| Index: net/ssl/ssl_platform_key_mac.cc
|
| diff --git a/net/ssl/ssl_platform_key_mac.cc b/net/ssl/ssl_platform_key_mac.cc
|
| index c4be83d30b1bf9a3456056a283a07d245d390f5f..356f1e39df2fcf3523156ad1ee36327b0d493125 100644
|
| --- a/net/ssl/ssl_platform_key_mac.cc
|
| +++ b/net/ssl/ssl_platform_key_mac.cc
|
| @@ -31,7 +31,6 @@
|
| #include "net/base/net_errors.h"
|
| #include "net/cert/x509_certificate.h"
|
| #include "net/cert/x509_util_mac.h"
|
| -#include "net/ssl/ssl_platform_key.h"
|
| #include "net/ssl/ssl_platform_key_util.h"
|
| #include "net/ssl/ssl_private_key.h"
|
| #include "net/ssl/threaded_ssl_private_key.h"
|
| @@ -78,37 +77,6 @@ class ScopedCSSM_CC_HANDLE {
|
| DISALLOW_COPY_AND_ASSIGN(ScopedCSSM_CC_HANDLE);
|
| };
|
|
|
| -// Looks up the private key for |certificate| in |keychain| and returns
|
| -// a SecKeyRef or nullptr on failure. The caller takes ownership of the
|
| -// result.
|
| -SecKeyRef FetchSecKeyRefForCertificate(const X509Certificate* certificate,
|
| - SecKeychainRef keychain) {
|
| - OSStatus status;
|
| - base::ScopedCFTypeRef<SecIdentityRef> identity;
|
| - {
|
| - base::ScopedCFTypeRef<SecCertificateRef> os_cert(
|
| - x509_util::CreateSecCertificateFromX509Certificate(certificate));
|
| - if (!os_cert)
|
| - return nullptr;
|
| - base::AutoLock lock(crypto::GetMacSecurityServicesLock());
|
| - status = SecIdentityCreateWithCertificate(keychain, os_cert.get(),
|
| - identity.InitializeInto());
|
| - }
|
| - if (status != noErr) {
|
| - OSSTATUS_LOG(WARNING, status);
|
| - return nullptr;
|
| - }
|
| -
|
| - base::ScopedCFTypeRef<SecKeyRef> private_key;
|
| - status = SecIdentityCopyPrivateKey(identity, private_key.InitializeInto());
|
| - if (status != noErr) {
|
| - OSSTATUS_LOG(WARNING, status);
|
| - return nullptr;
|
| - }
|
| -
|
| - return private_key.release();
|
| -}
|
| -
|
| // These symbols were added in the 10.12 SDK, but we currently use an older SDK,
|
| // so look them up with dlsym.
|
| //
|
| @@ -376,17 +344,9 @@ class SSLPlatformKeySecKey : public ThreadedSSLPrivateKey::Delegate {
|
| DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeySecKey);
|
| };
|
|
|
| -} // namespace
|
| -
|
| -scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKeyFromKeychain(
|
| +scoped_refptr<SSLPrivateKey> CreateSSLPrivateKeyForSecKey(
|
| const X509Certificate* certificate,
|
| - SecKeychainRef keychain) {
|
| - // Look up the private key.
|
| - base::ScopedCFTypeRef<SecKeyRef> private_key(
|
| - FetchSecKeyRefForCertificate(certificate, keychain));
|
| - if (!private_key)
|
| - return nullptr;
|
| -
|
| + SecKeyRef private_key) {
|
| int key_type;
|
| size_t max_length;
|
| if (!GetClientCertInfo(certificate, &key_type, &max_length))
|
| @@ -395,26 +355,37 @@ scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKeyFromKeychain(
|
| if (base::mac::IsAtLeastOS10_12()) {
|
| return make_scoped_refptr(
|
| new ThreadedSSLPrivateKey(base::MakeUnique<SSLPlatformKeySecKey>(
|
| - key_type, max_length, private_key.get()),
|
| + key_type, max_length, private_key),
|
| GetSSLPlatformKeyTaskRunner()));
|
| }
|
|
|
| const CSSM_KEY* cssm_key;
|
| - OSStatus status = SecKeyGetCSSMKey(private_key.get(), &cssm_key);
|
| + OSStatus status = SecKeyGetCSSMKey(private_key, &cssm_key);
|
| if (status != noErr) {
|
| OSSTATUS_LOG(WARNING, status);
|
| return nullptr;
|
| }
|
|
|
| return make_scoped_refptr(new ThreadedSSLPrivateKey(
|
| - base::MakeUnique<SSLPlatformKeyCSSM>(key_type, max_length,
|
| - private_key.get(), cssm_key),
|
| + base::MakeUnique<SSLPlatformKeyCSSM>(key_type, max_length, private_key,
|
| + cssm_key),
|
| GetSSLPlatformKeyTaskRunner()));
|
| }
|
|
|
| -scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
|
| - const X509Certificate* certificate) {
|
| - return FetchClientCertPrivateKeyFromKeychain(certificate, nullptr);
|
| +} // namespace
|
| +
|
| +scoped_refptr<SSLPrivateKey> CreateSSLPrivateKeyForSecIdentity(
|
| + const X509Certificate* certificate,
|
| + SecIdentityRef identity) {
|
| + base::ScopedCFTypeRef<SecKeyRef> private_key;
|
| + OSStatus status =
|
| + SecIdentityCopyPrivateKey(identity, private_key.InitializeInto());
|
| + if (status != noErr) {
|
| + OSSTATUS_LOG(WARNING, status);
|
| + return nullptr;
|
| + }
|
| +
|
| + return CreateSSLPrivateKeyForSecKey(certificate, private_key.get());
|
| }
|
|
|
| #pragma clang diagnostic pop // "-Wdeprecated-declarations"
|
|
|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
