OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 1272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1283 DCHECK(core->OnNSSTaskRunner()); | 1283 DCHECK(core->OnNSSTaskRunner()); |
1284 | 1284 |
1285 core->PostOrRunCallback( | 1285 core->PostOrRunCallback( |
1286 FROM_HERE, | 1286 FROM_HERE, |
1287 base::Bind(&AddLogEvent, core->weak_net_log_, | 1287 base::Bind(&AddLogEvent, core->weak_net_log_, |
1288 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED)); | 1288 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED)); |
1289 | 1289 |
1290 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; | 1290 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; |
1291 #if defined(OS_WIN) | 1291 #if defined(OS_WIN) |
1292 if (core->ssl_config_.send_client_cert) { | 1292 if (core->ssl_config_.send_client_cert) { |
1293 if (core->ssl_config_.client_cert) { | 1293 if (core->ssl_config_.client_cert.get()) { |
1294 PCCERT_CONTEXT cert_context = | 1294 PCCERT_CONTEXT cert_context = |
1295 core->ssl_config_.client_cert->os_cert_handle(); | 1295 core->ssl_config_.client_cert->os_cert_handle(); |
1296 | 1296 |
1297 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0; | 1297 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0; |
1298 DWORD key_spec = 0; | 1298 DWORD key_spec = 0; |
1299 BOOL must_free = FALSE; | 1299 BOOL must_free = FALSE; |
1300 DWORD flags = 0; | 1300 DWORD flags = 0; |
1301 if (base::win::GetVersion() >= base::win::VERSION_VISTA) | 1301 if (base::win::GetVersion() >= base::win::VERSION_VISTA) |
1302 flags |= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; | 1302 flags |= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; |
1303 | 1303 |
(...skipping 374 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1678 // caching in X509Certificate, this failure ends up preventing client | 1678 // caching in X509Certificate, this failure ends up preventing client |
1679 // certificate authentication with the same certificate for all future | 1679 // certificate authentication with the same certificate for all future |
1680 // attempts, even after the smart card has been re-inserted. By setting | 1680 // attempts, even after the smart card has been re-inserted. By setting |
1681 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will | 1681 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will |
1682 // typically be freed. This allows a new HCRYPTPROV to be obtained from | 1682 // typically be freed. This allows a new HCRYPTPROV to be obtained from |
1683 // the certificate on the next attempt, which should succeed if the smart | 1683 // the certificate on the next attempt, which should succeed if the smart |
1684 // card has been re-inserted, or will typically prompt the user to | 1684 // card has been re-inserted, or will typically prompt the user to |
1685 // re-insert the smart card if not. | 1685 // re-insert the smart card if not. |
1686 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY || | 1686 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY || |
1687 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) && | 1687 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) && |
1688 ssl_config_.send_client_cert && ssl_config_.client_cert) { | 1688 ssl_config_.send_client_cert && ssl_config_.client_cert.get()) { |
1689 CertSetCertificateContextProperty( | 1689 CertSetCertificateContextProperty( |
1690 ssl_config_.client_cert->os_cert_handle(), | 1690 ssl_config_.client_cert->os_cert_handle(), |
1691 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL); | 1691 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL); |
1692 } | 1692 } |
1693 #endif | 1693 #endif |
1694 | 1694 |
1695 return net_error; | 1695 return net_error; |
1696 } | 1696 } |
1697 | 1697 |
1698 int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) { | 1698 int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) { |
(...skipping 730 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2429 UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_responses_present); | 2429 UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_responses_present); |
2430 if (!ocsp_responses_present) | 2430 if (!ocsp_responses_present) |
2431 return; | 2431 return; |
2432 | 2432 |
2433 nss_handshake_state_.stapled_ocsp_response = std::string( | 2433 nss_handshake_state_.stapled_ocsp_response = std::string( |
2434 reinterpret_cast<char*>(ocsp_responses->items[0].data), | 2434 reinterpret_cast<char*>(ocsp_responses->items[0].data), |
2435 ocsp_responses->items[0].len); | 2435 ocsp_responses->items[0].len); |
2436 | 2436 |
2437 if (IsOCSPStaplingSupported()) { | 2437 if (IsOCSPStaplingSupported()) { |
2438 #if defined(OS_WIN) | 2438 #if defined(OS_WIN) |
2439 if (nss_handshake_state_.server_cert) { | 2439 if (nss_handshake_state_.server_cert.get()) { |
2440 CRYPT_DATA_BLOB ocsp_response_blob; | 2440 CRYPT_DATA_BLOB ocsp_response_blob; |
2441 ocsp_response_blob.cbData = ocsp_responses->items[0].len; | 2441 ocsp_response_blob.cbData = ocsp_responses->items[0].len; |
2442 ocsp_response_blob.pbData = ocsp_responses->items[0].data; | 2442 ocsp_response_blob.pbData = ocsp_responses->items[0].data; |
2443 BOOL ok = CertSetCertificateContextProperty( | 2443 BOOL ok = CertSetCertificateContextProperty( |
2444 nss_handshake_state_.server_cert->os_cert_handle(), | 2444 nss_handshake_state_.server_cert->os_cert_handle(), |
2445 CERT_OCSP_RESPONSE_PROP_ID, | 2445 CERT_OCSP_RESPONSE_PROP_ID, |
2446 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, | 2446 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, |
2447 &ocsp_response_blob); | 2447 &ocsp_response_blob); |
2448 if (!ok) { | 2448 if (!ok) { |
2449 VLOG(1) << "Failed to set OCSP response property: " | 2449 VLOG(1) << "Failed to set OCSP response property: " |
(...skipping 1160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3610 scoped_refptr<X509Certificate> | 3610 scoped_refptr<X509Certificate> |
3611 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3611 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
3612 return core_->state().server_cert.get(); | 3612 return core_->state().server_cert.get(); |
3613 } | 3613 } |
3614 | 3614 |
3615 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3615 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
3616 return channel_id_service_; | 3616 return channel_id_service_; |
3617 } | 3617 } |
3618 | 3618 |
3619 } // namespace net | 3619 } // namespace net |
OLD | NEW |