| Index: net/base/cert_database_win.cc
|
| ===================================================================
|
| --- net/base/cert_database_win.cc (revision 50312)
|
| +++ net/base/cert_database_win.cc (working copy)
|
| @@ -8,74 +8,11 @@
|
| #include <wincrypt.h>
|
| #pragma comment(lib, "crypt32.lib")
|
|
|
| -#include "base/logging.h"
|
| -#include "base/string_util.h"
|
| -#include "net/base/keygen_handler.h"
|
| #include "net/base/net_errors.h"
|
| #include "net/base/x509_certificate.h"
|
|
|
| namespace net {
|
|
|
| -namespace {
|
| -
|
| -// Returns an encoded version of SubjectPublicKeyInfo from |cert| that is
|
| -// compatible with KeygenHandler::Cache. If the cert cannot be converted, an
|
| -// empty string is returned.
|
| -std::string GetSubjectPublicKeyInfo(const X509Certificate* cert) {
|
| - DCHECK(cert);
|
| -
|
| - std::string result;
|
| - if (!cert->os_cert_handle() || !cert->os_cert_handle()->pCertInfo)
|
| - return result;
|
| -
|
| - BOOL ok;
|
| - DWORD size = 0;
|
| - PCERT_PUBLIC_KEY_INFO key_info =
|
| - &(cert->os_cert_handle()->pCertInfo->SubjectPublicKeyInfo);
|
| - ok = CryptEncodeObject(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, key_info,
|
| - NULL, &size);
|
| - if (!ok)
|
| - return result;
|
| -
|
| - ok = CryptEncodeObject(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, key_info,
|
| - reinterpret_cast<BYTE*>(WriteInto(&result, size + 1)),
|
| - &size);
|
| - if (!ok) {
|
| - result.clear();
|
| - return result;
|
| - }
|
| -
|
| - // Per MSDN, the resultant structure may be smaller than the original size
|
| - // supplied, so shrink to the actual size output.
|
| - result.resize(size);
|
| -
|
| - return result;
|
| -}
|
| -
|
| -// Returns true if |cert| was successfully modified to reference |location| to
|
| -// obtain the associated private key.
|
| -bool LinkCertToPrivateKey(X509Certificate* cert,
|
| - KeygenHandler::KeyLocation location) {
|
| - DCHECK(cert);
|
| -
|
| - CRYPT_KEY_PROV_INFO prov_info = { 0 };
|
| - prov_info.pwszContainerName =
|
| - const_cast<LPWSTR>(location.container_name.c_str());
|
| - prov_info.pwszProvName =
|
| - const_cast<LPWSTR>(location.provider_name.c_str());
|
| -
|
| - // Implicit by it being from KeygenHandler, which only supports RSA keys.
|
| - prov_info.dwProvType = PROV_RSA_FULL;
|
| - prov_info.dwKeySpec = AT_KEYEXCHANGE;
|
| -
|
| - BOOL ok = CertSetCertificateContextProperty(cert->os_cert_handle(),
|
| - CERT_KEY_PROV_INFO_PROP_ID, 0,
|
| - &prov_info);
|
| - return ok != FALSE;
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| CertDatabase::CertDatabase() {
|
| }
|
|
|
| @@ -85,12 +22,9 @@
|
| if (cert->HasExpired())
|
| return ERR_CERT_DATE_INVALID;
|
|
|
| - std::string encoded_info = GetSubjectPublicKeyInfo(cert);
|
| - KeygenHandler::Cache* cache = KeygenHandler::Cache::GetInstance();
|
| - KeygenHandler::KeyLocation location;
|
| -
|
| - if (encoded_info.empty() || !cache->Find(encoded_info, &location) ||
|
| - !LinkCertToPrivateKey(cert, location))
|
| + // TODO(rsleevi): Should CRYPT_FIND_SILENT_KEYSET_FLAG be specified? A UI
|
| + // may be shown here / this call may block.
|
| + if (!CryptFindCertificateKeyProvInfo(cert->os_cert_handle(), 0, NULL))
|
| return ERR_NO_PRIVATE_KEY_FOR_CERT;
|
|
|
| return OK;
|
|
|
Chromium Code Reviews
Issue 2874002:
Change the Windows CertDatabase behaviour to match Mac and NSS behaviour, whe... (Closed)
Base URL: http://src.chromium.org/svn/trunk/src/