| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 #include <iterator> | 9 #include <iterator> |
| 10 #include <utility> | 10 #include <utility> |
| 11 | 11 |
| 12 #include "base/bind.h" | 12 #include "base/bind.h" |
| 13 #include "base/bind_helpers.h" | 13 #include "base/bind_helpers.h" |
| 14 #include "base/callback.h" | 14 #include "base/callback.h" |
| 15 #include "base/location.h" | 15 #include "base/location.h" |
| 16 #include "base/memory/ptr_util.h" | 16 #include "base/memory/ptr_util.h" |
| 17 #include "base/task_runner_util.h" | 17 #include "base/task_runner_util.h" |
| 18 #include "base/threading/worker_pool.h" | 18 #include "base/threading/worker_pool.h" |
| 19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | 19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
| 20 #include "crypto/nss_crypto_module_delegate.h" | 20 #include "crypto/nss_crypto_module_delegate.h" |
| 21 #include "net/ssl/client_key_store.h" | |
| 22 #include "net/ssl/ssl_cert_request_info.h" | 21 #include "net/ssl/ssl_cert_request_info.h" |
| 23 #include "net/ssl/ssl_private_key.h" | 22 #include "net/ssl/ssl_private_key.h" |
| 24 | 23 |
| 25 namespace chromeos { | 24 namespace chromeos { |
| 26 | 25 |
| 27 namespace { | 26 namespace { |
| 28 | 27 |
| 29 class ClientCertIdentityCros : public net::ClientCertIdentity { | |
| 30 public: | |
| 31 explicit ClientCertIdentityCros(scoped_refptr<net::X509Certificate> cert) | |
| 32 : net::ClientCertIdentity(std::move(cert)) {} | |
| 33 ~ClientCertIdentityCros() override = default; | |
| 34 | |
| 35 void AcquirePrivateKey( | |
| 36 const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)>& | |
| 37 private_key_callback) override { | |
| 38 // There is only one implementation of ClientKeyStore and it doesn't do | |
| 39 // anything blocking, so this doesn't need to run on a worker thread. | |
| 40 private_key_callback.Run( | |
| 41 net::ClientKeyStore::GetInstance()->FetchClientCertPrivateKey( | |
| 42 *certificate())); | |
| 43 } | |
| 44 }; | |
| 45 | |
| 46 class CertNotAllowedPredicate { | 28 class CertNotAllowedPredicate { |
| 47 public: | 29 public: |
| 48 explicit CertNotAllowedPredicate( | 30 explicit CertNotAllowedPredicate( |
| 49 const ClientCertStoreChromeOS::CertFilter* filter) | 31 const ClientCertStoreChromeOS::CertFilter* filter) |
| 50 : filter_(filter) {} | 32 : filter_(filter) {} |
| 51 bool operator()( | 33 bool operator()( |
| 52 const std::unique_ptr<net::ClientCertIdentity>& identity) const { | 34 const std::unique_ptr<net::ClientCertIdentity>& identity) const { |
| 53 return !filter_->IsCertAllowed(identity->certificate()); | 35 return !filter_->IsCertAllowed(identity->certificate()); |
| 54 } | 36 } |
| 55 | 37 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 66 : cert_provider_(std::move(cert_provider)), | 48 : cert_provider_(std::move(cert_provider)), |
| 67 cert_filter_(std::move(cert_filter)) {} | 49 cert_filter_(std::move(cert_filter)) {} |
| 68 | 50 |
| 69 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} | 51 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} |
| 70 | 52 |
| 71 void ClientCertStoreChromeOS::GetClientCerts( | 53 void ClientCertStoreChromeOS::GetClientCerts( |
| 72 const net::SSLCertRequestInfo& cert_request_info, | 54 const net::SSLCertRequestInfo& cert_request_info, |
| 73 const ClientCertListCallback& callback) { | 55 const ClientCertListCallback& callback) { |
| 74 // Caller is responsible for keeping the ClientCertStore alive until the | 56 // Caller is responsible for keeping the ClientCertStore alive until the |
| 75 // callback is run. | 57 // callback is run. |
| 76 base::Callback<void(const net::CertificateList&)> | 58 base::Callback<void(net::ClientCertIdentityList)> |
| 77 get_platform_certs_and_filter = | 59 get_platform_certs_and_filter = |
| 78 base::Bind(&ClientCertStoreChromeOS::GotAdditionalCerts, | 60 base::Bind(&ClientCertStoreChromeOS::GotAdditionalCerts, |
| 79 base::Unretained(this), &cert_request_info, callback); | 61 base::Unretained(this), &cert_request_info, callback); |
| 80 | 62 |
| 81 base::Closure get_additional_certs_and_continue; | 63 base::Closure get_additional_certs_and_continue; |
| 82 if (cert_provider_) { | 64 if (cert_provider_) { |
| 83 get_additional_certs_and_continue = base::Bind( | 65 get_additional_certs_and_continue = base::Bind( |
| 84 &CertificateProvider::GetCertificates, | 66 &CertificateProvider::GetCertificates, |
