From 1152c8fb437bafa8c1f34da72ec088cf7ebbedd3 Mon Sep 17 00:00:00 2001 From: "rsleevi@chromium.org" Date: Thu, 24 Jun 2010 04:08:15 +0000 Subject: Change Windows' application/x-x509-user-cert handling to allow any certificate that has a private key, regardless of where it was generated, rather than restricting it to keys generated via in the current browsing session. BUG=148 TEST=None R=wtc Review URL: http://codereview.chromium.org/2874002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50695 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/cert_database_win.cc | 72 ++----------------------------------------- 1 file changed, 3 insertions(+), 69 deletions(-) (limited to 'net/base/cert_database_win.cc') diff --git a/net/base/cert_database_win.cc b/net/base/cert_database_win.cc index 34485b5..4c5e8df 100644 --- a/net/base/cert_database_win.cc +++ b/net/base/cert_database_win.cc @@ -8,74 +8,11 @@ #include #pragma comment(lib, "crypt32.lib") -#include "base/logging.h" -#include "base/string_util.h" -#include "net/base/keygen_handler.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" namespace net { -namespace { - -// Returns an encoded version of SubjectPublicKeyInfo from |cert| that is -// compatible with KeygenHandler::Cache. If the cert cannot be converted, an -// empty string is returned. -std::string GetSubjectPublicKeyInfo(const X509Certificate* cert) { - DCHECK(cert); - - std::string result; - if (!cert->os_cert_handle() || !cert->os_cert_handle()->pCertInfo) - return result; - - BOOL ok; - DWORD size = 0; - PCERT_PUBLIC_KEY_INFO key_info = - &(cert->os_cert_handle()->pCertInfo->SubjectPublicKeyInfo); - ok = CryptEncodeObject(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, key_info, - NULL, &size); - if (!ok) - return result; - - ok = CryptEncodeObject(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, key_info, - reinterpret_cast(WriteInto(&result, size + 1)), - &size); - if (!ok) { - result.clear(); - return result; - } - - // Per MSDN, the resultant structure may be smaller than the original size - // supplied, so shrink to the actual size output. - result.resize(size); - - return result; -} - -// Returns true if |cert| was successfully modified to reference |location| to -// obtain the associated private key. -bool LinkCertToPrivateKey(X509Certificate* cert, - KeygenHandler::KeyLocation location) { - DCHECK(cert); - - CRYPT_KEY_PROV_INFO prov_info = { 0 }; - prov_info.pwszContainerName = - const_cast(location.container_name.c_str()); - prov_info.pwszProvName = - const_cast(location.provider_name.c_str()); - - // Implicit by it being from KeygenHandler, which only supports RSA keys. - prov_info.dwProvType = PROV_RSA_FULL; - prov_info.dwKeySpec = AT_KEYEXCHANGE; - - BOOL ok = CertSetCertificateContextProperty(cert->os_cert_handle(), - CERT_KEY_PROV_INFO_PROP_ID, 0, - &prov_info); - return ok != FALSE; -} - -} // namespace - CertDatabase::CertDatabase() { } @@ -85,12 +22,9 @@ int CertDatabase::CheckUserCert(X509Certificate* cert) { if (cert->HasExpired()) return ERR_CERT_DATE_INVALID; - std::string encoded_info = GetSubjectPublicKeyInfo(cert); - KeygenHandler::Cache* cache = KeygenHandler::Cache::GetInstance(); - KeygenHandler::KeyLocation location; - - if (encoded_info.empty() || !cache->Find(encoded_info, &location) || - !LinkCertToPrivateKey(cert, location)) + // TODO(rsleevi): Should CRYPT_FIND_SILENT_KEYSET_FLAG be specified? A UI + // may be shown here / this call may block. + if (!CryptFindCertificateKeyProvInfo(cert->os_cert_handle(), 0, NULL)) return ERR_NO_PRIVATE_KEY_FOR_CERT; return OK; -- cgit v1.1