OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <algorithm> | 8 #include <algorithm> |
| 9 #include <iterator> |
9 #include <utility> | 10 #include <utility> |
10 | 11 |
11 #include "base/bind.h" | 12 #include "base/bind.h" |
12 #include "base/bind_helpers.h" | 13 #include "base/bind_helpers.h" |
13 #include "base/callback.h" | 14 #include "base/callback.h" |
14 #include "base/location.h" | 15 #include "base/location.h" |
| 16 #include "base/memory/ptr_util.h" |
15 #include "base/task_runner_util.h" | 17 #include "base/task_runner_util.h" |
16 #include "base/threading/worker_pool.h" | 18 #include "base/threading/worker_pool.h" |
17 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | 19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
18 #include "crypto/nss_crypto_module_delegate.h" | 20 #include "crypto/nss_crypto_module_delegate.h" |
| 21 #include "net/ssl/client_key_store.h" |
19 #include "net/ssl/ssl_cert_request_info.h" | 22 #include "net/ssl/ssl_cert_request_info.h" |
| 23 #include "net/ssl/ssl_private_key.h" |
20 | 24 |
21 namespace chromeos { | 25 namespace chromeos { |
22 | 26 |
23 namespace { | 27 namespace { |
24 | 28 |
| 29 scoped_refptr<net::SSLPrivateKey> FetchClientCertPrivateKeyCros( |
| 30 const net::X509Certificate* certificate) { |
| 31 return net::ClientKeyStore::GetInstance()->FetchClientCertPrivateKey( |
| 32 *certificate); |
| 33 } |
| 34 |
| 35 class ClientCertIdentityCros : public net::ClientCertIdentity { |
| 36 public: |
| 37 explicit ClientCertIdentityCros(scoped_refptr<net::X509Certificate> cert) |
| 38 : net::ClientCertIdentity(std::move(cert)) {} |
| 39 ~ClientCertIdentityCros() override = default; |
| 40 |
| 41 void AcquirePrivateKey( |
| 42 const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>& |
| 43 private_key_callback) override; |
| 44 }; |
| 45 |
| 46 void ClientCertIdentityCros::AcquirePrivateKey( |
| 47 const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>& |
| 48 private_key_callback) { |
| 49 if (base::PostTaskAndReplyWithResult( |
| 50 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), |
| 51 FROM_HERE, |
| 52 base::Bind(&FetchClientCertPrivateKeyCros, |
| 53 base::RetainedRef(certificate())), |
| 54 private_key_callback)) { |
| 55 return; |
| 56 } |
| 57 // If the task could not be posted, behave as if there was no key. |
| 58 private_key_callback.Run(nullptr); |
| 59 } |
| 60 |
25 class CertNotAllowedPredicate { | 61 class CertNotAllowedPredicate { |
26 public: | 62 public: |
27 explicit CertNotAllowedPredicate( | 63 explicit CertNotAllowedPredicate( |
28 const ClientCertStoreChromeOS::CertFilter* filter) | 64 const ClientCertStoreChromeOS::CertFilter* filter) |
29 : filter_(filter) {} | 65 : filter_(filter) {} |
30 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const { | 66 bool operator()( |
31 return !filter_->IsCertAllowed(cert); | 67 const std::unique_ptr<net::ClientCertIdentity>& identity) const { |
| 68 return !filter_->IsCertAllowed(identity->certificate()); |
32 } | 69 } |
33 | 70 |
34 private: | 71 private: |
35 const ClientCertStoreChromeOS::CertFilter* const filter_; | 72 const ClientCertStoreChromeOS::CertFilter* const filter_; |
36 }; | 73 }; |
37 | 74 |
38 } // namespace | 75 } // namespace |
39 | 76 |
40 ClientCertStoreChromeOS::ClientCertStoreChromeOS( | 77 ClientCertStoreChromeOS::ClientCertStoreChromeOS( |
41 std::unique_ptr<CertificateProvider> cert_provider, | 78 std::unique_ptr<CertificateProvider> cert_provider, |
(...skipping 25 matching lines...) Expand all Loading... |
67 } | 104 } |
68 | 105 |
69 if (cert_filter_->Init(get_additional_certs_and_continue)) | 106 if (cert_filter_->Init(get_additional_certs_and_continue)) |
