Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/client_cert_store_mac.cc

Issue 2838243002: Remove client_certs from SSLCertRequestInfo. (Closed)
Patch Set: revert stray whitespace change Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/client_cert_store_mac.h ('k') | net/ssl/client_cert_store_nss.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/client_cert_store_mac.h" 5 #include "net/ssl/client_cert_store_mac.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreFoundation/CFArray.h> 8 #include <CoreFoundation/CFArray.h>
9 #include <CoreServices/CoreServices.h> 9 #include <CoreServices/CoreServices.h>
10 #include <Security/SecBase.h> 10 #include <Security/SecBase.h>
(...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after
229 } 229 }
230 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); 230 sort(sort_begin, sort_end, x509_util::ClientCertSorter());
231 } 231 }
232 232
233 } // namespace 233 } // namespace
234 234
235 ClientCertStoreMac::ClientCertStoreMac() {} 235 ClientCertStoreMac::ClientCertStoreMac() {}
236 236
237 ClientCertStoreMac::~ClientCertStoreMac() {} 237 ClientCertStoreMac::~ClientCertStoreMac() {}
238 238
239 void ClientCertStoreMac::GetClientCerts(const SSLCertRequestInfo& request, 239 void ClientCertStoreMac::GetClientCerts(
240 CertificateList* selected_certs, 240 const SSLCertRequestInfo& request,
241 const base::Closure& callback) { 241 const ClientCertListCallback& callback) {
242 std::string server_domain = request.host_and_port.host(); 242 std::string server_domain = request.host_and_port.host();
243 243
244 ScopedCFTypeRef<SecIdentityRef> preferred_identity; 244 ScopedCFTypeRef<SecIdentityRef> preferred_identity;
245 if (!server_domain.empty()) { 245 if (!server_domain.empty()) {
246 // See if there's an identity preference for this domain: 246 // See if there's an identity preference for this domain:
247 ScopedCFTypeRef<CFStringRef> domain_str( 247 ScopedCFTypeRef<CFStringRef> domain_str(
248 base::SysUTF8ToCFStringRef("https://" + server_domain)); 248 base::SysUTF8ToCFStringRef("https://" + server_domain));
249 SecIdentityRef identity = NULL; 249 SecIdentityRef identity = NULL;
250 // While SecIdentityCopyPreferences appears to take a list of CA issuers 250 // While SecIdentityCopyPreferences appears to take a list of CA issuers
251 // to restrict the identity search to, within Security.framework the 251 // to restrict the identity search to, within Security.framework the
(...skipping 11 matching lines...) Expand all
263 scoped_refptr<X509Certificate> preferred_cert = NULL; 263 scoped_refptr<X509Certificate> preferred_cert = NULL;
264 CertificateList regular_certs; 264 CertificateList regular_certs;
265 265
266 SecIdentitySearchRef search = NULL; 266 SecIdentitySearchRef search = NULL;
267 OSStatus err; 267 OSStatus err;
268 { 268 {
269 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); 269 base::AutoLock lock(crypto::GetMacSecurityServicesLock());
270 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); 270 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search);
271 } 271 }
272 if (err) { 272 if (err) {
273 selected_certs->clear(); 273 callback.Run(CertificateList());
274 callback.Run();
275 return; 274 return;
276 } 275 }
277 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); 276 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search);
278 while (!err) { 277 while (!err) {
279 SecIdentityRef identity = NULL; 278 SecIdentityRef identity = NULL;
280 { 279 {
281 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); 280 base::AutoLock lock(crypto::GetMacSecurityServicesLock());
282 err = SecIdentitySearchCopyNext(search, &identity); 281 err = SecIdentitySearchCopyNext(search, &identity);
283 } 282 }
284 if (err) 283 if (err)
(...skipping 19 matching lines...) Expand all
304 // Only one certificate should match. 303 // Only one certificate should match.
305 DCHECK(!preferred_cert.get()); 304 DCHECK(!preferred_cert.get());
306 preferred_cert = cert; 305 preferred_cert = cert;
307 } else { 306 } else {
308 regular_certs.push_back(cert); 307 regular_certs.push_back(cert);
309 } 308 }
310 } 309 }
311 310
312 if (err != errSecItemNotFound) { 311 if (err != errSecItemNotFound) {
313 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; 312 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error";
314 selected_certs->clear(); 313 callback.Run(CertificateList());
315 callback.Run();
316 return; 314 return;
317 } 315 }
318 316
317 CertificateList selected_certs;
319 GetClientCertsImpl(preferred_cert, regular_certs, request, true, 318 GetClientCertsImpl(preferred_cert, regular_certs, request, true,
320 selected_certs); 319 &selected_certs);
321 callback.Run(); 320 callback.Run(std::move(selected_certs));
322 } 321 }
323 322
324 bool ClientCertStoreMac::SelectClientCertsForTesting( 323 bool ClientCertStoreMac::SelectClientCertsForTesting(
325 const CertificateList& input_certs, 324 const CertificateList& input_certs,
326 const SSLCertRequestInfo& request, 325 const SSLCertRequestInfo& request,
327 CertificateList* selected_certs) { 326 CertificateList* selected_certs) {
328 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs); 327 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs);
329 return true; 328 return true;
330 } 329 }
331 330
332 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( 331 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting(
333 const scoped_refptr<X509Certificate>& preferred_cert, 332 const scoped_refptr<X509Certificate>& preferred_cert,
334 const CertificateList& regular_certs, 333 const CertificateList& regular_certs,
335 const SSLCertRequestInfo& request, 334 const SSLCertRequestInfo& request,
336 CertificateList* selected_certs) { 335 CertificateList* selected_certs) {
337 GetClientCertsImpl( 336 GetClientCertsImpl(
338 preferred_cert, regular_certs, request, false, selected_certs); 337 preferred_cert, regular_certs, request, false, selected_certs);
339 return true; 338 return true;
340 } 339 }
341 340
342 #pragma clang diagnostic pop // "-Wdeprecated-declarations" 341 #pragma clang diagnostic pop // "-Wdeprecated-declarations"
343 342
344 } // namespace net 343 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/client_cert_store_mac.h ('k') | net/ssl/client_cert_store_nss.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698