Index: net/ssl/client_cert_store_win.cc |
diff --git a/net/ssl/client_cert_store_win.cc b/net/ssl/client_cert_store_win.cc |
index 2383765ae07236146bfb5a1721a2d61c776df5e2..e4a59de5e0c9f0ea6ea0a26277e8dccc01308cd6 100644 |
--- a/net/ssl/client_cert_store_win.cc |
+++ b/net/ssl/client_cert_store_win.cc |
@@ -22,6 +22,7 @@ |
#include "crypto/wincrypt_shim.h" |
#include "net/cert/x509_util.h" |
#include "net/cert/x509_util_win.h" |
+#include "net/ssl/ssl_platform_key_util.h" |
#include "net/ssl/ssl_platform_key_win.h" |
#include "net/ssl/ssl_private_key.h" |
@@ -105,10 +106,9 @@ static BOOL WINAPI ClientCertFindCallback(PCCERT_CONTEXT cert_context, |
return TRUE; |
} |
-void GetClientCertsImpl(HCERTSTORE cert_store, |
- const SSLCertRequestInfo& request, |
- ClientCertIdentityList* selected_identities) { |
- selected_identities->clear(); |
+ClientCertIdentityList GetClientCertsImpl(HCERTSTORE cert_store, |
+ const SSLCertRequestInfo& request) { |
+ ClientCertIdentityList selected_identities; |
scoped_refptr<base::SingleThreadTaskRunner> current_thread = |
base::ThreadTaskRunnerHandle::Get(); |
@@ -198,7 +198,7 @@ void GetClientCertsImpl(HCERTSTORE cert_store, |
x509_util::CreateX509CertificateFromCertContexts(cert_context2, |
intermediates); |
if (cert) { |
- selected_identities->push_back(base::MakeUnique<ClientCertIdentityWin>( |
+ selected_identities.push_back(base::MakeUnique<ClientCertIdentityWin>( |
std::move(cert), |
cert_context2, // Takes ownership of |cert_context2|. |
current_thread)); // The key must be acquired on the same thread, as |
@@ -208,8 +208,9 @@ void GetClientCertsImpl(HCERTSTORE cert_store, |
CertFreeCertificateContext(intermediates[i]); |
} |
- std::sort(selected_identities->begin(), selected_identities->end(), |
+ std::sort(selected_identities.begin(), selected_identities.end(), |
ClientCertIdentitySorter()); |
+ return selected_identities; |
} |
} // namespace |
@@ -226,16 +227,39 @@ ClientCertStoreWin::~ClientCertStoreWin() {} |
void ClientCertStoreWin::GetClientCerts( |
const SSLCertRequestInfo& request, |
const ClientCertListCallback& callback) { |
- ClientCertIdentityList selected_identities; |
if (cert_store_) { |
// Use the existing client cert store. Note: Under some situations, |
// it's possible for this to return certificates that aren't usable |
// (see below). |
- GetClientCertsImpl(cert_store_, request, &selected_identities); |
- callback.Run(std::move(selected_identities)); |
+ // When using caller provided HCERTSTORE, assume that it should be accessed |
+ // on the current thread. |
+ callback.Run(GetClientCertsImpl(cert_store_, request)); |
+ return; |
+ } |
+ |
+#if BUILDFLAG(USE_BYTE_CERTS) |
+ if (base::PostTaskAndReplyWithResult( |
+ GetSSLPlatformKeyTaskRunner().get(), FROM_HERE, |
+ // Caller is responsible for keeping the |request| alive |
+ // until the callback is run, so ConstRef is safe. |
+ base::Bind(&ClientCertStoreWin::GetClientCertsWithMyCertStore, |
+ base::ConstRef(request)), |
+ callback)) { |
return; |
} |
+ // If the task could not be posted, behave as if there were no certificates. |
+ callback.Run(ClientCertIdentityList()); |
+#else |
+ // When using PCERT_CONTEXT based X509Certificate, must do this on the same |
+ // thread. |
+ callback.Run(GetClientCertsWithMyCertStore(request)); |
+#endif |
+} |
+ |
+// static |
+ClientCertIdentityList ClientCertStoreWin::GetClientCertsWithMyCertStore( |
+ const SSLCertRequestInfo& request) { |
// Always open a new instance of the "MY" store, to ensure that there |
// are no previously cached certificates being reused after they're |
// no longer available (some smartcard providers fail to update the "MY" |
@@ -243,12 +267,9 @@ void ClientCertStoreWin::GetClientCerts( |
ScopedHCERTSTORE my_cert_store(CertOpenSystemStore(NULL, L"MY")); |
if (!my_cert_store) { |
PLOG(ERROR) << "Could not open the \"MY\" system certificate store: "; |
- callback.Run(ClientCertIdentityList()); |
- return; |
+ return ClientCertIdentityList(); |
} |
- |
- GetClientCertsImpl(my_cert_store, request, &selected_identities); |
- callback.Run(std::move(selected_identities)); |
+ return GetClientCertsImpl(my_cert_store, request); |
} |
bool ClientCertStoreWin::SelectClientCertsForTesting( |
@@ -287,7 +308,7 @@ bool ClientCertStoreWin::SelectClientCertsForTesting( |
} |
} |
- GetClientCertsImpl(test_store.get(), request, selected_identities); |
+ *selected_identities = GetClientCertsImpl(test_store.get(), request); |
return true; |
} |