Change the HTTP cache to cache the entire certificate chain for SSL sites

net/base/x509_certificate_win.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
@@ skipping 532 matching lines @@
     return false;
   PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;
   PCCERT_CONTEXT cert = element[num_elements - 1]->pCertContext;
 
   SHA1Fingerprint hash = CalculateFingerprint(cert);
   return IsSHA1HashInSortedArray(
       hash, &kKnownRootCertSHA1Hashes[0][0], sizeof(kKnownRootCertSHA1Hashes));
 }
 
 // static
-X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle,
-                                                   void** pickle_iter) {
-  const char* data;
-  int length;
-  if (!pickle.ReadData(pickle_iter, &data, &length))
-    return NULL;
-
-  OSCertHandle cert_handle = NULL;
-  if (!CertAddSerializedElementToStore(
-      NULL,  // the cert won't be persisted in any cert store
-      reinterpret_cast<const BYTE*>(data), length,
-      CERT_STORE_ADD_USE_EXISTING, 0, CERT_STORE_CERTIFICATE_CONTEXT_FLAG,
-      NULL, reinterpret_cast<const void **>(&cert_handle)))
-    return NULL;
-
-  X509Certificate* cert = CreateFromHandle(cert_handle,
-                                           SOURCE_LONE_CERT_IMPORT,
-                                           OSCertHandles());
-  FreeOSCertHandle(cert_handle);
-  return cert;
-}
-
-// static
 X509Certificate* X509Certificate::CreateSelfSigned(
     crypto::RSAPrivateKey* key,
     const std::string& subject,
     uint32 serial_number,
     base::TimeDelta valid_duration) {
   // Get the ASN.1 encoding of the certificate subject.
   std::wstring w_subject = ASCIIToWide(subject);
   DWORD encoded_subject_length = 0;
   if (!CertStrToName(
           X509_ASN_ENCODING,
@@ skipping 42 matching lines @@
   if (!cert_handle)
     return NULL;
 
   X509Certificate* cert = CreateFromHandle(cert_handle,
                                            SOURCE_LONE_CERT_IMPORT,
                                            OSCertHandles());
   FreeOSCertHandle(cert_handle);
   return cert;
 }
 
-void X509Certificate::Persist(Pickle* pickle) {
-  DCHECK(cert_handle_);
-  DWORD length;
-  if (!CertSerializeCertificateStoreElement(cert_handle_, 0,
-      NULL, &length)) {
-    NOTREACHED();
-    return;
-  }
-  BYTE* data = reinterpret_cast<BYTE*>(pickle->BeginWriteData(length));
-  if (!CertSerializeCertificateStoreElement(cert_handle_, 0,
-      data, &length)) {
-    NOTREACHED();
-    length = 0;
-  }
-  pickle->TrimWriteData(length);
-}
-
 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const {
   dns_names->clear();
   if (cert_handle_) {
     scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info;
     GetCertSubjectAltName(cert_handle_, &alt_name_info);
     CERT_ALT_NAME_INFO* alt_name = alt_name_info.get();
     if (alt_name) {
       int num_entries = alt_name->cAltEntry;
       for (int i = 0; i < num_entries; i++) {
         // dNSName is an ASN.1 IA5String representing a string of ASCII
@@ skipping 372 matching lines @@
   SHA1Fingerprint sha1;
   DWORD sha1_size = sizeof(sha1.data);
   rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded,
                             cert->cbCertEncoded, sha1.data, &sha1_size);
   DCHECK(rv && sha1_size == sizeof(sha1.data));
   if (!rv)
     memset(sha1.data, 0, sizeof(sha1.data));
   return sha1;
 }
 
+// static
+X509Certificate::OSCertHandle
+X509Certificate::ReadCertHandleFromPickle(const Pickle& pickle,
+                                          void** pickle_iter) {
+  const char* data;
+  int length;
+  if (!pickle.ReadData(pickle_iter, &data, &length))
+    return NULL;
+
+  OSCertHandle cert_handle = NULL;
+  if (!CertAddSerializedElementToStore(
+          NULL,  // the cert won't be persisted in any cert store
+          reinterpret_cast<const BYTE*>(data), length,
+          CERT_STORE_ADD_USE_EXISTING, 0, CERT_STORE_CERTIFICATE_CONTEXT_FLAG,
+          NULL, reinterpret_cast<const void **>(&cert_handle))) {
+    return NULL;
+  }
+
+  return cert_handle;
+}
+
+// static
+bool X509Certificate::WriteCertHandleToPickle(OSCertHandle cert_handle,
+                                              Pickle* pickle) {
+  DWORD length = 0;
+  if (!CertSerializeCertificateStoreElement(cert_handle, 0, NULL, &length))
+    return false;
+
+  std::vector<BYTE> buffer(length);
+  // Serialize |cert_handle| in a way that will preserve any extended
+  // attributes set on the handle, such as the location to the certificate's
+  // private key.
+  if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],
+                                            &length)) {
+    return false;
+  }
+
+  return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),
+                           length);

[wtc, 2011/04/20 23:07:58]

Why don't you use the original code (pickle->BeginWriteData),
which avoids copying?

[Ryan Sleevi, 2011/04/20 23:59:10]

Per pickle.cc, there can only be one variable buffer in a Pickle:

http://codesearch.google.com/codesearch/p?hl=en#OAMlx_jo-ck/src/base/pickle.c...

+}
+
 }  // namespace net