| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_impl.h" | 5 #include "net/ssl/client_cert_store_impl.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <ssl.h> | 8 #include <ssl.h> |
| 9 | 9 |
| 10 #include "base/callback.h" |
| 10 #include "base/logging.h" | 11 #include "base/logging.h" |
| 11 #include "net/cert/x509_util.h" | 12 #include "net/cert/x509_util.h" |
| 12 | 13 |
| 13 namespace net { | 14 namespace net { |
| 14 | 15 |
| 15 namespace { | 16 namespace { |
| 16 | 17 |
| 17 // Examines the certificates in |cert_list| to find all certificates that match | 18 // Examines the certificates in |cert_list| to find all certificates that match |
| 18 // the client certificate request in |request|, storing the matching | 19 // the client certificate request in |request|, storing the matching |
| 19 // certificates in |selected_certs|. | 20 // certificates in |selected_certs|. |
| 20 // If |query_nssdb| is true, NSS will be queried to construct full certificate | 21 // If |query_nssdb| is true, NSS will be queried to construct full certificate |
| 21 // chains. If it is false, only the certificate will be considered. | 22 // chains. If it is false, only the certificate will be considered. |
| 22 bool GetClientCertsImpl(CERTCertList* cert_list, | 23 void GetClientCertsImpl(CERTCertList* cert_list, |
| 23 const SSLCertRequestInfo& request, | 24 const SSLCertRequestInfo& request, |
| 24 bool query_nssdb, | 25 bool query_nssdb, |
| 25 CertificateList* selected_certs) { | 26 CertificateList* selected_certs) { |
| 26 DCHECK(cert_list); | 27 DCHECK(cert_list); |
| 27 DCHECK(selected_certs); | 28 DCHECK(selected_certs); |
| 28 | 29 |
| 29 selected_certs->clear(); | 30 selected_certs->clear(); |
| 30 | 31 |
| 31 // Create a "fake" CERTDistNames structure. No public API exists to create | 32 // Create a "fake" CERTDistNames structure. No public API exists to create |
| 32 // one from a list of issuers. | 33 // one from a list of issuers. |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 65 (!query_nssdb && | 66 (!query_nssdb && |
| 66 cert->IsIssuedByEncoded(request.cert_authorities)) || | 67 cert->IsIssuedByEncoded(request.cert_authorities)) || |
| 67 (query_nssdb && | 68 (query_nssdb && |
| 68 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { | 69 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { |
| 69 selected_certs->push_back(cert); | 70 selected_certs->push_back(cert); |
| 70 } | 71 } |
| 71 } | 72 } |
| 72 | 73 |
| 73 std::sort(selected_certs->begin(), selected_certs->end(), | 74 std::sort(selected_certs->begin(), selected_certs->end(), |
| 74 x509_util::ClientCertSorter()); | 75 x509_util::ClientCertSorter()); |
| 75 return true; | |
| 76 } | 76 } |
| 77 | 77 |
| 78 } // namespace | 78 } // namespace |
| 79 | 79 |
| 80 bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, | 80 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, |
| 81 CertificateList* selected_certs) { | 81 CertificateList* selected_certs, |
| 82 const base::Closure& callback) { |
| 82 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | 83 CERTCertList* client_certs = CERT_FindUserCertsByUsage( |
| 83 CERT_GetDefaultCertDB(), certUsageSSLClient, | 84 CERT_GetDefaultCertDB(), certUsageSSLClient, |
| 84 PR_FALSE, PR_FALSE, NULL); | 85 PR_FALSE, PR_FALSE, NULL); |
| 85 // It is ok for a user not to have any client certs. | 86 // It is ok for a user not to have any client certs. |
| 86 if (!client_certs) | 87 if (!client_certs) { |
| 87 return true; | 88 selected_certs->clear(); |
| 89 callback.Run(); |
| 90 return; |
| 91 } |
| 88 | 92 |
| 89 bool rv = GetClientCertsImpl(client_certs, request, true, selected_certs); | 93 GetClientCertsImpl(client_certs, request, true, selected_certs); |
| 90 CERT_DestroyCertList(client_certs); | 94 CERT_DestroyCertList(client_certs); |
| 91 return rv; | 95 callback.Run(); |
| 92 } | 96 } |
| 93 | 97 |
| 94 bool ClientCertStoreImpl::SelectClientCertsForTesting( | 98 bool ClientCertStoreImpl::SelectClientCertsForTesting( |
| 95 const CertificateList& input_certs, | 99 const CertificateList& input_certs, |
| 96 const SSLCertRequestInfo& request, | 100 const SSLCertRequestInfo& request, |
| 97 CertificateList* selected_certs) { | 101 CertificateList* selected_certs) { |
| 98 CERTCertList* cert_list = CERT_NewCertList(); | 102 CERTCertList* cert_list = CERT_NewCertList(); |
| 99 if (!cert_list) | 103 if (!cert_list) |
| 100 return false; | 104 return false; |
| 101 for (size_t i = 0; i < input_certs.size(); ++i) { | 105 for (size_t i = 0; i < input_certs.size(); ++i) { |
| 102 CERT_AddCertToListTail( | 106 CERT_AddCertToListTail( |
| 103 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); | 107 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); |
| 104 } | 108 } |
| 105 | 109 |
| 106 bool rv = GetClientCertsImpl(cert_list, request, false, selected_certs); | 110 GetClientCertsImpl(cert_list, request, false, selected_certs); |
| 107 CERT_DestroyCertList(cert_list); | 111 CERT_DestroyCertList(cert_list); |
| 108 return rv; | 112 return true; |
| 109 } | 113 } |
| 110 | 114 |
| 111 } // namespace net | 115 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 42773002:
Get ClientCertStore through ResourceContext. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src