OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_nss.h" | 5 #include "net/ssl/client_cert_store_nss.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <ssl.h> | 8 #include <ssl.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 X509Certificate::OSCertHandles intermediates_raw; | 92 X509Certificate::OSCertHandles intermediates_raw; |
93 for (const auto& intermediate : intermediates) { | 93 for (const auto& intermediate : intermediates) { |
94 intermediates_raw.push_back(intermediate.get()); | 94 intermediates_raw.push_back(intermediate.get()); |
95 } | 95 } |
96 | 96 |
97 // Retain a copy of the intermediates. Some deployments expect the client to | 97 // Retain a copy of the intermediates. Some deployments expect the client to |
98 // supply intermediates out of the local store. See | 98 // supply intermediates out of the local store. See |
99 // https://crbug.com/548631. | 99 // https://crbug.com/548631. |
100 filtered_certs->push_back( | 100 filtered_certs->push_back( |
101 X509Certificate::CreateFromHandle(handle, intermediates_raw)); | 101 X509Certificate::CreateFromHandle(handle, intermediates_raw)); |
| 102 // |handle| was successfully parsed by |cert|, so this should never fail. |
| 103 DCHECK(filtered_certs->back()); |
102 } | 104 } |
103 DVLOG(2) << "num_raw:" << num_raw | 105 DVLOG(2) << "num_raw:" << num_raw |
104 << " num_filtered:" << filtered_certs->size(); | 106 << " num_filtered:" << filtered_certs->size(); |
105 | 107 |
106 std::sort(filtered_certs->begin(), filtered_certs->end(), | 108 std::sort(filtered_certs->begin(), filtered_certs->end(), |
107 x509_util::ClientCertSorter()); | 109 x509_util::ClientCertSorter()); |
108 } | 110 } |
109 | 111 |
110 void ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread( | 112 void ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread( |
111 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 113 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
(...skipping 12 matching lines...) Expand all Loading... |
124 net::CertificateList* certs) { | 126 net::CertificateList* certs) { |
125 CERTCertList* found_certs = | 127 CERTCertList* found_certs = |
126 CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient, | 128 CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient, |
127 PR_FALSE, PR_FALSE, password_delegate.get()); | 129 PR_FALSE, PR_FALSE, password_delegate.get()); |
128 if (!found_certs) { | 130 if (!found_certs) { |
129 DVLOG(2) << "No client certs found."; | 131 DVLOG(2) << "No client certs found."; |
130 return; | 132 return; |
131 } | 133 } |
132 for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs); | 134 for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs); |
133 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { | 135 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { |
134 certs->push_back(X509Certificate::CreateFromHandle( | 136 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( |
135 node->cert, X509Certificate::OSCertHandles())); | 137 node->cert, X509Certificate::OSCertHandles()); |
| 138 if (!cert) { |
| 139 DVLOG(2) << "X509Certificate::CreateFromHandle failed"; |
| 140 continue; |
| 141 } |
| 142 certs->push_back(std::move(cert)); |
136 } | 143 } |
137 CERT_DestroyCertList(found_certs); | 144 CERT_DestroyCertList(found_certs); |
138 } | 145 } |
139 | 146 |
140 } // namespace net | 147 } // namespace net |
OLD | NEW |