| Index: net/ssl/client_cert_store_chromeos.cc
|
| diff --git a/net/ssl/client_cert_store_chromeos.cc b/net/ssl/client_cert_store_chromeos.cc
|
| index 6dacd4569207e6591bb5bba057388d44e3d802ce..a4abef0244e9e7211a9e49c76e38c6dabb6c03f1 100644
|
| --- a/net/ssl/client_cert_store_chromeos.cc
|
| +++ b/net/ssl/client_cert_store_chromeos.cc
|
| @@ -5,52 +5,36 @@
|
| #include "net/ssl/client_cert_store_chromeos.h"
|
|
|
| #include <cert.h>
|
| +#include <algorithm>
|
|
|
| #include "base/bind.h"
|
| -#include "crypto/nss_crypto_module_delegate.h"
|
| -#include "crypto/nss_util_internal.h"
|
| +#include "base/bind_helpers.h"
|
| +#include "base/callback.h"
|
|
|
| namespace net {
|
|
|
| namespace {
|
|
|
| -typedef base::Callback<void(crypto::ScopedPK11Slot system_slot,
|
| - crypto::ScopedPK11Slot private_slot)>
|
| - GetSystemAndPrivateSlotCallback;
|
| -
|
| -// Gets the private slot for the user with the username hash |username_hash| and
|
| -// calls |callback| with both |system_slot| and the obtained private slot.
|
| -void GetPrivateSlotAndCallBack(const std::string& username_hash,
|
| - const GetSystemAndPrivateSlotCallback& callback,
|
| - crypto::ScopedPK11Slot system_slot) {
|
| - base::Callback<void(crypto::ScopedPK11Slot)> wrapped_callback =
|
| - base::Bind(callback, base::Passed(&system_slot));
|
| -
|
| - crypto::ScopedPK11Slot slot(
|
| - crypto::GetPrivateSlotForChromeOSUser(username_hash, wrapped_callback));
|
| - if (slot)
|
| - wrapped_callback.Run(slot.Pass());
|
| -}
|
| +class CertNotAllowedPredicate {
|
| + public:
|
| + explicit CertNotAllowedPredicate(
|
| + const ClientCertStoreChromeOS::CertFilter& filter)
|
| + : filter_(filter) {}
|
| + bool operator()(const scoped_refptr<X509Certificate>& cert) const {
|
| + return !filter_.IsCertAllowed(cert);
|
| + }
|
|
|
| -// Gets the system slot, then the private slot for the user with the username
|
| -// hash |username_hash|, and finally calls |callback| with both slots.
|
| -void GetSystemAndPrivateSlot(const std::string& username_hash,
|
| - const GetSystemAndPrivateSlotCallback& callback) {
|
| - crypto::ScopedPK11Slot system_slot(crypto::GetSystemNSSKeySlot(
|
| - base::Bind(&GetPrivateSlotAndCallBack, username_hash, callback)));
|
| - if (system_slot)
|
| - GetPrivateSlotAndCallBack(username_hash, callback, system_slot.Pass());
|
| -}
|
| + private:
|
| + const ClientCertStoreChromeOS::CertFilter& filter_;
|
| +};
|
|
|
| } // namespace
|
|
|
| ClientCertStoreChromeOS::ClientCertStoreChromeOS(
|
| - bool use_system_slot,
|
| - const std::string& username_hash,
|
| + scoped_ptr<CertFilter> cert_filter,
|
| const PasswordDelegateFactory& password_delegate_factory)
|
| : ClientCertStoreNSS(password_delegate_factory),
|
| - use_system_slot_(use_system_slot),
|
| - username_hash_(username_hash) {
|
| + cert_filter_(cert_filter.Pass()) {
|
| }
|
|
|
| ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}
|
| @@ -59,8 +43,8 @@ void ClientCertStoreChromeOS::GetClientCerts(
|
| const SSLCertRequestInfo& cert_request_info,
|
| CertificateList* selected_certs,
|
| const base::Closure& callback) {
|
| - GetSystemAndPrivateSlotCallback bound_callback =
|
| - base::Bind(&ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot,
|
| + base::Closure bound_callback =
|
| + base::Bind(&ClientCertStoreChromeOS::CertFilterInitialized,
|
| // Caller is responsible for keeping the ClientCertStore alive
|
| // until the callback is run.
|
| base::Unretained(this),
|
| @@ -68,13 +52,8 @@ void ClientCertStoreChromeOS::GetClientCerts(
|
| selected_certs,
|
| callback);
|
|
|
| - if (use_system_slot_) {
|
| - GetSystemAndPrivateSlot(username_hash_, bound_callback);
|
| - } else {
|
| - // Skip getting the system slot.
|
| - GetPrivateSlotAndCallBack(
|
| - username_hash_, bound_callback, crypto::ScopedPK11Slot());
|
| - }
|
| + if (cert_filter_->Init(bound_callback))
|
| + bound_callback.Run();
|
| }
|
|
|
| void ClientCertStoreChromeOS::GetClientCertsImpl(
|
| @@ -86,26 +65,18 @@ void ClientCertStoreChromeOS::GetClientCertsImpl(
|
| cert_list, request, query_nssdb, selected_certs);
|
|
|
| size_t pre_size = selected_certs->size();
|
| - selected_certs->erase(
|
| - std::remove_if(
|
| - selected_certs->begin(),
|
| - selected_certs->end(),
|
| - NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate(
|
| - profile_filter_)),
|
| - selected_certs->end());
|
| + selected_certs->erase(std::remove_if(selected_certs->begin(),
|
| + selected_certs->end(),
|
| + CertNotAllowedPredicate(*cert_filter_)),
|
| + selected_certs->end());
|
| DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of "
|
| << pre_size << " certs";
|
| }
|
|
|
| -void ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot(
|
| +void ClientCertStoreChromeOS::CertFilterInitialized(
|
| const SSLCertRequestInfo* request,
|
| CertificateList* selected_certs,
|
| - const base::Closure& callback,
|
| - crypto::ScopedPK11Slot system_slot,
|
| - crypto::ScopedPK11Slot private_slot) {
|
| - profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
|
| - private_slot.Pass(),
|
| - system_slot.Pass());
|
| + const base::Closure& callback) {
|
| ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 693943003:
Update from https://crrev.com/302630 (Closed)
Base URL: git@github.com:domokit/mojo.git@master