OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/host/token_validator_base.h" | 5 #include "remoting/host/token_validator_base.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 HCERTSTORE cert_store = ::CertOpenStore( | 192 HCERTSTORE cert_store = ::CertOpenStore( |
193 CERT_STORE_PROV_SYSTEM, 0, NULL, | 193 CERT_STORE_PROV_SYSTEM, 0, NULL, |
194 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY"); | 194 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY"); |
195 client_cert_store = new net::ClientCertStoreWin(cert_store); | 195 client_cert_store = new net::ClientCertStoreWin(cert_store); |
196 #elif defined(OS_MACOSX) | 196 #elif defined(OS_MACOSX) |
197 client_cert_store = new net::ClientCertStoreMac(); | 197 client_cert_store = new net::ClientCertStoreMac(); |
198 #else | 198 #else |
199 // OpenSSL does not use the ClientCertStore infrastructure. | 199 // OpenSSL does not use the ClientCertStore infrastructure. |
200 client_cert_store = nullptr; | 200 client_cert_store = nullptr; |
201 #endif | 201 #endif |
202 // The callback is uncancellable, and GetClientCert requires selected_certs | 202 // The callback is uncancellable, and GetClientCert requires |
203 // and client_cert_store to stay alive until the callback is called. So we | 203 // client_cert_store to stay alive until the callback is called. So we must |
204 // must give it a WeakPtr for |this|, and ownership of the other parameters. | 204 // give it a WeakPtr for |this|, and ownership of the other parameters. |
205 net::CertificateList* selected_certs(new net::CertificateList()); | |
206 client_cert_store->GetClientCerts( | 205 client_cert_store->GetClientCerts( |
207 *cert_request_info, selected_certs, | 206 *cert_request_info, |
208 base::Bind(&TokenValidatorBase::OnCertificatesSelected, | 207 base::Bind(&TokenValidatorBase::OnCertificatesSelected, |
209 weak_factory_.GetWeakPtr(), base::Owned(selected_certs), | 208 weak_factory_.GetWeakPtr(), base::Owned(client_cert_store))); |
210 base::Owned(client_cert_store))); | |
211 } | 209 } |
212 | 210 |
213 void TokenValidatorBase::OnCertificatesSelected( | 211 void TokenValidatorBase::OnCertificatesSelected( |
214 net::CertificateList* selected_certs, | 212 net::ClientCertStore* unused, |
215 net::ClientCertStore* unused) { | 213 net::CertificateList selected_certs) { |
216 const std::string& issuer = | 214 const std::string& issuer = |
217 third_party_auth_config_.token_validation_cert_issuer; | 215 third_party_auth_config_.token_validation_cert_issuer; |
218 | 216 |
219 base::Time now = base::Time::Now(); | 217 base::Time now = base::Time::Now(); |
220 | 218 |
221 auto best_match_position = | 219 auto best_match_position = |
222 std::max_element(selected_certs->begin(), selected_certs->end(), | 220 std::max_element(selected_certs.begin(), selected_certs.end(), |
223 std::bind(&WorseThan, issuer, now, std::placeholders::_1, | 221 std::bind(&WorseThan, issuer, now, std::placeholders::_1, |
224 std::placeholders::_2)); | 222 std::placeholders::_2)); |
225 | 223 |
226 if (best_match_position == selected_certs->end() || | 224 if (best_match_position == selected_certs.end() || |
227 !IsCertificateValid(issuer, now, *best_match_position)) { | 225 !IsCertificateValid(issuer, now, *best_match_position)) { |
228 ContinueWithCertificate(nullptr, nullptr); | 226 ContinueWithCertificate(nullptr, nullptr); |
229 } else { | 227 } else { |
230 ContinueWithCertificate( | 228 ContinueWithCertificate( |
231 best_match_position->get(), | 229 best_match_position->get(), |
232 net::FetchClientCertPrivateKey(best_match_position->get()).get()); | 230 net::FetchClientCertPrivateKey(best_match_position->get()).get()); |
233 } | 231 } |
234 } | 232 } |
235 | 233 |
236 void TokenValidatorBase::ContinueWithCertificate( | 234 void TokenValidatorBase::ContinueWithCertificate( |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
283 return std::string(); | 281 return std::string(); |
284 } | 282 } |
285 | 283 |
286 std::string shared_secret; | 284 std::string shared_secret; |
287 // Everything is valid, so return the shared secret to the caller. | 285 // Everything is valid, so return the shared secret to the caller. |
288 dict->GetStringWithoutPathExpansion("access_token", &shared_secret); | 286 dict->GetStringWithoutPathExpansion("access_token", &shared_secret); |
289 return shared_secret; | 287 return shared_secret; |
290 } | 288 } |
291 | 289 |
292 } // namespace remoting | 290 } // namespace remoting |
OLD | NEW |