Get ClientCertStore through ResourceContext.

net/ssl/client_cert_store_impl_mac.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/client_cert_store_impl.h"
 
 #include <CommonCrypto/CommonDigest.h>
 #include <CoreFoundation/CFArray.h>
 #include <CoreServices/CoreServices.h>
 #include <Security/SecBase.h>
 #include <Security/Security.h>
 
 #include <algorithm>
 #include <string>
 
+#include "base/callback.h"
 #include "base/logging.h"
 #include "base/mac/mac_logging.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/synchronization/lock.h"
 #include "crypto/mac_security_services_lock.h"
 #include "net/base/host_port_pair.h"
 #include "net/cert/x509_util.h"
 #include "net/cert/x509_util_mac.h"
 
@@ skipping 89 matching lines @@
   return true;
 }
 
 // Examines the certificates in |preferred_cert| and |regular_certs| to find
 // all certificates that match the client certificate request in |request|,
 // storing the matching certificates in |selected_certs|.
 // If |query_keychain| is true, Keychain Services will be queried to construct
 // full certificate chains. If it is false, only the the certificates and their
 // intermediates (available via X509Certificate::GetIntermediateCertificates())
 // will be considered.
-bool GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert,
+void GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert,
                         const CertificateList& regular_certs,
                         const SSLCertRequestInfo& request,
                         bool query_keychain,
                         CertificateList* selected_certs) {
   CertificateList preliminary_list;
   if (preferred_cert.get())
     preliminary_list.push_back(preferred_cert);
   preliminary_list.insert(preliminary_list.end(), regular_certs.begin(),
                           regular_certs.end());
 
@@ skipping 24 matching lines @@
 
   // Preferred cert should appear first in the ui, so exclude it from the
   // sorting.
   CertificateList::iterator sort_begin = selected_certs->begin();
   CertificateList::iterator sort_end = selected_certs->end();
   if (preferred_cert.get() && sort_begin != sort_end &&
       sort_begin->get() == preferred_cert.get()) {
     ++sort_begin;
   }
   sort(sort_begin, sort_end, x509_util::ClientCertSorter());
-  return true;
 }
 
 }  // namespace
 
-bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
-                                         CertificateList* selected_certs) {
+void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
+                                         CertificateList* selected_certs,
+                                         const base::Closure& callback) {
   std::string server_domain =
       HostPortPair::FromString(request.host_and_port).host();
 
   ScopedCFTypeRef<SecIdentityRef> preferred_identity;
   if (!server_domain.empty()) {
     // See if there's an identity preference for this domain:
     ScopedCFTypeRef<CFStringRef> domain_str(
         base::SysUTF8ToCFStringRef("https://" + server_domain));
     SecIdentityRef identity = NULL;
     // While SecIdentityCopyPreferences appears to take a list of CA issuers
@@ skipping 11 matching lines @@
   // Now enumerate the identities in the available keychains.
   scoped_refptr<X509Certificate> preferred_cert = NULL;
   CertificateList regular_certs;
 
   SecIdentitySearchRef search = NULL;
   OSStatus err;
   {
     base::AutoLock lock(crypto::GetMacSecurityServicesLock());
     err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search);
   }
-  if (err)
-    return false;
+  if (err) {
+    selected_certs->clear();
+    callback.Run();
+    return;
+  }
   ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search);
   while (!err) {
     SecIdentityRef identity = NULL;
     {
       base::AutoLock lock(crypto::GetMacSecurityServicesLock());
       err = SecIdentitySearchCopyNext(search, &identity);
     }
     if (err)
       break;
     ScopedCFTypeRef<SecIdentityRef> scoped_identity(identity);
@@ skipping 12 matching lines @@
       // Only one certificate should match.
       DCHECK(!preferred_cert.get());
       preferred_cert = cert;
     } else {
       regular_certs.push_back(cert);
     }
   }
 
   if (err != errSecItemNotFound) {
     OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error";
-    return false;
+    selected_certs->clear();
+    callback.Run();
+    return;
   }
 
-  return GetClientCertsImpl(preferred_cert, regular_certs, request, true,
-                            selected_certs);
+  GetClientCertsImpl(preferred_cert, regular_certs, request, true,
+                     selected_certs);
+  callback.Run();
 }
 
 bool ClientCertStoreImpl::SelectClientCertsForTesting(
     const CertificateList& input_certs,
     const SSLCertRequestInfo& request,
     CertificateList* selected_certs) {
-  return GetClientCertsImpl(NULL, input_certs, request, false,
-                            selected_certs);
+  GetClientCertsImpl(NULL, input_certs, request, false, selected_certs);
+  return true;
 }
 
 #if !defined(OS_IOS)
 bool ClientCertStoreImpl::SelectClientCertsGivenPreferredForTesting(
     const scoped_refptr<X509Certificate>& preferred_cert,
     const CertificateList& regular_certs,
     const SSLCertRequestInfo& request,
     CertificateList* selected_certs) {
-  return GetClientCertsImpl(preferred_cert, regular_certs, request, false,
-                            selected_certs);
+  GetClientCertsImpl(
+      preferred_cert, regular_certs, request, false, selected_certs);
+  return true;
 }
 #endif
 
 }  // namespace net