| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_mac.h" | 5 #include "net/ssl/client_cert_store_mac.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreFoundation/CFArray.h> | 8 #include <CoreFoundation/CFArray.h> |
| 9 #include <CoreServices/CoreServices.h> | 9 #include <CoreServices/CoreServices.h> |
| 10 #include <Security/SecBase.h> | 10 #include <Security/SecBase.h> |
| 11 #include <Security/Security.h> | 11 #include <Security/Security.h> |
| 12 | 12 |
| 13 #include <algorithm> | 13 #include <algorithm> |
| 14 #include <string> | 14 #include <string> |
| 15 | 15 |
| 16 #include "base/callback.h" | 16 #include "base/callback.h" |
| 17 #include "base/logging.h" | 17 #include "base/logging.h" |
| 18 #include "base/mac/mac_logging.h" | 18 #include "base/mac/mac_logging.h" |
| 19 #include "base/mac/scoped_cftyperef.h" | 19 #include "base/mac/scoped_cftyperef.h" |
| 20 #include "base/memory/ptr_util.h" |
| 20 #include "base/strings/sys_string_conversions.h" | 21 #include "base/strings/sys_string_conversions.h" |
| 21 #include "base/synchronization/lock.h" | 22 #include "base/synchronization/lock.h" |
| 22 #include "crypto/mac_security_services_lock.h" | 23 #include "crypto/mac_security_services_lock.h" |
| 23 #include "net/base/host_port_pair.h" | 24 #include "net/base/host_port_pair.h" |
| 24 #include "net/cert/x509_util.h" | 25 #include "net/cert/x509_util.h" |
| 25 #include "net/cert/x509_util_ios_and_mac.h" | 26 #include "net/cert/x509_util_ios_and_mac.h" |
| 26 #include "net/cert/x509_util_mac.h" | 27 #include "net/cert/x509_util_mac.h" |
| 28 #include "net/ssl/client_cert_identity_mac.h" |
| 27 | 29 |
| 28 using base::ScopedCFTypeRef; | 30 using base::ScopedCFTypeRef; |
| 29 | 31 |
| 30 namespace net { | 32 namespace net { |
| 31 | 33 |
| 32 // CSSM functions are deprecated as of OSX 10.7, but have no replacement. | 34 // CSSM functions are deprecated as of OSX 10.7, but have no replacement. |
| 33 // https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1 | 35 // https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1 |
| 34 #pragma clang diagnostic push | 36 #pragma clang diagnostic push |
| 35 #pragma clang diagnostic ignored "-Wdeprecated-declarations" | 37 #pragma clang diagnostic ignored "-Wdeprecated-declarations" |
| 36 | 38 |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 76 } | 78 } |
| 77 if (result) | 79 if (result) |
| 78 return result; | 80 return result; |
| 79 { | 81 { |
| 80 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 82 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
| 81 result = SecTrustGetResult(trust, &status, out_cert_chain, &status_chain); | 83 result = SecTrustGetResult(trust, &status, out_cert_chain, &status_chain); |
| 82 } | 84 } |
| 83 return result; | 85 return result; |
| 84 } | 86 } |
| 85 | 87 |
| 86 // Returns true if |*cert| is issued by an authority in |valid_issuers| | 88 // Returns true if |*identity| is issued by an authority in |valid_issuers| |
| 87 // according to Keychain Services, rather than using |cert|'s intermediate | 89 // according to Keychain Services, rather than using |identity|'s intermediate |
| 88 // certificates. If it is, |*cert| is updated to point to the completed | 90 // certificates. If it is, |*identity| is updated to include the intermediates. |
| 89 // certificate | |
| 90 bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers, | 91 bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers, |
| 91 scoped_refptr<X509Certificate>* cert) { | 92 ClientCertIdentity* identity) { |
| 92 DCHECK(cert); | 93 DCHECK(identity); |
