OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/host/token_validator_base.h" | 5 #include "remoting/host/token_validator_base.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 HCERTSTORE cert_store = ::CertOpenStore( | 192 HCERTSTORE cert_store = ::CertOpenStore( |
193 CERT_STORE_PROV_SYSTEM, 0, NULL, | 193 CERT_STORE_PROV_SYSTEM, 0, NULL, |
194 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY"); | 194 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY"); |
195 client_cert_store = new net::ClientCertStoreWin(cert_store); | 195 client_cert_store = new net::ClientCertStoreWin(cert_store); |
196 #elif defined(OS_MACOSX) | 196 #elif defined(OS_MACOSX) |
197 client_cert_store = new net::ClientCertStoreMac(); | 197 client_cert_store = new net::ClientCertStoreMac(); |
198 #else | 198 #else |
199 // OpenSSL does not use the ClientCertStore infrastructure. | 199 // OpenSSL does not use the ClientCertStore infrastructure. |
200 client_cert_store = nullptr; | 200 client_cert_store = nullptr; |
201 #endif | 201 #endif |
202 // The callback is uncancellable, and GetClientCert requires | 202 // The callback is uncancellable, and GetClientCert requires selected_certs |
203 // client_cert_store to stay alive until the callback is called. So we must | 203 // and client_cert_store to stay alive until the callback is called. So we |
204 // give it a WeakPtr for |this|, and ownership of the other parameters. | 204 // must give it a WeakPtr for |this|, and ownership of the other parameters. |
| 205 net::CertificateList* selected_certs(new net::CertificateList()); |
205 client_cert_store->GetClientCerts( | 206 client_cert_store->GetClientCerts( |
206 *cert_request_info, | 207 *cert_request_info, selected_certs, |
207 base::Bind(&TokenValidatorBase::OnCertificatesSelected, | 208 base::Bind(&TokenValidatorBase::OnCertificatesSelected, |
208 weak_factory_.GetWeakPtr(), base::Owned(client_cert_store))); | 209 weak_factory_.GetWeakPtr(), base::Owned(selected_certs), |
| 210 base::Owned(client_cert_store))); |
209 } | 211 } |
210 | 212 |
211 void TokenValidatorBase::OnCertificatesSelected( | 213 void TokenValidatorBase::OnCertificatesSelected( |
212 net::ClientCertStore* unused, | 214 net::CertificateList* selected_certs, |
213 net::CertificateList selected_certs) { | 215 net::ClientCertStore* unused) { |
214 const std::string& issuer = | 216 const std::string& issuer = |
215 third_party_auth_config_.token_validation_cert_issuer; | 217 third_party_auth_config_.token_validation_cert_issuer; |
216 | 218 |
217 base::Time now = base::Time::Now(); | 219 base::Time now = base::Time::Now(); |
218 | 220 |
219 auto best_match_position = | 221 auto best_match_position = |
220 std::max_element(selected_certs.begin(), selected_certs.end(), | 222 std::max_element(selected_certs->begin(), selected_certs->end(), |
221 std::bind(&WorseThan, issuer, now, std::placeholders::_1, | 223 std::bind(&WorseThan, issuer, now, std::placeholders::_1, |
222 std::placeholders::_2)); | 224 std::placeholders::_2)); |
223 | 225 |
224 if (best_match_position == selected_certs.end() || | 226 if (best_match_position == selected_certs->end() || |
225 !IsCertificateValid(issuer, now, *best_match_position)) { | 227 !IsCertificateValid(issuer, now, *best_match_position)) { |
226 ContinueWithCertificate(nullptr, nullptr); | 228 ContinueWithCertificate(nullptr, nullptr); |
227 } else { | 229 } else { |
228 ContinueWithCertificate( | 230 ContinueWithCertificate( |
229 best_match_position->get(), | 231 best_match_position->get(), |
230 net::FetchClientCertPrivateKey(best_match_position->get()).get()); | 232 net::FetchClientCertPrivateKey(best_match_position->get()).get()); |
231 } | 233 } |
232 } | 234 } |
233 | 235 |
234 void TokenValidatorBase::ContinueWithCertificate( | 236 void TokenValidatorBase::ContinueWithCertificate( |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
281 return std::string(); | 283 return std::string(); |
282 } | 284 } |
283 | 285 |
284 std::string shared_secret; | 286 std::string shared_secret; |
285 // Everything is valid, so return the shared secret to the caller. | 287 // Everything is valid, so return the shared secret to the caller. |
286 dict->GetStringWithoutPathExpansion("access_token", &shared_secret); | 288 dict->GetStringWithoutPathExpansion("access_token", &shared_secret); |
287 return shared_secret; | 289 return shared_secret; |
288 } | 290 } |
289 | 291 |
290 } // namespace remoting | 292 } // namespace remoting |
OLD | NEW |