert_store_chromeos.cc |
| +++ b/chrome/browser/chromeos/net/client_cert_store_chromeos.cc |
| @@ -10,6 +10,7 @@ |
| #include "base/bind.h" |
| #include "base/bind_helpers.h" |
| #include "base/callback.h" |
| +#include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
| namespace chromeos { |
| @@ -31,9 +32,11 @@ class CertNotAllowedPredicate { |
| } // namespace |
| ClientCertStoreChromeOS::ClientCertStoreChromeOS( |
| + scoped_ptr<CertificateProvider> cert_provider, |
| scoped_ptr<CertFilter> cert_filter, |
| const PasswordDelegateFactory& password_delegate_factory) |
| : ClientCertStoreNSS(password_delegate_factory), |
| + cert_provider_(cert_provider.Pass()), |
| cert_filter_(cert_filter.Pass()) {} |
| ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} |
| @@ -42,14 +45,25 @@ void ClientCertStoreChromeOS::GetClientCerts( |
| const net::SSLCertRequestInfo& cert_request_info, |
| net::CertificateList* selected_certs, |
| const base::Closure& callback) { |
| - base::Closure bound_callback = base::Bind( |
| - &ClientCertStoreChromeOS::CertFilterInitialized, |
| - // Caller is responsible for keeping the ClientCertStore alive |
| - // until the callback is run. |
| - base::Unretained(this), &cert_request_info, selected_certs, callback); |
| - |
| - if (cert_filter_->Init(bound_callback)) |
| - bound_callback.Run(); |
| + // Caller is responsible for keeping the ClientCertStore alive until the |
| + // callback is run. |
| + base::Closure get_certs_after_init = base::Bind( |
| + &ClientCertStoreChromeOS::GetClientCertsAfterInit, base::Unretained(this), |
| + &cert_request_info, selected_certs, callback); |
| + |
| + base::Closure get_additional_certs_and_continue; |
| + if (cert_provider_) { |
| + get_additional_certs_and_continue = |
| + base::Bind(&CertificateProvider::GetCertificates, |
| + base::Unretained(cert_provider_.get()), |
| + base::Bind(&ClientCertStoreChromeOS::SetAdditionalCerts, |
| + base::Unretained(this), get_certs_after_init)); |
| + } else { |
| + get_additional_certs_and_continue = get_certs_after_init; |
| + } |
| + |
| + if (cert_filter_->Init(get_additional_certs_and_continue)) |
| + get_additional_certs_and_continue.Run(); |
| } |
| void ClientCertStoreChromeOS::GetClientCertsImpl( |
| @@ -67,9 +81,31 @@ void ClientCertStoreChromeOS::GetClientCertsImpl( |
| selected_certs->end()); |
| DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of " |
| << pre_size << " certs"; |
| + |
| + // Additionally to the matching certs from the platform's store, allow |
| + // matching certificates from |additional_certs_|. |
| + CERTCertList* additional_cert_list = CERT_NewCertList(); |
| + for (const auto& cert : additional_certs_) { |
| + CERT_AddCertToListTail(additional_cert_list, |
| + CERT_DupCertificate(cert->os_cert_handle())); |
| + } |
| + net::CertificateList filtered_additional_certs; |
| + net::ClientCertStoreNSS::GetClientCertsImpl( |
| + additional_cert_list, request, query_nssdb, &filtered_additional_certs); |
| + |
| + selected_certs->insert(selected_certs->end(), |
| + filtered_additional_certs.begin(), |
| + filtered_additional_certs.end()); |
| +} |
| + |
| +void ClientCertStoreChromeOS::SetAdditionalCerts( |
| + const base::Closure& callback, |
| + const net::CertificateList& certs) { |
| + additional_certs_ = certs; |
|
davidben
2015/08/14 21:49:16
Hrm. Although we never actually call GetClientCert
pneubeck (no reviews)
2015/08/17 12:01:32
Not as easy because a lot of the NSS stuff was exe
|
| + callback.Run(); |
| } |
| -void ClientCertStoreChromeOS::CertFilterInitialized( |
| +void ClientCertStoreChromeOS::GetClientCertsAfterInit( |
| const net::SSLCertRequestInfo* request, |
| net::CertificateList* selected_certs, |
| const base::Closure& callback) { |
