| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_nss.h" | 5 #include "net/ssl/client_cert_store_nss.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <ssl.h> | 8 #include <ssl.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| 11 #include <memory> | 11 #include <memory> |
| 12 #include <utility> | 12 #include <utility> |
| 13 #include <vector> | 13 #include <vector> |
| 14 | 14 |
| 15 #include "base/bind.h" | 15 #include "base/bind.h" |
| 16 #include "base/bind_helpers.h" | 16 #include "base/bind_helpers.h" |
| 17 #include "base/location.h" | 17 #include "base/location.h" |
| 18 #include "base/logging.h" | 18 #include "base/logging.h" |
| 19 #include "base/strings/string_piece.h" | 19 #include "base/strings/string_piece.h" |
| 20 #include "base/task_runner_util.h" |
| 20 #include "base/threading/worker_pool.h" | 21 #include "base/threading/worker_pool.h" |
| 21 #include "crypto/nss_crypto_module_delegate.h" | 22 #include "crypto/nss_crypto_module_delegate.h" |
| 22 #include "net/cert/scoped_nss_types.h" | 23 #include "net/cert/scoped_nss_types.h" |
| 23 #include "net/cert/x509_util.h" | 24 #include "net/cert/x509_util.h" |
| 24 #include "net/ssl/ssl_cert_request_info.h" | 25 #include "net/ssl/ssl_cert_request_info.h" |
| 25 #include "net/third_party/nss/ssl/cmpcert.h" | 26 #include "net/third_party/nss/ssl/cmpcert.h" |
| 26 | 27 |
| 27 namespace net { | 28 namespace net { |
| 28 | 29 |
| 29 ClientCertStoreNSS::ClientCertStoreNSS( | 30 ClientCertStoreNSS::ClientCertStoreNSS( |
| 30 const PasswordDelegateFactory& password_delegate_factory) | 31 const PasswordDelegateFactory& password_delegate_factory) |
| 31 : password_delegate_factory_(password_delegate_factory) {} | 32 : password_delegate_factory_(password_delegate_factory) {} |
| 32 | 33 |
| 33 ClientCertStoreNSS::~ClientCertStoreNSS() {} | 34 ClientCertStoreNSS::~ClientCertStoreNSS() {} |
| 34 | 35 |
| 35 void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request, | 36 void ClientCertStoreNSS::GetClientCerts( |
| 36 CertificateList* selected_certs, | 37 const SSLCertRequestInfo& request, |
| 37 const base::Closure& callback) { | 38 const ClientCertListCallback& callback) { |
| 38 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 39 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| 39 password_delegate; | 40 password_delegate; |
| 40 if (!password_delegate_factory_.is_null()) { | 41 if (!password_delegate_factory_.is_null()) { |
| 41 password_delegate.reset( | 42 password_delegate.reset( |
| 42 password_delegate_factory_.Run(request.host_and_port)); | 43 password_delegate_factory_.Run(request.host_and_port)); |
| 43 } | 44 } |
| 44 if (base::WorkerPool::PostTaskAndReply( | 45 if (base::PostTaskAndReplyWithResult( |
| 46 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), |
| 45 FROM_HERE, | 47 FROM_HERE, |
| 46 base::Bind(&ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread, | 48 base::Bind(&ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread, |
| 47 // Caller is responsible for keeping the ClientCertStore | 49 // Caller is responsible for keeping the ClientCertStore |
| 48 // alive until the callback is run. | 50 // alive until the callback is run. |
| 49 base::Unretained(this), base::Passed(&password_delegate), | 51 base::Unretained(this), base::Passed(&password_delegate), |
| 50 &request, selected_certs), | 52 &request), |
| 51 callback, true)) { | 53 callback)) { |
| 52 return; | 54 return; |
| 53 } | 55 } |
| 54 // If the task could not be posted, behave as if there were no certificates | 56 // If the task could not be posted, behave as if there were no certificates. |
| 55 // which requires to clear |selected_certs|. | 57 callback.Run(CertificateList()); |
| 56 selected_certs->clear(); | |
| 57 callback.Run(); | |
| 58 } | 58 } |
| 59 | 59 |
| 60 // static | 60 // static |
| 61 void ClientCertStoreNSS::FilterCertsOnWorkerThread( | 61 void ClientCertStoreNSS::FilterCertsOnWorkerThread( |
| 62 const CertificateList& certs, | 62 const CertificateList& certs, |
