| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_impl.h" | 5 #include "net/ssl/client_cert_store_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #define SECURITY_WIN32 // Needs to be defined before including security.h | 10 #define SECURITY_WIN32 // Needs to be defined before including security.h |
| 11 #include <windows.h> | 11 #include <windows.h> |
| 12 #include <wincrypt.h> | 12 #include <wincrypt.h> |
| 13 #include <security.h> | 13 #include <security.h> |
| 14 | 14 |
| 15 #include "base/callback.h" |
| 15 #include "base/logging.h" | 16 #include "base/logging.h" |
| 16 #include "crypto/scoped_capi_types.h" | 17 #include "crypto/scoped_capi_types.h" |
| 17 #include "net/cert/x509_util.h" | 18 #include "net/cert/x509_util.h" |
| 18 | 19 |
| 19 namespace net { | 20 namespace net { |
| 20 | 21 |
| 21 namespace { | 22 namespace { |
| 22 | 23 |
| 23 // Callback required by Windows API function CertFindChainInStore(). In addition | 24 // Callback required by Windows API function CertFindChainInStore(). In addition |
| 24 // to filtering by extended/enhanced key usage, we do not show expired | 25 // to filtering by extended/enhanced key usage, we do not show expired |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 56 // CertFindChainInStore()? | 57 // CertFindChainInStore()? |
| 57 DWORD size = 0; | 58 DWORD size = 0; |
| 58 if (!CertGetCertificateContextProperty( | 59 if (!CertGetCertificateContextProperty( |
| 59 cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { | 60 cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { |
| 60 return FALSE; | 61 return FALSE; |
| 61 } | 62 } |
| 62 | 63 |
| 63 return TRUE; | 64 return TRUE; |
| 64 } | 65 } |
| 65 | 66 |
| 66 bool GetClientCertsImpl(HCERTSTORE cert_store, | 67 void GetClientCertsImpl(HCERTSTORE cert_store, |
| 67 const SSLCertRequestInfo& request, | 68 const SSLCertRequestInfo& request, |
| 68 CertificateList* selected_certs) { | 69 CertificateList* selected_certs) { |
| 69 selected_certs->clear(); | 70 selected_certs->clear(); |
| 70 | 71 |
| 71 const size_t auth_count = request.cert_authorities.size(); | 72 const size_t auth_count = request.cert_authorities.size(); |
| 72 std::vector<CERT_NAME_BLOB> issuers(auth_count); | 73 std::vector<CERT_NAME_BLOB> issuers(auth_count); |
| 73 for (size_t i = 0; i < auth_count; ++i) { | 74 for (size_t i = 0; i < auth_count; ++i) { |
| 74 issuers[i].cbData = static_cast<DWORD>(request.cert_authorities[i].size()); | 75 issuers[i].cbData = static_cast<DWORD>(request.cert_authorities[i].size()); |
| 75 issuers[i].pbData = reinterpret_cast<BYTE*>( | 76 issuers[i].pbData = reinterpret_cast<BYTE*>( |
| 76 const_cast<char*>(request.cert_authorities[i].data())); | 77 const_cast<char*>(request.cert_authorities[i].data())); |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | 132 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( |
| 132 cert_context2, intermediates); | 133 cert_context2, intermediates); |
| 133 selected_certs->push_back(cert); | 134 selected_certs->push_back(cert); |
| 134 CertFreeCertificateContext(cert_context2); | 135 CertFreeCertificateContext(cert_context2); |
| 135 for (size_t i = 0; i < intermediates.size(); ++i) | 136 for (size_t i = 0; i < intermediates.size(); ++i) |
| 136 CertFreeCertificateContext(intermediates[i]); | 137 CertFreeCertificateContext(intermediates[i]); |
| 137 } | 138 } |
| 138 | 139 |
| 139 std::sort(selected_certs->begin(), selected_certs->end(), | 140 std::sort(selected_certs->begin(), selected_certs->end(), |
| 140 x509_util::ClientCertSorter()); | 141 x509_util::ClientCertSorter()); |
| 141 return true; | |
| 142 } | 142 } |
| 143 | 143 |
| 144 } // namespace | 144 } // namespace |
| 145 | 145 |
| 146 bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, | 146 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, |
| 147 CertificateList* selected_certs) { | 147 CertificateList* selected_certs, |
| 148 const base::Closure& callback) { |
| 148 // Client certificates of the user are in the "MY" system certificate store. | 149 // Client certificates of the user are in the "MY" system certificate store. |
| 149 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); | 150 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); |
| 150 if (!my_cert_store) { | 151 if (!my_cert_store) { |
| 151 PLOG(ERROR) << "Could not open the \"MY\" system certificate store: "; | 152 PLOG(ERROR) << "Could not open the \"MY\" system certificate store: "; |
| 152 return false; | 153 selected_certs->clear(); |
| 154 callback.Run(); |
| 155 return; |
| 153 } | 156 } |
| 154 | 157 |
| 155 bool rv = GetClientCertsImpl(my_cert_store, request, selected_certs); | 158 GetClientCertsImpl(my_cert_store, request, selected_certs); |
| 156 if (!CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG)) { | 159 if (!CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG)) |
| 157 PLOG(ERROR) << "Could not close the \"MY\" system certificate store: "; | 160 PLOG(ERROR) << "Could not close the \"MY\" system certificate store: "; |
| 158 return false; | 161 callback.Run(); |
| 159 } | |
| 160 return rv; | |
| 161 } | 162 } |
| 162 | 163 |
| 163 bool ClientCertStoreImpl::SelectClientCertsForTesting( | 164 bool ClientCertStoreImpl::SelectClientCertsForTesting( |
| 164 const CertificateList& input_certs, | 165 const CertificateList& input_certs, |
| 165 const SSLCertRequestInfo& request, | 166 const SSLCertRequestInfo& request, |
| 166 CertificateList* selected_certs) { | 167 CertificateList* selected_certs) { |
| 167 typedef crypto::ScopedCAPIHandle< | 168 typedef crypto::ScopedCAPIHandle< |
| 168 HCERTSTORE, | 169 HCERTSTORE, |
| 169 crypto::CAPIDestroyerWithFlags<HCERTSTORE, | 170 crypto::CAPIDestroyerWithFlags<HCERTSTORE, |
| 170 CertCloseStore, 0> > ScopedHCERTSTORE; | 171 CertCloseStore, 0> > ScopedHCERTSTORE; |
| (...skipping 20 matching lines...) Expand all Loading... |
| 191 CERT_KEY_PROV_INFO_PROP_ID, | 192 CERT_KEY_PROV_INFO_PROP_ID, |
| 192 0, &private_key_data)) { | 193 0, &private_key_data)) { |
| 193 return false; | 194 return false; |
| 194 } | 195 } |
| 195 // Decrement the reference count of the certificate (since we requested a | 196 // Decrement the reference count of the certificate (since we requested a |
| 196 // copy). | 197 // copy). |
| 197 if (!CertFreeCertificateContext(cert)) | 198 if (!CertFreeCertificateContext(cert)) |
| 198 return false; | 199 return false; |
| 199 } | 200 } |
| 200 | 201 |
| 201 bool rv = GetClientCertsImpl(test_store.get(), request, selected_certs); | 202 GetClientCertsImpl(test_store.get(), request, selected_certs); |
| 202 return rv; | 203 return true; |
| 203 } | 204 } |
| 204 | 205 |
| 205 } // namespace net | 206 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 42773002:
Get ClientCertStore through ResourceContext. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src