chrome/browser/chromeos/net/client_cert_store_chromeos.cc - Issue 2898573002: Refactor client cert private key handling.

Side by Side Diff: chrome/browser/chromeos/net/client_cert_store_chromeos.cc

Issue 2898573002: Refactor client cert private key handling. (Closed)

Patch Set: missing include Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « chrome/browser/chromeos/net/client_cert_store_chromeos.h ('k') | chrome/browser/chromeos/net/client_cert_store_chromeos_unittest.cc » ('j') | chrome/browser/chromeos/platform_keys/platform_keys_nss.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"	5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8 #include <algorithm>	8 #include <algorithm>

	9 #include <iterator>

9 #include <utility>	10 #include <utility>

10	11

11 #include "base/bind.h"	12 #include "base/bind.h"

12 #include "base/bind_helpers.h"	13 #include "base/bind_helpers.h"

13 #include "base/callback.h"	14 #include "base/callback.h"

14 #include "base/location.h"	15 #include "base/location.h"

	16 #include "base/memory/ptr_util.h"

15 #include "base/task_runner_util.h"	17 #include "base/task_runner_util.h"

16 #include "base/threading/worker_pool.h"	18 #include "base/threading/worker_pool.h"

17 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h"	19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h"

18 #include "crypto/nss_crypto_module_delegate.h"	20 #include "crypto/nss_crypto_module_delegate.h"

	21 #include "net/ssl/client_key_store.h"

19 #include "net/ssl/ssl_cert_request_info.h"	22 #include "net/ssl/ssl_cert_request_info.h"

	23 #include "net/ssl/ssl_private_key.h"

20	24

21 namespace chromeos {	25 namespace chromeos {

22	26

23 namespace {	27 namespace {

24	28

	29 scoped_refptr<net::SSLPrivateKey> FetchClientCertPrivateKeyCros(

	30 const net::X509Certificate* certificate) {

	31 return net::ClientKeyStore::GetInstance()->FetchClientCertPrivateKey(

	32 *certificate);

	33 }

	34

	35 class ClientCertIdentityCros : public net::ClientCertIdentity {

	36 public:

	37 explicit ClientCertIdentityCros(scoped_refptr<net::X509Certificate> cert)

	38 : net::ClientCertIdentity(std::move(cert)) {}

	39 ~ClientCertIdentityCros() override = default;

	40

	41 void AcquirePrivateKey(

	42 const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>&

	43 private_key_callback) override;

	44 };

	45

	46 void ClientCertIdentityCros::AcquirePrivateKey(
	davidben 2017/06/07 23:06:16 Optional: Any reason not to inline this one into t Optional: Any reason not to inline this one into the declaration? Not sure what the style is. mattm 2017/06/08 21:47:55 Done. Show quoted text On 2017/06/07 23:06:16, davidben wrote: > Optional: Any reason not to inline this one into the declaration? Not sure what > the style is. Done.
	47 const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>&

	48 private_key_callback) {

	49 if (base::PostTaskAndReplyWithResult(

	50 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(),
	davidben 2017/06/07 23:06:16 This doesn't actually need to be on a worker threa This doesn't actually need to be on a worker thread, does it? It doesn't really do anything. :-) https://cs.chromium.org/chromium/src/chrome/browser/chromeos/certificate_prov... mattm 2017/06/08 21:47:55 Hm, yeah, guess so. It feels a little weird to de Show quoted text On 2017/06/07 23:06:16, davidben wrote: > This doesn't actually need to be on a worker thread, does it? It doesn't really > do anything. :-) > > https://cs.chromium.org/chromium/src/chrome/browser/chromeos/certificate_prov... Hm, yeah, guess so. It feels a little weird to depend on that when using a general interface like clientkeystore, but since it's really just a leftover, ok.
	51 FROM_HERE,

	52 base::Bind(&FetchClientCertPrivateKeyCros,

	53 base::RetainedRef(certificate())),

	54 private_key_callback)) {

	55 return;

	56 }

	57 // If the task could not be posted, behave as if there was no key.