| 63 const SSLCertRequestInfo& request, | 63 const SSLCertRequestInfo& request, |
| 64 CertificateList* filtered_certs) { | 64 CertificateList* filtered_certs) { |
| 65 DCHECK(filtered_certs); | 65 DCHECK(filtered_certs); |
| 66 | 66 |
| 67 filtered_certs->clear(); | 67 filtered_certs->clear(); |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 102 // |handle| was successfully parsed by |cert|, so this should never fail. | 102 // |handle| was successfully parsed by |cert|, so this should never fail. |
| 103 DCHECK(filtered_certs->back()); | 103 DCHECK(filtered_certs->back()); |
| 104 } | 104 } |
| 105 DVLOG(2) << "num_raw:" << num_raw | 105 DVLOG(2) << "num_raw:" << num_raw |
| 106 << " num_filtered:" << filtered_certs->size(); | 106 << " num_filtered:" << filtered_certs->size(); |
| 107 | 107 |
| 108 std::sort(filtered_certs->begin(), filtered_certs->end(), | 108 std::sort(filtered_certs->begin(), filtered_certs->end(), |
| 109 x509_util::ClientCertSorter()); | 109 x509_util::ClientCertSorter()); |
| 110 } | 110 } |
| 111 | 111 |
| 112 void ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread( | 112 CertificateList ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread( |
| 113 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 113 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| 114 password_delegate, | 114 password_delegate, |
| 115 const SSLCertRequestInfo* request, | 115 const SSLCertRequestInfo* request) { |
| 116 CertificateList* selected_certs) { | |
| 117 CertificateList platform_certs; | 116 CertificateList platform_certs; |
| 118 GetPlatformCertsOnWorkerThread(std::move(password_delegate), &platform_certs); | 117 GetPlatformCertsOnWorkerThread(std::move(password_delegate), &platform_certs); |
| 119 FilterCertsOnWorkerThread(platform_certs, *request, selected_certs); | 118 CertificateList selected_certs; |
| 119 FilterCertsOnWorkerThread(platform_certs, *request, &selected_certs); |
| 120 return selected_certs; |
| 120 } | 121 } |
| 121 | 122 |
| 122 // static | 123 // static |
| 123 void ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( | 124 void ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( |
| 124 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 125 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| 125 password_delegate, | 126 password_delegate, |
| 126 net::CertificateList* certs) { | 127 net::CertificateList* certs) { |
| 127 CERTCertList* found_certs = | 128 CERTCertList* found_certs = |
| 128 CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient, | 129 CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient, |
| 129 PR_FALSE, PR_FALSE, password_delegate.get()); | 130 PR_FALSE, PR_FALSE, password_delegate.get()); |
| 130 if (!found_certs) { | 131 if (!found_certs) { |
| 131 DVLOG(2) << "No client certs found."; | 132 DVLOG(2) << "No client certs found."; |
| 132 return; | 133 return; |
| 133 } | 134 } |
| 134 for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs); | 135 for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs); |
| 135 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { | 136 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { |
| 136 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | 137 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( |
| 137 node->cert, X509Certificate::OSCertHandles()); | 138 node->cert, X509Certificate::OSCertHandles()); |
| 138 if (!cert) { | 139 if (!cert) { |
| 139 DVLOG(2) << "X509Certificate::CreateFromHandle failed"; | 140 DVLOG(2) << "X509Certificate::CreateFromHandle failed"; |
| 140 continue; | 141 continue; |
| 141 } | 142 } |
| 142 certs->push_back(std::move(cert)); | 143 certs->push_back(std::move(cert)); |
| 143 } | 144 } |
| 144 CERT_DestroyCertList(found_certs); | 145 CERT_DestroyCertList(found_certs); |
| 145 } | 146 } |
| 146 | 147 |
| 147 } // namespace net | 148 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2838243002:
Remove client_certs from SSLCertRequestInfo. (Closed)
