| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 #include <iterator> |
| 9 #include <utility> | 10 #include <utility> |
| 10 | 11 |
| 11 #include "base/bind.h" | 12 #include "base/bind.h" |
| 12 #include "base/bind_helpers.h" | 13 #include "base/bind_helpers.h" |
| 13 #include "base/callback.h" | 14 #include "base/callback.h" |
| 14 #include "base/location.h" | 15 #include "base/location.h" |
| 16 #include "base/memory/ptr_util.h" |
| 15 #include "base/task_runner_util.h" | 17 #include "base/task_runner_util.h" |
| 16 #include "base/threading/worker_pool.h" | 18 #include "base/threading/worker_pool.h" |
| 17 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | 19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
| 18 #include "crypto/nss_crypto_module_delegate.h" | 20 #include "crypto/nss_crypto_module_delegate.h" |
| 21 #include "net/ssl/client_key_store.h" |
| 19 #include "net/ssl/ssl_cert_request_info.h" | 22 #include "net/ssl/ssl_cert_request_info.h" |
| 23 #include "net/ssl/ssl_platform_key_nss.h" |
| 24 #include "net/ssl/ssl_private_key.h" |
| 20 | 25 |
| 21 namespace chromeos { | 26 namespace chromeos { |
| 22 | 27 |
| 23 namespace { | 28 namespace { |
| 24 | 29 |
| 30 scoped_refptr<net::SSLPrivateKey> FetchClientCertPrivateKeyCros( |
| 31 const net::X509Certificate* certificate) { |
| 32 scoped_refptr<net::SSLPrivateKey> result = |
| 33 net::FetchClientCertPrivateKey(certificate, nullptr); |
| 34 if (result) |
| 35 return result; |
| 36 |
| 37 return net::ClientKeyStore::GetInstance()->FetchClientCertPrivateKey( |
| 38 *certificate); |
| 39 } |
| 40 |
| 41 class ClientCertIdentityCros : public net::ClientCertIdentity { |
| 42 public: |
| 43 explicit ClientCertIdentityCros(scoped_refptr<net::X509Certificate> cert) |
| 44 : net::ClientCertIdentity(std::move(cert)) {} |
| 45 ~ClientCertIdentityCros() override = default; |
| 46 |
| 47 void AcquirePrivateKey( |
| 48 const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>& |
| 49 private_key_callback) override; |
| 50 }; |
| 51 |
| 52 void ClientCertIdentityCros::AcquirePrivateKey( |
| 53 const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>& |
| 54 private_key_callback) { |
| 55 if (base::PostTaskAndReplyWithResult( |
| 56 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), |
| 57 FROM_HERE, |
| 58 base::Bind(&FetchClientCertPrivateKeyCros, |
| 59 base::RetainedRef(certificate())), |
| 60 private_key_callback)) { |
| 61 return; |
| 62 } |
| 63 // If the task could not be posted, behave as if there was no key. |
| 64 private_key_callback.Run(nullptr); |
| 65 } |
| 66 |
| 25 class CertNotAllowedPredicate { | 67 class CertNotAllowedPredicate { |
| 26 public: | 68 public: |
| 27 explicit CertNotAllowedPredicate( | 69 explicit CertNotAllowedPredicate( |
| 28 const ClientCertStoreChromeOS::CertFilter* filter) | 70 const ClientCertStoreChromeOS::CertFilter* filter) |
| 29 : filter_(filter) {} | 71 : filter_(filter) {} |
| 30 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const { | 72 bool operator()(const std::unique_ptr<net::ClientCertIdentity>& cert) const { |
| 31 return !filter_->IsCertAllowed(cert); | 73 return !filter_->IsCertAllowed(cert->certificate()); |
| 32 } | 74 } |
| 33 | 75 |
| 34 private: | 76 private: |
| 35 const ClientCertStoreChromeOS::CertFilter* const filter_; | 77 const ClientCertStoreChromeOS::CertFilter* const filter_; |
| 36 }; | 78 }; |
| 37 | 79 |
| 38 } // namespace | 80 } // namespace |
| 39 | 81 |
| 40 ClientCertStoreChromeOS::ClientCertStoreChromeOS( | 82 ClientCertStoreChromeOS::ClientCertStoreChromeOS( |
| 41 std::unique_ptr<CertificateProvider> cert_provider, | 83 std::unique_ptr<CertificateProvider> cert_provider, |
| (...skipping 25 matching lines...) Expand all Loading... |
| 67 } | 109 } |
| 68 | 110 |
| 69 if (cert_filter_->Init(get_additional_certs_and_continue)) | 111 if (cert_filter_->Init(get_additional_certs_and_continue)) |
| 70 get_additional_certs_and_continue.Run(); | 112 get_additional_certs_and_continue.Run(); |
| 71 } | 113 } |