70 get_additional_certs_and_continue.Run(); | 107 get_additional_certs_and_continue.Run(); |
71 } | 108 } |
72 | 109 |
73 void ClientCertStoreChromeOS::GotAdditionalCerts( | 110 void ClientCertStoreChromeOS::GotAdditionalCerts( |
74 const net::SSLCertRequestInfo* request, | 111 const net::SSLCertRequestInfo* request, |
75 const ClientCertListCallback& callback, | 112 const ClientCertListCallback& callback, |
76 const net::CertificateList& additional_certs) { | 113 const net::CertificateList& additional_certs) { |
77 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 114 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
78 password_delegate; | 115 if (!password_delegate_factory_.is_null()) |
79 if (!password_delegate_factory_.is_null()) { | 116 password_delegate = password_delegate_factory_.Run(request->host_and_port); |
80 password_delegate.reset( | |
81 password_delegate_factory_.Run(request->host_and_port)); | |
82 } | |
83 if (base::PostTaskAndReplyWithResult( | 117 if (base::PostTaskAndReplyWithResult( |
84 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), | 118 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), |
85 FROM_HERE, | 119 FROM_HERE, |
86 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, | 120 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, |
87 base::Unretained(this), base::Passed(&password_delegate), | 121 base::Unretained(this), password_delegate, request, |
88 request, additional_certs), | 122 additional_certs), |
89 callback)) { | 123 callback)) { |
90 return; | 124 return; |
91 } | 125 } |
92 // If the task could not be posted, behave as if there were no certificates. | 126 // If the task could not be posted, behave as if there were no certificates. |
93 callback.Run(net::CertificateList()); | 127 callback.Run(net::ClientCertIdentityList()); |
94 } | 128 } |
95 | 129 |
96 net::CertificateList ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( | 130 net::ClientCertIdentityList |
97 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> | 131 ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( |
| 132 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> |
98 password_delegate, | 133 password_delegate, |
99 const net::SSLCertRequestInfo* request, | 134 const net::SSLCertRequestInfo* request, |
100 const net::CertificateList& additional_certs) { | 135 const net::CertificateList& additional_certs) { |
101 net::CertificateList unfiltered_certs; | 136 net::ClientCertIdentityList client_certs; |
102 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( | 137 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( |
103 std::move(password_delegate), &unfiltered_certs); | 138 std::move(password_delegate), &client_certs); |
104 | 139 |
105 unfiltered_certs.erase( | 140 client_certs.erase( |
106 std::remove_if(unfiltered_certs.begin(), unfiltered_certs.end(), | 141 std::remove_if(client_certs.begin(), client_certs.end(), |
107 CertNotAllowedPredicate(cert_filter_.get())), | 142 CertNotAllowedPredicate(cert_filter_.get())), |
108 unfiltered_certs.end()); | 143 client_certs.end()); |
109 | 144 |
110 unfiltered_certs.insert(unfiltered_certs.end(), additional_certs.begin(), | 145 for (const scoped_refptr<net::X509Certificate>& cert : additional_certs) |
111 additional_certs.end()); | 146 client_certs.push_back(base::MakeUnique<ClientCertIdentityCros>(cert)); |
112 | 147 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(&client_certs, *request); |
113 net::CertificateList selected_certs; | 148 return client_certs; |
114 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(unfiltered_certs, *request, | |
115 &selected_certs); | |
116 return selected_certs; | |
117 } | 149 } |
118 | 150 |
119 } // namespace chromeos | 151 } // namespace chromeos |
OLD | NEW |