diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-24 04:08:15 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-24 04:08:15 +0000 |
| commit | 1152c8fb437bafa8c1f34da72ec088cf7ebbedd3 (patch) | |
| tree | 53a9deddc598d748c9db4efdc6bb369b3e1b6f9c /net/base/cert_database_win.cc | |
| parent | 810e6e11d6e608532d324767aa039e885e2cc87b (diff) | |
| download | chromium_src-1152c8fb437bafa8c1f34da72ec088cf7ebbedd3.zip chromium_src-1152c8fb437bafa8c1f34da72ec088cf7ebbedd3.tar.gz chromium_src-1152c8fb437bafa8c1f34da72ec088cf7ebbedd3.tar.bz2 | |
Change Windows' application/x-x509-user-cert handling to allow any certificate that has a private key, regardless of where it was generated, rather than restricting it to keys generated via <keygen> in the current browsing session.
BUG=148
TEST=None
R=wtc
Review URL: http://codereview.chromium.org/2874002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50695 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/cert_database_win.cc')
| -rw-r--r-- | net/base/cert_database_win.cc | 72 |
1 files changed, 3 insertions, 69 deletions
diff --git a/net/base/cert_database_win.cc b/net/base/cert_database_win.cc index 34485b5..4c5e8df 100644 --- a/net/base/cert_database_win.cc +++ b/net/base/cert_database_win.cc @@ -8,74 +8,11 @@ #include <wincrypt.h> #pragma comment(lib, "crypt32.lib") -#include "base/logging.h" -#include "base/string_util.h" -#include "net/base/keygen_handler.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" namespace net { -namespace { - -// Returns an encoded version of SubjectPublicKeyInfo from |cert| that is -// compatible with KeygenHandler::Cache. If the cert cannot be converted, an -// empty string is returned. -std::string GetSubjectPublicKeyInfo(const X509Certificate* cert) { - DCHECK(cert); - - std::string result; - if (!cert->os_cert_handle() || !cert->os_cert_handle()->pCertInfo) - return result; - - BOOL ok; - DWORD size = 0; - PCERT_PUBLIC_KEY_INFO key_info = - &(cert->os_cert_handle()->pCertInfo->SubjectPublicKeyInfo); - ok = CryptEncodeObject(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, key_info, - NULL, &size); - if (!ok) - return result; - - ok = CryptEncodeObject(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, key_info, - reinterpret_cast<BYTE*>(WriteInto(&result, size + 1)), - &size); - if (!ok) { - result.clear(); - return result; - } - - // Per MSDN, the resultant structure may be smaller than the original size - // supplied, so shrink to the actual size output. - result.resize(size); - - return result; -} - -// Returns true if |cert| was successfully modified to reference |location| to -// obtain the associated private key. -bool LinkCertToPrivateKey(X509Certificate* cert, - KeygenHandler::KeyLocation location) { - DCHECK(cert); - - CRYPT_KEY_PROV_INFO prov_info = { 0 }; - prov_info.pwszContainerName = - const_cast<LPWSTR>(location.container_name.c_str()); - prov_info.pwszProvName = - const_cast<LPWSTR>(location.provider_name.c_str()); - - // Implicit by it being from KeygenHandler, which only supports RSA keys. - prov_info.dwProvType = PROV_RSA_FULL; - prov_info.dwKeySpec = AT_KEYEXCHANGE; - - BOOL ok = CertSetCertificateContextProperty(cert->os_cert_handle(), - CERT_KEY_PROV_INFO_PROP_ID, 0, - &prov_info); - return ok != FALSE; -} - -} // namespace - CertDatabase::CertDatabase() { } @@ -85,12 +22,9 @@ int CertDatabase::CheckUserCert(X509Certificate* cert) { if (cert->HasExpired()) return ERR_CERT_DATE_INVALID; - std::string encoded_info = GetSubjectPublicKeyInfo(cert); - KeygenHandler::Cache* cache = KeygenHandler::Cache::GetInstance(); - KeygenHandler::KeyLocation location; - - if (encoded_info.empty() || !cache->Find(encoded_info, &location) || - !LinkCertToPrivateKey(cert, location)) + // TODO(rsleevi): Should CRYPT_FIND_SILENT_KEYSET_FLAG be specified? A UI + // may be shown here / this call may block. + if (!CryptFindCertificateKeyProvInfo(cert->os_cert_handle(), 0, NULL)) return ERR_NO_PRIVATE_KEY_FOR_CERT; return OK; |