OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_chromeos.h" | 5 #include "net/ssl/client_cert_store_chromeos.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "crypto/nss_crypto_module_delegate.h" | 10 #include "crypto/nss_crypto_module_delegate.h" |
11 #include "crypto/nss_util_internal.h" | 11 #include "crypto/nss_util_internal.h" |
12 | 12 |
13 namespace net { | 13 namespace net { |
14 | 14 |
| 15 namespace { |
| 16 |
| 17 typedef base::Callback<void(crypto::ScopedPK11Slot system_slot, |
| 18 crypto::ScopedPK11Slot private_slot)> |
| 19 GetSystemAndPrivateSlotCallback; |
| 20 |
| 21 // Gets the private slot for the user with the username hash |username_hash| and |
| 22 // calls |callback| with both |system_slot| and the obtained private slot. |
| 23 void GetPrivateSlotAndCallBack(const std::string& username_hash, |
| 24 const GetSystemAndPrivateSlotCallback& callback, |
| 25 crypto::ScopedPK11Slot system_slot) { |
| 26 base::Callback<void(crypto::ScopedPK11Slot)> wrapped_callback = |
| 27 base::Bind(callback, base::Passed(&system_slot)); |
| 28 |
| 29 crypto::ScopedPK11Slot slot( |
| 30 crypto::GetPrivateSlotForChromeOSUser(username_hash, wrapped_callback)); |
| 31 if (slot) |
| 32 wrapped_callback.Run(slot.Pass()); |
| 33 } |
| 34 |
| 35 // Gets the system slot, then the private slot for the user with the username |
| 36 // hash |username_hash|, and finally calls |callback| with both slots. |
| 37 void GetSystemAndPrivateSlot(const std::string& username_hash, |
| 38 const GetSystemAndPrivateSlotCallback& callback) { |
| 39 crypto::ScopedPK11Slot system_slot(crypto::GetSystemNSSKeySlot( |
| 40 base::Bind(&GetPrivateSlotAndCallBack, username_hash, callback))); |
| 41 if (system_slot) |
| 42 GetPrivateSlotAndCallBack(username_hash, callback, system_slot.Pass()); |
| 43 } |
| 44 |
| 45 } // namespace |
| 46 |
15 ClientCertStoreChromeOS::ClientCertStoreChromeOS( | 47 ClientCertStoreChromeOS::ClientCertStoreChromeOS( |
| 48 bool use_system_slot, |
16 const std::string& username_hash, | 49 const std::string& username_hash, |
17 const PasswordDelegateFactory& password_delegate_factory) | 50 const PasswordDelegateFactory& password_delegate_factory) |
18 : ClientCertStoreNSS(password_delegate_factory), | 51 : ClientCertStoreNSS(password_delegate_factory), |
19 username_hash_(username_hash) {} | 52 use_system_slot_(use_system_slot), |
| 53 username_hash_(username_hash) { |
| 54 } |
20 | 55 |
21 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} | 56 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {} |
22 | 57 |
23 void ClientCertStoreChromeOS::GetClientCerts( | 58 void ClientCertStoreChromeOS::GetClientCerts( |
24 const SSLCertRequestInfo& cert_request_info, | 59 const SSLCertRequestInfo& cert_request_info, |
25 CertificateList* selected_certs, | 60 CertificateList* selected_certs, |
26 const base::Closure& callback) { | 61 const base::Closure& callback) { |
27 crypto::ScopedPK11Slot private_slot(crypto::GetPrivateSlotForChromeOSUser( | 62 GetSystemAndPrivateSlotCallback bound_callback = |
28 username_hash_, | 63 base::Bind(&ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot, |
29 base::Bind(&ClientCertStoreChromeOS::DidGetPrivateSlot, | |
30 // Caller is responsible for keeping the ClientCertStore alive | 64 // Caller is responsible for keeping the ClientCertStore alive |
31 // until the callback is run. | 65 // until the callback is run. |
32 base::Unretained(this), | 66 base::Unretained(this), |
33 &cert_request_info, | 67 &cert_request_info, |
34 selected_certs, | 68 selected_certs, |
35 callback))); | 69 callback); |
36 if (private_slot) | 70 |
37 DidGetPrivateSlot( | 71 if (use_system_slot_) { |
38 &cert_request_info, selected_certs, callback, private_slot.Pass()); | 72 GetSystemAndPrivateSlot(username_hash_, bound_callback); |
| 73 } else { |
| 74 // Skip getting the system slot. |
| 75 GetPrivateSlotAndCallBack( |
| 76 username_hash_, bound_callback, crypto::ScopedPK11Slot()); |
| 77 } |
39 } | 78 } |
40 | 79 |
41 void ClientCertStoreChromeOS::GetClientCertsImpl(CERTCertList* cert_list, | 80 void ClientCertStoreChromeOS::GetClientCertsImpl( |
42 const SSLCertRequestInfo& request, | 81 CERTCertList* cert_list, |
43 bool query_nssdb, | 82 const SSLCertRequestInfo& request, |
44 CertificateList* selected_certs) { | 83 bool query_nssdb, |
| 84 CertificateList* selected_certs) { |
45 ClientCertStoreNSS::GetClientCertsImpl( | 85 ClientCertStoreNSS::GetClientCertsImpl( |
46 cert_list, request, query_nssdb, selected_certs); | 86 cert_list, request, query_nssdb, selected_certs); |
47 | 87 |
48 size_t pre_size = selected_certs->size(); | 88 size_t pre_size = selected_certs->size(); |
49 selected_certs->erase( | 89 selected_certs->erase( |
50 std::remove_if( | 90 std::remove_if( |
51 selected_certs->begin(), | 91 selected_certs->begin(), |
52 selected_certs->end(), | 92 selected_certs->end(), |
53 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate( | 93 NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate( |
54 profile_filter_)), | 94 profile_filter_)), |
55 selected_certs->end()); | 95 selected_certs->end()); |
56 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of " | 96 DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of " |
57 << pre_size << " certs"; | 97 << pre_size << " certs"; |
58 } | 98 } |
59 | 99 |
60 void ClientCertStoreChromeOS::DidGetPrivateSlot( | 100 void ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot( |
61 const SSLCertRequestInfo* request, | 101 const SSLCertRequestInfo* request, |
62 CertificateList* selected_certs, | 102 CertificateList* selected_certs, |
63 const base::Closure& callback, | 103 const base::Closure& callback, |
| 104 crypto::ScopedPK11Slot system_slot, |
64 crypto::ScopedPK11Slot private_slot) { | 105 crypto::ScopedPK11Slot private_slot) { |
65 profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_), | 106 profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_), |
66 private_slot.Pass()); | 107 private_slot.Pass(), |
| 108 system_slot.Pass()); |
67 ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback); | 109 ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback); |
68 } | 110 } |
69 | 111 |
70 } // namespace net | 112 } // namespace net |
OLD | NEW |