OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_impl.h" | 5 #include "net/ssl/client_cert_store_impl.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <ssl.h> | 8 #include <ssl.h> |
9 | 9 |
10 #include "base/callback.h" | 10 #include "base/bind.h" |
| 11 #include "base/location.h" |
11 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/threading/worker_pool.h" |
| 15 #include "crypto/crypto_module_blocking_password_delegate.h" |
12 #include "net/cert/x509_util.h" | 16 #include "net/cert/x509_util.h" |
13 | 17 |
14 namespace net { | 18 namespace net { |
15 | 19 |
16 namespace { | 20 namespace { |
17 | 21 |
18 // Examines the certificates in |cert_list| to find all certificates that match | 22 // Examines the certificates in |cert_list| to find all certificates that match |
19 // the client certificate request in |request|, storing the matching | 23 // the client certificate request in |request|, storing the matching |
20 // certificates in |selected_certs|. | 24 // certificates in |selected_certs|. |
21 // If |query_nssdb| is true, NSS will be queried to construct full certificate | 25 // If |query_nssdb| is true, NSS will be queried to construct full certificate |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
68 (query_nssdb && | 72 (query_nssdb && |
69 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { | 73 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { |
70 selected_certs->push_back(cert); | 74 selected_certs->push_back(cert); |
71 } | 75 } |
72 } | 76 } |
73 | 77 |
74 std::sort(selected_certs->begin(), selected_certs->end(), | 78 std::sort(selected_certs->begin(), selected_certs->end(), |
75 x509_util::ClientCertSorter()); | 79 x509_util::ClientCertSorter()); |
76 } | 80 } |
77 | 81 |
| 82 void GetClientCertsOnWorkerThread( |
| 83 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, |
| 84 const SSLCertRequestInfo* request, |
| 85 CertificateList* selected_certs) { |
| 86 CERTCertList* client_certs = CERT_FindUserCertsByUsage( |
| 87 CERT_GetDefaultCertDB(), |
| 88 certUsageSSLClient, |
| 89 PR_FALSE, |
| 90 PR_FALSE, |
| 91 password_delegate.get()); |
| 92 // It is ok for a user not to have any client certs. |
| 93 if (!client_certs) { |
| 94 selected_certs->clear(); |
| 95 return; |
| 96 } |
| 97 |
| 98 GetClientCertsImpl(client_certs, *request, true, selected_certs); |
| 99 CERT_DestroyCertList(client_certs); |
| 100 } |
| 101 |
78 } // namespace | 102 } // namespace |
79 | 103 |
| 104 ClientCertStoreImpl::ClientCertStoreImpl() {} |
| 105 |
| 106 ClientCertStoreImpl::~ClientCertStoreImpl() {} |
| 107 |
80 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, | 108 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, |
81 CertificateList* selected_certs, | 109 CertificateList* selected_certs, |
82 const base::Closure& callback) { | 110 const base::Closure& callback) { |
83 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | 111 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
84 CERT_GetDefaultCertDB(), certUsageSSLClient, | 112 if (!password_delegate_factory_.is_null()) { |
85 PR_FALSE, PR_FALSE, NULL); | 113 password_delegate.reset( |
86 // It is ok for a user not to have any client certs. | 114 password_delegate_factory_.Run(request.host_and_port)); |
87 if (!client_certs) { | 115 } |
| 116 if (!base::WorkerPool::PostTaskAndReply( |
| 117 FROM_HERE, |
| 118 base::Bind(&GetClientCertsOnWorkerThread, |
| 119 base::Passed(&password_delegate), |
| 120 &request, |
| 121 selected_certs), |
| 122 callback, |
| 123 true)) { |
88 selected_certs->clear(); | 124 selected_certs->clear(); |
89 callback.Run(); | 125 callback.Run(); |
90 return; | |
91 } | 126 } |
| 127 } |
92 | 128 |
93 GetClientCertsImpl(client_certs, request, true, selected_certs); | 129 void ClientCertStoreImpl::set_password_delegate_factory( |
94 CERT_DestroyCertList(client_certs); | 130 const PasswordDelegateFactory& password_delegate_factory) { |
95 callback.Run(); | 131 password_delegate_factory_ = password_delegate_factory; |
96 } | 132 } |
97 | 133 |
98 bool ClientCertStoreImpl::SelectClientCertsForTesting( | 134 bool ClientCertStoreImpl::SelectClientCertsForTesting( |
99 const CertificateList& input_certs, | 135 const CertificateList& input_certs, |
100 const SSLCertRequestInfo& request, | 136 const SSLCertRequestInfo& request, |
101 CertificateList* selected_certs) { | 137 CertificateList* selected_certs) { |
102 CERTCertList* cert_list = CERT_NewCertList(); | 138 CERTCertList* cert_list = CERT_NewCertList(); |
103 if (!cert_list) | 139 if (!cert_list) |
104 return false; | 140 return false; |
105 for (size_t i = 0; i < input_certs.size(); ++i) { | 141 for (size_t i = 0; i < input_certs.size(); ++i) { |
106 CERT_AddCertToListTail( | 142 CERT_AddCertToListTail( |
107 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); | 143 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); |
108 } | 144 } |
109 | 145 |
110 GetClientCertsImpl(cert_list, request, false, selected_certs); | 146 GetClientCertsImpl(cert_list, request, false, selected_certs); |
111 CERT_DestroyCertList(cert_list); | 147 CERT_DestroyCertList(cert_list); |
112 return true; | 148 return true; |
113 } | 149 } |
114 | 150 |
115 } // namespace net | 151 } // namespace net |
OLD | NEW |