| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/client_cert_resolver.h" | 5 #include "chromeos/network/client_cert_resolver.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certt.h> // for (SECCertUsageEnum) certUsageAnyCA | 8 #include <certt.h> // for (SECCertUsageEnum) certUsageAnyCA |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 | 10 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 #include "chromeos/dbus/shill_service_client.h" | 23 #include "chromeos/dbus/shill_service_client.h" |
| 24 #include "chromeos/network/certificate_pattern.h" | 24 #include "chromeos/network/certificate_pattern.h" |
| 25 #include "chromeos/network/client_cert_util.h" | 25 #include "chromeos/network/client_cert_util.h" |
| 26 #include "chromeos/network/favorite_state.h" | 26 #include "chromeos/network/favorite_state.h" |
| 27 #include "chromeos/network/managed_network_configuration_handler.h" | 27 #include "chromeos/network/managed_network_configuration_handler.h" |
| 28 #include "chromeos/network/network_state_handler.h" | 28 #include "chromeos/network/network_state_handler.h" |
| 29 #include "chromeos/network/network_ui_data.h" | 29 #include "chromeos/network/network_ui_data.h" |
| 30 #include "chromeos/tpm_token_loader.h" | 30 #include "chromeos/tpm_token_loader.h" |
| 31 #include "components/onc/onc_constants.h" | 31 #include "components/onc/onc_constants.h" |
| 32 #include "dbus/object_path.h" | 32 #include "dbus/object_path.h" |
| 33 #include "net/cert/scoped_nss_types.h" |
| 33 #include "net/cert/x509_certificate.h" | 34 #include "net/cert/x509_certificate.h" |
| 34 | 35 |
| 35 namespace chromeos { | 36 namespace chromeos { |
| 36 | 37 |
| 37 // Describes a network |network_path| for which a matching certificate |cert_id| | 38 // Describes a network |network_path| for which a matching certificate |cert_id| |
| 38 // was found. | 39 // was found. |
| 39 struct ClientCertResolver::NetworkAndMatchingCert { | 40 struct ClientCertResolver::NetworkAndMatchingCert { |
| 40 NetworkAndMatchingCert(const std::string& network_path, | 41 NetworkAndMatchingCert(const std::string& network_path, |
| 41 client_cert::ConfigType config_type, | 42 client_cert::ConfigType config_type, |
| 42 const std::string& cert_id) | 43 const std::string& cert_id) |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 140 // Filter all client certs and determines each certificate's issuer, which is | 141 // Filter all client certs and determines each certificate's issuer, which is |
| 141 // required for the pattern matching. | 142 // required for the pattern matching. |
| 142 std::vector<CertAndIssuer> client_certs; | 143 std::vector<CertAndIssuer> client_certs; |
| 143 for (net::CertificateList::const_iterator it = certs.begin(); | 144 for (net::CertificateList::const_iterator it = certs.begin(); |
| 144 it != certs.end(); ++it) { | 145 it != certs.end(); ++it) { |
| 145 const net::X509Certificate& cert = **it; | 146 const net::X509Certificate& cert = **it; |
| 146 if (cert.valid_expiry().is_null() || cert.HasExpired() || | 147 if (cert.valid_expiry().is_null() || cert.HasExpired() || |
| 147 !HasPrivateKey(cert)) { | 148 !HasPrivateKey(cert)) { |
| 148 continue; | 149 continue; |
| 149 } | 150 } |
| 150 net::X509Certificate::OSCertHandle issuer_handle = | 151 net::ScopedCERTCertificate issuer_handle( |
| 151 CERT_FindCertIssuer(cert.os_cert_handle(), PR_Now(), certUsageAnyCA); | 152 CERT_FindCertIssuer(cert.os_cert_handle(), PR_Now(), certUsageAnyCA)); |
| 152 if (!issuer_handle) { | 153 if (!issuer_handle) { |
| 153 LOG(ERROR) << "Couldn't find an issuer."; | 154 LOG(ERROR) << "Couldn't find an issuer."; |
| 154 continue; | 155 continue; |
| 155 } | 156 } |
| 156 scoped_refptr<net::X509Certificate> issuer = | 157 scoped_refptr<net::X509Certificate> issuer = |
| 157 net::X509Certificate::CreateFromHandle( | 158 net::X509Certificate::CreateFromHandle( |
| 158 issuer_handle, | 159 issuer_handle.get(), |
| 159 net::X509Certificate::OSCertHandles() /* no intermediate certs */); | 160 net::X509Certificate::OSCertHandles() /* no intermediate certs */); |
| 160 if (!issuer) { | 161 if (!issuer) { |
| 161 LOG(ERROR) << "Couldn't create issuer cert."; | 162 LOG(ERROR) << "Couldn't create issuer cert."; |
| 162 continue; | 163 continue; |
| 163 } | 164 } |
| 164 std::string pem_encoded_issuer; | 165 std::string pem_encoded_issuer; |
| 165 if (!net::X509Certificate::GetPEMEncoded(issuer->os_cert_handle(), | 166 if (!net::X509Certificate::GetPEMEncoded(issuer->os_cert_handle(), |
| 166 &pem_encoded_issuer)) { | 167 &pem_encoded_issuer)) { |
| 167 LOG(ERROR) << "Couldn't PEM-encode certificate."; | 168 LOG(ERROR) << "Couldn't PEM-encode certificate."; |
| 168 continue; | 169 continue; |
| (...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 444 DBusThreadManager::Get()->GetShillServiceClient()-> | 445 DBusThreadManager::Get()->GetShillServiceClient()-> |
| 445 SetProperties(dbus::ObjectPath(it->service_path), | 446 SetProperties(dbus::ObjectPath(it->service_path), |
| 446 shill_properties, | 447 shill_properties, |
| 447 base::Bind(&base::DoNothing), | 448 base::Bind(&base::DoNothing), |
| 448 base::Bind(&LogError, it->service_path)); | 449 base::Bind(&LogError, it->service_path)); |
| 449 network_state_handler_->RequestUpdateForNetwork(it->service_path); | 450 network_state_handler_->RequestUpdateForNetwork(it->service_path); |
| 450 } | 451 } |
| 451 } | 452 } |
| 452 | 453 |
| 453 } // namespace chromeos | 454 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 145273015:
Fix a leak in client_cert_resolver (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src