| 85 base::Unretained(cert_provider_.get()), get_platform_certs_and_filter); | 67 base::Unretained(cert_provider_.get()), get_platform_certs_and_filter); |
| 86 } else { | 68 } else { |
| 87 get_additional_certs_and_continue = | 69 get_additional_certs_and_continue = |
| 88 base::Bind(get_platform_certs_and_filter, net::CertificateList()); | 70 base::Bind(get_platform_certs_and_filter, |
| 71 base::Passed(net::ClientCertIdentityList())); |
| 89 } | 72 } |
| 90 | 73 |
| 91 if (cert_filter_->Init(get_additional_certs_and_continue)) | 74 if (cert_filter_->Init(get_additional_certs_and_continue)) |
| 92 get_additional_certs_and_continue.Run(); | 75 get_additional_certs_and_continue.Run(); |
| 93 } | 76 } |
| 94 | 77 |
| 95 void ClientCertStoreChromeOS::GotAdditionalCerts( | 78 void ClientCertStoreChromeOS::GotAdditionalCerts( |
| 96 const net::SSLCertRequestInfo* request, | 79 const net::SSLCertRequestInfo* request, |
| 97 const ClientCertListCallback& callback, | 80 const ClientCertListCallback& callback, |
| 98 const net::CertificateList& additional_certs) { | 81 net::ClientCertIdentityList additional_certs) { |
| 99 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; | 82 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
| 100 if (!password_delegate_factory_.is_null()) | 83 if (!password_delegate_factory_.is_null()) |
| 101 password_delegate = password_delegate_factory_.Run(request->host_and_port); | 84 password_delegate = password_delegate_factory_.Run(request->host_and_port); |
| 102 if (base::PostTaskAndReplyWithResult( | 85 if (base::PostTaskAndReplyWithResult( |
| 103 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), | 86 base::WorkerPool::GetTaskRunner(true /* task_is_slow */).get(), |
| 104 FROM_HERE, | 87 FROM_HERE, |
| 105 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, | 88 base::Bind(&ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread, |
| 106 base::Unretained(this), password_delegate, request, | 89 base::Unretained(this), password_delegate, request, |
| 107 additional_certs), | 90 base::Passed(&additional_certs)), |
| 108 callback)) { | 91 callback)) { |
| 109 return; | 92 return; |
| 110 } | 93 } |
| 111 // If the task could not be posted, behave as if there were no certificates. | 94 // If the task could not be posted, behave as if there were no certificates. |
| 112 callback.Run(net::ClientCertIdentityList()); | 95 callback.Run(net::ClientCertIdentityList()); |
| 113 } | 96 } |
| 114 | 97 |
| 115 net::ClientCertIdentityList | 98 net::ClientCertIdentityList |
| 116 ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( | 99 ClientCertStoreChromeOS::GetAndFilterCertsOnWorkerThread( |
| 117 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> | 100 scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| 118 password_delegate, | 101 password_delegate, |
| 119 const net::SSLCertRequestInfo* request, | 102 const net::SSLCertRequestInfo* request, |
| 120 const net::CertificateList& additional_certs) { | 103 net::ClientCertIdentityList additional_certs) { |
| 121 net::ClientCertIdentityList client_certs; | 104 net::ClientCertIdentityList client_certs; |
| 122 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( | 105 net::ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( |
| 123 std::move(password_delegate), &client_certs); | 106 std::move(password_delegate), &client_certs); |
| 124 | 107 |
| 125 client_certs.erase( | 108 client_certs.erase( |
| 126 std::remove_if(client_certs.begin(), client_certs.end(), | 109 std::remove_if(client_certs.begin(), client_certs.end(), |
| 127 CertNotAllowedPredicate(cert_filter_.get())), | 110 CertNotAllowedPredicate(cert_filter_.get())), |
| 128 client_certs.end()); | 111 client_certs.end()); |
| 129 | 112 |
| 130 for (const scoped_refptr<net::X509Certificate>& cert : additional_certs) | 113 client_certs.reserve(client_certs.size() + additional_certs.size()); |
| 131 client_certs.push_back(base::MakeUnique<ClientCertIdentityCros>(cert)); | 114 for (std::unique_ptr<net::ClientCertIdentity>& cert : additional_certs) |
| 115 client_certs.push_back(std::move(cert)); |
| 132 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(&client_certs, *request); | 116 net::ClientCertStoreNSS::FilterCertsOnWorkerThread(&client_certs, *request); |
| 133 return client_certs; | 117 return client_certs; |
| 134 } | 118 } |
| 135 | 119 |
| 136 } // namespace chromeos | 120 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2937553003:
Make CertificateProviderService vend ClientCertIdentities directly. (Closed)
