Get ClientCertStore through ResourceContext.

Make ClientCertStore::GetClientCerts asynchronous. BUG=302125 Review URL: https://codereview.chromium.org/42773002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@231750 0039d316-1c4b-4281-b951-d872f2087c98
author: mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-10-30 04:46:20 +0000
committer: mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-10-30 04:46:20 +0000
commit: 1ccb699d0f1cf0b36fd045e7f2fbc93490b4fe9e (patch)
tree: 21d9d3f841018f9806615c5d118368fd5a654cda /net/ssl
parent: 979574d0beda1f79337b1398c24d27d53351f517 (diff)
download: chromium_src-1ccb699d0f1cf0b36fd045e7f2fbc93490b4fe9e.zip
chromium_src-1ccb699d0f1cf0b36fd045e7f2fbc93490b4fe9e.tar.gz
chromium_src-1ccb699d0f1cf0b36fd045e7f2fbc93490b4fe9e.tar.bz2
5 files changed, 61 insertions, 39 deletions
diff --git a/net/ssl/client_cert_store.h b/net/ssl/client_cert_store.h
index 46ef336..394d774 100644
--- a/net/ssl/client_cert_store.h
+++ b/net/ssl/client_cert_store.h
@@ -6,6 +6,7 @@
 #define NET_SSL_CLIENT_CERT_STORE_H_
 
 #include "base/basictypes.h"
+#include "base/callback_forward.h"
 #include "net/base/net_export.h"
 #include "net/cert/x509_certificate.h"
 
@@ -13,12 +14,19 @@ namespace net {
 
 class SSLCertRequestInfo;
 
+// The caller is expected to keep the ClientCertStore alive until the callback
+// supplied to GetClientCerts has been run.
 class NET_EXPORT ClientCertStore {
  public:
   virtual ~ClientCertStore() {}
 
-  virtual bool GetClientCerts(const SSLCertRequestInfo& cert_request_info,
-                              CertificateList* selected_certs) = 0;
+  // Get client certs matching the |cert_request_info|. On completion, the
+  // results will be stored in |selected_certs| and the |callback| will be run.
+  // The |callback| may be called sychronously. The caller must ensure the
+  // |selected_certs| object remains alive until the callback has been run.
+  virtual void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
+                              CertificateList* selected_certs,
+                              const base::Closure& callback) = 0;
  protected:
   ClientCertStore() {}
 
diff --git a/net/ssl/client_cert_store_impl.h b/net/ssl/client_cert_store_impl.h
index e02cd1c..ff2759e 100644
--- a/net/ssl/client_cert_store_impl.h
+++ b/net/ssl/client_cert_store_impl.h
@@ -19,8 +19,9 @@ class NET_EXPORT ClientCertStoreImpl : public ClientCertStore {
   virtual ~ClientCertStoreImpl() {}
 
   // ClientCertStore:
-  virtual bool GetClientCerts(const SSLCertRequestInfo& cert_request_info,
-                              CertificateList* selected_certs) OVERRIDE;
+  virtual void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
+                              CertificateList* selected_certs,
+                              const base::Closure& callback) OVERRIDE;
 
  private:
   friend class ClientCertStoreImplTest;
diff --git a/net/ssl/client_cert_store_impl_mac.cc b/net/ssl/client_cert_store_impl_mac.cc
index 3345735..468ff03 100644
--- a/net/ssl/client_cert_store_impl_mac.cc
+++ b/net/ssl/client_cert_store_impl_mac.cc
@@ -13,6 +13,7 @@
 #include <algorithm>
 #include <string>
 
+#include "base/callback.h"
 #include "base/logging.h"
 #include "base/mac/mac_logging.h"
 #include "base/mac/scoped_cftyperef.h"
@@ -122,7 +123,7 @@ bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers,
 // full certificate chains. If it is false, only the the certificates and their
 // intermediates (available via X509Certificate::GetIntermediateCertificates())
 // will be considered.
-bool GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert,
+void GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert,
                         const CertificateList& regular_certs,
                         const SSLCertRequestInfo& request,
                         bool query_keychain,
@@ -167,13 +168,13 @@ bool GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert,
     ++sort_begin;
   }
   sort(sort_begin, sort_end, x509_util::ClientCertSorter());
-  return true;
 }
 