	58 private_key_callback.Run(nullptr);

	59 }

	60

25 class CertNotAllowedPredicate {	61 class CertNotAllowedPredicate {

26 public:	62 public:

27 explicit CertNotAllowedPredicate(	63 explicit CertNotAllowedPredicate(

28 const ClientCertStoreChromeOS::CertFilter* filter)	64 const ClientCertStoreChromeOS::CertFilter* filter)

29 : filter_(filter) {}	65 : filter_(filter) {}

30 bool operator()(const scoped_refptr<net::X509Certificate>& cert) const {	66 bool operator()(

31 return !filter_->IsCertAllowed(cert);	67 const std::unique_ptr<net::ClientCertIdentity>& identity) const {

	68 return !filter_->IsCertAllowed(identity->certificate());

32 }	69 }

33	70

34 private:	71 private:

35 const ClientCertStoreChromeOS::CertFilter* const filter_;	72 const ClientCertStoreChromeOS::CertFilter* const filter_;

36 };	73 };

37	74

38 } // namespace	75 } // namespace

39	76

40 ClientCertStoreChromeOS::ClientCertStoreChromeOS(	77 ClientCertStoreChromeOS::ClientCertStoreChromeOS(

41 std::unique_ptr<CertificateProvider> cert_provider,	78 std::unique_ptr<CertificateProvider> cert_provider,

(...skipping 25 matching lines...) Expand all Loading...
67 }	104 }

68	105

69 if (cert_filter_->Init(get_additional_certs_and_continue))	106 if (cert_filter_->Init(get_additional_certs_and_continue))

70 get_additional_certs_and_continue.Run();	107 get_additional_certs_and_continue.Run();

71 }	108 }

72	109

73 void ClientCertStoreChromeOS::GotAdditionalCerts(	110 void ClientCertStoreChromeOS::GotAdditionalCerts(

74 const net::SSLCertRequestInfo* request,	111 const net::SSLCertRequestInfo* request,

75 const ClientCertListCallback& callback,	112 const ClientCertListCallback& callback,

76 const net::CertificateList& additional_certs) {	113 const net::CertificateList& additional_certs) {

77 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>	114 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate;

78 password_delegate;	115 if (!password_delegate_factory_.is_null())

79 if (!password_delegate_factory_.is_null()) {	116 password_delegate = password_delegate_factory_.Run(request->host_and_port);

80 password_delegate.reset(

81 password_delegate_factory_.Run(request->host_and_port));

82 }

83 if (base::PostTaskAndReplyWithResult(	117 if (base::PostTaskAndReplyWithResult(

84 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(),	118 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(),

85 FROM_HERE,	119 FROM_HERE,

86 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread,	120 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread,

87 base::Unretained(this), base::Passed(&password_delegate),	121 base::Unretained(this), password_delegate, request,

88 request, additional_certs),	122 additional_certs),

89 callback)) {	123 callback)) {

90 return;	124 return;

91 }	125 }

92 // If the task could not be posted, behave as if there were no certificates.	126 // If the task could not be posted, behave as if there were no certificates.

93 callback.Run(net::CertificateList());	127 callback.Run(net::ClientCertIdentityList());

94 }	128 }

95	129

96 net::CertificateList ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread(	130 net::ClientCertIdentityList

97 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>	131 ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread(

	132 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate>

98 password_delegate,	133 password_delegate,

99 const net::SSLCertRequestInfo* request,	134 const net::SSLCertRequestInfo* request,

100 const net::CertificateList& additional_certs) {	135 const net::CertificateList& additional_certs) {

101 net::CertificateList unfiltered_certs;	136 net::ClientCertIdentityList client_certs;

102 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread(	137 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread(

103 std::move(password_delegate), &unfiltered_certs);	138 std::move(password_delegate), &client_certs);

104	139

105 unfiltered_certs.erase(	140 client_certs.erase(

106 std::remove_if(unfiltered_certs.begin(), unfiltered_certs.end(),	141 std::remove_if(client_certs.begin(), client_certs.end(),

107 CertNotAllowedPredicate(cert_filter_.get())),	142 CertNotAllowedPredicate(cert_filter_.get())),

108 unfiltered_certs.end());	143 client_certs.end());

109	144

110 unfiltered_certs.insert(unfiltered_certs.end(), additional_certs.begin(),	145 for (const scoped_refptr<net::X509Certificate>& cert : additional_certs)

111 additional_certs.end());	146 client_certs.push_back(base::MakeUnique<ClientCertIdentityCros>(cert));

112	147 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(&client_certs, *request);

113 net::CertificateList selected_certs;	148 return client_certs;

114 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(unfiltered_certs, *request,

115 &selected_certs);

116 return selected_certs;

117 }	149 }

118	150

119 } // namespace chromeos	151 } // namespace chromeos

OLD	NEW