OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_mac.h" | 5 #include "net/ssl/client_cert_store_mac.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreFoundation/CFArray.h> | 8 #include <CoreFoundation/CFArray.h> |
9 #include <CoreServices/CoreServices.h> | 9 #include <CoreServices/CoreServices.h> |
10 #include <Security/SecBase.h> | 10 #include <Security/SecBase.h> |
(...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
229 } | 229 } |
230 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); | 230 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); |
231 } | 231 } |
232 | 232 |
233 } // namespace | 233 } // namespace |
234 | 234 |
235 ClientCertStoreMac::ClientCertStoreMac() {} | 235 ClientCertStoreMac::ClientCertStoreMac() {} |
236 | 236 |
237 ClientCertStoreMac::~ClientCertStoreMac() {} | 237 ClientCertStoreMac::~ClientCertStoreMac() {} |
238 | 238 |
239 void ClientCertStoreMac::GetClientCerts(const SSLCertRequestInfo& request, | 239 void ClientCertStoreMac::GetClientCerts( |
240 CertificateList* selected_certs, | 240 const SSLCertRequestInfo& request, |
241 const base::Closure& callback) { | 241 const ClientCertListCallback& callback) { |
242 std::string server_domain = request.host_and_port.host(); | 242 std::string server_domain = request.host_and_port.host(); |
243 | 243 |
244 ScopedCFTypeRef<SecIdentityRef> preferred_identity; | 244 ScopedCFTypeRef<SecIdentityRef> preferred_identity; |
245 if (!server_domain.empty()) { | 245 if (!server_domain.empty()) { |
246 // See if there's an identity preference for this domain: | 246 // See if there's an identity preference for this domain: |
247 ScopedCFTypeRef<CFStringRef> domain_str( | 247 ScopedCFTypeRef<CFStringRef> domain_str( |
248 base::SysUTF8ToCFStringRef("https://" + server_domain)); | 248 base::SysUTF8ToCFStringRef("https://" + server_domain)); |
249 SecIdentityRef identity = NULL; | 249 SecIdentityRef identity = NULL; |
250 // While SecIdentityCopyPreferences appears to take a list of CA issuers | 250 // While SecIdentityCopyPreferences appears to take a list of CA issuers |
251 // to restrict the identity search to, within Security.framework the | 251 // to restrict the identity search to, within Security.framework the |
(...skipping 11 matching lines...) Expand all Loading... |
263 scoped_refptr<X509Certificate> preferred_cert = NULL; | 263 scoped_refptr<X509Certificate> preferred_cert = NULL; |
264 CertificateList regular_certs; | 264 CertificateList regular_certs; |
265 | 265 |
266 SecIdentitySearchRef search = NULL; | 266 SecIdentitySearchRef search = NULL; |
267 OSStatus err; | 267 OSStatus err; |
268 { | 268 { |
269 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 269 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
270 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); | 270 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); |
271 } | 271 } |
272 if (err) { | 272 if (err) { |
273 selected_certs->clear(); | 273 callback.Run(CertificateList()); |
274 callback.Run(); | |
275 return; | 274 return; |
276 } | 275 } |
277 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); | 276 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); |
278 while (!err) { | 277 while (!err) { |
279 SecIdentityRef identity = NULL; | 278 SecIdentityRef identity = NULL; |
280 { | 279 { |
281 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 280 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
282 err = SecIdentitySearchCopyNext(search, &identity); | 281 err = SecIdentitySearchCopyNext(search, &identity); |
283 } | 282 } |
284 if (err) | 283 if (err) |
(...skipping 19 matching lines...) Expand all Loading... |
304 // Only one certificate should match. | 303 // Only one certificate should match. |
305 DCHECK(!preferred_cert.get()); | 304 DCHECK(!preferred_cert.get()); |
306 preferred_cert = cert; | 305 preferred_cert = cert; |
307 } else { | 306 } else { |
308 regular_certs.push_back(cert); | 307 regular_certs.push_back(cert); |
309 } | 308 } |
310 } | 309 } |
311 | 310 |
312 if (err != errSecItemNotFound) { | 311 if (err != errSecItemNotFound) { |
313 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; | 312 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; |
314 selected_certs->clear(); | 313 callback.Run(CertificateList()); |
315 callback.Run(); | |
316 return; | 314 return; |
317 } | 315 } |
318 | 316 |
| 317 CertificateList selected_certs; |
319 GetClientCertsImpl(preferred_cert, regular_certs, request, true, | 318 GetClientCertsImpl(preferred_cert, regular_certs, request, true, |
320 selected_certs); | 319 &selected_certs); |
321 callback.Run(); | 320 callback.Run(std::move(selected_certs)); |
322 } | 321 } |
323 | 322 |
324 bool ClientCertStoreMac::SelectClientCertsForTesting( | 323 bool ClientCertStoreMac::SelectClientCertsForTesting( |
325 const CertificateList& input_certs, | 324 const CertificateList& input_certs, |
326 const SSLCertRequestInfo& request, | 325 const SSLCertRequestInfo& request, |
327 CertificateList* selected_certs) { | 326 CertificateList* selected_certs) { |
328 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs); | 327 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs); |
329 return true; | 328 return true; |
330 } | 329 } |
331 | 330 |
332 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( | 331 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( |
333 const scoped_refptr<X509Certificate>& preferred_cert, | 332 const scoped_refptr<X509Certificate>& preferred_cert, |
334 const CertificateList& regular_certs, | 333 const CertificateList& regular_certs, |
335 const SSLCertRequestInfo& request, | 334 const SSLCertRequestInfo& request, |
336 CertificateList* selected_certs) { | 335 CertificateList* selected_certs) { |
337 GetClientCertsImpl( | 336 GetClientCertsImpl( |
338 preferred_cert, regular_certs, request, false, selected_certs); | 337 preferred_cert, regular_certs, request, false, selected_certs); |
339 return true; | 338 return true; |
340 } | 339 } |
341 | 340 |
342 #pragma clang diagnostic pop // "-Wdeprecated-declarations" | 341 #pragma clang diagnostic pop // "-Wdeprecated-declarations" |
343 | 342 |
344 } // namespace net | 343 } // namespace net |
OLD | NEW |