| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/bind_helpers.h" | 12 #include "base/bind_helpers.h" |
| 13 #include "base/callback.h" | 13 #include "base/callback.h" |
| 14 #include "base/location.h" | 14 #include "base/location.h" |
| 15 #include "base/task_runner_util.h" | |
| 16 #include "base/threading/worker_pool.h" | 15 #include "base/threading/worker_pool.h" |
| 17 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | 16 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
| 18 #include "crypto/nss_crypto_module_delegate.h" | 17 #include "crypto/nss_crypto_module_delegate.h" |
| 19 #include "net/ssl/ssl_cert_request_info.h" | 18 #include "net/ssl/ssl_cert_request_info.h" |
| 20 | 19 |
| 21 namespace chromeos { | 20 namespace chromeos { |
| 22 | 21 |
| 23 namespace { | 22 namespace { |
| 24 | 23 |
| 25 class CertNotAllowedPredicate { | 24 class CertNotAllowedPredicate { |
| (...skipping 15 matching lines...) Expand all Loading... |
| 41 std::unique_ptr<CertificateProvider> cert_provider, | 40 std::unique_ptr<CertificateProvider> cert_provider, |
| 42 std::unique_ptr<CertFilter> cert_filter, | 41 std::unique_ptr<CertFilter> cert_filter, |
| 43 const PasswordDelegateFactory& password_delegate_factory) | 42 const PasswordDelegateFactory& password_delegate_factory) |
| 44 : cert_provider_(std::move(cert_provider)), | 43 : cert_provider_(std::move(cert_provider)), |
| 45 cert_filter_(std::move(cert_filter)) {} | 44 cert_filter_(std::move(cert_filter)) {} |
| 46 | 45 |
| 47 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} | 46 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} |
| 48 | 47 |
| 49 void ClientCertStoreChromeOS::GetClientCerts( | 48 void ClientCertStoreChromeOS::GetClientCerts( |
| 50 const net::SSLCertRequestInfo& cert_request_info, | 49 const net::SSLCertRequestInfo& cert_request_info, |
| 51 const ClientCertListCallback& callback) { | 50 net::CertificateList* selected_certs, |
| 51 const base::Closure& callback) { |
| 52 // Caller is responsible for keeping the ClientCertStore alive until the | 52 // Caller is responsible for keeping the ClientCertStore alive until the |
| 53 // callback is run. | 53 // callback is run. |
| 54 base::Callback<void(const net::CertificateList&)> | 54 base::Callback<void(const net::CertificateList&)> |
| 55 get_platform_certs_and_filter = | 55 get_platform_certs_and_filter = base::Bind( |
| 56 base::Bind(&ClientCertStoreChromeOS::GotAdditionalCerts, | 56 &ClientCertStoreChromeOS::GotAdditionalCerts, base::Unretained(this), |
| 57 base::Unretained(this), &cert_request_info, callback); | 57 &cert_request_info, selected_certs, callback); |
| 58 | 58 |
| 59 base::Closure get_additional_certs_and_continue; | 59 base::Closure get_additional_certs_and_continue; |
| 60 if (cert_provider_) { | 60 if (cert_provider_) { |
| 61 get_additional_certs_and_continue = base::Bind( | 61 get_additional_certs_and_continue = base::Bind( |
| 62 &CertificateProvider::GetCertificates, | 62 &CertificateProvider::GetCertificates, |
| 63 base::Unretained(cert_provider_.get()), get_platform_certs_and_filter); | 63 base::Unretained(cert_provider_.get()), get_platform_certs_and_filter); |
| 64 } else { | 64 } else { |
| 65 get_additional_certs_and_continue = | 65 get_additional_certs_and_continue = |
| 66 base::Bind(get_platform_certs_and_filter, net::CertificateList()); | 66 base::Bind(get_platform_certs_and_filter, net::CertificateList()); |
| 67 } | 67 } |
| 68 | 68 |
| 69 if (cert_filter_->Init(get_additional_certs_and_continue)) | 69 if (cert_filter_->Init(get_additional_certs_and_continue)) |
| 70 get_additional_certs_and_continue.Run(); | 70 get_additional_certs_and_continue.Run(); |
| 71 } | 71 } |
| 72 | 72 |
| 73 void ClientCertStoreChromeOS::GotAdditionalCerts( | 73 void ClientCertStoreChromeOS::GotAdditionalCerts( |
