OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_impl.h" | 5 #include "net/ssl/client_cert_store_impl.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <ssl.h> | 8 #include <ssl.h> |
9 | 9 |
10 #include "base/callback.h" | 10 #include "base/bind.h" |
11 #include "base/location.h" | |
11 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/memory/scoped_ptr.h" | |
14 #include "base/threading/worker_pool.h" | |
15 #include "crypto/crypto_module_blocking_password_delegate.h" | |
12 #include "net/cert/x509_util.h" | 16 #include "net/cert/x509_util.h" |
13 | 17 |
14 namespace net { | 18 namespace net { |
15 | 19 |
16 namespace { | 20 namespace { |
17 | 21 |
18 // Examines the certificates in |cert_list| to find all certificates that match | 22 // Examines the certificates in |cert_list| to find all certificates that match |
19 // the client certificate request in |request|, storing the matching | 23 // the client certificate request in |request|, storing the matching |
20 // certificates in |selected_certs|. | 24 // certificates in |selected_certs|. |
21 // If |query_nssdb| is true, NSS will be queried to construct full certificate | 25 // If |query_nssdb| is true, NSS will be queried to construct full certificate |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
68 (query_nssdb && | 72 (query_nssdb && |
69 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { | 73 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { |
70 selected_certs->push_back(cert); | 74 selected_certs->push_back(cert); |
71 } | 75 } |
72 } | 76 } |
73 | 77 |
74 std::sort(selected_certs->begin(), selected_certs->end(), | 78 std::sort(selected_certs->begin(), selected_certs->end(), |
75 x509_util::ClientCertSorter()); | 79 x509_util::ClientCertSorter()); |
76 } | 80 } |
77 | 81 |
82 void GetClientCertsOnWorkerThread( | |
83 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, | |
84 const SSLCertRequestInfo* request, | |
85 CertificateList* selected_certs) { | |
86 DVLOG(1) << "Finding client certs on worker thread."; | |
Ryan Sleevi
2013/11/26 19:59:03
Seems very spammy. Nuke?
mattm
2013/11/26 21:49:14
Done.
| |
87 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | |
88 CERT_GetDefaultCertDB(), | |
89 certUsageSSLClient, | |
90 PR_FALSE, | |
91 PR_FALSE, | |
92 password_delegate.get()); | |
93 // It is ok for a user not to have any client certs. | |
94 if (!client_certs) { | |
95 selected_certs->clear(); | |
96 return; | |
97 } | |
98 | |
99 GetClientCertsImpl(client_certs, *request, true, selected_certs); | |
100 CERT_DestroyCertList(client_certs); | |
101 } | |
102 | |
78 } // namespace | 103 } // namespace |
79 | 104 |
105 ClientCertStoreImpl::ClientCertStoreImpl() {} | |
106 | |
107 ClientCertStoreImpl::~ClientCertStoreImpl() {} | |
108 | |
80 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, | 109 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, |
81 CertificateList* selected_certs, | 110 CertificateList* selected_certs, |
82 const base::Closure& callback) { | 111 const base::Closure& callback) { |
83 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | 112 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
84 CERT_GetDefaultCertDB(), certUsageSSLClient, | 113 if (!password_delegate_factory_.is_null()) |
85 PR_FALSE, PR_FALSE, NULL); | 114 password_delegate.reset( |
86 // It is ok for a user not to have any client certs. | 115 password_delegate_factory_.Run(request.host_and_port)); |
87 if (!client_certs) { | 116 if (!base::WorkerPool::PostTaskAndReply( |
117 FROM_HERE, | |
118 base::Bind(&GetClientCertsOnWorkerThread, | |
119 base::Passed(&password_delegate), | |
120 &request, | |
121 selected_certs), | |
122 callback, | |
123 true)) { | |
88 selected_certs->clear(); | 124 selected_certs->clear(); |
89 callback.Run(); | 125 callback.Run(); |
90 return; | |
91 } | 126 } |
127 } | |
92 | 128 |
93 GetClientCertsImpl(client_certs, request, true, selected_certs); | 129 void ClientCertStoreImpl::set_password_delegate_factory( |
94 CERT_DestroyCertList(client_certs); | 130 const PasswordDelegateFactory& password_delegate_factory) { |
95 callback.Run(); | 131 password_delegate_factory_ = password_delegate_factory; |
96 } | 132 } |
97 | 133 |
98 bool ClientCertStoreImpl::SelectClientCertsForTesting( | 134 bool ClientCertStoreImpl::SelectClientCertsForTesting( |
99 const CertificateList& input_certs, | 135 const CertificateList& input_certs, |
100 const SSLCertRequestInfo& request, | 136 const SSLCertRequestInfo& request, |
101 CertificateList* selected_certs) { | 137 CertificateList* selected_certs) { |
102 CERTCertList* cert_list = CERT_NewCertList(); | 138 CERTCertList* cert_list = CERT_NewCertList(); |
103 if (!cert_list) | 139 if (!cert_list) |
104 return false; | 140 return false; |
105 for (size_t i = 0; i < input_certs.size(); ++i) { | 141 for (size_t i = 0; i < input_certs.size(); ++i) { |
106 CERT_AddCertToListTail( | 142 CERT_AddCertToListTail( |
107 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); | 143 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); |
108 } | 144 } |
109 | 145 |
110 GetClientCertsImpl(cert_list, request, false, selected_certs); | 146 GetClientCertsImpl(cert_list, request, false, selected_certs); |
111 CERT_DestroyCertList(cert_list); | 147 CERT_DestroyCertList(cert_list); |
112 return true; | 148 return true; |
113 } | 149 } |
114 | 150 |
115 } // namespace net | 151 } // namespace net |
OLD | NEW |