| Index: net/ssl/client_cert_store_win.cc
|
| diff --git a/net/ssl/client_cert_store_win.cc b/net/ssl/client_cert_store_win.cc
|
| index fec9c33ae67b7d108e0468e4d686e606822213a1..1be0f76b9cd64fb2011e60963d7a3fa975fe0d3d 100644
|
| --- a/net/ssl/client_cert_store_win.cc
|
| +++ b/net/ssl/client_cert_store_win.cc
|
| @@ -11,15 +11,54 @@
|
| #include <windows.h>
|
| #include <security.h>
|
|
|
| +#include "base/bind.h"
|
| +#include "base/bind_helpers.h"
|
| #include "base/callback.h"
|
| #include "base/logging.h"
|
| +#include "base/memory/ptr_util.h"
|
| +#include "base/task_runner_util.h"
|
| #include "crypto/wincrypt_shim.h"
|
| #include "net/cert/x509_util.h"
|
| +#include "net/ssl/ssl_platform_key_util.h"
|
| +#include "net/ssl/ssl_platform_key_win.h"
|
| +#include "net/ssl/ssl_private_key.h"
|
|
|
| namespace net {
|
|
|
| namespace {
|
|
|
| +class ClientCertIdentityWin : public ClientCertIdentity {
|
| + public:
|
| + // Takes ownership of |cert_context|.
|
| + ClientCertIdentityWin(scoped_refptr<net::X509Certificate> cert,
|
| + PCCERT_CONTEXT cert_context)
|
| + : ClientCertIdentity(std::move(cert)), cert_context_(cert_context) {}
|
| + ~ClientCertIdentityWin() override {
|
| + CertFreeCertificateContext(cert_context_);
|
| + }
|
| +
|
| + void AcquirePrivateKey(
|
| + const base::Callback<void(scoped_refptr<SSLPrivateKey>)>&
|
| + private_key_callback) override;
|
| +
|
| + private:
|
| + PCCERT_CONTEXT cert_context_;
|
| +};
|
| +
|
| +void ClientCertIdentityWin::AcquirePrivateKey(
|
| + const base::Callback<void(scoped_refptr<SSLPrivateKey>)>&
|
| + private_key_callback) {
|
| + if (base::PostTaskAndReplyWithResult(
|
| + GetSSLPlatformKeyTaskRunner().get(), FROM_HERE,
|
| + base::Bind(&FetchClientCertPrivateKey,
|
| + base::Unretained(certificate()), cert_context_),
|
| + private_key_callback)) {
|
| + return;
|
| + }
|
| + // If the task could not be posted, behave as if there was no key.
|
| + private_key_callback.Run(nullptr);
|
| +}
|
| +
|
| // Callback required by Windows API function CertFindChainInStore(). In addition
|
| // to filtering by extended/enhanced key usage, we do not show expired
|
| // certificates and require digital signature usage in the key usage extension.
|
| @@ -65,7 +104,7 @@ static BOOL WINAPI ClientCertFindCallback(PCCERT_CONTEXT cert_context,
|
|
|
| void GetClientCertsImpl(HCERTSTORE cert_store,
|
| const SSLCertRequestInfo& request,
|
| - CertificateList* selected_certs) {
|
| + ClientCertIdentityList* selected_certs) {
|
| selected_certs->clear();
|
|
|
| const size_t auth_count = request.cert_authorities.size();
|
| @@ -149,15 +188,17 @@ void GetClientCertsImpl(HCERTSTORE cert_store,
|
| // pair<X509Certificate, SSLPrivateKeyCallback>.
|
| scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
|
| cert_context2, intermediates);
|
| - if (cert)
|
| - selected_certs->push_back(std::move(cert));
|
| - CertFreeCertificateContext(cert_context2);
|
| + if (cert) {
|
| + selected_certs->push_back(base::MakeUnique<ClientCertIdentityWin>(
|
| + std::move(cert),
|
| + cert_context2)); // Takes ownership of |cert_context2|
|
| + }
|
| for (size_t i = 0; i < intermediates.size(); ++i)
|
| CertFreeCertificateContext(intermediates[i]);
|
| }
|
|
|
| std::sort(selected_certs->begin(), selected_certs->end(),
|
| - x509_util::ClientCertSorter());
|
| + ClientCertIdentitySorter());
|
| }
|
|
|
| } // namespace
|
| @@ -174,7 +215,7 @@ ClientCertStoreWin::~ClientCertStoreWin() {}
|
| void ClientCertStoreWin::GetClientCerts(
|
| const SSLCertRequestInfo& request,
|
| const ClientCertListCallback& callback) {
|
| - CertificateList selected_certs;
|
| + ClientCertIdentityList selected_certs;
|
| if (cert_store_) {
|
| // Use the existing client cert store. Note: Under some situations,
|
| // it's possible for this to return certificates that aren't usable
|
| @@ -191,7 +232,7 @@ void ClientCertStoreWin::GetClientCerts(
|
| ScopedHCERTSTORE my_cert_store(CertOpenSystemStore(NULL, L"MY"));
|
| if (!my_cert_store) {
|
| PLOG(ERROR) << "Could not open the \"MY\" system certificate store: ";
|
| - callback.Run(CertificateList());
|
| + callback.Run(ClientCertIdentityList());
|
| return;
|
| }
|
|
|
| @@ -202,7 +243,7 @@ void ClientCertStoreWin::GetClientCerts(
|
| bool ClientCertStoreWin::SelectClientCertsForTesting(
|
| const CertificateList& input_certs,
|
| const SSLCertRequestInfo& request,
|
| - CertificateList* selected_certs) {
|
| + ClientCertIdentityList* selected_certs) {
|
| ScopedHCERTSTORE test_store(CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, 0,
|
| NULL));
|
| if (!test_store)
|
|
|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
