| Index: net/ssl/client_cert_store_impl_nss.cc
|
| diff --git a/net/ssl/client_cert_store_impl_nss.cc b/net/ssl/client_cert_store_impl_nss.cc
|
| index ab7144ec0cecd41b8e04f081634b2e6a1e0c2412..266fef90fa0781852c9809ba947c31670320a85f 100644
|
| --- a/net/ssl/client_cert_store_impl_nss.cc
|
| +++ b/net/ssl/client_cert_store_impl_nss.cc
|
| @@ -7,8 +7,12 @@
|
| #include <nss.h>
|
| #include <ssl.h>
|
|
|
| -#include "base/callback.h"
|
| +#include "base/bind.h"
|
| +#include "base/location.h"
|
| #include "base/logging.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "base/threading/worker_pool.h"
|
| +#include "crypto/crypto_module_blocking_password_delegate.h"
|
| #include "net/cert/x509_util.h"
|
|
|
| namespace net {
|
| @@ -75,24 +79,56 @@ void GetClientCertsImpl(CERTCertList* cert_list,
|
| x509_util::ClientCertSorter());
|
| }
|
|
|
| +void GetClientCertsOnWorkerThread(
|
| + scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate,
|
| + const SSLCertRequestInfo* request,
|
| + CertificateList* selected_certs) {
|
| + CERTCertList* client_certs = CERT_FindUserCertsByUsage(
|
| + CERT_GetDefaultCertDB(),
|
| + certUsageSSLClient,
|
| + PR_FALSE,
|
| + PR_FALSE,
|
| + password_delegate.get());
|
| + // It is ok for a user not to have any client certs.
|
| + if (!client_certs) {
|
| + selected_certs->clear();
|
| + return;
|
| + }
|
| +
|
| + GetClientCertsImpl(client_certs, *request, true, selected_certs);
|
| + CERT_DestroyCertList(client_certs);
|
| +}
|
| +
|
| } // namespace
|
|
|
| +ClientCertStoreImpl::ClientCertStoreImpl() {}
|
| +
|
| +ClientCertStoreImpl::~ClientCertStoreImpl() {}
|
| +
|
| void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
|
| CertificateList* selected_certs,
|
| const base::Closure& callback) {
|
| - CERTCertList* client_certs = CERT_FindUserCertsByUsage(
|
| - CERT_GetDefaultCertDB(), certUsageSSLClient,
|
| - PR_FALSE, PR_FALSE, NULL);
|
| - // It is ok for a user not to have any client certs.
|
| - if (!client_certs) {
|
| + scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate;
|
| + if (!password_delegate_factory_.is_null()) {
|
| + password_delegate.reset(
|
| + password_delegate_factory_.Run(request.host_and_port));
|
| + }
|
| + if (!base::WorkerPool::PostTaskAndReply(
|
| + FROM_HERE,
|
| + base::Bind(&GetClientCertsOnWorkerThread,
|
| + base::Passed(&password_delegate),
|
| + &request,
|
| + selected_certs),
|
| + callback,
|
| + true)) {
|
| selected_certs->clear();
|
| callback.Run();
|
| - return;
|
| }
|
| +}
|
|
|
| - GetClientCertsImpl(client_certs, request, true, selected_certs);
|
| - CERT_DestroyCertList(client_certs);
|
| - callback.Run();
|
| +void ClientCertStoreImpl::set_password_delegate_factory(
|
| + const PasswordDelegateFactory& password_delegate_factory) {
|
| + password_delegate_factory_ = password_delegate_factory;
|
| }
|
|
|
| bool ClientCertStoreImpl::SelectClientCertsForTesting(
|
|
|
Chromium Code Reviews
Issue 83793006:
NSS: Handle unfriendly tokens in client auth. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src