| Index: net/socket/ssl_client_socket_nss.cc
|
| diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
|
| index 9a8f72e5bc3bf7f78dbe01cf15ed3f21f465c0ce..b16793190b6172bee13877c56d354f2a14f35e27 100644
|
| --- a/net/socket/ssl_client_socket_nss.cc
|
| +++ b/net/socket/ssl_client_socket_nss.cc
|
| @@ -644,6 +644,12 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
|
| // verified, and may not be called within an NSS callback.
|
| void CacheSessionIfNecessary();
|
|
|
| + // Only for unit testing.
|
| + // This should only be called before Connect().
|
| + void ForceClientCertificateAndKeyForTest(
|
| + scoped_refptr<X509Certificate> client_cert,
|
| + scoped_ptr<crypto::RSAPrivateKey> client_private_key);
|
| +
|
| private:
|
| friend class base::RefCountedThreadSafe<Core>;
|
| ~Core();
|
| @@ -919,6 +925,9 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
|
| std::string domain_bound_private_key_;
|
| std::string domain_bound_cert_;
|
|
|
| + // Used only for unit testing.
|
| + scoped_ptr<crypto::RSAPrivateKey> client_private_key_;
|
| +
|
| DISALLOW_COPY_AND_ASSIGN(Core);
|
| };
|
|
|
| @@ -1552,7 +1561,12 @@ SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
|
| if (core->ssl_config_.client_cert.get()) {
|
| CERTCertificate* cert =
|
| CERT_DupCertificate(core->ssl_config_.client_cert->os_cert_handle());
|
| - SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx);
|
| + SECKEYPrivateKey* privkey = NULL;
|
| + if (core->client_private_key_.get()) {
|
| + privkey = SECKEY_CopyPrivateKey(core->client_private_key_->key());
|
| + } else {
|
| + privkey = PK11_FindKeyByAnyCert(cert, wincx);
|
| + }
|
| if (privkey) {
|
| // TODO(jsorianopastor): We should wait for server certificate
|
| // verification before sending our credentials. See
|
| @@ -2826,6 +2840,14 @@ void SSLClientSocketNSS::Core::SetChannelIDProvided() {
|
| nss_handshake_state_));
|
| }
|
|
|
| +void SSLClientSocketNSS::Core::ForceClientCertificateAndKeyForTest(
|
| + scoped_refptr<X509Certificate> client_cert,
|
| + scoped_ptr<crypto::RSAPrivateKey> client_private_key) {
|
| + ssl_config_.send_client_cert = true;
|
| + ssl_config_.client_cert = client_cert;
|
| + client_private_key_ = client_private_key.Pass();
|
| +}
|
| +
|
| SSLClientSocketNSS::SSLClientSocketNSS(
|
| base::SequencedTaskRunner* nss_task_runner,
|
| scoped_ptr<ClientSocketHandle> transport_socket,
|
| @@ -3641,6 +3663,13 @@ SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
|
| return core_->state().server_cert.get();
|
| }
|
|
|
| +void SSLClientSocketNSS::ForceClientCertificateAndKeyForTest(
|
| + scoped_refptr<X509Certificate> client_cert,
|
| + scoped_ptr<crypto::RSAPrivateKey> client_private_key) {
|
| + core_->ForceClientCertificateAndKeyForTest(client_cert,
|
| + client_private_key.Pass());
|
| +}
|
| +
|
| ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
|
| return channel_id_service_;
|
| }
|
|
|
Chromium Code Reviews
Issue 994743003:
Support for client certs in ssl_server_socket.
Base URL: https://chromium.googlesource.com/chromium/src.git@master