| 93 DCHECK(cert->get()); | 94 DCHECK(identity->sec_identity_ref()); |
| 94 | 95 |
| 95 base::ScopedCFTypeRef<SecCertificateRef> os_cert( | 96 ScopedCFTypeRef<SecCertificateRef> os_cert; |
| 96 x509_util::CreateSecCertificateFromX509Certificate(cert->get())); | 97 int err = SecIdentityCopyCertificate(identity->sec_identity_ref(), |
| 97 if (!os_cert) | 98 os_cert.InitializeInto()); |
| 99 if (err != noErr) |
| 98 return false; | 100 return false; |
| 99 CFArrayRef cert_chain = NULL; | 101 CFArrayRef cert_chain = NULL; |
| 100 OSStatus result = CopyCertChain(os_cert.get(), &cert_chain); | 102 OSStatus result = CopyCertChain(os_cert.get(), &cert_chain); |
| 101 if (result) { | 103 if (result) { |
| 102 OSSTATUS_LOG(ERROR, result) << "CopyCertChain error"; | 104 OSSTATUS_LOG(ERROR, result) << "CopyCertChain error"; |
| 103 return false; | 105 return false; |
| 104 } | 106 } |
| 105 | 107 |
| 106 if (!cert_chain) | 108 if (!cert_chain) |
| 107 return false; | 109 return false; |
| 108 | 110 |
| 109 std::vector<SecCertificateRef> intermediates; | 111 std::vector<SecCertificateRef> intermediates; |
| 110 for (CFIndex i = 1, chain_count = CFArrayGetCount(cert_chain); | 112 for (CFIndex i = 1, chain_count = CFArrayGetCount(cert_chain); |
| 111 i < chain_count; ++i) { | 113 i < chain_count; ++i) { |
| 112 SecCertificateRef cert = reinterpret_cast<SecCertificateRef>( | 114 SecCertificateRef sec_cert = reinterpret_cast<SecCertificateRef>( |
| 113 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); | 115 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); |
| 114 intermediates.push_back(cert); | 116 intermediates.push_back(sec_cert); |
| 115 } | 117 } |
| 116 | 118 |
| 117 scoped_refptr<X509Certificate> new_cert( | 119 scoped_refptr<X509Certificate> new_cert( |
| 118 x509_util::CreateX509CertificateFromSecCertificate(os_cert.get(), | 120 x509_util::CreateX509CertificateFromSecCertificate(os_cert.get(), |
| 119 intermediates)); | 121 intermediates)); |
| 120 CFRelease(cert_chain); // Also frees |intermediates|. | 122 CFRelease(cert_chain); // Also frees |intermediates|. |
| 121 | 123 |
| 122 if (!new_cert || !new_cert->IsIssuedByEncoded(valid_issuers)) | 124 if (!new_cert || !new_cert->IsIssuedByEncoded(valid_issuers)) |
| 123 return false; | 125 return false; |
| 124 | 126 |
| 125 cert->swap(new_cert); | 127 identity->SetIntermediates(new_cert->GetIntermediateCertificates()); |
| 126 return true; | 128 return true; |
| 127 } | 129 } |
| 128 | 130 |
| 129 // Returns true if |purpose| is listed as allowed in |usage|. This | 131 // Returns true if |purpose| is listed as allowed in |usage|. This |
| 130 // function also considers the "Any" purpose. If the attribute is | 132 // function also considers the "Any" purpose. If the attribute is |
| 131 // present and empty, we return false. | 133 // present and empty, we return false. |
| 132 bool ExtendedKeyUsageAllows(const CE_ExtendedKeyUsage* usage, | 134 bool ExtendedKeyUsageAllows(const CE_ExtendedKeyUsage* usage, |
| 133 const CSSM_OID* purpose) { | 135 const CSSM_OID* purpose) { |
| 134 for (unsigned p = 0; p < usage->numPurposes; ++p) { | 136 for (unsigned p = 0; p < usage->numPurposes; ++p) { |
| 135 if (CSSMOIDEqual(&usage->purposes[p], purpose)) | 137 if (CSSMOIDEqual(&usage->purposes[p], purpose)) |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 170 if (status == CSSM_OK && key_usage.field()) { | 172 if (status == CSSM_OK && key_usage.field()) { |
| 171 const CSSM_X509_EXTENSION* ext = key_usage.GetAs<CSSM_X509_EXTENSION>(); | 173 const CSSM_X509_EXTENSION* ext = key_usage.GetAs<CSSM_X509_EXTENSION>(); |
