Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(24)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/client_cert_store_impl_mac.cc

Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: cert manager basics working Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/ssl/client_cert_store_impl.h ('k') | net/ssl/client_cert_store_impl_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/client_cert_store_impl.h" 5 #include "net/ssl/client_cert_store_impl.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreFoundation/CFArray.h> 8 #include <CoreFoundation/CFArray.h>
9 #include <CoreServices/CoreServices.h> 9 #include <CoreServices/CoreServices.h>
10 #include <Security/SecBase.h> 10 #include <Security/SecBase.h>
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after
165 if (preferred_cert.get() && sort_begin != sort_end && 165 if (preferred_cert.get() && sort_begin != sort_end &&
166 sort_begin->get() == preferred_cert.get()) { 166 sort_begin->get() == preferred_cert.get()) {
167 ++sort_begin; 167 ++sort_begin;
168 } 168 }
169 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); 169 sort(sort_begin, sort_end, x509_util::ClientCertSorter());
170 return true; 170 return true;
171 } 171 }
172 172
173 } // namespace 173 } // namespace
174 174
175 bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, 175 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
176 CertificateList* selected_certs) { 176 CertificateList* selected_certs,
177 const base::Closure& callback) {
177 std::string server_domain = 178 std::string server_domain =
178 HostPortPair::FromString(request.host_and_port).host(); 179 HostPortPair::FromString(request.host_and_port).host();
179 180
180 ScopedCFTypeRef<SecIdentityRef> preferred_identity; 181 ScopedCFTypeRef<SecIdentityRef> preferred_identity;
181 if (!server_domain.empty()) { 182 if (!server_domain.empty()) {
182 // See if there's an identity preference for this domain: 183 // See if there's an identity preference for this domain:
183 ScopedCFTypeRef<CFStringRef> domain_str( 184 ScopedCFTypeRef<CFStringRef> domain_str(
184 base::SysUTF8ToCFStringRef("https://" + server_domain)); 185 base::SysUTF8ToCFStringRef("https://" + server_domain));
185 SecIdentityRef identity = NULL; 186 SecIdentityRef identity = NULL;
186 // While SecIdentityCopyPreferences appears to take a list of CA issuers 187 // While SecIdentityCopyPreferences appears to take a list of CA issuers
(...skipping 11 matching lines...) Expand all
198 // Now enumerate the identities in the available keychains. 199 // Now enumerate the identities in the available keychains.
199 scoped_refptr<X509Certificate> preferred_cert = NULL; 200 scoped_refptr<X509Certificate> preferred_cert = NULL;
200 CertificateList regular_certs; 201 CertificateList regular_certs;
201 202
202 SecIdentitySearchRef search = NULL; 203 SecIdentitySearchRef search = NULL;
203 OSStatus err; 204 OSStatus err;
204 { 205 {
205 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); 206 base::AutoLock lock(crypto::GetMacSecurityServicesLock());
206 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); 207 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search);
207 } 208 }
208 if (err) 209 if (err) {
209 return false; 210 callback.Run();
211 return;
212 }
210 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); 213 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search);
211 while (!err) { 214 while (!err) {
212 SecIdentityRef identity = NULL; 215 SecIdentityRef identity = NULL;
213 { 216 {
214 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); 217 base::AutoLock lock(crypto::GetMacSecurityServicesLock());
215 err = SecIdentitySearchCopyNext(search, &identity); 218 err = SecIdentitySearchCopyNext(search, &identity);
216 } 219 }
217 if (err) 220 if (err)
218 break; 221 break;
219 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity); 222 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity);
(...skipping 12 matching lines...) Expand all
232 // Only one certificate should match. 235 // Only one certificate should match.
233 DCHECK(!preferred_cert.get()); 236 DCHECK(!preferred_cert.get());
234 preferred_cert = cert; 237 preferred_cert = cert;
235 } else { 238 } else {
236 regular_certs.push_back(cert); 239 regular_certs.push_back(cert);
237 } 240 }
238 } 241 }
239 242
240 if (err != errSecItemNotFound) { 243 if (err != errSecItemNotFound) {
241 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; 244 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error";
242 return false; 245 callback.Run();
246 return;
243 } 247 }
244 248
245 return GetClientCertsImpl(preferred_cert, regular_certs, request, true, 249 GetClientCertsImpl(preferred_cert, regular_certs, request, true,
246 selected_certs); 250 selected_certs);
251 callback.Run();
247 } 252 }
248 253
249 bool ClientCertStoreImpl::SelectClientCertsForTesting( 254 bool ClientCertStoreImpl::SelectClientCertsForTesting(
250 const CertificateList& input_certs, 255 const CertificateList& input_certs,
251 const SSLCertRequestInfo& request, 256 const SSLCertRequestInfo& request,
252 CertificateList* selected_certs) { 257 CertificateList* selected_certs) {
253 return GetClientCertsImpl(NULL, input_certs, request, false, 258 return GetClientCertsImpl(NULL, input_certs, request, false,
254 selected_certs); 259 selected_certs);
255 } 260 }
256 261
257 #if !defined(OS_IOS) 262 #if !defined(OS_IOS)
258 bool ClientCertStoreImpl::SelectClientCertsGivenPreferredForTesting( 263 bool ClientCertStoreImpl::SelectClientCertsGivenPreferredForTesting(
259 const scoped_refptr<X509Certificate>& preferred_cert, 264 const scoped_refptr<X509Certificate>& preferred_cert,
260 const CertificateList& regular_certs, 265 const CertificateList& regular_certs,
261 const SSLCertRequestInfo& request, 266 const SSLCertRequestInfo& request,
262 CertificateList* selected_certs) { 267 CertificateList* selected_certs) {
263 return GetClientCertsImpl(preferred_cert, regular_certs, request, false, 268 return GetClientCertsImpl(preferred_cert, regular_certs, request, false,
264 selected_certs); 269 selected_certs);
265 } 270 }
266 #endif 271 #endif
267 272
268 } // namespace net 273 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/client_cert_store_impl.h ('k') | net/ssl/client_cert_store_impl_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698