Chromium Code Reviews Chromium Code Reviews
Issue 2913253003:
Convert Windows to use X509CertificateBytes. (Closed)
| Index: net/ssl/client_cert_store_win.cc |
| diff --git a/net/ssl/client_cert_store_win.cc b/net/ssl/client_cert_store_win.cc |
| index b82a94b826f248dbdedb8773b0ab818543ee1968..2383765ae07236146bfb5a1721a2d61c776df5e2 100644 |
| --- a/net/ssl/client_cert_store_win.cc |
| +++ b/net/ssl/client_cert_store_win.cc |
| @@ -16,10 +16,12 @@ |
| #include "base/callback.h" |
| #include "base/logging.h" |
| #include "base/memory/ptr_util.h" |
| +#include "base/numerics/safe_conversions.h" |
| #include "base/task_runner_util.h" |
| #include "base/threading/thread_task_runner_handle.h" |
| #include "crypto/wincrypt_shim.h" |
| #include "net/cert/x509_util.h" |
| +#include "net/cert/x509_util_win.h" |
| #include "net/ssl/ssl_platform_key_win.h" |
| #include "net/ssl/ssl_private_key.h" |
| @@ -160,7 +162,7 @@ void GetClientCertsImpl(HCERTSTORE cert_store, |
| } |
| // Grab the intermediates, if any. |
| - X509Certificate::OSCertHandles intermediates; |
| + std::vector<PCCERT_CONTEXT> intermediates; |
| for (DWORD i = 1; i < chain_context->rgpChain[0]->cElement; ++i) { |
| PCCERT_CONTEXT chain_intermediate = |
| chain_context->rgpChain[0]->rgpElement[i]->pCertContext; |
| @@ -180,18 +182,21 @@ void GetClientCertsImpl(HCERTSTORE cert_store, |
| // The leaf or a intermediate may also have a weak signature algorithm but, |
| // in that case, assume it is a configuration error. |
| if (!intermediates.empty() && |
| - X509Certificate::IsSelfSigned(intermediates.back())) { |
| + x509_util::IsSelfSigned(intermediates.back())) { |
| CertFreeCertificateContext(intermediates.back()); |
| intermediates.pop_back(); |
| } |
| + // TODO(mattm): The following comment is only true when not using |
| + // USE_BYTE_CERTS. Remove it once the non-byte-certs code is also removed. |
| // TODO(svaldez): cert currently wraps cert_context2 which may be backed |
| // by a smartcard with threading difficulties. Instead, create a fresh |
| // X509Certificate with CreateFromBytes and route cert_context2 into the |
| // SSLPrivateKey. Probably changing CertificateList to be a |
| // pair<X509Certificate, SSLPrivateKeyCallback>. |
| - scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( |
| - cert_context2, intermediates); |
| + scoped_refptr<X509Certificate> cert = |
| + x509_util::CreateX509CertificateFromCertContexts(cert_context2, |
| + intermediates); |
|
davidben
2017/06/15 23:55:18
[Ah. I see why it's easier to tie this change to U
|
| if (cert) { |
| selected_identities->push_back(base::MakeUnique<ClientCertIdentityWin>( |
| std::move(cert), |
| @@ -259,11 +264,18 @@ bool ClientCertStoreWin::SelectClientCertsForTesting( |
| for (size_t i = 0; i < input_certs.size(); ++i) { |
| // Add the certificate to the test store. |
| PCCERT_CONTEXT cert = NULL; |
| - if (!CertAddCertificateContextToStore(test_store, |
| - input_certs[i]->os_cert_handle(), |
| - CERT_STORE_ADD_NEW, &cert)) { |
| + std::string der_cert; |
| + X509Certificate::GetDEREncoded(input_certs[i]->os_cert_handle(), &der_cert); |
| + if (!CertAddEncodedCertificateToStore( |
| + test_store, X509_ASN_ENCODING, |
| + reinterpret_cast<const BYTE*>(der_cert.data()), |
| + base::checked_cast<DWORD>(der_cert.size()), CERT_STORE_ADD_NEW, |
| + &cert)) { |
| return false; |
| } |
| + // Hold the reference to the certificate (since we requested a copy). |
| + ScopedPCCERT_CONTEXT scoped_cert(cert); |
| + |
| // Add dummy private key data to the certificate - otherwise the certificate |
| // would be discarded by the filtering routines. |
| CRYPT_KEY_PROV_INFO private_key_data; |
| @@ -273,10 +285,6 @@ bool ClientCertStoreWin::SelectClientCertsForTesting( |
| 0, &private_key_data)) { |
| return false; |
| } |
| - // Decrement the reference count of the certificate (since we requested a |
| - // copy). |
| - if (!CertFreeCertificateContext(cert)) |
| - return false; |
| } |
| GetClientCertsImpl(test_store.get(), request, selected_identities); |
