Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(570)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/host/token_validator_base.cc

Issue 2848313003: Revert of Remove client_certs from SSLCertRequestInfo. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « remoting/host/token_validator_base.h ('k') | remoting/host/token_validator_base_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/host/token_validator_base.h" 5 #include "remoting/host/token_validator_base.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include "base/base64.h" 9 #include "base/base64.h"
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after
192 HCERTSTORE cert_store = ::CertOpenStore( 192 HCERTSTORE cert_store = ::CertOpenStore(
193 CERT_STORE_PROV_SYSTEM, 0, NULL, 193 CERT_STORE_PROV_SYSTEM, 0, NULL,
194 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY"); 194 CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG, L"MY");
195 client_cert_store = new net::ClientCertStoreWin(cert_store); 195 client_cert_store = new net::ClientCertStoreWin(cert_store);
196 #elif defined(OS_MACOSX) 196 #elif defined(OS_MACOSX)
197 client_cert_store = new net::ClientCertStoreMac(); 197 client_cert_store = new net::ClientCertStoreMac();
198 #else 198 #else
199 // OpenSSL does not use the ClientCertStore infrastructure. 199 // OpenSSL does not use the ClientCertStore infrastructure.
200 client_cert_store = nullptr; 200 client_cert_store = nullptr;
201 #endif 201 #endif
202 // The callback is uncancellable, and GetClientCert requires 202 // The callback is uncancellable, and GetClientCert requires selected_certs
203 // client_cert_store to stay alive until the callback is called. So we must 203 // and client_cert_store to stay alive until the callback is called. So we
204 // give it a WeakPtr for |this|, and ownership of the other parameters. 204 // must give it a WeakPtr for |this|, and ownership of the other parameters.
205 net::CertificateList* selected_certs(new net::CertificateList());
205 client_cert_store->GetClientCerts( 206 client_cert_store->GetClientCerts(
206 *cert_request_info, 207 *cert_request_info, selected_certs,
207 base::Bind(&TokenValidatorBase::OnCertificatesSelected, 208 base::Bind(&TokenValidatorBase::OnCertificatesSelected,
208 weak_factory_.GetWeakPtr(), base::Owned(client_cert_store))); 209 weak_factory_.GetWeakPtr(), base::Owned(selected_certs),
210 base::Owned(client_cert_store)));
209 } 211 }
210 212
211 void TokenValidatorBase::OnCertificatesSelected( 213 void TokenValidatorBase::OnCertificatesSelected(
212 net::ClientCertStore* unused, 214 net::CertificateList* selected_certs,
213 net::CertificateList selected_certs) { 215 net::ClientCertStore* unused) {
214 const std::string& issuer = 216 const std::string& issuer =
215 third_party_auth_config_.token_validation_cert_issuer; 217 third_party_auth_config_.token_validation_cert_issuer;
216 218
217 base::Time now = base::Time::Now(); 219 base::Time now = base::Time::Now();
218 220
219 auto best_match_position = 221 auto best_match_position =
220 std::max_element(selected_certs.begin(), selected_certs.end(), 222 std::max_element(selected_certs->begin(), selected_certs->end(),
221 std::bind(&WorseThan, issuer, now, std::placeholders::_1, 223 std::bind(&WorseThan, issuer, now, std::placeholders::_1,
222 std::placeholders::_2)); 224 std::placeholders::_2));
223 225
224 if (best_match_position == selected_certs.end() || 226 if (best_match_position == selected_certs->end() ||
225 !IsCertificateValid(issuer, now, *best_match_position)) { 227 !IsCertificateValid(issuer, now, *best_match_position)) {
226 ContinueWithCertificate(nullptr, nullptr); 228 ContinueWithCertificate(nullptr, nullptr);
227 } else { 229 } else {
228 ContinueWithCertificate( 230 ContinueWithCertificate(
229 best_match_position->get(), 231 best_match_position->get(),
230 net::FetchClientCertPrivateKey(best_match_position->get()).get()); 232 net::FetchClientCertPrivateKey(best_match_position->get()).get());
231 } 233 }
232 } 234 }
233 235
234 void TokenValidatorBase::ContinueWithCertificate( 236 void TokenValidatorBase::ContinueWithCertificate(
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
281 return std::string(); 283 return std::string();
282 } 284 }
283 285
284 std::string shared_secret; 286 std::string shared_secret;
285 // Everything is valid, so return the shared secret to the caller. 287 // Everything is valid, so return the shared secret to the caller.
286 dict->GetStringWithoutPathExpansion("access_token", &shared_secret); 288 dict->GetStringWithoutPathExpansion("access_token", &shared_secret);
287 return shared_secret; 289 return shared_secret;
288 } 290 }
289 291
290 } // namespace remoting 292 } // namespace remoting
OLDNEW
« no previous file with comments | « remoting/host/token_validator_base.h ('k') | remoting/host/token_validator_base_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698