| 172 const CE_ExtendedKeyUsage* ext_key_usage = | 174 const CE_ExtendedKeyUsage* ext_key_usage = |
| 173 reinterpret_cast<const CE_ExtendedKeyUsage*>(ext->value.parsedValue); | 175 reinterpret_cast<const CE_ExtendedKeyUsage*>(ext->value.parsedValue); |
| 174 if (!ExtendedKeyUsageAllows(ext_key_usage, &CSSMOID_ClientAuth)) | 176 if (!ExtendedKeyUsageAllows(ext_key_usage, &CSSMOID_ClientAuth)) |
| 175 return false; | 177 return false; |
| 176 } | 178 } |
| 177 return true; | 179 return true; |
| 178 } | 180 } |
| 179 | 181 |
| 180 // Examines the certificates in |preferred_cert| and |regular_certs| to find | 182 // Examines the certificates in |preferred_identity| and |regular_identities| to |
| 181 // all certificates that match the client certificate request in |request|, | 183 // find all certificates that match the client certificate request in |request|, |
| 182 // storing the matching certificates in |selected_certs|. | 184 // storing the matching certificates in |selected_identities|. |
| 183 // If |query_keychain| is true, Keychain Services will be queried to construct | 185 // If |query_keychain| is true, Keychain Services will be queried to construct |
| 184 // full certificate chains. If it is false, only the the certificates and their | 186 // full certificate chains. If it is false, only the the certificates and their |
| 185 // intermediates (available via X509Certificate::GetIntermediateCertificates()) | 187 // intermediates (available via X509Certificate::GetIntermediateCertificates()) |
| 186 // will be considered. | 188 // will be considered. |
| 187 void GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert, | 189 void GetClientCertsImpl(std::unique_ptr<ClientCertIdentity> preferred_identity, |
| 188 const CertificateList& regular_certs, | 190 ClientCertIdentityList regular_identities, |
| 189 const SSLCertRequestInfo& request, | 191 const SSLCertRequestInfo& request, |
| 190 bool query_keychain, | 192 bool query_keychain, |
| 191 CertificateList* selected_certs) { | 193 ClientCertIdentityList* selected_identities) { |
| 192 CertificateList preliminary_list; | 194 scoped_refptr<X509Certificate> preferred_cert_orig; |
| 193 if (preferred_cert.get()) | 195 ClientCertIdentityList preliminary_list(std::move(regular_identities)); |
| 194 preliminary_list.push_back(preferred_cert); | 196 if (preferred_identity) { |
| 195 preliminary_list.insert(preliminary_list.end(), regular_certs.begin(), | 197 preferred_cert_orig = preferred_identity->certificate(); |
| 196 regular_certs.end()); | 198 preliminary_list.insert(preliminary_list.begin(), |
| 199 std::move(preferred_identity)); |
| 200 } |
| 197 | 201 |
| 198 selected_certs->clear(); | 202 selected_identities->clear(); |
| 199 for (size_t i = 0; i < preliminary_list.size(); ++i) { | 203 for (size_t i = 0; i < preliminary_list.size(); ++i) { |
| 200 scoped_refptr<X509Certificate>& cert = preliminary_list[i]; | 204 std::unique_ptr<ClientCertIdentity>& cert = preliminary_list[i]; |
| 201 if (cert->HasExpired()) | 205 if (cert->certificate()->HasExpired()) |
| 202 continue; | 206 continue; |
| 203 | 207 |
| 204 // Skip duplicates (a cert may be in multiple keychains). | 208 // Skip duplicates (a cert may be in multiple keychains). |
| 205 auto cert_iter = std::find_if( | 209 auto cert_iter = std::find_if( |
| 206 selected_certs->begin(), selected_certs->end(), | 210 selected_identities->begin(), selected_identities->end(), |
| 207 [&cert](const scoped_refptr<X509Certificate>& other_cert) { | 211 [&cert]( |