| 72 | 114 |
| 73 void ClientCertStoreChromeOS::GotAdditionalCerts( | 115 void ClientCertStoreChromeOS::GotAdditionalCerts( |
| 74 const net::SSLCertRequestInfo* request, | 116 const net::SSLCertRequestInfo* request, |
| 75 const ClientCertListCallback& callback, | 117 const ClientCertListCallback& callback, |
| 76 const net::CertificateList& additional_certs) { | 118 const net::CertificateList& additional_certs) { |
| 77 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 119 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
| 78 password_delegate; | 120 if (!password_delegate_factory_.is_null()) |
| 79 if (!password_delegate_factory_.is_null()) { | 121 password_delegate = password_delegate_factory_.Run(request->host_and_port); |
| 80 password_delegate.reset( | |
| 81 password_delegate_factory_.Run(request->host_and_port)); | |
| 82 } | |
| 83 if (base::PostTaskAndReplyWithResult( | 122 if (base::PostTaskAndReplyWithResult( |
| 84 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), | 123 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), |
| 85 FROM_HERE, | 124 FROM_HERE, |
| 86 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, | 125 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, |
| 87 base::Unretained(this), base::Passed(&password_delegate), | 126 base::Unretained(this), password_delegate, request, |
| 88 request, additional_certs), | 127 std::move(additional_certs)), |
| 89 callback)) { | 128 callback)) { |
| 90 return; | 129 return; |
| 91 } | 130 } |
| 92 // If the task could not be posted, behave as if there were no certificates. | 131 // If the task could not be posted, behave as if there were no certificates. |
| 93 callback.Run(net::CertificateList()); | 132 callback.Run(net::ClientCertIdentityList()); |
| 94 } | 133 } |
| 95 | 134 |
| 96 net::CertificateList ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( | 135 net::ClientCertIdentityList |
| 97 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 136 ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( |
| 137 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| 98 password_delegate, | 138 password_delegate, |
| 99 const net::SSLCertRequestInfo* request, | 139 const net::SSLCertRequestInfo* request, |
| 100 const net::CertificateList& additional_certs) { | 140 net::CertificateList additional_certs) { |
| 101 net::CertificateList unfiltered_certs; | 141 net::ClientCertIdentityList unfiltered_certs; |
| 102 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( | 142 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( |
| 103 std::move(password_delegate), &unfiltered_certs); | 143 std::move(password_delegate), &unfiltered_certs); |
| 104 | 144 |
| 105 unfiltered_certs.erase( | 145 unfiltered_certs.erase( |
| 106 std::remove_if(unfiltered_certs.begin(), unfiltered_certs.end(), | 146 std::remove_if(unfiltered_certs.begin(), unfiltered_certs.end(), |
| 107 CertNotAllowedPredicate(cert_filter_.get())), | 147 CertNotAllowedPredicate(cert_filter_.get())), |
| 108 unfiltered_certs.end()); | 148 unfiltered_certs.end()); |
| 109 | 149 |
| 110 unfiltered_certs.insert(unfiltered_certs.end(), additional_certs.begin(), | 150 for (const scoped_refptr<net::X509Certificate>& cert : additional_certs) |
| 111 additional_certs.end()); | 151 unfiltered_certs.push_back(base::MakeUnique<ClientCertIdentityCros>(cert)); |
| 112 | 152 /*unfiltered_certs.insert(unfiltered_certs.end(), |
| 113 net::CertificateList selected_certs; | 153 std::make_move_iterator(additional_certs.begin()), |
| 114 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(unfiltered_certs, *request, | 154 std::make_move_iterator(additional_certs.end())); |
| 115 &selected_certs); | 155 */ |
| 116 return selected_certs; | 156 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(&unfiltered_certs, |
| 157 *request); |
| 158 // XXX rename unfiltered_certs ? |
| 159 return unfiltered_certs; |
| 117 } | 160 } |
| 118 | 161 |
| 119 } // namespace chromeos | 162 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
