| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_impl.h" | 5 #include "net/ssl/client_cert_store_impl.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <ssl.h> | 8 #include <ssl.h> |
| 9 | 9 |
| 10 #include "base/bind.h" |
| 10 #include "base/callback.h" | 11 #include "base/callback.h" |
| 12 #include "base/location.h" |
| 11 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/threading/worker_pool.h" |
| 15 #include "crypto/crypto_module_blocking_password_delegate.h" |
| 12 #include "net/cert/x509_util.h" | 16 #include "net/cert/x509_util.h" |
| 13 | 17 |
| 14 namespace net { | 18 namespace net { |
| 15 | 19 |
| 16 namespace { | 20 namespace { |
| 17 | 21 |
| 18 // Examines the certificates in |cert_list| to find all certificates that match | 22 // Examines the certificates in |cert_list| to find all certificates that match |
| 19 // the client certificate request in |request|, storing the matching | 23 // the client certificate request in |request|, storing the matching |
| 20 // certificates in |selected_certs|. | 24 // certificates in |selected_certs|. |
| 21 // If |query_nssdb| is true, NSS will be queried to construct full certificate | 25 // If |query_nssdb| is true, NSS will be queried to construct full certificate |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 68 (query_nssdb && | 72 (query_nssdb && |
| 69 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { | 73 NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { |
| 70 selected_certs->push_back(cert); | 74 selected_certs->push_back(cert); |
| 71 } | 75 } |
| 72 } | 76 } |
| 73 | 77 |
| 74 std::sort(selected_certs->begin(), selected_certs->end(), | 78 std::sort(selected_certs->begin(), selected_certs->end(), |
| 75 x509_util::ClientCertSorter()); | 79 x509_util::ClientCertSorter()); |
| 76 } | 80 } |
| 77 | 81 |
| 82 void GetClientCertsOnWorkerThread( |
| 83 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, |
| 84 const SSLCertRequestInfo* request, |
| 85 CertificateList* selected_certs) { |
| 86 DVLOG(1) << "Finding client certs on worker thread."; |
| 87 CERTCertList* client_certs = CERT_FindUserCertsByUsage( |
| 88 CERT_GetDefaultCertDB(), |
| 89 certUsageSSLClient, |
| 90 PR_FALSE, |
| 91 PR_FALSE, |
| 92 password_delegate.get()); |
| 93 // It is ok for a user not to have any client certs. |
| 94 if (!client_certs) { |
| 95 selected_certs->clear(); |
| 96 return; |
| 97 } |
| 98 |
| 99 GetClientCertsImpl(client_certs, *request, true, selected_certs); |
| 100 CERT_DestroyCertList(client_certs); |
| 101 } |
| 102 |
| 78 } // namespace | 103 } // namespace |
| 79 | 104 |
| 105 ClientCertStoreImpl::ClientCertStoreImpl() {} |
| 106 |
| 107 ClientCertStoreImpl::~ClientCertStoreImpl() {} |
| 108 |
| 80 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, | 109 void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request, |
| 81 CertificateList* selected_certs, | 110 CertificateList* selected_certs, |
| 82 const base::Closure& callback) { | 111 const base::Closure& callback) { |
| 83 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | 112 if (!base::WorkerPool::PostTaskAndReply( |
| 84 CERT_GetDefaultCertDB(), certUsageSSLClient, | 113 FROM_HERE, |
| 85 PR_FALSE, PR_FALSE, NULL); | 114 base::Bind(&GetClientCertsOnWorkerThread, |
| 86 // It is ok for a user not to have any client certs. | 115 base::Passed(&password_delegate_), |
| 87 if (!client_certs) { | 116 &request, |
| 117 selected_certs), |
| 118 callback, |
| 119 true)) { |
| 88 selected_certs->clear(); | 120 selected_certs->clear(); |
| 89 callback.Run(); | 121 callback.Run(); |
| 90 return; | |
| 91 } | 122 } |
| 123 } |
| 92 | 124 |
| 93 GetClientCertsImpl(client_certs, request, true, selected_certs); | 125 void ClientCertStoreImpl::set_password_delegate( |
| 94 CERT_DestroyCertList(client_certs); | 126 crypto::CryptoModuleBlockingPasswordDelegate* password_delegate) { |
| 95 callback.Run(); | 127 password_delegate_.reset(password_delegate); |
| 96 } | 128 } |
| 97 | 129 |
| 98 bool ClientCertStoreImpl::SelectClientCertsForTesting( | 130 bool ClientCertStoreImpl::SelectClientCertsForTesting( |
| 99 const CertificateList& input_certs, | 131 const CertificateList& input_certs, |
| 100 const SSLCertRequestInfo& request, | 132 const SSLCertRequestInfo& request, |
| 101 CertificateList* selected_certs) { | 133 CertificateList* selected_certs) { |
| 102 CERTCertList* cert_list = CERT_NewCertList(); | 134 CERTCertList* cert_list = CERT_NewCertList(); |
| 103 if (!cert_list) | 135 if (!cert_list) |
| 104 return false; | 136 return false; |
| 105 for (size_t i = 0; i < input_certs.size(); ++i) { | 137 for (size_t i = 0; i < input_certs.size(); ++i) { |
| 106 CERT_AddCertToListTail( | 138 CERT_AddCertToListTail( |
| 107 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); | 139 cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); |
| 108 } | 140 } |
| 109 | 141 |
| 110 GetClientCertsImpl(cert_list, request, false, selected_certs); | 142 GetClientCertsImpl(cert_list, request, false, selected_certs); |
| 111 CERT_DestroyCertList(cert_list); | 143 CERT_DestroyCertList(cert_list); |
| 112 return true; | 144 return true; |
| 113 } | 145 } |
| 114 | 146 |
| 115 } // namespace net | 147 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 83793006:
NSS: Handle unfriendly tokens in client auth. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src