OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_mac.h" | 5 #include "net/ssl/client_cert_store_mac.h" |
6 | 6 |
7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
8 #include <CoreFoundation/CFArray.h> | 8 #include <CoreFoundation/CFArray.h> |
9 #include <CoreServices/CoreServices.h> | 9 #include <CoreServices/CoreServices.h> |
10 #include <Security/SecBase.h> | 10 #include <Security/SecBase.h> |
(...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
229 } | 229 } |
230 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); | 230 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); |
231 } | 231 } |
232 | 232 |
233 } // namespace | 233 } // namespace |
234 | 234 |
235 ClientCertStoreMac::ClientCertStoreMac() {} | 235 ClientCertStoreMac::ClientCertStoreMac() {} |
236 | 236 |
237 ClientCertStoreMac::~ClientCertStoreMac() {} | 237 ClientCertStoreMac::~ClientCertStoreMac() {} |
238 | 238 |
239 void ClientCertStoreMac::GetClientCerts( | 239 void ClientCertStoreMac::GetClientCerts(const SSLCertRequestInfo& request, |
240 const SSLCertRequestInfo& request, | 240 CertificateList* selected_certs, |
241 const ClientCertListCallback& callback) { | 241 const base::Closure& callback) { |
242 std::string server_domain = request.host_and_port.host(); | 242 std::string server_domain = request.host_and_port.host(); |
243 | 243 |
244 ScopedCFTypeRef<SecIdentityRef> preferred_identity; | 244 ScopedCFTypeRef<SecIdentityRef> preferred_identity; |
245 if (!server_domain.empty()) { | 245 if (!server_domain.empty()) { |
246 // See if there's an identity preference for this domain: | 246 // See if there's an identity preference for this domain: |
247 ScopedCFTypeRef<CFStringRef> domain_str( | 247 ScopedCFTypeRef<CFStringRef> domain_str( |
248 base::SysUTF8ToCFStringRef("https://" + server_domain)); | 248 base::SysUTF8ToCFStringRef("https://" + server_domain)); |
249 SecIdentityRef identity = NULL; | 249 SecIdentityRef identity = NULL; |
250 // While SecIdentityCopyPreferences appears to take a list of CA issuers | 250 // While SecIdentityCopyPreferences appears to take a list of CA issuers |
251 // to restrict the identity search to, within Security.framework the | 251 // to restrict the identity search to, within Security.framework the |
(...skipping 11 matching lines...) Expand all Loading... |
263 scoped_refptr<X509Certificate> preferred_cert = NULL; | 263 scoped_refptr<X509Certificate> preferred_cert = NULL; |
264 CertificateList regular_certs; | 264 CertificateList regular_certs; |
265 | 265 |
266 SecIdentitySearchRef search = NULL; | 266 SecIdentitySearchRef search = NULL; |
267 OSStatus err; | 267 OSStatus err; |
268 { | 268 { |
269 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 269 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
270 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); | 270 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); |
271 } | 271 } |
272 if (err) { | 272 if (err) { |
273 callback.Run(CertificateList()); | 273 selected_certs->clear(); |
| 274 callback.Run(); |
274 return; | 275 return; |
275 } | 276 } |
276 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); | 277 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); |
277 while (!err) { | 278 while (!err) { |
278 SecIdentityRef identity = NULL; | 279 SecIdentityRef identity = NULL; |
279 { | 280 { |
280 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 281 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
281 err = SecIdentitySearchCopyNext(search, &identity); | 282 err = SecIdentitySearchCopyNext(search, &identity); |
282 } | 283 } |
283 if (err) | 284 if (err) |
(...skipping 19 matching lines...) Expand all Loading... |
303 // Only one certificate should match. | 304 // Only one certificate should match. |
304 DCHECK(!preferred_cert.get()); | 305 DCHECK(!preferred_cert.get()); |
305 preferred_cert = cert; | 306 preferred_cert = cert; |
306 } else { | 307 } else { |
307 regular_certs.push_back(cert); | 308 regular_certs.push_back(cert); |
308 } | 309 } |
309 } | 310 } |
310 | 311 |
311 if (err != errSecItemNotFound) { | 312 if (err != errSecItemNotFound) { |
312 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; | 313 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; |
313 callback.Run(CertificateList()); | 314 selected_certs->clear(); |
| 315 callback.Run(); |
314 return; | 316 return; |
315 } | 317 } |
316 | 318 |
317 CertificateList selected_certs; | |
318 GetClientCertsImpl(preferred_cert, regular_certs, request, true, | 319 GetClientCertsImpl(preferred_cert, regular_certs, request, true, |
319 &selected_certs); | 320 selected_certs); |
320 callback.Run(std::move(selected_certs)); | 321 callback.Run(); |
321 } | 322 } |
322 | 323 |
323 bool ClientCertStoreMac::SelectClientCertsForTesting( | 324 bool ClientCertStoreMac::SelectClientCertsForTesting( |
324 const CertificateList& input_certs, | 325 const CertificateList& input_certs, |
325 const SSLCertRequestInfo& request, | 326 const SSLCertRequestInfo& request, |
326 CertificateList* selected_certs) { | 327 CertificateList* selected_certs) { |
327 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs); | 328 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs); |
328 return true; | 329 return true; |
329 } | 330 } |
330 | 331 |
331 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( | 332 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( |
332 const scoped_refptr<X509Certificate>& preferred_cert, | 333 const scoped_refptr<X509Certificate>& preferred_cert, |
333 const CertificateList& regular_certs, | 334 const CertificateList& regular_certs, |
334 const SSLCertRequestInfo& request, | 335 const SSLCertRequestInfo& request, |
335 CertificateList* selected_certs) { | 336 CertificateList* selected_certs) { |
336 GetClientCertsImpl( | 337 GetClientCertsImpl( |
337 preferred_cert, regular_certs, request, false, selected_certs); | 338 preferred_cert, regular_certs, request, false, selected_certs); |
338 return true; | 339 return true; |
339 } | 340 } |
340 | 341 |
341 #pragma clang diagnostic pop // "-Wdeprecated-declarations" | 342 #pragma clang diagnostic pop // "-Wdeprecated-declarations" |
342 | 343 |
343 } // namespace net | 344 } // namespace net |
OLD | NEW |