| Index: chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
|
| diff --git a/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm b/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
|
| index 2143bfe73cfab2baec6bd910aff7db19becc68a8..4c41d6b6c9c1294f08c21ee8eabd5ccf6eff6eb5 100644
|
| --- a/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
|
| +++ b/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
|
| @@ -72,6 +72,13 @@ class SSLClientAuthObserverCocoaBridge : public SSLClientAuthObserver,
|
| afterDelay:0];
|
| }
|
|
|
| + void GotPrivateKey(
|
| + base::scoped_nsobject<SSLClientCertificateSelectorCocoa> controller_ref,
|
| + net::X509Certificate* cert,
|
| + scoped_refptr<net::SSLPrivateKey> private_key) {
|
| + CertificateSelected(cert, private_key.get());
|
| + }
|
| +
|
| private:
|
| SSLClientCertificateSelectorCocoa* controller_; // weak
|
| };
|
| @@ -81,7 +88,7 @@ namespace chrome {
|
| void ShowSSLClientCertificateSelector(
|
| content::WebContents* contents,
|
| net::SSLCertRequestInfo* cert_request_info,
|
| - net::CertificateList client_certs,
|
| + net::ClientCertIdentityList client_certs,
|
| std::unique_ptr<content::ClientCertificateDelegate> delegate) {
|
| DCHECK_CURRENTLY_ON(BrowserThread::UI);
|
|
|
| @@ -177,7 +184,7 @@ void ClearTableViewDataSourcesIfNeeded(NSWindow*) {}
|
| - (void)sheetDidEnd:(NSWindow*)sheet
|
| returnCode:(NSInteger)returnCode
|
| context:(void*)context {
|
| - net::X509Certificate* cert = NULL;
|
| + net::ClientCertIdentity* cert = nullptr;
|
| if (returnCode == NSFileHandlingPanelOKButton) {
|
| CFRange range = CFRangeMake(0, CFArrayGetCount(identities_));
|
| CFIndex index =
|
| @@ -197,30 +204,39 @@ void ClearTableViewDataSourcesIfNeeded(NSWindow*) {}
|
| // certificate. Otherwise, tell the backend which identity (or none) the
|
| // user selected.
|
| userResponded_ = YES;
|
| - observer_->CertificateSelected(cert);
|
| +
|
| + // Remove the observer before we try acquiring private key, otherwise we
|
| + // might act on a notification while waiting for the callback, causing us
|
| + // to delete ourself before the callback gets called.
|
| + observer_->StopObserving();
|
| +
|
| + // pass a scoped_nsobject handle for self to ensure observer_ and
|
| + // certificates_ stay alive until the private key is acquired.
|
| + if (cert) {
|
| + cert->AcquirePrivateKey(
|
| + base::Bind(&SSLClientAuthObserverCocoaBridge::GotPrivateKey,
|
| + base::Unretained(observer_.get()),
|
| + base::scoped_nsobject<SSLClientCertificateSelectorCocoa>(
|
| + [self retain]),
|
| + base::Unretained(cert->certificate())));
|
| + } else {
|
| + observer_->CertificateSelected(nullptr, nullptr);
|
| + }
|
|
|
| constrainedWindow_->CloseWebContentsModalDialog();
|
| }
|
| }
|
|
|
| - (void)displayForWebContents:(content::WebContents*)webContents
|
| - clientCerts:(net::CertificateList)inputClientCerts {
|
| + clientCerts:(net::ClientCertIdentityList)inputClientCerts {
|
| + certificates_ = std::move(inputClientCerts);
|
| // Create an array of CFIdentityRefs for the certificates:
|
| - size_t numCerts = inputClientCerts.size();
|
| + size_t numCerts = certificates_.size();
|
| identities_.reset(CFArrayCreateMutable(
|
| kCFAllocatorDefault, numCerts, &kCFTypeArrayCallBacks));
|
| for (size_t i = 0; i < numCerts; ++i) {
|
| - base::ScopedCFTypeRef<SecCertificateRef> cert(
|
| - net::x509_util::CreateSecCertificateFromX509Certificate(
|
| - inputClientCerts[i].get()));
|
| - if (!cert)
|
| - continue;
|
| - SecIdentityRef identity;
|
| - if (SecIdentityCreateWithCertificate(NULL, cert, &identity) == noErr) {
|
| - CFArrayAppendValue(identities_, identity);
|
| - CFRelease(identity);
|
| - certificates_.push_back(inputClientCerts[i]);
|
| - }
|
| + DCHECK(certificates_[i]->sec_identity_ref());
|
| + CFArrayAppendValue(identities_, certificates_[i]->sec_identity_ref());
|
| }
|
|
|
| // Get the message to display:
|
|
|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
