Plumbing SSLPrivateKey (//net)

remoting/host/token_validator_base.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/token_validator_base.h"
 
 #include "base/base64.h"
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/json/json_reader.h"
 #include "base/logging.h"
 #include "base/memory/weak_ptr.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
 #include "base/values.h"
 #include "net/base/escape.h"
 #include "net/base/io_buffer.h"
 #include "net/base/request_priority.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/base/upload_data_stream.h"
 #include "net/ssl/client_cert_store.h"
 #if defined(USE_NSS_CERTS)
 #include "net/ssl/client_cert_store_nss.h"
 #elif defined(OS_WIN)
 #include "net/ssl/client_cert_store_win.h"
 #elif defined(OS_MACOSX)
 #include "net/ssl/client_cert_store_mac.h"
 #endif
 #include "net/ssl/ssl_cert_request_info.h"
+#include "net/ssl/ssl_platform_key.h"
+#include "net/ssl/ssl_private_key.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_status.h"
 #include "url/gurl.h"
 
 namespace {
 
 const int kBufferSize = 4096;
 const char kCertIssuerWildCard[] = "*";
 
@@ skipping 107 matching lines @@
 
 void TokenValidatorBase::OnCertificatesSelected(
     net::CertificateList* selected_certs,
     net::ClientCertStore* unused) {
   const std::string& issuer =
       third_party_auth_config_.token_validation_cert_issuer;
   if (request_) {
     for (size_t i = 0; i < selected_certs->size(); ++i) {
       if (issuer == kCertIssuerWildCard ||
           issuer == (*selected_certs)[i]->issuer().common_name) {
-        request_->ContinueWithCertificate((*selected_certs)[i].get());
+        scoped_refptr<net::SSLPrivateKey> private_key =

[Sergey Ulanov, 2015/11/11 19:05:02]

nit: this code would be shorter and more readable as follows:
  net::X509Certificate* cert = (*selected_certs)[i].get();
  if (issuer == kCertIssuerWildCard ||
      issuer == cert->issuer().common_name) {
    request_->ContinueWithCertificate(
        cert, net::FetchClientCertPrivateKey(cert));
  }

This particularly avoids duplication of the (*selected_certs)[i].get()
expression. Alternative

[svaldez, 2015/11/16 21:36:22]

Done.

+            net::FetchClientCertPrivateKey((*selected_certs)[i].get());
+        request_->ContinueWithCertificate((*selected_certs)[i].get(),
+                                          private_key.get());
         return;
       }
     }
-    request_->ContinueWithCertificate(nullptr);
+    request_->ContinueWithCertificate(nullptr, nullptr);
   }
 }
 
 bool TokenValidatorBase::IsValidScope(const std::string& token_scope) {
   // TODO(rmsousa): Deal with reordering/subsets/supersets/aliases/etc.
   return token_scope == token_scope_;
 }
 
 std::string TokenValidatorBase::ProcessResponse() {
   // Verify that we got a successful response.
@@ skipping 27 matching lines @@
     return std::string();
   }
 
   std::string shared_secret;
   // Everything is valid, so return the shared secret to the caller.
   dict->GetStringWithoutPathExpansion("access_token", &shared_secret);
   return shared_secret;
 }
 
 }  // namespace remoting