| 208 return X509Certificate::IsSameOSCert(cert->os_cert_handle(), | 212 const std::unique_ptr<ClientCertIdentity>& other_cert_identity) { |
| 209 other_cert->os_cert_handle()); | 213 return X509Certificate::IsSameOSCert( |
| 214 cert->certificate()->os_cert_handle(), |
| 215 other_cert_identity->certificate()->os_cert_handle()); |
| 210 }); | 216 }); |
| 211 if (cert_iter != selected_certs->end()) | 217 if (cert_iter != selected_identities->end()) |
| 212 continue; | 218 continue; |
| 213 | 219 |
| 214 // Check if the certificate issuer is allowed by the server. | 220 // Check if the certificate issuer is allowed by the server. |
| 215 if (request.cert_authorities.empty() || | 221 if (request.cert_authorities.empty() || |
| 216 cert->IsIssuedByEncoded(request.cert_authorities) || | 222 cert->certificate()->IsIssuedByEncoded(request.cert_authorities) || |
| 217 (query_keychain && | 223 (query_keychain && |
| 218 IsIssuedByInKeychain(request.cert_authorities, &cert))) { | 224 IsIssuedByInKeychain(request.cert_authorities, cert.get()))) { |
| 219 selected_certs->push_back(cert); | 225 selected_identities->push_back(std::move(cert)); |
| 220 } | 226 } |
| 221 } | 227 } |
| 222 | 228 |
| 223 // Preferred cert should appear first in the ui, so exclude it from the | 229 // Preferred cert should appear first in the ui, so exclude it from the |
| 224 // sorting. | 230 // sorting. Compare the os_cert_handle since the X509Certificate object may |
| 225 CertificateList::iterator sort_begin = selected_certs->begin(); | 231 // have changed if intermediates were added. |
| 226 CertificateList::iterator sort_end = selected_certs->end(); | 232 ClientCertIdentityList::iterator sort_begin = selected_identities->begin(); |
| 227 if (preferred_cert.get() && sort_begin != sort_end && | 233 ClientCertIdentityList::iterator sort_end = selected_identities->end(); |
| 228 sort_begin->get() == preferred_cert.get()) { | 234 if (preferred_cert_orig && sort_begin != sort_end && |
| 235 X509Certificate::IsSameOSCert( |
| 236 sort_begin->get()->certificate()->os_cert_handle(), |
| 237 preferred_cert_orig->os_cert_handle())) { |
| 229 ++sort_begin; | 238 ++sort_begin; |
| 230 } | 239 } |
| 231 sort(sort_begin, sort_end, x509_util::ClientCertSorter()); | 240 sort(sort_begin, sort_end, ClientCertIdentitySorter()); |
| 232 } | 241 } |
| 233 | 242 |
| 234 } // namespace | 243 } // namespace |
| 235 | 244 |
| 236 ClientCertStoreMac::ClientCertStoreMac() {} | 245 ClientCertStoreMac::ClientCertStoreMac() {} |
| 237 | 246 |
| 238 ClientCertStoreMac::~ClientCertStoreMac() {} | 247 ClientCertStoreMac::~ClientCertStoreMac() {} |
| 239 | 248 |
| 240 void ClientCertStoreMac::GetClientCerts( | 249 void ClientCertStoreMac::GetClientCerts( |
| 241 const SSLCertRequestInfo& request, | 250 const SSLCertRequestInfo& request, |
| 242 const ClientCertListCallback& callback) { | 251 const ClientCertListCallback& callback) { |
| 243 std::string server_domain = request.host_and_port.host(); | 252 std::string server_domain = request.host_and_port.host(); |
| 244 | 253 |
| 245 ScopedCFTypeRef<SecIdentityRef> preferred_identity; | 254 ScopedCFTypeRef<SecIdentityRef> preferred_sec_identity; |
| 246 if (!server_domain.empty()) { | 255 if (!server_domain.empty()) { |
| 247 // See if there's an identity preference for this domain: | 256 // See if there's an identity preference for this domain: |
| 248 ScopedCFTypeRef<CFStringRef> domain_str( | 257 ScopedCFTypeRef<CFStringRef> domain_str( |
| 249 base::SysUTF8ToCFStringRef("https://" + server_domain)); | 258 base::SysUTF8ToCFStringRef("https://" + server_domain)); |
