OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_chromeos.h" | 5 #include "net/ssl/client_cert_store_chromeos.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "crypto/nss_crypto_module_delegate.h" | 10 #include "crypto/nss_crypto_module_delegate.h" |
11 #include "crypto/nss_util_internal.h" | 11 #include "crypto/nss_util_internal.h" |
12 | 12 |
13 namespace net { | 13 namespace net { |
14 | 14 |
15 namespace { | |
16 | |
17 typedef base::Callback<void(crypto::ScopedPK11Slot system_slot, | |
18 crypto::ScopedPK11Slot private_slot)> | |
19 GetSystemAndPrivateSlotCallback; | |
20 | |
21 // Gets the private slot for the user with the username hash |username_hash| and | |
22 // calls |callback| with both |system_slot| and the obtained private slot. | |
23 void GetPrivateSlotAndCallBack(const std::string& username_hash, | |
24 const GetSystemAndPrivateSlotCallback& callback, | |
25 crypto::ScopedPK11Slot system_slot) { | |
26 base::Callback<void(crypto::ScopedPK11Slot)> wrapped_callback = | |
27 base::Bind(callback, base::Passed(&system_slot)); | |
28 | |
29 crypto::ScopedPK11Slot slot( | |
30 crypto::GetPrivateSlotForChromeOSUser(username_hash, wrapped_callback)); | |
31 if (slot) | |
32 wrapped_callback.Run(slot.Pass()); | |
33 } | |
34 | |
35 // Gets the system slot, then the private slot for the user with the username | |
36 // hash |username_hash|, and finally calls |callback| with both slots. | |
37 void GetSystemAndPrivateSlot(const std::string& username_hash, | |
38 const GetSystemAndPrivateSlotCallback& callback) { | |
39 crypto::ScopedPK11Slot system_slot(crypto::GetSystemNSSKeySlot( | |
Ryan Sleevi
2014/07/29 23:53:15
This is temporary, right? Doesn't seem like we sho
pneubeck (no reviews)
2014/07/30 06:27:40
Yes. At first I wanted to pass the system slot to
Ryan Sleevi
2014/07/30 06:45:30
Don't do this. Don't make another factory.
The Cl
| |
40 base::Bind(&GetPrivateSlotAndCallBack, username_hash, callback))); | |
41 if (system_slot) | |
42 GetPrivateSlotAndCallBack(username_hash, callback, system_slot.Pass()); | |
43 } | |
44 | |
45 } // namespace | |
46 | |
15 ClientCertStoreChromeOS::ClientCertStoreChromeOS( | 47 ClientCertStoreChromeOS::ClientCertStoreChromeOS( |
48 bool use_system_slot, | |
16 const std::string& username_hash, | 49 const std::string& username_hash, |
17 const PasswordDelegateFactory& password_delegate_factory) | 50 const PasswordDelegateFactory& password_delegate_factory) |
18 : ClientCertStoreNSS(password_delegate_factory), | 51 : ClientCertStoreNSS(password_delegate_factory), |
19 username_hash_(username_hash) {} | 52 use_system_slot_(use_system_slot), |
53 username_hash_(username_hash) { | |
54 } | |
20 | 55 |
21 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} | 56 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} |
22 | 57 |
23 void ClientCertStoreChromeOS::GetClientCerts( | 58 void ClientCertStoreChromeOS::GetClientCerts( |
24 const SSLCertRequestInfo& cert_request_info, | 59 const SSLCertRequestInfo& cert_request_info, |
25 CertificateList* selected_certs, | 60 CertificateList* selected_certs, |
26 const base::Closure& callback) { | 61 const base::Closure& callback) { |
27 crypto::ScopedPK11Slot private_slot(crypto::GetPrivateSlotForChromeOSUser( | 62 GetSystemAndPrivateSlotCallback bound_callback = |
28 username_hash_, | 63 base::Bind(&ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot, |
29 base::Bind(&ClientCertStoreChromeOS::DidGetPrivateSlot, | |
30 // Caller is responsible for keeping the ClientCertStore alive | 64 // Caller is responsible for keeping the ClientCertStore alive |
31 // until the callback is run. | 65 // until the callback is run. |
32 base::Unretained(this), | 66 base::Unretained(this), |
33 &cert_request_info, | 67 &cert_request_info, |
34 selected_certs, | 68 selected_certs, |
35 callback))); | 69 callback); |
36 if (private_slot) | 70 |
37 DidGetPrivateSlot( | 71 if (use_system_slot_) { |
38 &cert_request_info, selected_certs, callback, private_slot.Pass()); | 72 GetSystemAndPrivateSlot(username_hash_, bound_callback); |
73 } else { | |
74 // Skip getting the system slot. | |
75 GetPrivateSlotAndCallBack( | |
76 username_hash_, bound_callback, crypto::ScopedPK11Slot()); | |
77 } | |
39 } | 78 } |
40 | 79 |
41 void ClientCertStoreChromeOS::GetClientCertsImpl(CERTCertList* cert_list, | 80 void ClientCertStoreChromeOS::GetClientCertsImpl( |
42 const SSLCertRequestInfo& request, | 81 CERTCertList* cert_list, |
43 bool query_nssdb, | 82 const SSLCertRequestInfo& request, |
44 CertificateList* selected_certs) { | 83 bool query_nssdb, |
84 CertificateList* selected_certs) { | |
45 ClientCertStoreNSS::GetClientCertsImpl( | 85 ClientCertStoreNSS::GetClientCertsImpl( |
46 cert_list, request, query_nssdb, selected_certs); | 86 cert_list, request, query_nssdb, selected_certs); |
47 | 87 |
48 size_t pre_size = selected_certs->size(); | 88 size_t pre_size = selected_certs->size(); |
49 selected_certs->erase( | 89 selected_certs->erase( |
50 std::remove_if( | 90 std::remove_if( |
51 selected_certs->begin(), | 91 selected_certs->begin(), |
52 selected_certs->end(), | 92 selected_certs->end(), |
53 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate( | 93 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate( |
54 profile_filter_)), | 94 profile_filter_)), |
55 selected_certs->end()); | 95 selected_certs->end()); |
56 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of " | 96 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of " |
57 << pre_size << " certs"; | 97 << pre_size << " certs"; |
58 } | 98 } |
59 | 99 |
60 void ClientCertStoreChromeOS::DidGetPrivateSlot( | 100 void ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot( |
61 const SSLCertRequestInfo* request, | 101 const SSLCertRequestInfo* request, |
62 CertificateList* selected_certs, | 102 CertificateList* selected_certs, |
63 const base::Closure& callback, | 103 const base::Closure& callback, |
104 crypto::ScopedPK11Slot system_slot, | |
64 crypto::ScopedPK11Slot private_slot) { | 105 crypto::ScopedPK11Slot private_slot) { |
65 profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_), | 106 profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_), |
66 private_slot.Pass()); | 107 private_slot.Pass(), |
108 system_slot.Pass()); | |
67 ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback); | 109 ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback); |
68 } | 110 } |
69 | 111 |
70 } // namespace net | 112 } // namespace net |
OLD | NEW |