| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_mac.h" | 5 #include "net/ssl/client_cert_store_mac.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreFoundation/CFArray.h> | 8 #include <CoreFoundation/CFArray.h> |
| 9 #include <CoreServices/CoreServices.h> | 9 #include <CoreServices/CoreServices.h> |
| 10 #include <Security/SecBase.h> | 10 #include <Security/SecBase.h> |
| (...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 229 } | 229 } |
| 230 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); | 230 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); |
| 231 } | 231 } |
| 232 | 232 |
| 233 } // namespace | 233 } // namespace |
| 234 | 234 |
| 235 ClientCertStoreMac::ClientCertStoreMac() {} | 235 ClientCertStoreMac::ClientCertStoreMac() {} |
| 236 | 236 |
| 237 ClientCertStoreMac::~ClientCertStoreMac() {} | 237 ClientCertStoreMac::~ClientCertStoreMac() {} |
| 238 | 238 |
| 239 void ClientCertStoreMac::GetClientCerts( | 239 void ClientCertStoreMac::GetClientCerts(const SSLCertRequestInfo& request, |
| 240 const SSLCertRequestInfo& request, | 240 CertificateList* selected_certs, |
| 241 const ClientCertListCallback& callback) { | 241 const base::Closure& callback) { |
| 242 std::string server_domain = request.host_and_port.host(); | 242 std::string server_domain = request.host_and_port.host(); |
| 243 | 243 |
| 244 ScopedCFTypeRef<SecIdentityRef> preferred_identity; | 244 ScopedCFTypeRef<SecIdentityRef> preferred_identity; |
| 245 if (!server_domain.empty()) { | 245 if (!server_domain.empty()) { |
| 246 // See if there's an identity preference for this domain: | 246 // See if there's an identity preference for this domain: |
| 247 ScopedCFTypeRef<CFStringRef> domain_str( | 247 ScopedCFTypeRef<CFStringRef> domain_str( |
| 248 base::SysUTF8ToCFStringRef("https://" + server_domain)); | 248 base::SysUTF8ToCFStringRef("https://" + server_domain)); |
| 249 SecIdentityRef identity = NULL; | 249 SecIdentityRef identity = NULL; |
| 250 // While SecIdentityCopyPreferences appears to take a list of CA issuers | 250 // While SecIdentityCopyPreferences appears to take a list of CA issuers |
| 251 // to restrict the identity search to, within Security.framework the | 251 // to restrict the identity search to, within Security.framework the |
| (...skipping 11 matching lines...) Expand all Loading... |
| 263 scoped_refptr<X509Certificate> preferred_cert = NULL; | 263 scoped_refptr<X509Certificate> preferred_cert = NULL; |
| 264 CertificateList regular_certs; | 264 CertificateList regular_certs; |
| 265 | 265 |
| 266 SecIdentitySearchRef search = NULL; | 266 SecIdentitySearchRef search = NULL; |
| 267 OSStatus err; | 267 OSStatus err; |
| 268 { | 268 { |
| 269 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 269 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
| 270 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); | 270 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); |
| 271 } | 271 } |
| 272 if (err) { | 272 if (err) { |
| 273 callback.Run(CertificateList()); | 273 selected_certs->clear(); |
| 274 callback.Run(); |
| 274 return; | 275 return; |
| 275 } | 276 } |
| 276 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); | 277 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); |
| 277 while (!err) { | 278 while (!err) { |
| 278 SecIdentityRef identity = NULL; | 279 SecIdentityRef identity = NULL; |
| 279 { | 280 { |
| 280 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 281 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
| 281 err = SecIdentitySearchCopyNext(search, &identity); | 282 err = SecIdentitySearchCopyNext(search, &identity); |
| 282 } | 283 } |
| 283 if (err) | 284 if (err) |
| (...skipping 19 matching lines...) Expand all Loading... |
| 303 // Only one certificate should match. | 304 // Only one certificate should match. |
| 304 DCHECK(!preferred_cert.get()); | 305 DCHECK(!preferred_cert.get()); |
| 305 preferred_cert = cert; | 306 preferred_cert = cert; |
| 306 } else { | 307 } else { |
| 307 regular_certs.push_back(cert); | 308 regular_certs.push_back(cert); |
| 308 } | 309 } |
| 309 } | 310 } |
| 310 | 311 |
| 311 if (err != errSecItemNotFound) { | 312 if (err != errSecItemNotFound) { |
| 312 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; | 313 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; |
| 313 callback.Run(CertificateList()); | 314 selected_certs->clear(); |
| 315 callback.Run(); |
| 314 return; | 316 return; |
| 315 } | 317 } |
| 316 | 318 |
| 317 CertificateList selected_certs; | |
| 318 GetClientCertsImpl(preferred_cert, regular_certs, request, true, | 319 GetClientCertsImpl(preferred_cert, regular_certs, request, true, |
| 319 &selected_certs); | 320 selected_certs); |
| 320 callback.Run(std::move(selected_certs)); | 321 callback.Run(); |
| 321 } | 322 } |
| 322 | 323 |
| 323 bool ClientCertStoreMac::SelectClientCertsForTesting( | 324 bool ClientCertStoreMac::SelectClientCertsForTesting( |
| 324 const CertificateList& input_certs, | 325 const CertificateList& input_certs, |
| 325 const SSLCertRequestInfo& request, | 326 const SSLCertRequestInfo& request, |
| 326 CertificateList* selected_certs) { | 327 CertificateList* selected_certs) { |
| 327 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs); | 328 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs); |
| 328 return true; | 329 return true; |
| 329 } | 330 } |
| 330 | 331 |
| 331 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( | 332 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( |
| 332 const scoped_refptr<X509Certificate>& preferred_cert, | 333 const scoped_refptr<X509Certificate>& preferred_cert, |
| 333 const CertificateList& regular_certs, | 334 const CertificateList& regular_certs, |
| 334 const SSLCertRequestInfo& request, | 335 const SSLCertRequestInfo& request, |
| 335 CertificateList* selected_certs) { | 336 CertificateList* selected_certs) { |
| 336 GetClientCertsImpl( | 337 GetClientCertsImpl( |
| 337 preferred_cert, regular_certs, request, false, selected_certs); | 338 preferred_cert, regular_certs, request, false, selected_certs); |
| 338 return true; | 339 return true; |
| 339 } | 340 } |
| 340 | 341 |
| 341 #pragma clang diagnostic pop // "-Wdeprecated-declarations" | 342 #pragma clang diagnostic pop // "-Wdeprecated-declarations" |
| 342 | 343 |
| 343 } // namespace net | 344 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2848313003:
Revert of Remove client_certs from SSLCertRequestInfo. (Closed)