| 250 SecIdentityRef identity = NULL; | 259 SecIdentityRef sec_identity = NULL; |
| 251 // While SecIdentityCopyPreferences appears to take a list of CA issuers | 260 // While SecIdentityCopyPreferences appears to take a list of CA issuers |
| 252 // to restrict the identity search to, within Security.framework the | 261 // to restrict the identity search to, within Security.framework the |
| 253 // argument is ignored and filtering unimplemented. See | 262 // argument is ignored and filtering unimplemented. See |
| 254 // SecIdentity.cpp in libsecurity_keychain, specifically | 263 // SecIdentity.cpp in libsecurity_keychain, specifically |
| 255 // _SecIdentityCopyPreferenceMatchingName(). | 264 // _SecIdentityCopyPreferenceMatchingName(). |
| 256 { | 265 { |
| 257 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 266 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
| 258 if (SecIdentityCopyPreference(domain_str, 0, NULL, &identity) == noErr) | 267 if (SecIdentityCopyPreference(domain_str, 0, NULL, &sec_identity) == |
| 259 preferred_identity.reset(identity); | 268 noErr) |
| 269 preferred_sec_identity.reset(sec_identity); |
| 260 } | 270 } |
| 261 } | 271 } |
| 262 | 272 |
| 263 // Now enumerate the identities in the available keychains. | 273 // Now enumerate the identities in the available keychains. |
| 264 scoped_refptr<X509Certificate> preferred_cert = NULL; | 274 std::unique_ptr<ClientCertIdentity> preferred_identity; |
| 265 CertificateList regular_certs; | 275 ClientCertIdentityList regular_identities; |
| 266 | 276 |
| 267 SecIdentitySearchRef search = NULL; | 277 SecIdentitySearchRef search = NULL; |
| 268 OSStatus err; | 278 OSStatus err; |
| 269 { | 279 { |
| 270 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 280 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
| 271 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); | 281 err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search); |
| 272 } | 282 } |
| 273 if (err) { | 283 if (err) { |
| 274 callback.Run(CertificateList()); | 284 callback.Run(ClientCertIdentityList()); |
| 275 return; | 285 return; |
| 276 } | 286 } |
| 277 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); | 287 ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search); |
| 278 while (!err) { | 288 while (!err) { |
| 279 SecIdentityRef identity = NULL; | 289 ScopedCFTypeRef<SecIdentityRef> sec_identity; |
| 280 { | 290 { |
| 281 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); | 291 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); |
| 282 err = SecIdentitySearchCopyNext(search, &identity); | 292 err = SecIdentitySearchCopyNext(search, sec_identity.InitializeInto()); |
| 283 } | 293 } |
| 284 if (err) | 294 if (err) |
| 285 break; | 295 break; |
| 286 ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity); | |
| 287 | 296 |
| 288 SecCertificateRef cert_handle; | 297 ScopedCFTypeRef<SecCertificateRef> cert_handle; |
| 289 err = SecIdentityCopyCertificate(identity, &cert_handle); | 298 err = SecIdentityCopyCertificate(sec_identity.get(), |
| 299 cert_handle.InitializeInto()); |
| 290 if (err != noErr) | 300 if (err != noErr) |
| 291 continue; | 301 continue; |
| 292 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); | |
| 293 | 302 |
| 294 if (!SupportsSSLClientAuth(cert_handle)) | 303 if (!SupportsSSLClientAuth(cert_handle.get())) |
| 295 continue; | 304 continue; |
| 296 | 305 |
| 297 scoped_refptr<X509Certificate> cert( | 306 scoped_refptr<X509Certificate> cert( |
