Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(43)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/client_cert_store_impl_nss.cc

Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: certdb: handle GetCertTrust and IsUntrusted, failed attempt to handle SetCertTrust Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/net.gyp ('k') | net/third_party/mozilla_security_manager/nsNSSCertificateDB.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/client_cert_store_impl.h" 5 #include "net/ssl/client_cert_store_impl.h"
6 6
7 #include <nss.h> 7 #include <nss.h>
8 #include <ssl.h> 8 #include <ssl.h>
9 9
10 #include "base/callback.h" 10 #include "base/callback.h"
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
42 const std::string& authority = request.cert_authorities[i]; 42 const std::string& authority = request.cert_authorities[i];
43 ca_names_items[i].type = siBuffer; 43 ca_names_items[i].type = siBuffer;
44 ca_names_items[i].data = 44 ca_names_items[i].data =
45 reinterpret_cast<unsigned char*>(const_cast<char*>(authority.data())); 45 reinterpret_cast<unsigned char*>(const_cast<char*>(authority.data()));
46 ca_names_items[i].len = static_cast<unsigned int>(authority.size()); 46 ca_names_items[i].len = static_cast<unsigned int>(authority.size());
47 } 47 }
48 ca_names.nnames = static_cast<int>(ca_names_items.size()); 48 ca_names.nnames = static_cast<int>(ca_names_items.size());
49 if (!ca_names_items.empty()) 49 if (!ca_names_items.empty())
50 ca_names.names = &ca_names_items[0]; 50 ca_names.names = &ca_names_items[0];
51 51
52 size_t num_raw = 0;
52 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); 53 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
53 !CERT_LIST_END(node, cert_list); 54 !CERT_LIST_END(node, cert_list);
54 node = CERT_LIST_NEXT(node)) { 55 node = CERT_LIST_NEXT(node)) {
56 ++num_raw;
55 // Only offer unexpired certificates. 57 // Only offer unexpired certificates.
56 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != 58 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) !=
57 secCertTimeValid) { 59 secCertTimeValid) {
60 VLOG(1) << "expired cert "
61 << (node->cert->nickname ? node->cert->nickname : "");
58 continue; 62 continue;
59 } 63 }
60 64
61 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( 65 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
62 node->cert, X509Certificate::OSCertHandles()); 66 node->cert, X509Certificate::OSCertHandles());
63 67
64 // Check if the certificate issuer is allowed by the server. 68 // Check if the certificate issuer is allowed by the server.
65 if (request.cert_authorities.empty() || 69 if (request.cert_authorities.empty() ||
66 (!query_nssdb && 70 (!query_nssdb &&
67 cert->IsIssuedByEncoded(request.cert_authorities)) || 71 cert->IsIssuedByEncoded(request.cert_authorities)) ||
68 (query_nssdb && 72 (query_nssdb &&
69 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { 73 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) {
74 VLOG(1) << "selected cert "
75 << (node->cert->nickname ? node->cert->nickname : "");
70 selected_certs->push_back(cert); 76 selected_certs->push_back(cert);
71 } 77 }
78 else
79 VLOG(1) << "skipped cert "
80 << (node->cert->nickname ? node->cert->nickname : "");
72 } 81 }
82 VLOG(1) << "num_raw:" << num_raw << " num_selected:"<< selected_certs->size();
73 83
74 std::sort(selected_certs->begin(), selected_certs->end(), 84 std::sort(selected_certs->begin(), selected_certs->end(),
75 x509_util::ClientCertSorter()); 85 x509_util::ClientCertSorter());
76 } 86 }
77 87
78 } // namespace 88 } // namespace
79 89
80 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, 90 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
81 CertificateList* selected_certs, 91 CertificateList* selected_certs,
82 const base::Closure& callback) { 92 const base::Closure& callback) {
(...skipping 23 matching lines...) Expand all
106 CERT_AddCertToListTail( 116 CERT_AddCertToListTail(
107 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); 117 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle()));
108 } 118 }
109 119
110 GetClientCertsImpl(cert_list, request, false, selected_certs); 120 GetClientCertsImpl(cert_list, request, false, selected_certs);
111 CERT_DestroyCertList(cert_list); 121 CERT_DestroyCertList(cert_list);
112 return true; 122 return true;
113 } 123 }
114 124
115 } // namespace net 125 } // namespace net
OLDNEW
« no previous file with comments | « net/net.gyp ('k') | net/third_party/mozilla_security_manager/nsNSSCertificateDB.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698