net/ssl/client_cert_identity.cc - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "net/ssl/client_cert_identity.h"

 #include <utility>

 #include "base/functional/bind.h"
 #include "net/cert/x509_util.h"
 #include "net/ssl/ssl_private_key.h"

 namespace net {

 namespace {

 void IdentityOwningPrivateKeyCallback(
     std::unique_ptr<ClientCertIdentity> identity,
     base::OnceCallback<void(scoped_refptr<SSLPrivateKey>)> private_key_callback,
     scoped_refptr<SSLPrivateKey> private_key) {
   std::move(private_key_callback).Run(std::move(private_key));
 }

 }  // namespace

 ClientCertIdentity::ClientCertIdentity(scoped_refptr<net::X509Certificate> cert)
     : cert_(std::move(cert)) {}
 ClientCertIdentity::~ClientCertIdentity() = default;

 // static
 void ClientCertIdentity::SelfOwningAcquirePrivateKey(
     std::unique_ptr<ClientCertIdentity> self,
     base::OnceCallback<void(scoped_refptr<SSLPrivateKey>)>
         private_key_callback) {
   ClientCertIdentity* self_ptr = self.get();
   auto wrapped_private_key_callback =
       base::BindOnce(&IdentityOwningPrivateKeyCallback, std::move(self),
                      std::move(private_key_callback));
   self_ptr->AcquirePrivateKey(std::move(wrapped_private_key_callback));
 }

 void ClientCertIdentity::SetIntermediates(
     std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates) {
   cert_ = cert_->CloneWithDifferentIntermediates(std::move(intermediates));
   DCHECK(cert_);
 }

 ClientCertIdentitySorter::ClientCertIdentitySorter()
     : now_(base::Time::Now()) {}

 bool ClientCertIdentitySorter::operator()(
     const std::unique_ptr<ClientCertIdentity>& a_identity,
     const std::unique_ptr<ClientCertIdentity>& b_identity) const {
   X509Certificate* a = a_identity->certificate();
   X509Certificate* b = b_identity->certificate();
   DCHECK(a);
   DCHECK(b);

   // Certificates that are expired/not-yet-valid are sorted last.
   bool a_is_valid = now_ >= a->valid_start() && now_ <= a->valid_expiry();
   bool b_is_valid = now_ >= b->valid_start() && now_ <= b->valid_expiry();
   if (a_is_valid != b_is_valid)
     return a_is_valid && !b_is_valid;

   // Certificates with longer expirations appear as higher priority (less
   // than) certificates with shorter expirations.
   if (a->valid_expiry() != b->valid_expiry())
     return a->valid_expiry() > b->valid_expiry();

   // If the expiration dates are equivalent, certificates that were issued
   // more recently should be prioritized over older certificates.
   if (a->valid_start() != b->valid_start())
     return a->valid_start() > b->valid_start();

   // Otherwise, prefer client certificates with shorter chains.
   const auto& a_intermediates = a->intermediate_buffers();
   const auto& b_intermediates = b->intermediate_buffers();
   return a_intermediates.size() < b_intermediates.size();
 }

 }  // namespace net
	// Copyright 2017 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "net/ssl/client_cert_identity.h"

	#include <utility>

	#include "base/functional/bind.h"
	#include "net/cert/x509_util.h"
	#include "net/ssl/ssl_private_key.h"

	namespace net {

	namespace {

	void IdentityOwningPrivateKeyCallback(
	std::unique_ptr<ClientCertIdentity> identity,
	base::OnceCallback<void(scoped_refptr<SSLPrivateKey>)> private_key_callback,
	scoped_refptr<SSLPrivateKey> private_key) {
	std::move(private_key_callback).Run(std::move(private_key));
	}

	} // namespace

	ClientCertIdentity::ClientCertIdentity(scoped_refptr<net::X509Certificate> cert)
	: cert_(std::move(cert)) {}
	ClientCertIdentity::~ClientCertIdentity() = default;

	// static
	void ClientCertIdentity::SelfOwningAcquirePrivateKey(
	std::unique_ptr<ClientCertIdentity> self,
	base::OnceCallback<void(scoped_refptr<SSLPrivateKey>)>
	private_key_callback) {
	ClientCertIdentity* self_ptr = self.get();
	auto wrapped_private_key_callback =
	base::BindOnce(&IdentityOwningPrivateKeyCallback, std::move(self),
	std::move(private_key_callback));
	self_ptr->AcquirePrivateKey(std::move(wrapped_private_key_callback));
	}

	void ClientCertIdentity::SetIntermediates(
	std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates) {
	cert_ = cert_->CloneWithDifferentIntermediates(std::move(intermediates));
	DCHECK(cert_);
	}

	ClientCertIdentitySorter::ClientCertIdentitySorter()
	: now_(base::Time::Now()) {}

	bool ClientCertIdentitySorter::operator()(
	const std::unique_ptr<ClientCertIdentity>& a_identity,
	const std::unique_ptr<ClientCertIdentity>& b_identity) const {
	X509Certificate* a = a_identity->certificate();
	X509Certificate* b = b_identity->certificate();
	DCHECK(a);
	DCHECK(b);

	// Certificates that are expired/not-yet-valid are sorted last.
	bool a_is_valid = now_ >= a->valid_start() && now_ <= a->valid_expiry();
	bool b_is_valid = now_ >= b->valid_start() && now_ <= b->valid_expiry();
	if (a_is_valid != b_is_valid)
	return a_is_valid && !b_is_valid;

	// Certificates with longer expirations appear as higher priority (less
	// than) certificates with shorter expirations.
	if (a->valid_expiry() != b->valid_expiry())
	return a->valid_expiry() > b->valid_expiry();

	// If the expiration dates are equivalent, certificates that were issued
	// more recently should be prioritized over older certificates.
	if (a->valid_start() != b->valid_start())
	return a->valid_start() > b->valid_start();

	// Otherwise, prefer client certificates with shorter chains.
	const auto& a_intermediates = a->intermediate_buffers();
	const auto& b_intermediates = b->intermediate_buffers();
	return a_intermediates.size() < b_intermediates.size();
	}

	} // namespace net