OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_impl.h" | 5 #include "net/ssl/client_cert_store_impl.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <ssl.h> | 8 #include <ssl.h> |
9 | 9 |
10 #include "base/callback.h" | 10 #include "base/bind.h" |
11 #include "base/location.h" | |
11 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/memory/scoped_ptr.h" | |
14 #include "base/threading/worker_pool.h" | |
15 #include "crypto/crypto_module_blocking_password_delegate.h" | |
12 #include "net/cert/x509_util.h" | 16 #include "net/cert/x509_util.h" |
13 | 17 |
14 namespace net { | 18 namespace net { |
15 | 19 |
16 namespace { | 20 namespace { |
17 | 21 |
18 // Examines the certificates in |cert_list| to find all certificates that match | 22 // Examines the certificates in |cert_list| to find all certificates that match |
19 // the client certificate request in |request|, storing the matching | 23 // the client certificate request in |request|, storing the matching |
20 // certificates in |selected_certs|. | 24 // certificates in |selected_certs|. |
21 // If |query_nssdb| is true, NSS will be queried to construct full certificate | 25 // If |query_nssdb| is true, NSS will be queried to construct full certificate |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
68 (query_nssdb && | 72 (query_nssdb && |
69 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { | 73 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { |
70 selected_certs->push_back(cert); | 74 selected_certs->push_back(cert); |
71 } | 75 } |
72 } | 76 } |
73 | 77 |
74 std::sort(selected_certs->begin(), selected_certs->end(), | 78 std::sort(selected_certs->begin(), selected_certs->end(), |
75 x509_util::ClientCertSorter()); | 79 x509_util::ClientCertSorter()); |
76 } | 80 } |
77 | 81 |
82 void GetClientCertsOnWorkerThread( | |
83 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, | |
84 const SSLCertRequestInfo* request, | |
85 CertificateList* selected_certs) { | |
86 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | |
87 CERT_GetDefaultCertDB(), | |
88 certUsageSSLClient, | |
89 PR_FALSE, | |
90 PR_FALSE, | |
91 password_delegate.get()); | |
92 // It is ok for a user not to have any client certs. | |
93 if (!client_certs) { | |
94 selected_certs->clear(); | |
95 return; | |
96 } | |
97 | |
98 GetClientCertsImpl(client_certs, *request, true, selected_certs); | |
99 CERT_DestroyCertList(client_certs); | |
100 } | |
101 | |
78 } // namespace | 102 } // namespace |
79 | 103 |
104 ClientCertStoreImpl::ClientCertStoreImpl() {} | |
105 | |
106 ClientCertStoreImpl::~ClientCertStoreImpl() {} | |
107 | |
80 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, | 108 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, |
81 CertificateList* selected_certs, | 109 CertificateList* selected_certs, |
82 const base::Closure& callback) { | 110 const base::Closure& callback) { |
83 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | 111 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
84 CERT_GetDefaultCertDB(), certUsageSSLClient, | 112 if (!password_delegate_factory_.is_null()) |
85 PR_FALSE, PR_FALSE, NULL); | 113 password_delegate.reset( |
86 // It is ok for a user not to have any client certs. | 114 password_delegate_factory_.Run(request.host_and_port)); |
wtc
2013/11/26 23:28:17
Nit: curly braces should be used because the state
mattm
2013/11/26 23:47:56
Done.
| |
87 if (!client_certs) { | 115 if (!base::WorkerPool::PostTaskAndReply( |
116 FROM_HERE, | |
117 base::Bind(&GetClientCertsOnWorkerThread, | |
118 base::Passed(&password_delegate), | |
119 &request, | |
120 selected_certs), | |
121 callback, | |
122 true)) { | |
88 selected_certs->clear(); | 123 selected_certs->clear(); |
89 callback.Run(); | 124 callback.Run(); |
90 return; | |
91 } | 125 } |
126 } | |
92 | 127 |
93 GetClientCertsImpl(client_certs, request, true, selected_certs); | 128 void ClientCertStoreImpl::set_password_delegate_factory( |
94 CERT_DestroyCertList(client_certs); | 129 const PasswordDelegateFactory& password_delegate_factory) { |
95 callback.Run(); | 130 password_delegate_factory_ = password_delegate_factory; |
96 } | 131 } |
97 | 132 |
98 bool ClientCertStoreImpl::SelectClientCertsForTesting( | 133 bool ClientCertStoreImpl::SelectClientCertsForTesting( |
99 const CertificateList& input_certs, | 134 const CertificateList& input_certs, |
100 const SSLCertRequestInfo& request, | 135 const SSLCertRequestInfo& request, |
101 CertificateList* selected_certs) { | 136 CertificateList* selected_certs) { |
102 CERTCertList* cert_list = CERT_NewCertList(); | 137 CERTCertList* cert_list = CERT_NewCertList(); |
103 if (!cert_list) | 138 if (!cert_list) |
104 return false; | 139 return false; |
105 for (size_t i = 0; i < input_certs.size(); ++i) { | 140 for (size_t i = 0; i < input_certs.size(); ++i) { |
106 CERT_AddCertToListTail( | 141 CERT_AddCertToListTail( |
107 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); | 142 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); |
108 } | 143 } |
109 | 144 |
110 GetClientCertsImpl(cert_list, request, false, selected_certs); | 145 GetClientCertsImpl(cert_list, request, false, selected_certs); |
111 CERT_DestroyCertList(cert_list); | 146 CERT_DestroyCertList(cert_list); |
112 return true; | 147 return true; |
113 } | 148 } |
114 | 149 |
115 } // namespace net | 150 } // namespace net |
OLD | NEW |