Index: net/ssl/client_cert_store_nss.cc |
diff --git a/net/ssl/client_cert_store_nss.cc b/net/ssl/client_cert_store_nss.cc |
deleted file mode 100644 |
index 1b44bce92daf1c346137b8385aff5d8973cb555b..0000000000000000000000000000000000000000 |
--- a/net/ssl/client_cert_store_nss.cc |
+++ /dev/null |
@@ -1,154 +0,0 @@ |
-// Copyright 2013 The Chromium Authors. All rights reserved. |
-// Use of this source code is governed by a BSD-style license that can be |
-// found in the LICENSE file. |
- |
-#include "net/ssl/client_cert_store_nss.h" |
- |
-#include <nss.h> |
-#include <ssl.h> |
- |
-#include "base/bind.h" |
-#include "base/location.h" |
-#include "base/logging.h" |
-#include "base/memory/scoped_ptr.h" |
-#include "base/strings/string_piece.h" |
-#include "base/threading/worker_pool.h" |
-#include "crypto/nss_crypto_module_delegate.h" |
-#include "net/cert/x509_util.h" |
- |
-namespace net { |
- |
-ClientCertStoreNSS::ClientCertStoreNSS( |
- const PasswordDelegateFactory& password_delegate_factory) |
- : password_delegate_factory_(password_delegate_factory) {} |
- |
-ClientCertStoreNSS::~ClientCertStoreNSS() {} |
- |
-void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request, |
- CertificateList* selected_certs, |
- const base::Closure& callback) { |
- scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate; |
- if (!password_delegate_factory_.is_null()) { |
- password_delegate.reset( |
- password_delegate_factory_.Run(request.host_and_port)); |
- } |
- if (base::WorkerPool::PostTaskAndReply( |
- FROM_HERE, |
- base::Bind(&ClientCertStoreNSS::GetClientCertsOnWorkerThread, |
- // Caller is responsible for keeping the ClientCertStore |
- // alive until the callback is run. |
- base::Unretained(this), |
- base::Passed(&password_delegate), |
- &request, |
- selected_certs), |
- callback, |
- true)) |
- return; |
- selected_certs->clear(); |
- callback.Run(); |
-} |
- |
-void ClientCertStoreNSS::GetClientCertsImpl(CERTCertList* cert_list, |
- const SSLCertRequestInfo& request, |
- bool query_nssdb, |
- CertificateList* selected_certs) { |
- DCHECK(cert_list); |
- DCHECK(selected_certs); |
- |
- selected_certs->clear(); |
- |
- // Create a "fake" CERTDistNames structure. No public API exists to create |
- // one from a list of issuers. |
- CERTDistNames ca_names; |
- ca_names.arena = NULL; |
- ca_names.nnames = 0; |
- ca_names.names = NULL; |
- ca_names.head = NULL; |
- |
- std::vector<SECItem> ca_names_items(request.cert_authorities.size()); |
- for (size_t i = 0; i < request.cert_authorities.size(); ++i) { |
- const std::string& authority = request.cert_authorities[i]; |
- ca_names_items[i].type = siBuffer; |
- ca_names_items[i].data = |
- reinterpret_cast<unsigned char*>(const_cast<char*>(authority.data())); |
- ca_names_items[i].len = static_cast<unsigned int>(authority.size()); |
- } |
- ca_names.nnames = static_cast<int>(ca_names_items.size()); |
- if (!ca_names_items.empty()) |
- ca_names.names = &ca_names_items[0]; |
- |
- size_t num_raw = 0; |
- for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
- !CERT_LIST_END(node, cert_list); |
- node = CERT_LIST_NEXT(node)) { |
- ++num_raw; |
- // Only offer unexpired certificates. |
- if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != |
- secCertTimeValid) { |
- DVLOG(2) << "skipped expired cert: " |
- << base::StringPiece(node->cert->nickname); |
- continue; |
- } |
- |
- scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( |
- node->cert, X509Certificate::OSCertHandles()); |
- |
- // Check if the certificate issuer is allowed by the server. |
- if (request.cert_authorities.empty() || |
- (!query_nssdb && |
- cert->IsIssuedByEncoded(request.cert_authorities)) || |
- (query_nssdb && |
- NSS_CmpCertChainWCANames(node->cert, &ca_names) == SECSuccess)) { |
- DVLOG(2) << "matched cert: " << base::StringPiece(node->cert->nickname); |
- selected_certs->push_back(cert); |
- } |
- else |
- DVLOG(2) << "skipped non-matching cert: " |
- << base::StringPiece(node->cert->nickname); |
- } |
- DVLOG(2) << "num_raw:" << num_raw |
- << " num_selected:" << selected_certs->size(); |
- |
- std::sort(selected_certs->begin(), selected_certs->end(), |
- x509_util::ClientCertSorter()); |
-} |
- |
-void ClientCertStoreNSS::GetClientCertsOnWorkerThread( |
- scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate, |
- const SSLCertRequestInfo* request, |
- CertificateList* selected_certs) { |
- CERTCertList* client_certs = CERT_FindUserCertsByUsage( |
- CERT_GetDefaultCertDB(), |
- certUsageSSLClient, |
- PR_FALSE, |
- PR_FALSE, |
- password_delegate.get()); |
- // It is ok for a user not to have any client certs. |
- if (!client_certs) { |
- DVLOG(2) << "No client certs found."; |
- selected_certs->clear(); |
- return; |
- } |
- |
- GetClientCertsImpl(client_certs, *request, true, selected_certs); |
- CERT_DestroyCertList(client_certs); |
-} |
- |
-bool ClientCertStoreNSS::SelectClientCertsForTesting( |
- const CertificateList& input_certs, |
- const SSLCertRequestInfo& request, |
- CertificateList* selected_certs) { |
- CERTCertList* cert_list = CERT_NewCertList(); |
- if (!cert_list) |
- return false; |
- for (size_t i = 0; i < input_certs.size(); ++i) { |
- CERT_AddCertToListTail( |
- cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle())); |
- } |
- |
- GetClientCertsImpl(cert_list, request, false, selected_certs); |
- CERT_DestroyCertList(cert_list); |
- return true; |
-} |
- |
-} // namespace net |