 }  // namespace
 
-bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
-                                         CertificateList* selected_certs) {
+void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
+                                         CertificateList* selected_certs,
+                                         const base::Closure& callback) {
   std::string server_domain =
       HostPortPair::FromString(request.host_and_port).host();
 
@@ -205,8 +206,11 @@ bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
     base::AutoLock lock(crypto::GetMacSecurityServicesLock());
     err = SecIdentitySearchCreate(NULL, CSSM_KEYUSE_SIGN, &search);
   }
-  if (err)
-    return false;
+  if (err) {
+    selected_certs->clear();
+    callback.Run();
+    return;
+  }
   ScopedCFTypeRef<SecIdentitySearchRef> scoped_search(search);
   while (!err) {
     SecIdentityRef identity = NULL;
@@ -239,19 +243,22 @@ bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
 
   if (err != errSecItemNotFound) {
     OSSTATUS_LOG(ERROR, err) << "SecIdentitySearch error";
-    return false;
+    selected_certs->clear();
+    callback.Run();
+    return;
   }
 
-  return GetClientCertsImpl(preferred_cert, regular_certs, request, true,
-                            selected_certs);
+  GetClientCertsImpl(preferred_cert, regular_certs, request, true,
+                     selected_certs);
+  callback.Run();
 }
 
 bool ClientCertStoreImpl::SelectClientCertsForTesting(
     const CertificateList& input_certs,
     const SSLCertRequestInfo& request,
     CertificateList* selected_certs) {
-  return GetClientCertsImpl(NULL, input_certs, request, false,
-                            selected_certs);
+  GetClientCertsImpl(NULL, input_certs, request, false, selected_certs);
+  return true;
 }
 
 #if !defined(OS_IOS)
@@ -260,8 +267,9 @@ bool ClientCertStoreImpl::SelectClientCertsGivenPreferredForTesting(
     const CertificateList& regular_certs,
     const SSLCertRequestInfo& request,
     CertificateList* selected_certs) {
-  return GetClientCertsImpl(preferred_cert, regular_certs, request, false,
-                            selected_certs);
+  GetClientCertsImpl(
+      preferred_cert, regular_certs, request, false, selected_certs);
+  return true;
 }
 #endif
 
diff --git a/net/ssl/client_cert_store_impl_nss.cc b/net/ssl/client_cert_store_impl_nss.cc
index ffab268..ab7144e 100644
--- a/net/ssl/client_cert_store_impl_nss.cc
+++ b/net/ssl/client_cert_store_impl_nss.cc
@@ -7,6 +7,7 @@
 #include <nss.h>
 #include <ssl.h>
 
+#include "base/callback.h"
 #include "base/logging.h"
 #include "net/cert/x509_util.h"
 
@@ -19,7 +20,7 @@ namespace {
 // certificates in |selected_certs|.
 // If |query_nssdb| is true, NSS will be queried to construct full certificate
 // chains. If it is false, only the certificate will be considered.
-bool GetClientCertsImpl(CERTCertList* cert_list,
+void GetClientCertsImpl(CERTCertList* cert_list,
                         const SSLCertRequestInfo& request,
                         bool query_nssdb,
                         CertificateList* selected_certs) {
@@ -72,23 +73,26 @@ bool GetClientCertsImpl(CERTCertList* cert_list,
 
   std::sort(selected_certs->begin(), selected_certs->end(),
             x509_util::ClientCertSorter());
-  return true;
 }
 
 }  // namespace
 
-bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
-                                         CertificateList* selected_certs) {
+void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
+                                         CertificateList* selected_certs,
+                                         const base::Closure& callback) {
   CERTCertList* client_certs = CERT_FindUserCertsByUsage(
       CERT_GetDefaultCertDB(), certUsageSSLClient,
       PR_FALSE, PR_FALSE, NULL);
   // It is ok for a user not to have any client certs.
-  if (!client_certs)
-    return true;
+  if (!client_certs) {
+    selected_certs->clear();
+    callback.Run();
+    return;
+  }
 
