Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(699)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/host/token_validator_base.cc

Issue 2838243002: Remove client_certs from SSLCertRequestInfo. (Closed)
Patch Set: revert stray whitespace change Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « remoting/host/token_validator_base.h ('k') | remoting/host/token_validator_base_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/host/token_validator_base.h" 5 #include "remoting/host/token_validator_base.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include "base/base64.h" 9 #include "base/base64.h"
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after
192 HCERTSTORE cert_store = ::CertOpenStore( 192 HCERTSTORE cert_store = ::CertOpenStore(
193 CERT_STORE_PROV_SYSTEM, 0, NULL, 193 CERT_STORE_PROV_SYSTEM, 0, NULL,
194 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY"); 194 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY");
195 client_cert_store = new net::ClientCertStoreWin(cert_store); 195 client_cert_store = new net::ClientCertStoreWin(cert_store);
196 #elif defined(OS_MACOSX) 196 #elif defined(OS_MACOSX)
197 client_cert_store = new net::ClientCertStoreMac(); 197 client_cert_store = new net::ClientCertStoreMac();
198 #else 198 #else
199 // OpenSSL does not use the ClientCertStore infrastructure. 199 // OpenSSL does not use the ClientCertStore infrastructure.
200 client_cert_store = nullptr; 200 client_cert_store = nullptr;
201 #endif 201 #endif
202 // The callback is uncancellable, and GetClientCert requires selected_certs 202 // The callback is uncancellable, and GetClientCert requires
203 // and client_cert_store to stay alive until the callback is called. So we 203 // client_cert_store to stay alive until the callback is called. So we must
204 // must give it a WeakPtr for |this|, and ownership of the other parameters. 204 // give it a WeakPtr for |this|, and ownership of the other parameters.
205 net::CertificateList* selected_certs(new net::CertificateList());
206 client_cert_store->GetClientCerts( 205 client_cert_store->GetClientCerts(
207 *cert_request_info, selected_certs, 206 *cert_request_info,
208 base::Bind(&TokenValidatorBase::OnCertificatesSelected, 207 base::Bind(&TokenValidatorBase::OnCertificatesSelected,
209 weak_factory_.GetWeakPtr(), base::Owned(selected_certs), 208 weak_factory_.GetWeakPtr(), base::Owned(client_cert_store)));
210 base::Owned(client_cert_store)));
211 } 209 }
212 210
213 void TokenValidatorBase::OnCertificatesSelected( 211 void TokenValidatorBase::OnCertificatesSelected(
214 net::CertificateList* selected_certs, 212 net::ClientCertStore* unused,
215 net::ClientCertStore* unused) { 213 net::CertificateList selected_certs) {
216 const std::string& issuer = 214 const std::string& issuer =
217 third_party_auth_config_.token_validation_cert_issuer; 215 third_party_auth_config_.token_validation_cert_issuer;
218 216
219 base::Time now = base::Time::Now(); 217 base::Time now = base::Time::Now();
220 218
221 auto best_match_position = 219 auto best_match_position =
222 std::max_element(selected_certs->begin(), selected_certs->end(), 220 std::max_element(selected_certs.begin(), selected_certs.end(),
223 std::bind(&WorseThan, issuer, now, std::placeholders::_1, 221 std::bind(&WorseThan, issuer, now, std::placeholders::_1,
224 std::placeholders::_2)); 222 std::placeholders::_2));
225 223
226 if (best_match_position == selected_certs->end() || 224 if (best_match_position == selected_certs.end() ||
227 !IsCertificateValid(issuer, now, *best_match_position)) { 225 !IsCertificateValid(issuer, now, *best_match_position)) {
228 ContinueWithCertificate(nullptr, nullptr); 226 ContinueWithCertificate(nullptr, nullptr);
229 } else { 227 } else {
230 ContinueWithCertificate( 228 ContinueWithCertificate(
231 best_match_position->get(), 229 best_match_position->get(),
232 net::FetchClientCertPrivateKey(best_match_position->get()).get()); 230 net::FetchClientCertPrivateKey(best_match_position->get()).get());
233 } 231 }
234 } 232 }
235 233
236 void TokenValidatorBase::ContinueWithCertificate( 234 void TokenValidatorBase::ContinueWithCertificate(
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
283 return std::string(); 281 return std::string();
284 } 282 }
285 283
286 std::string shared_secret; 284 std::string shared_secret;
287 // Everything is valid, so return the shared secret to the caller. 285 // Everything is valid, so return the shared secret to the caller.
288 dict->GetStringWithoutPathExpansion("access_token", &shared_secret); 286 dict->GetStringWithoutPathExpansion("access_token", &shared_secret);
289 return shared_secret; 287 return shared_secret;
290 } 288 }
291 289
292 } // namespace remoting 290 } // namespace remoting
OLDNEW
« no previous file with comments | « remoting/host/token_validator_base.h ('k') | remoting/host/token_validator_base_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698