| 74 const net::SSLCertRequestInfo* request, | 74 const net::SSLCertRequestInfo* request, |
| 75 const ClientCertListCallback& callback, | 75 net::CertificateList* selected_certs, |
| 76 const base::Closure& callback, |
| 76 const net::CertificateList& additional_certs) { | 77 const net::CertificateList& additional_certs) { |
| 77 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 78 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| 78 password_delegate; | 79 password_delegate; |
| 79 if (!password_delegate_factory_.is_null()) { | 80 if (!password_delegate_factory_.is_null()) { |
| 80 password_delegate.reset( | 81 password_delegate.reset( |
| 81 password_delegate_factory_.Run(request->host_and_port)); | 82 password_delegate_factory_.Run(request->host_and_port)); |
| 82 } | 83 } |
| 83 if (base::PostTaskAndReplyWithResult( | 84 if (base::WorkerPool::PostTaskAndReply( |
| 84 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), | |
| 85 FROM_HERE, | 85 FROM_HERE, |
| 86 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, | 86 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, |
| 87 base::Unretained(this), base::Passed(&password_delegate), | 87 base::Unretained(this), base::Passed(&password_delegate), |
| 88 request, additional_certs), | 88 request, additional_certs, selected_certs), |
| 89 callback)) { | 89 callback, true)) { |
| 90 return; | 90 return; |
| 91 } | 91 } |
| 92 // If the task could not be posted, behave as if there were no certificates. | 92 // If the task could not be posted, behave as if there were no certificates |
| 93 callback.Run(net::CertificateList()); | 93 // which requires to clear |selected_certs|. |
| 94 selected_certs->clear(); |
| 95 callback.Run(); |
| 94 } | 96 } |
| 95 | 97 |
| 96 net::CertificateList ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( | 98 void ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( |
| 97 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 99 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| 98 password_delegate, | 100 password_delegate, |
| 99 const net::SSLCertRequestInfo* request, | 101 const net::SSLCertRequestInfo* request, |
| 100 const net::CertificateList& additional_certs) { | 102 const net::CertificateList& additional_certs, |
| 103 net::CertificateList* selected_certs) { |
| 101 net::CertificateList unfiltered_certs; | 104 net::CertificateList unfiltered_certs; |
| 102 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( | 105 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( |
| 103 std::move(password_delegate), &unfiltered_certs); | 106 std::move(password_delegate), &unfiltered_certs); |
| 104 | 107 |
| 105 unfiltered_certs.erase( | 108 unfiltered_certs.erase( |
| 106 std::remove_if(unfiltered_certs.begin(), unfiltered_certs.end(), | 109 std::remove_if(unfiltered_certs.begin(), unfiltered_certs.end(), |
| 107 CertNotAllowedPredicate(cert_filter_.get())), | 110 CertNotAllowedPredicate(cert_filter_.get())), |
| 108 unfiltered_certs.end()); | 111 unfiltered_certs.end()); |
| 109 | 112 |
| 110 unfiltered_certs.insert(unfiltered_certs.end(), additional_certs.begin(), | 113 unfiltered_certs.insert(unfiltered_certs.end(), additional_certs.begin(), |
| 111 additional_certs.end()); | 114 additional_certs.end()); |
| 112 | 115 |
| 113 net::CertificateList selected_certs; | |
| 114 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(unfiltered_certs, *request, | 116 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(unfiltered_certs, *request, |
| 115 &selected_certs); | 117 selected_certs); |
| 116 return selected_certs; | |
| 117 } | 118 } |
| 118 | 119 |
| 119 } // namespace chromeos | 120 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2848313003:
Revert of Remove client_certs from SSLCertRequestInfo. (Closed)