-  bool rv = GetClientCertsImpl(client_certs, request, true, selected_certs);
+  GetClientCertsImpl(client_certs, request, true, selected_certs);
   CERT_DestroyCertList(client_certs);
-  return rv;
+  callback.Run();
 }
 
 bool ClientCertStoreImpl::SelectClientCertsForTesting(
@@ -103,9 +107,9 @@ bool ClientCertStoreImpl::SelectClientCertsForTesting(
         cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle()));
   }
 
-  bool rv = GetClientCertsImpl(cert_list, request, false, selected_certs);
+  GetClientCertsImpl(cert_list, request, false, selected_certs);
   CERT_DestroyCertList(cert_list);
-  return rv;
+  return true;
 }
 
 }  // namespace net
diff --git a/net/ssl/client_cert_store_impl_win.cc b/net/ssl/client_cert_store_impl_win.cc
index 63ea6e4a..de54fae8 100644
--- a/net/ssl/client_cert_store_impl_win.cc
+++ b/net/ssl/client_cert_store_impl_win.cc
@@ -12,6 +12,7 @@
 #include <wincrypt.h>
 #include <security.h>
 
+#include "base/callback.h"
 #include "base/logging.h"
 #include "crypto/scoped_capi_types.h"
 #include "net/cert/x509_util.h"
@@ -63,7 +64,7 @@ static BOOL WINAPI ClientCertFindCallback(PCCERT_CONTEXT cert_context,
   return TRUE;
 }
 
-bool GetClientCertsImpl(HCERTSTORE cert_store,
+void GetClientCertsImpl(HCERTSTORE cert_store,
                         const SSLCertRequestInfo& request,
                         CertificateList* selected_certs) {
   selected_certs->clear();
@@ -138,26 +139,26 @@ bool GetClientCertsImpl(HCERTSTORE cert_store,
 
   std::sort(selected_certs->begin(), selected_certs->end(),
             x509_util::ClientCertSorter());
-  return true;
 }
 
 }  // namespace
 
-bool ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
-                                         CertificateList* selected_certs) {
+void ClientCertStoreImpl::GetClientCerts(const SSLCertRequestInfo& request,
+                                         CertificateList* selected_certs,
+                                         const base::Closure& callback) {
   // Client certificates of the user are in the "MY" system certificate store.
   HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY");
   if (!my_cert_store) {
     PLOG(ERROR) << "Could not open the \"MY\" system certificate store: ";
-    return false;
+    selected_certs->clear();
+    callback.Run();
+    return;
   }
 
-  bool rv = GetClientCertsImpl(my_cert_store, request, selected_certs);
-  if (!CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG)) {
+  GetClientCertsImpl(my_cert_store, request, selected_certs);
+  if (!CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG))
     PLOG(ERROR) << "Could not close the \"MY\" system certificate store: ";
-    return false;
-  }
-  return rv;
+  callback.Run();
 }
 
 bool ClientCertStoreImpl::SelectClientCertsForTesting(
@@ -198,8 +199,8 @@ bool ClientCertStoreImpl::SelectClientCertsForTesting(
       return false;
   }
 
-  bool rv = GetClientCertsImpl(test_store.get(), request, selected_certs);
-  return rv;
+  GetClientCertsImpl(test_store.get(), request, selected_certs);
+  return true;
 }
 
 }  // namespace net
author	mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-10-30 04:46:20 +0000
committer	mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-10-30 04:46:20 +0000
commit	1ccb699d0f1cf0b36fd045e7f2fbc93490b4fe9e (patch)
tree	21d9d3f841018f9806615c5d118368fd5a654cda /net/ssl
parent	979574d0beda1f79337b1398c24d27d53351f517 (diff)
download	chromium_src-1ccb699d0f1cf0b36fd045e7f2fbc93490b4fe9e.zip chromium_src-1ccb699d0f1cf0b36fd045e7f2fbc93490b4fe9e.tar.gz chromium_src-1ccb699d0f1cf0b36fd045e7f2fbc93490b4fe9e.tar.bz2