OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_impl.h" | 5 #include "net/ssl/client_cert_store_impl.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <ssl.h> | 8 #include <ssl.h> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
46 const std::string& authority = request.cert_authorities[i]; | 46 const std::string& authority = request.cert_authorities[i]; |
47 ca_names_items[i].type = siBuffer; | 47 ca_names_items[i].type = siBuffer; |
48 ca_names_items[i].data = | 48 ca_names_items[i].data = |
49 reinterpret_cast<unsigned char*>(const_cast<char*>(authority.data())); | 49 reinterpret_cast<unsigned char*>(const_cast<char*>(authority.data())); |
50 ca_names_items[i].len = static_cast<unsigned int>(authority.size()); | 50 ca_names_items[i].len = static_cast<unsigned int>(authority.size()); |
51 } | 51 } |
52 ca_names.nnames = static_cast<int>(ca_names_items.size()); | 52 ca_names.nnames = static_cast<int>(ca_names_items.size()); |
53 if (!ca_names_items.empty()) | 53 if (!ca_names_items.empty()) |
54 ca_names.names = &ca_names_items[0]; | 54 ca_names.names = &ca_names_items[0]; |
55 | 55 |
| 56 size_t num_raw = 0; |
56 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); | 57 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
57 !CERT_LIST_END(node, cert_list); | 58 !CERT_LIST_END(node, cert_list); |
58 node = CERT_LIST_NEXT(node)) { | 59 node = CERT_LIST_NEXT(node)) { |
| 60 ++num_raw; |
59 // Only offer unexpired certificates. | 61 // Only offer unexpired certificates. |
60 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != | 62 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != |
61 secCertTimeValid) { | 63 secCertTimeValid) { |
| 64 DVLOG(2) << "skipped expired cert: " |
| 65 << (node->cert->nickname ? node->cert->nickname : ""); |
62 continue; | 66 continue; |
63 } | 67 } |
64 | 68 |
65 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | 69 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( |
66 node->cert, X509Certificate::OSCertHandles()); | 70 node->cert, X509Certificate::OSCertHandles()); |
67 | 71 |
68 // Check if the certificate issuer is allowed by the server. | 72 // Check if the certificate issuer is allowed by the server. |
69 if (request.cert_authorities.empty() || | 73 if (request.cert_authorities.empty() || |
70 (!query_nssdb && | 74 (!query_nssdb && |
71 cert->IsIssuedByEncoded(request.cert_authorities)) || | 75 cert->IsIssuedByEncoded(request.cert_authorities)) || |
72 (query_nssdb && | 76 (query_nssdb && |
73 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { | 77 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { |
| 78 DVLOG(2) << "matched cert: " |
| 79 << (node->cert->nickname ? node->cert->nickname : ""); |
74 selected_certs->push_back(cert); | 80 selected_certs->push_back(cert); |
75 } | 81 } |
| 82 else |
| 83 DVLOG(2) << "skipped non-matching cert: " |
| 84 << (node->cert->nickname ? node->cert->nickname : ""); |
76 } | 85 } |
| 86 DVLOG(2) << "num_raw:" << num_raw |
| 87 << " num_selected:" << selected_certs->size(); |
77 | 88 |
78 std::sort(selected_certs->begin(), selected_certs->end(), | 89 std::sort(selected_certs->begin(), selected_certs->end(), |
79 x509_util::ClientCertSorter()); | 90 x509_util::ClientCertSorter()); |
80 } | 91 } |
81 | 92 |
82 void GetClientCertsOnWorkerThread( | 93 void GetClientCertsOnWorkerThread( |
83 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, | 94 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, |
84 const SSLCertRequestInfo* request, | 95 const SSLCertRequestInfo* request, |
85 CertificateList* selected_certs) { | 96 CertificateList* selected_certs) { |
86 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | 97 CERTCertList* client_certs = CERT_FindUserCertsByUsage( |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
142 CERT_AddCertToListTail( | 153 CERT_AddCertToListTail( |
143 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); | 154 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); |
144 } | 155 } |
145 | 156 |
146 GetClientCertsImpl(cert_list, request, false, selected_certs); | 157 GetClientCertsImpl(cert_list, request, false, selected_certs); |
147 CERT_DestroyCertList(cert_list); | 158 CERT_DestroyCertList(cert_list); |
148 return true; | 159 return true; |
149 } | 160 } |
150 | 161 |
151 } // namespace net | 162 } // namespace net |
OLD | NEW |