| 298 x509_util::CreateX509CertificateFromSecCertificate( | 307 x509_util::CreateX509CertificateFromSecCertificate( |
| 299 cert_handle, std::vector<SecCertificateRef>())); | 308 cert_handle.get(), std::vector<SecCertificateRef>())); |
| 300 if (!cert) | 309 if (!cert) |
| 301 continue; | 310 continue; |
| 302 | 311 |
| 303 if (preferred_identity && CFEqual(preferred_identity, identity)) { | 312 if (preferred_sec_identity && |
| 313 CFEqual(preferred_sec_identity, sec_identity.get())) { |
| 304 // Only one certificate should match. | 314 // Only one certificate should match. |
| 305 DCHECK(!preferred_cert.get()); | 315 DCHECK(!preferred_identity.get()); |
| 306 preferred_cert = cert; | 316 preferred_identity = base::MakeUnique<ClientCertIdentityMac>( |
| 317 std::move(cert), std::move(sec_identity)); |
| 307 } else { | 318 } else { |
| 308 regular_certs.push_back(cert); | 319 regular_identities.push_back(base::MakeUnique<ClientCertIdentityMac>( |
| 320 std::move(cert), std::move(sec_identity))); |
| 309 } | 321 } |
| 310 } | 322 } |
| 311 | 323 |
| 312 if (err != errSecItemNotFound) { | 324 if (err != errSecItemNotFound) { |
| 313 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; | 325 OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error"; |
| 314 callback.Run(CertificateList()); | 326 callback.Run(ClientCertIdentityList()); |
| 315 return; | 327 return; |
| 316 } | 328 } |
| 317 | 329 |
| 318 CertificateList selected_certs; | 330 ClientCertIdentityList selected_identities; |
| 319 GetClientCertsImpl(preferred_cert, regular_certs, request, true, | 331 GetClientCertsImpl(std::move(preferred_identity), |
| 320 &selected_certs); | 332 std::move(regular_identities), request, true, |
| 321 callback.Run(std::move(selected_certs)); | 333 &selected_identities); |
| 334 callback.Run(std::move(selected_identities)); |
| 322 } | 335 } |
| 323 | 336 |
| 324 bool ClientCertStoreMac::SelectClientCertsForTesting( | 337 bool ClientCertStoreMac::SelectClientCertsForTesting( |
| 325 const CertificateList& input_certs, | 338 ClientCertIdentityList input_identities, |
| 326 const SSLCertRequestInfo& request, | 339 const SSLCertRequestInfo& request, |
| 327 CertificateList* selected_certs) { | 340 ClientCertIdentityList* selected_identities) { |
| 328 GetClientCertsImpl(NULL, input_certs, request, false, selected_certs); | 341 GetClientCertsImpl(NULL, std::move(input_identities), request, false, |
| 342 selected_identities); |
| 329 return true; | 343 return true; |
| 330 } | 344 } |
| 331 | 345 |
| 332 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( | 346 bool ClientCertStoreMac::SelectClientCertsGivenPreferredForTesting( |
| 333 const scoped_refptr<X509Certificate>& preferred_cert, | 347 std::unique_ptr<ClientCertIdentity> preferred_identity, |
| 334 const CertificateList& regular_certs, | 348 ClientCertIdentityList regular_identities, |
| 335 const SSLCertRequestInfo& request, | 349 const SSLCertRequestInfo& request, |
| 336 CertificateList* selected_certs) { | 350 ClientCertIdentityList* selected_identities) { |
| 337 GetClientCertsImpl( | 351 GetClientCertsImpl(std::move(preferred_identity), |
| 338 preferred_cert, regular_certs, request, false, selected_certs); | 352 std::move(regular_identities), request, false, |
| 353 selected_identities); |
| 339 return true; | 354 return true; |
| 340 } | 355 } |
| 341 | 356 |
| 342 #pragma clang diagnostic pop // "-Wdeprecated-declarations" | 357 #pragma clang diagnostic pop // "-Wdeprecated-declarations" |
| 343 | 358 |
| 344 } // namespace net | 359 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
