Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(543)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/client_cert_store_impl_nss.cc

Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: more refactoring Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/ssl/client_cert_store_chromeos.cc ('k') | net/third_party/mozilla_security_manager/nsNSSCertificateDB.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/client_cert_store_impl.h" 5 #include "net/ssl/client_cert_store_impl.h"
6 6
7 #include <nss.h> 7 #include <nss.h>
8 #include <ssl.h> 8 #include <ssl.h>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
46 const std::string& authority = request.cert_authorities[i]; 46 const std::string& authority = request.cert_authorities[i];
47 ca_names_items[i].type = siBuffer; 47 ca_names_items[i].type = siBuffer;
48 ca_names_items[i].data = 48 ca_names_items[i].data =
49 reinterpret_cast<unsigned char*>(const_cast<char*>(authority.data())); 49 reinterpret_cast<unsigned char*>(const_cast<char*>(authority.data()));
50 ca_names_items[i].len = static_cast<unsigned int>(authority.size()); 50 ca_names_items[i].len = static_cast<unsigned int>(authority.size());
51 } 51 }
52 ca_names.nnames = static_cast<int>(ca_names_items.size()); 52 ca_names.nnames = static_cast<int>(ca_names_items.size());
53 if (!ca_names_items.empty()) 53 if (!ca_names_items.empty())
54 ca_names.names = &ca_names_items[0]; 54 ca_names.names = &ca_names_items[0];
55 55
56 size_t num_raw = 0;
56 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); 57 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
57 !CERT_LIST_END(node, cert_list); 58 !CERT_LIST_END(node, cert_list);
58 node = CERT_LIST_NEXT(node)) { 59 node = CERT_LIST_NEXT(node)) {
60 ++num_raw;
59 // Only offer unexpired certificates. 61 // Only offer unexpired certificates.
60 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != 62 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) !=
61 secCertTimeValid) { 63 secCertTimeValid) {
64 DVLOG(2) << "skipped expired cert: "
65 << (node->cert->nickname ? node->cert->nickname : "");
62 continue; 66 continue;
63 } 67 }
64 68
65 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( 69 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
66 node->cert, X509Certificate::OSCertHandles()); 70 node->cert, X509Certificate::OSCertHandles());
67 71
68 // Check if the certificate issuer is allowed by the server. 72 // Check if the certificate issuer is allowed by the server.
69 if (request.cert_authorities.empty() || 73 if (request.cert_authorities.empty() ||
70 (!query_nssdb && 74 (!query_nssdb &&
71 cert->IsIssuedByEncoded(request.cert_authorities)) || 75 cert->IsIssuedByEncoded(request.cert_authorities)) ||
72 (query_nssdb && 76 (query_nssdb &&
73 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { 77 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) {
78 DVLOG(2) << "matched cert: "
79 << (node->cert->nickname ? node->cert->nickname : "");
74 selected_certs->push_back(cert); 80 selected_certs->push_back(cert);
75 } 81 }
82 else
83 DVLOG(2) << "skipped non-matching cert: "
84 << (node->cert->nickname ? node->cert->nickname : "");
76 } 85 }
86 DVLOG(2) << "num_raw:" << num_raw
87 << " num_selected:" << selected_certs->size();
77 88
78 std::sort(selected_certs->begin(), selected_certs->end(), 89 std::sort(selected_certs->begin(), selected_certs->end(),
79 x509_util::ClientCertSorter()); 90 x509_util::ClientCertSorter());
80 } 91 }
81 92
82 void GetClientCertsOnWorkerThread( 93 void GetClientCertsOnWorkerThread(
83 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, 94 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate,
84 const SSLCertRequestInfo* request, 95 const SSLCertRequestInfo* request,
85 CertificateList* selected_certs) { 96 CertificateList* selected_certs) {
86 CERTCertList* client_certs = CERT_FindUserCertsByUsage( 97 CERTCertList* client_certs = CERT_FindUserCertsByUsage(
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
142 CERT_AddCertToListTail( 153 CERT_AddCertToListTail(
143 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); 154 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle()));
144 } 155 }
145 156
146 GetClientCertsImpl(cert_list, request, false, selected_certs); 157 GetClientCertsImpl(cert_list, request, false, selected_certs);
147 CERT_DestroyCertList(cert_list); 158 CERT_DestroyCertList(cert_list);
148 return true; 159 return true;
149 } 160 }
150 161
151 } // namespace net 162 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/client_cert_store_chromeos.cc ('k') | net/third_party/mozilla_security_manager/nsNSSCertificateDB.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698